Parent Directory
| 
Revision Log
| 
Patch
--- trunk/Win32/Sojaner.MemoryScanner/PEReader.cs 2012/06/05 09:06:27 289
+++ trunk/Win32/Sojaner.MemoryScanner/PEReader.cs 2012/06/05 09:30:32 290
@@ -12,44 +12,78 @@
public class PEReader
{
public PEReader(FileInfo fi) : this(fi.FullName) { }
- public PEReader(string filename) { this.Read(filename); }
+ public PEReader(string filename)
+ {
+ Exception ErrorInfo = null;
+ try
+ {
+ this.Read(filename, out ErrorInfo);
+ }
+ catch (Exception ex)
+ {
+ logger.Error.WriteLine("PEReader: Failed to read process: {0}", filename);
+ if (ErrorInfo != null)
+ {
+ //logger.Error.WriteLine(ErrorInfo.GetBaseException().ToString());
+ throw ErrorInfo;
+ }
+ else
+ {
+ //logger.Error.WriteLine(ex.GetBaseException().ToString());
+ throw ex;
+ }
+ }
+ }
#region marshalling
- private void Read(string filename)
+ private void Read(string filename, out Exception ErrorInfo)
{
- logger.Debug.WriteLine("Reading Exe: {0}", filename);
-
- using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read))
+ ErrorInfo = null;
+ try
{
- byte[] data = new byte[] { };
- GCHandle pinnedPacket = new GCHandle();
- int size = 0;
- BinaryReader br = new BinaryReader(fs);
+ logger.Debug.WriteLine("Reading Exe: {0}", filename);
- #region IMAGE_DOS_HEADER
- size = Marshal.SizeOf(typeof(IMAGE_DOS_HEADER));
- data = br.ReadBytes(size);
- pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
- IMAGE_DOS_HEADER DOS_HEADER = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_DOS_HEADER));
- pinnedPacket.Free();
- #endregion
-
- // skip the old dos stub
- br.BaseStream.Seek(DOS_HEADER.e_lfanew, SeekOrigin.Begin);
-
- #region IMAGE_NT_HEADERS
- size = Marshal.SizeOf(typeof(IMAGE_NT_HEADERS));
- data = br.ReadBytes(size);
- pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
- IMAGE_NT_HEADERS NT_HEADER = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_NT_HEADERS));
- pinnedPacket.Free();
- #endregion
-
-
- br.Close();
+ using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read))
+ {
+ try
+ {
+ byte[] data = new byte[] { };
+ GCHandle pinnedPacket = new GCHandle();
+ int size = 0;
+ BinaryReader br = new BinaryReader(fs);
+
+ #region IMAGE_DOS_HEADER
+ size = Marshal.SizeOf(typeof(IMAGE_DOS_HEADER));
+ data = br.ReadBytes(size);
+ pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
+ IMAGE_DOS_HEADER DOS_HEADER = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_DOS_HEADER));
+ pinnedPacket.Free();
+ #endregion
+
+ // skip the old dos stub
+ br.BaseStream.Seek(DOS_HEADER.e_lfanew, SeekOrigin.Begin);
+
+ #region IMAGE_NT_HEADERS
+ size = Marshal.SizeOf(typeof(IMAGE_NT_HEADERS));
+ data = br.ReadBytes(size);
+ pinnedPacket = GCHandle.Alloc(data, GCHandleType.Pinned);
+ IMAGE_NT_HEADERS NT_HEADER = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(pinnedPacket.AddrOfPinnedObject(), typeof(IMAGE_NT_HEADERS));
+ pinnedPacket.Free();
+ #endregion
+
+
+ br.Close();
+ }
+ catch (Exception ex)
+ {
+ ErrorInfo = ex;
+ }
+ }
+ }
+ catch (Exception ex)
+ {
+ ErrorInfo = ex;
}
-
-
}
#endregion
@@ -121,7 +155,7 @@
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public char[] Signature;
- [FieldOffset(4)]
+ [FieldOffset(8)]
public IMAGE_FILE_HEADER FileHeader;
[FieldOffset(24)]
| ViewVC Help | |
| Powered by ViewVC 1.1.22 |