/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
ViewVC logotype

Diff of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 319 by william, Tue Jun 5 18:39:06 2012 UTC revision 320 by william, Tue Jun 5 19:18:20 2012 UTC
# Line 34  namespace Sojaner.MemoryScanner Line 34  namespace Sojaner.MemoryScanner
34              MIPSFPU16 = 0x466,              MIPSFPU16 = 0x466,
35              x64 = 0x8664,              x64 = 0x8664,
36          }          }
37            public enum MagicType : ushort
38            {
39                NT_OPTIONAL_HEADER_NOT_PRESENT, // 0    
40                NT_OPTIONAL_HEADER_32 = 0x10b,
41                NT_OPTIONAL_HEADER_64 = 0x20b
42            }
43            public enum SubSystemType : ushort
44            {
45                IMAGE_SUBSYSTEM_UNKNOWN = 0,
46                IMAGE_SUBSYSTEM_NATIVE = 1,
47                IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
48                IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
49                IMAGE_SUBSYSTEM_POSIX_CUI = 7,
50                IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
51                IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
52                IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
53                IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
54                IMAGE_SUBSYSTEM_EFI_ROM = 13,
55                IMAGE_SUBSYSTEM_XBOX = 14
56    
57            }
58            public enum DllCharacteristicsType : ushort
59            {
60                RES_0 = 0x0001,
61                RES_1 = 0x0002,
62                RES_2 = 0x0004,
63                RES_3 = 0x0008,
64                IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
65                IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
66                IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
67                IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
68                IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
69                IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
70                RES_4 = 0x1000,
71                IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
72                IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
73            }
74          [TypeConverter(typeof(ExpandableObjectConverter))]          [TypeConverter(typeof(ExpandableObjectConverter))]
75          [StructLayout(LayoutKind.Sequential)]          [StructLayout(LayoutKind.Sequential)]
76          public struct IMAGE_DOS_HEADER          public struct IMAGE_DOS_HEADER
# Line 159  namespace Sojaner.MemoryScanner Line 195  namespace Sojaner.MemoryScanner
195          [StructLayout(LayoutKind.Sequential)]          [StructLayout(LayoutKind.Sequential)]
196          public struct IMAGE_OPTIONAL_HEADER32          public struct IMAGE_OPTIONAL_HEADER32
197          {          {
198              public UInt16 Magic;              public UInt16 _Magic;
199              public Byte MajorLinkerVersion;              public Byte _MajorLinkerVersion;
200              public Byte MinorLinkerVersion;              public Byte _MinorLinkerVersion;
201              public UInt32 SizeOfCode;              public UInt32 _SizeOfCode;
202              public UInt32 SizeOfInitializedData;              public UInt32 _SizeOfInitializedData;
203              public UInt32 SizeOfUninitializedData;              public UInt32 _SizeOfUninitializedData;
204              public UInt32 AddressOfEntryPoint;              public UInt32 _AddressOfEntryPoint;
205              public UInt32 BaseOfCode;              public UInt32 _BaseOfCode;
206              public UInt32 BaseOfData;              public UInt32 _BaseOfData; // 32-but specific
207              public UInt32 ImageBase;              public UInt32 _ImageBase;
208              public UInt32 SectionAlignment;              public UInt32 _SectionAlignment;
209              public UInt32 FileAlignment;              public UInt32 _FileAlignment;
210              public UInt16 MajorOperatingSystemVersion;              public UInt16 _MajorOperatingSystemVersion;
211              public UInt16 MinorOperatingSystemVersion;              public UInt16 _MinorOperatingSystemVersion;
212              public UInt16 MajorImageVersion;              public UInt16 _MajorImageVersion;
213              public UInt16 MinorImageVersion;              public UInt16 _MinorImageVersion;
214              public UInt16 MajorSubsystemVersion;              public UInt16 _MajorSubsystemVersion;
215              public UInt16 MinorSubsystemVersion;              public UInt16 _MinorSubsystemVersion;
216              public UInt32 Win32VersionValue;              public UInt32 _Win32VersionValue;
217              public UInt32 SizeOfImage;              public UInt32 _SizeOfImage;
218              public UInt32 SizeOfHeaders;              public UInt32 _SizeOfHeaders;
219              public UInt32 CheckSum;              public UInt32 _CheckSum;
220              public UInt16 Subsystem;              public UInt16 _Subsystem;
221              public UInt16 DllCharacteristics;              public UInt16 _DllCharacteristics;
222              public UInt32 SizeOfStackReserve;              public UInt32 _SizeOfStackReserve;
223              public UInt32 SizeOfStackCommit;              public UInt32 _SizeOfStackCommit;
224              public UInt32 SizeOfHeapReserve;              public UInt32 _SizeOfHeapReserve;
225              public UInt32 SizeOfHeapCommit;              public UInt32 _SizeOfHeapCommit;
226              public UInt32 LoaderFlags;              public UInt32 _LoaderFlags;
227              public UInt32 NumberOfRvaAndSizes;              public UInt32 _NumberOfRvaAndSizes;
228              [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]              [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
229              public IMAGE_DATA_DIRECTORY[] DataDirectory;              public IMAGE_DATA_DIRECTORY[] _DataDirectory;
230    
231    
232                public string Magic { get { return ((MagicType)_Magic).ToString(); } }
233                public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
234                public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
235    
236                public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
237                public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
238                public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
239                public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
240                public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
241                public string BaseOfData { get { return string.Format("0x{0:x8}", _BaseOfData); } }
242                public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
243    
244                public string SectionAlignment { get { return string.Format("0x{0:x8}", _SectionAlignment); } }
245                public string FileAlignment { get { return string.Format("0x{0:x8}", _FileAlignment); } }
246    
247                public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
248                public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
249                public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
250                public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
251                public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
252                public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
253    
254                public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
255                public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
256                public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
257                public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
258    
259                public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
260                public string DllCharacteristics { get { return string.Format("0x{0:x4}", _DllCharacteristics); } }
261    
262                public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
263                public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
264                public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
265                public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
266    
267                public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
268                public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
269                public override string ToString()
270                {
271                    return Magic;
272                }
273          }          }
274          [TypeConverter(typeof(ExpandableObjectConverter))]          [TypeConverter(typeof(ExpandableObjectConverter))]
275          [StructLayout(LayoutKind.Sequential)]          [StructLayout(LayoutKind.Sequential)]
276          public struct IMAGE_OPTIONAL_HEADER64          public struct IMAGE_OPTIONAL_HEADER64
277          {          {
278              public UInt16 Magic;              public UInt16 _Magic;
279              public Byte MajorLinkerVersion;              public Byte _MajorLinkerVersion;
280              public Byte MinorLinkerVersion;              public Byte _MinorLinkerVersion;
281              public UInt32 SizeOfCode;              public UInt32 _SizeOfCode;
282              public UInt32 SizeOfInitializedData;              public UInt32 _SizeOfInitializedData;
283              public UInt32 SizeOfUninitializedData;              public UInt32 _SizeOfUninitializedData;
284              public UInt32 AddressOfEntryPoint;              public UInt32 _AddressOfEntryPoint;
285              public UInt32 BaseOfCode;              public UInt32 _BaseOfCode;
286              public UInt64 ImageBase;              public UInt64 _ImageBase;
287              public UInt32 SectionAlignment;              public UInt32 _SectionAlignment;
288              public UInt32 FileAlignment;              public UInt32 _FileAlignment;
289              public UInt16 MajorOperatingSystemVersion;              public UInt16 _MajorOperatingSystemVersion;
290              public UInt16 MinorOperatingSystemVersion;              public UInt16 _MinorOperatingSystemVersion;
291              public UInt16 MajorImageVersion;              public UInt16 _MajorImageVersion;
292              public UInt16 MinorImageVersion;              public UInt16 _MinorImageVersion;
293              public UInt16 MajorSubsystemVersion;              public UInt16 _MajorSubsystemVersion;
294              public UInt16 MinorSubsystemVersion;              public UInt16 _MinorSubsystemVersion;
295              public UInt32 Win32VersionValue;              public UInt32 _Win32VersionValue;
296              public UInt32 SizeOfImage;              public UInt32 _SizeOfImage;
297              public UInt32 SizeOfHeaders;              public UInt32 _SizeOfHeaders;
298              public UInt32 CheckSum;              public UInt32 _CheckSum;
299              public UInt16 Subsystem;              public UInt16 _Subsystem;
300              public UInt16 DllCharacteristics;              public UInt16 _DllCharacteristics;
301              public UInt64 SizeOfStackReserve;              public UInt64 _SizeOfStackReserve;
302              public UInt64 SizeOfStackCommit;              public UInt64 _SizeOfStackCommit;
303              public UInt64 SizeOfHeapReserve;              public UInt64 _SizeOfHeapReserve;
304              public UInt64 SizeOfHeapCommit;              public UInt64 _SizeOfHeapCommit;
305              public UInt32 LoaderFlags;              public UInt32 _LoaderFlags;
306              public UInt32 NumberOfRvaAndSizes;              public UInt32 _NumberOfRvaAndSizes;
307              [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]              [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
308              public IMAGE_DATA_DIRECTORY[] DataDirectory;              public IMAGE_DATA_DIRECTORY[] _DataDirectory;
309    
310    
311                public string Magic { get { return ((MagicType)_Magic).ToString(); } }
312                public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
313                public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
314    
315                public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
316                public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
317                public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
318                public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
319                public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
320    
321                public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
322    
323                public string SectionAlignment { get { return string.Format("0x{0:x8}", _SectionAlignment); } }
324                public string FileAlignment { get { return string.Format("0x{0:x8}", _FileAlignment); } }
325    
326                public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
327                public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
328                public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
329                public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
330                public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
331                public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
332    
333                public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
334                public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
335                public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
336                public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
337    
338                public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
339                public string DllCharacteristics { get { return string.Format("0x{0:x4}", _DllCharacteristics); } }
340    
341                public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
342                public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
343                public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
344                public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
345    
346                public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
347                public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
348    
349                public override string ToString()
350                {
351                    return Magic;
352                }
353          }          }
354          [TypeConverter(typeof(ExpandableObjectConverter))]          [TypeConverter(typeof(ExpandableObjectConverter))]
355          [StructLayout(LayoutKind.Sequential)]          [StructLayout(LayoutKind.Sequential)]
356          public struct IMAGE_DATA_DIRECTORY          public struct IMAGE_DATA_DIRECTORY
357          {          {
358              public UInt32 VirtualAddress;              public UInt32 _VirtualAddress;
359              public UInt32 Size;              public UInt32 _Size;
360    
361                public string VirtualAddress { get { return string.Format("0x{0:x8}", _VirtualAddress); } }
362                public string Size { get { return string.Format("0x{0:x8}", _Size); } }
363          }          }
364          [TypeConverter(typeof(ExpandableObjectConverter))]          [TypeConverter(typeof(ExpandableObjectConverter))]
365          [StructLayout(LayoutKind.Sequential)]          [StructLayout(LayoutKind.Sequential)]
# Line 474  namespace Sojaner.MemoryScanner Line 600  namespace Sojaner.MemoryScanner
600              _ntHeaders._OptionalHeader64 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER64>(reader);              _ntHeaders._OptionalHeader64 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER64>(reader);
601    
602              // Should have 10 data directories              // Should have 10 data directories
603              if (_ntHeaders.OptionalHeader64.NumberOfRvaAndSizes != 0x10)              if (_ntHeaders.OptionalHeader64._NumberOfRvaAndSizes != 0x10)
604              {              {
605                  throw new InvalidOperationException("Invalid number of data directories in NT header");                  throw new InvalidOperationException("Invalid number of data directories in NT header");
606              }              }
607    
608              // Scan data directories and load section headers              // Scan data directories and load section headers
609              for (int i = 0; i < _ntHeaders.OptionalHeader64.NumberOfRvaAndSizes; i++)              for (int i = 0; i < _ntHeaders.OptionalHeader64._NumberOfRvaAndSizes; i++)
610              {              {
611                  if (_ntHeaders.OptionalHeader64.DataDirectory[i].Size > 0)                  if (_ntHeaders._OptionalHeader64._DataDirectory[i]._Size > 0)
612                  {                  {
613                      _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));                      _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
614                  }                  }
# Line 494  namespace Sojaner.MemoryScanner Line 620  namespace Sojaner.MemoryScanner
620              _ntHeaders._OptionalHeader32 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER32>(reader);              _ntHeaders._OptionalHeader32 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER32>(reader);
621    
622              // Should have 10 data directories              // Should have 10 data directories
623              if (_ntHeaders.OptionalHeader32.NumberOfRvaAndSizes != 0x10)              if (_ntHeaders.OptionalHeader32._NumberOfRvaAndSizes != 0x10)
624              {              {
625                  throw new InvalidOperationException("Invalid number of data directories in NT header");                  throw new InvalidOperationException("Invalid number of data directories in NT header");
626              }              }
627    
628              // Scan data directories and load section headers              // Scan data directories and load section headers
629              for (int i = 0; i < _ntHeaders.OptionalHeader32.NumberOfRvaAndSizes; i++)              for (int i = 0; i < _ntHeaders.OptionalHeader32._NumberOfRvaAndSizes; i++)
630              {              {
631                  if (_ntHeaders.OptionalHeader32.DataDirectory[i].Size > 0)                  if (_ntHeaders._OptionalHeader32._DataDirectory[i]._Size > 0)
632                  {                  {
633                      _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));                      _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
634                  }                  }

Legend:
Removed from v.319  
changed lines
  Added in v.320

  ViewVC Help
Powered by ViewVC 1.1.22