private UInt16 Architecture; // 0x20b is 64bit;
public IMAGE_IMPORT_DESCRIPTOR(byte[] buff, PEFileInfo fileInfo)
{
Architecture = fileInfo.Architecture;
Sinature = (0xffffffff & buff[0]) +
((0xffffffff & buff[1]) << 8) +
((0xffffffff & buff[2]) << 16) +
((0xffffffff & buff[3]) << 24);
FileHeader = new IMAGE_FILE_HEADER(buff, 4);
if (Architecture != 0x20B)
{
IMAGE_OPTIONAL_HEADER op = new IMAGE_OPTIONAL_HEADER(buff, 24);
fileInfo.ImageBase = op.ImageBase;
OptionalHeader = op;
}
else
{
IMAGE_OPTIONAL_HEADER_X64 op = new IMAGE_OPTIONAL_HEADER_X64(buff, 24);
fileInfo.ImageBase = op.ImageBase;
OptionalHeader = op;
}
}
public void DrawSummary()
{
string temp = " PE File Summary\r\n\r\n";
temp += " File Path: " + PEFile.FileName + "\r\n";
temp += " File format: " + PEFile.FileExtenstion + "\r\n";
temp += " File Size: " + PEFile.FileSize.ToString() + " bytes\r\n";
IMAGE_DATA_DIRECTORY[] iddir = null;
if (PEFile.Architecture == 0x020b)
{
temp += " File Architecture: x64\r\n";
IMAGE_OPTIONAL_HEADER_X64 oph = (IMAGE_OPTIONAL_HEADER_X64)PEFile.ImageImportDescriptor.OptionalHeader;
temp += " Image Base Address: 0x" + oph.ImageBase.ToString("x8") + "\r\n";
temp += " Linker Major Version: " + oph.MajorLinkerVersion.ToString() + "\r\n";
temp += " Linker Minor Version: " + oph.MinorLinkerVersion.ToString() + "\r\n";
temp += " Image Major Version: " + oph.MajorImageVersion.ToString() + "\r\n";
temp += " Image Mimor Version: " + oph.MinorImageVersion.ToString() + "\r\n";
iddir = oph.DataDirectory;
}
else
{
temp += " File Archietecture: x86\r\n";
IMAGE_OPTIONAL_HEADER oph = (IMAGE_OPTIONAL_HEADER)PEFile.ImageImportDescriptor.OptionalHeader;
temp += " Image Base Address: 0x" + oph.ImageBase.ToString("x8") + "\r\n";
temp += " Linker Major Version: " + oph.MajorLinkerVersion.ToString() + "\r\n";
temp += " Linker Minor Version: " + oph.MinorLinkerVersion.ToString() + "\r\n";
temp += " Image Major Version: " + oph.MajorImageVersion.ToString() + "\r\n";
temp += " Image Mimor Version: " + oph.MinorImageVersion.ToString() + "\r\n";
iddir = oph.DataDirectory;
}
temp += " Number of Sections: " + PEFile.ImageImportDescriptor.FileHeader.NumberOfSections + "\r\n";
temp += " Section Details: \r\n";
for (int i = 0; i < PEFile.Sections.Length; i++)
{
temp += " " + PEFile.ImageSectionHeaders[i].GetName() + " Section: Size " + PEFile.ImageSectionHeaders[i].SizeOfRawData + " bytes, File Offset 0x" + PEFile.ImageSectionHeaders[i].PointerToRawData.ToString("x8") + "\r\n";
}
int usedDataDirectory = 0;
for (int i = 0; i < iddir.Length; i++)
{
if (iddir[i].VirtualAddress != 0)
{
usedDataDirectory += 1;
}
}
temp += " Used Data Directories: " + usedDataDirectory + "\r\n";
temp += " Data Directory Details: \r\n";
for (int i = 0; i < iddir.Length; i++)
{
if (iddir[i].VirtualAddress == 0)
{
temp += " " + ((DataDirectoryUsage)i).ToString() + ": Not Used.\r\n";
}
else
{
temp += " " + ((DataDirectoryUsage)i).ToString() + ": Size " + iddir[i].Size.ToString() + " bytes, Addess 0x" + iddir[i].VirtualAddress.ToString("x8") + "\r\n";
}
}
temp += "\r\n";
temp += "Press Ctrl + E to export the details. \r\n";
TxtSummary.Text = temp;
}