Parent Directory
| 
Revision Log
| 
Patch
--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs 2012/06/05 10:48:07 294
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs 2012/06/05 11:36:17 299
@@ -1,4 +1,5 @@
-using System;
+#define ENABLE_LOGGING
+using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@@ -175,15 +176,55 @@
#endregion
+ #region logging implementation
+ private static class log
+ {
+ public static class verbose
+ {
+ public static class debug
+ {
+ public static void writeline(string format, params object[] args)
+ {
+#if ENABLE_LOGGING
+ logger.VerboseDebug.WriteLine(format, args);
+#endif
+ }
+ public static void write(string format, params object[] args)
+ {
+#if ENABLE_LOGGING
+ logger.VerboseDebug.Write(format, args);
+#endif
+ }
+ }
+ public static class error
+ {
+ public static void writeline(string format, params object[] args)
+ {
+#if ENABLE_LOGGING
+ logger.VerboseError.WriteLine(format, args);
+#endif
+ }
+ public static void write(string format, params object[] args)
+ {
+#if ENABLE_LOGGING
+ logger.VerboseError.Write(format, args);
+#endif
+ }
+ }
+ }
+ }
+ #endregion
+
+
public PEReader(FileInfo fi) : this(fi.FullName) { }
public PEReader(string filename)
- {
+ {
Exception ErrorInfo = null;
using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
{
try
{
- logger.VerboseDebug.WriteLine("Reading PE Format from: {0}", filename);
+ log.verbose.debug.writeline("Reading PE Format from: {0}", filename);
BinaryReader reader = new BinaryReader(fs);
// Reset reader position, just in case
reader.BaseStream.Seek(0, SeekOrigin.Begin);
@@ -212,27 +253,27 @@
// Read optional headers
if (Is32bitAssembly())
{
- logger.VerboseDebug.WriteLine("Detected a 32Bit PE Executable");
+ log.verbose.debug.writeline("\tDetected a 32Bit PE Executable");
Load32bitOptionalHeaders(reader);
}
else
{
- logger.VerboseDebug.WriteLine("Detected a 64Bit PE Executable");
+ log.verbose.debug.writeline("\tDetected a 64Bit PE Executable");
Load64bitOptionalHeaders(reader);
}
// Read section data
- logger.VerboseDebug.WriteLine("Total Section Headers: {0}", _sectionHeaders.Count);
+ log.verbose.debug.writeline("\tTotal Section Headers: {0}", _sectionHeaders.Count);
foreach (IMAGE_SECTION_HEADER header in _sectionHeaders)
{
int section_index = _sectionHeaders.IndexOf(header) + 1;
- logger.VerboseDebug.WriteLine("Section Header: {0} of {1}", section_index, _sectionHeaders.Count);
- logger.VerboseDebug.WriteLine("\tName: {0}", header.Name);
- logger.VerboseDebug.WriteLine("\tVirtual Address: 0x{0:x8}", header.VirtualAddress);
- logger.VerboseDebug.WriteLine("\tPhysical Address: 0x{0:x8}", header.Misc.PhysicalAddress);
- logger.VerboseDebug.WriteLine("\tVirtual Size: 0x{0:x8}", header.Misc.VirtualSize);
- logger.VerboseDebug.WriteLine("\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
- logger.VerboseDebug.WriteLine("\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
+ log.verbose.debug.writeline("\tSection Header: {0} of {1}", section_index, _sectionHeaders.Count);
+ log.verbose.debug.writeline("\t\tName: {0}", header.Name);
+ log.verbose.debug.writeline("\t\tVirtual Address: 0x{0:x8}", header.VirtualAddress);
+ log.verbose.debug.writeline("\t\tPhysical Address: 0x{0:x8}", header.Misc.PhysicalAddress);
+ log.verbose.debug.writeline("\t\tVirtual Size: 0x{0:x8}", header.Misc.VirtualSize);
+ log.verbose.debug.writeline("\t\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
+ log.verbose.debug.writeline("\t\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
// Skip to beginning of a section
reader.BaseStream.Seek(header.PointerToRawData, SeekOrigin.Begin);
@@ -250,8 +291,8 @@
}
if (ErrorInfo != null)
{
- logger.VerboseError.WriteLine("Error Reading PE Format from: {0}",filename);
- logger.VerboseError.WriteLine(ErrorInfo.ToString());
+ log.verbose.error.writeline("Error Reading PE Format from: {0}", filename);
+ log.verbose.error.writeline(ErrorInfo.ToString());
}
}
| ViewVC Help | |
| Powered by ViewVC 1.1.22 |