Exemplo n.º 1
0
        public void Parse(BinaryReader reader)
        {
            m_dosHeader = DosHeader.Parse(reader);
            int dosStubSize = (int)(m_dosHeader.CoffHeaderOffset - reader.BaseStream.Position);

            m_dosStubBytes   = reader.ReadBytes(dosStubSize);
            m_coffHeader     = CoffHeader.Parse(reader);
            m_peHeaderOffset = (uint)reader.BaseStream.Position;
            m_peHeader       = PEHeader.Parse(reader);

            for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
            {
                m_sectionHeaders.Add(PESectionHeader.Parse(reader));
            }

            int fillerSize = (int)(m_sectionHeaders[0].PointerToRawData - reader.BaseStream.Position);

            m_filler = reader.ReadBytes(fillerSize);

            for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
            {
                byte[] sectionBytes = reader.ReadBytes((int)m_sectionHeaders[i].SizeOfRawData);
                m_sections.Add(sectionBytes);
            }

            int remainingByteCount = (int)(reader.BaseStream.Length - reader.BaseStream.Position);

            m_remainingBytes = reader.ReadBytes(remainingByteCount);
            // file ends here

            // Parse Import Directory:
            PEDataDirectory importDirectoryEntry = m_peHeader.DataDirectories[(int)DataDirectoryName.Import];

            if (importDirectoryEntry.VirtualAddress > 0)
            {
                uint importDirectoryFileOffset = GetOffsetFromRVA(importDirectoryEntry.VirtualAddress);
                reader.BaseStream.Seek(importDirectoryFileOffset, SeekOrigin.Begin);
                m_importDirectory = ImportDirectory.Parse(reader);
            }
        }
Exemplo n.º 2
0
        public static PEHeader Parse(BinaryReader reader)
        {
            PEHeaderType signature = (PEHeaderType)reader.ReadUInt16();

            if (!Enum.IsDefined(typeof(PEHeaderType), signature))
            {
                throw new Exception("Invalid PE header signature");
            }

            PEHeader header = new PEHeader();

            header.Type                    = signature;
            header.LinkerVersion           = new Version(reader.ReadByte(), reader.ReadByte());
            header.SizeOfCode              = reader.ReadUInt32();
            header.SizeOfInitializedData   = reader.ReadUInt32();
            header.SizeOfUninitializedData = reader.ReadUInt32();
            header.AddressOfEntryPoint     = reader.ReadUInt32();
            header.BaseOfCode              = reader.ReadUInt32();

            if (signature == PEHeaderType.PE64)
            {
                header.ImageBase = reader.ReadUInt64();
            }
            else
            {
                header.BaseOfData = reader.ReadUInt32();
                header.ImageBase  = reader.ReadUInt32();
            }

            header.SectionAlignment       = reader.ReadUInt32();
            header.FileAlignment          = reader.ReadUInt32();
            header.OperatingSystemVersion = new Version(reader.ReadUInt16(), reader.ReadUInt16());
            header.ImageVersion           = new Version(reader.ReadUInt16(), reader.ReadUInt16());
            header.SubsystemVersion       = new Version(reader.ReadUInt16(), reader.ReadUInt16());
            header.Win32VersionValue      = reader.ReadUInt32();
            header.SizeOfImage            = reader.ReadUInt32();
            header.SizeOfHeaders          = reader.ReadUInt32();
            header.Checksum           = reader.ReadUInt32();
            header.Subsystem          = (PESubsystem)reader.ReadUInt16();
            header.DllCharacteristics = (PEDllCharacteristics)reader.ReadUInt16();

            if (signature == PEHeaderType.PE64)
            {
                header.SizeOfStackReserve = reader.ReadUInt64();
                header.SizeOfStackCommit  = reader.ReadUInt64();
                header.SizeOfHeapReserve  = reader.ReadUInt64();
                header.SizeOfHeapCommit   = reader.ReadUInt64();
            }
            else
            {
                header.SizeOfStackReserve = reader.ReadUInt32();
                header.SizeOfStackCommit  = reader.ReadUInt32();
                header.SizeOfHeapReserve  = reader.ReadUInt32();
                header.SizeOfHeapCommit   = reader.ReadUInt32();
            }

            header.LoaderFlags = reader.ReadUInt32();

            header.DataDirectories = new PEDataDirectory[reader.ReadUInt32()];
            for (int i = 0; i < header.DataDirectories.Length; i++)
            {
                header.DataDirectories[i] = PEDataDirectory.Parse(reader);
            }

            return(header);
        }