public PeHeader GetPEHeader(DosHeader dosHeader)
{
using (var view = _file.CreateViewAccessor(dosHeader.ExeFileHeaderAddress, 0, MemoryMappedFileAccess.Read))
{
var peMagic = view.ReadUInt32(0);
if (peMagic != IMAGE_NT_SIGNATURE)
{
throw new InvalidOperationException("File does not have a valid PE header.");
}
view.Read(sizeof(uint), out IMAGE_FILE_HEADER fileHeader);
if (fileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
{
view.Read(sizeof(uint) + Marshal.SizeOf <IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER64 header64);
if (header64.Magic != PE32_64)
{
throw new InvalidOperationException("File is x86-64 but has a image type other than PE32+.");
}
var entries = ReadDirectoryEntries(view, sizeof(uint) + Marshal.SizeOf <IMAGE_FILE_HEADER>() + Marshal.SizeOf <IMAGE_OPTIONAL_HEADER64>(), IMAGE_NUMBEROF_DIRECTORY_ENTRIES);
var peHeader = new PeHeader(MachineArchitecture.x8664, entries);
return(peHeader);
}
else if (fileHeader.Machine == IMAGE_FILE_MACHINE_I386)
{
view.Read(sizeof(uint) + Marshal.SizeOf <IMAGE_FILE_HEADER>(), out IMAGE_OPTIONAL_HEADER32 header32);
if (header32.Magic != PE32_32)
{
throw new InvalidOperationException("File is x86 but has a image type other than PE32.");
}
var entries = ReadDirectoryEntries(view, sizeof(uint) + Marshal.SizeOf <IMAGE_FILE_HEADER>() + Marshal.SizeOf <IMAGE_OPTIONAL_HEADER32>(), IMAGE_NUMBEROF_DIRECTORY_ENTRIES);
var peHeader = new PeHeader(MachineArchitecture.x86, entries);
return(peHeader);
}
else
{
throw new NotSupportedException("Architecture is not supported.");
}
}
}
