bool IBinaryAppender <ImportFunctionModule.ImageBoundImportDescription, ReaderWithOffsetArgs> .Attach(ref ImportFunctionModule.ImageBoundImportDescription s, uint size, ReaderWithOffsetArgs arg)
{
if (s.TimeDateStamp == 0)
{
return(false);
}
ImportFunctionSection ifs = arg.Tag as ImportFunctionSection;
if (ifs == null)
{
return(false);
}
string name = arg.Source.ReadStringAnsiAt(arg.Offset + s.OffsetModuleName);
ImportFunctionModule ifm = ifs[name];
// if there is a module to update:
if (ifm != null)
{
ReaderWithOffsetArgs mArg = new ReaderWithOffsetArgs(arg.Source, arg.Offset, 0, null);
ifm.BoundDate = new DateTime(1970, 1, 1).AddSeconds(s.TimeDateStamp);
// append given number of forwarders, having the same size as the current structure
// and lying just after:
for (ushort i = 0; i < s.NumberOfModuleForwarderRefs; i++)
{
Append
<ImportFunctionModule.ImageBoundImportForwarderRef, ImportFunctionModule, ReaderWithOffsetArgs>(
arg.Source, ifm, mArg);
}
}
return(true);
}
/// <summary>
/// Extracts info about Import section.
/// </summary>
private void AppendImportSection(UnmanagedDataReader s, DataSectionDescription importSection, DataSectionDescription importBoundSection, NtHeaderSection ntSection)
{
ImportFunctionSection ifs = new ImportFunctionSection();
uint delta;
uint offset = GetVirtualRelativeAddress(importSection.VirtualAddress, out delta);
if (offset == 0 || ntSection == null)
{
return;
}
// analize data inside given section:
ReaderWithOffsetArgs arg = new ReaderWithOffsetArgs(s, offset, delta, ifs);
// read the info:
s.Jump(offset);
while (Append <ImportFunctionModule.ImageImportDescriptor, WindowsPortableExecutable, ReaderWithOffsetArgs>
(s, this, arg))
{
// store the current location:
offset = s.CurrentOffset;
// read functions assigned to given module:
if (ntSection.MachineType == MachineType.Intel_x86)
{
ReadImportData <ImportFunctionModule.ImageImportData32, WindowsPortableExecutable>(s, arg.Tag as ImportFunctionModule);
}
else
if (ntSection.MachineType == MachineType.Intel_x64)
{
ReadImportData <ImportFunctionModule.ImageImportData64, WindowsPortableExecutable>(s, arg.Tag as ImportFunctionModule);
}
// restore the offset:
s.Jump(offset);
arg.Tag = ifs;
}
// check if there is additional bound-import infor available and read it:
if (importBoundSection != null)
{
ReaderWithOffsetArgs iArg = new ReaderWithOffsetArgs(s, importBoundSection.VirtualAddress, 0, ifs);
s.Jump(importBoundSection.VirtualAddress);
while (Append <ImportFunctionModule.ImageBoundImportDescription, WindowsPortableExecutable, ReaderWithOffsetArgs>(s, this, iArg))
{
}
}
// if import section was correctly filled by at least one element then store it:
if (ifs.Count > 0)
{
ifs.UpdateFileInfo(ImportFunctionSection.DefaultName, offset, s.LastReadSize * (uint)ifs.Count);
ifs.UpdateVirtualInfo(importSection.VirtualAddress, importSection.Size);
Add(ifs);
}
}
bool IBinaryAppender <ImportFunctionModule.ImageImportDescriptor, ReaderWithOffsetArgs> .Attach(ref ImportFunctionModule.ImageImportDescriptor s, uint size, ReaderWithOffsetArgs arg)
{
ImportFunctionSection imports = arg.Tag as ImportFunctionSection;
IBinaryAppender <ImportFunctionModule.ImageImportDescriptor, ReaderWithOffsetArgs> t = new ImportFunctionModule();
// read the next import module description:
if (t.Attach(ref s, size, arg))
{
if (imports != null)
{
imports.Add(t as ImportFunctionModule);
arg.Tag = t;
return(true);
}
}
return(false);
}