// http://msdn.microsoft.com/en-us/library/windows/desktop/ms680341(v=vs.85).aspx
private void ParseImageSectionHeader()
{
var header = FromBinaryReader <IMAGE_SECTION_HEADER>(Reader);
SectionHeaders.Add(header);
LogStructure(header);
Reader.BaseStream.Seek(-4, SeekOrigin.Current); // The f**k? Why is this needed?
}
public ElfFile(MemoryStream stream)
{
//load main file header
ElfHeader = new Elf32Ehdr((Elf32_Ehdr *)stream.Pointer);
//load section headers
var header = (Elf32_Shdr *)(stream.Pointer + ElfHeader.Shoff);
for (int i = 0; i < ElfHeader.Shnum; i++)
{
var x = new Elf32Shdr(&header[i]);
if (x.Type == SectionType.StringTable)
{
_stringTables.Add(x.Offset);
}
SectionHeaders.Add(x);
}
//now we can load names into symbols and process sub data
for (var index = 0; index < SectionHeaders.Count; index++)
{
var sectionHeader = SectionHeaders[index];
sectionHeader.Name = ResolveName(sectionHeader, sectionHeader.NameOffset, stream);
switch (sectionHeader.Type)
{
case SectionType.Relocation:
for (int i = 0; i < sectionHeader.Size / sectionHeader.Entsize; i++)
{
RelocationInformation.Add(new Elf32Rel(
(Elf32_Rel *)(stream.Pointer + sectionHeader.Offset + i * sectionHeader.Entsize))
{
Section = index
});
}
break;
case SectionType.SymbolTable:
for (int i = 0; i < sectionHeader.Size / sectionHeader.Entsize; i++)
{
var x = new Elf32Sym(
(Elf32_Sym *)(stream.Pointer + sectionHeader.Offset + i * sectionHeader.Entsize));
x.Name = ResolveName(sectionHeader, x.NameOffset, stream);
Symbols.Add(x);
}
break;
}
}
}
private bool ReadFromStream(BinaryReader r)
{
DosHeader = ReadDosHeader(r);
if (DosHeader.e_magic != (int)ImageSignatureTypes.IMAGE_DOS_SIGNATURE)
{
r.Close();
return(false);
}
r.BaseStream.Seek((long)DosHeader.e_lfanew, SeekOrigin.Begin);
NTHeader = ReadNTHeader(r);
if (NTHeader.Signature != (int)ImageSignatureTypes.IMAGE_NT_SIGNATURE)
{
r.Close();
return(false);
}
{
uint maxpointer = 0;
uint exesize = 0;
for (int i = 0; i < NTHeader.FileHeader.NumberOfSections; ++i)
{
IMAGE_SECTION_HEADER data = new IMAGE_SECTION_HEADER();
{
data.NameBytes = r.ReadBytes(8);
data.PhysicalAddress = r.ReadUInt32();
data.VirtualAddress = r.ReadUInt32();
data.SizeOfRawData = r.ReadUInt32();
data.PointerToRawData = r.ReadUInt32();
data.PointerToRelocations = r.ReadUInt32();
data.PointerToLinenumbers = r.ReadUInt32();
data.NumberOfRelocations = r.ReadUInt16();
data.NumberOfLinenumbers = r.ReadUInt16();
data.Characteristics = r.ReadUInt32();
}
if (data.PointerToRawData > maxpointer)
{
maxpointer = data.PointerToRawData;
exesize = data.PointerToRawData + data.SizeOfRawData;
}
SectionHeaders.Add(data);
}
this.FileSize = exesize;
}
return(true);
}
public void Parse(BinaryReader reader)
{
DOSHeader = DOSHeader.Parse(reader);
var dosStubSize = (int)(DOSHeader.CoffHeaderOffset - reader.BaseStream.Position);
_dosStubBytes = reader.ReadBytes(dosStubSize);
COFFHeader = COFFHeader.Parse(reader);
PEHeaderOffset = (uint)reader.BaseStream.Position;
PEHeader = PEHeader.Parse(reader);
for (var i = 0; i < COFFHeader.NumberOfSections; i++)
{
SectionHeaders.Add(PESectionHeader.Parse(reader));
}
var fillerSize = (int)(SectionHeaders[0].PointerToRawData - reader.BaseStream.Position);
_filler = reader.ReadBytes(fillerSize);
for (var i = 0; i < COFFHeader.NumberOfSections; i++)
{
var sectionBytes = reader.ReadBytes((int)SectionHeaders[i].SizeOfRawData);
Sections.Add(sectionBytes);
}
var remainingByteCount = (int)(reader.BaseStream.Length - reader.BaseStream.Position);
_remainingBytes = reader.ReadBytes(remainingByteCount);
// file ends here
// Parse Import Directory:
var importDirectoryEntry = PEHeader.DataDirectories[(int)DataDirectoryName.Import];
if (importDirectoryEntry.VirtualAddress > 0)
{
var importDirectoryFileOffset = GetOffsetFromRVA(importDirectoryEntry.VirtualAddress);
reader.BaseStream.Seek(importDirectoryFileOffset, SeekOrigin.Begin);
ImportDirectory = ImportDirectory.Parse(reader);
}
}
