예제 #1
0
        internal DWORD e_lfanew;                           // File address of new exe header
        internal static IMAGE_DOS_HEADER FromBinaryReader(BinaryReader reader)
        {
            IMAGE_DOS_HEADER ret = new IMAGE_DOS_HEADER();

            try
            {
                ret.e_magic = reader.ReadUInt16();                                     // Magic number
                if (ret.e_magic != IMAGE_DOS_SIGNATURE)
                {
                    return(null);
                }
                ret.e_cblp     = reader.ReadUInt16();                                 // Bytes on last page of file
                ret.e_cp       = reader.ReadUInt16();                                 // Pages in file
                ret.e_crlc     = reader.ReadUInt16();                                 // Relocations
                ret.e_cparhdr  = reader.ReadUInt16();                                 // Size of header in paragraphs
                ret.e_minalloc = reader.ReadUInt16();                                 // Minimum extra paragraphs needed
                ret.e_maxalloc = reader.ReadUInt16();                                 // Maximum extra paragraphs needed
                ret.e_ss       = reader.ReadUInt16();                                 // Initial (relative) SS value
                ret.e_sp       = reader.ReadUInt16();                                 // Initial SP value
                ret.e_csum     = reader.ReadUInt16();                                 // Checksum
                ret.e_ip       = reader.ReadUInt16();                                 // Initial IP value
                ret.e_cs       = reader.ReadUInt16();                                 // Initial (relative) CS value
                ret.e_lfarlc   = reader.ReadUInt16();                                 // File address of relocation table
                ret.e_ovno     = reader.ReadUInt16();                                 // Overlay number
                for (int i = 0; i < 4; i++)
                {
                    ret.e_res[i] = reader.ReadUInt16();
                }
                ret.e_oemid   = reader.ReadUInt16();
                ret.e_oeminfo = reader.ReadUInt16();

                for (int i = 0; i < 10; i++)
                {
                    ret.e_res2[i] = reader.ReadUInt16();
                }
                ret.e_lfanew = reader.ReadUInt32();
            }
            catch
            {
                return(null);
            }
            return(ret);
        }
예제 #2
0
 internal static Win32ExeHeader FromBinaryReader(BinaryReader reader)
 {
     try
     {
         long startPosition = reader.BaseStream.Position;
         long length        = reader.BaseStream.Length - startPosition;
         if (length < 0x1000)
         {
             return(null);
         }
         Win32ExeHeader ret = new Win32ExeHeader();
         ret.DosHeader = IMAGE_DOS_HEADER.FromBinaryReader(reader);
         if (ret.DosHeader == null)
         {
             return(null);
         }
         if (ret.DosHeader.e_lfanew <= 0)
         {
             return(ret);
         }
         reader.BaseStream.Seek(startPosition + ret.DosHeader.e_lfanew, SeekOrigin.Begin);
         ret.NtHeader = IMAGE_NT_HEADERS.FromBinaryReader(reader);
         if (ret.NtHeader == null)
         {
             return(null);
         }
         IMAGE_SECTION_HEADER section = IMAGE_SECTION_HEADER.FromBinaryReader(reader);
         while (section != null)
         {
             ret.SectionHeaders.Add(section);
             section = IMAGE_SECTION_HEADER.FromBinaryReader(reader);
         }
         return(ret);
     }
     catch
     {
         return(null);
     }
 }