static void ReadSectionHeader(BinaryStreamReader reader, SectionHeader section)
{
section.Name = reader.ReadFixedZeroFilledAsciiString(SectionHeader.MaximumNameSize);
section.VirtualSize = reader.ReadUInt32();
section.VirtualAddress = reader.ReadUInt32();
section.SizeOfRawData = reader.ReadUInt32();
section.PointerToRawData = reader.ReadUInt32();
section.PointerToRelocations = reader.ReadUInt32();
section.PointerToLinenumbers = reader.ReadUInt32();
section.NumberOfRelocations = reader.ReadUInt16();
section.NumberOfLinenumbers = reader.ReadUInt16();
section.Characteristics = (SectionCharacteristics)reader.ReadUInt32();
}
public void ReadUInt16_32223()
{
var reader = new BinaryStreamReader(new MemoryStream(BitConverter.GetBytes((ushort)32223)), new byte[20]);
ushort value = reader.ReadUInt16();
Assert.AreEqual((ushort)32223, value);
}
void Read(BinaryStreamReader reader, long baseOffset)
{
this.Characteristics = reader.ReadUInt32();
uint timestampNum = reader.ReadUInt32();
this.Timestamp = PEFile.TimestampEpochUTC.AddSeconds(timestampNum);
this.MajorVersion = reader.ReadUInt16();
this.MinorVersion = reader.ReadUInt16();
ushort nameEntryCount = reader.ReadUInt16();
ushort idEntryCount = reader.ReadUInt16();
List<DirectoryEntry> subdirectories = null;
List<DataEntry> dataEntries = null;
for (int i = 0; i < nameEntryCount + idEntryCount; i++)
{
uint idOrNameRva = reader.ReadUInt32();
uint contentRva = reader.ReadUInt32();
string name;
uint id;
const uint HighBit = 1U << 31;
if ((idOrNameRva & HighBit)==0)
{
id = idOrNameRva;
name = null;
}
else
{
id = 0;
long savePosition = reader.Position;
uint namePositon = idOrNameRva & ~HighBit;
reader.Position = baseOffset + namePositon;
name = ReadName(reader);
reader.Position = savePosition;
}
if ((contentRva & HighBit) == 0) // high bit is set
{
var dataEntry = new DataEntry
{
Name = name,
IntegerID = id
};
long savePosition = reader.Position;
reader.Position = baseOffset + contentRva;
ReadResourceDataEntry(reader, dataEntry);
if (dataEntries == null)
dataEntries = new List<DataEntry>();
dataEntries.Add(dataEntry);
reader.Position = savePosition;
}
else
{
contentRva = contentRva & ~HighBit; // clear hight bit
long savePosition = reader.Position;
reader.Position = baseOffset + contentRva;
var directoryEntry = new DirectoryEntry
{
Name = name,
IntegerID = id
};
directoryEntry.Directory = new ResourceDirectory();
directoryEntry.Directory.Read(reader, baseOffset);
if (subdirectories == null)
subdirectories = new List<DirectoryEntry>();
subdirectories.Add(directoryEntry);
reader.Position = savePosition;
}
}
this.Subdirectories = subdirectories == null ? EmptyDirectoryEntries : subdirectories.ToArray();
this.DataEntries = dataEntries == null ? EmptyDataEntries : dataEntries.ToArray();
}
private string ReadName(BinaryStreamReader reader)
{
ushort length = reader.ReadUInt16();
byte[] buf = new byte[length * 2]; // two-byte Unicode characters
reader.ReadBytes(buf, 0, buf.Length);
string result = Encoding.Unicode.GetString(buf, 0, buf.Length);
return result;
}
public static Import[] ReadImports(BinaryStreamReader reader)
{
var resultList = new List<Import>();
while(true)
{
uint originalFirstThunk = reader.ReadUInt32();
uint timeDateStamp = reader.ReadUInt32();
uint forwarderChain = reader.ReadUInt32();
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
string libraryName =
nameRva == 0 ? null : ReadAsciiZAt(reader, nameRva);
uint thunkAddressPosition = originalFirstThunk == 0 ? firstThunk : originalFirstThunk;
if (thunkAddressPosition == 0)
break;
long savePosition = reader.Position;
try
{
while (true)
{
reader.Position = thunkAddressPosition;
uint importPosition = reader.ReadUInt32();
if (importPosition == 0)
break;
Import imp;
if ((importPosition & (1 << 31)) != 0)
{
imp = new Import
{
DllName = libraryName,
FunctionOrdinal = importPosition
};
}
else
{
reader.Position = (int)importPosition;
uint hint = reader.ReadUInt16();
string fname = ReadAsciiZ(reader);
imp = new Import
{
DllName = libraryName,
FunctionOrdinal = hint,
FunctionName = fname
};
}
resultList.Add(imp);
thunkAddressPosition += 8;
}
}
finally
{
reader.Position = savePosition;
}
}
return resultList.ToArray();
}
void ReadOptionalHeader(BinaryStreamReader reader)
{
if (this.OptionalHeader == null)
this.OptionalHeader = new OptionalHeader();
var peMagic = (PEMagic)reader.ReadInt16();
if (peMagic != PEMagic.NT32
&& peMagic != PEMagic.NT64)
throw new BadImageFormatException("Unsupported PE magic value " + peMagic + ".");
this.OptionalHeader.PEMagic = peMagic;
this.OptionalHeader.MajorLinkerVersion = reader.ReadByte();
this.OptionalHeader.MinorLinkerVersion = reader.ReadByte();
this.OptionalHeader.SizeOfCode = reader.ReadUInt32();
this.OptionalHeader.SizeOfInitializedData = reader.ReadUInt32();
this.OptionalHeader.SizeOfUninitializedData = reader.ReadUInt32();
this.OptionalHeader.AddressOfEntryPoint = reader.ReadUInt32();
this.OptionalHeader.BaseOfCode = reader.ReadUInt32();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.BaseOfData = reader.ReadUInt32();
this.OptionalHeader.ImageBase = reader.ReadUInt32();
}
else
{
this.OptionalHeader.ImageBase = reader.ReadUInt64();
}
this.OptionalHeader.SectionAlignment = reader.ReadUInt32();
this.OptionalHeader.FileAlignment = reader.ReadUInt32();
this.OptionalHeader.MajorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MajorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MinorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MajorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.Win32VersionValue = reader.ReadUInt32();
this.OptionalHeader.SizeOfImage = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeaders = reader.ReadUInt32();
this.OptionalHeader.CheckSum = reader.ReadUInt32();
this.OptionalHeader.Subsystem = (Subsystem)reader.ReadUInt16();
this.OptionalHeader.DllCharacteristics = (DllCharacteristics)reader.ReadUInt16();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt32();
}
else
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt64();
}
this.OptionalHeader.LoaderFlags = reader.ReadUInt32();
this.OptionalHeader.NumberOfRvaAndSizes = reader.ReadUInt32();
if (this.OptionalHeader.DataDirectories == null
|| this.OptionalHeader.DataDirectories.Length != this.OptionalHeader.NumberOfRvaAndSizes)
this.OptionalHeader.DataDirectories = new DataDirectory[this.OptionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < this.OptionalHeader.DataDirectories.Length; i++)
{
var dd = new DataDirectory();
dd.Read(reader);
this.OptionalHeader.DataDirectories[i] = dd;
}
}
void ReadDosHeader(BinaryStreamReader reader)
{
if (this.DosHeader == null)
this.DosHeader = new DosHeader();
var signature = (MZSignature)reader.ReadInt16();
if (signature != MZSignature.MZ)
throw new BadImageFormatException("MZ signature expected, " + ((ushort)signature).ToString("X4") + "h found.");
this.DosHeader.cblp = reader.ReadUInt16();
this.DosHeader.cp = reader.ReadUInt16();
this.DosHeader.crlc = reader.ReadUInt16();
this.DosHeader.cparhdr = reader.ReadUInt16();
this.DosHeader.minalloc = reader.ReadUInt16();
this.DosHeader.maxalloc = reader.ReadUInt16();
this.DosHeader.ss = reader.ReadUInt16();
this.DosHeader.sp = reader.ReadUInt16();
this.DosHeader.csum = reader.ReadUInt16();
this.DosHeader.ip = reader.ReadUInt16();
this.DosHeader.cs = reader.ReadUInt16();
this.DosHeader.lfarlc = reader.ReadUInt16();
this.DosHeader.ovno = reader.ReadUInt16();
this.DosHeader.res1 = reader.ReadUInt64();
this.DosHeader.oemid = reader.ReadUInt16();
this.DosHeader.oeminfo = reader.ReadUInt16();
this.DosHeader.ReservedNumber0 = reader.ReadUInt32();
this.DosHeader.ReservedNumber1 = reader.ReadUInt32();
this.DosHeader.ReservedNumber2 = reader.ReadUInt32();
this.DosHeader.ReservedNumber3 = reader.ReadUInt32();
this.DosHeader.ReservedNumber4 = reader.ReadUInt32();
this.DosHeader.lfanew = reader.ReadUInt32();
if (this.DosHeader.lfanew > DosHeader.Size)
{
this.DosStub = new byte[this.DosHeader.lfanew - DosHeader.Size];
reader.ReadBytes(this.DosStub, 0, this.DosStub.Length);
}
}
void ReadPEHeader(BinaryStreamReader reader)
{
if (this.PEHeader == null)
this.PEHeader = new PEHeader();
var peSignature = (PESignature)reader.ReadUInt32();
if (peSignature != PESignature.PE00)
throw new BadImageFormatException("PE00 signature expected, " + ((ushort)peSignature).ToString("X8") + "h found.");
this.PEHeader.Machine = (Machine)reader.ReadInt16();
this.PEHeader.NumberOfSections = reader.ReadUInt16();
uint timestampNum = reader.ReadUInt32();
this.PEHeader.Timestamp = TimestampEpochUTC.AddSeconds(timestampNum);
this.PEHeader.PointerToSymbolTable = reader.ReadUInt32();
this.PEHeader.NumberOfSymbols = reader.ReadUInt32();
this.PEHeader.SizeOfOptionalHeader = reader.ReadUInt16();
this.PEHeader.Characteristics = (ImageCharacteristics)reader.ReadInt16();
}
public void ReadUInt16_32223()
{
var reader = new BinaryStreamReader(new MemoryStream(BitConverter.GetBytes((ushort)32223)), new byte[20]);
ushort value = reader.ReadUInt16();
Assert.AreEqual((ushort)32223, value);
}