private void ParseHeaders()
{
Signature = ExtractInt32();
Version = ExtractInt32();
Age = ExtractInt32();
GlobalsStreamIndex = ExtractInt16();
BuildNumber = ExtractInt16();
PublicsStreamIndex = ExtractInt16();
PDBDLLVersion = ExtractInt16();
SymbolsStreamIndex = ExtractInt16();
PDBDLLBuild = ExtractInt16();
ModuleSubstreamSize = ExtractInt32();
SectionContributionsSize = ExtractInt32();
SectionMapSize = ExtractInt32();
FileSubstreamSize = ExtractInt32();
TypeServerMapSize = ExtractInt32();
MFCTypeServerIndex = ExtractInt32();
DbgHeaderInfoSize = ExtractInt32();
ECSubstreamSize = ExtractInt32();
Flags = ExtractInt16();
MachineType = ExtractInt16();
Padding1 = ExtractInt32();
}
private void ParseAllSymbols(uint symbytes)
{
Header = ExtractUInt32();
while (ReadOffset < symbytes)
{
try
{
int begin = ReadOffset;
var symsize = ExtractUInt16();
var symtype = ExtractUInt16();
var sym = Symbol.MakeSymbol(this, symsize, symtype);
Symbols.Add(sym);
ReadOffset = begin + symsize.ExtractedValue + 2;
while ((ReadOffset & 3) != 0)
{
++ReadOffset;
}
}
catch
{
break;
}
}
}
private void ParseBitVectors()
{
HashTableSize = ExtractInt32();
HashTableCapacity = ExtractInt32();
BitVectors[0] = ExtractBitVector();
BitVectors[1] = ExtractBitVector();
}
internal TypedByteSequence <string> ExtractStringWithLength(int length)
{
var ret = new TypedByteSequence <string>(FlattenedBuffer, ReadOffset, length, Encoding.ASCII.GetString(FlattenedBuffer.Skip(ReadOffset).Take(length).ToArray()));
ReadOffset += length;
return(ret);
}
private void ParsePDBHeader()
{
Version = ExtractInt32();
Signature = ExtractInt32();
Age = ExtractInt32();
PDBGuid = ExtractGuid();
}
internal TypedByteSequence <Guid> ExtractGuid()
{
var bytes = FlattenedBuffer.Skip(ReadOffset).Take(16).ToArray();
var ret = new TypedByteSequence <Guid>(FlattenedBuffer, ReadOffset, 16, new Guid(bytes));
ReadOffset += 16;
return(ret);
}
internal TypedByteSequence <int> ExtractInt32()
{
var i = BitConverter.ToInt32(FlattenedBuffer, ReadOffset);
var ret = new TypedByteSequence <int>(FlattenedBuffer, ReadOffset, sizeof(int), i);
ReadOffset += sizeof(int);
return(ret);
}
internal TypedByteSequence <ushort> ExtractUInt16()
{
var s = BitConverter.ToUInt16(FlattenedBuffer, ReadOffset);
var ret = new TypedByteSequence <ushort>(FlattenedBuffer, ReadOffset, sizeof(ushort), s);
ReadOffset += sizeof(ushort);
return(ret);
}
internal TypedByteSequence <byte[]> ExtractBytes(int length)
{
var b = FlattenedBuffer.Skip(ReadOffset).Take(length).ToArray();
var ret = new TypedByteSequence <byte[]>(FlattenedBuffer, ReadOffset, length, b);
ReadOffset += length;
return(ret);
}
internal TypedByteSequence <byte> ExtractByte()
{
var b = FlattenedBuffer[ReadOffset];
var ret = new TypedByteSequence <byte>(FlattenedBuffer, ReadOffset, 1, b);
++ReadOffset;
return(ret);
}
private void ParseSuperBlock()
{
BlockSize = ExtractInt32();
FreeBlockMapIndex = ExtractInt32();
BlockCount = ExtractInt32();
DirectoryStreamLength = ExtractInt32();
Unknown = ExtractInt32();
HintBlock = ExtractInt32();
}
internal TypedByteSequence <uint> ExtractUInt32()
{
var u = BitConverter.ToUInt32(FlattenedBuffer, ReadOffset);
var ret = new TypedByteSequence <uint>(FlattenedBuffer, ReadOffset, sizeof(uint), u);
ReadOffset += sizeof(uint);
return(ret);
}
public SymbolUDT(MSFStream stream, TypedByteSequence <ushort> size, TypedByteSequence <ushort> type, MaskedByteSequence seq)
{
CorrespondingByteSequence = seq;
Size = size;
Type = type;
TypeIndex = stream.ExtractInt32();
Name = stream.ExtractTerminatedString();
stream.Extract4ByteAlignment();
}
public SymbolPublic(MSFStream stream, TypedByteSequence <ushort> size, TypedByteSequence <ushort> type, MaskedByteSequence seq)
{
CorrespondingByteSequence = seq;
Size = size;
Type = type;
PublicType = stream.ExtractInt32();
Offset = stream.ExtractInt32();
SectionIndex = stream.ExtractUInt16();
Name = stream.ExtractTerminatedString();
stream.Extract4ByteAlignment();
}
public SymbolProcRef(MSFStream stream, TypedByteSequence <ushort> size, TypedByteSequence <ushort> type, MaskedByteSequence seq)
{
CorrespondingByteSequence = seq;
Size = size;
Type = type;
SumName = stream.ExtractUInt32();
SymOffset = stream.ExtractUInt32();
Module = stream.ExtractUInt16();
Name = stream.ExtractTerminatedString();
stream.Extract4ByteAlignment();
}
private void ParseSectionContributions()
{
int begin = ReadOffset;
SectionContributionBeginOffset = begin;
SCVersion = ExtractUInt32();
while (ReadOffset - begin < SectionContributionsSize.ExtractedValue)
{
var sc = ParseSectionContribution();
Contributions.Add(sc);
}
}
public SymbolSection(MSFStream stream, TypedByteSequence <ushort> size, TypedByteSequence <ushort> type, MaskedByteSequence seq)
{
CorrespondingByteSequence = seq;
Size = size;
Type = type;
SectionIndex = stream.ExtractUInt16();
Alignment = stream.ExtractUInt16();
RVA = stream.ExtractUInt32();
Length = stream.ExtractUInt32();
Characteristics = stream.ExtractUInt32();
Name = stream.ExtractTerminatedString();
stream.Extract4ByteAlignment();
}
public BitmapByteSequence(TypedByteSequence <byte[]> buffer)
: base(buffer?.ExtractedValue)
{
if (buffer != null)
{
foreach (byte b in buffer.ExtractedValue)
{
for (int i = 0; i < 8; ++i)
{
if ((b & (1 << i)) != 0)
{
++BitCount;
}
}
}
}
}
private void ParsePublicsHeader()
{
HashBytes = ExtractUInt32();
AddressMapBytes = ExtractUInt32();
NumThunks = ExtractUInt32();
SizeOfThunk = ExtractUInt32();
ThunkTableSectionIndex = ExtractUInt16();
Padding = ExtractUInt16();
ThunkTableOffset = ExtractUInt32();
NumSections = ExtractUInt32();
Signature = ExtractUInt32();
Version = ExtractUInt32();
HRFilesBytes = ExtractUInt32();
BucketBytes = ExtractUInt32();
if (HRFilesBytes.ExtractedValue % 8 == 0)
{
int begin = ReadOffset;
HRFBeginOffset = begin;
while (ReadOffset - begin < HRFilesBytes.ExtractedValue)
{
var seq = new ByteSequence(FlattenedBuffer, ReadOffset, sizeof(uint) * 2);
var hrfile = new HRFile();
hrfile.Offset = ExtractUInt32();
hrfile.Unknown = ExtractUInt32();
hrfile.OriginalSequence = seq;
HRFiles.Add(hrfile);
}
}
else
{
ReadOffset += (int)HRFilesBytes.ExtractedValue;
}
Bitmap = new BitmapByteSequence(ExtractBytes(516)); // TODO - magic number (seems constant in other tools though)
for (uint i = 0; i < Bitmap.CountBits(); ++i)
{
ExtractUInt32();
}
}
internal TypedByteSequence <string> ExtractTerminatedString()
{
int length = 0;
while (FlattenedBuffer[ReadOffset + length] != 0)
{
++length;
}
var str = Encoding.ASCII.GetString(FlattenedBuffer.Skip(ReadOffset).Take(length).ToArray());
++length;
var ret = new TypedByteSequence <string>(FlattenedBuffer, ReadOffset, length, str);
ReadOffset += length;
return(ret);
}
public static Symbol MakeSymbol(MSFStream stream, TypedByteSequence <ushort> size, TypedByteSequence <ushort> type)
{
var seq = new MaskedByteSequence(stream.GetFlattenedBuffer(), stream.GetReadOffset() - 4, size.ExtractedValue + 2, "Symbol");
switch (type.ExtractedValue)
{
case 0x1108: // S_UDT
return(new SymbolUDT(stream, size, type, seq));
case 0x110e: // S_PUB32
return(new SymbolPublic(stream, size, type, seq));
case 0x1125: // S_PROCREF
return(new SymbolProcRef(stream, size, type, seq));
case 0x1136: // S_SECTION
return(new SymbolSection(stream, size, type, seq));
}
// TODO - count unknown symbols in the stream
return(new Symbol {
Size = size, Type = type, CorrespondingByteSequence = seq
});
}
private void ParseDirectory()
{
ReadOffset = BlockSize.ExtractedValue * DirectoryBlock.ExtractedValue;
StreamCount = ExtractInt32();
var streamsizes = new int[StreamCount.ExtractedValue];
for (int i = 0; i < StreamCount.ExtractedValue; ++i)
{
streamsizes[i] = ExtractInt32().ExtractedValue;
}
var blocks = new List <List <int> >();
for (int i = 0; i < StreamCount.ExtractedValue; ++i)
{
int extrablocks = streamsizes[i] / BlockSize.ExtractedValue;
var blocklist = new List <int>();
if (streamsizes[i] % BlockSize.ExtractedValue > 0)
{
blocklist.Add(ExtractInt32().ExtractedValue);
}
for (int j = 0; j < extrablocks; ++j)
{
blocklist.Add(ExtractInt32().ExtractedValue);
}
blocks.Add(blocklist);
}
for (int i = 0; i < StreamCount.ExtractedValue; ++i)
{
switch (i)
{
case 1:
PDBInfoStream = new MSFStreamPDBInfo(i, FlattenedBuffer, streamsizes[i], blocks[i], BlockSize.ExtractedValue);
Streams.Add(PDBInfoStream);
break;
case 3:
Streams.Add(new MSFStreamDBI(i, FlattenedBuffer, streamsizes[i], blocks[i], BlockSize.ExtractedValue, this));
break;
default:
{
var stream = new MSFStream(i, FlattenedBuffer, streamsizes[i], blocks[i], BlockSize.ExtractedValue);
if ((PDBInfoStream != null) && (stream.Name == null))
{
stream.Name = PDBInfoStream.GetNameOfStream(i);
}
Streams.Add(stream);
}
break;
}
}
if (KnownStreamSymbols > 0)
{
Streams[KnownStreamSymbols] = new MSFStreamSymbols(Streams[KnownStreamSymbols], KnownStreamSymbols);
}
if (KnownStreamPublics > 0)
{
Streams[KnownStreamPublics] = new MSFStreamPublics(Streams[KnownStreamPublics], KnownStreamPublics);
}
foreach (var stream in KnownStreamModules)
{
Streams[stream.Value.StreamIndex] =
new MSFStreamDBIModule(
Streams[stream.Value.StreamIndex],
stream.Value.StreamIndex,
stream.Key,
stream.Value.NumBytesSymbols,
stream.Value.NumBytesLines,
stream.Value.NumBytesC13Lines
);
}
}
private void ParseDirectoryHint()
{
ReadOffset = BlockSize.ExtractedValue * HintBlock.ExtractedValue;
DirectoryBlock = ExtractInt32();
}
