internal NETTableReader(TablesHeap tablesheap)
{
using (BinaryReader reader = new BinaryReader(new MemoryStream(tablesheap.Contents)))
{
tablesheap._header = ASMGlobals.ReadStructureFromReader <Structures.METADATA_TABLE_HEADER>(reader);
this.tablesHeap = tablesheap;
for (int i = 0; i < 45; i++)
{
if (tablesHeap.HasTable((MetaDataTableType)i))
{
tablesHeap._tablecount++;
}
}
tablesHeap._tablereader = this;
if ((tablesHeap.HeapOffsetSizes & 1) == 1)
{
tablesHeap._netheader.StringsHeap._indexsize = 4;
}
if ((tablesHeap.HeapOffsetSizes & 2) == 2)
{
tablesHeap._netheader.GuidHeap._indexsize = 4;
}
if ((tablesHeap.HeapOffsetSizes & 4) == 4)
{
tablesHeap._netheader.BlobHeap._indexsize = 4;
}
ReadTableHeaders(reader);
}
}
internal ResourceDirectoryEntry ReadDirectoryEntry(uint offset)
{
var rawEntry = ASMGlobals.ReadStructureFromReader <Structures.IMAGE_RESOURCE_DIRECTORY_ENTRY>(reader);
string customName = string.Empty;
ResourceDirectoryEntry resourceEntry = new ResourceDirectoryEntry(image, offset, rawEntry, customName);
return(resourceEntry);
}
internal ResourceDataEntry ReadDataEntry(uint offset, ResourceDirectoryEntry entry)
{
if (TrySetOffset(offset))
{
var rawDataEntry = ASMGlobals.ReadStructureFromReader <Structures.IMAGE_RESOURCE_DATA_ENTRY>(reader);
return(new ResourceDataEntry(image, resourceDirectory.TargetOffset.FileOffset + offset, entry, rawDataEntry));
}
return(null);
}
internal ResourceDirectory ReadDirectory(uint offset, ResourceDirectoryEntry entry)
{
if (TrySetOffset(offset))
{
var rawDirectory = ASMGlobals.ReadStructureFromReader <Structures.IMAGE_RESOURCE_DIRECTORY>(reader);
return(new ResourceDirectory(image, offset, this, entry, rawDirectory));
}
return(null);
}
private LibraryReference ReadLibraryImport()
{
uint importDirOffset = (uint)image.Position;
var rawImportDir = image.ReadStructure <Structures.IMAGE_IMPORT_DESCRIPTOR>();
if (ASMGlobals.IsEmptyStructure(rawImportDir))
{
return(null);
}
string libName = ReadLibraryName(rawImportDir);
ImportMethod[] methods = ReadImportMethods(rawImportDir);
LibraryReference libReference = new LibraryReference(image, importDirOffset, rawImportDir, libName, methods);
// advance to next datadir.
image.SetOffset(importDirOffset + sizeof(Structures.IMAGE_IMPORT_DESCRIPTOR));
return(libReference);
}
private byte[] ReadRawOperand(MSILOpCode opcode)
{
int size = opcode.Bytes.Length;
switch (opcode.OperandType)
{
case OperandType.Int8:
case OperandType.ShortArgument:
case OperandType.ShortInstructionTarget:
case OperandType.ShortVariable:
return(_reader.ReadBytes(1));
case OperandType.Argument:
case OperandType.Variable:
return(_reader.ReadBytes(2));
case OperandType.Field:
case OperandType.Int32:
case OperandType.Float32:
case OperandType.InstructionTarget:
case OperandType.Method:
case OperandType.Signature:
case OperandType.String:
case OperandType.Token:
case OperandType.Type:
return(_reader.ReadBytes(4));
case OperandType.Float64:
case OperandType.Int64:
return(_reader.ReadBytes(8));
case OperandType.InstructionTable:
byte[] header = _reader.ReadBytes(4);
byte[] offsets = _reader.ReadBytes(BitConverter.ToInt32(header, 0) * sizeof(int));
return(ASMGlobals.MergeBytes(header, offsets));
}
return(null);
}
// /// <summary>
// /// Gets the address of the library reference in the portable executable file.
// /// </summary>
// public uint Address
// {
// get { return rawDescriptor.; }
// }
/// <summary>
/// Resolves the asembly by checking the directory of the assembly, the system directories and the current directory.
/// </summary>
/// <param name="parentAssembly">The parent assembly to search from. You can fill in a null value, but it can influent the result.</param>
/// <param name="disableWOW64Redirection">Disables WOW64 layer redirections to get access 64 bit directories. Default value is true.</param>
/// <returns></returns>
public LWin32 Resolve(LWin32 parentAssembly, bool disableWOW64Redirection = true)
{
LWin32 assembly;
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(false);
}
try
{
string actualpath = "";
if (parentAssembly != null)
{
string path = parentAssembly._path.Substring(0, parentAssembly._path.LastIndexOf("\\"));
if (File.Exists(path + "\\" + LibraryName))
{
actualpath = path + "\\" + LibraryName;
goto things;
}
}
if (parentAssembly._ntHeader.OptionalHeader.Is32Bit)
{
if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName))
{
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.SystemX86) + "\\" + LibraryName;
}
}
else if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName))
{
actualpath = Environment.GetFolderPath(Environment.SpecialFolder.System) + "\\" + LibraryName;
}
if (actualpath == "" & File.Exists(Environment.CurrentDirectory + "\\" + LibraryName))
{
actualpath = Environment.CurrentDirectory + "\\" + LibraryName;
}
things:
if (actualpath == "")
{
throw new ResolveException(new FileNotFoundException("The target application can not be found."));
}
try
{
assembly = LWin32.LoadFile(actualpath);
}
catch (Exception ex)
{
throw new ResolveException(ex);
}
}
catch
{
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(true);
}
throw;
}
finally
{
if (disableWOW64Redirection)
{
ASMGlobals.Wow64EnableWow64FsRedirection(true);
}
}
return(assembly);
}
private object ConvertToOperand(int instructionOffset, MSILOpCode opcode, byte[] rawoperand)
{
try
{
switch (opcode.OperandType)
{
case OperandType.Argument:
ParameterDefinition paramDef = GetParameter(BitConverter.ToInt16(rawoperand, 0));
if (paramDef == null)
{
return(BitConverter.ToInt16(rawoperand, 0));
}
return(paramDef);
case OperandType.ShortArgument:
paramDef = GetParameter(rawoperand[0]);
if (paramDef == null)
{
return(rawoperand[0]);
}
return(paramDef);
case OperandType.Float32:
return(BitConverter.ToSingle(rawoperand, 0));
case OperandType.Float64:
return(BitConverter.ToDouble(rawoperand, 0));
case OperandType.InstructionTable:
int length = BitConverter.ToInt32(rawoperand, 0);
int[] offsets = new int[length];
int nextOffset = instructionOffset + (length * 4) + opcode.Bytes.Length + 4;
for (int i = 0; i < length; i++)
{
int index = (i + 1) * sizeof(int);
int roffset = BitConverter.ToInt32(rawoperand, index);
offsets[i] = roffset + nextOffset;
}
return(offsets);
case OperandType.InstructionTarget:
return(BitConverter.ToInt32(rawoperand, 0) + instructionOffset + opcode.Bytes.Length + sizeof(int));
case OperandType.ShortInstructionTarget:
return(ASMGlobals.ByteToSByte(rawoperand[0]) + instructionOffset + opcode.Bytes.Length + sizeof(byte));
case OperandType.Int8:
return(ASMGlobals.ByteToSByte(rawoperand[0]));
case OperandType.Int32:
return(BitConverter.ToInt32(rawoperand, 0));
case OperandType.Int64:
return(BitConverter.ToInt64(rawoperand, 0));
case OperandType.Token:
case OperandType.Field:
case OperandType.Method:
case OperandType.Type:
uint metadata = BitConverter.ToUInt32(rawoperand, 0);
try
{
object operand = TokenResolver.ResolveMember(metadata);
if (operand is ISpecification)
{
operand = (operand as ISpecification).TransformWith(MethodBody.Method);
}
return(operand);
}
catch { return(new TypeReference(string.Empty, "TOKEN:" + metadata.ToString("X8"), null)); }
case OperandType.ShortVariable:
VariableDefinition varDef = GetVariable(rawoperand[0]);
if (varDef == null)
{
return(rawoperand[0]);
}
return(varDef);
case OperandType.Variable:
varDef = GetVariable(BitConverter.ToInt16(rawoperand, 0));
if (varDef == null)
{
return(rawoperand[0]);
}
return(varDef);
case OperandType.Signature:
return(BitConverter.ToInt32(rawoperand, 0));
case OperandType.String:
return(TokenResolver.ResolveString(BitConverter.ToUInt32(rawoperand, 0)));
}
}
catch { }
return(null);
}