internal static ImageResourceDirectoryEntry FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var resourceDirectory =
context.Assembly.NtHeaders.OptionalHeader.DataDirectories[ImageDataDirectory.ResourceDirectoryIndex];
var entry = new ImageResourceDirectoryEntry
{
StartOffset = reader.Position,
NameId = reader.ReadUInt32(),
OffsetToData = reader.ReadUInt32(),
};
entry.HasData = (entry.OffsetToData >> 31) == 0;
uint actualDataOffset = entry.OffsetToData & ~(1 << 31);
entry.HasName = (entry.NameId >> 31) == 1;
if (entry.HasName)
{
entry._nameReadingContext =
context.CreateSubContext(context.Assembly.RvaToFileOffset(resourceDirectory.VirtualAddress) +
(entry.NameId & ~(1 << 31)));
}
entry._dataReadingContext =
context.CreateSubContext(context.Assembly.RvaToFileOffset(resourceDirectory.VirtualAddress) +
actualDataOffset);
return(entry);
}
public static ImageImportDirectory FromReadingContext(ReadingContext context)
{
return new ImageImportDirectory()
{
_readingContext = context
};
}
internal static ImageModuleImport FromReadingContext(ReadingContext context)
{
var application = context.Assembly;
var reader = context.Reader;
var moduleImport = new ImageModuleImport
{
StartOffset = reader.Position,
ImportLookupTableRva = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
ForwarderChain = reader.ReadUInt32(),
NameRva = reader.ReadUInt32(),
ImportAddressTableRva = reader.ReadUInt32(),
};
if (moduleImport.IsEmpty)
{
return(moduleImport);
}
var nameReader = reader.CreateSubReader(application.RvaToFileOffset(moduleImport.NameRva));
moduleImport.Name = nameReader.ReadAsciiString();
moduleImport._readingContext =
context.CreateSubContext(application.RvaToFileOffset(moduleImport.ImportLookupTableRva));
return(moduleImport);
}
internal static ImageSectionHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var header = new ImageSectionHeader
{
StartOffset = reader.Position,
Name = Encoding.ASCII.GetString(reader.ReadBytes(8)),
VirtualSize = reader.ReadUInt32(),
VirtualAddress = reader.ReadUInt32(),
SizeOfRawData = reader.ReadUInt32(),
PointerToRawData = reader.ReadUInt32(),
PointerToRelocations = reader.ReadUInt32(),
PointerToLinenumbers = reader.ReadUInt32(),
NumberOfRelocations = reader.ReadUInt16(),
NumberOfLinenumbers = reader.ReadUInt16(),
Attributes = (ImageSectionAttributes)reader.ReadUInt32(),
};
var sectionReader = context.Reader.CreateSubReader(
header.PointerToRawData,
(int)header.SizeOfRawData);
header.Section = new ImageSection(header, sectionReader);
return(header);
}
internal static WindowsAssembly FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var application = new WindowsAssembly();
context.Assembly = application;
application.ReadingContext = context;
// Read absolute essential parts of PE:
// - DOS header
// - NT headers
// - Section headers
application._dosHeader = ImageDosHeader.FromReadingContext(context);
reader.Position = application.DosHeader.Lfanew;
application._ntHeaders = ImageNtHeaders.FromReadingContext(context);
reader.Position =
application.NtHeaders.OptionalHeader.StartOffset +
application.NtHeaders.FileHeader.SizeOfOptionalHeader;
for (int i = 0; i < application.NtHeaders.FileHeader.NumberOfSections; i++)
{
application.SectionHeaders.Add(ImageSectionHeader.FromReadingContext(context));
}
return(application);
}
internal static ImageExportDirectory FromReadingContext(ReadingContext context)
{
var application = context.Assembly;
var reader = context.Reader;
var directory = new ImageExportDirectory
{
_readingContext = context,
StartOffset = reader.Position,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
NameRva = reader.ReadUInt32(),
OrdinalBase = reader.ReadUInt32(),
NumberOfFunctions = reader.ReadUInt32(),
NumberOfNames = reader.ReadUInt32(),
AddressOfFunctions = reader.ReadUInt32(),
AddressOfNames = reader.ReadUInt32(),
AddressOfNameOrdinals = reader.ReadUInt32(),
};
var nameReader = reader.CreateSubReader(application.RvaToFileOffset(directory.NameRva));
directory.Name = nameReader.ReadAsciiString();
return(directory);
}
internal static ImageResourceDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var directory = new ImageResourceDirectory
{
StartOffset = reader.Position,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
};
var numberOfNamedEntries = reader.ReadUInt16();
var numberOfIdEntries = reader.ReadUInt16();
for (int i = 0; i < numberOfNamedEntries; i++)
{
directory.Entries.Add(ImageResourceDirectoryEntry.FromReadingContext(context));
}
for (int i = 0; i < numberOfIdEntries; i++)
{
directory.Entries.Add(ImageResourceDirectoryEntry.FromReadingContext(context));
}
return(directory);
}
internal static ImageSymbolImport FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var application = context.Assembly;
var optionalHeader = application.NtHeaders.OptionalHeader;
var import = new ImageSymbolImport(optionalHeader.Magic == OptionalHeaderMagic.Pe32Plus
? reader.ReadUInt64()
: reader.ReadUInt32());
if (import.Lookup == 0)
{
return(import);
}
import.IsImportByOrdinal = import.Lookup >> (optionalHeader.Magic == OptionalHeaderMagic.Pe32Plus ? 63 : 31) == 1;
if (!import.IsImportByOrdinal)
{
import.HintName =
HintName.FromReadingContext(context.CreateSubContext(application.RvaToFileOffset(import.HintNameRva)));
}
return(import);
}
public static ImageImportDirectory FromReadingContext(ReadingContext context)
{
return(new ImageImportDirectory()
{
_readingContext = context
});
}
private static ReadingContext CreateDataDirectoryContext(ReadingContext context, int directoryIndex)
{
var application = context.Assembly;
var dataDirectory = application.NtHeaders.OptionalHeader.DataDirectories[directoryIndex];
return(dataDirectory.VirtualAddress == 0
? null
: context.CreateSubContext(application.RvaToFileOffset(dataDirectory.VirtualAddress)));
}
internal static ImageDataDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return new ImageDataDirectory
{
StartOffset = reader.Position,
VirtualAddress = reader.ReadUInt32(),
Size = reader.ReadUInt32(),
};
}
internal static BaseRelocationBlock FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var block = new BaseRelocationBlock(reader.ReadUInt32())
{
_blockSize = reader.ReadUInt32(),
};
block._entriesReadingContext = context.CreateSubContext(reader.Position, (int)(block.BlockSize - (2 * sizeof(uint))));
return(block);
}
internal static ImageDataDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return(new ImageDataDirectory
{
StartOffset = reader.Position,
VirtualAddress = reader.ReadUInt32(),
Size = reader.ReadUInt32(),
});
}
internal static ImageNtHeaders FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return new ImageNtHeaders
{
StartOffset = reader.Position,
Signature = reader.ReadUInt32(),
FileHeader = ImageFileHeader.FromReadingContext(context),
OptionalHeader = ImageOptionalHeader.FromReadingContext(context),
};
}
internal static ImageNtHeaders FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return(new ImageNtHeaders
{
StartOffset = reader.Position,
Signature = reader.ReadUInt32(),
FileHeader = ImageFileHeader.FromReadingContext(context),
OptionalHeader = ImageOptionalHeader.FromReadingContext(context),
});
}
internal static ImageDosHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var header = new ImageDosHeader
{
StartOffset = reader.Position,
Magic = reader.ReadUInt16()
};
reader.Position = 0x3C;
header.Lfanew = reader.ReadUInt32();
return(header);
}
internal static HintName FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var hintName = new HintName
{
StartOffset = reader.Position,
Hint = reader.ReadUInt16(),
Name = reader.ReadAsciiString(),
};
if (reader.Position % 2 != 0)
reader.Position++;
return hintName;
}
internal static ImageDosHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var header = new ImageDosHeader
{
StartOffset = reader.Position,
Magic = reader.ReadUInt16()
};
reader.Position = 0x3C;
header.Lfanew = reader.ReadUInt32();
return header;
}
public static ImageRelocationDirectory FromReadingContext(ReadingContext context)
{
var directory = new ImageRelocationDirectory();
var relocDirectory =
context.Assembly.NtHeaders.OptionalHeader.DataDirectories[
ImageDataDirectory.BaseRelocationDirectoryIndex];
while (context.Reader.Position < context.Reader.StartPosition + relocDirectory.Size)
{
var block = BaseRelocationBlock.FromReadingContext(context);
directory.Blocks.Add(block);
context.Reader.Position += block.BlockSize - 2 * sizeof (uint);
}
return directory;
}
public static ImageRelocationDirectory FromReadingContext(ReadingContext context)
{
var directory = new ImageRelocationDirectory();
var relocDirectory =
context.Assembly.NtHeaders.OptionalHeader.DataDirectories[
ImageDataDirectory.BaseRelocationDirectoryIndex];
while (context.Reader.Position < context.Reader.StartPosition + relocDirectory.Size)
{
var block = BaseRelocationBlock.FromReadingContext(context);
directory.Blocks.Add(block);
context.Reader.Position += block.BlockSize - 2 * sizeof(uint);
}
return(directory);
}
internal static ImageFileHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return(new ImageFileHeader()
{
StartOffset = reader.Position,
Machine = (ImageMachineType)reader.ReadUInt16(),
NumberOfSections = reader.ReadUInt16(),
TimeDateStamp = reader.ReadUInt32(),
PointerToSymbolTable = reader.ReadUInt32(),
NumberOfSymbols = reader.ReadUInt32(),
SizeOfOptionalHeader = reader.ReadUInt16(),
Characteristics = (ImageCharacteristics)reader.ReadUInt16(),
});
}
private static ReadingContext CreateDataDirectoryContext(ReadingContext context, int directoryIndex)
{
var application = context.Assembly;
var dataDirectories = application.NtHeaders.OptionalHeader.DataDirectories;
if (directoryIndex >= 0 && directoryIndex < dataDirectories.Count)
{
var dataDirectory = dataDirectories[directoryIndex];
if (dataDirectory.VirtualAddress != 0)
{
return(context.CreateSubContext(application.RvaToFileOffset(dataDirectory.VirtualAddress)));
}
}
return(null);
}
internal static HintName FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var hintName = new HintName
{
StartOffset = reader.Position,
Hint = reader.ReadUInt16(),
Name = reader.ReadAsciiString(),
};
if (reader.Position % 2 != 0)
{
reader.Position++;
}
return(hintName);
}
public static ImageDebugDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var directory = new ImageDebugDirectory()
{
StartOffset = reader.StartPosition,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
Type = (DebugInformationFormat)reader.ReadUInt32(),
SizeOfData = reader.ReadUInt32(),
AddressOfRawData = reader.ReadUInt32(),
PointerToRawData = reader.ReadUInt32(),
};
directory._dataReadingContext = context.CreateSubContext(directory.PointerToRawData, (int)directory.SizeOfData);
return(directory);
}
internal static ImageOptionalHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var header = new ImageOptionalHeader
{
StartOffset = reader.Position,
Magic = (OptionalHeaderMagic)reader.ReadUInt16(),
MajorLinkerVersion = reader.ReadByte(),
MinorLinkerVersion = reader.ReadByte(),
SizeOfCode = reader.ReadUInt32(),
SizeOfInitializedData = reader.ReadUInt32(),
SizeOfUninitializedData = reader.ReadUInt32(),
AddressOfEntrypoint = reader.ReadUInt32(),
BaseOfCode = reader.ReadUInt32()
};
switch (header.Magic)
{
case OptionalHeaderMagic.Pe32:
header.BaseOfData = reader.ReadUInt32();
header.ImageBase = reader.ReadUInt32();
break;
case OptionalHeaderMagic.Pe32Plus:
header.ImageBase = reader.ReadUInt64();
break;
default:
throw new NotSupportedException(string.Format("Unrecognized or unsupported executable format."));
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = (ImageSubSystem)reader.ReadUInt16();
header.DllCharacteristics = (ImageDllCharacteristics)reader.ReadUInt16();
if (header.Magic == OptionalHeaderMagic.Pe32)
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
int dataDirectories = context.Parameters.ForceDataDirectoryCount
? context.Parameters.DataDirectoryCount
: (int) header.NumberOfRvaAndSizes;
for (int i = 0; i < dataDirectories; i++)
header.DataDirectories.Add(ImageDataDirectory.FromReadingContext(context));
return header;
}
public static ImageDebugDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var directory = new ImageDebugDirectory()
{
StartOffset = reader.StartPosition,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
Type = (DebugInformationFormat)reader.ReadUInt32(),
SizeOfData = reader.ReadUInt32(),
AddressOfRawData = reader.ReadUInt32(),
PointerToRawData = reader.ReadUInt32(),
};
directory._dataReadingContext = context.CreateSubContext(directory.PointerToRawData, (int)directory.SizeOfData);
return directory;
}
internal static ImageResourceDirectory FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var directory = new ImageResourceDirectory
{
StartOffset = reader.Position,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
};
var numberOfNamedEntries = reader.ReadUInt16();
var numberOfIdEntries = reader.ReadUInt16();
for (int i = 0; i < numberOfNamedEntries; i++)
directory.Entries.Add(ImageResourceDirectoryEntry.FromReadingContext(context));
for (int i = 0; i < numberOfIdEntries; i++)
directory.Entries.Add(ImageResourceDirectoryEntry.FromReadingContext(context));
return directory;
}
internal static BaseRelocationBlock FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
long offset = reader.Position;
var block = new BaseRelocationBlock(reader.ReadUInt32())
{
StartOffset = offset,
_blockSize = reader.ReadUInt32(),
};
block._entriesReadingContext = context.CreateSubContext(reader.Position, (int)(block.BlockSize - (2 * sizeof (uint))));
return block;
}
internal static ImageModuleImport FromReadingContext(ReadingContext context)
{
var application = context.Assembly;
var reader = context.Reader;
var moduleImport = new ImageModuleImport
{
StartOffset = reader.Position,
ImportLookupTableRva = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
ForwarderChain = reader.ReadUInt32(),
NameRva = reader.ReadUInt32(),
ImportAddressTableRva = reader.ReadUInt32(),
};
if (moduleImport.IsEmpty)
return moduleImport;
var nameReader = reader.CreateSubReader(application.RvaToFileOffset(moduleImport.NameRva));
moduleImport.Name = nameReader.ReadAsciiString();
moduleImport._readingContext =
context.CreateSubContext(application.RvaToFileOffset(moduleImport.ImportLookupTableRva));
return moduleImport;
}
internal static ImageSectionHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return new ImageSectionHeader
{
StartOffset = reader.Position,
Name = Encoding.ASCII.GetString(reader.ReadBytes(8)),
VirtualSize = reader.ReadUInt32(),
VirtualAddress = reader.ReadUInt32(),
SizeOfRawData = reader.ReadUInt32(),
PointerToRawData = reader.ReadUInt32(),
PointerToRelocations = reader.ReadUInt32(),
PointerToLinenumbers = reader.ReadUInt32(),
NumberOfRelocations = reader.ReadUInt16(),
NumberOfLinenumbers = reader.ReadUInt16(),
Attributes = (ImageSectionAttributes)reader.ReadUInt32(),
};
}
public static DataSegment FromReadingContext(ReadingContext context)
{
return(new DataSegment(context.Reader.ReadBytes(
(int)(context.Reader.Length - (context.Reader.Position - context.Reader.StartPosition)))));
}
internal static ImageOptionalHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var header = new ImageOptionalHeader
{
StartOffset = reader.Position,
Magic = (OptionalHeaderMagic)reader.ReadUInt16(),
MajorLinkerVersion = reader.ReadByte(),
MinorLinkerVersion = reader.ReadByte(),
SizeOfCode = reader.ReadUInt32(),
SizeOfInitializedData = reader.ReadUInt32(),
SizeOfUninitializedData = reader.ReadUInt32(),
AddressOfEntrypoint = reader.ReadUInt32(),
BaseOfCode = reader.ReadUInt32()
};
switch (header.Magic)
{
case OptionalHeaderMagic.Pe32:
header.BaseOfData = reader.ReadUInt32();
header.ImageBase = reader.ReadUInt32();
break;
case OptionalHeaderMagic.Pe32Plus:
header.ImageBase = reader.ReadUInt64();
break;
default:
throw new NotSupportedException(string.Format("Unrecognized or unsupported executable format."));
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = (ImageSubSystem)reader.ReadUInt16();
header.DllCharacteristics = (ImageDllCharacteristics)reader.ReadUInt16();
if (header.Magic == OptionalHeaderMagic.Pe32)
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
int dataDirectories = context.Parameters.ForceDataDirectoryCount
? context.Parameters.DataDirectoryCount
: (int)header.NumberOfRvaAndSizes;
for (int i = 0; i < dataDirectories; i++)
{
header.DataDirectories.Add(ImageDataDirectory.FromReadingContext(context));
}
return(header);
}
internal static ImageSymbolImport FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var application = context.Assembly;
var optionalHeader = application.NtHeaders.OptionalHeader;
var import = new ImageSymbolImport(optionalHeader.Magic == OptionalHeaderMagic.Pe32Plus
? reader.ReadUInt64()
: reader.ReadUInt32());
if (import.Lookup == 0)
return import;
import.IsImportByOrdinal = import.Lookup >> (optionalHeader.Magic == OptionalHeaderMagic.Pe32Plus ? 63 : 31) == 1;
if (!import.IsImportByOrdinal)
import.HintName =
HintName.FromReadingContext(context.CreateSubContext(application.RvaToFileOffset(import.HintNameRva)));
return import;
}
internal static ImageResourceDirectoryEntry FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var resourceDirectory =
context.Assembly.NtHeaders.OptionalHeader.DataDirectories[ImageDataDirectory.ResourceDirectoryIndex];
var entry = new ImageResourceDirectoryEntry
{
StartOffset = reader.Position,
NameId = reader.ReadUInt32(),
OffsetToData = reader.ReadUInt32(),
};
entry.HasData = (entry.OffsetToData >> 31) == 0;
uint actualDataOffset = entry.OffsetToData & ~(1 << 31);
entry.HasName = (entry.NameId >> 31) == 1;
if (entry.HasName)
{
entry._nameReadingContext =
context.CreateSubContext(context.Assembly.RvaToFileOffset(resourceDirectory.VirtualAddress) +
(entry.NameId & ~(1 << 31)));
}
entry._dataReadingContext =
context.CreateSubContext(context.Assembly.RvaToFileOffset(resourceDirectory.VirtualAddress) +
actualDataOffset);
return entry;
}
public static DataSegment FromReadingContext(ReadingContext context)
{
return new DataSegment(context.Reader.ReadBytes(
(int)(context.Reader.Length - (context.Reader.Position - context.Reader.StartPosition))));
}
private static ReadingContext CreateDataDirectoryContext(ReadingContext context, int directoryIndex)
{
var application = context.Assembly;
var dataDirectories = application.NtHeaders.OptionalHeader.DataDirectories;
if (directoryIndex >= 0 && directoryIndex < dataDirectories.Count)
{
var dataDirectory = dataDirectories[directoryIndex];
if (dataDirectory.VirtualAddress != 0)
return context.CreateSubContext(application.RvaToFileOffset(dataDirectory.VirtualAddress));
}
return null;
}
internal static ImageExportDirectory FromReadingContext(ReadingContext context)
{
var application = context.Assembly;
var reader = context.Reader;
var directory = new ImageExportDirectory
{
_readingContext = context,
StartOffset = reader.Position,
Characteristics = reader.ReadUInt32(),
TimeDateStamp = reader.ReadUInt32(),
MajorVersion = reader.ReadUInt16(),
MinorVersion = reader.ReadUInt16(),
NameRva = reader.ReadUInt32(),
OrdinalBase = reader.ReadUInt32(),
NumberOfFunctions = reader.ReadUInt32(),
NumberOfNames = reader.ReadUInt32(),
AddressOfFunctions = reader.ReadUInt32(),
AddressOfNames = reader.ReadUInt32(),
AddressOfNameOrdinals = reader.ReadUInt32(),
};
var nameReader = reader.CreateSubReader(application.RvaToFileOffset(directory.NameRva));
directory.Name = nameReader.ReadAsciiString();
return directory;
}
internal static WindowsAssembly FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
var application = new WindowsAssembly();
context.Assembly = application;
application.ReadingContext = context;
// Read absolute essential parts of PE:
// - DOS header
// - NT headers
// - Section headers
application._dosHeader = ImageDosHeader.FromReadingContext(context);
reader.Position = application.DosHeader.Lfanew;
application._ntHeaders = ImageNtHeaders.FromReadingContext(context);
reader.Position =
application.NtHeaders.OptionalHeader.StartOffset +
application.NtHeaders.FileHeader.SizeOfOptionalHeader;
for (int i = 0; i < application.NtHeaders.FileHeader.NumberOfSections; i++)
application.SectionHeaders.Add(ImageSectionHeader.FromReadingContext(context));
return application;
}
internal static ImageFileHeader FromReadingContext(ReadingContext context)
{
var reader = context.Reader;
return new ImageFileHeader()
{
StartOffset = reader.Position,
Machine = (ImageMachineType)reader.ReadUInt16(),
NumberOfSections = reader.ReadUInt16(),
TimeDateStamp = reader.ReadUInt32(),
PointerToSymbolTable = reader.ReadUInt32(),
NumberOfSymbols = reader.ReadUInt32(),
SizeOfOptionalHeader = reader.ReadUInt16(),
Characteristics = (ImageCharacteristics)reader.ReadUInt16(),
};
}