/// <summary>
/// Parse a PE.
/// </summary>
/// <param name="stream">A stream of the PE contents.</param>
private void Parse(Stream stream)
{
rawData = new byte[stream.Length];
stream.Read(rawData, 0, (int)stream.Length);
stream.Seek(0, SeekOrigin.Begin);
BinaryReader reader = new BinaryReader(stream);
dosHeader = PEUtility.FromBinaryReader <IMAGE_DOS_HEADER>(reader);
int stubSize = (int)dosHeader.e_lfanew - Marshal.SizeOf(typeof(IMAGE_DOS_HEADER));
dosStub = reader.ReadBytes(stubSize);
// Add 4 bytes to the offset
stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
ntSignature = PEUtility.FromBinaryReader <IMAGE_NT_HEADERS>(reader);
fileHeader = PEUtility.FromBinaryReader <IMAGE_FILE_HEADER>(reader);
optionalHeader = PEUtility.FromBinaryReader <IMAGE_OPTIONAL_HEADER32>(reader);
dataDirectories = PEUtility.FromBinaryReader <IMAGE_DATA_DIRECTORIES>(reader);
sections = new List <PESection>();
for (int i = 0; i < fileHeader.NumberOfSections; i++)
{
IMAGE_SECTION_HEADER header = PEUtility.FromBinaryReader <IMAGE_SECTION_HEADER>(reader);
PESection section = new PESection(header);
section.Parse(ref rawData);
sections.Add(section);
}
}
private void Parse(Stream stream)
{
rawData = new byte[stream.Length];
stream.Read(rawData, 0, (int)stream.Length);
stream.Seek(0, SeekOrigin.Begin);
BinaryReader reader = new BinaryReader(stream);
fileHeader = PEUtility.FromBinaryReader <IMAGE_FILE_HEADER>(reader);
// Read the sections
sections = new List <PESection>();
for (int i = 0; i < fileHeader.NumberOfSections; i++)
{
IMAGE_SECTION_HEADER header;
header = PEUtility.FromBinaryReader <IMAGE_SECTION_HEADER>(reader);
PESection section = new PESection(this, header);
section.Parse(ref rawData);
sections.Add(section);
}
// Read the symbol table from fileHeader.PointerToSymbolTable
symbolTable = new SymbolTable(fileHeader.NumberOfSymbols);
stream.Seek(fileHeader.PointerToSymbolTable, SeekOrigin.Begin);
for (int i = 0; i < fileHeader.NumberOfSymbols; i++)
{
IMAGE_SYMBOL symbol;
symbol = PEUtility.FromBinaryReader <IMAGE_SYMBOL>(reader);
symbolTable.AddSymbol(symbol, i);
}
uint pointerToStringTable = fileHeader.PointerToSymbolTable +
(uint)(fileHeader.NumberOfSymbols * Marshal.SizeOf(typeof(IMAGE_SYMBOL)));
stream.Seek(pointerToStringTable, SeekOrigin.Begin);
uint stringTableSize = PEUtility.FromBinaryReader <UInt32>(reader);
for (ushort i = (ushort)Marshal.SizeOf(typeof(UInt32)); i < stringTableSize;)
{
String stringEntry = PEUtility.StringFromBinaryReader(reader);
symbolTable.AddString(stringEntry, i);
i += (ushort)(stringEntry.Length + 1); // include NULL terminator
}
Console.WriteLine("Object File: {0}", sourceFile);
Console.WriteLine(symbolTable.ToString());
Console.WriteLine("Sections:");
foreach (PESection s in sections)
{
Console.WriteLine(s.ToString());
}
Console.WriteLine();
}
void ParseRelocations(ref byte[] file)
{
relocations = new List <IMAGE_RELOCATION>();
if (!HasRelocations)
{
return;
}
MemoryStream stream = new MemoryStream(file);
stream.Seek(header.PointerToRelocations, SeekOrigin.Begin);
BinaryReader reader = new BinaryReader(stream);
for (int i = 0; i < header.NumberOfRelocations; i++)
{
IMAGE_RELOCATION reloc;
reloc = PEUtility.FromBinaryReader <IMAGE_RELOCATION>(reader);
relocations.Add(reloc);
}
}