private void LoadImports() { importDataDir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Import]; if (importDataDir.TargetOffset.FileOffset != 0) { offsetConverter = new OffsetConverter(importDataDir.Section); image.SetOffset(importDataDir.TargetOffset.FileOffset); LibraryReference libraryRef = null; while (true) { libraryRef = ReadLibraryImport(); if (libraryRef == null) { break; } else { foreach (ImportMethod method in libraryRef.ImportMethods) { method.ParentLibrary = libraryRef; } imports.Add(libraryRef); } } } }
private static OffsetConverter CreateConverter(LWin32 assembly, ulong offset, int type) { OffsetConverter converter; switch (type) { case 2: converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset)); break; case 3: converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly._ntHeader.OptionalHeader.ImageBase))); break; default: // case 1: converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset)); break; } if (converter.TargetSection == null) { converter = new OffsetConverter(assembly); } return(converter); }
public MSILAssembler(MethodBody methodBody) { this.MethodBody = methodBody; _disassembler = new MSILDisassembler(methodBody); _image = methodBody.Method._netheader._assembly.Image; _offsetConverter = new OffsetConverter(Section.GetSectionByRva(methodBody.Method._netheader._assembly, methodBody.Method.RVA)); _bodyOffset = _offsetConverter.RvaToFileOffset(methodBody.Method.RVA) + methodBody.HeaderSize; _tokenResolver = methodBody.Method._netheader.TokenResolver; }
public MSILDisassembler(MethodBody body) { MethodBody = body; Section section = Section.GetSectionByRva(body.Method._netheader._assembly, body.Method.RVA); _ilOffset = new OffsetConverter(section).RvaToFileOffset(body.Method.RVA) + (uint)body.HeaderSize; _reader = section.ParentAssembly._peImage.Reader; TokenResolver = new MetaDataTokenResolver(body.Method._netheader); }
/// <summary> /// Creates an instance of an offset by specifying a virtual address that is relative to a section. /// </summary> /// <param name="rva">The relative virtual address.</param> /// <param name="assembly">The assembly containing the offset.</param> /// <returns></returns> public static Offset FromRva(uint rva, LWin32 assembly) { if (rva == 0) { return(new Offset(0, 0, 0)); } if (assembly == null) { return(new Offset(0, rva, 0)); } OffsetConverter offsetconverter = CreateConverter(assembly, rva, 2); return(new Offset(offsetconverter.RvaToFileOffset(rva), rva, offsetconverter.RvaToVa(rva))); }
/// <summary> /// Creates an instance of an offset by specifying a virtual address. /// </summary> /// <param name="va">The virtual address.</param> /// <param name="assembly">The assembly containing the offset.</param> /// <returns></returns> public static Offset FromVa(ulong va, LWin32 assembly) { if (va == 0) { return(new Offset(0, 0, 0)); } if (assembly == null) { return(new Offset(0, 0, va)); } OffsetConverter offsetconverter = CreateConverter(assembly, va, 3); return(new Offset(offsetconverter.VaToFileOffset(va), offsetconverter.VaToRva(va), va)); }
/// <summary> /// Creates an instance of an offset by specifying a raw offset. /// </summary> /// <param name="rawoffset">The file offset.</param> /// <param name="assembly">The assembly containing the offset.</param> /// <returns></returns> public static Offset FromFileOffset(uint rawoffset, LWin32 assembly) { if (rawoffset == 0) { return(new Offset(0, 0, 0)); } if (assembly == null) { return(new Offset(rawoffset, 0, 0)); } OffsetConverter offsetconverter = CreateConverter(assembly, rawoffset, 1); return(new Offset(rawoffset, offsetconverter.FileOffsetToRva(rawoffset), offsetconverter.FileOffsetToVa(rawoffset))); }
public void LoadData() { if (ntHeader.IsManagedAssembly) { image.Stream.Seek(ntHeader.OptionalHeader.DataDirectories[(int)DataDirectoryName.Clr]._targetOffset.FileOffset, SeekOrigin.Begin); parent._rawOffset = (uint)image.Position; parent._rawHeader = image.ReadStructure <Structures.IMAGE_COR20_HEADER>(); Section targetsection = Section.GetSectionByFileOffset(ntHeader.Sections, parent._rawOffset); offsetConverter = new OffsetConverter(targetsection); LoadDirectories(); } }
public void LoadData() { if (ntHeader.IsManagedAssembly) { image.Stream.Seek(ntHeader.OptionalHeader.DataDirectories[(int)DataDirectoryName.Clr]._targetOffset.FileOffset, SeekOrigin.Begin); parent._rawOffset = (uint)image.Position; parent._rawHeader = image.ReadStructure<Structures.IMAGE_COR20_HEADER>(); Section targetsection = Section.GetSectionByFileOffset(ntHeader.Sections, parent._rawOffset); offsetConverter = new OffsetConverter(targetsection); LoadDirectories(); } }
void LoadMetaData() { metadataRva = parent._rawHeader.MetaData.RVA; Section section = Section.GetSectionByRva(ntHeader._assembly, metadataRva); offsetConverter = new OffsetConverter(section); metadataFileOffset = offsetConverter.RvaToFileOffset(metadataRva);//= (uint)new CodeOffsetConverter(header.oheader).RVirtualToFileOffset((int)metadatavirtualoffset); metadataHeader1 = ntHeader._assembly._peImage.ReadStructure <Structures.METADATA_HEADER_1>(metadataFileOffset); byte[] versionBytes = image.ReadBytes((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1), (int)metadataHeader1.VersionLength); metadataVersionString = Encoding.ASCII.GetString(versionBytes).Trim(); metadataHeader2 = ntHeader._assembly._peImage.ReadStructure <Structures.METADATA_HEADER_2>((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1) + metadataHeader1.VersionLength); metadataStreamOffset = (uint)metadataFileOffset + (uint)sizeof(Structures.METADATA_HEADER_1) + (uint)metadataHeader1.VersionLength + (uint)sizeof(Structures.METADATA_HEADER_2); LoadMetaDataStreams(); }
private void LoadExports() { // TODO: Unnamed exports (detect exports with only an ordinal). string libraryname = header._assembly._path.Substring(header._assembly._path.LastIndexOf('\\') + 1); DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export]; if (exportdatadir._targetOffset.FileOffset == 0) { return; } image.SetOffset(exportdatadir.TargetOffset.FileOffset); exportDirectory = image.ReadStructure <Structures.IMAGE_EXPORT_DIRECTORY>(); OffsetConverter offsetConverter = new OffsetConverter(exportdatadir.Section); uint functionoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions); uint functionnameoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames); uint functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals); for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++) { image.SetOffset(functionoffset); uint functionRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameoffset); uint functionNameRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameordinaloffset); uint functionNameOrdinal = image.Reader.ReadUInt32(); string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA)); exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base))); functionoffset += 4; functionnameoffset += 4; functionnameordinaloffset += 4; } }
private void LoadExports() { // TODO: Unnamed exports (detect exports with only an ordinal). string libraryname = header._assembly._path.Substring(header._assembly._path.LastIndexOf('\\') + 1); DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export]; if (exportdatadir._targetOffset.FileOffset == 0) return; image.SetOffset(exportdatadir.TargetOffset.FileOffset); exportDirectory = image.ReadStructure<Structures.IMAGE_EXPORT_DIRECTORY>(); OffsetConverter offsetConverter = new OffsetConverter(exportdatadir.Section); uint functionoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions); uint functionnameoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames); uint functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals); for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++) { image.SetOffset(functionoffset); uint functionRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameoffset); uint functionNameRVA = image.Reader.ReadUInt32(); image.SetOffset(functionnameordinaloffset); uint functionNameOrdinal = image.Reader.ReadUInt32(); string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA)); exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base))); functionoffset += 4; functionnameoffset += 4; functionnameordinaloffset += 4; } }
private void LoadImports() { importDataDir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Import]; if (importDataDir.TargetOffset.FileOffset != 0) { offsetConverter = new OffsetConverter(importDataDir.Section); image.SetOffset(importDataDir.TargetOffset.FileOffset); LibraryReference libraryRef = null; while (true) { libraryRef = ReadLibraryImport(); if (libraryRef == null) break; else { foreach (ImportMethod method in libraryRef.ImportMethods) method.ParentLibrary = libraryRef; imports.Add(libraryRef); } } } }
void LoadMetaData() { metadataRva = parent._rawHeader.MetaData.RVA; Section section = Section.GetSectionByRva(ntHeader._assembly, metadataRva); offsetConverter = new OffsetConverter(section); metadataFileOffset = offsetConverter.RvaToFileOffset(metadataRva);//= (uint)new CodeOffsetConverter(header.oheader).RVirtualToFileOffset((int)metadatavirtualoffset); metadataHeader1 = ntHeader._assembly._peImage.ReadStructure<Structures.METADATA_HEADER_1>(metadataFileOffset); byte[] versionBytes = image.ReadBytes((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1), (int)metadataHeader1.VersionLength); metadataVersionString = Encoding.ASCII.GetString(versionBytes).Trim(); metadataHeader2 = ntHeader._assembly._peImage.ReadStructure<Structures.METADATA_HEADER_2>((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1) + metadataHeader1.VersionLength); metadataStreamOffset = (uint)metadataFileOffset + (uint)sizeof(Structures.METADATA_HEADER_1) + (uint)metadataHeader1.VersionLength + (uint)sizeof(Structures.METADATA_HEADER_2); LoadMetaDataStreams(); }
private static OffsetConverter CreateConverter(LWin32 assembly, ulong offset, int type) { OffsetConverter converter; switch (type) { case 2: converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset)); break; case 3: converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly._ntHeader.OptionalHeader.ImageBase))); break; default: // case 1: converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset)); break; } if (converter.TargetSection == null) converter = new OffsetConverter(assembly); return converter; }