/// <summary>
/// 获得DOS头
/// </summary>
private void LoadDosHeader()
{
_DosHeader = new DosHeader();
_DosHeader.FileStarIndex = PEFileIndex;
Loadbyte(ref _DosHeader.e_magic);
Loadbyte(ref _DosHeader.e_cblp);
Loadbyte(ref _DosHeader.e_cp);
Loadbyte(ref _DosHeader.e_crlc);
Loadbyte(ref _DosHeader.e_cparhdr);
Loadbyte(ref _DosHeader.e_minalloc);
Loadbyte(ref _DosHeader.e_maxalloc);
Loadbyte(ref _DosHeader.e_ss);
Loadbyte(ref _DosHeader.e_sp);
Loadbyte(ref _DosHeader.e_csum);
Loadbyte(ref _DosHeader.e_ip);
Loadbyte(ref _DosHeader.e_cs);
Loadbyte(ref _DosHeader.e_rva);
Loadbyte(ref _DosHeader.e_fg);
Loadbyte(ref _DosHeader.e_bl1);
Loadbyte(ref _DosHeader.e_oemid);
Loadbyte(ref _DosHeader.e_oeminfo);
Loadbyte(ref _DosHeader.e_bl2);
Loadbyte(ref _DosHeader.e_PESTAR);
_DosHeader.FileEndIndex = PEFileIndex;
}
/// <summary>
/// Reads a PE file from an input stream.
/// </summary>
/// <param name="reader">The input stream.</param>
/// <param name="mode">Indicates how the input PE file is mapped.</param>
/// <exception cref="BadImageFormatException">Occurs when the input stream is malformed.</exception>
public SerializedPEFile(IBinaryStreamReader reader, PEMappingMode mode)
{
_reader = reader ?? throw new ArgumentNullException(nameof(reader));
MappingMode = mode;
// DOS header.
DosHeader = DosHeader.FromReader(reader);
reader.Offset = DosHeader.Offset + DosHeader.NextHeaderOffset;
uint signature = reader.ReadUInt32();
if (signature != ValidPESignature)
{
throw new BadImageFormatException();
}
// Read NT headers.
FileHeader = FileHeader.FromReader(reader);
OptionalHeader = OptionalHeader.FromReader(reader);
// Read section headers.
reader.Offset = OptionalHeader.Offset + FileHeader.SizeOfOptionalHeader;
_sectionHeaders = new List <SectionHeader>(FileHeader.NumberOfSections);
for (int i = 0; i < FileHeader.NumberOfSections; i++)
{
_sectionHeaders.Add(SectionHeader.FromReader(reader));
}
// Data between section headers and sections.
int extraSectionDataLength = (int)(DosHeader.Offset + OptionalHeader.SizeOfHeaders - reader.Offset);
if (extraSectionDataLength != 0)
{
ExtraSectionData = DataSegment.FromReader(reader, extraSectionDataLength);
}
}
/// <summary>
/// 读取基本信息
/// </summary>
public void ReadInfo(BinaryReader reader)
{
//Seek(reader, 0x3c);
//PEoffset = reader.ReadInt32();
//Seek(reader, PEoffset + 0x34);
//ImageBase = reader.ReadUInt32();
//Seek(reader, PEoffset + 0x28);
//PEEntry = reader.ReadUInt32() + ImageBase;
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
//PEEntry = Entry.GetEntryPoint(Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("EntryOrdinal:0x{0:X}", Entry.GetEntryOrdinal(0));
//KernelWin.WriteLine("PEEntry:0x{0:X}", PEEntry);
DosHeader dosHeader = new DosHeader();
dosHeader.Read(reader);
PEoffset = dosHeader.NewExeHeader;
ImageBase = (UInt32)dosHeader.OptionalHeader.ImageBase;
ExportDirectory export = dosHeader.OptionalHeader.Export;
Int32 address = 0;
if (export != null)
{
Seek(reader, export.AddressOfFunctions);
address = reader.ReadInt32();
}
else
{
address = dosHeader.OptionalHeader.AddressOfEntryPoint;
}
PEEntry = (UInt32)address + ImageBase;
Seek(reader, PEEntry - ImageBase);
long temp = reader.ReadByte();
if (temp == 0x68)
{
temp = PEEntry + 1 - ImageBase;
}
else if (temp == 0x58)
{
temp = PEEntry + 2 - ImageBase;
}
Seek(reader, temp);
Header = reader.ReadUInt32();
//VBSig = IDCFunction.EvalAndReturnLong("Dword(" + VBHeader + ")");
//VBSig = Bytes.Dword(Header);
if (Header - ImageBase > reader.BaseStream.Length)
{
throw new Exception("非VB文件格式!");
}
Seek(reader, Header - ImageBase);
VBSig = reader.ReadUInt32();
if (VBSig != 0x21354256) //VB5
{
throw new Exception(String.Format("错误VB签名:0x{0:X}", VBSig));
}
//temp = IDCFunction.EvalAndReturnLong("Word(" + VBHeader + "+0x22)");
//temp = Bytes.Word((UInt32)Header + 0x22);
Seek(reader, Header + 0x22 - ImageBase);
temp = reader.ReadInt16();
if (temp < 0x0a)
{
throw new Exception("不是VB6程序!");
}
Seek(reader, Header - ImageBase);
VBHeader header = new VBHeader();
header.Info = this;
header.Read(reader);
HeaderInfo = header;
}
protected void ConstructPEImage(FileStream file, bool partialConstruct)
{
this._partialConstruct = partialConstruct;
this._dosHeader = new DosHeader(file);
long size = this._dosHeader.NtHeaderPosition - (this._dosHeader.Address + this._dosHeader.Size);
if (size < 0L)
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
this._dosStub = new DosStub(file, this._dosHeader.Address + this._dosHeader.Size, size);
this._ntSignature = new NtSignature(file, (long) this._dosHeader.NtHeaderPosition);
this._fileHeader = new FileHeader(file, this._ntSignature.Address + this._ntSignature.Size);
this._optionalHeader = new OptionalHeader(file, this._fileHeader.Address + this._fileHeader.Size);
long address = this._optionalHeader.Address + this._optionalHeader.Size;
int num3 = 0;
for (num3 = 0; num3 < this._optionalHeader.NumberOfRvaAndSizes; num3++)
{
DataDirectory directory = new DataDirectory(file, address);
address += directory.Size;
this._dataDirectories.Add(directory);
}
if (this._fileHeader.SizeOfOptionalHeader < (((ulong) this._optionalHeader.Size) + (this._optionalHeader.NumberOfRvaAndSizes * Marshal.SizeOf(typeof(IMAGE_DATA_DIRECTORY)))))
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
bool flag = false;
uint virtualAddress = 0;
if (this._optionalHeader.NumberOfRvaAndSizes > 2)
{
virtualAddress = ((DataDirectory) this._dataDirectories[2]).VirtualAddress;
flag = true;
}
long num5 = this._optionalHeader.Address + this._fileHeader.SizeOfOptionalHeader;
for (num3 = 0; num3 < this._fileHeader.NumberOfSections; num3++)
{
SectionHeader sectionHeader = new SectionHeader(file, num5);
Section section = null;
if (flag && (sectionHeader.VirtualAddress == virtualAddress))
{
section = this._resourceSection = new ResourceSection(file, sectionHeader, partialConstruct);
}
else
{
section = new Section(file, sectionHeader);
}
sectionHeader.Section = section;
this._sectionHeaders.Add(sectionHeader);
this._sections.Add(section);
num5 += sectionHeader.Size;
}
this.ConstructStream();
ArrayList c = new ArrayList();
long num6 = 0L;
foreach (PEComponent component in this._streamComponents)
{
if (component.Address < num6)
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
if (component.Address > num6)
{
PEComponent component2 = new PEComponent(file, num6, component.Address - num6);
c.Add(component2);
}
num6 = component.Address + component.Size;
}
if (num6 < file.Length)
{
PEComponent component3 = new PEComponent(file, num6, file.Length - num6);
c.Add(component3);
}
this._streamComponents.AddRange(c);
this._streamComponents.Sort(new PEComponentComparer());
this._canRead = true;
this._canSeek = true;
this._length = file.Length;
this._position = 0L;
}
protected void ConstructPEImage(FileStream file, bool partialConstruct)
{
this._partialConstruct = partialConstruct;
this._dosHeader = new DosHeader(file);
long size = this._dosHeader.NtHeaderPosition - (this._dosHeader.Address + this._dosHeader.Size);
if (size < 0L)
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
this._dosStub = new DosStub(file, this._dosHeader.Address + this._dosHeader.Size, size);
this._ntSignature = new NtSignature(file, (long)this._dosHeader.NtHeaderPosition);
this._fileHeader = new FileHeader(file, this._ntSignature.Address + this._ntSignature.Size);
this._optionalHeader = new OptionalHeader(file, this._fileHeader.Address + this._fileHeader.Size);
long address = this._optionalHeader.Address + this._optionalHeader.Size;
int num3 = 0;
for (num3 = 0; num3 < this._optionalHeader.NumberOfRvaAndSizes; num3++)
{
DataDirectory directory = new DataDirectory(file, address);
address += directory.Size;
this._dataDirectories.Add(directory);
}
if (this._fileHeader.SizeOfOptionalHeader < (((ulong)this._optionalHeader.Size) + (this._optionalHeader.NumberOfRvaAndSizes * Marshal.SizeOf(typeof(IMAGE_DATA_DIRECTORY)))))
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
bool flag = false;
uint virtualAddress = 0;
if (this._optionalHeader.NumberOfRvaAndSizes > 2)
{
virtualAddress = ((DataDirectory)this._dataDirectories[2]).VirtualAddress;
flag = true;
}
long num5 = this._optionalHeader.Address + this._fileHeader.SizeOfOptionalHeader;
for (num3 = 0; num3 < this._fileHeader.NumberOfSections; num3++)
{
SectionHeader sectionHeader = new SectionHeader(file, num5);
Section section = null;
if (flag && (sectionHeader.VirtualAddress == virtualAddress))
{
section = this._resourceSection = new ResourceSection(file, sectionHeader, partialConstruct);
}
else
{
section = new Section(file, sectionHeader);
}
sectionHeader.Section = section;
this._sectionHeaders.Add(sectionHeader);
this._sections.Add(section);
num5 += sectionHeader.Size;
}
this.ConstructStream();
ArrayList c = new ArrayList();
long num6 = 0L;
foreach (PEComponent component in this._streamComponents)
{
if (component.Address < num6)
{
throw new Win32Exception(11, Resources.GetString("Ex_InvalidPEFormat"));
}
if (component.Address > num6)
{
PEComponent component2 = new PEComponent(file, num6, component.Address - num6);
c.Add(component2);
}
num6 = component.Address + component.Size;
}
if (num6 < file.Length)
{
PEComponent component3 = new PEComponent(file, num6, file.Length - num6);
c.Add(component3);
}
this._streamComponents.AddRange(c);
this._streamComponents.Sort(new PEComponentComparer());
this._canRead = true;
this._canSeek = true;
this._length = file.Length;
this._position = 0L;
}
