/// <summary> /// Writes the PE header. /// </summary> /// <param name="writer">The writer.</param> private void WritePEHeader(EndianAwareBinaryWriter writer) { // Write the PE signature and headers ntHeaders.Signature = ImageNtHeaders.PE_SIGNATURE; // Prepare the file header ntHeaders.FileHeader.Machine = ImageFileHeader.IMAGE_FILE_MACHINE_I386; ntHeaders.FileHeader.NumberOfSections = CountSections(); ntHeaders.FileHeader.TimeDateStamp = (uint)(DateTime.Now - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds; ntHeaders.FileHeader.PointerToSymbolTable = 0; ntHeaders.FileHeader.NumberOfSymbols = 0; ntHeaders.FileHeader.SizeOfOptionalHeader = 0x00E0; ntHeaders.FileHeader.Characteristics = 0x010E; // FIXME: Use an enum here // Prepare the "optional" headers ntHeaders.OptionalHeader.Magic = ImageOptionalHeader.IMAGE_OPTIONAL_HEADER_MAGIC; ntHeaders.OptionalHeader.MajorLinkerVersion = 6; ntHeaders.OptionalHeader.MinorLinkerVersion = 0; ntHeaders.OptionalHeader.SizeOfCode = AlignValue(GetSectionLength(SectionKind.Text), this.sectionAlignment); ntHeaders.OptionalHeader.SizeOfInitializedData = AlignValue(GetSectionLength(SectionKind.Data) + GetSectionLength(SectionKind.ROData), this.sectionAlignment); ntHeaders.OptionalHeader.SizeOfUninitializedData = AlignValue(GetSectionLength(SectionKind.BSS), this.sectionAlignment); ntHeaders.OptionalHeader.AddressOfEntryPoint = (uint)(this.EntryPoint.VirtualAddress.ToInt64() - this.BaseAddress); ntHeaders.OptionalHeader.BaseOfCode = (uint)(GetSectionAddress(SectionKind.Text) - this.BaseAddress); long sectionAddress = GetSectionAddress(SectionKind.Data); if (sectionAddress != 0) ntHeaders.OptionalHeader.BaseOfData = (uint)(sectionAddress - this.BaseAddress); ntHeaders.OptionalHeader.ImageBase = (uint)this.BaseAddress; // FIXME: Linker Script/cmdline ntHeaders.OptionalHeader.SectionAlignment = this.sectionAlignment; // FIXME: Linker Script/cmdline ntHeaders.OptionalHeader.FileAlignment = this.fileAlignment; // FIXME: Linker Script/cmdline ntHeaders.OptionalHeader.MajorOperatingSystemVersion = 4; ntHeaders.OptionalHeader.MinorOperatingSystemVersion = 0; ntHeaders.OptionalHeader.MajorImageVersion = 0; ntHeaders.OptionalHeader.MinorImageVersion = 0; ntHeaders.OptionalHeader.MajorSubsystemVersion = 4; ntHeaders.OptionalHeader.MinorSubsystemVersion = 0; ntHeaders.OptionalHeader.Win32VersionValue = 0; ntHeaders.OptionalHeader.SizeOfImage = CalculateSizeOfImage(); ntHeaders.OptionalHeader.SizeOfHeaders = this.fileAlignment; // FIXME: Use the full header size ntHeaders.OptionalHeader.CheckSum = 0; ntHeaders.OptionalHeader.Subsystem = 0x03; ntHeaders.OptionalHeader.DllCharacteristics = 0x0540; ntHeaders.OptionalHeader.SizeOfStackReserve = 0x100000; ntHeaders.OptionalHeader.SizeOfStackCommit = 0x1000; ntHeaders.OptionalHeader.SizeOfHeapReserve = 0x100000; ntHeaders.OptionalHeader.SizeOfHeapCommit = 0x1000; ntHeaders.OptionalHeader.LoaderFlags = 0; ntHeaders.OptionalHeader.NumberOfRvaAndSizes = ImageOptionalHeader.IMAGE_NUMBEROF_DIRECTORY_ENTRIES; ntHeaders.OptionalHeader.DataDirectory = new ImageDataDirectory[ImageOptionalHeader.IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; // Populate the CIL data directory ntHeaders.OptionalHeader.DataDirectory[14].VirtualAddress = 0;// (uint)GetSymbol(CLI_HEADER.SymbolName).VirtualAddress.ToInt64(); ntHeaders.OptionalHeader.DataDirectory[14].Size = 0; // CLI_HEADER.Length; ntHeaders.Write(writer); // Write the section headers uint address = this.fileAlignment; foreach (LinkerSection section in this.sections.Values) { if (section.Length > 0) { ImageSectionHeader ish = new ImageSectionHeader(); ish.Name = section.Name; ish.VirtualSize = (uint)section.Length; ish.VirtualAddress = (uint)(section.VirtualAddress.ToInt64() - this.BaseAddress); if (section.SectionKind != SectionKind.BSS) ish.SizeOfRawData = (uint)section.Length; ish.PointerToRawData = address; ish.PointerToRelocations = 0; ish.PointerToLinenumbers = 0; ish.NumberOfRelocations = 0; ish.NumberOfLinenumbers = 0; switch (section.SectionKind) { case SectionKind.BSS: ish.Characteristics = 0x40000000 | 0x80000000 | 0x00000080; break; case SectionKind.Data: ish.Characteristics = 0x40000000 | 0x80000000 | 0x00000040; break; case SectionKind.ROData: ish.Characteristics = 0x40000000 | 0x00000040; break; case SectionKind.Text: ish.Characteristics = 0x20000000 | 0x40000000 | 0x80000000 | 0x00000020; break; } ish.Write(writer); address += (uint)section.Length; address = AlignValue(address, this.fileAlignment); } } WritePaddingToPosition(writer, this.fileAlignment); }
/// <summary> /// Writes the PE header. /// </summary> /// <param name="writer">The writer.</param> private void WritePEHeader(EndianAwareBinaryWriter writer) { // Write the PE signature and headers ntHeaders.Signature = ImageNtHeaders.PE_SIGNATURE; // Prepare the file header ntHeaders.FileHeader.Machine = ImageFileHeader.IMAGE_FILE_MACHINE_I386; ntHeaders.FileHeader.NumberOfSections = (ushort)CountNonEmptySections(); ntHeaders.FileHeader.TimeDateStamp = (uint)(DateTime.Now - new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds; ntHeaders.FileHeader.PointerToSymbolTable = 0; ntHeaders.FileHeader.NumberOfSymbols = 0; ntHeaders.FileHeader.SizeOfOptionalHeader = 0x00E0; ntHeaders.FileHeader.Characteristics = 0x010E; // Prepare the "optional" headers ntHeaders.OptionalHeader.Magic = ImageOptionalHeader.IMAGE_OPTIONAL_HEADER_MAGIC; ntHeaders.OptionalHeader.MajorLinkerVersion = 6; ntHeaders.OptionalHeader.MinorLinkerVersion = 0; ntHeaders.OptionalHeader.SizeOfCode = GetSection(SectionKind.Text).AlignedSize; ntHeaders.OptionalHeader.SizeOfInitializedData = GetSection(SectionKind.Data).AlignedSize + GetSection(SectionKind.ROData).AlignedSize; ntHeaders.OptionalHeader.SizeOfUninitializedData = GetSection(SectionKind.BSS).AlignedSize; ntHeaders.OptionalHeader.AddressOfEntryPoint = (uint)(EntryPoint.VirtualAddress - BaseAddress); ntHeaders.OptionalHeader.BaseOfCode = (uint)(GetSection(SectionKind.Text).VirtualAddress - BaseAddress); ulong sectionAddress = GetSection(SectionKind.Data).VirtualAddress; if (sectionAddress != 0) { ntHeaders.OptionalHeader.BaseOfData = (uint)(sectionAddress - BaseAddress); } ntHeaders.OptionalHeader.ImageBase = (uint)BaseAddress; ntHeaders.OptionalHeader.SectionAlignment = SectionAlignment; ntHeaders.OptionalHeader.FileAlignment = FILE_SECTION_ALIGNMENT; ntHeaders.OptionalHeader.MajorOperatingSystemVersion = 4; ntHeaders.OptionalHeader.MinorOperatingSystemVersion = 0; ntHeaders.OptionalHeader.MajorImageVersion = 0; ntHeaders.OptionalHeader.MinorImageVersion = 0; ntHeaders.OptionalHeader.MajorSubsystemVersion = 4; ntHeaders.OptionalHeader.MinorSubsystemVersion = 0; ntHeaders.OptionalHeader.Win32VersionValue = 0; ntHeaders.OptionalHeader.SizeOfImage = CalculateSizeOfImage(); ntHeaders.OptionalHeader.SizeOfHeaders = FILE_SECTION_ALIGNMENT; ntHeaders.OptionalHeader.CheckSum = 0; ntHeaders.OptionalHeader.Subsystem = 0x03; ntHeaders.OptionalHeader.DllCharacteristics = 0x0540; ntHeaders.OptionalHeader.SizeOfStackReserve = 0x100000; ntHeaders.OptionalHeader.SizeOfStackCommit = 0x1000; ntHeaders.OptionalHeader.SizeOfHeapReserve = 0x100000; ntHeaders.OptionalHeader.SizeOfHeapCommit = 0x1000; ntHeaders.OptionalHeader.LoaderFlags = 0; ntHeaders.OptionalHeader.NumberOfRvaAndSizes = ImageOptionalHeader.IMAGE_NUMBEROF_DIRECTORY_ENTRIES; ntHeaders.OptionalHeader.DataDirectory = new ImageDataDirectory[ImageOptionalHeader.IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; // Populate the CIL data directory ntHeaders.OptionalHeader.DataDirectory[14].VirtualAddress = 0; ntHeaders.OptionalHeader.DataDirectory[14].Size = 0; ntHeaders.Write(writer); foreach (var section in Sections) { if (section.Size == 0) continue; ImageSectionHeader image = new ImageSectionHeader(); image.Name = section.Name; image.VirtualSize = section.Size; image.VirtualAddress = (uint)(section.VirtualAddress - BaseAddress); image.SizeOfRawData = (section.SectionKind == SectionKind.BSS) ? 0 : section.Size; image.PointerToRawData = section.FileOffset; image.PointerToRelocations = 0; image.PointerToLinenumbers = 0; image.NumberOfRelocations = 0; image.NumberOfLinenumbers = 0; switch (section.SectionKind) { case SectionKind.BSS: image.Characteristics = 0x40000000 | 0x80000000 | 0x00000080; break; case SectionKind.Data: image.Characteristics = 0x40000000 | 0x80000000 | 0x00000040; break; case SectionKind.ROData: image.Characteristics = 0x40000000 | 0x00000040; break; case SectionKind.Text: image.Characteristics = 0x20000000 | 0x40000000 | 0x80000000 | 0x00000020; break; } image.Write(writer); } }