public ExportDirTable(BinaryReader reader, MModule mod)
{
_ExportFlags = reader.ReadUInt32();
_TimeStamp = reader.ReadUInt32();
_MajorVersion = reader.ReadUInt16();
_MinorVersion = reader.ReadUInt16();
_Name = mod.StringFromRVA(reader, reader.ReadUInt32());
_OrdinalBase = reader.ReadUInt32();
_AddressTableEntries = reader.ReadUInt32();
_NamePointerCount = reader.ReadUInt32();
_ExportAddressTableRVA = reader.ReadUInt32();
_NamePointerRVA = reader.ReadUInt32();
_OrdinalRVA = reader.ReadUInt32();
}
public ImpExports(BinaryReader reader, MModule mod)
{
ArrayList ides = new ArrayList();
ImportDirectoryEntry ide = null;
_exports = new ExportRecord[0];
_ith = new ImportDirectoryEntry[0];
//imports
if (mod.ModHeaders.OSHeaders.PEHeader.DataDirs[1].Rva != 0)
{
uint start, end;
start = mod.ModHeaders.Rva2Offset(mod.ModHeaders.OSHeaders.PEHeader.DataDirs[1].Rva);
end = mod.ModHeaders.OSHeaders.PEHeader.DataDirs[1].Size + start;
reader.BaseStream.Position = start;
while (reader.BaseStream.Position < end)
{
ide = new ImportDirectoryEntry(reader, mod);
//in older PEs it seems there is no null terminating entry, but in .NET ones there is.
if (ide.Name == null)
{
break;
}
else
{
ides.Add(ide);
}
}
_ith = (ImportDirectoryEntry[])ides.ToArray(typeof(ImportDirectoryEntry));
}
//exports
if (mod.ModHeaders.OSHeaders.PEHeader.DataDirs[0].Rva != 0)
{
reader.BaseStream.Position = mod.ModHeaders.Rva2Offset(mod.ModHeaders.OSHeaders.PEHeader.DataDirs[0].Rva);
_extab = new ExportDirTable(reader, mod);
_expAddrTab = new uint[_extab.AddressTableEntries];
_expNameTab = new string[_extab.NamePointerCount];
_expOrdTab = new uint[_extab.NamePointerCount];
reader.BaseStream.Position = mod.ModHeaders.Rva2Offset(_extab.ExportAddressTableRVA);
for (int i = 0; i < _extab.AddressTableEntries; ++i)
{
_expAddrTab[i] = reader.ReadUInt32();
}
reader.BaseStream.Position = mod.ModHeaders.Rva2Offset(_extab.OrdinalRVA);
for (int i = 0; i < _extab.NamePointerCount; ++i)
{
_expOrdTab[i] = reader.ReadUInt16();
}
reader.BaseStream.Position = mod.ModHeaders.Rva2Offset(_extab.NamePointerRVA);
for (int i = 0; i < _extab.NamePointerCount; ++i)
{
_expNameTab[i] = mod.StringFromRVA(reader, reader.ReadUInt32());
}
//assemble array of exportrecords
uint len = _extab.AddressTableEntries;
if (len > _extab.NamePointerCount)
{
len = _extab.NamePointerCount;
}
_exports = new ExportRecord[len];
for (int i = 0; i < len; ++i)
{
_exports[i] = new ExportRecord(_expOrdTab[i], _expAddrTab[i], _expNameTab[i]);
}
}
}
public ImportDirectoryEntry(BinaryReader reader, MModule mod)
{
Start = reader.BaseStream.Position;
uint iltRVA = reader.ReadUInt32();
_DateTimeStamp = reader.ReadUInt32();
_ForwarderChain = reader.ReadUInt32();
uint nameRVA = reader.ReadUInt32();
_Name = mod.StringFromRVA(reader, nameRVA);
uint iatRVA = reader.ReadUInt32(); //can also get this from the PEHeader's data dirs
Length = reader.BaseStream.Position - Start;
long offs = reader.BaseStream.Position; // remember our position at the end of the imp dir entry record
if (nameRVA == 0)
{
//indicate that this is not valid, because we reached the null terminating record
//or because we are hopelessly lost
_Name = null;
return;
}
try
{
//get imp look table from RVA
ArrayList arr;
uint tableOffs, field;
if (iltRVA != 0)
{
arr = new ArrayList();
tableOffs = mod.ModHeaders.Rva2Offset(iltRVA);
reader.BaseStream.Position = tableOffs;
field = reader.ReadUInt32();
while (field != 0)
{
arr.Add(new ImportAddress(field, reader, mod));
field = reader.ReadUInt32();
}
_ImportLookupTable = (ImportAddress[])arr.ToArray(typeof(ImportAddress));
}
//get imp Addr table from RVA
if (iatRVA != 0)
{
arr = new ArrayList();
tableOffs = mod.ModHeaders.Rva2Offset(iatRVA);
reader.BaseStream.Position = tableOffs;
field = reader.ReadUInt32();
while (field != 0)
{
arr.Add(field);
field = reader.ReadUInt32();
}
_ImportAddressTable = (uint[])arr.ToArray(typeof(uint));
}
}
catch //(Exception e)
{
}
finally
{
//restore stream pos
reader.BaseStream.Position = offs;
}
}