public void OptionalHeader()
{
var oh = new OptionalHeader();
oh.PEMagic = PEMagic.NT32;
oh.Subsystem = Subsystem.WindowsCUI;
oh.DllCharacteristics = DllCharacteristics.TerminalServerAware;
Assert.AreEqual("NT32 WindowsCUI TerminalServerAware", oh.ToString());
}
public void OptionalHeader_EmptyDataDirectories()
{
var oh = new OptionalHeader();
oh.PEMagic = PEMagic.NT32;
oh.Subsystem = Subsystem.WindowsCUI;
oh.DllCharacteristics = DllCharacteristics.TerminalServerAware;
oh.NumberOfRvaAndSizes = 4;
Assert.AreEqual("NT32 WindowsCUI TerminalServerAware", oh.ToString());
}
public OptionalHeaderModel(OptionalHeader optionalHeader, PEHeaderModel peHeader)
: base("Optional header")
{
this.optionalHeader = optionalHeader;
BindAddressToPEHeader(peHeader);
this.Address = peHeader.Address + peHeader.Length;
UpdateLength();
UpdateDataFromPEMagic();
this.m_DataDirectories = new ReadOnlyObservableCollection<DataDirectoryModel>(coreDataDirectories);
UpdateDataDirectories();
}
public void OptionalHeader_NonEmptyDataDirectories()
{
var oh = new OptionalHeader();
oh.PEMagic = PEMagic.NT32;
oh.Subsystem = Subsystem.WindowsCUI;
oh.DllCharacteristics = DllCharacteristics.TerminalServerAware;
oh.NumberOfRvaAndSizes = 4;
oh.DataDirectories = new DataDirectory[4];
oh.DataDirectories[0] = new DataDirectory { Size = 5 };
oh.DataDirectories[1] = new DataDirectory { Size = 6 };
oh.DataDirectories[2] = new DataDirectory { Size = 100 };
oh.DataDirectories[3] = new DataDirectory { VirtualAddress = 10, Size = 20 };
Assert.AreEqual("NT32 WindowsCUI TerminalServerAware DataDirectories[ExportSymbols,ImportSymbols,Resources,Exception]", oh.ToString());
}
public OptionalHeaderData64(OptionalHeader optionalHeader)
: base(optionalHeader)
{
}
static void WriteOptionalHeader(OptionalHeader optionalHeader, BinaryStreamWriter writer)
{
writer.WriteUInt16((ushort)optionalHeader.PEMagic);
writer.WriteByte(optionalHeader.MajorLinkerVersion);
writer.WriteByte(optionalHeader.MinorLinkerVersion);
writer.WriteUInt32(optionalHeader.SizeOfCode);
writer.WriteUInt32(optionalHeader.SizeOfInitializedData);
writer.WriteUInt32(optionalHeader.SizeOfUninitializedData);
writer.WriteUInt32(optionalHeader.AddressOfEntryPoint);
writer.WriteUInt32(optionalHeader.BaseOfCode);
if (optionalHeader.PEMagic == PEMagic.NT32)
{
writer.WriteUInt32(optionalHeader.BaseOfData);
writer.WriteUInt32(checked((uint)optionalHeader.ImageBase));
}
else
{
writer.WriteUInt64(optionalHeader.ImageBase);
}
writer.WriteUInt32(optionalHeader.SectionAlignment);
writer.WriteUInt32(optionalHeader.FileAlignment);
writer.WriteUInt16(optionalHeader.MajorOperatingSystemVersion);
writer.WriteUInt16(optionalHeader.MinorOperatingSystemVersion);
writer.WriteUInt16(optionalHeader.MajorImageVersion);
writer.WriteUInt16(optionalHeader.MinorImageVersion);
writer.WriteUInt16(optionalHeader.MajorSubsystemVersion);
writer.WriteUInt16(optionalHeader.MinorSubsystemVersion);
writer.WriteUInt32(optionalHeader.Win32VersionValue);
writer.WriteUInt32(optionalHeader.SizeOfImage);
writer.WriteUInt32(optionalHeader.SizeOfHeaders);
writer.WriteUInt32(optionalHeader.CheckSum);
writer.WriteUInt16((ushort)optionalHeader.Subsystem);
writer.WriteUInt16((ushort)optionalHeader.DllCharacteristics);
if (optionalHeader.PEMagic == PEMagic.NT32)
{
writer.WriteUInt32(checked((uint)optionalHeader.SizeOfStackReserve));
writer.WriteUInt32(checked((uint)optionalHeader.SizeOfStackCommit));
writer.WriteUInt32(checked((uint)optionalHeader.SizeOfHeapReserve));
writer.WriteUInt32(checked((uint)optionalHeader.SizeOfHeapCommit));
}
else
{
writer.WriteUInt64(optionalHeader.SizeOfStackReserve);
writer.WriteUInt64(optionalHeader.SizeOfStackCommit);
writer.WriteUInt64(optionalHeader.SizeOfHeapReserve);
writer.WriteUInt64(optionalHeader.SizeOfHeapCommit);
}
writer.WriteUInt32(optionalHeader.LoaderFlags);
writer.WriteUInt32(optionalHeader.NumberOfRvaAndSizes);
for (int i = 0; i < optionalHeader.DataDirectories.Length; i++)
{
writer.WriteUInt32(optionalHeader.DataDirectories[i].VirtualAddress);
writer.WriteUInt32(optionalHeader.DataDirectories[i].Size);
}
}
public OptionalHeaderData(OptionalHeader optionalHeader)
{
this.optionalHeader = optionalHeader;
}
public DataDirectoryModel(OptionalHeader optionalHeader, DataDirectoryKind dataDirectoryKind)
{
this.optionalHeader = optionalHeader;
this.m_Kind = dataDirectoryKind;
}
static void AssertOptionalHeader(OptionalHeader optionalHeader)
{
Assert.AreEqual((byte)8, optionalHeader.MajorLinkerVersion);
Assert.AreEqual((byte)0, optionalHeader.MinorLinkerVersion);
Assert.AreEqual((uint)0, optionalHeader.SizeOfUninitializedData);
Assert.AreEqual((uint)8192, optionalHeader.BaseOfCode);
Assert.AreEqual((uint)0x400000, optionalHeader.ImageBase);
Assert.AreEqual((uint)8192, optionalHeader.SectionAlignment);
Assert.AreEqual((uint)512, optionalHeader.FileAlignment);
Assert.AreEqual((ushort)4, optionalHeader.MajorOperatingSystemVersion);
Assert.AreEqual((ushort)0, optionalHeader.MinorOperatingSystemVersion);
Assert.AreEqual((ushort)0, optionalHeader.MajorImageVersion);
Assert.AreEqual((ushort)0, optionalHeader.MinorImageVersion);
Assert.AreEqual((ushort)4, optionalHeader.MajorSubsystemVersion);
Assert.AreEqual((ushort)0, optionalHeader.MinorSubsystemVersion);
Assert.AreEqual((uint)0, optionalHeader.Win32VersionValue);
Assert.AreEqual((uint)512, optionalHeader.SizeOfHeaders);
Assert.AreEqual((uint)0, optionalHeader.CheckSum);
Assert.AreEqual(Subsystem.WindowsCUI, optionalHeader.Subsystem);
Assert.AreEqual(DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible | DllCharacteristics.NoSEH | DllCharacteristics.TerminalServerAware, optionalHeader.DllCharacteristics);
Assert.AreEqual((uint)0x100000, optionalHeader.SizeOfHeapReserve);
Assert.AreEqual((uint)0, optionalHeader.LoaderFlags);
Assert.AreEqual((uint)16, optionalHeader.NumberOfRvaAndSizes);
}
public static OptionalHeader Read(Stream stream, ushort optionalHeaderSize)
{
var optionalHeader = new OptionalHeader();
optionalHeader.PEMagic = ReadPEMagic(stream);
optionalHeader.MajorLinkerVersion = stream.CheckedReadByte("reading major linker version in optional PE header");
optionalHeader.MinorLinkerVersion = stream.CheckedReadByte("reading minor linker version in optional PE header");
optionalHeader.SizeOfCode = stream.CheckedReadInt32("reading size of code field in optional PE header");
optionalHeader.SizeOfInitializedData = stream.CheckedReadInt32("reading size of initialized data field in optional PE header");
optionalHeader.SizeOfUninitializedData = stream.CheckedReadInt32("reading size of uninitalized data field in optional PE header");
optionalHeader.AddressOfEntryPoint = stream.CheckedReadInt32("reading RVA of entry point in optional PE header");
optionalHeader.BaseOfCode = stream.CheckedReadInt32("reading base of code field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.BaseOfData = stream.CheckedReadInt32("reading base of data field in optional PE header");
optionalHeader.ImageBase = stream.CheckedReadUInt32("reading (32-bit) image base field in optional PE header");
}
else
{
optionalHeader.ImageBase = stream.CheckedReadUInt64("reading (64-bit) image base field in optional PE header");
}
optionalHeader.SectionAlignment = stream.CheckedReadInt32("reading section alignment field in optional PE header");
optionalHeader.FileAlignment = stream.CheckedReadUInt32("reading file alignment field in optional PE header");
optionalHeader.MajorOperatingSystemVersion = stream.CheckedReadUInt16("reading major operting system version field in optional PE header");
optionalHeader.MinorOperatingSystemVersion = stream.CheckedReadUInt16("reading minor operating system version field in optional PE header");
optionalHeader.MajorImageVersion = stream.CheckedReadUInt16("reading major image version field in optional PE header");
optionalHeader.MinorImageVersion = stream.CheckedReadUInt16("reading minor image version field in optional PE header");
optionalHeader.MajorSubsystemVersion = stream.CheckedReadUInt16("reading major subsystem version field in optional PE header");
optionalHeader.MinorSubsystemVersion = stream.CheckedReadUInt16("reading minor subsystem version field in optional PE header");
optionalHeader.Win32VersionValue = stream.CheckedReadUInt32("reading Win32Version (reserved) field in optional PE header");
optionalHeader.SizeOfImage = stream.CheckedReadInt32("reading size of image field in optional PE header");
optionalHeader.SizeOfHeaders = stream.CheckedReadInt32("reading size of headers field in optional PE header");
optionalHeader.CheckSum = stream.CheckedReadUInt32("reading checksum field in optional PE header");
optionalHeader.Subsystem = (Subsystem)stream.CheckedReadUInt16("reading subsystem field in optional PE header");
optionalHeader.DllCharacteristics = (DllCharacteristics)stream.CheckedReadUInt16("reading DLL characteristics field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt32("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt32("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt32("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt32("reading size of heap commit field in optional PE header");
}
else
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt64("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt64("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt64("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt64("reading size of heap commit field in optional PE header");
}
optionalHeader.LoaderFlags = stream.CheckedReadUInt32("reading loader flags field in optional PE header");
optionalHeader.NumberOfRvaAndSizes = stream.CheckedReadInt32("reading NumberOfRvaAndSizes field in optional PE header");
uint readHeaderSize = optionalHeader.PEMagic == PEMagic.NT32 ?
ReadHeaderSizes.OptionalHeader32 :
ReadHeaderSizes.OptionalHeader64;
if (optionalHeader.NumberOfRvaAndSizes > 0)
{
var directories = new DataDirectory[optionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < directories.Length; i++)
{
directories[i] = new DataDirectory
{
VirtualAddress = stream.CheckedReadUInt32("reading virtual address field of PE data directory structure"),
Size = stream.CheckedReadUInt32("reading size field of PE data directory structure")
};
}
optionalHeader.DataDirectories = directories;
}
return optionalHeader;
}
public static OptionalHeader Read(Stream stream, ushort optionalHeaderSize)
{
var optionalHeader = new OptionalHeader();
optionalHeader.PEMagic = ReadPEMagic(stream);
optionalHeader.MajorLinkerVersion = stream.CheckedReadByte("reading major linker version in optional PE header");
optionalHeader.MinorLinkerVersion = stream.CheckedReadByte("reading minor linker version in optional PE header");
optionalHeader.SizeOfCode = stream.CheckedReadInt32("reading size of code field in optional PE header");
optionalHeader.SizeOfInitializedData = stream.CheckedReadInt32("reading size of initialized data field in optional PE header");
optionalHeader.SizeOfUninitializedData = stream.CheckedReadInt32("reading size of uninitalized data field in optional PE header");
optionalHeader.AddressOfEntryPoint = stream.CheckedReadInt32("reading RVA of entry point in optional PE header");
optionalHeader.BaseOfCode = stream.CheckedReadInt32("reading base of code field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.BaseOfData = stream.CheckedReadInt32("reading base of data field in optional PE header");
optionalHeader.ImageBase = stream.CheckedReadUInt32("reading (32-bit) image base field in optional PE header");
}
else
{
optionalHeader.ImageBase = stream.CheckedReadUInt64("reading (64-bit) image base field in optional PE header");
}
optionalHeader.SectionAlignment = stream.CheckedReadInt32("reading section alignment field in optional PE header");
optionalHeader.FileAlignment = stream.CheckedReadUInt32("reading file alignment field in optional PE header");
optionalHeader.MajorOperatingSystemVersion = stream.CheckedReadUInt16("reading major operting system version field in optional PE header");
optionalHeader.MinorOperatingSystemVersion = stream.CheckedReadUInt16("reading minor operating system version field in optional PE header");
optionalHeader.MajorImageVersion = stream.CheckedReadUInt16("reading major image version field in optional PE header");
optionalHeader.MinorImageVersion = stream.CheckedReadUInt16("reading minor image version field in optional PE header");
optionalHeader.MajorSubsystemVersion = stream.CheckedReadUInt16("reading major subsystem version field in optional PE header");
optionalHeader.MinorSubsystemVersion = stream.CheckedReadUInt16("reading minor subsystem version field in optional PE header");
optionalHeader.Win32VersionValue = stream.CheckedReadUInt32("reading Win32Version (reserved) field in optional PE header");
optionalHeader.SizeOfImage = stream.CheckedReadInt32("reading size of image field in optional PE header");
optionalHeader.SizeOfHeaders = stream.CheckedReadInt32("reading size of headers field in optional PE header");
optionalHeader.CheckSum = stream.CheckedReadUInt32("reading checksum field in optional PE header");
optionalHeader.Subsystem = (Subsystem)stream.CheckedReadUInt16("reading subsystem field in optional PE header");
optionalHeader.DllCharacteristics = (DllCharacteristics)stream.CheckedReadUInt16("reading DLL characteristics field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt32("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt32("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt32("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt32("reading size of heap commit field in optional PE header");
}
else
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt64("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt64("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt64("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt64("reading size of heap commit field in optional PE header");
}
optionalHeader.LoaderFlags = stream.CheckedReadUInt32("reading loader flags field in optional PE header");
optionalHeader.NumberOfRvaAndSizes = stream.CheckedReadInt32("reading NumberOfRvaAndSizes field in optional PE header");
uint readHeaderSize = optionalHeader.PEMagic == PEMagic.NT32 ?
ReadHeaderSizes.OptionalHeader32 :
ReadHeaderSizes.OptionalHeader64;
if (optionalHeader.NumberOfRvaAndSizes > 0)
{
var directories = new DataDirectory[optionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < directories.Length; i++)
{
directories[i] = new DataDirectory
{
VirtualAddress = stream.CheckedReadUInt32("reading virtual address field of PE data directory structure"),
Size = stream.CheckedReadUInt32("reading size field of PE data directory structure")
};
}
optionalHeader.DataDirectories = directories;
}
return(optionalHeader);
}