/[RomCheater]/trunk/Win32/Sojaner.MemoryScanner/PEReader.cs
ViewVC logotype

Contents of /trunk/Win32/Sojaner.MemoryScanner/PEReader.cs

Parent Directory Parent Directory | Revision Log Revision Log

Revision 340 - (show annotations) (download)
Fri Jun 8 01:12:08 2012 UTC (9 years, 11 months ago) by william
File size: 49626 byte(s) 
+ wip for data direcory tables
1 #define ENABLE_LOGGING
2 using System;
3 using System.Collections.Generic;
4 using System.Linq;
5 using System.Text;
6 using System.IO;
7 using RomCheater.Logging;
8 using System.Runtime.InteropServices;
9 using System.Diagnostics;
10 using System.ComponentModel;
11 using RomCheater.PluginFramework.Events;
12 using Sojaner.MemoryScanner;
13
14 namespace RomCheater.PluginFramework.Events
15 {
16 public interface IAcceptPEData
17 {
18 void SetPEViewerData(PEReader.PEData peData);
19 }
20 public interface IAcceptsPEData
21 {
22 event BaseEventHandler<PEViewerDataUpdatedEvent> OnPEDataUpdated;
23 }
24 public interface IPEViewerDataUpdatedEvent
25 {
26 PEReader.PEData PEData { get; }
27 }
28 public class PEViewerDataUpdatedEvent : BaseEventArgs, IPEViewerDataUpdatedEvent
29 {
30 public PEViewerDataUpdatedEvent() : this(new PEReader.PEData()) { }
31 public PEViewerDataUpdatedEvent(object sender) : this(sender, new PEReader.PEData()) { }
32 public PEViewerDataUpdatedEvent(PEReader.PEData peData) : base() { this.PEData = peData; }
33 public PEViewerDataUpdatedEvent(object sender, PEReader.PEData peData) : base(sender) { this.PEData = peData; }
34 #region IPEViewerDataUpdatedEvent members
35 public PEReader.PEData PEData { get; private set; }
36 #endregion
37 }
38 }
39 namespace Sojaner.MemoryScanner
40 {
41 public class PEReader
42 {
43 // Code (C) Sergey utilized from: http://www.sergeyakopov.com/2010/11/03/reading-pe-format-using-data-marshalling-in-net/
44 #region Structs
45
46 [Flags]
47 public enum MachineTypeFlags
48 {
49 x86 = 0x14C,
50 Alpha = 0x184,
51 ARM = 0x1C0,
52 MIPS16R3000 = 0x162,
53 MIPS16R4000 = 0x166,
54 MIPS16R10000 = 0x168,
55 PowerPCLE = 0x1F0,
56 PowerPCBE = 0x1F2,
57 Itanium = 0x200,
58 MIPS16 = 0x266,
59 Alpha64 = 0x284,
60 MIPSFPU = 0x366,
61 MIPSFPU16 = 0x466,
62 x64 = 0x8664,
63 }
64 public enum MagicType : ushort
65 {
66 NT_OPTIONAL_HEADER_NOT_PRESENT, // 0
67 NT_OPTIONAL_HEADER_32 = 0x10b,
68 NT_OPTIONAL_HEADER_64 = 0x20b
69 }
70 public enum SubSystemType : ushort
71 {
72 IMAGE_SUBSYSTEM_UNKNOWN = 0,
73 IMAGE_SUBSYSTEM_NATIVE = 1,
74 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
75 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
76 IMAGE_SUBSYSTEM_POSIX_CUI = 7,
77 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
78 IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
79 IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
80 IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
81 IMAGE_SUBSYSTEM_EFI_ROM = 13,
82 IMAGE_SUBSYSTEM_XBOX = 14
83
84 }
85 public enum DllCharacteristicsType : ushort
86 {
87 RES_0 = 0x0001,
88 RES_1 = 0x0002,
89 RES_2 = 0x0004,
90 RES_3 = 0x0008,
91 IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040,
92 IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
93 IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100,
94 IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
95 IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
96 IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
97 RES_4 = 0x1000,
98 IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
99 IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
100 }
101 [Flags]
102 public enum DataSectionFlags : uint
103 {
104 /// <summary>
105 /// Reserved for future use.
106 /// </summary>
107 TypeReg = 0x00000000,
108 /// <summary>
109 /// Reserved for future use.
110 /// </summary>
111 TypeDsect = 0x00000001,
112 /// <summary>
113 /// Reserved for future use.
114 /// </summary>
115 TypeNoLoad = 0x00000002,
116 /// <summary>
117 /// Reserved for future use.
118 /// </summary>
119 TypeGroup = 0x00000004,
120 /// <summary>
121 /// The section should not be padded to the next boundary. This flag is obsolete and is replaced by IMAGE_SCN_ALIGN_1BYTES. This is valid only for object files.
122 /// </summary>
123 TypeNoPadded = 0x00000008,
124 /// <summary>
125 /// Reserved for future use.
126 /// </summary>
127 TypeCopy = 0x00000010,
128 /// <summary>
129 /// The section contains executable code.
130 /// </summary>
131 ContentCode = 0x00000020,
132 /// <summary>
133 /// The section contains initialized data.
134 /// </summary>
135 ContentInitializedData = 0x00000040,
136 /// <summary>
137 /// The section contains uninitialized data.
138 /// </summary>
139 ContentUninitializedData = 0x00000080,
140 /// <summary>
141 /// Reserved for future use.
142 /// </summary>
143 LinkOther = 0x00000100,
144 /// <summary>
145 /// The section contains comments or other information. The .drectve section has this type. This is valid for object files only.
146 /// </summary>
147 LinkInfo = 0x00000200,
148 /// <summary>
149 /// Reserved for future use.
150 /// </summary>
151 TypeOver = 0x00000400,
152 /// <summary>
153 /// The section will not become part of the image. This is valid only for object files.
154 /// </summary>
155 LinkRemove = 0x00000800,
156 /// <summary>
157 /// The section contains COMDAT data. For more information, see section 5.5.6, COMDAT Sections (Object Only). This is valid only for object files.
158 /// </summary>
159 LinkComDat = 0x00001000,
160 /// <summary>
161 /// Reset speculative exceptions handling bits in the TLB entries for this section.
162 /// </summary>
163 NoDeferSpecExceptions = 0x00004000,
164 /// <summary>
165 /// The section contains data referenced through the global pointer (GP).
166 /// </summary>
167 RelativeGP = 0x00008000,
168 /// <summary>
169 /// Reserved for future use.
170 /// </summary>
171 MemPurgeable = 0x00020000,
172 /// <summary>
173 /// Reserved for future use.
174 /// </summary>
175 Memory16Bit = 0x00020000,
176 /// <summary>
177 /// Reserved for future use.
178 /// </summary>
179 MemoryLocked = 0x00040000,
180 /// <summary>
181 /// Reserved for future use.
182 /// </summary>
183 MemoryPreload = 0x00080000,
184 /// <summary>
185 /// Align data on a 1-byte boundary. Valid only for object files.
186 /// </summary>
187 Align1Bytes = 0x00100000,
188 /// <summary>
189 /// Align data on a 2-byte boundary. Valid only for object files.
190 /// </summary>
191 Align2Bytes = 0x00200000,
192 /// <summary>
193 /// Align data on a 4-byte boundary. Valid only for object files.
194 /// </summary>
195 Align4Bytes = 0x00300000,
196 /// <summary>
197 /// Align data on an 8-byte boundary. Valid only for object files.
198 /// </summary>
199 Align8Bytes = 0x00400000,
200 /// <summary>
201 /// Align data on a 16-byte boundary. Valid only for object files.
202 /// </summary>
203 Align16Bytes = 0x00500000,
204 /// <summary>
205 /// Align data on a 32-byte boundary. Valid only for object files.
206 /// </summary>
207 Align32Bytes = 0x00600000,
208 /// <summary>
209 /// Align data on a 64-byte boundary. Valid only for object files.
210 /// </summary>
211 Align64Bytes = 0x00700000,
212 /// <summary>
213 /// Align data on a 128-byte boundary. Valid only for object files.
214 /// </summary>
215 Align128Bytes = 0x00800000,
216 /// <summary>
217 /// Align data on a 256-byte boundary. Valid only for object files.
218 /// </summary>
219 Align256Bytes = 0x00900000,
220 /// <summary>
221 /// Align data on a 512-byte boundary. Valid only for object files.
222 /// </summary>
223 Align512Bytes = 0x00A00000,
224 /// <summary>
225 /// Align data on a 1024-byte boundary. Valid only for object files.
226 /// </summary>
227 Align1024Bytes = 0x00B00000,
228 /// <summary>
229 /// Align data on a 2048-byte boundary. Valid only for object files.
230 /// </summary>
231 Align2048Bytes = 0x00C00000,
232 /// <summary>
233 /// Align data on a 4096-byte boundary. Valid only for object files.
234 /// </summary>
235 Align4096Bytes = 0x00D00000,
236 /// <summary>
237 /// Align data on an 8192-byte boundary. Valid only for object files.
238 /// </summary>
239 Align8192Bytes = 0x00E00000,
240 /// <summary>
241 /// The section contains extended relocations.
242 /// </summary>
243 LinkExtendedRelocationOverflow = 0x01000000,
244 /// <summary>
245 /// The section can be discarded as needed.
246 /// </summary>
247 MemoryDiscardable = 0x02000000,
248 /// <summary>
249 /// The section cannot be cached.
250 /// </summary>
251 MemoryNotCached = 0x04000000,
252 /// <summary>
253 /// The section is not pageable.
254 /// </summary>
255 MemoryNotPaged = 0x08000000,
256 /// <summary>
257 /// The section can be shared in memory.
258 /// </summary>
259 MemoryShared = 0x10000000,
260 /// <summary>
261 /// The section can be executed as code.
262 /// </summary>
263 MemoryExecute = 0x20000000,
264 /// <summary>
265 /// The section can be read.
266 /// </summary>
267 MemoryRead = 0x40000000,
268 /// <summary>
269 /// The section can be written to.
270 /// </summary>
271 MemoryWrite = 0x80000000
272 }
273 [TypeConverter(typeof(ExpandableObjectConverter))]
274 [StructLayout(LayoutKind.Sequential)]
275 public struct IMAGE_DOS_HEADER
276 {
277 public UInt16 _e_magic;
278 public UInt16 _e_cblp;
279 public UInt16 _e_cp;
280 public UInt16 _e_crlc;
281 public UInt16 _e_cparhdr;
282 public UInt16 _e_minalloc;
283 public UInt16 _e_maxalloc;
284 public UInt16 _e_ss;
285 public UInt16 _e_sp;
286 public UInt16 _e_csum;
287 public UInt16 _e_ip;
288 public UInt16 _e_cs;
289 public UInt16 _e_lfarlc;
290 public UInt16 _e_ovno;
291 [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
292 public UInt16[] _e_res1;
293 public UInt16 _e_oemid;
294 public UInt16 _e_oeminfo;
295 [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
296 public UInt16[] _e_res2;
297 public UInt32 _e_lfanew;
298
299 public string e_magic { get { return string.Format("0x{0:x4}", _e_magic); } }
300 public string e_cblp { get { return string.Format("0x{0:x4}", _e_cblp); } }
301 public string e_cp { get { return string.Format("0x{0:x4}", _e_cp); } }
302 public string e_crlc { get { return string.Format("0x{0:x4}", _e_crlc); } }
303 public string e_cparhdr { get { return string.Format("0x{0:x4}", _e_cparhdr); } }
304 public string e_minalloc { get { return string.Format("0x{0:x4}", _e_minalloc); } }
305 public string e_maxalloc { get { return string.Format("0x{0:x4}", _e_maxalloc); } }
306 public string e_ss { get { return string.Format("0x{0:x4}", _e_ss); } }
307 public string e_sp { get { return string.Format("0x{0:x4}", _e_sp); } }
308 public string e_csum { get { return string.Format("0x{0:x4}", _e_csum); } }
309 public string e_ip { get { return string.Format("0x{0:x4}", _e_ip); } }
310 public string e_cs { get { return string.Format("0x{0:x4}", _e_cs); } }
311 public string e_lfarlc { get { return string.Format("0x{0:x4}", _e_lfarlc); } }
312 public string e_ovno { get { return string.Format("0x{0:x4}", _e_ovno); } }
313 public ushort[] e_res1 { get { return _e_res1; } }
314 public string e_oemid { get { return string.Format("0x{0:x4}", _e_oemid); } }
315 public string e_oeminfo { get { return string.Format("0x{0:x4}", _e_oeminfo); } }
316 public ushort[] e_res2 { get { return _e_res2; } }
317 public string e_lfanew { get { return string.Format("0x{0:x8}", _e_lfanew); } }
318
319 public override string ToString()
320 {
321 return Encoding.UTF8.GetString(BitConverter.GetBytes(_e_magic));
322 }
323 }
324 [TypeConverter(typeof(ExpandableObjectConverter))]
325 [StructLayout(LayoutKind.Sequential)]
326 public struct IMAGE_NT_HEADERS
327 {
328 public UInt32 _Signature;
329 public IMAGE_FILE_HEADER _FileHeader;
330 public IMAGE_OPTIONAL_HEADER32 _OptionalHeader32;
331 public IMAGE_OPTIONAL_HEADER64 _OptionalHeader64;
332
333 public string Signature { get { return string.Format("0x{0:x8}", _Signature); } }
334 public IMAGE_FILE_HEADER FileHeader { get { return _FileHeader; } }
335 public IMAGE_OPTIONAL_HEADER32 OptionalHeader32 { get { return _OptionalHeader32;} }
336 public IMAGE_OPTIONAL_HEADER64 OptionalHeader64 { get { return _OptionalHeader64;} }
337
338 public override string ToString()
339 {
340 return Encoding.UTF8.GetString(BitConverter.GetBytes(_Signature));
341 }
342 }
343 [TypeConverter(typeof(ExpandableObjectConverter))]
344 [StructLayout(LayoutKind.Sequential)]
345 public struct IMAGE_FILE_HEADER
346 {
347 public UInt16 _MachineType;
348 public UInt16 _NumberOfSections;
349 public Int32 _TimeDateStamp;
350 public UInt32 _PointerToSymbolTable;
351 public UInt32 _NumberOfSymbols;
352 public UInt16 _SizeOfOptionalHeader;
353 public UInt16 _Characteristics;
354
355
356 public string MachineType { get { return ((MachineTypeFlags)_MachineType).ToString(); } }
357 public string NumberOfSections { get { return string.Format("0x{0:x4}", _NumberOfSections); } }
358 public string TimeDateStamp { get { return string.Format("{0} (0x{1:x8})", GetDateTimeFromDosDateTime(_TimeDateStamp).ToString(), _TimeDateStamp); } }
359 public string PointerToSymbolTable { get { return string.Format("0x{0:x8}", _PointerToSymbolTable); } }
360 public string NumberOfSymbols { get { return string.Format("0x{0:x8}", _NumberOfSymbols); } }
361 public string SizeOfOptionalHeader { get { return string.Format("0x{0:x4}", _SizeOfOptionalHeader); } }
362 public string Characteristics { get { return string.Format("0x{0:x4}", _Characteristics); } }
363 public override string ToString()
364 {
365 return MachineType;
366 }
367
368 private DateTime GetDateTimeFromDosDateTime(Int32 i32TimeDate)
369 {
370 Int16 i16Time = (Int16)(i32TimeDate & 0xFFFF);
371 Int16 i16Date = (Int16)((i32TimeDate & 0xFFFF0000) >> 16);
372 return GetDateTimeFromDosDateTime(i16Time, i16Date);
373 }
374 private DateTime GetDateTimeFromDosDateTime(Int16 i16Time, Int16 i16Date)
375 {
376 try
377 {
378 int iYear = 0;
379 int iMonth = 1;
380 int iDay = 1;
381 int iHour = 0;
382 int iMinute = 0;
383 int iSecond = 0;
384 iDay = (i16Date & 0x1F);
385 iMonth = ((i16Date & 0x01E0) >> 5);
386 iYear = 1980 + ((i16Date & 0xFE00) >> 9);
387 iSecond = (i16Time & 0x1F) * 2;
388 iMinute = ((i16Time & 0x07E0) >> 5);
389 iHour = ((i16Time & 0x0F800) >> 11);
390 return new DateTime(iYear, iMonth, iDay, iHour, iMinute, iSecond);
391 }
392 catch
393 {
394 return new DateTime();
395 }
396 }
397
398 }
399 [TypeConverter(typeof(ExpandableObjectConverter))]
400 [StructLayout(LayoutKind.Explicit)]
401 public struct IMAGE_OPTIONAL_HEADER32
402 {
403 [FieldOffset(0)]
404 public MagicType _Magic;
405 [FieldOffset(2)]
406 public byte _MajorLinkerVersion;
407 [FieldOffset(3)]
408 public byte _MinorLinkerVersion;
409 [FieldOffset(4)]
410 public uint _SizeOfCode;
411 [FieldOffset(8)]
412 public uint _SizeOfInitializedData;
413 [FieldOffset(12)]
414 public uint _SizeOfUninitializedData;
415 [FieldOffset(16)]
416 public uint _AddressOfEntryPoint;
417 [FieldOffset(20)]
418 public uint _BaseOfCode;
419 // PE32 contains this additional field
420 [FieldOffset(24)]
421 public uint _BaseOfData;
422 [FieldOffset(28)]
423 public uint _ImageBase;
424 [FieldOffset(32)]
425 public uint _SectionAlignment;
426 [FieldOffset(36)]
427 public uint _FileAlignment;
428 [FieldOffset(40)]
429 public ushort _MajorOperatingSystemVersion;
430 [FieldOffset(42)]
431 public ushort _MinorOperatingSystemVersion;
432 [FieldOffset(44)]
433 public ushort _MajorImageVersion;
434 [FieldOffset(46)]
435 public ushort _MinorImageVersion;
436 [FieldOffset(48)]
437 public ushort _MajorSubsystemVersion;
438 [FieldOffset(50)]
439 public ushort _MinorSubsystemVersion;
440 [FieldOffset(52)]
441 public uint _Win32VersionValue;
442 [FieldOffset(56)]
443 public uint _SizeOfImage;
444 [FieldOffset(60)]
445 public uint _SizeOfHeaders;
446 [FieldOffset(64)]
447 public uint _CheckSum;
448 [FieldOffset(68)]
449 public SubSystemType _Subsystem;
450 [FieldOffset(70)]
451 public DllCharacteristicsType _DllCharacteristics;
452 [FieldOffset(72)]
453 public uint _SizeOfStackReserve;
454 [FieldOffset(76)]
455 public uint _SizeOfStackCommit;
456 [FieldOffset(80)]
457 public uint _SizeOfHeapReserve;
458 [FieldOffset(84)]
459 public uint _SizeOfHeapCommit;
460 [FieldOffset(88)]
461 public uint _LoaderFlags;
462 [FieldOffset(92)]
463 public uint _NumberOfRvaAndSizes;
464 //[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
465 //public IMAGE_DATA_DIRECTORY[] _DataDirectory;
466
467 /*
468 * Offset (PE/PE32+) Description
469 96/112 Export table address and size
470 104/120 Import table address and size
471 112/128 Resource table address and size
472 120/136 Exception table address and size
473 128/144 Certificate table address and size
474 136/152 Base relocation table address and size
475 144/160 Debugging information starting address and size
476 152/168 Architecture-specific data address and size
477 160/176 Global pointer register relative virtual address
478 168/184 Thread local storage (TLS) table address and size
479 176/192 Load configuration table address and size
480 184/200 Bound import table address and size
481 192/208 Import address table address and size
482 200/216 Delay import descriptor address and size
483 208/224 The CLR header address and size
484 216/232 Reserved
485 */
486 [FieldOffset(96)]
487 public IMAGE_DATA_DIRECTORY _ExportTable;
488 public IMAGE_DATA_DIRECTORY ExportTable { get { return _ExportTable; } }
489 [FieldOffset(104)]
490 public IMAGE_DATA_DIRECTORY _ImportTable;
491 public IMAGE_DATA_DIRECTORY ImportTable { get { return _ImportTable; } }
492 [FieldOffset(112)]
493 public IMAGE_DATA_DIRECTORY _ResourceTable;
494 public IMAGE_DATA_DIRECTORY ResourceTable { get { return _ResourceTable; } }
495 [FieldOffset(120)]
496 public IMAGE_DATA_DIRECTORY _ExceptionTable;
497 public IMAGE_DATA_DIRECTORY ExceptionTable { get { return _ExceptionTable; } }
498 [FieldOffset(128)]
499 public IMAGE_DATA_DIRECTORY _CertificateTable;
500 public IMAGE_DATA_DIRECTORY CertificateTable { get { return _CertificateTable; } }
501 [FieldOffset(136)]
502 public IMAGE_DATA_DIRECTORY _BaseRelocationTable;
503 public IMAGE_DATA_DIRECTORY BaseRelocationTable { get { return _BaseRelocationTable; } }
504 [FieldOffset(144)]
505 public IMAGE_DATA_DIRECTORY _Debug;
506 public IMAGE_DATA_DIRECTORY Debug { get { return _Debug; } }
507 [FieldOffset(152)]
508 public IMAGE_DATA_DIRECTORY _Architecture;
509 public IMAGE_DATA_DIRECTORY Architecture { get { return _Architecture; } }
510 [FieldOffset(160)]
511 public IMAGE_DATA_DIRECTORY _GlobalPtr;
512 public IMAGE_DATA_DIRECTORY GlobalPtr { get { return _GlobalPtr; } }
513 [FieldOffset(168)]
514 public IMAGE_DATA_DIRECTORY _TLSTable;
515 public IMAGE_DATA_DIRECTORY TLSTable { get { return _TLSTable; } }
516 [FieldOffset(176)]
517 public IMAGE_DATA_DIRECTORY _LoadConfigTable;
518 public IMAGE_DATA_DIRECTORY LoadConfigTable { get { return _LoadConfigTable; } }
519 [FieldOffset(184)]
520 public IMAGE_DATA_DIRECTORY _BoundImport;
521 public IMAGE_DATA_DIRECTORY BoundImport { get { return _BoundImport; } }
522 [FieldOffset(192)]
523 public IMAGE_DATA_DIRECTORY _IAT;
524 public IMAGE_DATA_DIRECTORY IAT { get { return _IAT; } }
525 [FieldOffset(200)]
526 public IMAGE_DATA_DIRECTORY _DelayImportDescriptor;
527 public IMAGE_DATA_DIRECTORY DelayImportDescriptor { get { return _DelayImportDescriptor; } }
528 [FieldOffset(208)]
529 public IMAGE_DATA_DIRECTORY _CLRRuntimeHeader;
530 public IMAGE_DATA_DIRECTORY CLRRuntimeHeader { get { return _CLRRuntimeHeader; } }
531 [FieldOffset(216)]
532 public IMAGE_DATA_DIRECTORY _Reserved;
533 public IMAGE_DATA_DIRECTORY Reserved { get { return _ExportTable; } }
534
535
536 public string Magic { get { return ((MagicType)_Magic).ToString(); } }
537 public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
538 public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
539
540 public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
541 public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
542 public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
543 public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
544 public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
545 public string BaseOfData { get { return string.Format("0x{0:x8}", _BaseOfData); } }
546 public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
547
548 public string SectionAlignment { get { return _SectionAlignment.ToString();} }
549 public string FileAlignment { get { return _FileAlignment.ToString(); } }
550
551 public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
552 public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
553 public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
554 public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
555 public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
556 public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
557
558 public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
559 public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
560 public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
561 public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
562
563 public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
564 public string DllCharacteristics { get { return ((DllCharacteristicsType)_DllCharacteristics).ToString(); } }
565
566 public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
567 public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
568 public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
569 public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
570
571 public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
572 public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
573 public override string ToString()
574 {
575 return Magic;
576 }
577 }
578 [TypeConverter(typeof(ExpandableObjectConverter))]
579 [StructLayout(LayoutKind.Explicit)]
580 public struct IMAGE_OPTIONAL_HEADER64
581 {
582 [FieldOffset(0)]
583 public MagicType _Magic;
584 [FieldOffset(2)]
585 public byte _MajorLinkerVersion;
586 [FieldOffset(3)]
587 public byte _MinorLinkerVersion;
588 [FieldOffset(4)]
589 public uint _SizeOfCode;
590 [FieldOffset(8)]
591 public uint _SizeOfInitializedData;
592 [FieldOffset(12)]
593 public uint _SizeOfUninitializedData;
594 [FieldOffset(16)]
595 public uint _AddressOfEntryPoint;
596 [FieldOffset(20)]
597 public uint _BaseOfCode;
598 //// PE32 contains this additional field
599 //[FieldOffset(24)]
600 //public uint _BaseOfData;
601 [FieldOffset(24)]
602 public uint _ImageBase;
603 [FieldOffset(28)]
604 public uint _SectionAlignment;
605 [FieldOffset(32)]
606 public uint _FileAlignment;
607 [FieldOffset(36)]
608 public ushort _MajorOperatingSystemVersion;
609 [FieldOffset(40)]
610 public ushort _MinorOperatingSystemVersion;
611 [FieldOffset(42)]
612 public ushort _MajorImageVersion;
613 [FieldOffset(44)]
614 public ushort _MinorImageVersion;
615 [FieldOffset(46)]
616 public ushort _MajorSubsystemVersion;
617 [FieldOffset(38)]
618 public ushort _MinorSubsystemVersion;
619 [FieldOffset(50)]
620 public uint _Win32VersionValue;
621 [FieldOffset(52)]
622 public uint _SizeOfImage;
623 [FieldOffset(56)]
624 public uint _SizeOfHeaders;
625 [FieldOffset(60)]
626 public uint _CheckSum;
627 [FieldOffset(64)]
628 public SubSystemType _Subsystem;
629 [FieldOffset(68)]
630 public DllCharacteristicsType _DllCharacteristics;
631 [FieldOffset(70)]
632 public uint _SizeOfStackReserve;
633 [FieldOffset(72)]
634 public uint _SizeOfStackCommit;
635 [FieldOffset(76)]
636 public uint _SizeOfHeapReserve;
637 [FieldOffset(80)]
638 public uint _SizeOfHeapCommit;
639 [FieldOffset(84)]
640 public uint _LoaderFlags;
641 [FieldOffset(88)]
642 public uint _NumberOfRvaAndSizes;
643 //[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
644 //public IMAGE_DATA_DIRECTORY[] _DataDirectory;
645
646 [FieldOffset(112)]
647 public IMAGE_DATA_DIRECTORY _ExportTable;
648 public IMAGE_DATA_DIRECTORY ExportTable { get { return _ExportTable; } }
649 [FieldOffset(120)]
650 public IMAGE_DATA_DIRECTORY _ImportTable;
651 public IMAGE_DATA_DIRECTORY ImportTable { get { return _ImportTable; } }
652 [FieldOffset(128)]
653 public IMAGE_DATA_DIRECTORY _ResourceTable;
654 public IMAGE_DATA_DIRECTORY ResourceTable { get { return _ResourceTable; } }
655 [FieldOffset(136)]
656 public IMAGE_DATA_DIRECTORY _ExceptionTable;
657 public IMAGE_DATA_DIRECTORY ExceptionTable { get { return _ExceptionTable; } }
658 [FieldOffset(144)]
659 public IMAGE_DATA_DIRECTORY _CertificateTable;
660 public IMAGE_DATA_DIRECTORY CertificateTable { get { return _CertificateTable; } }
661 [FieldOffset(152)]
662 public IMAGE_DATA_DIRECTORY _BaseRelocationTable;
663 public IMAGE_DATA_DIRECTORY BaseRelocationTable { get { return _BaseRelocationTable; } }
664 [FieldOffset(160)]
665 public IMAGE_DATA_DIRECTORY _Debug;
666 public IMAGE_DATA_DIRECTORY Debug { get { return _Debug; } }
667 [FieldOffset(168)]
668 public IMAGE_DATA_DIRECTORY _Architecture;
669 public IMAGE_DATA_DIRECTORY Architecture { get { return _Architecture; } }
670 [FieldOffset(176)]
671 public IMAGE_DATA_DIRECTORY _GlobalPtr;
672 public IMAGE_DATA_DIRECTORY GlobalPtr { get { return _GlobalPtr; } }
673 [FieldOffset(184)]
674 public IMAGE_DATA_DIRECTORY _TLSTable;
675 public IMAGE_DATA_DIRECTORY TLSTable { get { return _TLSTable; } }
676 [FieldOffset(192)]
677 public IMAGE_DATA_DIRECTORY _LoadConfigTable;
678 public IMAGE_DATA_DIRECTORY LoadConfigTable { get { return _LoadConfigTable; } }
679 [FieldOffset(200)]
680 public IMAGE_DATA_DIRECTORY _BoundImport;
681 public IMAGE_DATA_DIRECTORY BoundImport { get { return _BoundImport; } }
682 [FieldOffset(208)]
683 public IMAGE_DATA_DIRECTORY _IAT;
684 public IMAGE_DATA_DIRECTORY IAT { get { return _IAT; } }
685 [FieldOffset(216)]
686 public IMAGE_DATA_DIRECTORY _DelayImportDescriptor;
687 public IMAGE_DATA_DIRECTORY DelayImportDescriptor { get { return _DelayImportDescriptor; } }
688 [FieldOffset(224)]
689 public IMAGE_DATA_DIRECTORY _CLRRuntimeHeader;
690 public IMAGE_DATA_DIRECTORY CLRRuntimeHeader { get { return _CLRRuntimeHeader; } }
691 [FieldOffset(232)]
692 public IMAGE_DATA_DIRECTORY _Reserved;
693 public IMAGE_DATA_DIRECTORY Reserved { get { return _ExportTable; } }
694
695 public string Magic { get { return ((MagicType)_Magic).ToString(); } }
696 public string MajorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
697 public string MinorLinkerVersion { get { return string.Format("0x{0:x2}", _MajorLinkerVersion); } }
698
699 public string SizeOfCode { get { return string.Format("0x{0:x2}", _SizeOfCode); } }
700 public string SizeOfInitializedData { get { return string.Format("0x{0:x8}", _SizeOfInitializedData); } }
701 public string SizeOfUninitializedData { get { return string.Format("0x{0:x8}", _SizeOfUninitializedData); } }
702 public string AddressOfEntryPoint { get { return string.Format("0x{0:x8}", _AddressOfEntryPoint); } }
703 public string BaseOfCode { get { return string.Format("0x{0:x8}", _BaseOfCode); } }
704
705 public string ImageBase { get { return string.Format("0x{0:x16}", _ImageBase); } }
706
707 public string SectionAlignment { get { return string.Format("0x{0:x8}", _SectionAlignment); } }
708 public string FileAlignment { get { return string.Format("0x{0:x8}", _FileAlignment); } }
709
710 public string MajorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MajorOperatingSystemVersion); } }
711 public string MinorOperatingSystemVersion { get { return string.Format("0x{0:x4}", _MinorOperatingSystemVersion); } }
712 public string MajorImageVersion { get { return string.Format("0x{0:x4}", _MajorImageVersion); } }
713 public string MinorImageVersion { get { return string.Format("0x{0:x4}", _MinorImageVersion); } }
714 public string MajorSubsystemVersion { get { return string.Format("0x{0:x4}", _MajorSubsystemVersion); } }
715 public string MinorSubsystemVersion { get { return string.Format("0x{0:x4}", _MinorSubsystemVersion); } }
716
717 public string Win32VersionValue { get { return string.Format("0x{0:x8}", _Win32VersionValue); } }
718 public string SizeOfImage { get { return string.Format("0x{0:x8}", _SizeOfImage); } }
719 public string SizeOfHeaders { get { return string.Format("0x{0:x8}", _SizeOfHeaders); } }
720 public string CheckSum { get { return string.Format("0x{0:x8}", _CheckSum); } }
721
722 public string Subsystem { get { return ((SubSystemType)_Subsystem).ToString(); } }
723 public string DllCharacteristics { get { return string.Format("0x{0:x4}", _DllCharacteristics); } }
724
725 public string SizeOfStackReserve { get { return string.Format("0x{0:x16}", _SizeOfStackReserve); } }
726 public string SizeOfStackCommit { get { return string.Format("0x{0:x16}", _SizeOfStackCommit); } }
727 public string SizeOfHeapReserve { get { return string.Format("0x{0:x16}", _SizeOfHeapReserve); } }
728 public string SizeOfHeapCommit { get { return string.Format("0x{0:x16}", _SizeOfHeapCommit); } }
729
730 public string LoaderFlags { get { return string.Format("0x{0:x8}", _LoaderFlags); } }
731 public string NumberOfRvaAndSizes { get { return string.Format("0x{0:x8}", _NumberOfRvaAndSizes); } }
732
733 public override string ToString()
734 {
735 return Magic;
736 }
737 }
738 [TypeConverter(typeof(ExpandableObjectConverter))]
739 [StructLayout(LayoutKind.Sequential)]
740 public struct IMAGE_DATA_DIRECTORY
741 {
742 public UInt32 _VirtualAddress;
743 public UInt32 _Size;
744
745 public string VirtualAddress { get { return string.Format("0x{0:x8}", _VirtualAddress); } }
746 public string Size { get { return string.Format("0x{0:x8}", _Size); } }
747
748 public override string ToString()
749 {
750 return string.Format("(Size={0}) (VirtualAddress={1})", Size, VirtualAddress);
751 }
752
753 }
754 [TypeConverter(typeof(ExpandableObjectConverter))]
755 [StructLayout(LayoutKind.Sequential)]
756 public struct IMAGE_SECTION_HEADER
757 {
758 [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 8)]
759 public string _Name;
760 public Misc _Misc;
761 public UInt32 _VirtualAddress;
762 public UInt32 _SizeOfRawData;
763 public UInt32 _PointerToRawData;
764 public UInt32 _PointerToRelocations;
765 public UInt32 _PointerToLinenumbers;
766 public UInt16 _NumberOfRelocations;
767 public UInt16 _NumberOfLinenumbers;
768 public UInt32 _Characteristics;
769
770 public string Name { get { return _Name; } }
771 public Misc Misc { get { return _Misc; } }
772 public string VirtualAddress { get { return string.Format("0x{0:x8}", _VirtualAddress); } }
773 public string SizeOfRawData { get { return string.Format("0x{0:x8}", _SizeOfRawData); } }
774 public string PointerToRawData { get { return string.Format("0x{0:x8}", _PointerToRawData); } }
775 public string PointerToRelocations { get { return string.Format("0x{0:x8}", _PointerToRelocations); } }
776 public string PointerToLinenumbers { get { return string.Format("0x{0:x8}", _PointerToLinenumbers); } }
777 public string NumberOfRelocations { get { return string.Format("0x{0:x4}", _NumberOfRelocations); } }
778 public string NumberOfLinenumbers { get { return string.Format("0x{0:x4}", _NumberOfLinenumbers); } }
779 public DataSectionFlags Characteristics { get { return (DataSectionFlags) _Characteristics; } }
780 public override string ToString()
781 {
782 return Name;
783 }
784 }
785 [TypeConverter(typeof(ExpandableObjectConverter))]
786 [StructLayout(LayoutKind.Explicit)]
787 public struct Misc
788 {
789 [FieldOffset(0)]
790 public UInt32 _PhysicalAddress;
791 [FieldOffset(0)]
792 public UInt32 _VirtualSize;
793
794 public string PhysicalAddress { get { return string.Format("0x{0:x8}", _PhysicalAddress); } }
795 public string VirtualSize { get { return string.Format("0x{0:x8}", _VirtualSize); } }
796
797 }
798
799 #endregion
800
801 #region Fields
802
803 private readonly IMAGE_DOS_HEADER _dosHeader;
804 private IMAGE_NT_HEADERS _ntHeaders;
805 private readonly IList<IMAGE_SECTION_HEADER> _sectionHeaders = new List<IMAGE_SECTION_HEADER>();
806 #endregion
807
808 #region logging implementation
809 private static class log
810 {
811 public static class verbose
812 {
813 public static class debug
814 {
815 public static void writeline(string format, params object[] args)
816 {
817 #if ENABLE_LOGGING
818 logger.VerboseDebug.WriteLine(format, args);
819 #endif
820 }
821 public static void write(string format, params object[] args)
822 {
823 #if ENABLE_LOGGING
824 logger.VerboseDebug.Write(format, args);
825 #endif
826 }
827 }
828 public static class error
829 {
830 public static void writeline(string format, params object[] args)
831 {
832 #if ENABLE_LOGGING
833 logger.VerboseError.WriteLine(format, args);
834 #endif
835 }
836 public static void write(string format, params object[] args)
837 {
838 #if ENABLE_LOGGING
839 logger.VerboseError.Write(format, args);
840 #endif
841 }
842 }
843 }
844 }
845 #endregion
846
847
848 public PEData GetPEData
849 {
850 get
851 {
852 PEData _data = new PEData(_dosHeader, _ntHeaders, _sectionHeaders.ToArray());
853 return _data;
854 }
855 }
856 #region PEData
857 public class PEData
858 {
859 public PEData() : this(new IMAGE_DOS_HEADER(), new IMAGE_NT_HEADERS(), new IMAGE_SECTION_HEADER[] { }) { }
860 public PEData(IMAGE_DOS_HEADER DosHeader, IMAGE_NT_HEADERS NTHeader, IMAGE_SECTION_HEADER[] SectionHeaders)
861 {
862 this.DosHeader = DosHeader;
863 this.NTHeader = NTHeader;
864 this.SectionHeaders = SectionHeaders;
865 }
866 public IMAGE_DOS_HEADER DosHeader { get; private set; }
867 public IMAGE_NT_HEADERS NTHeader { get; private set; }
868 public IMAGE_SECTION_HEADER[] SectionHeaders { get; private set; }
869
870 public bool Is32bitAssembly()
871 {
872 return ((NTHeader.FileHeader._Characteristics & 0x0100) == 0x0100);
873 }
874 }
875
876 #endregion
877
878 public PEReader(FileInfo fi) : this(fi.FullName) { }
879 public PEReader(string filename)
880 {
881 Exception ErrorInfo = null;
882 using (FileStream fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
883 {
884 try
885 {
886 log.verbose.debug.writeline("Reading PE Format from: {0}", filename);
887 BinaryReader reader = new BinaryReader(fs);
888 // Reset reader position, just in case
889 reader.BaseStream.Seek(0, SeekOrigin.Begin);
890
891 // Read MS-DOS header section
892 _dosHeader = MarshalBytesTo<IMAGE_DOS_HEADER>(reader);
893 // MS-DOS magic number should read 'MZ'
894 if (_dosHeader._e_magic != 0x5a4d)
895 {
896 throw new InvalidOperationException("File is not a portable executable.");
897 }
898
899 // Skip MS-DOS stub and seek reader to NT Headers
900 reader.BaseStream.Seek(_dosHeader._e_lfanew, SeekOrigin.Begin);
901
902 // Read NT Headers
903 _ntHeaders._Signature = MarshalBytesTo<UInt32>(reader);
904
905 // Make sure we have 'PE' in the pe signature
906 if (_ntHeaders._Signature != 0x4550)
907 {
908 throw new InvalidOperationException("Invalid portable executable signature in NT header.");
909 }
910
911 _ntHeaders._FileHeader = MarshalBytesTo<IMAGE_FILE_HEADER>(reader);
912 // Read optional headers
913 if (Is32bitAssembly())
914 {
915 log.verbose.debug.writeline("\tDetected a 32Bit PE Executable");
916 Load32bitOptionalHeaders(reader);
917 }
918 else
919 {
920 log.verbose.debug.writeline("\tDetected a 64Bit PE Executable");
921 Load64bitOptionalHeaders(reader);
922 }
923
924 // Read section data
925 log.verbose.debug.writeline("\tTotal Section Headers: {0}", _sectionHeaders.Count);
926 List<int> section_header_indexes_to_remove = new List<int>();
927 for (int i = 0; i < _sectionHeaders.Count; i++)
928 {
929 if (_sectionHeaders[i]._VirtualAddress == 0)
930 section_header_indexes_to_remove.Add(i);
931 }
932 foreach (int i in section_header_indexes_to_remove)
933 {
934 _sectionHeaders.RemoveAt(i);
935 }
936 foreach (IMAGE_SECTION_HEADER header in _sectionHeaders)
937 {
938 int section_index = _sectionHeaders.IndexOf(header) + 1;
939 log.verbose.debug.writeline("\tSection Header: {0} of {1}", section_index, _sectionHeaders.Count);
940 log.verbose.debug.writeline("\t\tName: {0}", header.Name);
941 log.verbose.debug.writeline("\t\tVirtual Address: 0x{0:x8}", header.VirtualAddress);
942 log.verbose.debug.writeline("\t\tPhysical Address: 0x{0:x8}", header.Misc.PhysicalAddress);
943 log.verbose.debug.writeline("\t\tVirtual Size: 0x{0:x8}", header.Misc.VirtualSize);
944 log.verbose.debug.writeline("\t\tRaw Data Size: 0x{0:x8}", header.SizeOfRawData);
945 log.verbose.debug.writeline("\t\tPointer To Raw Data: 0x{0:x8}", header.PointerToRawData);
946
947 // Skip to beginning of a section
948 reader.BaseStream.Seek(header._PointerToRawData, SeekOrigin.Begin);
949
950 // Read section data... and do something with it
951 byte[] sectiondata = reader.ReadBytes((int)header._SizeOfRawData);
952 }
953 reader.Close();
954 }
955 catch (Exception ex)
956 {
957 ErrorInfo = ex;
958 throw ErrorInfo;
959 }
960 }
961 if (ErrorInfo != null)
962 {
963 log.verbose.error.writeline("Error Reading PE Format from: {0}", filename);
964 log.verbose.error.writeline(ErrorInfo.ToString());
965 }
966 }
967
968 public IMAGE_DOS_HEADER GetDOSHeader()
969 {
970 return _dosHeader;
971 }
972
973 public UInt32 GetPESignature()
974 {
975 return _ntHeaders._Signature;
976 }
977
978 public IMAGE_FILE_HEADER GetFileHeader()
979 {
980 return _ntHeaders.FileHeader;
981 }
982
983 public IMAGE_OPTIONAL_HEADER32 GetOptionalHeaders32()
984 {
985 return _ntHeaders.OptionalHeader32;
986 }
987
988 public IMAGE_OPTIONAL_HEADER64 GetOptionalHeaders64()
989 {
990 return _ntHeaders.OptionalHeader64;
991 }
992
993 public IList<IMAGE_SECTION_HEADER> GetSectionHeaders()
994 {
995 return _sectionHeaders;
996 }
997
998 public bool Is32bitAssembly()
999 {
1000 return ((_ntHeaders.FileHeader._Characteristics & 0x0100) == 0x0100);
1001 }
1002
1003 private void Load64bitOptionalHeaders(BinaryReader reader)
1004 {
1005 _ntHeaders._OptionalHeader64 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER64>(reader);
1006
1007 // Should have 10 data directories
1008 if (_ntHeaders.OptionalHeader64._NumberOfRvaAndSizes != 0x10)
1009 {
1010 throw new InvalidOperationException("Invalid number of data directories in NT header");
1011 }
1012
1013 List<IMAGE_DATA_DIRECTORY> idds = new List<IMAGE_DATA_DIRECTORY>();
1014 // Scan data directories and load section headers
1015 //for (int i = 0; i < _ntHeaders.OptionalHeader64._NumberOfRvaAndSizes; i++)
1016 //{
1017 // IMAGE_DATA_DIRECTORY idd = _ntHeaders.OptionalHeader64._DataDirectory[i];
1018 // uint size = idd._Size;
1019 // uint va = idd._VirtualAddress;
1020
1021 // if (size != 0 && va != 0) { idds.Add(idd); }
1022 //}
1023 //foreach (IMAGE_DATA_DIRECTORY idd in idds)
1024 //{
1025 // if (idd._Size != 0 && idd._VirtualAddress != 0)
1026 // _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
1027 //}
1028 }
1029
1030 private void Load32bitOptionalHeaders(BinaryReader reader)
1031 {
1032 _ntHeaders._OptionalHeader32 = MarshalBytesTo<IMAGE_OPTIONAL_HEADER32>(reader);
1033
1034 // Should have 10 data directories
1035 if (_ntHeaders.OptionalHeader32._NumberOfRvaAndSizes != 0x10)
1036 {
1037 throw new InvalidOperationException("Invalid number of data directories in NT header");
1038 }
1039 //List<IMAGE_DATA_DIRECTORY> idds = new List<IMAGE_DATA_DIRECTORY>();
1040 //// Scan data directories and load section headers
1041 //for (int i = 0; i < _ntHeaders.OptionalHeader32._NumberOfRvaAndSizes; i++)
1042 //{
1043 // IMAGE_DATA_DIRECTORY idd = _ntHeaders.OptionalHeader32._DataDirectory[i];
1044 // uint size = idd._Size;
1045 // uint va = idd._VirtualAddress;
1046 // if (size != 0 && va != 0) { idds.Add(idd); }
1047 //}
1048 //foreach (IMAGE_DATA_DIRECTORY idd in idds)
1049 //{
1050 // if(idd._Size != 0 && idd._VirtualAddress != 0)
1051 // _sectionHeaders.Add(MarshalBytesTo<IMAGE_SECTION_HEADER>(reader));
1052 //}
1053
1054 }
1055
1056 private static T MarshalBytesTo<T>(BinaryReader reader)
1057 {
1058 // Unmanaged data
1059 byte[] bytes = reader.ReadBytes(Marshal.SizeOf(typeof(T)));
1060
1061 // Create a pointer to the unmanaged data pinned in memory to be accessed by unmanaged code
1062 GCHandle handle = GCHandle.Alloc(bytes, GCHandleType.Pinned);
1063
1064 // Use our previously created pointer to unmanaged data and marshal to the specified type
1065 T theStructure = (T)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T));
1066
1067 // Deallocate pointer
1068 handle.Free();
1069
1070 return theStructure;
1071 }
1072 }
1073 }
  ViewVC Help
Powered by ViewVC 1.1.22