/[RomCheater]/trunk/RomCheater.Core/IPEDData.cs
ViewVC logotype

Contents of /trunk/RomCheater.Core/IPEDData.cs

Parent Directory Parent Directory | Revision Log Revision Log

Revision 797 - (show annotations) (download)
Mon Apr 7 12:03:17 2014 UTC (6 years, 11 months ago) by william
File size: 33378 byte(s) 
+ fix hex format of values in PEData/IPEData
1 using System;
2 using System.Collections.Generic;
3 using System.Linq;
4 using System.Text;
5 using System.ComponentModel;
6 using System.Runtime.InteropServices;
7
8 namespace RomCheater.Core
9 {
10 public interface IPEDData
11 {
12 IMAGE_DOS_HEADER DosHeader { get; }
13 string NTSignature { get; }
14 IMAGE_FILE_HEADER FileHeader { get; }
15 IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get; }
16 IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get; }
17 IMAGE_SECTION_HEADER[] SectionHeaders { get; }
18 bool Is32bitAssembly();
19
20 [Browsable(false)]
21 ulong _VirtualEntryPoint { get; }
22 string VirtualEntryPoint { get; }
23
24 [Browsable(false)]
25 ulong _VirtualRVA { get; }
26 string VirtualRVA { get; }
27
28 [Browsable(false)]
29 ulong _VirtualImageBase { get; }
30 string VirtualImageBase { get; }
31
32 ISECTION_DATA[] SectionData { get; }
33 }
34
35 #region PEDATA structures
36 #region File Header Structures
37 [TypeConverter(typeof(ExpandableObjectConverter))]
38 public struct IMAGE_DOS_HEADER
39 { // DOS .EXE header
40 public UInt16 _e_magic; // Magic number
41 public UInt16 _e_cblp; // Bytes on last page of file
42 public UInt16 _e_cp; // Pages in file
43 public UInt16 _e_crlc; // Relocations
44 public UInt16 _e_cparhdr; // Size of header in paragraphs
45 public UInt16 _e_minalloc; // Minimum extra paragraphs needed
46 public UInt16 _e_maxalloc; // Maximum extra paragraphs needed
47 public UInt16 _e_ss; // Initial (relative) SS value
48 public UInt16 _e_sp; // Initial SP value
49 public UInt16 _e_csum; // Checksum
50 public UInt16 _e_ip; // Initial IP value
51 public UInt16 _e_cs; // Initial (relative) CS value
52 public UInt16 _e_lfarlc; // File address of relocation table
53 public UInt16 _e_ovno; // Overlay number
54 [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
55 public UInt16[] _e_res1;
56 public UInt16 _e_oemid; // OEM identifier (for e_oeminfo)
57 public UInt16 _e_oeminfo; // OEM information; e_oemid specific
58 [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
59 public UInt16[] _e_res2;
60 public UInt32 _e_lfanew; // File address of new exe header
61
62 public string e_magic { get { return string.Format("0x{0}", _e_magic.ToString("X")); } }
63 public string e_cblp { get { return string.Format("0x{0}", _e_cblp.ToString("X")); } }
64 public string e_cp { get { return string.Format("0x{0}", _e_cp.ToString("X")); } }
65 public string e_crlc { get { return string.Format("0x{0}", _e_crlc.ToString("X")); } }
66 public string e_cparhdr { get { return string.Format("0x{0}", _e_cparhdr.ToString("X")); } }
67 public string e_minalloc { get { return string.Format("0x{0}", _e_minalloc.ToString("X")); } }
68 public string e_maxalloc { get { return string.Format("0x{0}", _e_maxalloc.ToString("X")); } }
69 public string e_ss { get { return string.Format("0x{0}", _e_ss.ToString("X")); } }
70 public string e_sp { get { return string.Format("0x{0}", _e_sp.ToString("X")); } }
71 public string e_csum { get { return string.Format("0x{0}", _e_csum.ToString("X")); } }
72 public string e_ip { get { return string.Format("0x{0}", _e_ip.ToString("X")); } }
73 public string e_cs { get { return string.Format("0x{0}", _e_cs.ToString("X")); } }
74 public string e_lfarlc { get { return string.Format("0x{0}", _e_lfarlc.ToString("X")); } }
75 public string e_ovno { get { return string.Format("0x{0}", _e_ovno.ToString("X")); } }
76 public ushort[] e_res1 { get { return _e_res1; } }
77 public string e_oemid { get { return string.Format("0x{0}", _e_oemid.ToString("X")); } }
78 public string e_oeminfo { get { return string.Format("0x{0}", _e_oeminfo.ToString("X")); } }
79 public ushort[] e_res2 { get { return _e_res2; } }
80 public string e_lfanew { get { return string.Format("0x{0}", _e_lfanew.ToString("X")); } }
81
82 public override string ToString()
83 {
84 return Encoding.UTF8.GetString(BitConverter.GetBytes(_e_magic));
85 }
86 }
87 [TypeConverter(typeof(ExpandableObjectConverter))]
88 [StructLayout(LayoutKind.Sequential)]
89 public struct IMAGE_DATA_DIRECTORY
90 {
91 public UInt32 _VirtualAddress;
92 public UInt32 _Size;
93 [Browsable(false)]
94 public UInt32 _VirtualStart { get { return _VirtualAddress; } }
95 public string VirtualStart { get { return string.Format("0x{0}", _VirtualStart.ToString("X")); } }
96 [Browsable(false)]
97 public UInt32 _VirtualEnd { get { return (_VirtualStart + _VirtualSize); } }
98 public string VirtualEnd { get { return string.Format("0x{0}", _VirtualEnd.ToString("X")); } }
99 [Browsable(false)]
100 public UInt32 _VirtualSize { get { return _Size; } }
101 public string VirtualSize { get { return string.Format("0x{0}", _VirtualSize.ToString("X")); } }
102
103 public override string ToString()
104 {
105 return string.Format("{0}-{1} [{2}]", VirtualStart, VirtualEnd, VirtualSize);
106 }
107 }
108
109 [TypeConverter(typeof(ExpandableObjectConverter))]
110 [StructLayout(LayoutKind.Sequential, Pack = 1)]
111 public struct DATA_DIRECTORIES
112 {
113 public IMAGE_DATA_DIRECTORY _ExportTable;
114 public IMAGE_DATA_DIRECTORY _ImportTable;
115 public IMAGE_DATA_DIRECTORY _ResourceTable;
116 public IMAGE_DATA_DIRECTORY _ExceptionTable;
117 public IMAGE_DATA_DIRECTORY _CertificateTable;
118 public IMAGE_DATA_DIRECTORY _BaseRelocationTable;
119 public IMAGE_DATA_DIRECTORY _Debug;
120 public IMAGE_DATA_DIRECTORY _Architecture;
121 public IMAGE_DATA_DIRECTORY _GlobalPtr;
122 public IMAGE_DATA_DIRECTORY _TLSTable;
123 public IMAGE_DATA_DIRECTORY _LoadConfigTable;
124 public IMAGE_DATA_DIRECTORY _BoundImport;
125 public IMAGE_DATA_DIRECTORY _IAT;
126 public IMAGE_DATA_DIRECTORY _DelayImportDescriptor;
127 public IMAGE_DATA_DIRECTORY _CLRRuntimeHeader;
128 public IMAGE_DATA_DIRECTORY _Reserved;
129
130 // data directories
131 public IMAGE_DATA_DIRECTORY ExportTable { get { return _ExportTable; } }
132 public IMAGE_DATA_DIRECTORY ImportTable { get { return _ImportTable; } }
133 public IMAGE_DATA_DIRECTORY ResourceTable { get { return _ResourceTable; } }
134 public IMAGE_DATA_DIRECTORY ExceptionTable { get { return _ExceptionTable; } }
135 public IMAGE_DATA_DIRECTORY CertificateTable { get { return _CertificateTable; } }
136 public IMAGE_DATA_DIRECTORY BaseRelocationTable { get { return _BaseRelocationTable; } }
137 public IMAGE_DATA_DIRECTORY Debug { get { return _Debug; } }
138 public IMAGE_DATA_DIRECTORY Architecture { get { return _Architecture; } }
139 public IMAGE_DATA_DIRECTORY GlobalPtr { get { return _GlobalPtr; } }
140 public IMAGE_DATA_DIRECTORY TLSTable { get { return _TLSTable; } }
141 public IMAGE_DATA_DIRECTORY LoadConfigTable { get { return _LoadConfigTable; } }
142 public IMAGE_DATA_DIRECTORY BoundImport { get { return _BoundImport; } }
143 public IMAGE_DATA_DIRECTORY IAT { get { return _IAT; } }
144 public IMAGE_DATA_DIRECTORY DelayImportDescriptor { get { return _DelayImportDescriptor; } }
145 public IMAGE_DATA_DIRECTORY CLRRuntimeHeader { get { return _CLRRuntimeHeader; } }
146 public IMAGE_DATA_DIRECTORY Reserved { get { return _Reserved; } }
147
148 private uint DataDirectoryCount { get { return 16; } }
149
150 public override string ToString()
151 {
152 return string.Format("Data Directory Count: 0x{0}", DataDirectoryCount.ToString("X"));
153 }
154 }
155
156 [TypeConverter(typeof(ExpandableObjectConverter))]
157 [StructLayout(LayoutKind.Sequential, Pack = 1)]
158 public struct IMAGE_OPTIONAL_HEADER32
159 {
160 public UInt16 _Magic;
161 public Byte _MajorLinkerVersion;
162 public Byte _MinorLinkerVersion;
163 public UInt32 _SizeOfCode;
164 public UInt32 _SizeOfInitializedData;
165 public UInt32 _SizeOfUninitializedData;
166 public UInt32 _AddressOfEntryPoint;
167 public UInt32 _BaseOfCode;
168 public UInt32 _BaseOfData;
169 public UInt32 _ImageBase;
170 public UInt32 _SectionAlignment;
171 public UInt32 _FileAlignment;
172 public UInt16 _MajorOperatingSystemVersion;
173 public UInt16 _MinorOperatingSystemVersion;
174 public UInt16 _MajorImageVersion;
175 public UInt16 _MinorImageVersion;
176 public UInt16 _MajorSubsystemVersion;
177 public UInt16 _MinorSubsystemVersion;
178 public UInt32 _Win32VersionValue;
179 public UInt32 _SizeOfImage;
180 public UInt32 _SizeOfHeaders;
181 public UInt32 _CheckSum;
182 public SubSystemType _Subsystem;
183 public DllCharacteristicsType _DllCharacteristics;
184 public UInt32 _SizeOfStackReserve;
185 public UInt32 _SizeOfStackCommit;
186 public UInt32 _SizeOfHeapReserve;
187 public UInt32 _SizeOfHeapCommit;
188 public UInt32 _LoaderFlags;
189 public UInt32 _NumberOfRvaAndSizes;
190
191
192 public DATA_DIRECTORIES _DATA_DIRECTORIES;
193
194 public string Magic { get { return ((MagicType)_Magic).ToString(); } }
195 public string MajorLinkerVersion { get { return string.Format("0x{0}", _MajorLinkerVersion.ToString("X")); } }
196 public string MinorLinkerVersion { get { return string.Format("0x{0}", _MajorLinkerVersion); } }
197
198 public string SizeOfCode { get { return string.Format("0x{0}", _SizeOfCode.ToString("X")); } }
199 public string SizeOfInitializedData { get { return string.Format("0x{0}", _SizeOfInitializedData.ToString("X")); } }
200 public string SizeOfUninitializedData { get { return string.Format("0x{0}", _SizeOfUninitializedData.ToString("X")); } }
201 public string AddressOfEntryPoint { get { return string.Format("0x{0}", _AddressOfEntryPoint.ToString("X")); } }
202 public string BaseOfCode { get { return string.Format("0x{0}", _BaseOfCode.ToString("X")); } }
203 public string BaseOfData { get { return string.Format("0x{0}", _BaseOfData.ToString("X")); } }
204 public string ImageBase { get { return string.Format("0x{0}", _ImageBase.ToString("X")); } }
205 public string SectionAlignment { get { return string.Format("0x{0}", _SectionAlignment.ToString("X")); } }
206 public string FileAlignment { get { return string.Format("0x{0}", _FileAlignment.ToString("X")); } }
207
208 public string MajorOperatingSystemVersion { get { return string.Format("0x{0}", _MajorOperatingSystemVersion.ToString("X")); } }
209 public string MinorOperatingSystemVersion { get { return string.Format("0x{0}", _MinorOperatingSystemVersion.ToString("X")); } }
210 public string MajorImageVersion { get { return string.Format("0x{0}", _MajorImageVersion.ToString("X")); } }
211 public string MinorImageVersion { get { return string.Format("0x{0}", _MinorImageVersion.ToString("X")); } }
212 public string MajorSubsystemVersion { get { return string.Format("0x{0}", _MajorSubsystemVersion.ToString("X")); } }
213 public string MinorSubsystemVersion { get { return string.Format("0x{0}", _MinorSubsystemVersion.ToString("X")); } }
214
215 public string Win32VersionValue { get { return string.Format("0x{0}", _Win32VersionValue.ToString("X")); } }
216 public string SizeOfImage { get { return string.Format("0x{0}", _SizeOfImage.ToString("X")); } }
217 public string SizeOfHeaders { get { return string.Format("0x{0}", _SizeOfHeaders.ToString("X")); } }
218 public string CheckSum { get { return string.Format("0x{0}", _CheckSum.ToString("X")); } }
219
220 public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
221 public string DllCharacteristics { get { return string.Format("{0}", _DllCharacteristics); } }
222
223 public string SizeOfStackReserve { get { return string.Format("0x{0}", _SizeOfStackReserve.ToString("X")); } }
224 public string SizeOfStackCommit { get { return string.Format("0x{0}", _SizeOfStackCommit.ToString("X")); } }
225 public string SizeOfHeapReserve { get { return string.Format("0x{0}", _SizeOfHeapReserve.ToString("X")); } }
226 public string SizeOfHeapCommit { get { return string.Format("0x{0}", _SizeOfHeapCommit.ToString("X")); } }
227
228 public string LoaderFlags { get { return string.Format("0x{0}", _LoaderFlags.ToString("X")); } }
229 public string NumberOfRvaAndSizes { get { return string.Format("0x{0}", _NumberOfRvaAndSizes.ToString("X")); } }
230
231 public DATA_DIRECTORIES DATA_DIRECTORIES { get { return _DATA_DIRECTORIES; } }
232
233
234
235 public override string ToString()
236 {
237 return Magic;
238 }
239 }
240
241 [StructLayout(LayoutKind.Sequential, Pack = 1)]
242 [TypeConverter(typeof(ExpandableObjectConverter))]
243 public struct IMAGE_OPTIONAL_HEADER64
244 {
245 public UInt16 _Magic;
246 public Byte _MajorLinkerVersion;
247 public Byte _MinorLinkerVersion;
248 public UInt32 _SizeOfCode;
249 public UInt32 _SizeOfInitializedData;
250 public UInt32 _SizeOfUninitializedData;
251 public UInt32 _AddressOfEntryPoint;
252 public UInt32 _BaseOfCode;
253 public UInt64 _ImageBase;
254 public UInt32 _SectionAlignment;
255 public UInt32 _FileAlignment;
256 public UInt16 _MajorOperatingSystemVersion;
257 public UInt16 _MinorOperatingSystemVersion;
258 public UInt16 _MajorImageVersion;
259 public UInt16 _MinorImageVersion;
260 public UInt16 _MajorSubsystemVersion;
261 public UInt16 _MinorSubsystemVersion;
262 public UInt32 _Win32VersionValue;
263 public UInt32 _SizeOfImage;
264 public UInt32 _SizeOfHeaders;
265 public UInt32 _CheckSum;
266 public UInt16 _Subsystem;
267 public DllCharacteristicsType _DllCharacteristics;
268 public UInt64 _SizeOfStackReserve;
269 public UInt64 _SizeOfStackCommit;
270 public UInt64 _SizeOfHeapReserve;
271 public UInt64 _SizeOfHeapCommit;
272 public UInt32 _LoaderFlags;
273 public UInt32 _NumberOfRvaAndSizes;
274
275 public DATA_DIRECTORIES _DATA_DIRECTORIES;
276
277
278 public string Magic { get { return ((MagicType)_Magic).ToString(); } }
279 public string MajorLinkerVersion { get { return string.Format("0x{0}", _MajorLinkerVersion.ToString("X")); } }
280 public string MinorLinkerVersion { get { return string.Format("0x{0}", _MajorLinkerVersion.ToString("X")); } }
281
282 public string SizeOfCode { get { return string.Format("0x{0}", _SizeOfCode.ToString("X")); } }
283 public string SizeOfInitializedData { get { return string.Format("0x{0}", _SizeOfInitializedData.ToString("X")); } }
284 public string SizeOfUninitializedData { get { return string.Format("0x{0}", _SizeOfUninitializedData.ToString("X")); } }
285 public string AddressOfEntryPoint { get { return string.Format("0x{0}", _AddressOfEntryPoint.ToString("X")); } }
286 public string BaseOfCode { get { return string.Format("0x{0}", _BaseOfCode.ToString("X")); } }
287 public string ImageBase { get { return string.Format("0x{0}", _ImageBase.ToString("X")); } }
288 public string SectionAlignment { get { return string.Format("0x{0}", _SectionAlignment.ToString("X")); } }
289 public string FileAlignment { get { return string.Format("0x{0}", _FileAlignment.ToString("X")); } }
290
291 public string MajorOperatingSystemVersion { get { return string.Format("0x{0}", _MajorOperatingSystemVersion.ToString("X")); } }
292 public string MinorOperatingSystemVersion { get { return string.Format("0x{0}", _MinorOperatingSystemVersion.ToString("X")); } }
293 public string MajorImageVersion { get { return string.Format("0x{0}", _MajorImageVersion.ToString("X")); } }
294 public string MinorImageVersion { get { return string.Format("0x{0}", _MinorImageVersion.ToString("X")); } }
295 public string MajorSubsystemVersion { get { return string.Format("0x{0}", _MajorSubsystemVersion.ToString("X")); } }
296 public string MinorSubsystemVersion { get { return string.Format("0x{0}", _MinorSubsystemVersion.ToString("X")); } }
297
298 public string Win32VersionValue { get { return string.Format("0x{0}", _Win32VersionValue.ToString("X")); } }
299 public string SizeOfImage { get { return string.Format("0x{0}", _SizeOfImage.ToString("X")); } }
300 public string SizeOfHeaders { get { return string.Format("0x{0}", _SizeOfHeaders.ToString("X")); } }
301 public string CheckSum { get { return string.Format("0x{0}", _CheckSum.ToString("X")); } }
302
303 public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
304 public string DllCharacteristics { get { return string.Format("{0}", _DllCharacteristics); } }
305
306 public string SizeOfStackReserve { get { return string.Format("0x{0}", _SizeOfStackReserve.ToString("X")); } }
307 public string SizeOfStackCommit { get { return string.Format("0x{0}", _SizeOfStackCommit.ToString("X")); } }
308 public string SizeOfHeapReserve { get { return string.Format("0x{0}", _SizeOfHeapReserve.ToString("X")); } }
309 public string SizeOfHeapCommit { get { return string.Format("0x{0}", _SizeOfHeapCommit.ToString("X")); } }
310
311 public string LoaderFlags { get { return string.Format("0x{0}", _LoaderFlags.ToString("X")); } }
312 public string NumberOfRvaAndSizes { get { return string.Format("0x{0}", _NumberOfRvaAndSizes.ToString("X")); } }
313
314 public DATA_DIRECTORIES DATA_DIRECTORIES { get { return _DATA_DIRECTORIES; } }
315
316
317 public override string ToString()
318 {
319 return Magic;
320 }
321
322 }
323
324 [StructLayout(LayoutKind.Sequential, Pack = 1)]
325 [TypeConverter(typeof(ExpandableObjectConverter))]
326 public struct IMAGE_FILE_HEADER
327 {
328 public MachineTypeFlags _Machine;
329 public UInt16 _NumberOfSections;
330 public UInt32 _TimeDateStamp;
331 public UInt32 _PointerToSymbolTable;
332 public UInt32 _NumberOfSymbols;
333 public UInt16 _SizeOfOptionalHeader;
334 public FileCharacteristicType _Characteristics;
335
336 public MachineTypeFlags MachineType { get { return _Machine; } }
337 public string NumberOfSections { get { return string.Format("0x{0}", _NumberOfSections.ToString("X")); } }
338 public string TimeDateStamp { get { return string.Format("{0} (0x{1})", GetDateTimeFromLinkerTime(_TimeDateStamp).ToString(), _TimeDateStamp.ToString("X")); } }
339 public string PointerToSymbolTable { get { return string.Format("0x{0}", _PointerToSymbolTable.ToString("X")); } }
340 public string NumberOfSymbols { get { return string.Format("0x{0}", _NumberOfSymbols.ToString("X")); } }
341 public string SizeOfOptionalHeader { get { return string.Format("0x{0}", _SizeOfOptionalHeader.ToString("X")); } }
342 public FileCharacteristicType Characteristics { get { return _Characteristics; } }
343 public override string ToString()
344 {
345 return MachineType.ToString();
346 }
347
348 private DateTime GetDateTimeFromLinkerTime(UInt32 linker_timer)
349 {
350 // http://msdn.microsoft.com/en-us/library/ms809762.aspx
351 // This field holds the number of seconds since December 31st, 1969, at 4:00 P.M.
352 DateTime t = new DateTime(1969, 12, 31, 16, 0, 0);
353 t = t.AddSeconds(linker_timer);
354 t += TimeZone.CurrentTimeZone.GetUtcOffset(t);
355 return t;
356 }
357 }
358
359 // Grabbed the following 2 definitions from http://www.pinvoke.net/default.aspx/Structures/IMAGE_SECTION_HEADER.html
360
361 [TypeConverter(typeof(ExpandableObjectConverter))]
362 [StructLayout(LayoutKind.Explicit)]
363 public struct IMAGE_SECTION_HEADER
364 {
365 [FieldOffset(0)]
366 [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 8)]
367 public string _Name;
368 [FieldOffset(8)]
369 public UInt32 _VirtualSize;
370 [FieldOffset(12)]
371 public UInt32 _VirtualAddress;
372 [FieldOffset(16)]
373 public UInt32 _SizeOfRawData;
374 [FieldOffset(20)]
375 public UInt32 _PointerToRawData;
376 [FieldOffset(24)]
377 public UInt32 _PointerToRelocations;
378 [FieldOffset(28)]
379 public UInt32 _PointerToLinenumbers;
380 [FieldOffset(32)]
381 public UInt16 _NumberOfRelocations;
382 [FieldOffset(34)]
383 public UInt16 _NumberOfLinenumbers;
384 [FieldOffset(36)]
385 public DataSectionFlags _Characteristics;
386
387 public string Name { get { if (_Name == null || _Name.Length == 0) { return string.Empty; } else { return _Name; } } }
388 //public Misc Misc { get { return _Misc; } }
389 public string VirtualSize { get { return string.Format("0x{0}", _VirtualSize.ToString("X")); } }
390 public string VirtualAddress { get { return string.Format("0x{0}", _VirtualAddress.ToString("X")); } }
391 [Browsable(false)]
392 public UInt32 _VirtualAddressEnd { get { return _VirtualAddress + _VirtualSize; } }
393 public string VirtualAddressEnd { get { return string.Format("0x{0}", _VirtualAddressEnd.ToString("X")); } }
394
395 public string SizeOfRawData { get { return string.Format("0x{0}", _SizeOfRawData.ToString("X")); } }
396 public string PointerToRawData { get { return string.Format("0x{0}", _PointerToRawData.ToString("X")); } }
397 public string PointerToRelocations { get { return string.Format("0x{0}", _PointerToRelocations.ToString("X")); } }
398 public string PointerToLinenumbers { get { return string.Format("0x{0}", _PointerToLinenumbers.ToString("X")); } }
399 public string NumberOfRelocations { get { return string.Format("0x{0}", _NumberOfRelocations.ToString("X")); } }
400 public string NumberOfLinenumbers { get { return string.Format("0x{0}", _NumberOfLinenumbers.ToString("X")); } }
401 public string Characteristics { get { return _Characteristics.ToString(); } }
402
403 public override string ToString()
404 {
405 return Name;
406 }
407 }
408 #endregion File Header Structures
409 [TypeConverter(typeof(ExpandableObjectConverter))]
410 public interface ISECTION_DATA
411 {
412 string Name { get; }
413 ulong _Start { get; }
414 ulong _End { get; }
415 ulong _Size { get; }
416
417 string Start { get; }
418 string End { get; }
419 string Size { get; }
420 string ToString();
421
422 }
423 [TypeConverter(typeof(ExpandableObjectConverter))]
424 public class SECTION_DATA : ISECTION_DATA
425 {
426 public SECTION_DATA() : this(string.Empty, 0, 0) { }
427 public SECTION_DATA(string name, ulong virtualAddress, ulong rva, uint virtualSize) : this(name, virtualAddress + rva, virtualSize) { }
428 public SECTION_DATA(string name, ulong virtualAddress, uint virtualSize)
429 {
430 this._Name = name;
431 this._Start = virtualAddress;
432 this._Size = virtualSize;
433 }
434
435 #region ISECTION_DATA members
436 private string _Name;
437 private ulong __Start;
438 [Browsable(false)]
439 public ulong _Start { get { return __Start; } set { __Start = value; } }
440 [Browsable(false)]
441 public ulong _End { get { return __Start + __Size; } }
442 private ulong __Size;
443 [Browsable(false)]
444 public ulong _Size { get { return __Size; } set { __Size = value; } }
445
446
447 public string Name { get { return _Name; } }
448 public string Start { get { return string.Format("0x{0}", _Start.ToString("X")); } }
449 public string End { get { return string.Format("0x{0}", _End.ToString("X")); } }
450 public string Size { get { return string.Format("0x{0}", _Size.ToString("X")); } }
451
452 public override string ToString()
453 {
454 return this.Name;
455 }
456 #endregion
457 }
458 #region helpers
459 [Flags]
460 public enum MachineTypeFlags : ushort
461 {
462 x86 = 0x14C,
463 Alpha = 0x184,
464 ARM = 0x1C0,
465 MIPS16R3000 = 0x162,
466 MIPS16R4000 = 0x166,
467 MIPS16R10000 = 0x168,
468 PowerPCLE = 0x1F0,
469 PowerPCBE = 0x1F2,
470 Itanium = 0x200,
471 MIPS16 = 0x266,
472 Alpha64 = 0x284,
473 MIPSFPU = 0x366,
474 MIPSFPU16 = 0x466,
475 x64 = 0x8664,
476 }
477 public enum MagicType : ushort
478 {
479 NT_OPTIONAL_HEADER_NOT_PRESENT, // 0
480 NT_OPTIONAL_HEADER_32 = 0x10b,
481 NT_OPTIONAL_HEADER_64 = 0x20b
482 }
483 public enum SubSystemType : ushort
484 {
485 IMAGE_SUBSYSTEM_UNKNOWN = 0,
486 IMAGE_SUBSYSTEM_NATIVE = 1,
487 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
488 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
489 IMAGE_SUBSYSTEM_POSIX_CUI = 7,
490 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
491 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
492 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
493 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
494 IMAGE_SUBSYSTEM_EFI_ROM = 13,
495 IMAGE_SUBSYSTEM_XBOX = 14
496
497 }
498 [Flags]
499 public enum DllCharacteristicsType : ushort
500 {
501 RES_0 = 0x0001,
502 RES_1 = 0x0002,
503 RES_2 = 0x0004,
504 RES_3 = 0x0008,
505 IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
506 IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
507 IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
508 IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
509 IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
510 IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
511 RES_4 = 0x1000,
512 IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
513 IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
514 }
515 [Flags]
516 public enum FileCharacteristicType : ushort
517 {
518 RelocationInformationStrippedFromFile = 0x1,
519 Executable = 0x2,
520 LineNumbersStripped = 0x4,
521 SymbolTableStripped = 0x8,
522 AggresiveTrimWorkingSet = 0x10,
523 LargeAddressAware = 0x20,
524 Supports16Bit = 0x40,
525 ReservedBytesWo = 0x80,
526 Supports32Bit = 0x100,
527 DebugInfoStripped = 0x200,
528 RunFromSwapIfInRemovableMedia = 0x400,
529 RunFromSwapIfInNetworkMedia = 0x800,
530 IsSytemFile = 0x1000,
531 IsDLL = 0x2000,
532 IsOnlyForSingleCoreProcessor = 0x4000,
533 BytesOfWordReserved = 0x8000,
534 }
535 #region DataSectionFlags
536 [Flags]
537 public enum DataSectionFlags : uint
538 {
539 /// <summary>
540 /// Reserved for future use.
541 /// </summary>
542 TypeReg = 0x00000000,
543 /// <summary>
544 /// Reserved for future use.
545 /// </summary>
546 TypeDsect = 0x00000001,
547 /// <summary>
548 /// Reserved for future use.
549 /// </summary>
550 TypeNoLoad = 0x00000002,
551 /// <summary>
552 /// Reserved for future use.
553 /// </summary>
554 TypeGroup = 0x00000004,
555 /// <summary>
556 /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
557 /// </summary>
558 TypeNoPadded = 0x00000008,
559 /// <summary>
560 /// Reserved for future use.
561 /// </summary>
562 TypeCopy = 0x00000010,
563 /// <summary>
564 /// The section contains executable code.
565 /// </summary>
566 ContentCode = 0x00000020,
567 /// <summary>
568 /// The section contains initialized data.
569 /// </summary>
570 ContentInitializedData = 0x00000040,
571 /// <summary>
572 /// The section contains uninitialized data.
573 /// </summary>
574 ContentUninitializedData = 0x00000080,
575 /// <summary>
576 /// Reserved for future use.
577 /// </summary>
578 LinkOther = 0x00000100,
579 /// <summary>
580 /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
581 /// </summary>
582 LinkInfo = 0x00000200,
583 /// <summary>
584 /// Reserved for future use.
585 /// </summary>
586 TypeOver = 0x00000400,
587 /// <summary>
588 /// The section will not become part of the image. This is valid only for object files.
589 /// </summary>
590 LinkRemove = 0x00000800,
591 /// <summary>
592 /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
593 /// </summary>
594 LinkComDat = 0x00001000,
595 /// <summary>
596 /// Reset speculative exceptions handling bits in the TLB entries for this section.
597 /// </summary>
598 NoDeferSpecExceptions = 0x00004000,
599 /// <summary>
600 /// The section contains data referenced through the global pointer (GP).
601 /// </summary>
602 RelativeGP = 0x00008000,
603 /// <summary>
604 /// Reserved for future use.
605 /// </summary>
606 MemPurgeable = 0x00020000,
607 /// <summary>
608 /// Reserved for future use.
609 /// </summary>
610 Memory16Bit = 0x00020000,
611 /// <summary>
612 /// Reserved for future use.
613 /// </summary>
614 MemoryLocked = 0x00040000,
615 /// <summary>
616 /// Reserved for future use.
617 /// </summary>
618 MemoryPreload = 0x00080000,
619 /// <summary>
620 /// Align data on a 1-byte boundary. Valid only for object files.
621 /// </summary>
622 Align1Bytes = 0x00100000,
623 /// <summary>
624 /// Align data on a 2-byte boundary. Valid only for object files.
625 /// </summary>
626 Align2Bytes = 0x00200000,
627 /// <summary>
628 /// Align data on a 4-byte boundary. Valid only for object files.
629 /// </summary>
630 Align4Bytes = 0x00300000,
631 /// <summary>
632 /// Align data on an 8-byte boundary. Valid only for object files.
633 /// </summary>
634 Align8Bytes = 0x00400000,
635 /// <summary>
636 /// Align data on a 16-byte boundary. Valid only for object files.
637 /// </summary>
638 Align16Bytes = 0x00500000,
639 /// <summary>
640 /// Align data on a 32-byte boundary. Valid only for object files.
641 /// </summary>
642 Align32Bytes = 0x00600000,
643 /// <summary>
644 /// Align data on a 64-byte boundary. Valid only for object files.
645 /// </summary>
646 Align64Bytes = 0x00700000,
647 /// <summary>
648 /// Align data on a 128-byte boundary. Valid only for object files.
649 /// </summary>
650 Align128Bytes = 0x00800000,
651 /// <summary>
652 /// Align data on a 256-byte boundary. Valid only for object files.
653 /// </summary>
654 Align256Bytes = 0x00900000,
655 /// <summary>
656 /// Align data on a 512-byte boundary. Valid only for object files.
657 /// </summary>
658 Align512Bytes = 0x00A00000,
659 /// <summary>
660 /// Align data on a 1024-byte boundary. Valid only for object files.
661 /// </summary>
662 Align1024Bytes = 0x00B00000,
663 /// <summary>
664 /// Align data on a 2048-byte boundary. Valid only for object files.
665 /// </summary>
666 Align2048Bytes = 0x00C00000,
667 /// <summary>
668 /// Align data on a 4096-byte boundary. Valid only for object files.
669 /// </summary>
670 Align4096Bytes = 0x00D00000,
671 /// <summary>
672 /// Align data on an 8192-byte boundary. Valid only for object files.
673 /// </summary>
674 Align8192Bytes = 0x00E00000,
675 /// <summary>
676 /// The section contains extended relocations.
677 /// </summary>
678 LinkExtendedRelocationOverflow = 0x01000000,
679 /// <summary>
680 /// The section can be discarded as needed.
681 /// </summary>
682 MemoryDiscardable = 0x02000000,
683 /// <summary>
684 /// The section cannot be cached.
685 /// </summary>
686 MemoryNotCached = 0x04000000,
687 /// <summary>
688 /// The section is not pageable.
689 /// </summary>
690 MemoryNotPaged = 0x08000000,
691 /// <summary>
692 /// The section can be shared in memory.
693 /// </summary>
694 MemoryShared = 0x10000000,
695 /// <summary>
696 /// The section can be executed as code.
697 /// </summary>
698 MemoryExecute = 0x20000000,
699 /// <summary>
700 /// The section can be read.
701 /// </summary>
702 MemoryRead = 0x40000000,
703 /// <summary>
704 /// The section can be written to.
705 /// </summary>
706 MemoryWrite = 0x80000000
707 }
708 #endregion
709 #endregion
710 #endregion
711 }
  ViewVC Help
Powered by ViewVC 1.1.22