ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/RomCheater/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
(Generate patch)

Comparing trunk/Win32/Sojaner.MemoryScanner/PEReader.cs (file contents):
Revision 290 by william, Tue Jun 5 09:30:32 2012 UTC vs.
Revision 293 by william, Tue Jun 5 10:27:16 2012 UTC

# Line 71 | Line 71 | namespace Sojaner.MemoryScanner
71                          pinnedPacket.Free();
72                          #endregion
73  
74 +                        StringBuilder section_header_string_builder = new StringBuilder();
75 +                        List<IMAGE_SECTION_HEADER> section_headers = new List<IMAGE_SECTION_HEADER>();
76 +                        section_header_string_builder.AppendFormat("Section headers:{0}", System.Environment.NewLine);
77 +                        for (int i = 0; i < NT_HEADER.FileHeader.NumberOfSections; i++)
78 +                        {
79 +                            size = Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER));
80 +                            data = br.ReadBytes(size);
81 +                            pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
82 +                            IMAGE_SECTION_HEADER SECTION_HEADER = (IMAGE_SECTION_HEADER)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_SECTION_HEADER));
83 +                            section_headers.Add(SECTION_HEADER);
84 +                            pinnedPacket.Free();
85 +                            section_header_string_builder.AppendFormat("Section Header: {0}{1}", new string(SECTION_HEADER.Name).Replace("\0",""), System.Environment.NewLine);
86  
87 +                        }
88 +                        logger.VerboseDebug.WriteLine(section_header_string_builder.ToString());
89                          br.Close();
90                      }
91                      catch (Exception ex)
# Line 152 | Line 166 | namespace Sojaner.MemoryScanner
166          public struct IMAGE_NT_HEADERS
167          {
168              [FieldOffset(0)]
169 <            [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
170 <            public char[] Signature;
157 <
158 <            [FieldOffset(8)]
169 >            public uint Signature;
170 >            [FieldOffset(4)]
171              public IMAGE_FILE_HEADER FileHeader;
160
172              [FieldOffset(24)]
173              public IMAGE_OPTIONAL_HEADER OptionalHeader;
174  
175              private string _Signature
176              {
177 <                get { return new string(Signature); }
177 >                get { return Encoding.ASCII.GetString(BitConverter.GetBytes(Signature)); }
178              }
179  
180              public bool isValid
# Line 386 | Line 397 | namespace Sojaner.MemoryScanner
397          }
398          #endregion
399          #endregion
400 +        #region IMAGE_SECTION_HEADER
401 +        [StructLayout(LayoutKind.Explicit)]
402 +        public struct IMAGE_SECTION_HEADER
403 +        {
404 +            [FieldOffset(0)]
405 +            [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
406 +            public char[] Name;
407 +
408 +            [FieldOffset(8)]
409 +            public UInt32 VirtualSize;
410 +
411 +            [FieldOffset(12)]
412 +            public UInt32 VirtualAddress;
413 +
414 +            [FieldOffset(16)]
415 +            public UInt32 SizeOfRawData;
416 +
417 +            [FieldOffset(20)]
418 +            public UInt32 PointerToRawData;
419 +
420 +            [FieldOffset(24)]
421 +            public UInt32 PointerToRelocations;
422 +
423 +            [FieldOffset(28)]
424 +            public UInt32 PointerToLinenumbers;
425 +
426 +            [FieldOffset(32)]
427 +            public UInt16 NumberOfRelocations;
428 +
429 +            [FieldOffset(34)]
430 +            public UInt16 NumberOfLinenumbers;
431 +
432 +            [FieldOffset(36)]
433 +            public DataSectionFlags Characteristics;
434 +
435 +            public string Section
436 +            {
437 +                get { return new string(Name); }
438 +            }
439 +        }
440 +        #endregion
441 +        #region DataSectionFlags
442 +        [Flags]
443 +        public enum DataSectionFlags : uint
444 +        {
445 +            /// <summary>
446 +            /// Reserved for future use.
447 +            /// </summary>
448 +            TypeReg = 0x00000000,
449 +            /// <summary>
450 +            /// Reserved for future use.
451 +            /// </summary>
452 +            TypeDsect = 0x00000001,
453 +            /// <summary>
454 +            /// Reserved for future use.
455 +            /// </summary>
456 +            TypeNoLoad = 0x00000002,
457 +            /// <summary>
458 +            /// Reserved for future use.
459 +            /// </summary>
460 +            TypeGroup = 0x00000004,
461 +            /// <summary>
462 +            /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
463 +            /// </summary>
464 +            TypeNoPadded = 0x00000008,
465 +            /// <summary>
466 +            /// Reserved for future use.
467 +            /// </summary>
468 +            TypeCopy = 0x00000010,
469 +            /// <summary>
470 +            /// The section contains executable code.
471 +            /// </summary>
472 +            ContentCode = 0x00000020,
473 +            /// <summary>
474 +            /// The section contains initialized data.
475 +            /// </summary>
476 +            ContentInitializedData = 0x00000040,
477 +            /// <summary>
478 +            /// The section contains uninitialized data.
479 +            /// </summary>
480 +            ContentUninitializedData = 0x00000080,
481 +            /// <summary>
482 +            /// Reserved for future use.
483 +            /// </summary>
484 +            LinkOther = 0x00000100,
485 +            /// <summary>
486 +            /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
487 +            /// </summary>
488 +            LinkInfo = 0x00000200,
489 +            /// <summary>
490 +            /// Reserved for future use.
491 +            /// </summary>
492 +            TypeOver = 0x00000400,
493 +            /// <summary>
494 +            /// The section will not become part of the image. This is valid only for object files.
495 +            /// </summary>
496 +            LinkRemove = 0x00000800,
497 +            /// <summary>
498 +            /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
499 +            /// </summary>
500 +            LinkComDat = 0x00001000,
501 +            /// <summary>
502 +            /// Reset speculative exceptions handling bits in the TLB entries for this section.
503 +            /// </summary>
504 +            NoDeferSpecExceptions = 0x00004000,
505 +            /// <summary>
506 +            /// The section contains data referenced through the global pointer (GP).
507 +            /// </summary>
508 +            RelativeGP = 0x00008000,
509 +            /// <summary>
510 +            /// Reserved for future use.
511 +            /// </summary>
512 +            MemPurgeable = 0x00020000,
513 +            /// <summary>
514 +            /// Reserved for future use.
515 +            /// </summary>
516 +            Memory16Bit = 0x00020000,
517 +            /// <summary>
518 +            /// Reserved for future use.
519 +            /// </summary>
520 +            MemoryLocked = 0x00040000,
521 +            /// <summary>
522 +            /// Reserved for future use.
523 +            /// </summary>
524 +            MemoryPreload = 0x00080000,
525 +            /// <summary>
526 +            /// Align data on a 1-byte boundary. Valid only for object files.
527 +            /// </summary>
528 +            Align1Bytes = 0x00100000,
529 +            /// <summary>
530 +            /// Align data on a 2-byte boundary. Valid only for object files.
531 +            /// </summary>
532 +            Align2Bytes = 0x00200000,
533 +            /// <summary>
534 +            /// Align data on a 4-byte boundary. Valid only for object files.
535 +            /// </summary>
536 +            Align4Bytes = 0x00300000,
537 +            /// <summary>
538 +            /// Align data on an 8-byte boundary. Valid only for object files.
539 +            /// </summary>
540 +            Align8Bytes = 0x00400000,
541 +            /// <summary>
542 +            /// Align data on a 16-byte boundary. Valid only for object files.
543 +            /// </summary>
544 +            Align16Bytes = 0x00500000,
545 +            /// <summary>
546 +            /// Align data on a 32-byte boundary. Valid only for object files.
547 +            /// </summary>
548 +            Align32Bytes = 0x00600000,
549 +            /// <summary>
550 +            /// Align data on a 64-byte boundary. Valid only for object files.
551 +            /// </summary>
552 +            Align64Bytes = 0x00700000,
553 +            /// <summary>
554 +            /// Align data on a 128-byte boundary. Valid only for object files.
555 +            /// </summary>
556 +            Align128Bytes = 0x00800000,
557 +            /// <summary>
558 +            /// Align data on a 256-byte boundary. Valid only for object files.
559 +            /// </summary>
560 +            Align256Bytes = 0x00900000,
561 +            /// <summary>
562 +            /// Align data on a 512-byte boundary. Valid only for object files.
563 +            /// </summary>
564 +            Align512Bytes = 0x00A00000,
565 +            /// <summary>
566 +            /// Align data on a 1024-byte boundary. Valid only for object files.
567 +            /// </summary>
568 +            Align1024Bytes = 0x00B00000,
569 +            /// <summary>
570 +            /// Align data on a 2048-byte boundary. Valid only for object files.
571 +            /// </summary>
572 +            Align2048Bytes = 0x00C00000,
573 +            /// <summary>
574 +            /// Align data on a 4096-byte boundary. Valid only for object files.
575 +            /// </summary>
576 +            Align4096Bytes = 0x00D00000,
577 +            /// <summary>
578 +            /// Align data on an 8192-byte boundary. Valid only for object files.
579 +            /// </summary>
580 +            Align8192Bytes = 0x00E00000,
581 +            /// <summary>
582 +            /// The section contains extended relocations.
583 +            /// </summary>
584 +            LinkExtendedRelocationOverflow = 0x01000000,
585 +            /// <summary>
586 +            /// The section can be discarded as needed.
587 +            /// </summary>
588 +            MemoryDiscardable = 0x02000000,
589 +            /// <summary>
590 +            /// The section cannot be cached.
591 +            /// </summary>
592 +            MemoryNotCached = 0x04000000,
593 +            /// <summary>
594 +            /// The section is not pageable.
595 +            /// </summary>
596 +            MemoryNotPaged = 0x08000000,
597 +            /// <summary>
598 +            /// The section can be shared in memory.
599 +            /// </summary>
600 +            MemoryShared = 0x10000000,
601 +            /// <summary>
602 +            /// The section can be executed as code.
603 +            /// </summary>
604 +            MemoryExecute = 0x20000000,
605 +            /// <summary>
606 +            /// The section can be read.
607 +            /// </summary>
608 +            MemoryRead = 0x40000000,
609 +            /// <summary>
610 +            /// The section can be written to.
611 +            /// </summary>
612 +            MemoryWrite = 0x80000000
613 +        }
614 +        #endregion
615      }
616   }

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines