public void CacheBuffer(AssemblyBuffer buffer)
{
buffer.SetIndexPointer(this.AbsoluteAddress);
this.CachedBuffer = new byte[this.Size];
this.CachedBuffer = buffer.ReadBytes(this.Size);
this.CachedAssemblyBuffer = new AssemblyBuffer("", this.CachedBuffer);
}
public MetaDataHeader(AssemblyBuffer buffer, CLRHeader clrHeader, SectionsHeaders sectionsHeaders)
{
buffer.SetIndexPointer(clrHeader.MetaData.RVA - 0x1E00);
this.Signature = buffer.ReadDWord();
this.MajorVersion = buffer.ReadWord();
this.MinorVersion = buffer.ReadWord();
this.Reserved = buffer.ReadDWord();
this.VersionLength = buffer.ReadDWord();
this.VersionString = buffer.ReadStringOfLength(this.VersionLength);
this.Flags = buffer.ReadWord();
this.NumberOfStreams = buffer.ReadWord();
this.Streams = new StreamHeader[this.NumberOfStreams];
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS] = new DefsAndRefsStream(buffer, clrHeader, this);
this.Streams[(uint)MetaDataStreamType.STRINGS] = new StringStream(buffer, clrHeader);
// These are boiler plate.
this.Streams[(uint)MetaDataStreamType.US] = new StringStream(buffer, clrHeader);
this.Streams[(uint)MetaDataStreamType.GUID] = new StringStream(buffer, clrHeader);
this.Streams[(uint)MetaDataStreamType.BLOB] = new BlobStream(buffer, clrHeader);
// There is a specific load order for each stream. Therefore I'm not going to iterate over them.
this.Streams[(uint)MetaDataStreamType.STRINGS].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.STRINGS].ProcessTables(buffer);
this.Streams[(uint)MetaDataStreamType.BLOB].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.BLOB].ProcessTables(buffer);
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS].CacheBuffer(buffer);
this.Streams[(uint)MetaDataStreamType.DEFS_AND_REFS].ProcessTables(buffer);
}
public override void Read(AssemblyBuffer buffer)
{
this.RVA = buffer.ReadDWord();
this.ImplementationFlags = buffer.ReadWord();
this.DefinitionFlags = buffer.ReadWord();
this.NameAddress = this.ReadStringTableOffset(buffer);
this.Signature = this.ReadBlobTableOffset(buffer);
this.ParamsListIndex = buffer.ReadWord();
this.Name = this.ReadStringAtOffset(this.NameAddress);
uint oldBufferPos = buffer.GetBufferPosition();
buffer.SetIndexPointer(this.RVA);
// Do the reading of the function
this.ReadFunctionBody(buffer);
buffer.SetIndexPointer(oldBufferPos);
}
public COFFHeader(AssemblyBuffer buffer, DOSHeader currentHeader)
{
buffer.SetIndexPointer(currentHeader.PEHeaderPointer);
this.Signature = buffer.ReadDWord();
this.Machine = buffer.ReadWord();
this.SectionCount = buffer.ReadWord();
this.TimeDataStamp = buffer.ReadDWord();
this.PointerToSymbolTable = buffer.ReadDWord();
this.NumberOfSymbols = buffer.ReadDWord();
this.SizeOfOptionalHeader = buffer.ReadWord();
this.Characteristics = buffer.ReadWord();
}
public override void ProcessTables(AssemblyBuffer buffer)
{
buffer.SetIndexPointer(this.AbsoluteAddress);
uint val = buffer.ReadDWord(); // Reserved.
byte major = buffer.ReadByte(); // Major and minor version
byte minor = buffer.ReadByte(); // Major and minor version
this.HeapOffsetSizes = buffer.ReadByte(); // Bit flags for the heap index width. Ref: https://www.codeproject.com/Articles/12585/The-NET-File-Format
buffer.ReadByte(); // Padding byte.
this.TablesPresent = buffer.ReadQWord(); // We need to read all of the tables present in the assembly
this.TablesSorted = buffer.ReadQWord(); // What tables are sorted
this.TableRowTypes = this.GetPopulatedTableRowTypes();
// Check which types apply to the current stream.
for (int i = 0; i < 64; i++)
{
if (!Enum.IsDefined(typeof(MetaDataTableType), i))
{
continue;
}
var tableType = (MetaDataTableType)i;
var bitmask = (ulong)1 << (int)tableType;
if ((this.TablesPresent & bitmask) != 0 || bitmask == 0)
{
this.TableLengths[(ulong)tableType] = buffer.ReadDWord();
}
}
this.PopulateTableRows(buffer);
}
public DOSHeader(AssemblyBuffer currentBuffer)
{
this.MagicNumber = currentBuffer.ReadWord();
currentBuffer.SetIndexPointer(0x3C); // We don't need the rest of the struct so skip to the end to get the PE header pointer.
this.PEHeaderPointer = currentBuffer.ReadDWord();
}