public ImageSectionHeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner)
{
this.nameVM = new StringHexField(doc, Name, "Name", startOffset + 0, Encoding.UTF8, 8);
this.virtualSizeVM = new UInt32HexField(doc, Name, "VirtualSize", startOffset + 8);
this.virtualAddressVM = new UInt32HexField(doc, Name, "VirtualAddress", startOffset + 0x0C);
this.sizeOfRawDataVM = new UInt32HexField(doc, Name, "SizeOfRawData", startOffset + 0x10);
this.pointerToRawDataVM = new UInt32HexField(doc, Name, "PointerToRawData", startOffset + 0x14);
this.pointerToRelocationsVM = new UInt32HexField(doc, Name, "PointerToRelocations", startOffset + 0x18);
this.pointerToLinenumbersVM = new UInt32HexField(doc, Name, "PointerToLinenumbers", startOffset + 0x1C);
this.numberOfRelocationsVM = new UInt16HexField(doc, Name, "NumberOfRelocations", startOffset + 0x20);
this.numberOfLinenumbersVM = new UInt16HexField(doc, Name, "NumberOfLinenumbers", startOffset + 0x22);
this.characteristicsVM = new UInt32FlagsHexField(doc, Name, "Characteristics", startOffset + 0x24);
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_DSECT", 0));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_NOLOAD", 1));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_GROUP", 2));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_NO_PAD", 3));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_COPY", 4));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_CODE", 5));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_INITIALIZED_DATA", 6));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_UNINITIALIZED_DATA", 7));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_OTHER", 8));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_INFO", 9));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_OVER", 10));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_REMOVE", 11));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_COMDAT", 12));
this.characteristicsVM.Add(new BooleanHexBitField("RESERVED", 13));
this.characteristicsVM.Add(new BooleanHexBitField("NO_DEFER_SPEC_EXC", 14));
this.characteristicsVM.Add(new BooleanHexBitField("GPREL", 15));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_SYSHEAP", 16));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_PURGEABLE", 17));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_LOCKED", 18));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_PRELOAD", 19));
this.characteristicsVM.Add(new IntegerHexBitField("Alignment", 20, 4, AlignInfos));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_NRELOC_OVFL", 24));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_DISCARDABLE", 25));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_NOT_CACHED", 26));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_NOT_PAGED", 27));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_SHARED", 28));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_EXECUTE", 29));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_READ", 30));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_WRITE", 31));
this.hexFields = new HexField[] {
this.nameVM,
this.virtualSizeVM,
this.virtualAddressVM,
this.sizeOfRawDataVM,
this.pointerToRawDataVM,
this.pointerToRelocationsVM,
this.pointerToLinenumbersVM,
this.numberOfRelocationsVM,
this.numberOfLinenumbersVM,
this.characteristicsVM,
};
}
public ImageSectionHeaderVM(HexDocument doc, ulong startOffset)
{
this.nameVM = new StringHexField(doc, Name, "Name", startOffset + 0, Encoding.UTF8, 8);
this.virtualSizeVM = new UInt32HexField(doc, Name, "VirtualSize", startOffset + 8);
this.virtualAddressVM = new UInt32HexField(doc, Name, "VirtualAddress", startOffset + 0x0C);
this.sizeOfRawDataVM = new UInt32HexField(doc, Name, "SizeOfRawData", startOffset + 0x10);
this.pointerToRawDataVM = new UInt32HexField(doc, Name, "PointerToRawData", startOffset + 0x14);
this.pointerToRelocationsVM = new UInt32HexField(doc, Name, "PointerToRelocations", startOffset + 0x18);
this.pointerToLinenumbersVM = new UInt32HexField(doc, Name, "PointerToLinenumbers", startOffset + 0x1C);
this.numberOfRelocationsVM = new UInt16HexField(doc, Name, "NumberOfRelocations", startOffset + 0x20);
this.numberOfLinenumbersVM = new UInt16HexField(doc, Name, "NumberOfLinenumbers", startOffset + 0x22);
this.characteristicsVM = new UInt32FlagsHexField(doc, Name, "Characteristics", startOffset + 0x24);
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_DSECT", 0));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_NOLOAD", 1));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_GROUP", 2));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_NO_PAD", 3));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_COPY", 4));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_CODE", 5));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_INITIALIZED_DATA", 6));
this.characteristicsVM.Add(new BooleanHexBitField("CNT_UNINITIALIZED_DATA", 7));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_OTHER", 8));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_INFO", 9));
this.characteristicsVM.Add(new BooleanHexBitField("TYPE_OVER", 10));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_REMOVE", 11));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_COMDAT", 12));
this.characteristicsVM.Add(new BooleanHexBitField("RESERVED", 13));
this.characteristicsVM.Add(new BooleanHexBitField("NO_DEFER_SPEC_EXC", 14));
this.characteristicsVM.Add(new BooleanHexBitField("GPREL", 15));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_SYSHEAP", 16));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_PURGEABLE", 17));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_LOCKED", 18));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_PRELOAD", 19));
this.characteristicsVM.Add(new IntegerHexBitField("Alignment", 20, 4, AlignInfos));
this.characteristicsVM.Add(new BooleanHexBitField("LNK_NRELOC_OVFL", 24));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_DISCARDABLE", 25));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_NOT_CACHED", 26));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_NOT_PAGED", 27));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_SHARED", 28));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_EXECUTE", 29));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_READ", 30));
this.characteristicsVM.Add(new BooleanHexBitField("MEM_WRITE", 31));
this.hexFields = new HexField[] {
this.nameVM,
this.virtualSizeVM,
this.virtualAddressVM,
this.sizeOfRawDataVM,
this.pointerToRawDataVM,
this.pointerToRelocationsVM,
this.pointerToLinenumbersVM,
this.numberOfRelocationsVM,
this.numberOfLinenumbersVM,
this.characteristicsVM,
};
}
public StorageHeaderVM(HexDocument doc, ulong startOffset)
{
this.fFlagsVM = new ByteFlagsHexField(doc, Name, "fFlags", startOffset + 0);
this.fFlagsVM.Add(new BooleanHexBitField("ExtraData", 0));
this.padVM = new ByteHexField(doc, Name, "pad", startOffset + 1);
this.iStreamsVM = new UInt16HexField(doc, Name, "iStreams", startOffset + 2);
this.hexFields = new HexField[] {
fFlagsVM,
padVM,
iStreamsVM,
};
}
public StorageHeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner) {
this.fFlagsVM = new ByteFlagsHexField(doc, Name, "fFlags", startOffset + 0);
this.fFlagsVM.Add(new BooleanHexBitField("ExtraData", 0));
this.padVM = new ByteHexField(doc, Name, "pad", startOffset + 1);
this.iStreamsVM = new UInt16HexField(doc, Name, "iStreams", startOffset + 2);
this.hexFields = new HexField[] {
fFlagsVM,
padVM,
iStreamsVM,
};
}
public ImageCor20HeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner)
{
this.cbVM = new UInt32HexField(doc, Name, "cb", startOffset + 0);
this.majorRuntimeVersionVM = new UInt16HexField(doc, Name, "MajorRuntimeVersion", startOffset + 4, true);
this.minorRuntimeVersionVM = new UInt16HexField(doc, Name, "MinorRuntimeVersion", startOffset + 6, true);
this.metaDataVM = new DataDirVM(doc, Name, "MetaData", startOffset + 8);
this.flagsVM = new UInt32FlagsHexField(doc, Name, "Flags", startOffset + 0x10);
this.flagsVM.Add(new BooleanHexBitField("IL Only", 0));
this.flagsVM.Add(new BooleanHexBitField("32-Bit Required", 1));
this.flagsVM.Add(new BooleanHexBitField("IL Library", 2));
this.flagsVM.Add(new BooleanHexBitField("Strong Name Signed", 3));
this.flagsVM.Add(new BooleanHexBitField("Native EntryPoint", 4));
this.flagsVM.Add(new BooleanHexBitField("Track Debug Data", 16));
this.flagsVM.Add(new BooleanHexBitField("32-Bit Preferred", 17));
this.entryPointTokenRVAVM = new UInt32HexField(doc, Name, "EntryPoint Token/RVA", startOffset + 0x14);
this.resourcesVM = new DataDirVM(doc, Name, "Resources", startOffset + 0x18);
this.strongNameSignatureVM = new DataDirVM(doc, Name, "StrongNameSignature", startOffset + 0x20);
this.codeManagerTableVM = new DataDirVM(doc, Name, "CodeManagerTable", startOffset + 0x28);
this.vtableFixupsVM = new DataDirVM(doc, Name, "VTableFixups", startOffset + 0x30);
this.exportAddressTableJumpsVM = new DataDirVM(doc, Name, "ExportAddressTableJumps", startOffset + 0x38);
this.managedNativeHeaderVM = new DataDirVM(doc, Name, "ManagedNativeHeader", startOffset + 0x40);
this.hexFields = new HexField[] {
cbVM,
majorRuntimeVersionVM,
minorRuntimeVersionVM,
metaDataVM.RVAVM,
metaDataVM.SizeVM,
flagsVM,
entryPointTokenRVAVM,
resourcesVM.RVAVM,
resourcesVM.SizeVM,
strongNameSignatureVM.RVAVM,
strongNameSignatureVM.SizeVM,
codeManagerTableVM.RVAVM,
codeManagerTableVM.SizeVM,
vtableFixupsVM.RVAVM,
vtableFixupsVM.SizeVM,
exportAddressTableJumpsVM.RVAVM,
exportAddressTableJumpsVM.SizeVM,
managedNativeHeaderVM.RVAVM,
managedNativeHeaderVM.SizeVM,
};
}
public StorageSignatureVM(object owner, HexDocument doc, ulong startOffset, int stringLen)
: base(owner) {
this.lSignatureVM = new UInt32HexField(doc, Name, "lSignature", startOffset + 0);
this.iMajorVerVM = new UInt16HexField(doc, Name, "iMajorVer", startOffset + 4, true);
this.iMinorVerVM = new UInt16HexField(doc, Name, "iMinorVer", startOffset + 6, true);
this.iExtraDataVM = new UInt32HexField(doc, Name, "iExtraData", startOffset + 8);
this.iVersionStringVM = new UInt32HexField(doc, Name, "iVersionString", startOffset + 0x0C);
this.versionStringVM = new StringHexField(doc, Name, "VersionString", startOffset + 0x10, Encoding.UTF8, stringLen);
this.hexFields = new HexField[] {
lSignatureVM,
iMajorVerVM,
iMinorVerVM,
iExtraDataVM,
iVersionStringVM,
versionStringVM,
};
}
public StorageSignatureVM(HexDocument doc, ulong startOffset, int stringLen)
{
this.lSignatureVM = new UInt32HexField(doc, Name, "lSignature", startOffset + 0);
this.iMajorVerVM = new UInt16HexField(doc, Name, "iMajorVer", startOffset + 4, true);
this.iMinorVerVM = new UInt16HexField(doc, Name, "iMinorVer", startOffset + 6, true);
this.iExtraDataVM = new UInt32HexField(doc, Name, "iExtraData", startOffset + 8);
this.iVersionStringVM = new UInt32HexField(doc, Name, "iVersionString", startOffset + 0x0C);
this.versionStringVM = new StringHexField(doc, Name, "VersionString", startOffset + 0x10, Encoding.UTF8, stringLen);
this.hexFields = new HexField[] {
lSignatureVM,
iMajorVerVM,
iMinorVerVM,
iExtraDataVM,
iVersionStringVM,
versionStringVM,
};
}
public ImageCor20HeaderVM(HexDocument doc, ulong startOffset)
{
this.cbVM = new UInt32HexField(doc, Name, "cb", startOffset + 0);
this.majorRuntimeVersionVM = new UInt16HexField(doc, Name, "MajorRuntimeVersion", startOffset + 4, true);
this.minorRuntimeVersionVM = new UInt16HexField(doc, Name, "MinorRuntimeVersion", startOffset + 6, true);
this.metaDataVM = new DataDirVM(doc, Name, "MetaData", startOffset + 8);
this.flagsVM = new UInt32FlagsHexField(doc, Name, "Flags", startOffset + 0x10);
this.flagsVM.Add(new BooleanHexBitField("IL Only", 0));
this.flagsVM.Add(new BooleanHexBitField("32-Bit Required", 1));
this.flagsVM.Add(new BooleanHexBitField("IL Library", 2));
this.flagsVM.Add(new BooleanHexBitField("Strong Name Signed", 3));
this.flagsVM.Add(new BooleanHexBitField("Native EntryPoint", 4));
this.flagsVM.Add(new BooleanHexBitField("Track Debug Data", 16));
this.flagsVM.Add(new BooleanHexBitField("32-Bit Preferred", 17));
this.entryPointTokenRVAVM = new UInt32HexField(doc, Name, "EntryPoint Token/RVA", startOffset + 0x14);
this.resourcesVM = new DataDirVM(doc, Name, "Resources", startOffset + 0x18);
this.strongNameSignatureVM = new DataDirVM(doc, Name, "StrongNameSignature", startOffset + 0x20);
this.codeManagerTableVM = new DataDirVM(doc, Name, "CodeManagerTable", startOffset + 0x28);
this.vtableFixupsVM = new DataDirVM(doc, Name, "VTableFixups", startOffset + 0x30);
this.exportAddressTableJumpsVM = new DataDirVM(doc, Name, "ExportAddressTableJumps", startOffset + 0x38);
this.managedNativeHeaderVM = new DataDirVM(doc, Name, "ManagedNativeHeader", startOffset + 0x40);
this.hexFields = new HexField[] {
cbVM,
majorRuntimeVersionVM,
minorRuntimeVersionVM,
metaDataVM.RVAVM,
metaDataVM.SizeVM,
flagsVM,
entryPointTokenRVAVM,
resourcesVM.RVAVM,
resourcesVM.SizeVM,
strongNameSignatureVM.RVAVM,
strongNameSignatureVM.SizeVM,
codeManagerTableVM.RVAVM,
codeManagerTableVM.SizeVM,
vtableFixupsVM.RVAVM,
vtableFixupsVM.SizeVM,
exportAddressTableJumpsVM.RVAVM,
exportAddressTableJumpsVM.SizeVM,
managedNativeHeaderVM.RVAVM,
managedNativeHeaderVM.SizeVM,
};
}
public ImageFileHeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner)
{
this.machineVM = new UInt16FlagsHexField(doc, Name, "Machine", startOffset + 0);
this.machineVM.Add(new IntegerHexBitField("Machine", 0, 16, MachineInfos));
this.numberOfSectionsVM = new UInt16HexField(doc, Name, "NumberOfSections", startOffset + 2);
this.timeDateStampVM = new UInt32HexField(doc, Name, "TimeDateStamp", startOffset + 4);
this.timeDateStampVM.DataFieldVM.PropertyChanged += (s, e) => OnPropertyChanged("TimeDateStampString");
this.pointerToSymbolTableVM = new UInt32HexField(doc, Name, "PointerToSymbolTable", startOffset + 8);
this.numberOfSymbolsVM = new UInt32HexField(doc, Name, "NumberOfSymbols", startOffset + 0x0C);
this.sizeOfOptionalHeaderVM = new UInt16HexField(doc, Name, "SizeOfOptionalHeader", startOffset + 0x10);
this.characteristicsVM = new UInt16FlagsHexField(doc, Name, "Characteristics", startOffset + 0x12);
this.characteristicsVM.Add(new BooleanHexBitField("Relocs Stripped", 0));
this.characteristicsVM.Add(new BooleanHexBitField("Executable Image", 1));
this.characteristicsVM.Add(new BooleanHexBitField("Line Nums Stripped", 2));
this.characteristicsVM.Add(new BooleanHexBitField("Local Syms Stripped", 3));
this.characteristicsVM.Add(new BooleanHexBitField("Aggressive WS Trim", 4));
this.characteristicsVM.Add(new BooleanHexBitField("Large Address Aware", 5));
this.characteristicsVM.Add(new BooleanHexBitField("Reserved 0040h", 6));
this.characteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Lo", 7));
this.characteristicsVM.Add(new BooleanHexBitField("32-Bit Machine", 8));
this.characteristicsVM.Add(new BooleanHexBitField("Debug Stripped", 9));
this.characteristicsVM.Add(new BooleanHexBitField("Removable Run From Swap", 10));
this.characteristicsVM.Add(new BooleanHexBitField("Net Run From Swap", 11));
this.characteristicsVM.Add(new BooleanHexBitField("System", 12));
this.characteristicsVM.Add(new BooleanHexBitField("Dll", 13));
this.characteristicsVM.Add(new BooleanHexBitField("Up System Only", 14));
this.characteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Hi", 15));
this.hexFields = new HexField[] {
machineVM,
numberOfSectionsVM,
timeDateStampVM,
pointerToSymbolTableVM,
numberOfSymbolsVM,
sizeOfOptionalHeaderVM,
characteristicsVM,
};
}
public ImageFileHeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner)
{
this.machineVM = new UInt16FlagsHexField(doc, Name, "Machine", startOffset + 0);
this.machineVM.Add(new IntegerHexBitField("Machine", 0, 16, MachineInfos));
this.numberOfSectionsVM = new UInt16HexField(doc, Name, "NumberOfSections", startOffset + 2);
this.timeDateStampVM = new UInt32HexField(doc, Name, "TimeDateStamp", startOffset + 4);
this.pointerToSymbolTableVM = new UInt32HexField(doc, Name, "PointerToSymbolTable", startOffset + 8);
this.numberOfSymbolsVM = new UInt32HexField(doc, Name, "NumberOfSymbols", startOffset + 0x0C);
this.sizeOfOptionalHeaderVM = new UInt16HexField(doc, Name, "SizeOfOptionalHeader", startOffset + 0x10);
this.characteristicsVM = new UInt16FlagsHexField(doc, Name, "Characteristics", startOffset + 0x12);
this.characteristicsVM.Add(new BooleanHexBitField("Relocs Stripped", 0));
this.characteristicsVM.Add(new BooleanHexBitField("Executable Image", 1));
this.characteristicsVM.Add(new BooleanHexBitField("Line Nums Stripped", 2));
this.characteristicsVM.Add(new BooleanHexBitField("Local Syms Stripped", 3));
this.characteristicsVM.Add(new BooleanHexBitField("Aggressive WS Trim", 4));
this.characteristicsVM.Add(new BooleanHexBitField("Large Address Aware", 5));
this.characteristicsVM.Add(new BooleanHexBitField("Reserved 0040h", 6));
this.characteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Lo", 7));
this.characteristicsVM.Add(new BooleanHexBitField("32-Bit Machine", 8));
this.characteristicsVM.Add(new BooleanHexBitField("Debug Stripped", 9));
this.characteristicsVM.Add(new BooleanHexBitField("Removable Run From Swap", 10));
this.characteristicsVM.Add(new BooleanHexBitField("Net Run From Swap", 11));
this.characteristicsVM.Add(new BooleanHexBitField("System", 12));
this.characteristicsVM.Add(new BooleanHexBitField("Dll", 13));
this.characteristicsVM.Add(new BooleanHexBitField("Up System Only", 14));
this.characteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Hi", 15));
this.hexFields = new HexField[] {
machineVM,
numberOfSectionsVM,
timeDateStampVM,
pointerToSymbolTableVM,
numberOfSymbolsVM,
sizeOfOptionalHeaderVM,
characteristicsVM,
};
}
public ImageDosHeaderVM(object owner, HexDocument doc, ulong startOffset)
: base(owner) {
this.magicVM = new UInt16HexField(doc, Name, "e_magic", startOffset + 0);
this.cblpVM = new UInt16HexField(doc, Name, "e_cblp", startOffset + 2);
this.cpVM = new UInt16HexField(doc, Name, "e_cp", startOffset + 4);
this.crlcVM = new UInt16HexField(doc, Name, "e_crlc", startOffset + 6);
this.cparhdrVM = new UInt16HexField(doc, Name, "e_cparhdr", startOffset + 8);
this.minallocVM = new UInt16HexField(doc, Name, "e_minalloc", startOffset + 0x0A);
this.maxallocVM = new UInt16HexField(doc, Name, "e_maxalloc", startOffset + 0x0C);
this.ssVM = new UInt16HexField(doc, Name, "e_ss", startOffset + 0x0E);
this.spVM = new UInt16HexField(doc, Name, "e_sp", startOffset + 0x10);
this.csumVM = new UInt16HexField(doc, Name, "e_csum", startOffset + 0x12);
this.ipVM = new UInt16HexField(doc, Name, "e_ip", startOffset + 0x14);
this.csVM = new UInt16HexField(doc, Name, "e_cs", startOffset + 0x16);
this.lfarlcVM = new UInt16HexField(doc, Name, "e_lfarlc", startOffset + 0x18);
this.ovnoVM = new UInt16HexField(doc, Name, "e_ovno", startOffset + 0x1A);
this.res_0VM = new UInt16HexField(doc, Name, "e_res[0]", startOffset + 0x1C);
this.res_1VM = new UInt16HexField(doc, Name, "e_res[1]", startOffset + 0x1E);
this.res_2VM = new UInt16HexField(doc, Name, "e_res[2]", startOffset + 0x20);
this.res_3VM = new UInt16HexField(doc, Name, "e_res[3]", startOffset + 0x22);
this.oemidVM = new UInt16HexField(doc, Name, "e_oemid", startOffset + 0x24);
this.oeminfoVM = new UInt16HexField(doc, Name, "e_oeminfo", startOffset + 0x26);
this.res2_0VM = new UInt16HexField(doc, Name, "e_res2[0]", startOffset + 0x28);
this.res2_1VM = new UInt16HexField(doc, Name, "e_res2[1]", startOffset + 0x2A);
this.res2_2VM = new UInt16HexField(doc, Name, "e_res2[2]", startOffset + 0x2C);
this.res2_3VM = new UInt16HexField(doc, Name, "e_res2[3]", startOffset + 0x2E);
this.res2_4VM = new UInt16HexField(doc, Name, "e_res2[4]", startOffset + 0x30);
this.res2_5VM = new UInt16HexField(doc, Name, "e_res2[5]", startOffset + 0x32);
this.res2_6VM = new UInt16HexField(doc, Name, "e_res2[6]", startOffset + 0x34);
this.res2_7VM = new UInt16HexField(doc, Name, "e_res2[7]", startOffset + 0x36);
this.res2_8VM = new UInt16HexField(doc, Name, "e_res2[8]", startOffset + 0x38);
this.res2_9VM = new UInt16HexField(doc, Name, "e_res2[9]", startOffset + 0x3A);
this.lfanewVM = new Int32HexField(doc, Name, "e_lfanew", startOffset + 0x3C);
this.hexFields = new HexField[] {
magicVM,
cblpVM,
cpVM,
crlcVM,
cparhdrVM,
minallocVM,
maxallocVM,
ssVM,
spVM,
csumVM,
ipVM,
csVM,
lfarlcVM,
ovnoVM,
res_0VM,
res_1VM,
res_2VM,
res_3VM,
oemidVM,
oeminfoVM,
res2_0VM,
res2_1VM,
res2_2VM,
res2_3VM,
res2_4VM,
res2_5VM,
res2_6VM,
res2_7VM,
res2_8VM,
res2_9VM,
lfanewVM,
};
}
public ImageDosHeaderVM(HexDocument doc, ulong startOffset)
{
this.magicVM = new UInt16HexField(doc, Name, "e_magic", startOffset + 0);
this.cblpVM = new UInt16HexField(doc, Name, "e_cblp", startOffset + 2);
this.cpVM = new UInt16HexField(doc, Name, "e_cp", startOffset + 4);
this.crlcVM = new UInt16HexField(doc, Name, "e_crlc", startOffset + 6);
this.cparhdrVM = new UInt16HexField(doc, Name, "e_cparhdr", startOffset + 8);
this.minallocVM = new UInt16HexField(doc, Name, "e_minalloc", startOffset + 0x0A);
this.maxallocVM = new UInt16HexField(doc, Name, "e_maxalloc", startOffset + 0x0C);
this.ssVM = new UInt16HexField(doc, Name, "e_ss", startOffset + 0x0E);
this.spVM = new UInt16HexField(doc, Name, "e_sp", startOffset + 0x10);
this.csumVM = new UInt16HexField(doc, Name, "e_csum", startOffset + 0x12);
this.ipVM = new UInt16HexField(doc, Name, "e_ip", startOffset + 0x14);
this.csVM = new UInt16HexField(doc, Name, "e_cs", startOffset + 0x16);
this.lfarlcVM = new UInt16HexField(doc, Name, "e_lfarlc", startOffset + 0x18);
this.ovnoVM = new UInt16HexField(doc, Name, "e_ovno", startOffset + 0x1A);
this.res_0VM = new UInt16HexField(doc, Name, "e_res[0]", startOffset + 0x1C);
this.res_1VM = new UInt16HexField(doc, Name, "e_res[1]", startOffset + 0x1E);
this.res_2VM = new UInt16HexField(doc, Name, "e_res[2]", startOffset + 0x20);
this.res_3VM = new UInt16HexField(doc, Name, "e_res[3]", startOffset + 0x22);
this.oemidVM = new UInt16HexField(doc, Name, "e_oemid", startOffset + 0x24);
this.oeminfoVM = new UInt16HexField(doc, Name, "e_oeminfo", startOffset + 0x26);
this.res2_0VM = new UInt16HexField(doc, Name, "e_res2[0]", startOffset + 0x28);
this.res2_1VM = new UInt16HexField(doc, Name, "e_res2[1]", startOffset + 0x2A);
this.res2_2VM = new UInt16HexField(doc, Name, "e_res2[2]", startOffset + 0x2C);
this.res2_3VM = new UInt16HexField(doc, Name, "e_res2[3]", startOffset + 0x2E);
this.res2_4VM = new UInt16HexField(doc, Name, "e_res2[4]", startOffset + 0x30);
this.res2_5VM = new UInt16HexField(doc, Name, "e_res2[5]", startOffset + 0x32);
this.res2_6VM = new UInt16HexField(doc, Name, "e_res2[6]", startOffset + 0x34);
this.res2_7VM = new UInt16HexField(doc, Name, "e_res2[7]", startOffset + 0x36);
this.res2_8VM = new UInt16HexField(doc, Name, "e_res2[8]", startOffset + 0x38);
this.res2_9VM = new UInt16HexField(doc, Name, "e_res2[9]", startOffset + 0x3A);
this.lfanewVM = new Int32HexField(doc, Name, "e_lfanew", startOffset + 0x3C);
this.hexFields = new HexField[] {
magicVM,
cblpVM,
cpVM,
crlcVM,
cparhdrVM,
minallocVM,
maxallocVM,
ssVM,
spVM,
csumVM,
ipVM,
csVM,
lfarlcVM,
ovnoVM,
res_0VM,
res_1VM,
res_2VM,
res_3VM,
oemidVM,
oeminfoVM,
res2_0VM,
res2_1VM,
res2_2VM,
res2_3VM,
res2_4VM,
res2_5VM,
res2_6VM,
res2_7VM,
res2_8VM,
res2_9VM,
lfanewVM,
};
}
protected ImageOptionalHeaderVM(HexDocument doc, ulong startOffset, ulong endOffset, ulong offs1, ulong offs2)
{
this.magicVM = new UInt16HexField(doc, Name, "Magic", startOffset + 0);
this.majorLinkerVersionVM = new ByteHexField(doc, Name, "MajorLinkerVersion", startOffset + 2, true);
this.minorLinkerVersionVM = new ByteHexField(doc, Name, "MinorLinkerVersion", startOffset + 3, true);
this.sizeOfCodeVM = new UInt32HexField(doc, Name, "SizeOfCode", startOffset + 4);
this.sizeOfInitializedDataVM = new UInt32HexField(doc, Name, "SizeOfInitializedData", startOffset + 8);
this.sizeOfUninitializedDataVM = new UInt32HexField(doc, Name, "SizeOfUninitializedData", startOffset + 0x0C);
this.addressOfEntryPointVM = new UInt32HexField(doc, Name, "AddressOfEntryPoint", startOffset + 0x10);
this.baseOfCodeVM = new UInt32HexField(doc, Name, "BaseOfCode", startOffset + 0x14);
this.sectionAlignmentVM = new UInt32HexField(doc, Name, "SectionAlignment", startOffset + offs1 + 0);
this.fileAlignmentVM = new UInt32HexField(doc, Name, "FileAlignment", startOffset + offs1 + 4);
this.majorOperatingSystemVersionVM = new UInt16HexField(doc, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
this.minorOperatingSystemVersionVM = new UInt16HexField(doc, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
this.majorImageVersionVM = new UInt16HexField(doc, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
this.minorImageVersionVM = new UInt16HexField(doc, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
this.majorSubsystemVersionVM = new UInt16HexField(doc, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
this.minorSubsystemVersionVM = new UInt16HexField(doc, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
this.win32VersionValueVM = new UInt32HexField(doc, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
this.sizeOfImageVM = new UInt32HexField(doc, Name, "SizeOfImage", startOffset + offs1 + 0x18);
this.sizeOfHeadersVM = new UInt32HexField(doc, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
this.checkSumVM = new UInt32HexField(doc, Name, "CheckSum", startOffset + offs1 + 0x20);
this.subsystemVM = new UInt16FlagsHexField(doc, Name, "Subsystem", startOffset + offs1 + 0x24);
this.subsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
this.dllCharacteristicsVM = new UInt16FlagsHexField(doc, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
this.loaderFlagsVM = new UInt32HexField(doc, Name, "LoaderFlags", startOffset + offs2 + 0);
this.numberOfRvaAndSizesVM = new UInt32HexField(doc, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);
ulong doffs = offs2 + 8;
this.dataDir0VM = new DataDirVM(doc, Name, "Export", startOffset + doffs + 0);
this.dataDir1VM = new DataDirVM(doc, Name, "Import", startOffset + doffs + 8);
this.dataDir2VM = new DataDirVM(doc, Name, "Resource", startOffset + doffs + 0x10);
this.dataDir3VM = new DataDirVM(doc, Name, "Exception", startOffset + doffs + 0x18);
this.dataDir4VM = new DataDirVM(doc, Name, "Security", startOffset + doffs + 0x20);
this.dataDir5VM = new DataDirVM(doc, Name, "Base Reloc", startOffset + doffs + 0x28);
this.dataDir6VM = new DataDirVM(doc, Name, "Debug", startOffset + doffs + 0x30);
this.dataDir7VM = new DataDirVM(doc, Name, "Architecture", startOffset + doffs + 0x38);
this.dataDir8VM = new DataDirVM(doc, Name, "Global Ptr", startOffset + doffs + 0x40);
this.dataDir9VM = new DataDirVM(doc, Name, "TLS", startOffset + doffs + 0x48);
this.dataDir10VM = new DataDirVM(doc, Name, "Load Config", startOffset + doffs + 0x50);
this.dataDir11VM = new DataDirVM(doc, Name, "Bound Import", startOffset + doffs + 0x58);
this.dataDir12VM = new DataDirVM(doc, Name, "IAT", startOffset + doffs + 0x60);
this.dataDir13VM = new DataDirVM(doc, Name, "Delay Import", startOffset + doffs + 0x68);
this.dataDir14VM = new DataDirVM(doc, Name, ".NET", startOffset + doffs + 0x70);
this.dataDir15VM = new DataDirVM(doc, Name, "Reserved15", startOffset + doffs + 0x78);
}
protected ImageOptionalHeaderVM(HexDocument doc, ulong startOffset, ulong endOffset, ulong offs1, ulong offs2)
{
this.magicVM = new UInt16HexField(doc, Name, "Magic", startOffset + 0);
this.majorLinkerVersionVM = new ByteHexField(doc, Name, "MajorLinkerVersion", startOffset + 2, true);
this.minorLinkerVersionVM = new ByteHexField(doc, Name, "MinorLinkerVersion", startOffset + 3, true);
this.sizeOfCodeVM = new UInt32HexField(doc, Name, "SizeOfCode", startOffset + 4);
this.sizeOfInitializedDataVM = new UInt32HexField(doc, Name, "SizeOfInitializedData", startOffset + 8);
this.sizeOfUninitializedDataVM = new UInt32HexField(doc, Name, "SizeOfUninitializedData", startOffset + 0x0C);
this.addressOfEntryPointVM = new UInt32HexField(doc, Name, "AddressOfEntryPoint", startOffset + 0x10);
this.baseOfCodeVM = new UInt32HexField(doc, Name, "BaseOfCode", startOffset + 0x14);
this.sectionAlignmentVM = new UInt32HexField(doc, Name, "SectionAlignment", startOffset + offs1 + 0);
this.fileAlignmentVM = new UInt32HexField(doc, Name, "FileAlignment", startOffset + offs1 + 4);
this.majorOperatingSystemVersionVM = new UInt16HexField(doc, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
this.minorOperatingSystemVersionVM = new UInt16HexField(doc, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
this.majorImageVersionVM = new UInt16HexField(doc, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
this.minorImageVersionVM = new UInt16HexField(doc, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
this.majorSubsystemVersionVM = new UInt16HexField(doc, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
this.minorSubsystemVersionVM = new UInt16HexField(doc, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
this.win32VersionValueVM = new UInt32HexField(doc, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
this.sizeOfImageVM = new UInt32HexField(doc, Name, "SizeOfImage", startOffset + offs1 + 0x18);
this.sizeOfHeadersVM = new UInt32HexField(doc, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
this.checkSumVM = new UInt32HexField(doc, Name, "CheckSum", startOffset + offs1 + 0x20);
this.subsystemVM = new UInt16FlagsHexField(doc, Name, "Subsystem", startOffset + offs1 + 0x24);
this.subsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
this.dllCharacteristicsVM = new UInt16FlagsHexField(doc, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
this.dllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
this.loaderFlagsVM = new UInt32HexField(doc, Name, "LoaderFlags", startOffset + offs2 + 0);
this.numberOfRvaAndSizesVM = new UInt32HexField(doc, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);
ulong doffs = offs2 + 8;
this.dataDir0VM = new DataDirVM(doc, Name, "Export", startOffset + doffs + 0);
this.dataDir1VM = new DataDirVM(doc, Name, "Import", startOffset + doffs + 8);
this.dataDir2VM = new DataDirVM(doc, Name, "Resource", startOffset + doffs + 0x10);
this.dataDir3VM = new DataDirVM(doc, Name, "Exception", startOffset + doffs + 0x18);
this.dataDir4VM = new DataDirVM(doc, Name, "Security", startOffset + doffs + 0x20);
this.dataDir5VM = new DataDirVM(doc, Name, "Base Reloc", startOffset + doffs + 0x28);
this.dataDir6VM = new DataDirVM(doc, Name, "Debug", startOffset + doffs + 0x30);
this.dataDir7VM = new DataDirVM(doc, Name, "Architecture", startOffset + doffs + 0x38);
this.dataDir8VM = new DataDirVM(doc, Name, "Global Ptr", startOffset + doffs + 0x40);
this.dataDir9VM = new DataDirVM(doc, Name, "TLS", startOffset + doffs + 0x48);
this.dataDir10VM = new DataDirVM(doc, Name, "Load Config", startOffset + doffs + 0x50);
this.dataDir11VM = new DataDirVM(doc, Name, "Bound Import", startOffset + doffs + 0x58);
this.dataDir12VM = new DataDirVM(doc, Name, "IAT", startOffset + doffs + 0x60);
this.dataDir13VM = new DataDirVM(doc, Name, "Delay Import", startOffset + doffs + 0x68);
this.dataDir14VM = new DataDirVM(doc, Name, ".NET", startOffset + doffs + 0x70);
this.dataDir15VM = new DataDirVM(doc, Name, "Reserved15", startOffset + doffs + 0x78);
}