public void Read(ReaderContext ctxt, BlobReader reader, bool isFat, Func<OpCode, Row, object> resolveRow) { if (isFat) { Flags = (CorILExceptionClause)reader.ReadUInt32(); TryOffset = (int)reader.ReadUInt32(); TryLength = (int)reader.ReadUInt32(); HandlerOffset = (int)reader.ReadUInt32(); HandlerLength = (int)reader.ReadUInt32(); } else { Flags = (CorILExceptionClause)reader.ReadUInt16(); TryOffset = (int)reader.ReadUInt16(); TryLength = (int)reader.ReadByte(); HandlerOffset = (int)reader.ReadUInt16(); HandlerLength = (int)reader.ReadByte(); } var rowRef = default(TokenRef); rowRef.Read(ctxt, reader); rowRef.ResolveIndexes(ctxt); Class = rowRef.Value == null ? null : resolveRow(OpCode.Ldobj, rowRef.Value); if (Flags == CorILExceptionClause.Filter) FilterOffset = (int)reader.ReadUInt32(); }
public void Read(ReaderContext ctxt, BlobReader reader) { if (reader.RemainingBytes < Size) throw new PEException("missing DOSHeader"); var actualPrefix = reader.ReadBytes((uint)prefix.Length); if (!EqualBytes(actualPrefix, prefix)) throw new PEException("invalid DOSHeader.Prefix"); LfaNew.Read(reader); if (LfaNew.Offset < Size) throw new PEException("invalid DOSHeader.LfaNew"); var actualSuffix = reader.ReadBytes((uint)suffix.Length); if (!EqualBytes(actualSuffix, suffix)) throw new PEException("invalid DOSHeader.Suffix"); Final = reader.ReadUInt32(); if (ctxt.Tracer != null) LfaNew.Append(ctxt, "DOSHeader.LfaNew"); }
// // Phase 0: File headers // public ReaderContext(string fileName, Writer tracer) { Tracer = tracer; FileName = fileName; try { // Ideally next two lines would be atomic LastWriteTime = File.GetLastWriteTimeUtc(fileName); var data = File.ReadAllBytes(FileName); fileReader = new BlobReader(data); } catch (IOException e) { throw new PEException("unable to load file: " + e.Message); } OffsetToStringCache = new Map<uint, string>(); StringToOffsetCache = new Map<string, uint>(); OffsetToUserStringCache = new Map<uint, string>(); UserStringToOffsetCache = new Map<string, uint>(); OffsetToSignatureCache = new Map<uint, Signature>(); SignatureToOffsetCache = new Map<Signature, uint>(); }
public void Read(ReaderContext ctxt, BlobReader reader) { if (reader == null) Fixups = new VtableFixup[0]; else { var initOffset = reader.Offset; var n = 0; while (!reader.AtEndOfBlob) { VtableFixup.Skip(reader); n++; } reader.Offset = initOffset; Fixups = new VtableFixup[n]; for (var i = 0; i < n; i++) Fixups[i].Read(ctxt, reader); } }
public static void Skip(BlobReader reader) { reader.Offset += StructSize; }
public void Read(ReaderContext ctxt, BlobReader reader) { var initOffset = reader.Offset; var n = 0; while (!reader.AtEndOfBlob) { FixupBlock.Skip(reader); n++; } Blocks = new FixupBlock[n]; reader.Offset = initOffset; for (var i = 0; i < n; i++) Blocks[i].Read(ctxt, reader); }
public static void Skip(BlobReader reader) { reader.Offset += 4; var blockSize = reader.ReadUInt32(); reader.Offset += blockSize - 8; }
public void Read(ReaderContext ctxt, BlobReader reader) { var actualHint = reader.ReadUInt16(); if (actualHint != hint) throw new PEException("invalid HintNameTable.Hint"); Name = reader.ReadAsciiZeroTerminatedString(1); if (!Name.Equals(ExeHintName, StringComparison.Ordinal) && !Name.Equals(DllHintName, StringComparison.Ordinal)) throw new PEException("invalid HintNameTable.Name"); }
public void Read(ReaderContext ctxt, BlobReader reader) { ImportLookupTable.Read(reader); var actualDateTimeStamp = reader.ReadUInt32(); if (actualDateTimeStamp != dateTimeStamp) throw new PEException("invalid ImportTable.DateTimeStamp"); var actualForwarderChain = reader.ReadUInt32(); if (actualForwarderChain != forwarderChain) throw new PEException("invalid ImportTable.ForwarderChain"); Name.Read(reader); ImportAddressTable.Read(reader); reader.Pad(paddingBytes); }
public void Read(ReaderContext ctxt, BlobReader reader, uint beginOffset, Func<OpCode, Row, object> resolveRow) { Offset = (int)(reader.Offset - beginOffset); OpCode = (OpCode)reader.ReadByte(); if (OpCode == OpCode.Prefix1) OpCode = (OpCode)((ushort)OpCode << 8 | reader.ReadByte()); Value = default(object); switch (OpCode) { case OpCode.Nop: case OpCode.Break: case OpCode.Ldarg_0: case OpCode.Ldarg_1: case OpCode.Ldarg_2: case OpCode.Ldarg_3: case OpCode.Ldloc_0: case OpCode.Ldloc_1: case OpCode.Ldloc_2: case OpCode.Ldloc_3: case OpCode.Stloc_0: case OpCode.Stloc_1: case OpCode.Stloc_2: case OpCode.Stloc_3: case OpCode.Ldnull: case OpCode.Ldc_i4_m1: case OpCode.Ldc_i4_0: case OpCode.Ldc_i4_1: case OpCode.Ldc_i4_2: case OpCode.Ldc_i4_3: case OpCode.Ldc_i4_4: case OpCode.Ldc_i4_5: case OpCode.Ldc_i4_6: case OpCode.Ldc_i4_7: case OpCode.Ldc_i4_8: case OpCode.Dup: case OpCode.Pop: case OpCode.Ret: case OpCode.Ldind_i1: case OpCode.Ldind_u1: case OpCode.Ldind_i2: case OpCode.Ldind_u2: case OpCode.Ldind_i4: case OpCode.Ldind_u4: case OpCode.Ldind_i8: case OpCode.Ldind_i: case OpCode.Ldind_r4: case OpCode.Ldind_r8: case OpCode.Ldind_ref: case OpCode.Stind_ref: case OpCode.Stind_i1: case OpCode.Stind_i2: case OpCode.Stind_i4: case OpCode.Stind_i8: case OpCode.Stind_r4: case OpCode.Stind_r8: case OpCode.Add: case OpCode.Sub: case OpCode.Mul: case OpCode.Div: case OpCode.Div_un: case OpCode.Rem: case OpCode.Rem_un: case OpCode.And: case OpCode.Or: case OpCode.Xor: case OpCode.Shl: case OpCode.Shr: case OpCode.Shr_un: case OpCode.Neg: case OpCode.Not: case OpCode.Conv_i1: case OpCode.Conv_i2: case OpCode.Conv_i4: case OpCode.Conv_i8: case OpCode.Conv_r4: case OpCode.Conv_r8: case OpCode.Conv_u4: case OpCode.Conv_u8: case OpCode.Conv_r_un: case OpCode.Throw: case OpCode.Conv_ovf_i1_un: case OpCode.Conv_ovf_i2_un: case OpCode.Conv_ovf_i4_un: case OpCode.Conv_ovf_i8_un: case OpCode.Conv_ovf_u1_un: case OpCode.Conv_ovf_u2_un: case OpCode.Conv_ovf_u4_un: case OpCode.Conv_ovf_u8_un: case OpCode.Conv_ovf_i_un: case OpCode.Conv_ovf_u_un: case OpCode.Ldlen: case OpCode.Ldelem_i1: case OpCode.Ldelem_u1: case OpCode.Ldelem_i2: case OpCode.Ldelem_u2: case OpCode.Ldelem_i4: case OpCode.Ldelem_u4: case OpCode.Ldelem_i8: case OpCode.Ldelem_i: case OpCode.Ldelem_r4: case OpCode.Ldelem_r8: case OpCode.Ldelem_ref: case OpCode.Stelem_i: case OpCode.Stelem_i1: case OpCode.Stelem_i2: case OpCode.Stelem_i4: case OpCode.Stelem_i8: case OpCode.Stelem_r4: case OpCode.Stelem_r8: case OpCode.Stelem_ref: case OpCode.Conv_ovf_i1: case OpCode.Conv_ovf_u1: case OpCode.Conv_ovf_i2: case OpCode.Conv_ovf_u2: case OpCode.Conv_ovf_i4: case OpCode.Conv_ovf_u4: case OpCode.Conv_ovf_i8: case OpCode.Conv_ovf_u8: case OpCode.Ckfinite: case OpCode.Conv_u2: case OpCode.Conv_u1: case OpCode.Conv_i: case OpCode.Conv_ovf_i: case OpCode.Conv_ovf_u: case OpCode.Add_ovf: case OpCode.Add_ovf_un: case OpCode.Mul_ovf: case OpCode.Mul_ovf_un: case OpCode.Sub_ovf: case OpCode.Sub_ovf_un: case OpCode.Endfinally: case OpCode.Stind_i: case OpCode.Conv_u: case OpCode.Prefix7: case OpCode.Prefix6: case OpCode.Prefix5: case OpCode.Prefix4: case OpCode.Prefix3: case OpCode.Prefix2: case OpCode.Prefix1: case OpCode.Prefixref: case OpCode.Arglist: case OpCode.Ceq: case OpCode.Cgt: case OpCode.Cgt_un: case OpCode.Clt: case OpCode.Clt_un: case OpCode.Localloc: case OpCode.Endfilter: case OpCode.Volatile: case OpCode.Tailcall: case OpCode.Cpblk: case OpCode.Initblk: case OpCode.Rethrow: case OpCode.Refanytype: case OpCode.Readonly: break; case OpCode.Br: case OpCode.Brfalse: case OpCode.Brtrue: case OpCode.Beq: case OpCode.Bge: case OpCode.Bgt: case OpCode.Ble: case OpCode.Blt: case OpCode.Bne_un: case OpCode.Bge_un: case OpCode.Bgt_un: case OpCode.Ble_un: case OpCode.Blt_un: case OpCode.Leave: { // NOTE: Delta is w.r.t. start of next instruction var delta = reader.ReadInt32(); Value = (int)(reader.Offset - beginOffset) + delta; } break; case OpCode.Br_s: case OpCode.Brfalse_s: case OpCode.Brtrue_s: case OpCode.Beq_s: case OpCode.Bge_s: case OpCode.Bgt_s: case OpCode.Ble_s: case OpCode.Blt_s: case OpCode.Bne_un_s: case OpCode.Bge_un_s: case OpCode.Bgt_un_s: case OpCode.Ble_un_s: case OpCode.Blt_un_s: case OpCode.Leave_s: { var delta = reader.ReadSByte(); Value = (int)(reader.Offset - beginOffset) + delta; } break; case OpCode.Ldc_i4_s: Value = (int)reader.ReadSByte(); break; case OpCode.Unaligned: case OpCode.Ldarg_s: case OpCode.Ldarga_s: case OpCode.Starg_s: case OpCode.Ldloc_s: case OpCode.Ldloca_s: case OpCode.Stloc_s: Value = (int)reader.ReadByte(); break; case OpCode.Ldc_i4: Value = reader.ReadInt32(); break; case OpCode.Ldarg: case OpCode.Ldarga: case OpCode.Starg: case OpCode.Ldloc: case OpCode.Ldloca: case OpCode.Stloc: Value = (int)reader.ReadUInt32(); break; case OpCode.Ldc_i8: Value = reader.ReadInt64(); break; case OpCode.Ldc_r4: Value = reader.ReadSingle(); break; case OpCode.Ldc_r8: Value = reader.ReadDouble(); break; case OpCode.Ldstr: Value = ReadUserString(ctxt, reader); break; case OpCode.Switch: { var numTargets = (int)reader.ReadUInt32(); var targets = new Seq<int>(numTargets); // Read as offsets from end of switch, then fixup to offsets from start of instructions for (var i = 0; i < numTargets; i++) targets.Add(reader.ReadInt32()); for (var i = 0; i < numTargets; i++) targets[i] = (int)(reader.Offset - beginOffset) + targets[i]; Value = targets; } break; case OpCode.Calli: case OpCode.Ldfld: case OpCode.Ldflda: case OpCode.Stfld: case OpCode.Ldsfld: case OpCode.Ldsflda: case OpCode.Stsfld: case OpCode.Jmp: case OpCode.Call: case OpCode.Callvirt: case OpCode.Newobj: case OpCode.Ldftn: case OpCode.Ldvirtftn: case OpCode.Ldtoken: case OpCode.Cpobj: case OpCode.Ldobj: case OpCode.Castclass: case OpCode.Isinst: case OpCode.Unbox: case OpCode.Stobj: case OpCode.Box: case OpCode.Newarr: case OpCode.Ldelema: case OpCode.Ldelem: case OpCode.Stelem: case OpCode.Unbox_any: case OpCode.Refanyval: case OpCode.Mkrefany: case OpCode.Initobj: case OpCode.Constrained: case OpCode.Sizeof: Value = resolveRow(OpCode, ReadToken(ctxt, reader)); break; default: throw new PEException("unrecognised opcode"); } }
private static string ReadUserString(ReaderContext ctxt, BlobReader reader) { var strref = default(UserStringRef); strref.Read(ctxt, reader); strref.ResolveIndexes(ctxt); return strref.Value; }
private static Row ReadToken(ReaderContext ctxt, BlobReader reader) { var rowRef = default(TokenRef); rowRef.Read(ctxt, reader); rowRef.ResolveIndexes(ctxt); return rowRef.Value; }
private bool ReadMethodDataSection(ReaderContext ctxt, BlobReader reader, Func<OpCode, Row, object> resolveRow) { reader.Align(4); var flags = (CorILMethodSect)reader.ReadByte(); if ((flags & CorILMethodSect.EHTable) == 0) throw new PEException("unrecognised method data section"); var isFat = (flags & CorILMethodSect.FatFormat) != 0; var count = default(uint); if (isFat) { var size = reader.ReadUInt24(); if (size < 4 || (size - 4) % 24 != 0) throw new InvalidOperationException("invalid method data section"); count = (size - 4) / 24; } else { var size = (uint)reader.ReadByte(); // NOTE: Looks live VB emits size without including the 4 byte header... if (size < 4 || (size - 4) % 12 != 0) throw new InvalidOperationException("invalid method data section"); var padding = reader.ReadUInt16(); if (padding != 0) throw new PEException("unexpected data"); count = (size - 4) / 12; } for (var i = 0; i < count; i++) { var c = new ExceptionHandlingClause(); c.Read(ctxt, reader, isFat, resolveRow); ExceptionHandlingClauses.Add(c); } return (flags & CorILMethodSect.MoreSects) != 0; }
public void Read(ReaderContext ctxt, BlobReader reader, Func<OpCode, Row, object> resolveRow) { ExceptionHandlingClauses = new Seq<ExceptionHandlingClause>(); var firstByte = reader.ReadByte(); var formatKind = (CorILMethod)(firstByte & 0x3); var bodySize = default(uint); var more = default(bool); switch (formatKind) { case CorILMethod.TinyFormat: { MaxStack = 8; bodySize = (uint)(firstByte >> 2); break; } case CorILMethod.FatFormat: { var secondByte = reader.ReadByte(); var flags = (CorILMethod)(((ushort)(secondByte & 0x7) << 8) | (ushort)firstByte); IsInitLocals = (flags & CorILMethod.InitLocals) != 0; var headerSize = (secondByte >> 4) & 0x7; if (headerSize != 3) throw new PEException("unexpected method body header size"); MaxStack = (int)reader.ReadUInt16(); bodySize = reader.ReadUInt32(); LocalVarRef.Read(ctxt, reader); LocalVarRef.ResolveIndexes(ctxt); more = (flags & CorILMethod.MoreSects) != 0; break; } default: throw new InvalidOperationException("invalid method body format"); } if (bodySize > 0) { var beginOffset = reader.Offset; var endOffset = reader.Offset + bodySize; var n = 0; while (reader.Offset < endOffset) { n++; Instruction.Skip(reader); } reader.Offset = beginOffset; Instructions = new Instruction[n]; for (var i = 0; i < n; i++) Instructions[i].Read(ctxt, reader, beginOffset, resolveRow); } while (more) more = ReadMethodDataSection(ctxt, reader, resolveRow); }
public BlobReader(BlobReader outer, uint offset) : this(outer.data, outer.baseOffset + offset, outer.dataLimit, outer.readLimit) { }
public void Read(ReaderContext ctxt, BlobReader reader) { if (reader.RemainingBytes < Size) throw new PEException("missig PEOptionalHeader"); StandardFields.Read(ctxt, reader); NTSpecificFields.Read(ctxt, reader); DataDirectories.Read(ctxt, reader); }
public static void Skip(BlobReader reader) { var opCode = (OpCode)reader.ReadByte(); if (opCode == OpCode.Prefix1) opCode = (OpCode)((ushort)opCode << 8 | reader.ReadByte()); switch (opCode) { case OpCode.Nop: case OpCode.Break: case OpCode.Ldarg_0: case OpCode.Ldarg_1: case OpCode.Ldarg_2: case OpCode.Ldarg_3: case OpCode.Ldloc_0: case OpCode.Ldloc_1: case OpCode.Ldloc_2: case OpCode.Ldloc_3: case OpCode.Stloc_0: case OpCode.Stloc_1: case OpCode.Stloc_2: case OpCode.Stloc_3: case OpCode.Ldnull: case OpCode.Ldc_i4_m1: case OpCode.Ldc_i4_0: case OpCode.Ldc_i4_1: case OpCode.Ldc_i4_2: case OpCode.Ldc_i4_3: case OpCode.Ldc_i4_4: case OpCode.Ldc_i4_5: case OpCode.Ldc_i4_6: case OpCode.Ldc_i4_7: case OpCode.Ldc_i4_8: case OpCode.Dup: case OpCode.Pop: case OpCode.Ret: case OpCode.Ldind_i1: case OpCode.Ldind_u1: case OpCode.Ldind_i2: case OpCode.Ldind_u2: case OpCode.Ldind_i4: case OpCode.Ldind_u4: case OpCode.Ldind_i8: case OpCode.Ldind_i: case OpCode.Ldind_r4: case OpCode.Ldind_r8: case OpCode.Ldind_ref: case OpCode.Stind_ref: case OpCode.Stind_i1: case OpCode.Stind_i2: case OpCode.Stind_i4: case OpCode.Stind_i8: case OpCode.Stind_r4: case OpCode.Stind_r8: case OpCode.Add: case OpCode.Sub: case OpCode.Mul: case OpCode.Div: case OpCode.Div_un: case OpCode.Rem: case OpCode.Rem_un: case OpCode.And: case OpCode.Or: case OpCode.Xor: case OpCode.Shl: case OpCode.Shr: case OpCode.Shr_un: case OpCode.Neg: case OpCode.Not: case OpCode.Conv_i1: case OpCode.Conv_i2: case OpCode.Conv_i4: case OpCode.Conv_i8: case OpCode.Conv_r4: case OpCode.Conv_r8: case OpCode.Conv_u4: case OpCode.Conv_u8: case OpCode.Conv_r_un: case OpCode.Throw: case OpCode.Conv_ovf_i1_un: case OpCode.Conv_ovf_i2_un: case OpCode.Conv_ovf_i4_un: case OpCode.Conv_ovf_i8_un: case OpCode.Conv_ovf_u1_un: case OpCode.Conv_ovf_u2_un: case OpCode.Conv_ovf_u4_un: case OpCode.Conv_ovf_u8_un: case OpCode.Conv_ovf_i_un: case OpCode.Conv_ovf_u_un: case OpCode.Ldlen: case OpCode.Ldelem_i1: case OpCode.Ldelem_u1: case OpCode.Ldelem_i2: case OpCode.Ldelem_u2: case OpCode.Ldelem_i4: case OpCode.Ldelem_u4: case OpCode.Ldelem_i8: case OpCode.Ldelem_i: case OpCode.Ldelem_r4: case OpCode.Ldelem_r8: case OpCode.Ldelem_ref: case OpCode.Stelem_i: case OpCode.Stelem_i1: case OpCode.Stelem_i2: case OpCode.Stelem_i4: case OpCode.Stelem_i8: case OpCode.Stelem_r4: case OpCode.Stelem_r8: case OpCode.Stelem_ref: case OpCode.Conv_ovf_i1: case OpCode.Conv_ovf_u1: case OpCode.Conv_ovf_i2: case OpCode.Conv_ovf_u2: case OpCode.Conv_ovf_i4: case OpCode.Conv_ovf_u4: case OpCode.Conv_ovf_i8: case OpCode.Conv_ovf_u8: case OpCode.Ckfinite: case OpCode.Conv_u2: case OpCode.Conv_u1: case OpCode.Conv_i: case OpCode.Conv_ovf_i: case OpCode.Conv_ovf_u: case OpCode.Add_ovf: case OpCode.Add_ovf_un: case OpCode.Mul_ovf: case OpCode.Mul_ovf_un: case OpCode.Sub_ovf: case OpCode.Sub_ovf_un: case OpCode.Endfinally: case OpCode.Stind_i: case OpCode.Conv_u: case OpCode.Prefix7: case OpCode.Prefix6: case OpCode.Prefix5: case OpCode.Prefix4: case OpCode.Prefix3: case OpCode.Prefix2: case OpCode.Prefix1: case OpCode.Prefixref: case OpCode.Arglist: case OpCode.Ceq: case OpCode.Cgt: case OpCode.Cgt_un: case OpCode.Clt: case OpCode.Clt_un: case OpCode.Localloc: case OpCode.Endfilter: case OpCode.Volatile: case OpCode.Tailcall: case OpCode.Cpblk: case OpCode.Initblk: case OpCode.Rethrow: case OpCode.Refanytype: case OpCode.Readonly: break; case OpCode.Br_s: case OpCode.Brfalse_s: case OpCode.Brtrue_s: case OpCode.Beq_s: case OpCode.Bge_s: case OpCode.Bgt_s: case OpCode.Ble_s: case OpCode.Blt_s: case OpCode.Bne_un_s: case OpCode.Bge_un_s: case OpCode.Bgt_un_s: case OpCode.Ble_un_s: case OpCode.Blt_un_s: case OpCode.Leave_s: case OpCode.Ldc_i4_s: reader.ReadSByte(); break; case OpCode.Unaligned: case OpCode.Ldarg_s: case OpCode.Ldarga_s: case OpCode.Starg_s: case OpCode.Ldloc_s: case OpCode.Ldloca_s: case OpCode.Stloc_s: reader.ReadByte(); break; case OpCode.Br: case OpCode.Brfalse: case OpCode.Brtrue: case OpCode.Beq: case OpCode.Bge: case OpCode.Bgt: case OpCode.Ble: case OpCode.Blt: case OpCode.Bne_un: case OpCode.Bge_un: case OpCode.Bgt_un: case OpCode.Ble_un: case OpCode.Blt_un: case OpCode.Leave: case OpCode.Ldc_i4: reader.ReadInt32(); break; case OpCode.Ldfld: case OpCode.Ldflda: case OpCode.Stfld: case OpCode.Ldsfld: case OpCode.Ldsflda: case OpCode.Stsfld: case OpCode.Calli: case OpCode.Ldstr: case OpCode.Ldtoken: case OpCode.Cpobj: case OpCode.Ldobj: case OpCode.Castclass: case OpCode.Isinst: case OpCode.Unbox: case OpCode.Stobj: case OpCode.Box: case OpCode.Newarr: case OpCode.Ldelema: case OpCode.Ldelem: case OpCode.Stelem: case OpCode.Unbox_any: case OpCode.Refanyval: case OpCode.Mkrefany: case OpCode.Initobj: case OpCode.Constrained: case OpCode.Sizeof: case OpCode.Ldarg: case OpCode.Ldarga: case OpCode.Starg: case OpCode.Ldloc: case OpCode.Ldloca: case OpCode.Stloc: case OpCode.Jmp: case OpCode.Call: case OpCode.Callvirt: case OpCode.Newobj: case OpCode.Ldftn: case OpCode.Ldvirtftn: reader.ReadUInt32(); break; case OpCode.Ldc_i8: reader.ReadInt64(); break; case OpCode.Ldc_r4: reader.ReadSingle(); break; case OpCode.Ldc_r8: reader.ReadDouble(); break; case OpCode.Switch: { var numTargets = (int)reader.ReadUInt32(); for (var i = 0; i < numTargets; i++) reader.ReadInt32(); break; } default: throw new PEException("unrecognised opcode"); } }
public void Read(ReaderContext ctxt, BlobReader reader) { var name = reader.ReadAsciiZeroPaddedString(8); if (string.IsNullOrEmpty(name)) throw new PEException("invalid SectionHeader.Name"); if (name.Equals(".text", StringComparison.Ordinal)) Section = Section.Text; else if (name.Equals(".rsrc", StringComparison.Ordinal)) Section = Section.Rsrc; else if (name.Equals(".reloc", StringComparison.Ordinal)) Section = Section.Reloc; else throw new PEException("invalid SectionHeader.Name"); VirtualSize = reader.ReadUInt32(); VirtualAddress = reader.ReadUInt32(); SizeOfRawData = reader.ReadUInt32(); // NOTE: Virtual size may be less than raw data size if (VirtualSize > SizeOfRawData) // Need to support readers with implicit zero padding at end throw new NotImplementedException(); PointerToRawData.Read(reader); PointerToRelocations = reader.ReadUInt32(); var actualPointerToLinenumbers = reader.ReadUInt32(); if (actualPointerToLinenumbers != pointerToLinenumbers) throw new PEException("invalid SectionHeader.PointerToLinenumbers"); NumberOfRelocations = reader.ReadUInt16(); var actualNumberOfLinenumbers = reader.ReadUInt16(); if (actualNumberOfLinenumbers != numberOfLinenumbers) throw new PEException("invalid SectionHeader.NumberOfLinenumbers"); Characteristics = (ImageSectionCharacteristics)reader.ReadUInt32(); if (ctxt.Tracer != null) { ctxt.Tracer.AppendLine("SectionHeader {"); ctxt.Tracer.Indent(); ctxt.Tracer.AppendLine(String.Format("Name: {0}", Section.ToString())); ctxt.Tracer.AppendLine(String.Format("VirtualSize: {0:x8}", VirtualSize)); ctxt.Tracer.AppendLine(String.Format("VirtualAddress: {0:x8}", VirtualAddress)); ctxt.Tracer.AppendLine(String.Format("SizeOfRawData: {0:x8}", SizeOfRawData)); PointerToRawData.Append(ctxt, "PointerToRawData"); ctxt.Tracer.Outdent(); ctxt.Tracer.AppendLine("}"); } }
public BlobReader(BlobReader outer, uint offset, uint dataLimit, uint readLimit) : this(outer.data, outer.baseOffset + offset, outer.baseOffset + dataLimit, outer.baseOffset + readLimit) { }
public void Read(ReaderContext ctxt, BlobReader reader) { HintNameTable.Read(reader); if (HintNameTable.Address >> 31 != 0) throw new PEException("invalid ImportLookupTable/ImportAddressTable.HintNameTable"); var actualPadding = reader.ReadUInt32(); if (actualPadding != padding) throw new PEException("invalid ImportLookupTable/ImportAddressTable.Padding"); }
public void Read(ReaderContext ctxt, BlobReader reader) { Offset.Read(reader); Size = reader.ReadUInt32(); Name = reader.ReadAsciiZeroTerminatedString(4); if (string.IsNullOrEmpty(Name)) throw new PEException("invalid StreamHeader.Name"); }
public void Read(ReaderContext ctxt, BlobReader reader) { var word = reader.ReadUInt16(); Type = (ImageRelocation)(word >> 12); Offset = (ushort)(word & 0xFFF); }
public void Read(ReaderContext ctxt, BlobReader reader) { var actualSignature = reader.ReadUInt32(); if (actualSignature != signature) throw new PEException("invalid MetadataHeader.Signature"); MajorVersion = reader.ReadUInt16(); MinorVersion = reader.ReadUInt16(); var actualReserved = reader.ReadUInt32(); if (actualReserved != reserved) throw new PEException("invalid MetadataHeader.Reserved"); Version = reader.ReadUTF8SizedZeroPaddedString(4); var actualFlags = reader.ReadUInt16(); if (actualFlags != flags) throw new PEException("invalid MetadataHeader.Flags"); var numStreams = reader.ReadUInt16(); StreamHeaders = new StreamHeader[numStreams]; for (var i = 0; i < numStreams; i++) StreamHeaders[i].Read(ctxt, reader); }
public void Read(ReaderContext ctxt, BlobReader reader) { Page = reader.ReadUInt32(); if ((Page & 0xfff) != 0) throw new PEException("invalid FixupBlock.Page"); var blockSize = reader.ReadUInt32(); var numFixupEntries = (blockSize - 8)/ FixupEntry.Size; Entries = new FixupEntry[(int)numFixupEntries]; for (var i = 0; i < numFixupEntries; i++) Entries[i].Read(ctxt, reader); reader.Align(4); }
public void Read(ReaderContext ctxt, BlobReader reader) { if (reader.RemainingBytes < Size) throw new PEException("missing PEFileHeader"); var actualPrefix = reader.ReadUInt32(); if (actualPrefix != prefix) throw new PEException("invalid PEFileHeader.Prefix"); var actualMachine = reader.ReadUInt16(); if (actualMachine != machine) throw new PEException("invalid PEFileHeader.Machine"); var actualNumberOfSections = reader.ReadUInt16(); if (actualNumberOfSections != NumberOfSections) throw new PEException("invalid PEFileHeader.NumberOfSections"); var seconds = reader.ReadUInt32(); DateTimeStamp = nineteenSeventy.AddSeconds((double)seconds); var actualPointerToSymbolTable = reader.ReadUInt32(); if (actualPointerToSymbolTable != pointerToSymbolTable) throw new PEException("invalid PEFileHeader.PointerToSymbolTable"); var actualNumberOfSymbols = reader.ReadUInt32(); if (actualNumberOfSymbols != numberOfSymbols) throw new PEException("invalid PEFileHeader.NumberOfSymbols"); var actualOptionalHeaderSize = reader.ReadUInt16(); if (actualOptionalHeaderSize != PEOptionalHeader.Size) throw new PEException("invalid PEFileHeader.OptionalHeaderSize"); Flags = (ImageFileFlags)reader.ReadUInt16(); var check = Flags & ~ImageFileFlags.DLL; if ((check & setFlags) != setFlags) throw new PEException("invalid PEFileHeader.Flags"); if ((check & clearFlags) != 0) throw new PEException("invalid PEFileHeader.Flags"); }
public void Read(ReaderContext ctxt, BlobReader reader) { var actualCb = reader.ReadUInt32(); if (actualCb != cb) throw new PEException("invalid CLIHeader.ActualCb"); MajorRuntimeVersion = reader.ReadUInt16(); MinorRuntimeVersion = reader.ReadUInt16(); MetaData.Read(reader); Flags = (RuntimeFlags)reader.ReadUInt32(); EntryPointToken = reader.ReadUInt32(); Resources.Read(reader); StrongNameSignature.Read(reader); var actualCodeManagerTable = reader.ReadUInt64(); if (actualCodeManagerTable != codeManagerTable) throw new PEException("invalid CLIHeader.CodeManagerTable"); VtableFixups.Read(reader); var actualExportAddressTableJumps = reader.ReadUInt64(); if (actualExportAddressTableJumps != exportAddressTableJumps) throw new PEException("invalid CLIHeader.ExportAddressTableJumps"); var actualManagedNativeHeader = reader.ReadUInt64(); if (actualManagedNativeHeader != managedNativeHeader) throw new PEException("invalid CLIHeader.ManagedNativeHeader"); }
public RVA BaseOfData; // == start of .reloc or .rsrc section, whichever is lower public void Read(ReaderContext ctxt, BlobReader reader) { var actualMagic = reader.ReadUInt16(); if (actualMagic != magic) throw new PEException("invalid PEHeaderStandardFields.Magic"); LMajor = reader.ReadByte(); if (LMajor < lMajorLow || LMajor > lMajorHigh) throw new PEException("invalid PEHeaderStandardFields.LMajor"); var actualLMinor = reader.ReadByte(); if (actualLMinor != lMinor) throw new PEException("invalid PEHeaderStandardFields.LMinor"); CodeSize = reader.ReadUInt32(); InitializedDataSize = reader.ReadUInt32(); var actualUninitializedDataSize = reader.ReadUInt32(); if (actualUninitializedDataSize != uninitializedDataSize) throw new PEException("invalid PEHeaderStandardFields.UninitializedDataSize"); EntryPoint.Read(reader); BaseOfCode.Read(reader); BaseOfData.Read(reader); if (ctxt.Tracer != null) { ctxt.Tracer.AppendLine(String.Format("PEHeaderStandardFields.CodeSize: {0:x8}", CodeSize)); ctxt.Tracer.AppendLine (String.Format("PEHeaderStandardFields.InitializedDataSize: {0:x8}", InitializedDataSize)); } }
public void Read(ReaderContext ctxt, BlobReader reader) { VirtualAddress = reader.ReadUInt32(); Size = reader.ReadUInt16(); Type = (CorVtable)reader.ReadUInt16(); }
public void Read(ReaderContext ctxt, BlobReader reader) { ImageBase = reader.ReadUInt32(); var actualSectionAlignment = reader.ReadUInt32(); if (actualSectionAlignment != sectionAlignment) throw new PEException("invalid PEHeaderNTSpecificFields.SectionAlignment"); FileAlignment = reader.ReadUInt32(); if (FileAlignment != fileAlignment1 && FileAlignment != fileAlignment2) throw new PEException("invalid PEHeaderNTSpecificFields.FileAlignment"); var actualOSMajor = reader.ReadUInt16(); if (actualOSMajor != osMajor) throw new PEException("invalid PEHeaderNTSpecificFields.OSMajor"); var actualOSMinor = reader.ReadUInt16(); if (actualOSMinor != osMinor) throw new PEException("invalid PEHeaderNTSpecificFields.OSMinor"); var actualUserMajor = reader.ReadUInt16(); if (actualUserMajor != userMajor) throw new PEException("invalid PEHeaderNTSpecificFields.UserMajor"); var actualUserMinor = reader.ReadUInt16(); if (actualUserMinor != userMinor) throw new PEException("invalid PEHeaderNTSpecificFields.UserMinor"); var actualSubSysMajor = reader.ReadUInt16(); if (actualSubSysMajor != subSysMajor) throw new PEException("invalid PEHeaderNTSpecificFields.SubSysMajor"); var actualSubSysMinor = reader.ReadUInt16(); if (actualSubSysMinor != subSysMinor) throw new PEException("invalid PEHeaderNTSpecificFields.SubSysMinor"); var actualReserved = reader.ReadUInt32(); if (actualReserved != reserved) throw new PEException("invalid PEHeaderNTSpecificFields.Reserved"); ImageSize = reader.ReadUInt32(); if (ImageSize % sectionAlignment != 0) throw new PEException("invalid PEHeaderNTSpecificFields.ImageSize"); HeaderSize = reader.ReadUInt32(); if (HeaderSize % FileAlignment != 0) throw new PEException("invalid PEHeaderNTSpecificFields.HeaderSize"); FileChecksum = reader.ReadUInt32(); SubSystem = (SubSystem)reader.ReadUInt16(); if (SubSystem != SubSystem.WINDOWS_CUI && SubSystem != SubSystem.WINDOWS_GUI) throw new PEException("invalid PEHeaderNTSpecificFields.SubSystem"); DllFlags = reader.ReadUInt16(); var actualStackReserveSize = reader.ReadUInt32(); if (actualStackReserveSize != stackReserveSize) throw new PEException("invalid PEHeaderNTSpecificFields.StackReserveSize"); StackCommitSize = reader.ReadUInt32(); HeapReserveSize = reader.ReadUInt32(); HeapCommitSize = reader.ReadUInt32(); var actualLoaderFlags = reader.ReadUInt32(); if (actualLoaderFlags != loaderFlags) throw new PEException("invalid PEHeaderNTSpecificFields.LoaderFlags"); var actualNumberOfDataDirectories = reader.ReadUInt32(); if (actualNumberOfDataDirectories != numberOfDataDirectories) throw new PEException("invalid PEHeaderNTSpecificFields.NumberOfDataDirectories"); if (ctxt.Tracer != null) { ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.ImageBase: {0:x8}", ImageBase)); ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.ImageSize: {0:x8}", ImageSize)); ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.HeaderSize: {0:x8}", HeaderSize)); ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.FileChecksum: {0:x8}", FileChecksum)); } }
public void Read(ReaderContext ctxt, BlobReader reader) { var actualExportTable = reader.ReadUInt64(); if (actualExportTable != exportTable) throw new PEException("invalid PEHeaderDataDirecties.ExportTable"); ImportTable.Read(reader); ResourceTable.Read(reader); var actualExceptionTable = reader.ReadUInt64(); if (actualExceptionTable != exceptionTable) throw new PEException("invalid PEHeaderDataDirecties.ExceptionTable"); CertificateTable.Read(reader); BaseRelocationTable.Read(reader); Debug.Read(reader); var actualCopyright = reader.ReadUInt64(); if (actualCopyright != copyright) throw new PEException("invalid PEHeaderDataDirecties.Copyright"); var actualGlobalPtr = reader.ReadUInt64(); if (actualGlobalPtr != globalPtr) throw new PEException("invalid PEHeaderDataDirecties.GlobalPtr"); var actualTLSTable = reader.ReadUInt64(); if (actualTLSTable != tlsTable) throw new PEException("invalid PEHeaderDataDirecties.TlsTable"); var actualLoadConfigTable = reader.ReadUInt64(); if (actualLoadConfigTable != loadConfigTable) throw new PEException("invalid PEHeaderDataDirecties.LoadConfigTable"); var actualBoundImport = reader.ReadUInt64(); if (actualBoundImport != boundImport) throw new PEException("invalid PEHeaderDataDirecties.BoundImport"); IAT.Read(reader); var actualDelayImportDescriptor = reader.ReadUInt64(); if (actualDelayImportDescriptor != delayImportDescriptor) throw new PEException("invalid PEHeaderDataDirecties.DelayImportDescriptor"); CLIHeader.Read(reader); var actualReserved = reader.ReadUInt64(); if (actualReserved != reserved) throw new PEException("invalid PEHeaderDataDirecties.Reserved"); }
public override void ReadRest(ReaderContext ctxt, BlobReader reader) { if (TypeArity > 0) TypeArity = (int)reader.ReadCompressedUInt32(); var paramCount = (int)reader.ReadCompressedUInt32(); ReturnType = new TypeWithCustomMods(); ReturnType.Read(ctxt, reader); var sentinelIndex = -1; if (paramCount > 0) { var parameters = new Seq<TypeWithCustomMods>(paramCount); for (var i = 0; i < paramCount; i++) { var param = new TypeWithCustomMods(); param.Read(ctxt, reader); if (param.Type.IsSentinel) { if (CallingConvention == CallingConvention.ManagedVarArg || CallingConvention == CallingConvention.NativeC) { if (sentinelIndex > 0) throw new PEException("multiple sentinels in VARARG/C signature"); sentinelIndex = i; i--; } else throw new PEException("unexpected sentinel in non-VARARG/C signature"); } else parameters.Add(param); } Parameters = parameters; } else Parameters = Constants.EmptyTypeWithCustomMods; VarArgs = sentinelIndex < 0 ? 0 : paramCount - sentinelIndex; }