public IMAGE_OPTIONAL_HEADER(byte [] buff, UInt32 offset, bool is32Bit)
{
Magic = Utility.BytesToUshort(buff, offset);
MajorLinkerVersion = buff[offset + 2];
MinorLinkerVersion = buff[offset + 3];
SizeOfCode = Utility.BytesToUInt32(buff, offset + 4);
SizeOfInitializedData = Utility.BytesToUInt32(buff, offset + 8);
SizeOfUninitializedData = Utility.BytesToUInt32(buff, offset + 0xC);
AddressOfEntryPoint = Utility.BytesToUInt32(buff, offset + 0x10);
BaseOfCode = Utility.BytesToUInt32(buff, offset + 0x14);
BaseOfData = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x18) : 0;
ImageBase = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x1c) : Utility.BytesToUInt64(buff, offset + 0x18);
SectionAlignment = Utility.BytesToUInt32(buff, offset + 0x20);
FileAlignment = Utility.BytesToUInt32(buff, offset + 0x24);
MajorOSVersion = Utility.BytesToUshort(buff, offset + 0x28);
MinorOSVersion = Utility.BytesToUshort(buff, offset + 0x2a);
MajorImageVersion = Utility.BytesToUshort(buff, offset + 0x2c);
MinorImageVersion = Utility.BytesToUshort(buff, offset + 0x2e);
MajorSubSystemVersion = Utility.BytesToUshort(buff, offset + 0x30);
MinorSubSystemVersion = Utility.BytesToUshort(buff, offset + 0x32);
Win32VersionValue = Utility.BytesToUInt32(buff, offset + 0x34);
SizeOfImage = Utility.BytesToUInt32(buff, offset + 0x38);
SizeOfHeaders = Utility.BytesToUInt32(buff, offset + 0x3c);
Checksum = Utility.BytesToUInt32(buff, offset + 0x40);
Subsystem = Utility.BytesToUshort(buff, offset + 0x44);
DllCharacteristics = Utility.BytesToUshort(buff, offset + 0x46);
SizeOfStackReverse = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x48) : Utility.BytesToUInt64(buff, offset + 0x48);
SizeOfStackCommit = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x4c) : Utility.BytesToUInt64(buff, offset + 0x50);
SizeOfHeapReverse = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x50) : Utility.BytesToUInt64(buff, offset + 0x58);
SizeOfHeapCommit = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x54) : Utility.BytesToUInt64(buff, offset + 0x60);
LoaderFlags = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x58) : Utility.BytesToUInt32(buff, offset + 0x68);
NumberOfRVAandSizes = (is32Bit) ? Utility.BytesToUInt32(buff, offset + 0x5c) : Utility.BytesToUInt32(buff, offset + 0x6c);
ImageDataDirectory = (is32Bit) ? new IMAGE_DATA_DIRECTORY(buff, offset + 0x60, is32Bit) : new IMAGE_DATA_DIRECTORY(buff, offset + 0x70, is32Bit);
}
public IMAGE_OPTIONAL_HEADER(byte[] buff, UInt32 offset, bool is64Bit)
{
_buff = buff;
_offset = offset;
_is64Bit = is64Bit;
DataDirectory = new IMAGE_DATA_DIRECTORY[16];
for (UInt32 i = 0; i < 16; i++)
{
if (!_is64Bit)
{
DataDirectory[i] = new IMAGE_DATA_DIRECTORY(buff, offset + 0x60 + i * 0x8);
}
else
{
DataDirectory[i] = new IMAGE_DATA_DIRECTORY(buff, offset + 0x70 + i * 0x8);
}
}
}