private static PEInfomation vLoad(PEInfomation info, IntPtr baseAddress)
{
IntPtr handle = info.GetProcessHandle();
if (handle == IntPtr.Zero)
{
throw new ArgumentException("Invalid process", "ProcessID");
}
info.DosHeader = StructFromMemory <IMAGE_DOS_HEADER>(handle, baseAddress);
IntPtr imageBase = new IntPtr(info.DosHeader.e_lfanew + (uint)baseAddress);
info.FileHeader = StructFromMemory <IMAGE_FILE_HEADER>(handle, imageBase);
info.OptionalHeader32 = StructFromMemory <IMAGE_OPTIONAL_HEADER32>(handle, imageBase + Marshal.SizeOf(info.FileHeader));
info.DataDirectories = StructFromMemory <IMAGE_DATA_DIRECTORIES>(handle, imageBase + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32));
info.Sections = new IMAGE_SECTION_HEADER[info.FileHeader.NumberOfSections];
IntPtr sectionsBase = imageBase + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32) + Marshal.SizeOf(info.DataDirectories);
int sizeOfSection = Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER));
for (int i = 0; i < info.Sections.Length; i++)
{
IntPtr sectionLocation = sectionsBase + (sizeOfSection * i);
info.Sections[i] = StructFromMemory <IMAGE_SECTION_HEADER>(handle, sectionLocation);
}
if (info.IsNet)
{
//is .net
info.NetStructures.COR20Header = StructFromMemory <COR20_HEADER>(handle, new IntPtr((uint)baseAddress + info.DataDirectories.CLRRuntimeHeaderRva));
byte[] data = new byte[info.NetStructures.COR20Header.MetaDataSize];
NativeMethods.ReadProcessMemory(handle, new IntPtr((uint)baseAddress + info.NetStructures.COR20Header.MetaDataRva), data, data.Length, 0);
LoadNetMetaData(info, data);
}
info.CloseProcessHandle();
info.WriteOverview();
return(info);
}
public static PEInfomation Load(byte[] data, string path)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
PEInfomation info = new PEInfomation(data, path);
info.DosHeader = StructFromBytes <IMAGE_DOS_HEADER>(data, 0);
info.FileHeader = StructFromBytes <IMAGE_FILE_HEADER>(data, Convert.ToInt32(info.DosHeader.e_lfanew));
info.OptionalHeader32 = StructFromBytes <IMAGE_OPTIONAL_HEADER32>(data, Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader));
info.DataDirectories = StructFromBytes <IMAGE_DATA_DIRECTORIES>(data, Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32));
info.Sections = new IMAGE_SECTION_HEADER[info.FileHeader.NumberOfSections];
int sectionsBase = Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32) + Marshal.SizeOf(info.DataDirectories);
int sizeOfSection = Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER));
for (int i = 0; i < info.Sections.Length; i++)
{
int sectionLocation = sectionsBase + (sizeOfSection * i);
info.Sections[i] = StructFromBytes <IMAGE_SECTION_HEADER>(data, sectionLocation);
}
if (info.IsNet)
{
//is .net
info.NetStructures.NetOffsets.COR20RawAddress = Convert.ToInt32(info.DataDirectories.CLRRuntimeHeaderRva - info.Sections[0].VirtualAddress + info.Sections[0].PointerToRawData);
info.NetStructures.COR20Header = StructFromBytes <COR20_HEADER>(data, info.NetStructures.NetOffsets.COR20RawAddress);
info.NetStructures.NetOffsets.MetaDataRawAddress = Convert.ToInt32(info.NetStructures.COR20Header.MetaDataRva - info.Sections[0].VirtualAddress + info.Sections[0].PointerToRawData);
LoadNetMetaData(info, data);
}
info.WriteOverview();
return(info);
}