public static unsafe NTHeaders32 *GetNtHeaders32(byte *pBin)
{
MS_DOS_Stub *stub = (MS_DOS_Stub *)(pBin);
if (stub->e_magic != IMAGE_DOS_SIGNATURE)
{
throw new FormatException("Error, Invalid file. DOS Signature is incorrect.");
}
NTHeaders32 *ntHeaders = (NTHeaders32 *)(pBin + stub->e_lfanew);
if (ntHeaders->MagicNumber != IMAGE_NT_PEHEADER_SIGNATURE)
{
throw new FormatException("Error, Invalid file. PE File signature incorrect.");
}
if (ntHeaders->optnHeader.magic == Magic.PE64)
{
throw new FormatException("Error, Invalid file. 64 Bit DLL's are not supported.");
}
else if (ntHeaders->optnHeader.magic != Magic.PE32)
{
throw new FormatException("Error, Invalid file. Optional header signature is incorrect.");
}
return(ntHeaders);
}
public static unsafe UInt32 RVAtoOffset32(UInt32 rva, NTHeaders32 *ntHeaders, byte *pBin)
{
MS_DOS_Stub *stub = (MS_DOS_Stub *)(pBin);
for (int i = 0; i < ntHeaders->FileHeader.numberOfSections; i++)
{
section_table *secTable = (section_table *)(pBin + stub->e_lfanew + sizeof(NTHeaders32) + sizeof(section_table) * i);
if (secTable->virtualAddress <= rva && rva < secTable->virtualAddress + secTable->virtualSize)
{
return((UInt32)(rva) + secTable->pointerToRawData - secTable->virtualAddress);
}
}
throw new Exception("Erorr: Could not map RVA to Offset.");
}
