private void ReadSections(BufferedBinaryReader reader, int count)
{
var sections = new Section[count];
for (int i = 0; i < count; i++)
{
var section = new Section
{
Name = reader.ReadZeroTerminatedString(8)
};
// VirtualSize 4
reader.Advance(4);
section.VirtualAddress = reader.ReadUInt32();
section.SizeOfRawData = reader.ReadUInt32();
section.PointerToRawData = reader.ReadUInt32();
// PointerToRelocations 4
// PointerToLineNumbers 4
// NumberOfRelocations 2
// NumberOfLineNumbers 2
// Characteristics 4
reader.Advance(16);
sections[i] = section;
}
Sections = sections;
}
private void Load()
{
_image.Load(_reader);
uint mdbOffset = (uint)_reader.Position;
_reader.Position = mdbOffset;
// Metadata Header
// Signature
if (_reader.ReadUInt32() != 0x424A5342)
{
throw new BadMetadataException("Invalid metadata header.");
}
// MajorVersion 2
// MinorVersion 2
// Reserved 4
_reader.Advance(8);
var runtimeVersion = _reader.ReadZeroTerminatedString(_reader.ReadInt32());
// align for dword boundary
_reader.Align4();
// Flags 2
_reader.Advance(2);
LoadHeaps(mdbOffset);
}
public void Load(BufferedBinaryReader reader)
{
if (reader.Length < 128)
{
throw new BadImageFormatException();
}
// - DOSHeader
// PE 2
// Start 58
// Lfanew 4
// End 64
if (reader.ReadUInt16() != 0x5a4d)
{
throw new BadImageFormatException();
}
reader.Advance(58);
reader.Position = reader.ReadUInt32();
// PE NT signature
if (reader.ReadUInt32() != 0x00004550)
{
throw new BadImageFormatException();
}
// - PEFileHeader
Architecture = ReadArchitecture(reader); // 2 bytes
ushort numberOfSections = reader.ReadUInt16();
// TimeDateStamp 4
// PointerToSymbolTable 4
// NumberOfSymbols 4
// OptionalHeaderSize 2
reader.Advance(14);
// Characteristics 2
ushort characteristics = reader.ReadUInt16();
DataDirectory cli;
ushort subsystem, dll_characteristics;
ReadOptionalHeaders(reader, out subsystem, out dll_characteristics, out cli);
Kind = ResolveModuleKind(characteristics, subsystem);
Characteristics = (ModuleCharacteristics)dll_characteristics;
ReadSections(reader, numberOfSections);
ReadCliHeader(reader, cli);
}
private void ReadCliHeader(BufferedBinaryReader reader, DataDirectory cliHeader)
{
MoveTo(reader, cliHeader);
// - CLIHeader
// Cb 4
// MajorRuntimeVersion 2
// MinorRuntimeVersion 2
reader.Advance(8);
var metadata = ReadDataDirectory(reader);
Attributes = (ModuleAttributes)reader.ReadUInt32();
// EntryPointToken 4
EntryPointToken = reader.ReadUInt32();
// Resources 8
Resources = ReadDataDirectory(reader);
// StrongNameSignature 8
StrongName = ReadDataDirectory(reader);
// CodeManagerTable 8
// VTableFixups 8
// ExportAddressTableJumps 8
// ManagedNativeHeader 8
MoveTo(reader, metadata);
}
private static void ReadOptionalHeaders(BufferedBinaryReader reader, out ushort subsystem, out ushort dll_characteristics, out DataDirectory cli)
{
// - PEOptionalHeader
// - StandardFieldsHeader
// Magic 2
bool pe64 = reader.ReadUInt16() == 0x20b;
// pe32 || pe64
// LMajor 1
// LMinor 1
// CodeSize 4
// InitializedDataSize 4
// UninitializedDataSize4
// EntryPointRVA 4
// BaseOfCode 4
// BaseOfData 4 || 0
// - NTSpecificFieldsHeader
// ImageBase 4 || 8
// SectionAlignment 4
// FileAlignement 4
// OSMajor 2
// OSMinor 2
// UserMajor 2
// UserMinor 2
// SubSysMajor 2
// SubSysMinor 2
// Reserved 4
// ImageSize 4
// HeaderSize 4
// FileChecksum 4
reader.Advance(66);
// SubSystem 2
subsystem = reader.ReadUInt16();
// DLLFlags 2
dll_characteristics = reader.ReadUInt16();
// StackReserveSize 4 || 8
// StackCommitSize 4 || 8
// HeapReserveSize 4 || 8
// HeapCommitSize 4 || 8
// LoaderFlags 4
// NumberOfDataDir 4
// - DataDirectoriesHeader
// ExportTable 8
// ImportTable 8
// ResourceTable 8
// ExceptionTable 8
// CertificateTable 8
// BaseRelocationTable 8
reader.Advance(pe64 ? 88 : 72);
// Debug 8
var Debug = ReadDataDirectory(reader);
// Copyright 8
// GlobalPtr 8
// TLSTable 8
// LoadConfigTable 8
// BoundImport 8
// IAT 8
// DelayImportDescriptor8
reader.Advance(56);
// CLIHeader 8
cli = ReadDataDirectory(reader);
if (cli.IsEmpty)
{
throw new BadImageFormatException();
}
// Reserved 8
reader.Advance(8);
}
