Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory | Revision Log | Patch

--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/05 11:36:17	299
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/05 17:57:37	318
@@ -7,6 +7,7 @@
 using RomCheater.Logging;
 using System.Runtime.InteropServices;
 using System.Diagnostics;
+using System.ComponentModel;
 
 namespace Sojaner.MemoryScanner
 {
@@ -14,32 +15,54 @@
     {
         // Code (C) Sergey utilized from: http://www.sergeyakopov.com/2010/11/03/reading-pe-format-using-data-marshalling-in-net/
         #region Structs
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_DOS_HEADER
         {
-            public UInt16 e_magic;
-            public UInt16 e_cblp;
-            public UInt16 e_cp;
-            public UInt16 e_crlc;
-            public UInt16 e_cparhdr;
-            public UInt16 e_minalloc;
-            public UInt16 e_maxalloc;
-            public UInt16 e_ss;
-            public UInt16 e_sp;
-            public UInt16 e_csum;
-            public UInt16 e_ip;
-            public UInt16 e_cs;
-            public UInt16 e_lfarlc;
-            public UInt16 e_ovno;
+            public UInt16 _e_magic;
+            public UInt16 _e_cblp;
+            public UInt16 _e_cp;
+            public UInt16 _e_crlc;
+            public UInt16 _e_cparhdr;
+            public UInt16 _e_minalloc;
+            public UInt16 _e_maxalloc;
+            public UInt16 _e_ss;
+            public UInt16 _e_sp;
+            public UInt16 _e_csum;
+            public UInt16 _e_ip;
+            public UInt16 _e_cs;
+            public UInt16 _e_lfarlc;
+            public UInt16 _e_ovno;
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
-            public UInt16[] e_res1;
-            public UInt16 e_oemid;
-            public UInt16 e_oeminfo;
+            public UInt16[] _e_res1;
+            public UInt16 _e_oemid;
+            public UInt16 _e_oeminfo;
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
-            public UInt16[] e_res2;
-            public UInt32 e_lfanew;
-        }
+            public UInt16[] _e_res2;
+            public UInt32 _e_lfanew;
+
+            public string e_magic { get { return string.Format("0x{0:x4}", _e_magic); } }
+            public string e_cblp { get { return string.Format("0x{0:x4}", _e_cblp); } }
+            public string e_cp { get { return string.Format("0x{0:x4}", _e_cp); } }
+            public string e_crlc { get { return string.Format("0x{0:x4}", _e_crlc); } }
+            public string e_cparhdr { get { return string.Format("0x{0:x4}", _e_cparhdr); } }
+            public string e_minalloc { get { return string.Format("0x{0:x4}", _e_minalloc); } }
+            public string e_maxalloc { get { return string.Format("0x{0:x4}", _e_maxalloc); } }
+            public string e_ss { get { return string.Format("0x{0:x4}", _e_ss); } }
+            public string e_sp { get { return string.Format("0x{0:x4}", _e_sp); } }
+            public string e_csum { get { return string.Format("0x{0:x4}", _e_csum); } }
+            public string e_ip { get { return string.Format("0x{0:x4}", _e_ip); } }
+            public string e_cs { get { return string.Format("0x{0:x4}", _e_cs); } }
+            public string e_lfarlc { get { return string.Format("0x{0:x4}", _e_lfarlc); } }
+            public string e_ovno { get { return string.Format("0x{0:x4}", _e_ovno); } }
+            public ushort[] e_res1 { get { return _e_res1; } }
+            public string e_oemid { get { return string.Format("0x{0:x4}", _e_oemid); } }
+            public string e_oeminfo { get { return string.Format("0x{0:x4}", _e_oeminfo); } }
+            public ushort[] e_res2 { get { return _e_res2; } }
+            public string e_lfanew { get { return string.Format("0x{0:x8}", _e_lfanew); } }
 
+        }
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_NT_HEADERS
         {
@@ -48,7 +71,7 @@
             public IMAGE_OPTIONAL_HEADER32 OptionalHeader32;
             public IMAGE_OPTIONAL_HEADER64 OptionalHeader64;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_FILE_HEADER
         {
@@ -60,7 +83,7 @@
             public UInt16 SizeOfOptionalHeader;
             public UInt16 Characteristics;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_OPTIONAL_HEADER32
         {
@@ -97,7 +120,7 @@
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
             public IMAGE_DATA_DIRECTORY[] DataDirectory;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_OPTIONAL_HEADER64
         {
@@ -133,14 +156,14 @@
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
             public IMAGE_DATA_DIRECTORY[] DataDirectory;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_DATA_DIRECTORY
         {
             public UInt32 VirtualAddress;
             public UInt32 Size;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_SECTION_HEADER
         {
@@ -156,7 +179,7 @@
             public UInt16 NumberOfLinenumbers;
             public UInt32 Characteristics;
         }
-
+        [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Explicit)]
         public struct Misc
         {
@@ -173,7 +196,6 @@
         private readonly IMAGE_DOS_HEADER _dosHeader;
         private IMAGE_NT_HEADERS _ntHeaders;
         private readonly IList<IMAGE_SECTION_HEADER> _sectionHeaders = new List<IMAGE_SECTION_HEADER>();
-
         #endregion
 
         #region logging implementation
@@ -216,6 +238,31 @@
         #endregion
 
 
+        public PEData GetData
+        {
+            get 
+            {
+                PEData _data = new PEData(_dosHeader, _ntHeaders, _sectionHeaders);
+                return _data;
+            }
+        }
+        #region t
+        public class PEData
+        {
+            public PEData():this(new IMAGE_DOS_HEADER(),new IMAGE_NT_HEADERS(),new List<IMAGE_SECTION_HEADER>())            {            }
+            public PEData(IMAGE_DOS_HEADER DosHeader, IMAGE_NT_HEADERS NTHeader, IList<IMAGE_SECTION_HEADER> SectionHeaders)
+            {
+                this.DosHeader = DosHeader;
+                this.NTHeader = NTHeader;
+                this.SectionHeaders = SectionHeaders;
+            }
+            public IMAGE_DOS_HEADER DosHeader { get; private set; }
+            public IMAGE_NT_HEADERS NTHeader { get; private set; }
+            public IList<IMAGE_SECTION_HEADER> SectionHeaders { get; private set; }
+        }
+
+        #endregion
+
         public PEReader(FileInfo fi) : this(fi.FullName) { }
         public PEReader(string filename)
         {            
@@ -232,13 +279,13 @@
                     // Read MS-DOS header section
                     _dosHeader = MarshalBytesTo<IMAGE_DOS_HEADER>(reader);
                     // MS-DOS magic number should read 'MZ'
-                    if (_dosHeader.e_magic != 0x5a4d)
+                    if (_dosHeader._e_magic != 0x5a4d)
                     {
                         throw new InvalidOperationException("File is not a portable executable.");
                     }
 
                     // Skip MS-DOS stub and seek reader to NT Headers
-                    reader.BaseStream.Seek(_dosHeader.e_lfanew, SeekOrigin.Begin);
+                    reader.BaseStream.Seek(_dosHeader._e_lfanew, SeekOrigin.Begin);
 
                     // Read NT Headers
                     _ntHeaders.Signature = MarshalBytesTo<UInt32>(reader);