/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEData.cs
ViewVC logotype

Contents of /trunk/Win32/Sojaner.MemoryScanner/PEData.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 608 - (show annotations) (download)
Sat Jun 8 03:17:34 2013 UTC (7 years, 1 month ago) by william
File size: 27615 byte(s)
add: [TypeConverter(typeof(ExpandableObjectConverter))]

1 #region Logging Defines
2 // include this any class or method that required logging, and comment-out what is not needed
3
4 #region Enabled logging levels
5 #define LOGGING_ENABLE_INFO
6 #define LOGGING_ENABLE_WARN
7 #define LOGGING_ENABLE_DEBUG
8 //#define LOGGING_ENABLE_VERBOSEDEBUG
9 #define LOGGING_ENABLE_ERROR
10 #define LOGGING_ENABLE_VERBOSEERROR
11 #define LOGGING_ENABLE_PROFILER
12 #endregion
13 #endregion
14
15 using System;
16 using System.Collections.Generic;
17 using System.Runtime.InteropServices;
18 using System.IO;
19 using System.Diagnostics;
20 using RomCheater.PluginFramework.Interfaces;
21 using System.ComponentModel;
22
23 namespace Sojaner.MemoryScanner
24 {
25 public interface IPEDData
26 {
27 IMAGE_DOS_HEADER DosHeader { get; }
28 IMAGE_FILE_HEADER FileHeader { get; }
29 IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get; }
30 IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get; }
31 //IMAGE_SECTION_HEADER[] SectionHeaders { get; }
32 bool Is32bitAssembly();
33 }
34
35 public class PEData : IPEDData
36 {
37 #region IPEDData Members
38 public IMAGE_DOS_HEADER DosHeader { get { if (reader == null) { return new IMAGE_DOS_HEADER(); } else { return reader.DosHeader; } } }
39 public UInt32 NTSignature { get { if (reader == null) { return 0; } else { return reader.NTSignature; } } }
40 public IMAGE_FILE_HEADER FileHeader { get { if (reader == null) { return new IMAGE_FILE_HEADER(); } else { return reader.FileHeader; } } }
41 public IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER32(); } else { return reader.OptionalHeader32; } } }
42 public IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get { if (reader == null) { return new IMAGE_OPTIONAL_HEADER64(); } else { return reader.OptionalHeader64; } } }
43 public Boolean Is32bitAssembly() { if (reader == null) { return true; } else { return reader.Is32BitHeader; } }
44 #endregion
45
46 private PeHeaderReader reader = null;
47
48 public static readonly IPEDData Empty = new PEData();
49
50 protected PEData() { }
51 public PEData(IAcceptsProcess iap)
52 {
53 if (iap == null) { throw new ArgumentNullException("iap", "The selected process cannot be null"); }
54 Process p = iap.AcceptedProcess;
55 string filename = p.MainModule.FileName;
56 reader = new PeHeaderReader(filename);
57 }
58 public PEData(IAcceptsProcessAndConfig iapc) : this((IAcceptsProcess)iapc) { }
59 }
60
61 #region File Header Structures
62 [TypeConverter(typeof(ExpandableObjectConverter))]
63 public struct IMAGE_DOS_HEADER
64 { // DOS .EXE header
65 public UInt16 e_magic; // Magic number
66 public UInt16 e_cblp; // Bytes on last page of file
67 public UInt16 e_cp; // Pages in file
68 public UInt16 e_crlc; // Relocations
69 public UInt16 e_cparhdr; // Size of header in paragraphs
70 public UInt16 e_minalloc; // Minimum extra paragraphs needed
71 public UInt16 e_maxalloc; // Maximum extra paragraphs needed
72 public UInt16 e_ss; // Initial (relative) SS value
73 public UInt16 e_sp; // Initial SP value
74 public UInt16 e_csum; // Checksum
75 public UInt16 e_ip; // Initial IP value
76 public UInt16 e_cs; // Initial (relative) CS value
77 public UInt16 e_lfarlc; // File address of relocation table
78 public UInt16 e_ovno; // Overlay number
79 public UInt16 e_res_0; // Reserved words
80 public UInt16 e_res_1; // Reserved words
81 public UInt16 e_res_2; // Reserved words
82 public UInt16 e_res_3; // Reserved words
83 public UInt16 e_oemid; // OEM identifier (for e_oeminfo)
84 public UInt16 e_oeminfo; // OEM information; e_oemid specific
85 public UInt16 e_res2_0; // Reserved words
86 public UInt16 e_res2_1; // Reserved words
87 public UInt16 e_res2_2; // Reserved words
88 public UInt16 e_res2_3; // Reserved words
89 public UInt16 e_res2_4; // Reserved words
90 public UInt16 e_res2_5; // Reserved words
91 public UInt16 e_res2_6; // Reserved words
92 public UInt16 e_res2_7; // Reserved words
93 public UInt16 e_res2_8; // Reserved words
94 public UInt16 e_res2_9; // Reserved words
95 public UInt32 e_lfanew; // File address of new exe header
96 }
97 [TypeConverter(typeof(ExpandableObjectConverter))]
98 [StructLayout(LayoutKind.Sequential)]
99 public struct IMAGE_DATA_DIRECTORY
100 {
101 public UInt32 VirtualAddress;
102 public UInt32 Size;
103 }
104 [TypeConverter(typeof(ExpandableObjectConverter))]
105 [StructLayout(LayoutKind.Sequential, Pack = 1)]
106 public struct IMAGE_OPTIONAL_HEADER32
107 {
108 public UInt16 Magic;
109 public Byte MajorLinkerVersion;
110 public Byte MinorLinkerVersion;
111 public UInt32 SizeOfCode;
112 public UInt32 SizeOfInitializedData;
113 public UInt32 SizeOfUninitializedData;
114 public UInt32 AddressOfEntryPoint;
115 public UInt32 BaseOfCode;
116 public UInt32 BaseOfData;
117 public UInt32 ImageBase;
118 public UInt32 SectionAlignment;
119 public UInt32 FileAlignment;
120 public UInt16 MajorOperatingSystemVersion;
121 public UInt16 MinorOperatingSystemVersion;
122 public UInt16 MajorImageVersion;
123 public UInt16 MinorImageVersion;
124 public UInt16 MajorSubsystemVersion;
125 public UInt16 MinorSubsystemVersion;
126 public UInt32 Win32VersionValue;
127 public UInt32 SizeOfImage;
128 public UInt32 SizeOfHeaders;
129 public UInt32 CheckSum;
130 public SubSystemType Subsystem;
131 public DllCharacteristicsType DllCharacteristics;
132 public UInt32 SizeOfStackReserve;
133 public UInt32 SizeOfStackCommit;
134 public UInt32 SizeOfHeapReserve;
135 public UInt32 SizeOfHeapCommit;
136 public UInt32 LoaderFlags;
137 public UInt32 NumberOfRvaAndSizes;
138
139 public IMAGE_DATA_DIRECTORY ExportTable;
140 public IMAGE_DATA_DIRECTORY ImportTable;
141 public IMAGE_DATA_DIRECTORY ResourceTable;
142 public IMAGE_DATA_DIRECTORY ExceptionTable;
143 public IMAGE_DATA_DIRECTORY CertificateTable;
144 public IMAGE_DATA_DIRECTORY BaseRelocationTable;
145 public IMAGE_DATA_DIRECTORY Debug;
146 public IMAGE_DATA_DIRECTORY Architecture;
147 public IMAGE_DATA_DIRECTORY GlobalPtr;
148 public IMAGE_DATA_DIRECTORY TLSTable;
149 public IMAGE_DATA_DIRECTORY LoadConfigTable;
150 public IMAGE_DATA_DIRECTORY BoundImport;
151 public IMAGE_DATA_DIRECTORY IAT;
152 public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
153 public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
154 public IMAGE_DATA_DIRECTORY Reserved;
155 }
156
157 [StructLayout(LayoutKind.Sequential, Pack = 1)]
158 [TypeConverter(typeof(ExpandableObjectConverter))]
159 public struct IMAGE_OPTIONAL_HEADER64
160 {
161 public UInt16 Magic;
162 public Byte MajorLinkerVersion;
163 public Byte MinorLinkerVersion;
164 public UInt32 SizeOfCode;
165 public UInt32 SizeOfInitializedData;
166 public UInt32 SizeOfUninitializedData;
167 public UInt32 AddressOfEntryPoint;
168 public UInt32 BaseOfCode;
169 public UInt64 ImageBase;
170 public UInt32 SectionAlignment;
171 public UInt32 FileAlignment;
172 public UInt16 MajorOperatingSystemVersion;
173 public UInt16 MinorOperatingSystemVersion;
174 public UInt16 MajorImageVersion;
175 public UInt16 MinorImageVersion;
176 public UInt16 MajorSubsystemVersion;
177 public UInt16 MinorSubsystemVersion;
178 public UInt32 Win32VersionValue;
179 public UInt32 SizeOfImage;
180 public UInt32 SizeOfHeaders;
181 public UInt32 CheckSum;
182 public UInt16 Subsystem;
183 public DllCharacteristicsType DllCharacteristics;
184 public UInt64 SizeOfStackReserve;
185 public UInt64 SizeOfStackCommit;
186 public UInt64 SizeOfHeapReserve;
187 public UInt64 SizeOfHeapCommit;
188 public UInt32 LoaderFlags;
189 public UInt32 NumberOfRvaAndSizes;
190
191 public IMAGE_DATA_DIRECTORY ExportTable;
192 public IMAGE_DATA_DIRECTORY ImportTable;
193 public IMAGE_DATA_DIRECTORY ResourceTable;
194 public IMAGE_DATA_DIRECTORY ExceptionTable;
195 public IMAGE_DATA_DIRECTORY CertificateTable;
196 public IMAGE_DATA_DIRECTORY BaseRelocationTable;
197 public IMAGE_DATA_DIRECTORY Debug;
198 public IMAGE_DATA_DIRECTORY Architecture;
199 public IMAGE_DATA_DIRECTORY GlobalPtr;
200 public IMAGE_DATA_DIRECTORY TLSTable;
201 public IMAGE_DATA_DIRECTORY LoadConfigTable;
202 public IMAGE_DATA_DIRECTORY BoundImport;
203 public IMAGE_DATA_DIRECTORY IAT;
204 public IMAGE_DATA_DIRECTORY DelayImportDescriptor;
205 public IMAGE_DATA_DIRECTORY CLRRuntimeHeader;
206 public IMAGE_DATA_DIRECTORY Reserved;
207 }
208
209 [StructLayout(LayoutKind.Sequential, Pack = 1)]
210 [TypeConverter(typeof(ExpandableObjectConverter))]
211 public struct IMAGE_FILE_HEADER
212 {
213 public MachineTypeFlags Machine;
214 public UInt16 NumberOfSections;
215 public UInt32 TimeDateStamp;
216 public UInt32 PointerToSymbolTable;
217 public UInt32 NumberOfSymbols;
218 public UInt16 SizeOfOptionalHeader;
219 public FileCharacteristicType Characteristics;
220 }
221
222 // Grabbed the following 2 definitions from http://www.pinvoke.net/default.aspx/Structures/IMAGE_SECTION_HEADER.html
223
224 [TypeConverter(typeof(ExpandableObjectConverter))]
225 [StructLayout(LayoutKind.Explicit)]
226 public struct IMAGE_SECTION_HEADER
227 {
228 [FieldOffset(0)]
229 [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
230 public char[] Name;
231 [FieldOffset(8)]
232 public UInt32 VirtualSize;
233 [FieldOffset(12)]
234 public UInt32 VirtualAddress;
235 [FieldOffset(16)]
236 public UInt32 SizeOfRawData;
237 [FieldOffset(20)]
238 public UInt32 PointerToRawData;
239 [FieldOffset(24)]
240 public UInt32 PointerToRelocations;
241 [FieldOffset(28)]
242 public UInt32 PointerToLinenumbers;
243 [FieldOffset(32)]
244 public UInt16 NumberOfRelocations;
245 [FieldOffset(34)]
246 public UInt16 NumberOfLinenumbers;
247 [FieldOffset(36)]
248 public DataSectionFlags Characteristics;
249
250 public string Section
251 {
252 get { return new string(Name); }
253 }
254 }
255 #endregion File Header Structures
256
257
258 #region code
259 #region helpers
260 [Flags]
261 public enum MachineTypeFlags
262 {
263 x86 = 0x14C,
264 Alpha = 0x184,
265 ARM = 0x1C0,
266 MIPS16R3000 = 0x162,
267 MIPS16R4000 = 0x166,
268 MIPS16R10000 = 0x168,
269 PowerPCLE = 0x1F0,
270 PowerPCBE = 0x1F2,
271 Itanium = 0x200,
272 MIPS16 = 0x266,
273 Alpha64 = 0x284,
274 MIPSFPU = 0x366,
275 MIPSFPU16 = 0x466,
276 x64 = 0x8664,
277 }
278 public enum MagicType : ushort
279 {
280 NT_OPTIONAL_HEADER_NOT_PRESENT, // 0
281 NT_OPTIONAL_HEADER_32 = 0x10b,
282 NT_OPTIONAL_HEADER_64 = 0x20b
283 }
284 public enum SubSystemType : ushort
285 {
286 IMAGE_SUBSYSTEM_UNKNOWN = 0,
287 IMAGE_SUBSYSTEM_NATIVE = 1,
288 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
289 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
290 IMAGE_SUBSYSTEM_POSIX_CUI = 7,
291 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
292 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
293 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
294 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
295 IMAGE_SUBSYSTEM_EFI_ROM = 13,
296 IMAGE_SUBSYSTEM_XBOX = 14
297
298 }
299 public enum DllCharacteristicsType : ushort
300 {
301 RES_0 = 0x0001,
302 RES_1 = 0x0002,
303 RES_2 = 0x0004,
304 RES_3 = 0x0008,
305 IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
306 IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
307 IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
308 IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
309 IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
310 IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
311 RES_4 = 0x1000,
312 IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
313 IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
314 }
315 [Flags]
316 public enum FileCharacteristicType : ushort
317 {
318 RelocationInformationStrippedFromFile = 0x1,
319 Executable = 0x2,
320 LineNumbersStripped = 0x4,
321 SymbolTableStripped = 0x8,
322 AggresiveTrimWorkingSet = 0x10,
323 LargeAddressAware = 0x20,
324 Supports16Bit = 0x40,
325 ReservedBytesWo = 0x80,
326 Supports32Bit = 0x100,
327 DebugInfoStripped = 0x200,
328 RunFromSwapIfInRemovableMedia = 0x400,
329 RunFromSwapIfInNetworkMedia = 0x800,
330 IsSytemFile = 0x1000,
331 IsDLL = 0x2000,
332 IsOnlyForSingleCoreProcessor = 0x4000,
333 BytesOfWordReserved = 0x8000,
334 }
335 #region DataSectionFlags
336 [Flags]
337 public enum DataSectionFlags : uint
338 {
339 /// <summary>
340 /// Reserved for future use.
341 /// </summary>
342 TypeReg = 0x00000000,
343 /// <summary>
344 /// Reserved for future use.
345 /// </summary>
346 TypeDsect = 0x00000001,
347 /// <summary>
348 /// Reserved for future use.
349 /// </summary>
350 TypeNoLoad = 0x00000002,
351 /// <summary>
352 /// Reserved for future use.
353 /// </summary>
354 TypeGroup = 0x00000004,
355 /// <summary>
356 /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
357 /// </summary>
358 TypeNoPadded = 0x00000008,
359 /// <summary>
360 /// Reserved for future use.
361 /// </summary>
362 TypeCopy = 0x00000010,
363 /// <summary>
364 /// The section contains executable code.
365 /// </summary>
366 ContentCode = 0x00000020,
367 /// <summary>
368 /// The section contains initialized data.
369 /// </summary>
370 ContentInitializedData = 0x00000040,
371 /// <summary>
372 /// The section contains uninitialized data.
373 /// </summary>
374 ContentUninitializedData = 0x00000080,
375 /// <summary>
376 /// Reserved for future use.
377 /// </summary>
378 LinkOther = 0x00000100,
379 /// <summary>
380 /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
381 /// </summary>
382 LinkInfo = 0x00000200,
383 /// <summary>
384 /// Reserved for future use.
385 /// </summary>
386 TypeOver = 0x00000400,
387 /// <summary>
388 /// The section will not become part of the image. This is valid only for object files.
389 /// </summary>
390 LinkRemove = 0x00000800,
391 /// <summary>
392 /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
393 /// </summary>
394 LinkComDat = 0x00001000,
395 /// <summary>
396 /// Reset speculative exceptions handling bits in the TLB entries for this section.
397 /// </summary>
398 NoDeferSpecExceptions = 0x00004000,
399 /// <summary>
400 /// The section contains data referenced through the global pointer (GP).
401 /// </summary>
402 RelativeGP = 0x00008000,
403 /// <summary>
404 /// Reserved for future use.
405 /// </summary>
406 MemPurgeable = 0x00020000,
407 /// <summary>
408 /// Reserved for future use.
409 /// </summary>
410 Memory16Bit = 0x00020000,
411 /// <summary>
412 /// Reserved for future use.
413 /// </summary>
414 MemoryLocked = 0x00040000,
415 /// <summary>
416 /// Reserved for future use.
417 /// </summary>
418 MemoryPreload = 0x00080000,
419 /// <summary>
420 /// Align data on a 1-byte boundary. Valid only for object files.
421 /// </summary>
422 Align1Bytes = 0x00100000,
423 /// <summary>
424 /// Align data on a 2-byte boundary. Valid only for object files.
425 /// </summary>
426 Align2Bytes = 0x00200000,
427 /// <summary>
428 /// Align data on a 4-byte boundary. Valid only for object files.
429 /// </summary>
430 Align4Bytes = 0x00300000,
431 /// <summary>
432 /// Align data on an 8-byte boundary. Valid only for object files.
433 /// </summary>
434 Align8Bytes = 0x00400000,
435 /// <summary>
436 /// Align data on a 16-byte boundary. Valid only for object files.
437 /// </summary>
438 Align16Bytes = 0x00500000,
439 /// <summary>
440 /// Align data on a 32-byte boundary. Valid only for object files.
441 /// </summary>
442 Align32Bytes = 0x00600000,
443 /// <summary>
444 /// Align data on a 64-byte boundary. Valid only for object files.
445 /// </summary>
446 Align64Bytes = 0x00700000,
447 /// <summary>
448 /// Align data on a 128-byte boundary. Valid only for object files.
449 /// </summary>
450 Align128Bytes = 0x00800000,
451 /// <summary>
452 /// Align data on a 256-byte boundary. Valid only for object files.
453 /// </summary>
454 Align256Bytes = 0x00900000,
455 /// <summary>
456 /// Align data on a 512-byte boundary. Valid only for object files.
457 /// </summary>
458 Align512Bytes = 0x00A00000,
459 /// <summary>
460 /// Align data on a 1024-byte boundary. Valid only for object files.
461 /// </summary>
462 Align1024Bytes = 0x00B00000,
463 /// <summary>
464 /// Align data on a 2048-byte boundary. Valid only for object files.
465 /// </summary>
466 Align2048Bytes = 0x00C00000,
467 /// <summary>
468 /// Align data on a 4096-byte boundary. Valid only for object files.
469 /// </summary>
470 Align4096Bytes = 0x00D00000,
471 /// <summary>
472 /// Align data on an 8192-byte boundary. Valid only for object files.
473 /// </summary>
474 Align8192Bytes = 0x00E00000,
475 /// <summary>
476 /// The section contains extended relocations.
477 /// </summary>
478 LinkExtendedRelocationOverflow = 0x01000000,
479 /// <summary>
480 /// The section can be discarded as needed.
481 /// </summary>
482 MemoryDiscardable = 0x02000000,
483 /// <summary>
484 /// The section cannot be cached.
485 /// </summary>
486 MemoryNotCached = 0x04000000,
487 /// <summary>
488 /// The section is not pageable.
489 /// </summary>
490 MemoryNotPaged = 0x08000000,
491 /// <summary>
492 /// The section can be shared in memory.
493 /// </summary>
494 MemoryShared = 0x10000000,
495 /// <summary>
496 /// The section can be executed as code.
497 /// </summary>
498 MemoryExecute = 0x20000000,
499 /// <summary>
500 /// The section can be read.
501 /// </summary>
502 MemoryRead = 0x40000000,
503 /// <summary>
504 /// The section can be written to.
505 /// </summary>
506 MemoryWrite = 0x80000000
507 }
508 #endregion
509 #endregion
510 /// <summary>
511 /// Reads in the header information of the Portable Executable format.
512 /// Provides information such as the date the assembly was compiled.
513 /// </summary>
514 public class PeHeaderReader
515 {
516
517
518 #region Private Fields
519
520 private UInt32 ntSignature;
521 /// <summary>
522 /// The DOS header
523 /// </summary>
524 private IMAGE_DOS_HEADER dosHeader;
525 /// <summary>
526 /// The file header
527 /// </summary>
528 private IMAGE_FILE_HEADER fileHeader;
529 /// <summary>
530 /// Optional 32 bit file header
531 /// </summary>
532 private IMAGE_OPTIONAL_HEADER32 optionalHeader32;
533 /// <summary>
534 /// Optional 64 bit file header
535 /// </summary>
536 private IMAGE_OPTIONAL_HEADER64 optionalHeader64;
537 /// <summary>
538 /// Image Section headers. Number of sections is in the file header.
539 /// </summary>
540 private IMAGE_SECTION_HEADER[] imageSectionHeaders;
541
542 #endregion Private Fields
543
544 #region Public Methods
545
546 public PeHeaderReader(string filePath)
547 {
548 // Read in the DLL or EXE and get the timestamp
549 using (FileStream stream = new FileStream(filePath, System.IO.FileMode.Open, System.IO.FileAccess.Read))
550 {
551 BinaryReader reader = new BinaryReader(stream);
552 dosHeader = FromBinaryReader<IMAGE_DOS_HEADER>(reader);
553
554 // Add 4 bytes to the offset
555 stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
556
557 UInt32 ntHeadersSignature = reader.ReadUInt32();
558 ntSignature = ntHeadersSignature;
559 fileHeader = FromBinaryReader<IMAGE_FILE_HEADER>(reader);
560 if (this.Is32BitHeader)
561 {
562 optionalHeader32 = FromBinaryReader<IMAGE_OPTIONAL_HEADER32>(reader);
563 }
564 else
565 {
566 optionalHeader64 = FromBinaryReader<IMAGE_OPTIONAL_HEADER64>(reader);
567 }
568
569 imageSectionHeaders = new IMAGE_SECTION_HEADER[fileHeader.NumberOfSections];
570 for (int headerNo = 0; headerNo < imageSectionHeaders.Length; ++headerNo)
571 {
572 imageSectionHeaders[headerNo] = FromBinaryReader<IMAGE_SECTION_HEADER>(reader);
573 }
574
575 }
576 }
577
578 /// <summary>
579 /// Gets the header of the .NET assembly that called this function
580 /// </summary>
581 /// <returns></returns>
582 public static PeHeaderReader GetCallingAssemblyHeader()
583 {
584 // Get the path to the calling assembly, which is the path to the
585 // DLL or EXE that we want the time of
586 string filePath = System.Reflection.Assembly.GetCallingAssembly().Location;
587
588 // Get and return the timestamp
589 return new PeHeaderReader(filePath);
590 }
591
592 /// <summary>
593 /// Gets the header of the .NET assembly that called this function
594 /// </summary>
595 /// <returns></returns>
596 public static PeHeaderReader GetAssemblyHeader()
597 {
598 // Get the path to the calling assembly, which is the path to the
599 // DLL or EXE that we want the time of
600 string filePath = System.Reflection.Assembly.GetAssembly(typeof(PeHeaderReader)).Location;
601
602 // Get and return the timestamp
603 return new PeHeaderReader(filePath);
604 }
605
606 /// <summary>
607 /// Reads in a block from a file and converts it to the struct
608 /// type specified by the template parameter
609 /// </summary>
610 /// <typeparam name="T"></typeparam>
611 /// <param name="reader"></param>
612 /// <returns></returns>
613 public static T FromBinaryReader<T>(BinaryReader reader)
614 {
615 // Read in a byte array
616 byte[] bytes = reader.ReadBytes(Marshal.SizeOf(typeof(T)));
617
618 // Pin the managed memory while, copy it out the data, then unpin it
619 GCHandle handle = GCHandle.Alloc(bytes, GCHandleType.Pinned);
620 T theStructure = (T)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T));
621 handle.Free();
622
623 return theStructure;
624 }
625
626 #endregion Public Methods
627
628 #region Properties
629
630 /// <summary>
631 /// Gets if the file header is 32 bit or not
632 /// </summary>
633 public bool Is32BitHeader
634 {
635 get
636 {
637 return FileHeader.Characteristics.HasFlag(FileCharacteristicType.Supports32Bit);
638 }
639 }
640
641 /// <summary>
642 /// Gets the file header
643 /// </summary>
644 public IMAGE_FILE_HEADER FileHeader
645 {
646 get
647 {
648 return fileHeader;
649 }
650 }
651 /// <summary>
652 /// Gets the file header
653 /// </summary>
654 public UInt32 NTSignature
655 {
656 get
657 {
658 return ntSignature;
659 }
660 }
661 /// <summary>
662 /// Gets the file header
663 /// </summary>
664 public IMAGE_DOS_HEADER DosHeader
665 {
666 get
667 {
668 return dosHeader;
669 }
670 }
671 /// <summary>
672 /// Gets the optional header
673 /// </summary>
674 public IMAGE_OPTIONAL_HEADER32 OptionalHeader32
675 {
676 get
677 {
678 return optionalHeader32;
679 }
680 }
681
682 /// <summary>
683 /// Gets the optional header
684 /// </summary>
685 public IMAGE_OPTIONAL_HEADER64 OptionalHeader64
686 {
687 get
688 {
689 return optionalHeader64;
690 }
691 }
692
693 public IMAGE_SECTION_HEADER[] ImageSectionHeaders
694 {
695 get
696 {
697 return imageSectionHeaders;
698 }
699 }
700
701 /// <summary>
702 /// Gets the timestamp from the file header
703 /// </summary>
704 public DateTime TimeStamp
705 {
706 get
707 {
708 // Timestamp is a date offset from 1970
709 DateTime returnValue = new DateTime(1970, 1, 1, 0, 0, 0);
710
711 // Add in the number of seconds since 1970/1/1
712 returnValue = returnValue.AddSeconds(fileHeader.TimeDateStamp);
713 // Adjust to local timezone
714 returnValue += TimeZone.CurrentTimeZone.GetUtcOffset(returnValue);
715
716 return returnValue;
717 }
718 }
719
720 #endregion Properties
721 }
722 #endregion
723 }

  ViewVC Help
Powered by ViewVC 1.1.22