public static unsafe PEinfo ExtractInfo(byte[] data)
{
PEinfo info = new PEinfo()
{
FileSize = data.Length
};
fixed(byte *array = &data[0])
{
pointer = array;
if (CheckMZSignature()) // IMAGE_DOS_HEADER.e_magic == "MZ" ?
{
MovePointerToIMAGE_NT_HEADERS_Signature();
if (CheckPESignature()) // IMAGE_NT_HEADERS.Signature == "PE" ?
{
info.NumberOfSections = GetNumberOfSections();
info.EP = AddressOfEntryPoint();
MovePointerToFirstSection();
info.Sections = ReadSections(info.NumberOfSections);
info.SizeOfHeader = info.Sections.First().RawAddress;
info.AddressOfEOF = GetAddressOfEOF(info.Sections.Last());
info.SizeOfEOF = info.FileSize - info.AddressOfEOF;
info._isPE = true;
}
}
}
return(info);
}
private void EmptyFileInfo()
{
SetFormText();
SetStatusStripPEText();
btnHeader.Enabled = btnSections.Enabled = false;
btnEof.Enabled = PEinfo.hasEOF;
PEinfo = new PEinfo();
_filesize = 0;
}
public frmSections(PEinfo info)
{
InitializeComponent();
this.sections = info.Sections;
}
private bool ExtractPeInfo(string filename, bool ManualDetection = false)
{
this.PEinfo = (GlobalDataAndMethods.Config.AutoDetectPE || ManualDetection) ? PEinfo.ExtractInfo(filename) : new PEinfo();
btnHeader.Enabled = btnSections.Enabled = PEinfo.isPE;
btnEof.Enabled = PEinfo.hasEOF;
return(PEinfo.isPE);
}
