public void NewForkInvalidStart()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
Assert.Throws<ArgumentOutOfRangeException>(() => reader.Fork(8, 3));
}
public void NewForkTooLong()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
Assert.Throws<EndOfStreamException>(() => reader.Fork(6, 4));
}
public void ForkStartAtMiddle()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
var fork = reader.Fork(4, 2);
Assert.Equal(0x0605, fork.ReadUInt16());
}
public void ForkReadsSameData()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
var fork = reader.Fork(0, 2);
Assert.Equal(0x0201, fork.ReadUInt16());
}
public void ForkOfFork()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
var fork = reader.Fork(2, 4);
var fork2 = fork.Fork(3, 2);
Assert.Equal(0x04, fork2.ReadByte());
}
public void NewForkSubRange()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
var fork = reader.Fork(2, 3);
Assert.Equal(2u, fork.StartOffset);
Assert.Equal(2u, fork.Offset);
Assert.Equal(3u, fork.Length);
}
public void ForkMovesIndependentOfOriginal()
{
var reader = new ByteArrayReader(new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
});
var fork = reader.Fork(0, 2);
fork.ReadUInt16();
Assert.Equal(0u, reader.Offset);
Assert.Equal(2u, fork.Offset);
}
public CopiedProcessModule(Process process, IntPtr baseAddress, int size)
{
BaseAddress = baseAddress;
using (var memoryReader = new MemoryReader(process))
{
var copiedBytes = memoryReader.ReadMemory(baseAddress, size, out var bytesRead);
if (bytesRead != size)
{
throw new AccessViolationException("Could not copy entire module into memory.");
}
var reader = new ByteArrayReader(copiedBytes);
// DOS header.
var dosHeader = DosHeader.FromReader(reader);
reader.FileOffset = dosHeader.NextHeaderOffset;
uint signature = reader.ReadUInt32();
if (signature != 0x4550) //PE\0\0
{
throw new BadImageFormatException();
}
// Read NT headers.
var peFile = new PEFile(
dosHeader,
FileHeader.FromReader(reader),
OptionalHeader.FromReader(reader));
ImageFile = peFile;
// Section headers.
reader.FileOffset = peFile.OptionalHeader.FileOffset + peFile.FileHeader.SizeOfOptionalHeader;
for (int i = 0; i < peFile.FileHeader.NumberOfSections; i++)
{
var header = SectionHeader.FromReader(reader);
header.PointerToRawData = header.VirtualAddress;
header.SizeOfRawData = header.VirtualSize;
var contentsReader = reader.Fork(header.PointerToRawData, header.VirtualSize);
var contents = DataSegment.FromReader(contentsReader);
contents.UpdateOffsets(header.PointerToRawData, header.VirtualAddress);
peFile.Sections.Add(new PESection(header, new VirtualSegment(contents, header.VirtualSize)));
}
Image = PEImage.FromFile(peFile);
}
}