/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2013/06/03 05:48:41	470
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2013/06/03 07:13:44	471
@@ -663,10 +663,10 @@
     {
         #region static members
         public static IPEDData GetPEData(IAcceptsProcessAndConfig p) { return GetPEData((IAcceptsProcess)p); }
-        public static IPEDData GetPEData(IAcceptsProcess p) { return GetPEData(p.AcceptedProcess); }
-        public static IPEDData GetPEData(Process p)
+        public static IPEDData GetPEData(IAcceptsProcess p) { return GetPEData(p.ProcessPID); }
+        public static IPEDData GetPEData(int p)
         {
-            if (p == null)
+            if (p == 0)
                 return PEData.Empty;
             return new PEData(p);
         }
@@ -689,26 +689,26 @@
         public static readonly IPEDData Empty = new PEData();
         public PEData()
         {
-            SourceProcess = null;
+            ProcessPID = 0;
             DosHeader = new IMAGE_DOS_HEADER();
             NTHeader = new IMAGE_NT_HEADERS();
             SectionHeaders = new IMAGE_SECTION_HEADER[] { };
             isd = new IMAGE_SECTION_DATA();
         }
-        public PEData(IAcceptsProcessAndConfig p) : this((IAcceptsProcess)p.AcceptedProcess) { }
-        public PEData(IAcceptsProcess p) : this(p.AcceptedProcess) { }
-        public PEData(Process p)
+        public PEData(IAcceptsProcessAndConfig p) : this((IAcceptsProcess)p) { }
+        public PEData(IAcceptsProcess p) : this(p.ProcessPID) { }
+        public PEData(int p)
         {
-            SourceProcess = p;
-            if (SourceProcess == null)
+            ProcessPID = p;
+            if (ProcessPID == 0)
                 throw new NullReferenceException("Supplied process cannot be null");
-            PEReader reader = new PEReader(SourceProcess);
+            PEReader reader = new PEReader(ProcessPID);
             this.DosHeader = reader._dosHeader;
             this.NTHeader = reader._ntHeaders;
             this.SectionHeaders = reader._sectionHeaders.ToArray();
             isd = reader._SectionData;
         }
-        private Process SourceProcess { get; set; }
+        private int ProcessPID { get; set; }
         #region IPEDData members
 
         private IMAGE_DOS_HEADER _DosHeader;
@@ -741,107 +741,110 @@
         #endregion
 
 
-        public PEReader(Process p)
+        public PEReader(int pid)
         {
-            string filename = p.MainModule.FileName;
-            Exception ErrorInfo = null;
-            _SectionData = new IMAGE_SECTION_DATA();
-            using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
+            using (Process p = Process.GetProcessById(pid))
             {
-                try
+                string filename = p.MainModule.FileName;
+                Exception ErrorInfo = null;
+                _SectionData = new IMAGE_SECTION_DATA();
+                using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
                 {
-                    logger.VerboseDebug.WriteLine("Reading PE Format from: {0}", filename);
-                    BinaryReader reader = new BinaryReader(fs);
-                    // Reset reader position, just in case
-                    reader.BaseStream.Seek(0, SeekOrigin.Begin);
-
-                    // Read MS-DOS header section
-                    _dosHeader = MarshalBytesTo<IMAGE_DOS_HEADER>(reader);
-                    // MS-DOS magic number should read 'MZ'
-                    if (_dosHeader._e_magic != 0x5a4d)
+                    try
                     {
-                        throw new InvalidOperationException("File is not a portable executable.");
-                    }
+                        logger.VerboseDebug.WriteLine("Reading PE Format from: {0}", filename);
+                        BinaryReader reader = new BinaryReader(fs);
+                        // Reset reader position, just in case
+                        reader.BaseStream.Seek(0, SeekOrigin.Begin);
+
+                        // Read MS-DOS header section
+                        _dosHeader = MarshalBytesTo<IMAGE_DOS_HEADER>(reader);
+                        // MS-DOS magic number should read 'MZ'
+                        if (_dosHeader._e_magic != 0x5a4d)
+                        {
+                            throw new InvalidOperationException("File is not a portable executable.");
+                        }
 
-                    // Skip MS-DOS stub and seek reader to NT Headers
-                    reader.BaseStream.Seek(_dosHeader._e_lfanew, SeekOrigin.Begin);
+                        // Skip MS-DOS stub and seek reader to NT Headers
+                        reader.BaseStream.Seek(_dosHeader._e_lfanew, SeekOrigin.Begin);
 
 
-                    // Read NT Headers
-                    _ntHeaders._Signature = MarshalBytesTo<UInt32>(reader);
+                        // Read NT Headers
+                        _ntHeaders._Signature = MarshalBytesTo<UInt32>(reader);
 
-                    // Make sure we have 'PE' in the pe signature
-                    if (_ntHeaders._Signature != 0x4550)
-                    {
-                        throw new InvalidOperationException("Invalid portable executable signature in NT header.");
-                    }
+                        // Make sure we have 'PE' in the pe signature
+                        if (_ntHeaders._Signature != 0x4550)
+                        {
+                            throw new InvalidOperationException("Invalid portable executable signature in NT header.");
+                        }
 
-                    _ntHeaders._FileHeader = MarshalBytesTo<IMAGE_FILE_HEADER>(reader);
-                    // Read optional headers
-                    if (Is32bitAssembly())
-                    {
-                        logger.VerboseDebug.WriteLine("\tDetected a 32Bit PE Executable");
-                        Load32bitOptionalHeaders(reader);
-                    }
-                    else
-                    {
-                        logger.VerboseDebug.WriteLine("\tDetected a 64Bit PE Executable");
-                        Load64bitOptionalHeaders(reader);
-                    }
+                        _ntHeaders._FileHeader = MarshalBytesTo<IMAGE_FILE_HEADER>(reader);
+                        // Read optional headers
+                        if (Is32bitAssembly())
+                        {
+                            logger.VerboseDebug.WriteLine("\tDetected a 32Bit PE Executable");
+                            Load32bitOptionalHeaders(reader);
+                        }
+                        else
+                        {
+                            logger.VerboseDebug.WriteLine("\tDetected a 64Bit PE Executable");
+                            Load64bitOptionalHeaders(reader);
+                        }
 
-                    // Read section data
-                    logger.VerboseDebug.WriteLine("\tTotal Section Headers: {0}", _sectionHeaders.Count);
-                    ulong image_base = 0;
-                    ulong p_image_base = (ulong)p.MainModule.BaseAddress.ToInt64();
-                    if (Is32bitAssembly())
-                    {
-                        image_base = (ulong)_ntHeaders.OptionalHeader32._ImageBase;
-                        if (image_base != p_image_base)
+                        // Read section data
+                        logger.VerboseDebug.WriteLine("\tTotal Section Headers: {0}", _sectionHeaders.Count);
+                        ulong image_base = 0;
+                        ulong p_image_base = (ulong)p.MainModule.BaseAddress.ToInt64();
+                        if (Is32bitAssembly())
                         {
-                            image_base = p_image_base;
-                            _ntHeaders._OptionalHeader32._ImageBase = (uint)image_base;
+                            image_base = (ulong)_ntHeaders.OptionalHeader32._ImageBase;
+                            if (image_base != p_image_base)
+                            {
+                                image_base = p_image_base;
+                                _ntHeaders._OptionalHeader32._ImageBase = (uint)image_base;
+                            }
                         }
-                    }
-                    else
-                    {
-                        image_base = _ntHeaders.OptionalHeader64._ImageBase;
-                        if (image_base != p_image_base)
+                        else
+                        {
+                            image_base = _ntHeaders.OptionalHeader64._ImageBase;
+                            if (image_base != p_image_base)
+                            {
+                                image_base = p_image_base;
+                                _ntHeaders._OptionalHeader64._ImageBase = (ulong)image_base;
+                            }
+                        }
+                        foreach (IMAGE_SECTION_HEADER header in _sectionHeaders)
                         {
-                            image_base = p_image_base;
-                            _ntHeaders._OptionalHeader64._ImageBase = (ulong)image_base;
+                            int section_index = _sectionHeaders.IndexOf(header) + 1;
+                            logger.VerboseDebug.WriteLine("\tSection Header: {0} of {1}", section_index, _sectionHeaders.Count);
+                            logger.VerboseDebug.WriteLine("\t\tName: {0}", header.Name);
+                            logger.VerboseDebug.WriteLine("\t\tVirtual Address: 0x{0:x8}", header.VirtualAddress);
+                            logger.VerboseDebug.WriteLine("\t\tPhysical Address: 0x{0:x8}", header.Misc.PhysicalAddress);
+                            logger.VerboseDebug.WriteLine("\t\tVirtual Size: 0x{0:x8}", header.Misc.VirtualSize);
+                            logger.VerboseDebug.WriteLine("\t\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
+                            logger.VerboseDebug.WriteLine("\t\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
+
+
+                            // Skip to beginning of a section
+                            reader.BaseStream.Seek(header._PointerToRawData, SeekOrigin.Begin);
+                            // Read section data... and do something with it
+                            byte[] sectiondata = reader.ReadBytes((int)header._SizeOfRawData);
+                            _SectionData.AddData(header.Name, header._VirtualAddress + (uint)image_base, (int)header._PointerToRawData, sectiondata);
                         }
-                    }                   
-                    foreach (IMAGE_SECTION_HEADER header in _sectionHeaders)
+                        reader.Close();
+                    }
+                    catch (Exception ex)
                     {
-                        int section_index = _sectionHeaders.IndexOf(header) + 1;
-                        logger.VerboseDebug.WriteLine("\tSection Header: {0} of {1}", section_index, _sectionHeaders.Count);
-                        logger.VerboseDebug.WriteLine("\t\tName: {0}", header.Name);
-                        logger.VerboseDebug.WriteLine("\t\tVirtual Address: 0x{0:x8}", header.VirtualAddress);
-                        logger.VerboseDebug.WriteLine("\t\tPhysical Address: 0x{0:x8}", header.Misc.PhysicalAddress);
-                        logger.VerboseDebug.WriteLine("\t\tVirtual Size: 0x{0:x8}", header.Misc.VirtualSize);
-                        logger.VerboseDebug.WriteLine("\t\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
-                        logger.VerboseDebug.WriteLine("\t\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
-
-                        
-                        // Skip to beginning of a section
-                        reader.BaseStream.Seek(header._PointerToRawData, SeekOrigin.Begin);
-                        // Read section data... and do something with it
-                        byte[] sectiondata = reader.ReadBytes((int)header._SizeOfRawData);
-                        _SectionData.AddData(header.Name, header._VirtualAddress + (uint)image_base, (int)header._PointerToRawData, sectiondata);
+                        ErrorInfo = ex;
+                        throw ErrorInfo;
                     }
-                    reader.Close();
                 }
-                catch (Exception ex)
+                if (ErrorInfo != null)
                 {
-                    ErrorInfo = ex;
-                    throw ErrorInfo;
+                    logger.VerboseDebug.WriteLine("Error Reading PE Format from: {0}", filename);
+                    logger.VerboseDebug.WriteLine(ErrorInfo.ToString());
                 }
             }
-            if (ErrorInfo != null)
-            {
-                logger.VerboseDebug.WriteLine("Error Reading PE Format from: {0}", filename);
-                logger.VerboseDebug.WriteLine(ErrorInfo.ToString());
-            }
         }
 
         public IMAGE_DOS_HEADER GetDOSHeader()

 

  ViewVC Help
Powered by ViewVC 1.1.22