/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/05 18:39:06	319
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs	2012/06/05 19:18:20	320
@@ -34,7 +34,43 @@
             MIPSFPU16 = 0x466,
             x64 = 0x8664,
         }
-
+        public enum MagicType : ushort
+        {
+            NT_OPTIONAL_HEADER_NOT_PRESENT, // 0     
+            NT_OPTIONAL_HEADER_32 = 0x10b,
+            NT_OPTIONAL_HEADER_64 = 0x20b
+        }
+        public enum SubSystemType : ushort
+        {
+            IMAGE_SUBSYSTEM_UNKNOWN = 0,
+            IMAGE_SUBSYSTEM_NATIVE = 1,
+            IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
+            IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
+            IMAGE_SUBSYSTEM_POSIX_CUI = 7,
+            IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
+            IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
+            IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
+            IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
+            IMAGE_SUBSYSTEM_EFI_ROM = 13,
+            IMAGE_SUBSYSTEM_XBOX = 14
+
+        }
+        public enum DllCharacteristicsType : ushort
+        {
+            RES_0 = 0x0001,
+            RES_1 = 0x0002,
+            RES_2 = 0x0004,
+            RES_3 = 0x0008,
+            IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
+            IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
+            IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
+            IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
+            IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
+            IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
+            RES_4 = 0x1000,
+            IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
+            IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
+        }
         [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_DOS_HEADER
@@ -159,81 +195,171 @@
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_OPTIONAL_HEADER32
         {
-            public UInt16 Magic;
-            public Byte MajorLinkerVersion;
-            public Byte MinorLinkerVersion;
-            public UInt32 SizeOfCode;
-            public UInt32 SizeOfInitializedData;
-            public UInt32 SizeOfUninitializedData;
-            public UInt32 AddressOfEntryPoint;
-            public UInt32 BaseOfCode;
-            public UInt32 BaseOfData;
-            public UInt32 ImageBase;
-            public UInt32 SectionAlignment;
-            public UInt32 FileAlignment;
-            public UInt16 MajorOperatingSystemVersion;
-            public UInt16 MinorOperatingSystemVersion;
-            public UInt16 MajorImageVersion;
-            public UInt16 MinorImageVersion;
-            public UInt16 MajorSubsystemVersion;
-            public UInt16 MinorSubsystemVersion;
-            public UInt32 Win32VersionValue;
-            public UInt32 SizeOfImage;
-            public UInt32 SizeOfHeaders;
-            public UInt32 CheckSum;
-            public UInt16 Subsystem;
-            public UInt16 DllCharacteristics;
-            public UInt32 SizeOfStackReserve;
-            public UInt32 SizeOfStackCommit;
-            public UInt32 SizeOfHeapReserve;
-            public UInt32 SizeOfHeapCommit;
-            public UInt32 LoaderFlags;
-            public UInt32 NumberOfRvaAndSizes;
+            public UInt16 _Magic;
+            public Byte _MajorLinkerVersion;
+            public Byte _MinorLinkerVersion;
+            public UInt32 _SizeOfCode;
+            public UInt32 _SizeOfInitializedData;
+            public UInt32 _SizeOfUninitializedData;
+            public UInt32 _AddressOfEntryPoint;
+            public UInt32 _BaseOfCode;
+            public UInt32 _BaseOfData; // 32-but specific
+            public UInt32 _ImageBase;
+            public UInt32 _SectionAlignment;
+            public UInt32 _FileAlignment;
+            public UInt16 _MajorOperatingSystemVersion;
+            public UInt16 _MinorOperatingSystemVersion;
+            public UInt16 _MajorImageVersion;
+            public UInt16 _MinorImageVersion;
+            public UInt16 _MajorSubsystemVersion;
+            public UInt16 _MinorSubsystemVersion;
+            public UInt32 _Win32VersionValue;
+            public UInt32 _SizeOfImage;
+            public UInt32 _SizeOfHeaders;
+            public UInt32 _CheckSum;
+            public UInt16 _Subsystem;
+            public UInt16 _DllCharacteristics;
+            public UInt32 _SizeOfStackReserve;
+            public UInt32 _SizeOfStackCommit;
+            public UInt32 _SizeOfHeapReserve;
+            public UInt32 _SizeOfHeapCommit;
+            public UInt32 _LoaderFlags;
+            public UInt32 _NumberOfRvaAndSizes;
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
-            public IMAGE_DATA_DIRECTORY[] DataDirectory;
+            public IMAGE_DATA_DIRECTORY[] _DataDirectory;
+
+
+            public string Magic { get { return ((MagicType)_Magic).ToString(); } }
+            public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
+            public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
+
+            public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
+            public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
+            public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
+            public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
+            public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
+            public string BaseOfData { get { return string.Format("0x{0:x8}", _BaseOfData); } }
+            public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
+
+            public string SectionAlignment { get { return string.Format("0x{0:x8}", _SectionAlignment); } }
+            public string FileAlignment { get { return string.Format("0x{0:x8}", _FileAlignment); } }
+
+            public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
+            public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
+            public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
+            public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
+            public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
+            public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
+
+            public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
+            public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
+            public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
+            public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
+
+            public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
+            public string DllCharacteristics { get { return string.Format("0x{0:x4}", _DllCharacteristics); } }
+
+            public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
+            public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
+            public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
+            public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
+
+            public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
+            public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
+            public override string ToString()
+            {
+                return Magic;
+            }
         }
         [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_OPTIONAL_HEADER64
         {
-            public UInt16 Magic;
-            public Byte MajorLinkerVersion;
-            public Byte MinorLinkerVersion;
-            public UInt32 SizeOfCode;
-            public UInt32 SizeOfInitializedData;
-            public UInt32 SizeOfUninitializedData;
-            public UInt32 AddressOfEntryPoint;
-            public UInt32 BaseOfCode;
-            public UInt64 ImageBase;
-            public UInt32 SectionAlignment;
-            public UInt32 FileAlignment;
-            public UInt16 MajorOperatingSystemVersion;
-            public UInt16 MinorOperatingSystemVersion;
-            public UInt16 MajorImageVersion;
-            public UInt16 MinorImageVersion;
-            public UInt16 MajorSubsystemVersion;
-            public UInt16 MinorSubsystemVersion;
-            public UInt32 Win32VersionValue;
-            public UInt32 SizeOfImage;
-            public UInt32 SizeOfHeaders;
-            public UInt32 CheckSum;
-            public UInt16 Subsystem;
-            public UInt16 DllCharacteristics;
-            public UInt64 SizeOfStackReserve;
-            public UInt64 SizeOfStackCommit;
-            public UInt64 SizeOfHeapReserve;
-            public UInt64 SizeOfHeapCommit;
-            public UInt32 LoaderFlags;
-            public UInt32 NumberOfRvaAndSizes;
+            public UInt16 _Magic;
+            public Byte _MajorLinkerVersion;
+            public Byte _MinorLinkerVersion;
+            public UInt32 _SizeOfCode;
+            public UInt32 _SizeOfInitializedData;
+            public UInt32 _SizeOfUninitializedData;
+            public UInt32 _AddressOfEntryPoint;
+            public UInt32 _BaseOfCode;
+            public UInt64 _ImageBase;
+            public UInt32 _SectionAlignment;
+            public UInt32 _FileAlignment;
+            public UInt16 _MajorOperatingSystemVersion;
+            public UInt16 _MinorOperatingSystemVersion;
+            public UInt16 _MajorImageVersion;
+            public UInt16 _MinorImageVersion;
+            public UInt16 _MajorSubsystemVersion;
+            public UInt16 _MinorSubsystemVersion;
+            public UInt32 _Win32VersionValue;
+            public UInt32 _SizeOfImage;
+            public UInt32 _SizeOfHeaders;
+            public UInt32 _CheckSum;
+            public UInt16 _Subsystem;
+            public UInt16 _DllCharacteristics;
+            public UInt64 _SizeOfStackReserve;
+            public UInt64 _SizeOfStackCommit;
+            public UInt64 _SizeOfHeapReserve;
+            public UInt64 _SizeOfHeapCommit;
+            public UInt32 _LoaderFlags;
+            public UInt32 _NumberOfRvaAndSizes;
             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
-            public IMAGE_DATA_DIRECTORY[] DataDirectory;
+            public IMAGE_DATA_DIRECTORY[] _DataDirectory;
+
+
+            public string Magic { get { return ((MagicType)_Magic).ToString(); } }
+            public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
+            public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
+
+            public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
+            public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
+            public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
+            public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
+            public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
+
+            public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
+
+            public string SectionAlignment { get { return string.Format("0x{0:x8}", _SectionAlignment); } }
+            public string FileAlignment { get { return string.Format("0x{0:x8}", _FileAlignment); } }
+
+            public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
+            public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
+            public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
+            public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
+            public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
+            public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
+
+            public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
+            public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
+            public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
+            public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
+
+            public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
+            public string DllCharacteristics { get { return string.Format("0x{0:x4}", _DllCharacteristics); } }
+
+            public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
+            public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
+            public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
+            public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
+
+            public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
+            public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
+
+            public override string ToString()
+            {
+                return Magic;
+            }
         }
         [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
         public struct IMAGE_DATA_DIRECTORY
         {
-            public UInt32 VirtualAddress;
-            public UInt32 Size;
+            public UInt32 _VirtualAddress;
+            public UInt32 _Size;
+
+            public string VirtualAddress { get { return string.Format("0x{0:x8}", _VirtualAddress); } }
+            public string Size { get { return string.Format("0x{0:x8}", _Size); } }
         }
         [TypeConverter(typeof(ExpandableObjectConverter))]
         [StructLayout(LayoutKind.Sequential)]
@@ -474,15 +600,15 @@
             _ntHeaders._OptionalHeader64 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER64>(reader);
 
             // Should have 10 data directories
-            if (_ntHeaders.OptionalHeader64.NumberOfRvaAndSizes != 0x10)
+            if (_ntHeaders.OptionalHeader64._NumberOfRvaAndSizes != 0x10)
             {
                 throw new InvalidOperationException("Invalid number of data directories in NT header");
             }
 
             // Scan data directories and load section headers
-            for (int i = 0; i < _ntHeaders.OptionalHeader64.NumberOfRvaAndSizes; i++)
+            for (int i = 0; i < _ntHeaders.OptionalHeader64._NumberOfRvaAndSizes; i++)
             {
-                if (_ntHeaders.OptionalHeader64.DataDirectory[i].Size > 0)
+                if (_ntHeaders._OptionalHeader64._DataDirectory[i]._Size > 0)
                 {
                     _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
                 }
@@ -494,15 +620,15 @@
             _ntHeaders._OptionalHeader32 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER32>(reader);
 
             // Should have 10 data directories
-            if (_ntHeaders.OptionalHeader32.NumberOfRvaAndSizes != 0x10)
+            if (_ntHeaders.OptionalHeader32._NumberOfRvaAndSizes != 0x10)
             {
                 throw new InvalidOperationException("Invalid number of data directories in NT header");
             }
 
             // Scan data directories and load section headers
-            for (int i = 0; i < _ntHeaders.OptionalHeader32.NumberOfRvaAndSizes; i++)
+            for (int i = 0; i < _ntHeaders.OptionalHeader32._NumberOfRvaAndSizes; i++)
             {
-                if (_ntHeaders.OptionalHeader32.DataDirectory[i].Size > 0)
+                if (_ntHeaders._OptionalHeader32._DataDirectory[i]._Size > 0)
                 {
                     _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
                 }

 

  ViewVC Help
Powered by ViewVC 1.1.22