public PEHeader(BinaryReader reader)
{
Start = reader.BaseStream.Position;
// Read Standard fields
_Magic = reader.ReadUInt16();
try
{
this._PEKind = (PEKind)Enum.Parse(typeof(PEKind), this._Magic.ToString(), true);
}
catch (ArgumentException)
{
}
if ((this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC) || (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC))
{
_MajorLinkerVersion = reader.ReadByte();
_MinorLinkerVersion = reader.ReadByte();
_SizeOfCode = reader.ReadUInt32();
_SizeOfInitializedData = reader.ReadUInt32();
_SizeOfUninitializedData = reader.ReadUInt32();
_AddressOfEntryPoint = reader.ReadUInt32();
_BaseOfCode = reader.ReadUInt32();
// Read NT-specific fields
// Many thanks to Sendersu about spotting this out
if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
_BaseOfData = reader.ReadUInt32();
_ImageBase32 = reader.ReadUInt32();
}
else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
{
_ImageBase64 = reader.ReadUInt64();
}
_SectionAlignment = reader.ReadUInt32();
_FileAlignment = reader.ReadUInt32();
_OsMajor = reader.ReadUInt16();
_OsMinor = reader.ReadUInt16();
_UserMajor = reader.ReadUInt16();
_UserMinor = reader.ReadUInt16();
_SubSysMajor = reader.ReadUInt16();
_SubSysMinor = reader.ReadUInt16();
_Reserved = reader.ReadUInt32();
_ImageSize = reader.ReadUInt32();
_HeaderSize = reader.ReadUInt32();
_FileChecksum = reader.ReadUInt32();
_SubSystem = reader.ReadUInt16();
_DllFlags = reader.ReadUInt16();
if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
_StackReserveSize32 = reader.ReadUInt32();
_StackCommitSize32 = reader.ReadUInt32();
_HeapReserveSize32 = reader.ReadUInt32();
_HeapCommitSize32 = reader.ReadUInt32();
}
else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
{
_StackReserveSize64 = reader.ReadUInt64();
_StackCommitSize64 = reader.ReadUInt64();
_HeapReserveSize64 = reader.ReadUInt64();
_HeapCommitSize64 = reader.ReadUInt64();
}
_LoaderFlags = reader.ReadUInt32();
_NumberOfDataDirectories = reader.ReadUInt32();
if (NumberOfDataDirectories < 16)
{
throw new ModException("PEHeader: Invalid number of data directories in file header.");
}
_DataDirs = new DataDir[NumberOfDataDirectories];
string[] PEDirNames = new[]
{
"Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table",
"Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import",
"IAT", "Delay Import Descriptor", "CLI Header", "Reserved"
};
for (int i = 0; i < NumberOfDataDirectories; ++i)
{
_DataDirs[i] = new DataDir(reader, (i < 16) ? PEDirNames[i] : "Unknown");
}
Length = reader.BaseStream.Position - Start;
}
else
{
throw new ModException("PEHeader: Loaded module is not a recognized PE / PE+ file");
}
}
public PEHeader(BinaryReader reader)
{
Start = reader.BaseStream.Position;
// Read Standard fields
_Magic = reader.ReadUInt16();
try
{
this._PEKind = (PEKind) Enum.Parse(typeof (PEKind), this._Magic.ToString(), true);
}
catch (ArgumentException)
{
}
if ((this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC) || (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC))
{
_MajorLinkerVersion = reader.ReadByte();
_MinorLinkerVersion = reader.ReadByte();
_SizeOfCode = reader.ReadUInt32();
_SizeOfInitializedData = reader.ReadUInt32();
_SizeOfUninitializedData = reader.ReadUInt32();
_AddressOfEntryPoint = reader.ReadUInt32();
_BaseOfCode = reader.ReadUInt32();
// Read NT-specific fields
// Many thanks to Sendersu about spotting this out
if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
_BaseOfData = reader.ReadUInt32();
_ImageBase32 = reader.ReadUInt32();
}
else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
{
_ImageBase64 = reader.ReadUInt64();
}
_SectionAlignment = reader.ReadUInt32();
_FileAlignment = reader.ReadUInt32();
_OsMajor = reader.ReadUInt16();
_OsMinor = reader.ReadUInt16();
_UserMajor = reader.ReadUInt16();
_UserMinor = reader.ReadUInt16();
_SubSysMajor = reader.ReadUInt16();
_SubSysMinor = reader.ReadUInt16();
_Reserved = reader.ReadUInt32();
_ImageSize = reader.ReadUInt32();
_HeaderSize = reader.ReadUInt32();
_FileChecksum = reader.ReadUInt32();
_SubSystem = reader.ReadUInt16();
_DllFlags = reader.ReadUInt16();
if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
_StackReserveSize32 = reader.ReadUInt32();
_StackCommitSize32 = reader.ReadUInt32();
_HeapReserveSize32 = reader.ReadUInt32();
_HeapCommitSize32 = reader.ReadUInt32();
}
else if (this._PEKind == PEKind.IMAGE_NT_OPTIONAL_HDR64_MAGIC)
{
_StackReserveSize64 = reader.ReadUInt64();
_StackCommitSize64 = reader.ReadUInt64();
_HeapReserveSize64 = reader.ReadUInt64();
_HeapCommitSize64 = reader.ReadUInt64();
}
_LoaderFlags = reader.ReadUInt32();
_NumberOfDataDirectories = reader.ReadUInt32();
if (NumberOfDataDirectories < 16)
{
throw new ModException("PEHeader: Invalid number of data directories in file header.");
}
_DataDirs = new DataDir[NumberOfDataDirectories];
string[] PEDirNames = new[]
{
"Export Table", "Import Table", "Resource Table", "Exception Table", "Certificate Table",
"Base Relocation Table", "Debug", "Copyright", "Global Ptr", "TLS Table", "Load Config Table", "Bound Import",
"IAT", "Delay Import Descriptor", "CLI Header", "Reserved"
};
for (int i = 0; i < NumberOfDataDirectories; ++i)
{
_DataDirs[i] = new DataDir(reader, (i < 16) ? PEDirNames[i] : "Unknown");
}
Length = reader.BaseStream.Position - Start;
}
else
{
throw new ModException("PEHeader: Loaded module is not a recognized PE / PE+ file");
}
}
