/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/08 04:02:44	346
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/08 04:03:02	347
@@ -10,6 +10,8 @@
 using System.ComponentModel;
 using RomCheater.PluginFramework.Events;
 using Sojaner.MemoryScanner;
+using Sojaner.MemoryScanner.MemoryProviers;
+using RomCheater.PluginFramework.Interfaces;
 
 namespace RomCheater.PluginFramework.Events
 {
@@ -98,6 +100,26 @@
             IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
             IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
         }
+        [Flags]
+        public enum FileCharacteristicType : ushort
+        {
+            RelocationInformationStrippedFromFile = 0x1,
+            Executable = 0x2,
+            LineNumbersStripped = 0x4,
+            SymbolTableStripped = 0x8,
+            AggresiveTrimWorkingSet = 0x10,
+            LargeAddressAware = 0x20,
+            Supports16Bit = 0x40,
+            ReservedBytesWo = 0x80,
+            Supports32Bit = 0x100,
+            DebugInfoStripped = 0x200,
+            RunFromSwapIfInRemovableMedia = 0x400,
+            RunFromSwapIfInNetworkMedia = 0x800,
+            IsSytemFile = 0x1000,
+            IsDLL = 0x2000,
+            IsOnlyForSingleCoreProcessor = 0x4000,
+            BytesOfWordReserved = 0x8000,
+   }
         #region DataSectionFlags
         [Flags]
         public enum DataSectionFlags : uint
@@ -353,7 +375,7 @@
             public UInt32 _PointerToSymbolTable;
             public UInt32 _NumberOfSymbols;
             public UInt16 _SizeOfOptionalHeader;
-            public UInt16 _Characteristics;
+            public FileCharacteristicType _Characteristics;
 
 
             public string MachineType { get { return ((MachineTypeFlags)_MachineType).ToString(); } }
@@ -362,7 +384,7 @@
             public string PointerToSymbolTable { get { return string.Format("0x{0:x8}", _PointerToSymbolTable); } }
             public string NumberOfSymbols { get { return string.Format("0x{0:x8}", _NumberOfSymbols); } }
             public string SizeOfOptionalHeader { get { return string.Format("0x{0:x4}", _SizeOfOptionalHeader); } }
-            public string Characteristics { get { return string.Format("0x{0:x4}", _Characteristics); } }
+            public FileCharacteristicType Characteristics { get { return _Characteristics; } }
             public override string ToString()
             {
                 return MachineType;
@@ -732,14 +754,14 @@
             public SECTION_DATA_ARRAY[] SectionData { get { return isd.SectionData; } }
             public bool Is32bitAssembly()
             {
-                return ((NTHeader.FileHeader._Characteristics & 0x0100) == 0x0100);
+                return NTHeader.FileHeader._Characteristics.HasFlag(FileCharacteristicType.Supports32Bit);
             }
         }
 
         #endregion
 
-        public PEReader(FileInfo fi) : this(fi.FullName) { }
-        public PEReader(string filename)
+        public PEReader(FileInfo fi, IAcceptsProcessAndConfig pconfig) : this(fi.FullName, pconfig) { }
+        public PEReader(string filename, IAcceptsProcessAndConfig pconfig)
         {
             Exception ErrorInfo = null;
             _SectionData = new IMAGE_SECTION_DATA();
@@ -763,6 +785,7 @@
                     // Skip MS-DOS stub and seek reader to NT Headers
                     reader.BaseStream.Seek(_dosHeader._e_lfanew, SeekOrigin.Begin);
 
+
                     // Read NT Headers
                     _ntHeaders._Signature = MarshalBytesTo<UInt32>(reader);
 
@@ -798,9 +821,6 @@
                         log.verbose.debug.writeline("\t\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
                         log.verbose.debug.writeline("\t\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
 
-                        // Skip to beginning of a section
-                        reader.BaseStream.Seek(header._PointerToRawData, SeekOrigin.Begin);
-
                         int image_base = 0;
                         if (Is32bitAssembly())
                         {
@@ -810,8 +830,23 @@
                         {
                             image_base = (int)_ntHeaders.OptionalHeader64._ImageBase;
                         }
+                        //// get the image base
+                        //GenericMemoryProvider provider = new GenericMemoryProvider(pconfig);
+                        //provider.OpenProvider();
+                        //for (int i = image_base; i < int.MaxValue; i += sizeof(ushort))
+                        //{
+                        //    ushort value = 0;
+                        //    provider.ReadMemory(i, out value);
+                        //    if (_dosHeader._e_magic == value)
+                        //    {
+                        //        image_base = i;
+                        //        break;
+                        //    }
+                        //}
+                        //provider.CloseProvider();
 
-
+                        // Skip to beginning of a section
+                        reader.BaseStream.Seek(header._PointerToRawData, SeekOrigin.Begin);     
                         // Read section data... and do something with it
                         byte[] sectiondata = reader.ReadBytes((int)header._SizeOfRawData);
                         _SectionData.AddData(header.Name, (int)header._VirtualAddress + image_base, (int)header._PointerToRawData, sectiondata);
@@ -863,7 +898,7 @@
 
         public bool Is32bitAssembly()
         {
-            return ((_ntHeaders.FileHeader._Characteristics & 0x0100) == 0x0100);
+            return _ntHeaders.FileHeader._Characteristics.HasFlag(FileCharacteristicType.Supports32Bit);
         }
 
         private void Load64bitOptionalHeaders(BinaryReader reader)

 

  ViewVC Help
Powered by ViewVC 1.1.22