public int ReadHeader(byte[] xData, elfHeaders el)
{
// Reading Magic Number
for (int i = 0; i < 4; i++)
{
el.ident[i] = (char)xData[i];
}
// Reading architecture format
el.ident[4] = (char)xData[4];
// Endian identifier
el.ident[5] = (char)xData[5];
// original version for ELF
el.ident[6] = (char)xData[6];
el.ident[10] = (char)xData[16];
// checking whether the elf is executable or relocatable or shared
el.type = BitConverter.ToUInt16(xData, 16);
// instruction set architecture
el.machine = BitConverter.ToUInt16(xData, 18);
// version
el.version = BitConverter.ToUInt32(xData, 20);
// memory address entry point
el.entry = BitConverter.ToUInt32(xData, 24);
// changes from here...
el.phoff = BitConverter.ToUInt32(xData, (int)elfEnum.phoff);
el.sphoff = BitConverter.ToUInt32(xData, (int)elfEnum.sphoff);
el.flag = BitConverter.ToUInt32(xData, (int)elfEnum.flag);
el.ehsize = BitConverter.ToUInt16(xData, (int)elfEnum.ehsize);
el.phentsize = BitConverter.ToUInt16(xData, (int)elfEnum.phentsize);
el.phnum = BitConverter.ToUInt16(xData, (int)elfEnum.phnum);
el.shentsize = BitConverter.ToUInt16(xData, (int)elfEnum.shentsize);
el.shnum = BitConverter.ToUInt16(xData, (int)elfEnum.shnum);
el.shstrndx = BitConverter.ToUInt16(xData, (int)elfEnum.shstrndx);
if (el.ident[0] != '\x7F' || el.ident[1] != 'E' || el.ident[2] != 'L' || el.ident[3] != 'F')
{
return(-1);
}
if (el.ident[4] == 2)
{
return(-1); // not targetting x64 at this time :)
}
return(0);
}
private byte[] ParseELFData(byte[] xData, elfHeaders el)
{
// starting with core program
programHeader ph = new programHeader();
Exe_Format exeFormat = new Exe_Format();
exeFormat.entryAddr = el.entry;
Console.WriteLine("Entry address : " + exeFormat.entryAddr.ToString());
exeFormat.numSegments = el.phnum;
exeFormat.segmentList = new Exe_Segment[el.phnum];
byte[] xReadData = null;
int temp = 0;
for (int i = 0; i < el.phnum; i++)
{
ph.type = BitConverter.ToUInt16(xData, 0x34 + (0x20 * i));
exeFormat.segmentList[i].offsetInFile = ph.offset = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i));
exeFormat.segmentList[i].startAddress = ph.vaddr = BitConverter.ToUInt32(xData, 0x34 + (temp = +4) + (0x20 * i));
ph.paddr = BitConverter.ToUInt32(xData, 0x34 + (temp = +4) + (0x20 * i));
exeFormat.segmentList[i].lengthInFile = ph.fileSize = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i));
exeFormat.segmentList[i].sizeInMemory = ph.memSize = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i));
exeFormat.segmentList[i].protFlags = ph.flags = BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i));
ph.alignment = BitConverter.ToUInt16(xData, BitConverter.ToUInt16(xData, 0x34 + (temp = +4) + (0x20 * i)));
if (ph.type == 1)
{
//xReadData = new byte[exeFormat.segmentList[i].lengthInFile];
//for (int j = (int)exeFormat.entryAddr; j < exeFormat.entryAddr + exeFormat.segmentList[i].lengthInFile; j++)
//{
// xReadData[j - (int)exeFormat.entryAddr] = xData[j];
//}
//break;
}
}
// Reading section header
sectionHeader sh = new sectionHeader();
temp = 0;
for (int i = 0; i < el.shnum; i++)
{
sh.sh_name = BitConverter.ToUInt16(xData, (int)el.sphoff + (el.shentsize * i));
sh.sh_type = BitConverter.ToUInt16(xData, (int)el.sphoff + 4 + (el.shentsize * i));
sh.sh_flags = BitConverter.ToUInt16(xData, (int)el.sphoff + 8 + (el.shentsize * i));
sh.sh_Addr = BitConverter.ToUInt32(xData, (int)el.sphoff + 12 + (el.shentsize * i));
sh.sh_offset = BitConverter.ToUInt32(xData, (int)el.sphoff + 16 + (el.shentsize * i));
sh.sh_size = BitConverter.ToUInt16(xData, (int)el.sphoff + 20 + (el.shentsize * i));
sh.sh_link = BitConverter.ToUInt16(xData, (int)el.sphoff + 24 + (el.shentsize * i));
sh.sh_info = BitConverter.ToUInt16(xData, (int)el.sphoff + 28 + (el.shentsize * i));
sh.sh_addralign = BitConverter.ToUInt16(xData, (int)el.sphoff + 32 + (el.shentsize * i));
sh.sh_entsize = BitConverter.ToUInt16(xData, (int)el.sphoff + 36 + (el.shentsize * i));
}
//xReadData = new byte[0x180];
//for (int j = 0x2F0; j < 0x470; j++)
//{
// xReadData[j - 0x2F0] = xData[j];
//}
return(xReadData);
}
