Exemplo n.º 1
0
        public PEHeader(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            // Read Standard fields
            _Magic = reader.ReadUInt16();
            _MajorLinkerVersion      = reader.ReadByte();
            _MinorLinkerVersion      = reader.ReadByte();
            _SizeOfCode              = reader.ReadUInt32();
            _SizeOfInitializedData   = reader.ReadUInt32();
            _SizeOfUninitializedData = reader.ReadUInt32();
            _AddressOfEntryPoint     = reader.ReadUInt32();
            _BaseOfCode              = reader.ReadUInt32();
            _BaseOfData              = reader.ReadUInt32();

            // Read NT-specific fields
            _ImageBase               = reader.ReadUInt32();
            _SectionAlignment        = reader.ReadUInt32();
            _FileAlignment           = reader.ReadUInt32();
            _OsMajor                 = reader.ReadUInt16();
            _OsMinor                 = reader.ReadUInt16();
            _UserMajor               = reader.ReadUInt16();
            _UserMinor               = reader.ReadUInt16();
            _SubSysMajor             = reader.ReadUInt16();
            _SubSysMinor             = reader.ReadUInt16();
            _Reserved                = reader.ReadUInt32();
            _ImageSize               = reader.ReadUInt32();
            _HeaderSize              = reader.ReadUInt32();
            _FileChecksum            = reader.ReadUInt32();
            _SubSystem               = reader.ReadUInt16();
            _DllFlags                = reader.ReadUInt16();
            _StackReserveSize        = reader.ReadUInt32();
            _StackCommitSize         = reader.ReadUInt32();
            _HeapReserveSize         = reader.ReadUInt32();
            _HeapCommitSize          = reader.ReadUInt32();
            _LoaderFlags             = reader.ReadUInt32();
            _NumberOfDataDirectories = reader.ReadUInt32();
            if (NumberOfDataDirectories < 16)
            {
                throw new ModException("PEHeader:  Invalid number of data directories in file header.");
            }

            _DataDirs = new DataDir[NumberOfDataDirectories];

            string[] PEDirNames = new String[16] {
                "Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table", "Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import", "IAT", "Delay Import Descriptor", "CLI Header", "Reserved"
            };


            for (int i = 0; i < NumberOfDataDirectories; ++i)
            {
                _DataDirs[i] = new DataDir(reader, (i < 16)?PEDirNames[i]:"Unknown");
            }

            Length = reader.BaseStream.Position - Start;
        }
Exemplo n.º 2
0
        public COR20Header(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            _CB = reader.ReadUInt32();
            _MajorRuntimeVersion = reader.ReadUInt16();
            _MinorRuntimeVersion = reader.ReadUInt16();
            _MetaData            = new DataDir(reader, "MetaDataDir");
            _Flags                   = reader.ReadUInt32();
            _EntryPointToken         = reader.ReadUInt32();
            _Resources               = new DataDir(reader, "ResourcesDir");
            _StrongNameSignature     = new DataDir(reader, "StrongNameSignatureDir");
            _CodeManagerTable        = new DataDir(reader, "CodeManagerTableDir");
            _VTableFixups            = new DataDir(reader, "VTableFixupsDir");
            _ExportAddressTableJumps = new DataDir(reader, "ExportAddressTableJumpsDir");
            _ManagedNativeHeader     = new DataDir(reader, "ManagedNativeHeaderDir");

            Length = reader.BaseStream.Position - Start;
        }
Exemplo n.º 3
0
        public COR20Header(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            _CB = reader.ReadUInt32();
            _MajorRuntimeVersion = reader.ReadUInt16();
            _MinorRuntimeVersion = reader.ReadUInt16();
            _MetaData = new DataDir(reader, "MetaDataDir");
            _Flags = reader.ReadUInt32();
            _EntryPointToken = reader.ReadUInt32();
            _Resources = new DataDir(reader, "ResourcesDir");
            _StrongNameSignature = new DataDir(reader, "StrongNameSignatureDir");
            _CodeManagerTable = new DataDir(reader, "CodeManagerTableDir");
            _VTableFixups = new DataDir(reader, "VTableFixupsDir");
            _ExportAddressTableJumps = new DataDir(reader, "ExportAddressTableJumpsDir");
            _ManagedNativeHeader = new DataDir(reader, "ManagedNativeHeaderDir");

            Length = reader.BaseStream.Position - Start;
        }
Exemplo n.º 4
0
        public PEHeader(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            // Read Standard fields
            _Magic = reader.ReadUInt16();

            try
            {
                this._PEKind = (PEKind)Enum.Parse(typeof(PEKind), this._Magic.ToString(), true);
            }
            catch (ArgumentException)
            {
            }

            if ((this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC) || (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC))
            {
                _MajorLinkerVersion      = reader.ReadByte();
                _MinorLinkerVersion      = reader.ReadByte();
                _SizeOfCode              = reader.ReadUInt32();
                _SizeOfInitializedData   = reader.ReadUInt32();
                _SizeOfUninitializedData = reader.ReadUInt32();
                _AddressOfEntryPoint     = reader.ReadUInt32();
                _BaseOfCode              = reader.ReadUInt32();

                // Read NT-specific fields
                // Many thanks to Sendersu about spotting this out
                if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
                {
                    _BaseOfData  = reader.ReadUInt32();
                    _ImageBase32 = reader.ReadUInt32();
                }
                else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
                {
                    _ImageBase64 = reader.ReadUInt64();
                }
                _SectionAlignment = reader.ReadUInt32();
                _FileAlignment    = reader.ReadUInt32();
                _OsMajor          = reader.ReadUInt16();
                _OsMinor          = reader.ReadUInt16();
                _UserMajor        = reader.ReadUInt16();
                _UserMinor        = reader.ReadUInt16();
                _SubSysMajor      = reader.ReadUInt16();
                _SubSysMinor      = reader.ReadUInt16();
                _Reserved         = reader.ReadUInt32();
                _ImageSize        = reader.ReadUInt32();
                _HeaderSize       = reader.ReadUInt32();
                _FileChecksum     = reader.ReadUInt32();
                _SubSystem        = reader.ReadUInt16();
                _DllFlags         = reader.ReadUInt16();
                if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
                {
                    _StackReserveSize32 = reader.ReadUInt32();
                    _StackCommitSize32  = reader.ReadUInt32();
                    _HeapReserveSize32  = reader.ReadUInt32();
                    _HeapCommitSize32   = reader.ReadUInt32();
                }
                else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
                {
                    _StackReserveSize64 = reader.ReadUInt64();
                    _StackCommitSize64  = reader.ReadUInt64();
                    _HeapReserveSize64  = reader.ReadUInt64();
                    _HeapCommitSize64   = reader.ReadUInt64();
                }
                _LoaderFlags             = reader.ReadUInt32();
                _NumberOfDataDirectories = reader.ReadUInt32();
                if (NumberOfDataDirectories < 16)
                {
                    throw new ModException("PEHeader: Invalid number of data directories in file header.");
                }

                _DataDirs = new DataDir[NumberOfDataDirectories];

                string[] PEDirNames = new[]
                {
                    "Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table",
                    "Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import",
                    "IAT", "Delay Import Descriptor", "CLI Header", "Reserved"
                };

                for (int i = 0; i < NumberOfDataDirectories; ++i)
                {
                    _DataDirs[i] = new DataDir(reader, (i < 16) ? PEDirNames[i] : "Unknown");
                }

                Length = reader.BaseStream.Position - Start;
            }
            else
            {
                throw new ModException("PEHeader: Loaded module is not a recognized PE / PE+ file");
            }
        }
Exemplo n.º 5
0
        public PEHeader(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            // Read Standard fields
            _Magic = reader.ReadUInt16();

            try
            {
                this._PEKind = (PEKind) Enum.Parse(typeof (PEKind), this._Magic.ToString(), true);
            }
            catch (ArgumentException)
            {
            }

            if ((this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC) || (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC))
            {
                _MajorLinkerVersion = reader.ReadByte();
                _MinorLinkerVersion = reader.ReadByte();
                _SizeOfCode = reader.ReadUInt32();
                _SizeOfInitializedData = reader.ReadUInt32();
                _SizeOfUninitializedData = reader.ReadUInt32();
                _AddressOfEntryPoint = reader.ReadUInt32();
                _BaseOfCode = reader.ReadUInt32();

                // Read NT-specific fields
                // Many thanks to Sendersu about spotting this out
                if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
                {
                    _BaseOfData = reader.ReadUInt32();
                    _ImageBase32 = reader.ReadUInt32();
                }
                else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
                {
                    _ImageBase64 = reader.ReadUInt64();
                }
                _SectionAlignment = reader.ReadUInt32();
                _FileAlignment = reader.ReadUInt32();
                _OsMajor = reader.ReadUInt16();
                _OsMinor = reader.ReadUInt16();
                _UserMajor = reader.ReadUInt16();
                _UserMinor = reader.ReadUInt16();
                _SubSysMajor = reader.ReadUInt16();
                _SubSysMinor = reader.ReadUInt16();
                _Reserved = reader.ReadUInt32();
                _ImageSize = reader.ReadUInt32();
                _HeaderSize = reader.ReadUInt32();
                _FileChecksum = reader.ReadUInt32();
                _SubSystem = reader.ReadUInt16();
                _DllFlags = reader.ReadUInt16();
                if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
                {
                    _StackReserveSize32 = reader.ReadUInt32();
                    _StackCommitSize32 = reader.ReadUInt32();
                    _HeapReserveSize32 = reader.ReadUInt32();
                    _HeapCommitSize32 = reader.ReadUInt32();
                }
                else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
                {
                    _StackReserveSize64 = reader.ReadUInt64();
                    _StackCommitSize64 = reader.ReadUInt64();
                    _HeapReserveSize64 = reader.ReadUInt64();
                    _HeapCommitSize64 = reader.ReadUInt64();
                }
                _LoaderFlags = reader.ReadUInt32();
                _NumberOfDataDirectories = reader.ReadUInt32();
                if (NumberOfDataDirectories < 16)
                {
                    throw new ModException("PEHeader: Invalid number of data directories in file header.");
                }

                _DataDirs = new DataDir[NumberOfDataDirectories];

                string[] PEDirNames = new[]
                                      {
                                          "Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table",
                                          "Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import",
                                          "IAT", "Delay Import Descriptor", "CLI Header", "Reserved"
                                      };

                for (int i = 0; i < NumberOfDataDirectories; ++i)
                {
                    _DataDirs[i] = new DataDir(reader, (i < 16) ? PEDirNames[i] : "Unknown");
                }

                Length = reader.BaseStream.Position - Start;
            }
            else
            {
                throw new ModException("PEHeader: Loaded module is not a recognized PE / PE+ file");
            }
        }
Exemplo n.º 6
0
        public PEHeader(BinaryReader reader)
        {
            Start = reader.BaseStream.Position;

            // Read Standard fields
            _Magic = reader.ReadUInt16();
            _MajorLinkerVersion = reader.ReadByte();
            _MinorLinkerVersion = reader.ReadByte();
            _SizeOfCode = reader.ReadUInt32();
            _SizeOfInitializedData = reader.ReadUInt32();
            _SizeOfUninitializedData = reader.ReadUInt32();
            _AddressOfEntryPoint = reader.ReadUInt32();
            _BaseOfCode = reader.ReadUInt32();
            _BaseOfData = reader.ReadUInt32();

            // Read NT-specific fields
            _ImageBase = reader.ReadUInt32();
            _SectionAlignment = reader.ReadUInt32();
            _FileAlignment = reader.ReadUInt32();
            _OsMajor = reader.ReadUInt16();
            _OsMinor = reader.ReadUInt16();
            _UserMajor = reader.ReadUInt16();
            _UserMinor = reader.ReadUInt16();
            _SubSysMajor = reader.ReadUInt16();
            _SubSysMinor = reader.ReadUInt16();
            _Reserved = reader.ReadUInt32();
            _ImageSize = reader.ReadUInt32();
            _HeaderSize = reader.ReadUInt32();
            _FileChecksum = reader.ReadUInt32();
            _SubSystem = reader.ReadUInt16();
            _DllFlags = reader.ReadUInt16();
            _StackReserveSize = reader.ReadUInt32();
            _StackCommitSize = reader.ReadUInt32();
            _HeapReserveSize = reader.ReadUInt32();
            _HeapCommitSize = reader.ReadUInt32();
            _LoaderFlags = reader.ReadUInt32();
            _NumberOfDataDirectories = reader.ReadUInt32();
            if (NumberOfDataDirectories < 16)
                throw new ModException("PEHeader:  Invalid number of data directories in file header.");

            _DataDirs = new DataDir[NumberOfDataDirectories];

            string[] PEDirNames = new String[16] { "Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table", "Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import", "IAT", "Delay Import Descriptor", "CLI Header", "Reserved"};

            for (int i=0; i < NumberOfDataDirectories; ++i)
            {
                _DataDirs[i] = new DataDir(reader, (i < 16)?PEDirNames[i]:"Unknown");
            }

            Length = reader.BaseStream.Position - Start;
        }