static void ReadResourceDataEntry(BinaryStreamReader reader, DataEntry dataEntry)
{
dataEntry.DataRVA = reader.ReadUInt32();
dataEntry.Size = reader.ReadUInt32();
dataEntry.Codepage = reader.ReadUInt32();
dataEntry.Reserved = reader.ReadUInt32();
}
public void ReadUInt32_131232223()
{
var reader = new BinaryStreamReader(new MemoryStream(BitConverter.GetBytes((uint)131232223)), new byte[20]);
uint value = reader.ReadUInt32();
Assert.AreEqual((uint)131232223, value);
}
static void ReadSectionHeader(BinaryStreamReader reader, SectionHeader section)
{
section.Name = reader.ReadFixedZeroFilledAsciiString(SectionHeader.MaximumNameSize);
section.VirtualSize = reader.ReadUInt32();
section.VirtualAddress = reader.ReadUInt32();
section.SizeOfRawData = reader.ReadUInt32();
section.PointerToRawData = reader.ReadUInt32();
section.PointerToRelocations = reader.ReadUInt32();
section.PointerToLinenumbers = reader.ReadUInt32();
section.NumberOfRelocations = reader.ReadUInt16();
section.NumberOfLinenumbers = reader.ReadUInt16();
section.Characteristics = (SectionCharacteristics)reader.ReadUInt32();
}
void ReadDosHeader(BinaryStreamReader reader)
{
if (this.DosHeader == null)
this.DosHeader = new DosHeader();
var signature = (MZSignature)reader.ReadInt16();
if (signature != MZSignature.MZ)
throw new BadImageFormatException("MZ signature expected, " + ((ushort)signature).ToString("X4") + "h found.");
this.DosHeader.cblp = reader.ReadUInt16();
this.DosHeader.cp = reader.ReadUInt16();
this.DosHeader.crlc = reader.ReadUInt16();
this.DosHeader.cparhdr = reader.ReadUInt16();
this.DosHeader.minalloc = reader.ReadUInt16();
this.DosHeader.maxalloc = reader.ReadUInt16();
this.DosHeader.ss = reader.ReadUInt16();
this.DosHeader.sp = reader.ReadUInt16();
this.DosHeader.csum = reader.ReadUInt16();
this.DosHeader.ip = reader.ReadUInt16();
this.DosHeader.cs = reader.ReadUInt16();
this.DosHeader.lfarlc = reader.ReadUInt16();
this.DosHeader.ovno = reader.ReadUInt16();
this.DosHeader.res1 = reader.ReadUInt64();
this.DosHeader.oemid = reader.ReadUInt16();
this.DosHeader.oeminfo = reader.ReadUInt16();
this.DosHeader.ReservedNumber0 = reader.ReadUInt32();
this.DosHeader.ReservedNumber1 = reader.ReadUInt32();
this.DosHeader.ReservedNumber2 = reader.ReadUInt32();
this.DosHeader.ReservedNumber3 = reader.ReadUInt32();
this.DosHeader.ReservedNumber4 = reader.ReadUInt32();
this.DosHeader.lfanew = reader.ReadUInt32();
if (this.DosHeader.lfanew > DosHeader.Size)
{
this.DosStub = new byte[this.DosHeader.lfanew - DosHeader.Size];
reader.ReadBytes(this.DosStub, 0, this.DosStub.Length);
}
}
void Read(BinaryStreamReader reader, long baseOffset)
{
this.Characteristics = reader.ReadUInt32();
uint timestampNum = reader.ReadUInt32();
this.Timestamp = PEFile.TimestampEpochUTC.AddSeconds(timestampNum);
this.MajorVersion = reader.ReadUInt16();
this.MinorVersion = reader.ReadUInt16();
ushort nameEntryCount = reader.ReadUInt16();
ushort idEntryCount = reader.ReadUInt16();
List<DirectoryEntry> subdirectories = null;
List<DataEntry> dataEntries = null;
for (int i = 0; i < nameEntryCount + idEntryCount; i++)
{
uint idOrNameRva = reader.ReadUInt32();
uint contentRva = reader.ReadUInt32();
string name;
uint id;
const uint HighBit = 1U << 31;
if ((idOrNameRva & HighBit)==0)
{
id = idOrNameRva;
name = null;
}
else
{
id = 0;
long savePosition = reader.Position;
uint namePositon = idOrNameRva & ~HighBit;
reader.Position = baseOffset + namePositon;
name = ReadName(reader);
reader.Position = savePosition;
}
if ((contentRva & HighBit) == 0) // high bit is set
{
var dataEntry = new DataEntry
{
Name = name,
IntegerID = id
};
long savePosition = reader.Position;
reader.Position = baseOffset + contentRva;
ReadResourceDataEntry(reader, dataEntry);
if (dataEntries == null)
dataEntries = new List<DataEntry>();
dataEntries.Add(dataEntry);
reader.Position = savePosition;
}
else
{
contentRva = contentRva & ~HighBit; // clear hight bit
long savePosition = reader.Position;
reader.Position = baseOffset + contentRva;
var directoryEntry = new DirectoryEntry
{
Name = name,
IntegerID = id
};
directoryEntry.Directory = new ResourceDirectory();
directoryEntry.Directory.Read(reader, baseOffset);
if (subdirectories == null)
subdirectories = new List<DirectoryEntry>();
subdirectories.Add(directoryEntry);
reader.Position = savePosition;
}
}
this.Subdirectories = subdirectories == null ? EmptyDirectoryEntries : subdirectories.ToArray();
this.DataEntries = dataEntries == null ? EmptyDataEntries : dataEntries.ToArray();
}
public static Import[] ReadImports(BinaryStreamReader reader)
{
var resultList = new List<Import>();
while(true)
{
uint originalFirstThunk = reader.ReadUInt32();
uint timeDateStamp = reader.ReadUInt32();
uint forwarderChain = reader.ReadUInt32();
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
string libraryName =
nameRva == 0 ? null : ReadAsciiZAt(reader, nameRva);
uint thunkAddressPosition = originalFirstThunk == 0 ? firstThunk : originalFirstThunk;
if (thunkAddressPosition == 0)
break;
long savePosition = reader.Position;
try
{
while (true)
{
reader.Position = thunkAddressPosition;
uint importPosition = reader.ReadUInt32();
if (importPosition == 0)
break;
Import imp;
if ((importPosition & (1 << 31)) != 0)
{
imp = new Import
{
DllName = libraryName,
FunctionOrdinal = importPosition
};
}
else
{
reader.Position = (int)importPosition;
uint hint = reader.ReadUInt16();
string fname = ReadAsciiZ(reader);
imp = new Import
{
DllName = libraryName,
FunctionOrdinal = hint,
FunctionName = fname
};
}
resultList.Add(imp);
thunkAddressPosition += 8;
}
}
finally
{
reader.Position = savePosition;
}
}
return resultList.ToArray();
}
void ReadOptionalHeader(BinaryStreamReader reader)
{
if (this.OptionalHeader == null)
this.OptionalHeader = new OptionalHeader();
var peMagic = (PEMagic)reader.ReadInt16();
if (peMagic != PEMagic.NT32
&& peMagic != PEMagic.NT64)
throw new BadImageFormatException("Unsupported PE magic value " + peMagic + ".");
this.OptionalHeader.PEMagic = peMagic;
this.OptionalHeader.MajorLinkerVersion = reader.ReadByte();
this.OptionalHeader.MinorLinkerVersion = reader.ReadByte();
this.OptionalHeader.SizeOfCode = reader.ReadUInt32();
this.OptionalHeader.SizeOfInitializedData = reader.ReadUInt32();
this.OptionalHeader.SizeOfUninitializedData = reader.ReadUInt32();
this.OptionalHeader.AddressOfEntryPoint = reader.ReadUInt32();
this.OptionalHeader.BaseOfCode = reader.ReadUInt32();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.BaseOfData = reader.ReadUInt32();
this.OptionalHeader.ImageBase = reader.ReadUInt32();
}
else
{
this.OptionalHeader.ImageBase = reader.ReadUInt64();
}
this.OptionalHeader.SectionAlignment = reader.ReadUInt32();
this.OptionalHeader.FileAlignment = reader.ReadUInt32();
this.OptionalHeader.MajorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MajorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MinorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MajorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.Win32VersionValue = reader.ReadUInt32();
this.OptionalHeader.SizeOfImage = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeaders = reader.ReadUInt32();
this.OptionalHeader.CheckSum = reader.ReadUInt32();
this.OptionalHeader.Subsystem = (Subsystem)reader.ReadUInt16();
this.OptionalHeader.DllCharacteristics = (DllCharacteristics)reader.ReadUInt16();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt32();
}
else
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt64();
}
this.OptionalHeader.LoaderFlags = reader.ReadUInt32();
this.OptionalHeader.NumberOfRvaAndSizes = reader.ReadUInt32();
if (this.OptionalHeader.DataDirectories == null
|| this.OptionalHeader.DataDirectories.Length != this.OptionalHeader.NumberOfRvaAndSizes)
this.OptionalHeader.DataDirectories = new DataDirectory[this.OptionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < this.OptionalHeader.DataDirectories.Length; i++)
{
var dd = new DataDirectory();
dd.Read(reader);
this.OptionalHeader.DataDirectories[i] = dd;
}
}
void ReadPEHeader(BinaryStreamReader reader)
{
if (this.PEHeader == null)
this.PEHeader = new PEHeader();
var peSignature = (PESignature)reader.ReadUInt32();
if (peSignature != PESignature.PE00)
throw new BadImageFormatException("PE00 signature expected, " + ((ushort)peSignature).ToString("X8") + "h found.");
this.PEHeader.Machine = (Machine)reader.ReadInt16();
this.PEHeader.NumberOfSections = reader.ReadUInt16();
uint timestampNum = reader.ReadUInt32();
this.PEHeader.Timestamp = TimestampEpochUTC.AddSeconds(timestampNum);
this.PEHeader.PointerToSymbolTable = reader.ReadUInt32();
this.PEHeader.NumberOfSymbols = reader.ReadUInt32();
this.PEHeader.SizeOfOptionalHeader = reader.ReadUInt16();
this.PEHeader.Characteristics = (ImageCharacteristics)reader.ReadInt16();
}
public void Read(BinaryStreamReader reader)
{
this.Offset = reader.ReadUInt32();
this.Size = reader.ReadUInt32();
this.Name = ReadAlignedNameString(reader);
}
private void ReadAndInitializeRowCounts(BinaryStreamReader reader, ulong validMask)
{
var tables = new Array[45];
if ((validMask & ((ulong)1 << (int)TableKind.Module)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ModuleEntry[rowCount];
tables[(int)TableKind.Module] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.TypeRef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new TypeRefEntry[rowCount];
tables[(int)TableKind.TypeRef] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.TypeDef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new TypeDefEntry[rowCount];
tables[(int)TableKind.TypeDef] = table;
}
if ((validMask & ((ulong)1 << 0x03)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.Field)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new FieldEntry[rowCount];
tables[(int)TableKind.Field] = table;
}
if ((validMask & ((ulong)1 << 0x05)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.MethodDef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new MethodDefEntry[rowCount];
tables[(int)TableKind.MethodDef] = table;
}
if ((validMask & ((ulong)1 << 0x07)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.Param)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ParamEntry[rowCount];
tables[(int)TableKind.Param] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.InterfaceImpl)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new InterfaceImplEntry[rowCount];
tables[(int)TableKind.InterfaceImpl] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.MemberRef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new MemberRefEntry[rowCount];
tables[(int)TableKind.MemberRef] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.Constant)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ConstantEntry[rowCount];
tables[(int)TableKind.Constant] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.CustomAttribute)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new CustomAttributeEntry[rowCount];
tables[(int)TableKind.CustomAttribute] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.FieldMarshal)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new FieldMarshalEntry[rowCount];
tables[(int)TableKind.FieldMarshal] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.DeclSecurity)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new DeclSecurityEntry[rowCount];
tables[(int)TableKind.DeclSecurity] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.ClassLayout)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ClassLayoutEntry[rowCount];
tables[(int)TableKind.ClassLayout] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.FieldLayout)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new FieldLayoutEntry[rowCount];
tables[(int)TableKind.FieldLayout] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.StandAloneSig)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new StandAloneSigEntry[rowCount];
tables[(int)TableKind.StandAloneSig] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.EventMap)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new EventMapEntry[rowCount];
tables[(int)TableKind.EventMap] = table;
}
if ((validMask & ((ulong)1 << 0x13)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.Event)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new EventEntry[rowCount];
tables[(int)TableKind.Event] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.PropertyMap)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new PropertyMapEntry[rowCount];
tables[(int)TableKind.PropertyMap] = table;
}
if ((validMask & ((ulong)1 << 0x16)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.Property)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new PropertyEntry[rowCount];
tables[(int)TableKind.Property] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.MethodSemantics)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new MethodSemanticsEntry[rowCount];
tables[(int)TableKind.MethodSemantics] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.MethodImpl)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new MethodImplEntry[rowCount];
tables[(int)TableKind.MethodImpl] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.ModuleRef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ModuleRefEntry[rowCount];
tables[(int)TableKind.ModuleRef] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.TypeSpec)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new TypeSpecEntry[rowCount];
tables[(int)TableKind.TypeSpec] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.ImplMap)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ImplMapEntry[rowCount];
tables[(int)TableKind.ImplMap] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.FieldRVA)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new FieldRVAEntry[rowCount];
tables[(int)TableKind.FieldRVA] = table;
}
if ((validMask & ((ulong)1 << 0x1E)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << 0x1F)) != 0)
throw new BadImageFormatException("Non-standard metadata table 0x"+validMask.ToString("X2")+".");
if ((validMask & ((ulong)1 << (int)TableKind.Assembly)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyEntry[rowCount];
tables[(int)TableKind.Assembly] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.AssemblyProcessor)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyProcessorEntry[rowCount];
tables[(int)TableKind.AssemblyProcessor] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.AssemblyOS)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyOSEntry[rowCount];
tables[(int)TableKind.AssemblyOS] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.AssemblyRef)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyRefEntry[rowCount];
tables[(int)TableKind.AssemblyRef] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.AssemblyRefProcessor)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyRefProcessorEntry[rowCount];
tables[(int)TableKind.AssemblyRefProcessor] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.AssemblyRefOS)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new AssemblyRefOSEntry[rowCount];
tables[(int)TableKind.AssemblyRefOS] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.File)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new FileEntry[rowCount];
tables[(int)TableKind.File] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.ExportedType)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ExportedTypeEntry[rowCount];
tables[(int)TableKind.ExportedType] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.ManifestResource)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new ManifestResourceEntry[rowCount];
tables[(int)TableKind.ManifestResource] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.NestedClass)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new NestedClassEntry[rowCount];
tables[(int)TableKind.NestedClass] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.GenericParam)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new GenericParamEntry[rowCount];
tables[(int)TableKind.GenericParam] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.MethodSpec)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new MethodSpecEntry[rowCount];
tables[(int)TableKind.MethodSpec] = table;
}
if ((validMask & ((ulong)1 << (int)TableKind.GenericParamConstraint)) != 0)
{
uint rowCount = reader.ReadUInt32();
var table = new GenericParamConstraintEntry[rowCount];
tables[(int)TableKind.GenericParamConstraint] = table;
}
ulong trailingZeroesMask = ulong.MaxValue << 45;
if ((validMask & trailingZeroesMask) != 0)
throw new BadImageFormatException("Non-standard metadata table bits.");
this.Tables = tables;
}
public void Read(BinaryStreamReader reader)
{
this.VirtualAddress = reader.ReadUInt32();
this.Size = reader.ReadUInt32();
}
public void ReadUInt32_131232223()
{
var reader = new BinaryStreamReader(new MemoryStream(BitConverter.GetBytes((uint)131232223)), new byte[20]);
uint value = reader.ReadUInt32();
Assert.AreEqual((uint)131232223, value);
}