Пример #1
0
        /// <summary>
        /// Parse a PE.
        /// </summary>
        /// <param name="stream">A stream of the PE contents.</param>
        private void Parse(Stream stream)
        {
            rawData = new byte[stream.Length];
            stream.Read(rawData, 0, (int)stream.Length);
            stream.Seek(0, SeekOrigin.Begin);

            BinaryReader reader = new BinaryReader(stream);

            dosHeader = PEUtility.FromBinaryReader <IMAGE_DOS_HEADER>(reader);

            int stubSize = (int)dosHeader.e_lfanew - Marshal.SizeOf(typeof(IMAGE_DOS_HEADER));

            dosStub = reader.ReadBytes(stubSize);

            // Add 4 bytes to the offset
            stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
            ntSignature     = PEUtility.FromBinaryReader <IMAGE_NT_HEADERS>(reader);
            fileHeader      = PEUtility.FromBinaryReader <IMAGE_FILE_HEADER>(reader);
            optionalHeader  = PEUtility.FromBinaryReader <IMAGE_OPTIONAL_HEADER32>(reader);
            dataDirectories = PEUtility.FromBinaryReader <IMAGE_DATA_DIRECTORIES>(reader);

            sections = new List <PESection>();
            for (int i = 0; i < fileHeader.NumberOfSections; i++)
            {
                IMAGE_SECTION_HEADER header  = PEUtility.FromBinaryReader <IMAGE_SECTION_HEADER>(reader);
                PESection            section = new PESection(header);
                section.Parse(ref rawData);
                sections.Add(section);
            }
        }
Пример #2
0
        private void Parse(Stream stream)
        {
            rawData = new byte[stream.Length];
            stream.Read(rawData, 0, (int)stream.Length);
            stream.Seek(0, SeekOrigin.Begin);
            BinaryReader reader = new BinaryReader(stream);

            fileHeader = PEUtility.FromBinaryReader <IMAGE_FILE_HEADER>(reader);

            // Read the sections
            sections = new List <PESection>();
            for (int i = 0; i < fileHeader.NumberOfSections; i++)
            {
                IMAGE_SECTION_HEADER header;
                header = PEUtility.FromBinaryReader <IMAGE_SECTION_HEADER>(reader);
                PESection section = new PESection(this, header);
                section.Parse(ref rawData);
                sections.Add(section);
            }

            // Read the symbol table from fileHeader.PointerToSymbolTable
            symbolTable = new SymbolTable(fileHeader.NumberOfSymbols);
            stream.Seek(fileHeader.PointerToSymbolTable, SeekOrigin.Begin);
            for (int i = 0; i < fileHeader.NumberOfSymbols; i++)
            {
                IMAGE_SYMBOL symbol;
                symbol = PEUtility.FromBinaryReader <IMAGE_SYMBOL>(reader);
                symbolTable.AddSymbol(symbol, i);
            }

            uint pointerToStringTable = fileHeader.PointerToSymbolTable +
                                        (uint)(fileHeader.NumberOfSymbols * Marshal.SizeOf(typeof(IMAGE_SYMBOL)));

            stream.Seek(pointerToStringTable, SeekOrigin.Begin);
            uint stringTableSize = PEUtility.FromBinaryReader <UInt32>(reader);

            for (ushort i = (ushort)Marshal.SizeOf(typeof(UInt32)); i < stringTableSize;)
            {
                String stringEntry = PEUtility.StringFromBinaryReader(reader);
                symbolTable.AddString(stringEntry, i);
                i += (ushort)(stringEntry.Length + 1); // include NULL terminator
            }

            Console.WriteLine("Object File: {0}", sourceFile);
            Console.WriteLine(symbolTable.ToString());
            Console.WriteLine("Sections:");
            foreach (PESection s in sections)
            {
                Console.WriteLine(s.ToString());
            }
            Console.WriteLine();
        }
Пример #3
0
        private void Parse(Stream stream)
        {
            using (var reader = new BinaryReader(stream, Encoding.ASCII, true))
            {
                fileHeader = reader.ReadStruct <IMAGE_FILE_HEADER>();

                // Read the sections
                Sections = new List <PESection>();
                for (int i = 0; i < fileHeader.NumberOfSections; i++)
                {
                    IMAGE_SECTION_HEADER header;
                    header = reader.ReadStruct <IMAGE_SECTION_HEADER>();
                    PESection section = new PESection(this, header);
                    section.Parse(stream);
                    Sections.Add(section);
                }

                // Read the symbol table from fileHeader.PointerToSymbolTable
                SymbolTable = new SymbolTable(fileHeader.NumberOfSymbols);
                stream.Seek(fileHeader.PointerToSymbolTable, SeekOrigin.Begin);
                for (int i = 0; i < fileHeader.NumberOfSymbols; i++)
                {
                    IMAGE_SYMBOL symbol;
                    symbol = reader.ReadStruct <IMAGE_SYMBOL>();
                    SymbolTable.AddSymbol(symbol, i);
                }

                uint pointerToStringTable = fileHeader.PointerToSymbolTable +
                                            (uint)(fileHeader.NumberOfSymbols * Marshal.SizeOf(typeof(IMAGE_SYMBOL)));
                stream.Seek(pointerToStringTable, SeekOrigin.Begin);
                uint stringTableSize = reader.ReadStruct <uint>();

                for (ushort i = (ushort)Marshal.SizeOf(typeof(uint)); i < stringTableSize;)
                {
                    string stringEntry = reader.ReadCString();
                    SymbolTable.AddString(stringEntry, i);
                    i += (ushort)(stringEntry.Length + 1); // include NULL terminator
                }
            }
        }
Пример #4
0
        private void Parse(Stream stream)
        {
            rawData = new byte[stream.Length];
            stream.Read(rawData, 0, (int)stream.Length);
            stream.Seek(0, SeekOrigin.Begin);
            BinaryReader reader = new BinaryReader(stream);

            fileHeader = PEUtility.FromBinaryReader<IMAGE_FILE_HEADER>(reader);

            // Read the sections
            sections = new List<PESection>();
            for (int i = 0; i < fileHeader.NumberOfSections; i++)
            {
                IMAGE_SECTION_HEADER header;
                header = PEUtility.FromBinaryReader<IMAGE_SECTION_HEADER>(reader);
                PESection section = new PESection(this, header);
                section.Parse(ref rawData);
                sections.Add(section);
            }

            // Read the symbol table from fileHeader.PointerToSymbolTable
            symbolTable = new SymbolTable(fileHeader.NumberOfSymbols);
            stream.Seek(fileHeader.PointerToSymbolTable, SeekOrigin.Begin);
            for (int i = 0; i < fileHeader.NumberOfSymbols; i++)
            {
                IMAGE_SYMBOL symbol;
                symbol = PEUtility.FromBinaryReader<IMAGE_SYMBOL>(reader);
                symbolTable.AddSymbol(symbol, i);
            }

            uint pointerToStringTable = fileHeader.PointerToSymbolTable +
                (uint)(fileHeader.NumberOfSymbols * Marshal.SizeOf(typeof(IMAGE_SYMBOL)));
            stream.Seek(pointerToStringTable, SeekOrigin.Begin);
            uint stringTableSize = PEUtility.FromBinaryReader<UInt32>(reader);

            for (ushort i = (ushort)Marshal.SizeOf(typeof(UInt32)); i < stringTableSize; )
            {
                String stringEntry = PEUtility.StringFromBinaryReader(reader);
                symbolTable.AddString(stringEntry, i);
                i += (ushort)(stringEntry.Length + 1); // include NULL terminator
            }

            Console.WriteLine("Object File: {0}", sourceFile);
            Console.WriteLine(symbolTable.ToString());
            Console.WriteLine("Sections:");
            foreach (PESection s in sections)
            {
                Console.WriteLine(s.ToString());
            }
            Console.WriteLine();
        }