internal void ReadFatMethod() { peImage.SetOffset(Offset.FromRva(rva, peImage.ParentAssembly).FileOffset); fatsig = BitConverter.ToInt16(peImage.ReadBytes(2), 0); maxstack = BitConverter.ToInt16(peImage.ReadBytes(2), 0); codesize = BitConverter.ToUInt32(peImage.ReadBytes(4), 0); localvarsig = BitConverter.ToUInt32(peImage.ReadBytes(4), 0); }
/// <summary> /// Replaces an instruction with a new instruction. /// </summary> /// <param name="targetInstruction">The instruction to replace.</param> /// <param name="newInstruction">The new instruction.</param> /// <param name="overwriteWhenLarger">A boolean indicating whenever the new instruction is larger, it should overwrite the following instructions.</param> public void Replace(x86Instruction targetInstruction, x86Instruction newInstruction, bool overwriteWhenLarger) { int targetOffset = (int)targetInstruction.Offset.FileOffset; if (!overwriteWhenLarger && targetInstruction.Size < newInstruction.Size) { throw new ArgumentException("The size of the new instruction is bigger than the target instruction.", "newInstruction"); } newInstruction.Offset = targetInstruction.Offset; int NopsToAdd = CalculateSpaceNeeded(targetInstruction, newInstruction) - newInstruction.Size; byte[] NOPS = new byte[NopsToAdd]; for (int i = 0; i < NopsToAdd; i++) { NOPS[i] = 0x90; } image.SetOffset(targetOffset); image.Writer.Write(newInstruction.OpCode.opcodebytes); if (newInstruction.operandbytes != null) { image.Writer.Write(newInstruction.operandbytes); } image.Writer.Write(NOPS); }
public void Replace(MSILInstruction targetInstruction, MSILInstruction newInstruction, bool overwriteWhenLarger, bool suppressInvalidReferences) { int targetOffset = (int)(_bodyOffset + targetInstruction.Offset); if (!overwriteWhenLarger && targetInstruction.Size < newInstruction.Size) { throw new ArgumentException("The size of the new instruction is bigger than the target instruction.", "newInstruction"); } newInstruction.Offset = targetInstruction.Offset; GenerateOperandBytes(newInstruction); if (!suppressInvalidReferences && newInstruction.Operand is MetaDataMember) { if (!ValidateReference(newInstruction.Operand as MetaDataMember)) { throw new ArgumentException(newInstruction.Operand.ToString() + " does not match with the metadata member provided in the target assembly", "newInstruction"); } } int totalSize = CalculateSpaceNeeded(targetInstruction, newInstruction); int NopsToAdd = totalSize - newInstruction.Size; byte[] NOPS = new byte[NopsToAdd]; _image.SetOffset(targetOffset); _image.Writer.Write(newInstruction.OpCode.Bytes); if (newInstruction.OperandBytes != null) { _image.Writer.Write(newInstruction.OperandBytes); } _image.Writer.Write(NOPS); }
internal NETMethodReader(PeImage peImage, MethodBody methodbody) { tokenResolver = new MetaDataTokenResolver(peImage.ParentAssembly._netHeader); this.peImage = peImage; this.rva = methodbody.Method.RVA; this.methodbody = methodbody; peImage.SetOffset(Offset.FromRva(rva, peImage.ParentAssembly).FileOffset); rawoffset = (uint)peImage.Stream.Position; signature = peImage.Reader.ReadByte(); }
private void LoadExports() { // TODO: Unnamed exports (detect exports with only an ordinal). string libraryname = header.assembly.path.Substring(header.assembly.path.LastIndexOf('\\') + 1); DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export]; if (exportdatadir.targetOffset.FileOffset == 0) { return; } image.SetOffset(exportdatadir.TargetOffset.FileOffset); exportDirectory = image.ReadStructure <Structures.IMAGE_EXPORT_DIRECTORY>(); OffsetConverter offsetConverter = new OffsetConverter(exportdatadir.Section); uint functionoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions); uint functionnameoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames); uint functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals); for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++) { image.SetOffset(functionoffset); uint functionRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameoffset); uint functionNameRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameordinaloffset); uint functionNameOrdinal = image.Reader.ReadUInt32(); string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA)); exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base))); functionoffset += 4; functionnameoffset += 4; functionnameordinaloffset += 4; } }
/// <summary> /// Reads the data as a stream with a specified buffer size. /// </summary> /// <param name="buffersize">The buffer size to be used to read the data.</param> /// <returns></returns> public Stream GetStream(int buffersize) { image.SetOffset(targetOffset); return(image.ReadStream((int)Size, buffersize)); }