/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEData.cs
ViewVC logotype

Annotation of /trunk/Win32/Sojaner.MemoryScanner/PEData.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 608 - (hide annotations) (download)
Sat Jun 8 03:17:34 2013 UTC (7 years, 1 month ago) by william
File size: 27615 byte(s)
add: [TypeConverter(typeof(ExpandableObjectConverter))]

1 william 607 #region Logging Defines
2     // include this any class or method that required logging, and comment-out what is not needed
3    
4     #region Enabled logging levels
5     #define LOGGING_ENABLE_INFO
6     #define LOGGING_ENABLE_WARN
7     #define LOGGING_ENABLE_DEBUG
8     //#define LOGGING_ENABLE_VERBOSEDEBUG
9     #define LOGGING_ENABLE_ERROR
10     #define LOGGING_ENABLE_VERBOSEERROR
11     #define LOGGING_ENABLE_PROFILER
12     #endregion
13     #endregion
14    
15     using System;
16     using System.Collections.Generic;
17     using System.Runtime.InteropServices;
18     using System.IO;
19     using System.Diagnostics;
20     using RomCheater.PluginFramework.Interfaces;
21 william 608 using System.ComponentModel;
22 william 607
23     namespace Sojaner.MemoryScanner
24     {
25     public interface IPEDData
26     {
27     IMAGE_DOS_HEADER DosHeader { get; }
28     IMAGE_FILE_HEADER FileHeader { get; }
29     IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get; }
30     IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get; }
31     //IMAGE_SECTION_HEADER[] SectionHeaders { get; }
32     bool Is32bitAssembly();
33     }
34    
35     public class PEData : IPEDData
36     {
37     #region IPEDData Members
38     public IMAGE_DOS_HEADER DosHeader { get { if (reader == null) { return new IMAGE_DOS_HEADER(); } else { return reader.DosHeader; } } }
39     public UInt32 NTSignature { get { if (reader == null) { return 0; } else { return reader.NTSignature; } } }
40     public IMAGE_FILE_HEADER FileHeader { get { if (reader == null) { return new IMAGE_FILE_HEADER(); } else { return reader.FileHeader; } } }
41     public IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER32(); } else { return reader.OptionalHeader32; } } }
42     public IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER64(); } else { return reader.OptionalHeader64; } } }
43     public Boolean Is32bitAssembly() { if (reader == null) { return true; } else { return reader.Is32BitHeader; } }
44     #endregion
45    
46     private PeHeaderReader reader = null;
47    
48     public static readonly IPEDData Empty = new PEData();
49    
50     protected PEData() { }
51     public PEData(IAcceptsProcess iap)
52     {
53     if (iap == null) { throw new ArgumentNullException("iap", "The selected process cannot be null"); }
54     Process p = iap.AcceptedProcess;
55     string filename = p.MainModule.FileName;
56     reader = new PeHeaderReader(filename);
57     }
58     public PEData(IAcceptsProcessAndConfig iapc) : this((IAcceptsProcess)iapc) { }
59     }
60    
61     #region File Header Structures
62 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
63 william 607 public struct IMAGE_DOS_HEADER
64     { // DOS .EXE header
65     public UInt16 e_magic; // Magic number
66     public UInt16 e_cblp; // Bytes on last page of file
67     public UInt16 e_cp; // Pages in file
68     public UInt16 e_crlc; // Relocations
69     public UInt16 e_cparhdr; // Size of header in paragraphs
70     public UInt16 e_minalloc; // Minimum extra paragraphs needed
71     public UInt16 e_maxalloc; // Maximum extra paragraphs needed
72     public UInt16 e_ss; // Initial (relative) SS value
73     public UInt16 e_sp; // Initial SP value
74     public UInt16 e_csum; // Checksum
75     public UInt16 e_ip; // Initial IP value
76     public UInt16 e_cs; // Initial (relative) CS value
77     public UInt16 e_lfarlc; // File address of relocation table
78     public UInt16 e_ovno; // Overlay number
79     public UInt16 e_res_0; // Reserved words
80     public UInt16 e_res_1; // Reserved words
81     public UInt16 e_res_2; // Reserved words
82     public UInt16 e_res_3; // Reserved words
83     public UInt16 e_oemid; // OEM identifier (for e_oeminfo)
84     public UInt16 e_oeminfo; // OEM information; e_oemid specific
85     public UInt16 e_res2_0; // Reserved words
86     public UInt16 e_res2_1; // Reserved words
87     public UInt16 e_res2_2; // Reserved words
88     public UInt16 e_res2_3; // Reserved words
89     public UInt16 e_res2_4; // Reserved words
90     public UInt16 e_res2_5; // Reserved words
91     public UInt16 e_res2_6; // Reserved words
92     public UInt16 e_res2_7; // Reserved words
93     public UInt16 e_res2_8; // Reserved words
94     public UInt16 e_res2_9; // Reserved words
95     public UInt32 e_lfanew; // File address of new exe header
96     }
97 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
98 william 607 [StructLayout(LayoutKind.Sequential)]
99     public struct IMAGE_DATA_DIRECTORY
100     {
101     public UInt32 VirtualAddress;
102     public UInt32 Size;
103     }
104 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
105 william 607 [StructLayout(LayoutKind.Sequential, Pack = 1)]
106     public struct IMAGE_OPTIONAL_HEADER32
107     {
108     public UInt16 Magic;
109     public Byte MajorLinkerVersion;
110     public Byte MinorLinkerVersion;
111     public UInt32 SizeOfCode;
112     public UInt32 SizeOfInitializedData;
113     public UInt32 SizeOfUninitializedData;
114     public UInt32 AddressOfEntryPoint;
115     public UInt32 BaseOfCode;
116     public UInt32 BaseOfData;
117     public UInt32 ImageBase;
118     public UInt32 SectionAlignment;
119     public UInt32 FileAlignment;
120     public UInt16 MajorOperatingSystemVersion;
121     public UInt16 MinorOperatingSystemVersion;
122     public UInt16 MajorImageVersion;
123     public UInt16 MinorImageVersion;
124     public UInt16 MajorSubsystemVersion;
125     public UInt16 MinorSubsystemVersion;
126     public UInt32 Win32VersionValue;
127     public UInt32 SizeOfImage;
128     public UInt32 SizeOfHeaders;
129     public UInt32 CheckSum;
130     public SubSystemType Subsystem;
131     public DllCharacteristicsType DllCharacteristics;
132     public UInt32 SizeOfStackReserve;
133     public UInt32 SizeOfStackCommit;
134     public UInt32 SizeOfHeapReserve;
135     public UInt32 SizeOfHeapCommit;
136     public UInt32 LoaderFlags;
137     public UInt32 NumberOfRvaAndSizes;
138    
139     public IMAGE_DATA_DIRECTORY ExportTable;
140     public IMAGE_DATA_DIRECTORY ImportTable;
141     public IMAGE_DATA_DIRECTORY ResourceTable;
142     public IMAGE_DATA_DIRECTORY ExceptionTable;
143     public IMAGE_DATA_DIRECTORY CertificateTable;
144     public IMAGE_DATA_DIRECTORY BaseRelocationTable;
145     public IMAGE_DATA_DIRECTORY Debug;
146     public IMAGE_DATA_DIRECTORY Architecture;
147     public IMAGE_DATA_DIRECTORY GlobalPtr;
148     public IMAGE_DATA_DIRECTORY TLSTable;
149     public IMAGE_DATA_DIRECTORY LoadConfigTable;
150     public IMAGE_DATA_DIRECTORY BoundImport;
151     public IMAGE_DATA_DIRECTORY IAT;
152     public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
153     public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
154     public IMAGE_DATA_DIRECTORY Reserved;
155     }
156    
157     [StructLayout(LayoutKind.Sequential, Pack = 1)]
158 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
159 william 607 public struct IMAGE_OPTIONAL_HEADER64
160     {
161     public UInt16 Magic;
162     public Byte MajorLinkerVersion;
163     public Byte MinorLinkerVersion;
164     public UInt32 SizeOfCode;
165     public UInt32 SizeOfInitializedData;
166     public UInt32 SizeOfUninitializedData;
167     public UInt32 AddressOfEntryPoint;
168     public UInt32 BaseOfCode;
169     public UInt64 ImageBase;
170     public UInt32 SectionAlignment;
171     public UInt32 FileAlignment;
172     public UInt16 MajorOperatingSystemVersion;
173     public UInt16 MinorOperatingSystemVersion;
174     public UInt16 MajorImageVersion;
175     public UInt16 MinorImageVersion;
176     public UInt16 MajorSubsystemVersion;
177     public UInt16 MinorSubsystemVersion;
178     public UInt32 Win32VersionValue;
179     public UInt32 SizeOfImage;
180     public UInt32 SizeOfHeaders;
181     public UInt32 CheckSum;
182     public UInt16 Subsystem;
183     public DllCharacteristicsType DllCharacteristics;
184     public UInt64 SizeOfStackReserve;
185     public UInt64 SizeOfStackCommit;
186     public UInt64 SizeOfHeapReserve;
187     public UInt64 SizeOfHeapCommit;
188     public UInt32 LoaderFlags;
189     public UInt32 NumberOfRvaAndSizes;
190    
191     public IMAGE_DATA_DIRECTORY ExportTable;
192     public IMAGE_DATA_DIRECTORY ImportTable;
193     public IMAGE_DATA_DIRECTORY ResourceTable;
194     public IMAGE_DATA_DIRECTORY ExceptionTable;
195     public IMAGE_DATA_DIRECTORY CertificateTable;
196     public IMAGE_DATA_DIRECTORY BaseRelocationTable;
197     public IMAGE_DATA_DIRECTORY Debug;
198     public IMAGE_DATA_DIRECTORY Architecture;
199     public IMAGE_DATA_DIRECTORY GlobalPtr;
200     public IMAGE_DATA_DIRECTORY TLSTable;
201     public IMAGE_DATA_DIRECTORY LoadConfigTable;
202     public IMAGE_DATA_DIRECTORY BoundImport;
203     public IMAGE_DATA_DIRECTORY IAT;
204     public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
205     public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
206     public IMAGE_DATA_DIRECTORY Reserved;
207     }
208    
209     [StructLayout(LayoutKind.Sequential, Pack = 1)]
210 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
211 william 607 public struct IMAGE_FILE_HEADER
212     {
213     public MachineTypeFlags Machine;
214     public UInt16 NumberOfSections;
215     public UInt32 TimeDateStamp;
216     public UInt32 PointerToSymbolTable;
217     public UInt32 NumberOfSymbols;
218     public UInt16 SizeOfOptionalHeader;
219     public FileCharacteristicType Characteristics;
220     }
221    
222     // Grabbed the following 2 definitions from http://www.pinvoke.net/default.aspx/Structures/IMAGE_SECTION_HEADER.html
223    
224 william 608 [TypeConverter(typeof(ExpandableObjectConverter))]
225 william 607 [StructLayout(LayoutKind.Explicit)]
226     public struct IMAGE_SECTION_HEADER
227     {
228     [FieldOffset(0)]
229     [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
230     public char[] Name;
231     [FieldOffset(8)]
232     public UInt32 VirtualSize;
233     [FieldOffset(12)]
234     public UInt32 VirtualAddress;
235     [FieldOffset(16)]
236     public UInt32 SizeOfRawData;
237     [FieldOffset(20)]
238     public UInt32 PointerToRawData;
239     [FieldOffset(24)]
240     public UInt32 PointerToRelocations;
241     [FieldOffset(28)]
242     public UInt32 PointerToLinenumbers;
243     [FieldOffset(32)]
244     public UInt16 NumberOfRelocations;
245     [FieldOffset(34)]
246     public UInt16 NumberOfLinenumbers;
247     [FieldOffset(36)]
248     public DataSectionFlags Characteristics;
249    
250     public string Section
251     {
252     get { return new string(Name); }
253     }
254     }
255     #endregion File Header Structures
256    
257    
258     #region code
259     #region helpers
260     [Flags]
261     public enum MachineTypeFlags
262     {
263     x86 = 0x14C,
264     Alpha = 0x184,
265     ARM = 0x1C0,
266     MIPS16R3000 = 0x162,
267     MIPS16R4000 = 0x166,
268     MIPS16R10000 = 0x168,
269     PowerPCLE = 0x1F0,
270     PowerPCBE = 0x1F2,
271     Itanium = 0x200,
272     MIPS16 = 0x266,
273     Alpha64 = 0x284,
274     MIPSFPU = 0x366,
275     MIPSFPU16 = 0x466,
276     x64 = 0x8664,
277     }
278     public enum MagicType : ushort
279     {
280     NT_OPTIONAL_HEADER_NOT_PRESENT, // 0
281     NT_OPTIONAL_HEADER_32 = 0x10b,
282     NT_OPTIONAL_HEADER_64 = 0x20b
283     }
284     public enum SubSystemType : ushort
285     {
286     IMAGE_SUBSYSTEM_UNKNOWN = 0,
287     IMAGE_SUBSYSTEM_NATIVE = 1,
288     IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
289     IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
290     IMAGE_SUBSYSTEM_POSIX_CUI = 7,
291     IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
292     IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
293     IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
294     IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
295     IMAGE_SUBSYSTEM_EFI_ROM = 13,
296     IMAGE_SUBSYSTEM_XBOX = 14
297    
298     }
299     public enum DllCharacteristicsType : ushort
300     {
301     RES_0 = 0x0001,
302     RES_1 = 0x0002,
303     RES_2 = 0x0004,
304     RES_3 = 0x0008,
305     IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
306     IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
307     IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
308     IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
309     IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
310     IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
311     RES_4 = 0x1000,
312     IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
313     IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
314     }
315     [Flags]
316     public enum FileCharacteristicType : ushort
317     {
318     RelocationInformationStrippedFromFile = 0x1,
319     Executable = 0x2,
320     LineNumbersStripped = 0x4,
321     SymbolTableStripped = 0x8,
322     AggresiveTrimWorkingSet = 0x10,
323     LargeAddressAware = 0x20,
324     Supports16Bit = 0x40,
325     ReservedBytesWo = 0x80,
326     Supports32Bit = 0x100,
327     DebugInfoStripped = 0x200,
328     RunFromSwapIfInRemovableMedia = 0x400,
329     RunFromSwapIfInNetworkMedia = 0x800,
330     IsSytemFile = 0x1000,
331     IsDLL = 0x2000,
332     IsOnlyForSingleCoreProcessor = 0x4000,
333     BytesOfWordReserved = 0x8000,
334     }
335     #region DataSectionFlags
336     [Flags]
337     public enum DataSectionFlags : uint
338     {
339     /// <summary>
340     /// Reserved for future use.
341     /// </summary>
342     TypeReg = 0x00000000,
343     /// <summary>
344     /// Reserved for future use.
345     /// </summary>
346     TypeDsect = 0x00000001,
347     /// <summary>
348     /// Reserved for future use.
349     /// </summary>
350     TypeNoLoad = 0x00000002,
351     /// <summary>
352     /// Reserved for future use.
353     /// </summary>
354     TypeGroup = 0x00000004,
355     /// <summary>
356     /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
357     /// </summary>
358     TypeNoPadded = 0x00000008,
359     /// <summary>
360     /// Reserved for future use.
361     /// </summary>
362     TypeCopy = 0x00000010,
363     /// <summary>
364     /// The section contains executable code.
365     /// </summary>
366     ContentCode = 0x00000020,
367     /// <summary>
368     /// The section contains initialized data.
369     /// </summary>
370     ContentInitializedData = 0x00000040,
371     /// <summary>
372     /// The section contains uninitialized data.
373     /// </summary>
374     ContentUninitializedData = 0x00000080,
375     /// <summary>
376     /// Reserved for future use.
377     /// </summary>
378     LinkOther = 0x00000100,
379     /// <summary>
380     /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
381     /// </summary>
382     LinkInfo = 0x00000200,
383     /// <summary>
384     /// Reserved for future use.
385     /// </summary>
386     TypeOver = 0x00000400,
387     /// <summary>
388     /// The section will not become part of the image. This is valid only for object files.
389     /// </summary>
390     LinkRemove = 0x00000800,
391     /// <summary>
392     /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
393     /// </summary>
394     LinkComDat = 0x00001000,
395     /// <summary>
396     /// Reset speculative exceptions handling bits in the TLB entries for this section.
397     /// </summary>
398     NoDeferSpecExceptions = 0x00004000,
399     /// <summary>
400     /// The section contains data referenced through the global pointer (GP).
401     /// </summary>
402     RelativeGP = 0x00008000,
403     /// <summary>
404     /// Reserved for future use.
405     /// </summary>
406     MemPurgeable = 0x00020000,
407     /// <summary>
408     /// Reserved for future use.
409     /// </summary>
410     Memory16Bit = 0x00020000,
411     /// <summary>
412     /// Reserved for future use.
413     /// </summary>
414     MemoryLocked = 0x00040000,
415     /// <summary>
416     /// Reserved for future use.
417     /// </summary>
418     MemoryPreload = 0x00080000,
419     /// <summary>
420     /// Align data on a 1-byte boundary. Valid only for object files.
421     /// </summary>
422     Align1Bytes = 0x00100000,
423     /// <summary>
424     /// Align data on a 2-byte boundary. Valid only for object files.
425     /// </summary>
426     Align2Bytes = 0x00200000,
427     /// <summary>
428     /// Align data on a 4-byte boundary. Valid only for object files.
429     /// </summary>
430     Align4Bytes = 0x00300000,
431     /// <summary>
432     /// Align data on an 8-byte boundary. Valid only for object files.
433     /// </summary>
434     Align8Bytes = 0x00400000,
435     /// <summary>
436     /// Align data on a 16-byte boundary. Valid only for object files.
437     /// </summary>
438     Align16Bytes = 0x00500000,
439     /// <summary>
440     /// Align data on a 32-byte boundary. Valid only for object files.
441     /// </summary>
442     Align32Bytes = 0x00600000,
443     /// <summary>
444     /// Align data on a 64-byte boundary. Valid only for object files.
445     /// </summary>
446     Align64Bytes = 0x00700000,
447     /// <summary>
448     /// Align data on a 128-byte boundary. Valid only for object files.
449     /// </summary>
450     Align128Bytes = 0x00800000,
451     /// <summary>
452     /// Align data on a 256-byte boundary. Valid only for object files.
453     /// </summary>
454     Align256Bytes = 0x00900000,
455     /// <summary>
456     /// Align data on a 512-byte boundary. Valid only for object files.
457     /// </summary>
458     Align512Bytes = 0x00A00000,
459     /// <summary>
460     /// Align data on a 1024-byte boundary. Valid only for object files.
461     /// </summary>
462     Align1024Bytes = 0x00B00000,
463     /// <summary>
464     /// Align data on a 2048-byte boundary. Valid only for object files.
465     /// </summary>
466     Align2048Bytes = 0x00C00000,
467     /// <summary>
468     /// Align data on a 4096-byte boundary. Valid only for object files.
469     /// </summary>
470     Align4096Bytes = 0x00D00000,
471     /// <summary>
472     /// Align data on an 8192-byte boundary. Valid only for object files.
473     /// </summary>
474     Align8192Bytes = 0x00E00000,
475     /// <summary>
476     /// The section contains extended relocations.
477     /// </summary>
478     LinkExtendedRelocationOverflow = 0x01000000,
479     /// <summary>
480     /// The section can be discarded as needed.
481     /// </summary>
482     MemoryDiscardable = 0x02000000,
483     /// <summary>
484     /// The section cannot be cached.
485     /// </summary>
486     MemoryNotCached = 0x04000000,
487     /// <summary>
488     /// The section is not pageable.
489     /// </summary>
490     MemoryNotPaged = 0x08000000,
491     /// <summary>
492     /// The section can be shared in memory.
493     /// </summary>
494     MemoryShared = 0x10000000,
495     /// <summary>
496     /// The section can be executed as code.
497     /// </summary>
498     MemoryExecute = 0x20000000,
499     /// <summary>
500     /// The section can be read.
501     /// </summary>
502     MemoryRead = 0x40000000,
503     /// <summary>
504     /// The section can be written to.
505     /// </summary>
506     MemoryWrite = 0x80000000
507     }
508     #endregion
509     #endregion
510     /// <summary>
511     /// Reads in the header information of the Portable Executable format.
512     /// Provides information such as the date the assembly was compiled.
513     /// </summary>
514     public class PeHeaderReader
515     {
516    
517    
518     #region Private Fields
519    
520     private UInt32 ntSignature;
521     /// <summary>
522     /// The DOS header
523     /// </summary>
524     private IMAGE_DOS_HEADER dosHeader;
525     /// <summary>
526     /// The file header
527     /// </summary>
528     private IMAGE_FILE_HEADER fileHeader;
529     /// <summary>
530     /// Optional 32 bit file header
531     /// </summary>
532     private IMAGE_OPTIONAL_HEADER32 optionalHeader32;
533     /// <summary>
534     /// Optional 64 bit file header
535     /// </summary>
536     private IMAGE_OPTIONAL_HEADER64 optionalHeader64;
537     /// <summary>
538     /// Image Section headers. Number of sections is in the file header.
539     /// </summary>
540     private IMAGE_SECTION_HEADER[] imageSectionHeaders;
541    
542     #endregion Private Fields
543    
544     #region Public Methods
545    
546     public PeHeaderReader(string filePath)
547     {
548     // Read in the DLL or EXE and get the timestamp
549     using (FileStream stream = new FileStream(filePath, System.IO.FileMode.Open, System.IO.FileAccess.Read))
550     {
551     BinaryReader reader = new BinaryReader(stream);
552     dosHeader = FromBinaryReader<IMAGE_DOS_HEADER>(reader);
553    
554     // Add 4 bytes to the offset
555     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
556    
557     UInt32 ntHeadersSignature = reader.ReadUInt32();
558     ntSignature = ntHeadersSignature;
559     fileHeader = FromBinaryReader<IMAGE_FILE_HEADER>(reader);
560     if (this.Is32BitHeader)
561     {
562     optionalHeader32 = FromBinaryReader<IMAGE_OPTIONAL_HEADER32>(reader);
563     }
564     else
565     {
566     optionalHeader64 = FromBinaryReader<IMAGE_OPTIONAL_HEADER64>(reader);
567     }
568    
569     imageSectionHeaders = new IMAGE_SECTION_HEADER[fileHeader.NumberOfSections];
570     for (int headerNo = 0; headerNo < imageSectionHeaders.Length; ++headerNo)
571     {
572     imageSectionHeaders[headerNo] = FromBinaryReader<IMAGE_SECTION_HEADER>(reader);
573     }
574    
575     }
576     }
577    
578     /// <summary>
579     /// Gets the header of the .NET assembly that called this function
580     /// </summary>
581     /// <returns></returns>
582     public static PeHeaderReader GetCallingAssemblyHeader()
583     {
584     // Get the path to the calling assembly, which is the path to the
585     // DLL or EXE that we want the time of
586     string filePath = System.Reflection.Assembly.GetCallingAssembly().Location;
587    
588     // Get and return the timestamp
589     return new PeHeaderReader(filePath);
590     }
591    
592     /// <summary>
593     /// Gets the header of the .NET assembly that called this function
594     /// </summary>
595     /// <returns></returns>
596     public static PeHeaderReader GetAssemblyHeader()
597     {
598     // Get the path to the calling assembly, which is the path to the
599     // DLL or EXE that we want the time of
600     string filePath = System.Reflection.Assembly.GetAssembly(typeof(PeHeaderReader)).Location;
601    
602     // Get and return the timestamp
603     return new PeHeaderReader(filePath);
604     }
605    
606     /// <summary>
607     /// Reads in a block from a file and converts it to the struct
608     /// type specified by the template parameter
609     /// </summary>
610     /// <typeparam name="T"></typeparam>
611     /// <param name="reader"></param>
612     /// <returns></returns>
613     public static T FromBinaryReader<T>(BinaryReader reader)
614     {
615     // Read in a byte array
616     byte[] bytes = reader.ReadBytes(Marshal.SizeOf(typeof(T)));
617    
618     // Pin the managed memory while, copy it out the data, then unpin it
619     GCHandle handle = GCHandle.Alloc(bytes, GCHandleType.Pinned);
620     T theStructure = (T)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T));
621     handle.Free();
622    
623     return theStructure;
624     }
625    
626     #endregion Public Methods
627    
628     #region Properties
629    
630     /// <summary>
631     /// Gets if the file header is 32 bit or not
632     /// </summary>
633     public bool Is32BitHeader
634     {
635     get
636     {
637     return FileHeader.Characteristics.HasFlag(FileCharacteristicType.Supports32Bit);
638     }
639     }
640    
641     /// <summary>
642     /// Gets the file header
643     /// </summary>
644     public IMAGE_FILE_HEADER FileHeader
645     {
646     get
647     {
648     return fileHeader;
649     }
650     }
651     /// <summary>
652     /// Gets the file header
653     /// </summary>
654     public UInt32 NTSignature
655     {
656     get
657     {
658     return ntSignature;
659     }
660     }
661     /// <summary>
662     /// Gets the file header
663     /// </summary>
664     public IMAGE_DOS_HEADER DosHeader
665     {
666     get
667     {
668     return dosHeader;
669     }
670     }
671     /// <summary>
672     /// Gets the optional header
673     /// </summary>
674     public IMAGE_OPTIONAL_HEADER32 OptionalHeader32
675     {
676     get
677     {
678     return optionalHeader32;
679     }
680     }
681    
682     /// <summary>
683     /// Gets the optional header
684     /// </summary>
685     public IMAGE_OPTIONAL_HEADER64 OptionalHeader64
686     {
687     get
688     {
689     return optionalHeader64;
690     }
691     }
692    
693     public IMAGE_SECTION_HEADER[] ImageSectionHeaders
694     {
695     get
696     {
697     return imageSectionHeaders;
698     }
699     }
700    
701     /// <summary>
702     /// Gets the timestamp from the file header
703     /// </summary>
704     public DateTime TimeStamp
705     {
706     get
707     {
708     // Timestamp is a date offset from 1970
709     DateTime returnValue = new DateTime(1970, 1, 1, 0, 0, 0);
710    
711     // Add in the number of seconds since 1970/1/1
712     returnValue = returnValue.AddSeconds(fileHeader.TimeDateStamp);
713     // Adjust to local timezone
714     returnValue += TimeZone.CurrentTimeZone.GetUtcOffset(returnValue);
715    
716     return returnValue;
717     }
718     }
719    
720     #endregion Properties
721     }
722     #endregion
723     }

  ViewVC Help
Powered by ViewVC 1.1.22