Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory | Revision Log | Patch

--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/05/28 05:22:28	159
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/05/28 05:55:59	161
@@ -30,21 +30,22 @@
                 size = Marshal.SizeOf(typeof(IMAGE_DOS_HEADER));
                 data = br.ReadBytes(size);
                 pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
-                IMAGE_DOS_HEADER IMAGE_DOS_HEADER = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_DOS_HEADER));
+                IMAGE_DOS_HEADER DOS_HEADER = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_DOS_HEADER));
                 pinnedPacket.Free();
                 #endregion
 
                 // skip the old dos stub
-                br.BaseStream.Seek(IMAGE_DOS_HEADER.e_lfanew, SeekOrigin.Begin);
+                br.BaseStream.Seek(DOS_HEADER.e_lfanew, SeekOrigin.Begin);
 
                 #region IMAGE_NT_HEADERS
                 size = Marshal.SizeOf(typeof(IMAGE_NT_HEADERS));
                 data = br.ReadBytes(size);
                 pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
-                IMAGE_NT_HEADERS IMAGE_NT_HEADERS = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_NT_HEADERS));
+                IMAGE_NT_HEADERS NT_HEADER = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_NT_HEADERS));
                 pinnedPacket.Free();
                 #endregion
 
+
                 br.Close();
             }
 
@@ -59,19 +60,21 @@
         {
             public UInt32 VirtualAddress;
             public UInt32 Size;
+            public bool HasAddress { get { return (VirtualAddress != 0); } }
+            public bool HasSize { get { return (Size > 0); } }
         }
         #endregion
         #region IMAGE_FILE_HEADER
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_FILE_HEADER
         {
-            public UInt16 Machine;
+            public MachineType Machine;
             public UInt16 NumberOfSections;
             public UInt32 TimeDateStamp;
             public UInt32 PointerToSymbolTable;
             public UInt32 NumberOfSymbols;
             public UInt16 SizeOfOptionalHeader;
-            public UInt16 Characteristics;
+            public DllCharacteristicsType Characteristics;
         }
         #endregion
         #region IMAGE_DOS_HEADER
@@ -169,6 +172,7 @@
         }
         #endregion
         #region DllCharacteristicsType
+        [Flags]
         public enum DllCharacteristicsType : ushort
         {
             RES_0 = 0x0001,