/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEData.cs
ViewVC logotype

Annotation of /trunk/Win32/Sojaner.MemoryScanner/PEData.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 607 - (hide annotations) (download)
Sat Jun 8 02:13:11 2013 UTC (7 years, 1 month ago) by william
File size: 27255 byte(s)

1 william 607 #region Logging Defines
2     // include this any class or method that required logging, and comment-out what is not needed
3    
4     #region Enabled logging levels
5     #define LOGGING_ENABLE_INFO
6     #define LOGGING_ENABLE_WARN
7     #define LOGGING_ENABLE_DEBUG
8     //#define LOGGING_ENABLE_VERBOSEDEBUG
9     #define LOGGING_ENABLE_ERROR
10     #define LOGGING_ENABLE_VERBOSEERROR
11     #define LOGGING_ENABLE_PROFILER
12     #endregion
13     #endregion
14    
15     using System;
16     using System.Collections.Generic;
17     using System.Runtime.InteropServices;
18     using System.IO;
19     using System.Diagnostics;
20     using RomCheater.PluginFramework.Interfaces;
21    
22     namespace Sojaner.MemoryScanner
23     {
24     public interface IPEDData
25     {
26     IMAGE_DOS_HEADER DosHeader { get; }
27     IMAGE_FILE_HEADER FileHeader { get; }
28     IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get; }
29     IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get; }
30     //IMAGE_SECTION_HEADER[] SectionHeaders { get; }
31     bool Is32bitAssembly();
32     }
33    
34     public class PEData : IPEDData
35     {
36     #region IPEDData Members
37     public IMAGE_DOS_HEADER DosHeader { get { if (reader == null) { return new IMAGE_DOS_HEADER(); } else { return reader.DosHeader; } } }
38     public UInt32 NTSignature { get { if (reader == null) { return 0; } else { return reader.NTSignature; } } }
39     public IMAGE_FILE_HEADER FileHeader { get { if (reader == null) { return new IMAGE_FILE_HEADER(); } else { return reader.FileHeader; } } }
40     public IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER32(); } else { return reader.OptionalHeader32; } } }
41     public IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER64(); } else { return reader.OptionalHeader64; } } }
42     public Boolean Is32bitAssembly() { if (reader == null) { return true; } else { return reader.Is32BitHeader; } }
43     #endregion
44    
45     private PeHeaderReader reader = null;
46    
47     public static readonly IPEDData Empty = new PEData();
48    
49     protected PEData() { }
50     public PEData(IAcceptsProcess iap)
51     {
52     if (iap == null) { throw new ArgumentNullException("iap", "The selected process cannot be null"); }
53     Process p = iap.AcceptedProcess;
54     string filename = p.MainModule.FileName;
55     reader = new PeHeaderReader(filename);
56     }
57     public PEData(IAcceptsProcessAndConfig iapc) : this((IAcceptsProcess)iapc) { }
58     }
59    
60     #region File Header Structures
61    
62     public struct IMAGE_DOS_HEADER
63     { // DOS .EXE header
64     public UInt16 e_magic; // Magic number
65     public UInt16 e_cblp; // Bytes on last page of file
66     public UInt16 e_cp; // Pages in file
67     public UInt16 e_crlc; // Relocations
68     public UInt16 e_cparhdr; // Size of header in paragraphs
69     public UInt16 e_minalloc; // Minimum extra paragraphs needed
70     public UInt16 e_maxalloc; // Maximum extra paragraphs needed
71     public UInt16 e_ss; // Initial (relative) SS value
72     public UInt16 e_sp; // Initial SP value
73     public UInt16 e_csum; // Checksum
74     public UInt16 e_ip; // Initial IP value
75     public UInt16 e_cs; // Initial (relative) CS value
76     public UInt16 e_lfarlc; // File address of relocation table
77     public UInt16 e_ovno; // Overlay number
78     public UInt16 e_res_0; // Reserved words
79     public UInt16 e_res_1; // Reserved words
80     public UInt16 e_res_2; // Reserved words
81     public UInt16 e_res_3; // Reserved words
82     public UInt16 e_oemid; // OEM identifier (for e_oeminfo)
83     public UInt16 e_oeminfo; // OEM information; e_oemid specific
84     public UInt16 e_res2_0; // Reserved words
85     public UInt16 e_res2_1; // Reserved words
86     public UInt16 e_res2_2; // Reserved words
87     public UInt16 e_res2_3; // Reserved words
88     public UInt16 e_res2_4; // Reserved words
89     public UInt16 e_res2_5; // Reserved words
90     public UInt16 e_res2_6; // Reserved words
91     public UInt16 e_res2_7; // Reserved words
92     public UInt16 e_res2_8; // Reserved words
93     public UInt16 e_res2_9; // Reserved words
94     public UInt32 e_lfanew; // File address of new exe header
95     }
96    
97     [StructLayout(LayoutKind.Sequential)]
98     public struct IMAGE_DATA_DIRECTORY
99     {
100     public UInt32 VirtualAddress;
101     public UInt32 Size;
102     }
103    
104     [StructLayout(LayoutKind.Sequential, Pack = 1)]
105     public struct IMAGE_OPTIONAL_HEADER32
106     {
107     public UInt16 Magic;
108     public Byte MajorLinkerVersion;
109     public Byte MinorLinkerVersion;
110     public UInt32 SizeOfCode;
111     public UInt32 SizeOfInitializedData;
112     public UInt32 SizeOfUninitializedData;
113     public UInt32 AddressOfEntryPoint;
114     public UInt32 BaseOfCode;
115     public UInt32 BaseOfData;
116     public UInt32 ImageBase;
117     public UInt32 SectionAlignment;
118     public UInt32 FileAlignment;
119     public UInt16 MajorOperatingSystemVersion;
120     public UInt16 MinorOperatingSystemVersion;
121     public UInt16 MajorImageVersion;
122     public UInt16 MinorImageVersion;
123     public UInt16 MajorSubsystemVersion;
124     public UInt16 MinorSubsystemVersion;
125     public UInt32 Win32VersionValue;
126     public UInt32 SizeOfImage;
127     public UInt32 SizeOfHeaders;
128     public UInt32 CheckSum;
129     public SubSystemType Subsystem;
130     public DllCharacteristicsType DllCharacteristics;
131     public UInt32 SizeOfStackReserve;
132     public UInt32 SizeOfStackCommit;
133     public UInt32 SizeOfHeapReserve;
134     public UInt32 SizeOfHeapCommit;
135     public UInt32 LoaderFlags;
136     public UInt32 NumberOfRvaAndSizes;
137    
138     public IMAGE_DATA_DIRECTORY ExportTable;
139     public IMAGE_DATA_DIRECTORY ImportTable;
140     public IMAGE_DATA_DIRECTORY ResourceTable;
141     public IMAGE_DATA_DIRECTORY ExceptionTable;
142     public IMAGE_DATA_DIRECTORY CertificateTable;
143     public IMAGE_DATA_DIRECTORY BaseRelocationTable;
144     public IMAGE_DATA_DIRECTORY Debug;
145     public IMAGE_DATA_DIRECTORY Architecture;
146     public IMAGE_DATA_DIRECTORY GlobalPtr;
147     public IMAGE_DATA_DIRECTORY TLSTable;
148     public IMAGE_DATA_DIRECTORY LoadConfigTable;
149     public IMAGE_DATA_DIRECTORY BoundImport;
150     public IMAGE_DATA_DIRECTORY IAT;
151     public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
152     public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
153     public IMAGE_DATA_DIRECTORY Reserved;
154     }
155    
156     [StructLayout(LayoutKind.Sequential, Pack = 1)]
157     public struct IMAGE_OPTIONAL_HEADER64
158     {
159     public UInt16 Magic;
160     public Byte MajorLinkerVersion;
161     public Byte MinorLinkerVersion;
162     public UInt32 SizeOfCode;
163     public UInt32 SizeOfInitializedData;
164     public UInt32 SizeOfUninitializedData;
165     public UInt32 AddressOfEntryPoint;
166     public UInt32 BaseOfCode;
167     public UInt64 ImageBase;
168     public UInt32 SectionAlignment;
169     public UInt32 FileAlignment;
170     public UInt16 MajorOperatingSystemVersion;
171     public UInt16 MinorOperatingSystemVersion;
172     public UInt16 MajorImageVersion;
173     public UInt16 MinorImageVersion;
174     public UInt16 MajorSubsystemVersion;
175     public UInt16 MinorSubsystemVersion;
176     public UInt32 Win32VersionValue;
177     public UInt32 SizeOfImage;
178     public UInt32 SizeOfHeaders;
179     public UInt32 CheckSum;
180     public UInt16 Subsystem;
181     public DllCharacteristicsType DllCharacteristics;
182     public UInt64 SizeOfStackReserve;
183     public UInt64 SizeOfStackCommit;
184     public UInt64 SizeOfHeapReserve;
185     public UInt64 SizeOfHeapCommit;
186     public UInt32 LoaderFlags;
187     public UInt32 NumberOfRvaAndSizes;
188    
189     public IMAGE_DATA_DIRECTORY ExportTable;
190     public IMAGE_DATA_DIRECTORY ImportTable;
191     public IMAGE_DATA_DIRECTORY ResourceTable;
192     public IMAGE_DATA_DIRECTORY ExceptionTable;
193     public IMAGE_DATA_DIRECTORY CertificateTable;
194     public IMAGE_DATA_DIRECTORY BaseRelocationTable;
195     public IMAGE_DATA_DIRECTORY Debug;
196     public IMAGE_DATA_DIRECTORY Architecture;
197     public IMAGE_DATA_DIRECTORY GlobalPtr;
198     public IMAGE_DATA_DIRECTORY TLSTable;
199     public IMAGE_DATA_DIRECTORY LoadConfigTable;
200     public IMAGE_DATA_DIRECTORY BoundImport;
201     public IMAGE_DATA_DIRECTORY IAT;
202     public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
203     public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
204     public IMAGE_DATA_DIRECTORY Reserved;
205     }
206    
207     [StructLayout(LayoutKind.Sequential, Pack = 1)]
208     public struct IMAGE_FILE_HEADER
209     {
210     public MachineTypeFlags Machine;
211     public UInt16 NumberOfSections;
212     public UInt32 TimeDateStamp;
213     public UInt32 PointerToSymbolTable;
214     public UInt32 NumberOfSymbols;
215     public UInt16 SizeOfOptionalHeader;
216     public FileCharacteristicType Characteristics;
217     }
218    
219     // Grabbed the following 2 definitions from http://www.pinvoke.net/default.aspx/Structures/IMAGE_SECTION_HEADER.html
220    
221     [StructLayout(LayoutKind.Explicit)]
222     public struct IMAGE_SECTION_HEADER
223     {
224     [FieldOffset(0)]
225     [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
226     public char[] Name;
227     [FieldOffset(8)]
228     public UInt32 VirtualSize;
229     [FieldOffset(12)]
230     public UInt32 VirtualAddress;
231     [FieldOffset(16)]
232     public UInt32 SizeOfRawData;
233     [FieldOffset(20)]
234     public UInt32 PointerToRawData;
235     [FieldOffset(24)]
236     public UInt32 PointerToRelocations;
237     [FieldOffset(28)]
238     public UInt32 PointerToLinenumbers;
239     [FieldOffset(32)]
240     public UInt16 NumberOfRelocations;
241     [FieldOffset(34)]
242     public UInt16 NumberOfLinenumbers;
243     [FieldOffset(36)]
244     public DataSectionFlags Characteristics;
245    
246     public string Section
247     {
248     get { return new string(Name); }
249     }
250     }
251     #endregion File Header Structures
252    
253    
254     #region code
255     #region helpers
256     [Flags]
257     public enum MachineTypeFlags
258     {
259     x86 = 0x14C,
260     Alpha = 0x184,
261     ARM = 0x1C0,
262     MIPS16R3000 = 0x162,
263     MIPS16R4000 = 0x166,
264     MIPS16R10000 = 0x168,
265     PowerPCLE = 0x1F0,
266     PowerPCBE = 0x1F2,
267     Itanium = 0x200,
268     MIPS16 = 0x266,
269     Alpha64 = 0x284,
270     MIPSFPU = 0x366,
271     MIPSFPU16 = 0x466,
272     x64 = 0x8664,
273     }
274     public enum MagicType : ushort
275     {
276     NT_OPTIONAL_HEADER_NOT_PRESENT, // 0
277     NT_OPTIONAL_HEADER_32 = 0x10b,
278     NT_OPTIONAL_HEADER_64 = 0x20b
279     }
280     public enum SubSystemType : ushort
281     {
282     IMAGE_SUBSYSTEM_UNKNOWN = 0,
283     IMAGE_SUBSYSTEM_NATIVE = 1,
284     IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
285     IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
286     IMAGE_SUBSYSTEM_POSIX_CUI = 7,
287     IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
288     IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
289     IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
290     IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
291     IMAGE_SUBSYSTEM_EFI_ROM = 13,
292     IMAGE_SUBSYSTEM_XBOX = 14
293    
294     }
295     public enum DllCharacteristicsType : ushort
296     {
297     RES_0 = 0x0001,
298     RES_1 = 0x0002,
299     RES_2 = 0x0004,
300     RES_3 = 0x0008,
301     IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
302     IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
303     IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
304     IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
305     IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
306     IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
307     RES_4 = 0x1000,
308     IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
309     IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
310     }
311     [Flags]
312     public enum FileCharacteristicType : ushort
313     {
314     RelocationInformationStrippedFromFile = 0x1,
315     Executable = 0x2,
316     LineNumbersStripped = 0x4,
317     SymbolTableStripped = 0x8,
318     AggresiveTrimWorkingSet = 0x10,
319     LargeAddressAware = 0x20,
320     Supports16Bit = 0x40,
321     ReservedBytesWo = 0x80,
322     Supports32Bit = 0x100,
323     DebugInfoStripped = 0x200,
324     RunFromSwapIfInRemovableMedia = 0x400,
325     RunFromSwapIfInNetworkMedia = 0x800,
326     IsSytemFile = 0x1000,
327     IsDLL = 0x2000,
328     IsOnlyForSingleCoreProcessor = 0x4000,
329     BytesOfWordReserved = 0x8000,
330     }
331     #region DataSectionFlags
332     [Flags]
333     public enum DataSectionFlags : uint
334     {
335     /// <summary>
336     /// Reserved for future use.
337     /// </summary>
338     TypeReg = 0x00000000,
339     /// <summary>
340     /// Reserved for future use.
341     /// </summary>
342     TypeDsect = 0x00000001,
343     /// <summary>
344     /// Reserved for future use.
345     /// </summary>
346     TypeNoLoad = 0x00000002,
347     /// <summary>
348     /// Reserved for future use.
349     /// </summary>
350     TypeGroup = 0x00000004,
351     /// <summary>
352     /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
353     /// </summary>
354     TypeNoPadded = 0x00000008,
355     /// <summary>
356     /// Reserved for future use.
357     /// </summary>
358     TypeCopy = 0x00000010,
359     /// <summary>
360     /// The section contains executable code.
361     /// </summary>
362     ContentCode = 0x00000020,
363     /// <summary>
364     /// The section contains initialized data.
365     /// </summary>
366     ContentInitializedData = 0x00000040,
367     /// <summary>
368     /// The section contains uninitialized data.
369     /// </summary>
370     ContentUninitializedData = 0x00000080,
371     /// <summary>
372     /// Reserved for future use.
373     /// </summary>
374     LinkOther = 0x00000100,
375     /// <summary>
376     /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
377     /// </summary>
378     LinkInfo = 0x00000200,
379     /// <summary>
380     /// Reserved for future use.
381     /// </summary>
382     TypeOver = 0x00000400,
383     /// <summary>
384     /// The section will not become part of the image. This is valid only for object files.
385     /// </summary>
386     LinkRemove = 0x00000800,
387     /// <summary>
388     /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
389     /// </summary>
390     LinkComDat = 0x00001000,
391     /// <summary>
392     /// Reset speculative exceptions handling bits in the TLB entries for this section.
393     /// </summary>
394     NoDeferSpecExceptions = 0x00004000,
395     /// <summary>
396     /// The section contains data referenced through the global pointer (GP).
397     /// </summary>
398     RelativeGP = 0x00008000,
399     /// <summary>
400     /// Reserved for future use.
401     /// </summary>
402     MemPurgeable = 0x00020000,
403     /// <summary>
404     /// Reserved for future use.
405     /// </summary>
406     Memory16Bit = 0x00020000,
407     /// <summary>
408     /// Reserved for future use.
409     /// </summary>
410     MemoryLocked = 0x00040000,
411     /// <summary>
412     /// Reserved for future use.
413     /// </summary>
414     MemoryPreload = 0x00080000,
415     /// <summary>
416     /// Align data on a 1-byte boundary. Valid only for object files.
417     /// </summary>
418     Align1Bytes = 0x00100000,
419     /// <summary>
420     /// Align data on a 2-byte boundary. Valid only for object files.
421     /// </summary>
422     Align2Bytes = 0x00200000,
423     /// <summary>
424     /// Align data on a 4-byte boundary. Valid only for object files.
425     /// </summary>
426     Align4Bytes = 0x00300000,
427     /// <summary>
428     /// Align data on an 8-byte boundary. Valid only for object files.
429     /// </summary>
430     Align8Bytes = 0x00400000,
431     /// <summary>
432     /// Align data on a 16-byte boundary. Valid only for object files.
433     /// </summary>
434     Align16Bytes = 0x00500000,
435     /// <summary>
436     /// Align data on a 32-byte boundary. Valid only for object files.
437     /// </summary>
438     Align32Bytes = 0x00600000,
439     /// <summary>
440     /// Align data on a 64-byte boundary. Valid only for object files.
441     /// </summary>
442     Align64Bytes = 0x00700000,
443     /// <summary>
444     /// Align data on a 128-byte boundary. Valid only for object files.
445     /// </summary>
446     Align128Bytes = 0x00800000,
447     /// <summary>
448     /// Align data on a 256-byte boundary. Valid only for object files.
449     /// </summary>
450     Align256Bytes = 0x00900000,
451     /// <summary>
452     /// Align data on a 512-byte boundary. Valid only for object files.
453     /// </summary>
454     Align512Bytes = 0x00A00000,
455     /// <summary>
456     /// Align data on a 1024-byte boundary. Valid only for object files.
457     /// </summary>
458     Align1024Bytes = 0x00B00000,
459     /// <summary>
460     /// Align data on a 2048-byte boundary. Valid only for object files.
461     /// </summary>
462     Align2048Bytes = 0x00C00000,
463     /// <summary>
464     /// Align data on a 4096-byte boundary. Valid only for object files.
465     /// </summary>
466     Align4096Bytes = 0x00D00000,
467     /// <summary>
468     /// Align data on an 8192-byte boundary. Valid only for object files.
469     /// </summary>
470     Align8192Bytes = 0x00E00000,
471     /// <summary>
472     /// The section contains extended relocations.
473     /// </summary>
474     LinkExtendedRelocationOverflow = 0x01000000,
475     /// <summary>
476     /// The section can be discarded as needed.
477     /// </summary>
478     MemoryDiscardable = 0x02000000,
479     /// <summary>
480     /// The section cannot be cached.
481     /// </summary>
482     MemoryNotCached = 0x04000000,
483     /// <summary>
484     /// The section is not pageable.
485     /// </summary>
486     MemoryNotPaged = 0x08000000,
487     /// <summary>
488     /// The section can be shared in memory.
489     /// </summary>
490     MemoryShared = 0x10000000,
491     /// <summary>
492     /// The section can be executed as code.
493     /// </summary>
494     MemoryExecute = 0x20000000,
495     /// <summary>
496     /// The section can be read.
497     /// </summary>
498     MemoryRead = 0x40000000,
499     /// <summary>
500     /// The section can be written to.
501     /// </summary>
502     MemoryWrite = 0x80000000
503     }
504     #endregion
505     #endregion
506     /// <summary>
507     /// Reads in the header information of the Portable Executable format.
508     /// Provides information such as the date the assembly was compiled.
509     /// </summary>
510     public class PeHeaderReader
511     {
512    
513    
514     #region Private Fields
515    
516     private UInt32 ntSignature;
517     /// <summary>
518     /// The DOS header
519     /// </summary>
520     private IMAGE_DOS_HEADER dosHeader;
521     /// <summary>
522     /// The file header
523     /// </summary>
524     private IMAGE_FILE_HEADER fileHeader;
525     /// <summary>
526     /// Optional 32 bit file header
527     /// </summary>
528     private IMAGE_OPTIONAL_HEADER32 optionalHeader32;
529     /// <summary>
530     /// Optional 64 bit file header
531     /// </summary>
532     private IMAGE_OPTIONAL_HEADER64 optionalHeader64;
533     /// <summary>
534     /// Image Section headers. Number of sections is in the file header.
535     /// </summary>
536     private IMAGE_SECTION_HEADER[] imageSectionHeaders;
537    
538     #endregion Private Fields
539    
540     #region Public Methods
541    
542     public PeHeaderReader(string filePath)
543     {
544     // Read in the DLL or EXE and get the timestamp
545     using (FileStream stream = new FileStream(filePath, System.IO.FileMode.Open, System.IO.FileAccess.Read))
546     {
547     BinaryReader reader = new BinaryReader(stream);
548     dosHeader = FromBinaryReader<IMAGE_DOS_HEADER>(reader);
549    
550     // Add 4 bytes to the offset
551     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
552    
553     UInt32 ntHeadersSignature = reader.ReadUInt32();
554     ntSignature = ntHeadersSignature;
555     fileHeader = FromBinaryReader<IMAGE_FILE_HEADER>(reader);
556     if (this.Is32BitHeader)
557     {
558     optionalHeader32 = FromBinaryReader<IMAGE_OPTIONAL_HEADER32>(reader);
559     }
560     else
561     {
562     optionalHeader64 = FromBinaryReader<IMAGE_OPTIONAL_HEADER64>(reader);
563     }
564    
565     imageSectionHeaders = new IMAGE_SECTION_HEADER[fileHeader.NumberOfSections];
566     for (int headerNo = 0; headerNo < imageSectionHeaders.Length; ++headerNo)
567     {
568     imageSectionHeaders[headerNo] = FromBinaryReader<IMAGE_SECTION_HEADER>(reader);
569     }
570    
571     }
572     }
573    
574     /// <summary>
575     /// Gets the header of the .NET assembly that called this function
576     /// </summary>
577     /// <returns></returns>
578     public static PeHeaderReader GetCallingAssemblyHeader()
579     {
580     // Get the path to the calling assembly, which is the path to the
581     // DLL or EXE that we want the time of
582     string filePath = System.Reflection.Assembly.GetCallingAssembly().Location;
583    
584     // Get and return the timestamp
585     return new PeHeaderReader(filePath);
586     }
587    
588     /// <summary>
589     /// Gets the header of the .NET assembly that called this function
590     /// </summary>
591     /// <returns></returns>
592     public static PeHeaderReader GetAssemblyHeader()
593     {
594     // Get the path to the calling assembly, which is the path to the
595     // DLL or EXE that we want the time of
596     string filePath = System.Reflection.Assembly.GetAssembly(typeof(PeHeaderReader)).Location;
597    
598     // Get and return the timestamp
599     return new PeHeaderReader(filePath);
600     }
601    
602     /// <summary>
603     /// Reads in a block from a file and converts it to the struct
604     /// type specified by the template parameter
605     /// </summary>
606     /// <typeparam name="T"></typeparam>
607     /// <param name="reader"></param>
608     /// <returns></returns>
609     public static T FromBinaryReader<T>(BinaryReader reader)
610     {
611     // Read in a byte array
612     byte[] bytes = reader.ReadBytes(Marshal.SizeOf(typeof(T)));
613    
614     // Pin the managed memory while, copy it out the data, then unpin it
615     GCHandle handle = GCHandle.Alloc(bytes, GCHandleType.Pinned);
616     T theStructure = (T)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T));
617     handle.Free();
618    
619     return theStructure;
620     }
621    
622     #endregion Public Methods
623    
624     #region Properties
625    
626     /// <summary>
627     /// Gets if the file header is 32 bit or not
628     /// </summary>
629     public bool Is32BitHeader
630     {
631     get
632     {
633     return FileHeader.Characteristics.HasFlag(FileCharacteristicType.Supports32Bit);
634     }
635     }
636    
637     /// <summary>
638     /// Gets the file header
639     /// </summary>
640     public IMAGE_FILE_HEADER FileHeader
641     {
642     get
643     {
644     return fileHeader;
645     }
646     }
647     /// <summary>
648     /// Gets the file header
649     /// </summary>
650     public UInt32 NTSignature
651     {
652     get
653     {
654     return ntSignature;
655     }
656     }
657     /// <summary>
658     /// Gets the file header
659     /// </summary>
660     public IMAGE_DOS_HEADER DosHeader
661     {
662     get
663     {
664     return dosHeader;
665     }
666     }
667     /// <summary>
668     /// Gets the optional header
669     /// </summary>
670     public IMAGE_OPTIONAL_HEADER32 OptionalHeader32
671     {
672     get
673     {
674     return optionalHeader32;
675     }
676     }
677    
678     /// <summary>
679     /// Gets the optional header
680     /// </summary>
681     public IMAGE_OPTIONAL_HEADER64 OptionalHeader64
682     {
683     get
684     {
685     return optionalHeader64;
686     }
687     }
688    
689     public IMAGE_SECTION_HEADER[] ImageSectionHeaders
690     {
691     get
692     {
693     return imageSectionHeaders;
694     }
695     }
696    
697     /// <summary>
698     /// Gets the timestamp from the file header
699     /// </summary>
700     public DateTime TimeStamp
701     {
702     get
703     {
704     // Timestamp is a date offset from 1970
705     DateTime returnValue = new DateTime(1970, 1, 1, 0, 0, 0);
706    
707     // Add in the number of seconds since 1970/1/1
708     returnValue = returnValue.AddSeconds(fileHeader.TimeDateStamp);
709     // Adjust to local timezone
710     returnValue += TimeZone.CurrentTimeZone.GetUtcOffset(returnValue);
711    
712     return returnValue;
713     }
714     }
715    
716     #endregion Properties
717     }
718     #endregion
719     }

  ViewVC Help
Powered by ViewVC 1.1.22