예제 #1
0
        public ImageFileHeaderVM(object owner, HexBuffer buffer, HexPosition startOffset)
            : base(owner)
        {
            MachineVM = new UInt16FlagsHexField(buffer, Name, "Machine", startOffset + 0);
            MachineVM.Add(new IntegerHexBitField("Machine", 0, 16, MachineInfos));
            NumberOfSectionsVM = new UInt16HexField(buffer, Name, "NumberOfSections", startOffset + 2);
            TimeDateStampVM    = new UInt32HexField(buffer, Name, "TimeDateStamp", startOffset + 4);
            TimeDateStampVM.DataFieldVM.PropertyChanged += (s, e) => OnPropertyChanged(nameof(TimeDateStampString));
            PointerToSymbolTableVM = new UInt32HexField(buffer, Name, "PointerToSymbolTable", startOffset + 8);
            NumberOfSymbolsVM      = new UInt32HexField(buffer, Name, "NumberOfSymbols", startOffset + 0x0C);
            SizeOfOptionalHeaderVM = new UInt16HexField(buffer, Name, "SizeOfOptionalHeader", startOffset + 0x10);
            CharacteristicsVM      = new UInt16FlagsHexField(buffer, Name, "Characteristics", startOffset + 0x12);
            CharacteristicsVM.Add(new BooleanHexBitField("Relocs Stripped", 0));
            CharacteristicsVM.Add(new BooleanHexBitField("Executable Image", 1));
            CharacteristicsVM.Add(new BooleanHexBitField("Line Nums Stripped", 2));
            CharacteristicsVM.Add(new BooleanHexBitField("Local Syms Stripped", 3));
            CharacteristicsVM.Add(new BooleanHexBitField("Aggressive WS Trim", 4));
            CharacteristicsVM.Add(new BooleanHexBitField("Large Address Aware", 5));
            CharacteristicsVM.Add(new BooleanHexBitField("Reserved 0040h", 6));
            CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Lo", 7));
            CharacteristicsVM.Add(new BooleanHexBitField("32-Bit Machine", 8));
            CharacteristicsVM.Add(new BooleanHexBitField("Debug Stripped", 9));
            CharacteristicsVM.Add(new BooleanHexBitField("Removable Run From Swap", 10));
            CharacteristicsVM.Add(new BooleanHexBitField("Net Run From Swap", 11));
            CharacteristicsVM.Add(new BooleanHexBitField("System", 12));
            CharacteristicsVM.Add(new BooleanHexBitField("Dll", 13));
            CharacteristicsVM.Add(new BooleanHexBitField("Up System Only", 14));
            CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Hi", 15));

            hexFields = new HexField[] {
                MachineVM,
                NumberOfSectionsVM,
                TimeDateStampVM,
                PointerToSymbolTableVM,
                NumberOfSymbolsVM,
                SizeOfOptionalHeaderVM,
                CharacteristicsVM,
            };
        }
예제 #2
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 0) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new BooleanHexBitField("Setter", 0));
				field.Add(new BooleanHexBitField("Getter", 1));
				field.Add(new BooleanHexBitField("Other", 2));
				field.Add(new BooleanHexBitField("AddOn", 3));
				field.Add(new BooleanHexBitField("RemoveOn", 4));
				field.Add(new BooleanHexBitField("Fire", 5));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #3
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 0) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new BooleanHexBitField("NoMangle", 0));
				field.Add(new IntegerHexBitField("CharSet", 1, 2, CharSetInfos));
				field.Add(new IntegerHexBitField("BestFit", 4, 2, BestFitInfos));
				field.Add(new BooleanHexBitField("SupportsLastError", 6));
				field.Add(new IntegerHexBitField("CallConv", 8, 3, CallConvInfos));
				field.Add(new IntegerHexBitField("ThrowOnUnmappableChar", 12, 2, ThrowOnUnmappableCharInfos));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #4
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 0) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new BooleanHexBitField("In", 0));
				field.Add(new BooleanHexBitField("Out", 1));
				field.Add(new BooleanHexBitField("Optional", 4));
				field.Add(new BooleanHexBitField("HasDefault", 12));
				field.Add(new BooleanHexBitField("HasFieldMarshal", 13));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #5
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 0) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new BooleanHexBitField("SpecialName", 9));
				field.Add(new BooleanHexBitField("RTSpecialName", 10));
				field.Add(new BooleanHexBitField("HasDefault", 12));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #6
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 1) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new IntegerHexBitField("CodeType", 0, 2, CodeTypeInfos));
				field.Add(new IntegerHexBitField("ManagedType", 2, 1, ManagedInfos));
				field.Add(new BooleanHexBitField("NoInlining", 3));
				field.Add(new BooleanHexBitField("ForwardRef", 4));
				field.Add(new BooleanHexBitField("Synchronized", 5));
				field.Add(new BooleanHexBitField("NoOptimization", 6));
				field.Add(new BooleanHexBitField("PreserveSig", 7));
				field.Add(new BooleanHexBitField("AggressiveInlining", 8));
				field.Add(new BooleanHexBitField("InternalCall", 12));
				return field;
			}
			else if (colInfo.Index == 2) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new IntegerHexBitField("Access", 0, 3, AccessInfos));
				field.Add(new BooleanHexBitField("UnmanagedExport", 3));
				field.Add(new BooleanHexBitField("Static", 4));
				field.Add(new BooleanHexBitField("Final", 5));
				field.Add(new BooleanHexBitField("Virtual", 6));
				field.Add(new BooleanHexBitField("HideBySig", 7));
				field.Add(new IntegerHexBitField("VtableLayout", 8, 1, VtableLayoutInfos));
				field.Add(new BooleanHexBitField("CheckAccessOnOverride", 9));
				field.Add(new BooleanHexBitField("Abstract", 10));
				field.Add(new BooleanHexBitField("SpecialName", 11));
				field.Add(new BooleanHexBitField("RTSpecialName", 12));
				field.Add(new BooleanHexBitField("PinvokeImpl", 13));
				field.Add(new BooleanHexBitField("HasSecurity", 14));
				field.Add(new BooleanHexBitField("RequireSecObject", 15));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #7
0
		protected override HexField CreateField(ColumnInfo colInfo) {
			if (colInfo.Index == 0) {
				var field = new UInt16FlagsHexField(mdVM.Document, Name, colInfo.Name, StartOffset + (uint)colInfo.Offset);
				field.Add(new IntegerHexBitField("Access", 0, 3, AccessInfos));
				field.Add(new BooleanHexBitField("Static", 4));
				field.Add(new BooleanHexBitField("InitOnly", 5));
				field.Add(new BooleanHexBitField("Literal", 6));
				field.Add(new BooleanHexBitField("NotSerialized", 7));
				field.Add(new BooleanHexBitField("HasFieldRVA", 8));
				field.Add(new BooleanHexBitField("SpecialName", 9));
				field.Add(new BooleanHexBitField("RTSpecialName", 10));
				field.Add(new BooleanHexBitField("HasFieldMarshal", 12));
				field.Add(new BooleanHexBitField("PinvokeImpl", 13));
				field.Add(new BooleanHexBitField("HasDefault", 15));
				return field;
			}
			return base.CreateField(colInfo);
		}
예제 #8
0
		internal static UInt16FlagsHexField CreateGenericParamAttributesField(ColumnInfo colInfo, HexDocument doc, string name, ulong startOffset) {
			var field = new UInt16FlagsHexField(doc, name, colInfo.Name, startOffset + (uint)colInfo.Offset);
			field.Add(new IntegerHexBitField("Variance", 0, 2, VarianceInfos));
			field.Add(new BooleanHexBitField("Reference", 2));
			field.Add(new BooleanHexBitField("Struct", 3));
			field.Add(new BooleanHexBitField("Default ctor", 4));
			return field;
		}
예제 #9
0
		protected ImageOptionalHeaderVM(object owner, HexBuffer buffer, HexPosition startOffset, HexPosition endOffset, ulong offs1, ulong offs2)
			: base(owner) {
			MagicVM = new UInt16HexField(buffer, Name, "Magic", startOffset + 0);
			MajorLinkerVersionVM = new ByteHexField(buffer, Name, "MajorLinkerVersion", startOffset + 2, true);
			MinorLinkerVersionVM = new ByteHexField(buffer, Name, "MinorLinkerVersion", startOffset + 3, true);
			SizeOfCodeVM = new UInt32HexField(buffer, Name, "SizeOfCode", startOffset + 4);
			SizeOfInitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfInitializedData", startOffset + 8);
			SizeOfUninitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfUninitializedData", startOffset + 0x0C);
			AddressOfEntryPointVM = new UInt32HexField(buffer, Name, "AddressOfEntryPoint", startOffset + 0x10);
			BaseOfCodeVM = new UInt32HexField(buffer, Name, "BaseOfCode", startOffset + 0x14);

			SectionAlignmentVM = new UInt32HexField(buffer, Name, "SectionAlignment", startOffset + offs1 + 0);
			FileAlignmentVM = new UInt32HexField(buffer, Name, "FileAlignment", startOffset + offs1 + 4);
			MajorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
			MinorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
			MajorImageVersionVM = new UInt16HexField(buffer, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
			MinorImageVersionVM = new UInt16HexField(buffer, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
			MajorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
			MinorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
			Win32VersionValueVM = new UInt32HexField(buffer, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
			SizeOfImageVM = new UInt32HexField(buffer, Name, "SizeOfImage", startOffset + offs1 + 0x18);
			SizeOfHeadersVM = new UInt32HexField(buffer, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
			CheckSumVM = new UInt32HexField(buffer, Name, "CheckSum", startOffset + offs1 + 0x20);
			SubsystemVM = new UInt16FlagsHexField(buffer, Name, "Subsystem", startOffset + offs1 + 0x24);
			SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
			DllCharacteristicsVM = new UInt16FlagsHexField(buffer, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
			DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
			DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
			DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
			DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
			DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
			DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
			DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
			DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
			DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
			LoaderFlagsVM = new UInt32HexField(buffer, Name, "LoaderFlags", startOffset + offs2 + 0);
			NumberOfRvaAndSizesVM = new UInt32HexField(buffer, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);

			ulong doffs = offs2 + 8;
			DataDir0VM = new DataDirVM(buffer, Name, "Export", startOffset + doffs + 0);
			DataDir1VM = new DataDirVM(buffer, Name, "Import", startOffset + doffs + 8);
			DataDir2VM = new DataDirVM(buffer, Name, "Resource", startOffset + doffs + 0x10);
			DataDir3VM = new DataDirVM(buffer, Name, "Exception", startOffset + doffs + 0x18);
			DataDir4VM = new DataDirVM(buffer, Name, "Security", startOffset + doffs + 0x20);
			DataDir5VM = new DataDirVM(buffer, Name, "Base Reloc", startOffset + doffs + 0x28);
			DataDir6VM = new DataDirVM(buffer, Name, "Debug", startOffset + doffs + 0x30);
			DataDir7VM = new DataDirVM(buffer, Name, "Architecture", startOffset + doffs + 0x38);
			DataDir8VM = new DataDirVM(buffer, Name, "Global Ptr", startOffset + doffs + 0x40);
			DataDir9VM = new DataDirVM(buffer, Name, "TLS", startOffset + doffs + 0x48);
			DataDir10VM = new DataDirVM(buffer, Name, "Load Config", startOffset + doffs + 0x50);
			DataDir11VM = new DataDirVM(buffer, Name, "Bound Import", startOffset + doffs + 0x58);
			DataDir12VM = new DataDirVM(buffer, Name, "IAT", startOffset + doffs + 0x60);
			DataDir13VM = new DataDirVM(buffer, Name, "Delay Import", startOffset + doffs + 0x68);
			DataDir14VM = new DataDirVM(buffer, Name, ".NET", startOffset + doffs + 0x70);
			DataDir15VM = new DataDirVM(buffer, Name, "Reserved15", startOffset + doffs + 0x78);
		}
예제 #10
0
        protected ImageOptionalHeaderVM(object owner, HexBuffer buffer, HexPosition startOffset, HexPosition endOffset, ulong offs1, ulong offs2)
            : base(owner)
        {
            MagicVM = new UInt16HexField(buffer, Name, "Magic", startOffset + 0);
            MajorLinkerVersionVM      = new ByteHexField(buffer, Name, "MajorLinkerVersion", startOffset + 2, true);
            MinorLinkerVersionVM      = new ByteHexField(buffer, Name, "MinorLinkerVersion", startOffset + 3, true);
            SizeOfCodeVM              = new UInt32HexField(buffer, Name, "SizeOfCode", startOffset + 4);
            SizeOfInitializedDataVM   = new UInt32HexField(buffer, Name, "SizeOfInitializedData", startOffset + 8);
            SizeOfUninitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfUninitializedData", startOffset + 0x0C);
            AddressOfEntryPointVM     = new UInt32HexField(buffer, Name, "AddressOfEntryPoint", startOffset + 0x10);
            BaseOfCodeVM              = new UInt32HexField(buffer, Name, "BaseOfCode", startOffset + 0x14);

            SectionAlignmentVM            = new UInt32HexField(buffer, Name, "SectionAlignment", startOffset + offs1 + 0);
            FileAlignmentVM               = new UInt32HexField(buffer, Name, "FileAlignment", startOffset + offs1 + 4);
            MajorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
            MinorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
            MajorImageVersionVM           = new UInt16HexField(buffer, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
            MinorImageVersionVM           = new UInt16HexField(buffer, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
            MajorSubsystemVersionVM       = new UInt16HexField(buffer, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
            MinorSubsystemVersionVM       = new UInt16HexField(buffer, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
            Win32VersionValueVM           = new UInt32HexField(buffer, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
            SizeOfImageVM   = new UInt32HexField(buffer, Name, "SizeOfImage", startOffset + offs1 + 0x18);
            SizeOfHeadersVM = new UInt32HexField(buffer, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
            CheckSumVM      = new UInt32HexField(buffer, Name, "CheckSum", startOffset + offs1 + 0x20);
            SubsystemVM     = new UInt16FlagsHexField(buffer, Name, "Subsystem", startOffset + offs1 + 0x24);
            SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
            DllCharacteristicsVM = new UInt16FlagsHexField(buffer, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
            DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
            DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
            DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
            DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
            DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
            DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
            DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
            DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
            DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
            LoaderFlagsVM         = new UInt32HexField(buffer, Name, "LoaderFlags", startOffset + offs2 + 0);
            NumberOfRvaAndSizesVM = new UInt32HexField(buffer, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);

            ulong doffs = offs2 + 8;

            DataDir0VM  = new DataDirVM(buffer, Name, "Export", startOffset + doffs + 0);
            DataDir1VM  = new DataDirVM(buffer, Name, "Import", startOffset + doffs + 8);
            DataDir2VM  = new DataDirVM(buffer, Name, "Resource", startOffset + doffs + 0x10);
            DataDir3VM  = new DataDirVM(buffer, Name, "Exception", startOffset + doffs + 0x18);
            DataDir4VM  = new DataDirVM(buffer, Name, "Security", startOffset + doffs + 0x20);
            DataDir5VM  = new DataDirVM(buffer, Name, "Base Reloc", startOffset + doffs + 0x28);
            DataDir6VM  = new DataDirVM(buffer, Name, "Debug", startOffset + doffs + 0x30);
            DataDir7VM  = new DataDirVM(buffer, Name, "Architecture", startOffset + doffs + 0x38);
            DataDir8VM  = new DataDirVM(buffer, Name, "Global Ptr", startOffset + doffs + 0x40);
            DataDir9VM  = new DataDirVM(buffer, Name, "TLS", startOffset + doffs + 0x48);
            DataDir10VM = new DataDirVM(buffer, Name, "Load Config", startOffset + doffs + 0x50);
            DataDir11VM = new DataDirVM(buffer, Name, "Bound Import", startOffset + doffs + 0x58);
            DataDir12VM = new DataDirVM(buffer, Name, "IAT", startOffset + doffs + 0x60);
            DataDir13VM = new DataDirVM(buffer, Name, "Delay Import", startOffset + doffs + 0x68);
            DataDir14VM = new DataDirVM(buffer, Name, ".NET", startOffset + doffs + 0x70);
            DataDir15VM = new DataDirVM(buffer, Name, "Reserved15", startOffset + doffs + 0x78);
        }