public OSRel(byte[] file, int address) { offset = ByteConverter.ToUInt16(file, address); type = file[address + 2]; section = file[address + 3]; addend = ByteConverter.ToUInt32(file, address + 4); }
public static uint?SetupEXE(ref byte[] exefile) { if (ByteConverter.ToUInt16(exefile, 0) != 0x5A4D) { return(null); } int ptr = ByteConverter.ToInt32(exefile, 0x3c); if (ByteConverter.ToInt32(exefile, (int)ptr) != 0x4550) //PE\0\0 { return(null); } ptr += 4; UInt16 numsects = ByteConverter.ToUInt16(exefile, (int)ptr + 2); ptr += 0x14; int PEHead = ptr; uint imageBase = ByteConverter.ToUInt32(exefile, ptr + 28); byte[] result = new byte[ByteConverter.ToUInt32(exefile, ptr + 56)]; Array.Copy(exefile, result, ByteConverter.ToUInt32(exefile, ptr + 60)); ptr += 0xe0; for (int i = 0; i < numsects; i++) { Array.Copy(exefile, ByteConverter.ToInt32(exefile, ptr + (int)SectOffs.FAddr), result, ByteConverter.ToInt32(exefile, ptr + (int)SectOffs.VAddr), ByteConverter.ToInt32(exefile, ptr + (int)SectOffs.FSize)); ptr += (int)SectOffs.Size; } exefile = result; return(imageBase); }
public static bool CheckBigEndianInt16(byte[] file, int address) { bool bigEndState = ByteConverter.BigEndian; ByteConverter.BigEndian = true; bool isBigEndian = BitConverter.ToUInt16(file, address) > ByteConverter.ToUInt16(file, address); ByteConverter.BigEndian = bigEndState; return(isBigEndian); }
public static uint GetNewSectionAddress(byte[] exefile) { int ptr = ByteConverter.ToInt32(exefile, 0x3c); ptr += 4; UInt16 numsects = ByteConverter.ToUInt16(exefile, (int)ptr + 2); ptr += 0x14; ptr += 0xe0; ptr += (int)SectOffs.Size * (numsects - 1); return(HelperFunctions.Align(ByteConverter.ToUInt32(exefile, ptr + (int)SectOffs.VAddr) + ByteConverter.ToUInt32(exefile, ptr + (int)SectOffs.VSize))); }
public static void CreateNewSection(ref byte[] exefile, string name, byte[] data, bool isCode) { int ptr = ByteConverter.ToInt32(exefile, 0x3c); ptr += 4; UInt16 numsects = ByteConverter.ToUInt16(exefile, ptr + 2); int sectnumptr = ptr + 2; ptr += 0x14; int PEHead = ptr; ptr += 0xe0; int sectptr = ptr; ptr += (int)SectOffs.Size * numsects; ByteConverter.GetBytes((ushort)(numsects + 1)).CopyTo(exefile, sectnumptr); Array.Clear(exefile, ptr, 8); Encoding.ASCII.GetBytes(name).CopyTo(exefile, ptr); UInt32 vaddr = HelperFunctions.Align(ByteConverter.ToUInt32(exefile, ptr - (int)SectOffs.Size + (int)SectOffs.VAddr) + ByteConverter.ToUInt32(exefile, ptr - (int)SectOffs.Size + (int)SectOffs.VSize)); ByteConverter.GetBytes(vaddr).CopyTo(exefile, ptr + (int)SectOffs.VAddr); UInt32 faddr = HelperFunctions.Align(ByteConverter.ToUInt32(exefile, ptr - (int)SectOffs.Size + (int)SectOffs.FAddr) + ByteConverter.ToUInt32(exefile, ptr - (int)SectOffs.Size + (int)SectOffs.FSize)); ByteConverter.GetBytes(faddr).CopyTo(exefile, ptr + (int)SectOffs.FAddr); ByteConverter.GetBytes(isCode ? 0x60000020 : 0xC0000040).CopyTo(exefile, ptr + (int)SectOffs.Flags); int diff = (int)HelperFunctions.Align((uint)data.Length); ByteConverter.GetBytes(diff).CopyTo(exefile, ptr + (int)SectOffs.VSize); ByteConverter.GetBytes(diff).CopyTo(exefile, ptr + (int)SectOffs.FSize); if (isCode) { ByteConverter.GetBytes(Convert.ToUInt32(ByteConverter.ToUInt32(exefile, PEHead + 4) + diff)).CopyTo(exefile, PEHead + 4); } else { ByteConverter.GetBytes(Convert.ToUInt32(ByteConverter.ToUInt32(exefile, PEHead + 8) + diff)).CopyTo(exefile, PEHead + 8); } ByteConverter.GetBytes(Convert.ToUInt32(ByteConverter.ToUInt32(exefile, PEHead + 0x38) + diff)).CopyTo(exefile, PEHead + 0x38); Array.Resize(ref exefile, exefile.Length + diff); data.CopyTo(exefile, vaddr); }
public override ushort ReadUInt16() { return(ByteConverter.ToUInt16(ReadBytes(sizeof(ushort)), 0)); }