public MetaDataHeader(AssemblyBuffer buffer, CLRHeader clrHeader, SectionsHeaders sectionsHeaders)
{
buffer.SetIndexPointer(clrHeader.MetaData.RVA - 0x1E00);
this.Signature = buffer.ReadDWord();
this.MajorVersion = buffer.ReadWord();
this.MinorVersion = buffer.ReadWord();
this.Reserved = buffer.ReadDWord();
this.VersionLength = buffer.ReadDWord();
this.VersionString = buffer.ReadStringOfLength(this.VersionLength);
this.Flags = buffer.ReadWord();
this.NumberOfStreams = buffer.ReadWord();
this.Streams = new StreamHeader[this.NumberOfStreams];
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS] = new DefsAndRefsStream(buffer, clrHeader, this);
this.Streams[(uint)MetaDataStreamType.STRINGS] = new StringStream(buffer, clrHeader);
// These are boiler plate.
this.Streams[(uint)MetaDataStreamType.US] = new StringStream(buffer, clrHeader);
this.Streams[(uint)MetaDataStreamType.GUID] = new StringStream(buffer, clrHeader);
this.Streams[(uint)MetaDataStreamType.BLOB] = new BlobStream(buffer, clrHeader);
// There is a specific load order for each stream. Therefore I'm not going to iterate over them.
this.Streams[(uint)MetaDataStreamType.STRINGS].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.STRINGS].ProcessTables(buffer);
this.Streams[(uint)MetaDataStreamType.BLOB].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.BLOB].ProcessTables(buffer);
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS].ProcessTables(buffer);
}
public StreamHeader(AssemblyBuffer buffer, CLRHeader clrHeader)
{
this.Offset = buffer.ReadDWord();
this.Size = buffer.ReadDWord();
this.Name = buffer.ReadDwordAlignedString();
this.AbsoluteAddress = (clrHeader.MetaData.RVA - 0x1E00) + this.Offset;
}
public COFFHeader(AssemblyBuffer buffer, DOSHeader currentHeader)
{
buffer.SetIndexPointer(currentHeader.PEHeaderPointer);
this.Signature = buffer.ReadDWord();
this.Machine = buffer.ReadWord();
this.SectionCount = buffer.ReadWord();
this.TimeDataStamp = buffer.ReadDWord();
this.PointerToSymbolTable = buffer.ReadDWord();
this.NumberOfSymbols = buffer.ReadDWord();
this.SizeOfOptionalHeader = buffer.ReadWord();
this.Characteristics = buffer.ReadWord();
}
public CLRHeader(AssemblyBuffer buffer, OptionalHeader header, SectionsHeaders sectionsHeaders)
{
this.cb = buffer.ReadDWord();
this.MajorRuntimeVersion = buffer.ReadWord();
this.MinorRuntimeVersion = buffer.ReadWord();
this.MetaData = new DataDirectory(buffer);
this.Flags = buffer.ReadDWord();
this.EntryPointTokenOrEntryPointRVA = buffer.ReadDWord();
this.Resources = new DataDirectory(buffer);
this.StrongNameSignature = new DataDirectory(buffer);
this.CodeManagerTable = new DataDirectory(buffer);
this.VTableFixups = new DataDirectory(buffer);
this.ExportAddressTableJumps = new DataDirectory(buffer);
this.ManagedNativeHeader = new DataDirectory(buffer);
}
public uint ReadGuidOffset(AssemblyBuffer buffer)
{
if ((this.HeapOffsetSizes & (byte)HeapOffsetSize.GuidTableIndexOversize) != 0)
{
return(buffer.ReadDWord());
}
return(buffer.ReadWord());
}
public override void Read(AssemblyBuffer buffer)
{
this.Flags = buffer.ReadDWord();
this.NameAddress = this.ReadStringTableOffset(buffer);
this.NamespaceAddress = this.ReadStringTableOffset(buffer);
this.Extends = buffer.ReadWord();
this.FieldList = buffer.ReadWord();
this.MethodList = buffer.ReadWord();
this.Name = this.ReadStringAtOffset(this.NameAddress);
this.Namespace = this.ReadStringAtOffset(this.NamespaceAddress);
}
public Section(AssemblyBuffer buffer)
{
this.Name = buffer.ReadStringOfLength(8);
this.VirtualSize = buffer.ReadDWord();
this.VirtualAddress = buffer.ReadDWord();
this.SizeOfRawData = buffer.ReadDWord();
this.PointerToRawData = buffer.ReadDWord();
this.RelocationAddress = buffer.ReadDWord();
this.LineNumbersAddress = buffer.ReadDWord();
this.NumberOfRelocations = buffer.ReadWord();
this.NumberOfLineNumbers = buffer.ReadWord();
this.Characteristics = buffer.ReadDWord();
}
public override void ProcessTables(AssemblyBuffer buffer)
{
buffer.SetIndexPointer(this.AbsoluteAddress);
uint val = buffer.ReadDWord(); // Reserved.
byte major = buffer.ReadByte(); // Major and minor version
byte minor = buffer.ReadByte(); // Major and minor version
this.HeapOffsetSizes = buffer.ReadByte(); // Bit flags for the heap index width. Ref: https://www.codeproject.com/Articles/12585/The-NET-File-Format
buffer.ReadByte(); // Padding byte.
this.TablesPresent = buffer.ReadQWord(); // We need to read all of the tables present in the assembly
this.TablesSorted = buffer.ReadQWord(); // What tables are sorted
this.TableRowTypes = this.GetPopulatedTableRowTypes();
// Check which types apply to the current stream.
for (int i = 0; i < 64; i++)
{
if (!Enum.IsDefined(typeof(MetaDataTableType), i))
{
continue;
}
var tableType = (MetaDataTableType)i;
var bitmask = (ulong)1 << (int)tableType;
if ((this.TablesPresent & bitmask) != 0 || bitmask == 0)
{
this.TableLengths[(ulong)tableType] = buffer.ReadDWord();
}
}
this.PopulateTableRows(buffer);
}
public override void Read(AssemblyBuffer buffer)
{
this.RVA = buffer.ReadDWord();
this.ImplementationFlags = buffer.ReadWord();
this.DefinitionFlags = buffer.ReadWord();
this.NameAddress = this.ReadStringTableOffset(buffer);
this.Signature = this.ReadBlobTableOffset(buffer);
this.ParamsListIndex = buffer.ReadWord();
this.Name = this.ReadStringAtOffset(this.NameAddress);
uint oldBufferPos = buffer.GetBufferPosition();
buffer.SetIndexPointer(this.RVA);
// Do the reading of the function
this.ReadFunctionBody(buffer);
buffer.SetIndexPointer(oldBufferPos);
}
public OptionalHeader(AssemblyBuffer buffer)
{
this.Magic = buffer.ReadWord();
this.MajorLinkerVersion = buffer.ReadByte();
this.MinorLinkerVersion = buffer.ReadByte();
this.SizeOfCode = buffer.ReadDWord();
this.SizeOfInitializedData = buffer.ReadDWord();
this.SizeOfUninitializedData = buffer.ReadDWord();
this.AddressOfEntryPoint = buffer.ReadDWord();
this.BaseOfCode = buffer.ReadDWord();
this.BaseOfData = buffer.ReadDWord();
this.ImageBase = buffer.ReadDWord();
this.SectionAlignment = buffer.ReadDWord();
this.FileAlignment = buffer.ReadDWord();
this.MajorOperatingSystemVersion = buffer.ReadWord();
this.MinorOperatingSystemVersion = buffer.ReadWord();
this.MajorImageVersion = buffer.ReadWord();
this.MinorImageVersion = buffer.ReadWord();
this.MajorSubsystemVersion = buffer.ReadWord();
this.MinorSubsystemVersion = buffer.ReadWord();
this.Win32VersionValue = buffer.ReadDWord();
this.SizeOfImage = buffer.ReadDWord();
this.SizeOfHeaders = buffer.ReadDWord();
this.CheckSum = buffer.ReadDWord();
this.Subsystem = buffer.ReadWord();
this.DllCharacteristics = buffer.ReadWord();
this.SizeOfStackReserve = buffer.ReadDWord();
this.SizeOfStackCommit = buffer.ReadDWord();
this.SizeOfHeapReserve = buffer.ReadDWord();
this.SizeOfHeapCommit = buffer.ReadDWord();
this.LoaderFlags = buffer.ReadDWord();
this.NumberOfRvaAndSizes = buffer.ReadDWord();
this.DataDirectories = new DataDirectory[ImageNumberOfDirectoryEntries];
for (int i = 0; i < ImageNumberOfDirectoryEntries; i++)
{
this.DataDirectories[i] = new DataDirectory(buffer);
}
}
public DOSHeader(AssemblyBuffer currentBuffer)
{
this.MagicNumber = currentBuffer.ReadWord();
currentBuffer.SetIndexPointer(0x3C); // We don't need the rest of the struct so skip to the end to get the PE header pointer.
this.PEHeaderPointer = currentBuffer.ReadDWord();
}
public DataDirectory(AssemblyBuffer buffer)
{
this.RVA = buffer.ReadDWord();
this.Size = buffer.ReadDWord();
}