BurnOutSharp.Models/PortableExecutable/Executable.cs

namespace BurnOutSharp.Models.PortableExecutable
{
    /// <summary>
    /// The following list describes the Microsoft PE executable format, with the
    /// base of the image header at the top. The section from the MS-DOS 2.0
    /// Compatible EXE Header through to the unused section just before the PE header
    /// is the MS-DOS 2.0 Section, and is used for MS-DOS compatibility only.
    /// </summary>
    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
    public class Executable
    {
        /// <summary>
        /// MS-DOS executable stub
        /// </summary>
        public MSDOS.Executable Stub { get; set; }

        /// <summary>
        /// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte
        /// signature that identifies the file as a PE format image file. This signature is "PE\0\0"
        /// (the letters "P" and "E" followed by two null bytes).
        /// </summary>
        public byte[] Signature { get; set; }

        /// <summary>
        /// COFF file header
        /// </summary>
        public COFFFileHeader COFFFileHeader { get; set; }

        /// <summary>
        /// Optional header
        /// </summary>
        public OptionalHeader OptionalHeader { get; set; }

        // TODO: Support grouped sections in section reading and parsing
        // https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#grouped-sections-object-only
        // Grouped sections are ordered and mean that the data in the sections contributes
        // to the "base" section (the one without the "$X" suffix). This may negatively impact
        // the use of some of the different types of executables.

        /// <summary>
        /// Section table
        /// </summary>
        public SectionHeader[] SectionTable { get; set; }

        /// <summary>
        /// COFF symbol table
        /// </summary>
        public COFFSymbolTableEntry[] COFFSymbolTable { get; set; }

        /// <summary>
        /// COFF string table
        /// </summary>
        public COFFStringTable COFFStringTable { get; set; }

        /// <summary>
        /// Attribute certificate table
        /// </summary>
        public AttributeCertificateTableEntry[] AttributeCertificateTable { get; set; }

        /// <summary>
        /// Delay-load directory table
        /// </summary>
        public DelayLoadDirectoryTable DelayLoadDirectoryTable { get; set; }

        #region Named Sections

        // .cormeta - CLR metadata is stored in this section. It is used to indicate that
        // the object file contains managed code. The format of the metadata is not
        // documented, but can be handed to the CLR interfaces for handling metadata.

        /// <summary>
        /// Debug table (.debug*)
        /// </summary>
        public DebugTable DebugTable { get; set; }

        /// <summary>
        /// Export table (.edata)
        /// </summary>
        public ExportTable ExportTable { get; set; }

        /// <summary>
        /// Import table (.idata)
        /// </summary>
        public ImportTable ImportTable { get; set; }

        /// <summary>
        /// Resource directory table (.rsrc)
        /// </summary>
        public ResourceDirectoryTable ResourceDirectoryTable { get; set; }

        // .sxdata - The valid exception handlers of an object are listed in the .sxdata
        // section of that object. The section is marked IMAGE_SCN_LNK_INFO. It contains
        // the COFF symbol index of each valid handler, using 4 bytes per index.
        //
        // Additionally, the compiler marks a COFF object as registered SEH by emitting
        // the absolute symbol "@feat.00" with the LSB of the value field set to 1. A
        // COFF object with no registered SEH handlers would have the "@feat.00" symbol,
        // but no .sxdata section.
        //
        // TODO: Can we implement reading/parsing the .sxdata section?

        #endregion

        // TODO: Implement and/or document the following non-modeled parts:
        // - Delay Import Address Table
        // - Delay Import Name Table
        // - Delay Bound Import Address Table
        // - Delay Unload Import Address Table
        // - The .drectve Section (Object Only)
        // - The .pdata Section [Multiple formats per entry]
        // - TLS Callback Functions

        // TODO: Determine if "Archive (Library) File Format" is worth modelling
    }
}
Add PE skeleton, change MZ stubs 2022-11-04 21:05:03 -07:00			`namespace BurnOutSharp.Models.PortableExecutable`
			`{`
			`/// <summary>`
			`/// The following list describes the Microsoft PE executable format, with the`
			`/// base of the image header at the top. The section from the MS-DOS 2.0`
			`/// Compatible EXE Header through to the unused section just before the PE header`
			`/// is the MS-DOS 2.0 Section, and is used for MS-DOS compatibility only.`
			`/// </summary>`
			`/// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>`
			`public class Executable`
			`{`
			`/// <summary>`
			`/// MS-DOS executable stub`
			`/// </summary>`
			`public MSDOS.Executable Stub { get; set; }`
Add PE COFF file header 2022-11-04 23:25:02 -07:00
			`/// <summary>`
			`/// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte`
			`/// signature that identifies the file as a PE format image file. This signature is "PE\0\0"`
			`/// (the letters "P" and "E" followed by two null bytes).`
			`/// </summary>`
			`public byte[] Signature { get; set; }`

			`/// <summary>`
			`/// COFF file header`
			`/// </summary>`
			`public COFFFileHeader COFFFileHeader { get; set; }`
Add PE optional header 2022-11-04 23:41:31 -07:00
			`/// <summary>`
			`/// Optional header`
			`/// </summary>`
Add PE section table 2022-11-04 23:56:56 -07:00			`public OptionalHeader OptionalHeader { get; set; }`

Add PE grouped sections note 2022-11-09 21:55:15 -08:00			`// TODO: Support grouped sections in section reading and parsing`
			`// https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#grouped-sections-object-only`
			`// Grouped sections are ordered and mean that the data in the sections contributes`
			`// to the "base" section (the one without the "$X" suffix). This may negatively impact`
			`// the use of some of the different types of executables.`

Add PE section table 2022-11-04 23:56:56 -07:00			`/// <summary>`
			`/// Section table`
			`/// </summary>`
			`public SectionHeader[] SectionTable { get; set; }`

Add PE COFF symbol table 2022-11-05 00:17:26 -07:00			`/// <summary>`
			`/// COFF symbol table`
			`/// </summary>`
			`public COFFSymbolTableEntry[] COFFSymbolTable { get; set; }`

Add PE COFF string table 2022-11-05 15:40:48 -07:00			`/// <summary>`
			`/// COFF string table`
			`/// </summary>`
			`public COFFStringTable COFFStringTable { get; set; }`

Add PE attribute certificate table 2022-11-05 21:02:30 -07:00			`/// <summary>`
			`/// Attribute certificate table`
			`/// </summary>`
			`public AttributeCertificateTableEntry[] AttributeCertificateTable { get; set; }`

Add PE delay load directory 2022-11-05 21:12:41 -07:00			`/// <summary>`
			`/// Delay-load directory table`
			`/// </summary>`
Fix PE delay-load directory 2022-11-09 22:02:38 -08:00			`public DelayLoadDirectoryTable DelayLoadDirectoryTable { get; set; }`
Add PE delay load directory 2022-11-05 21:12:41 -07:00
Add PE resource table parsing (incomplete) 2022-11-09 11:11:30 -08:00			`#region Named Sections`

Add PE .coremeta section note 2022-11-10 12:40:18 -08:00			`// .cormeta - CLR metadata is stored in this section. It is used to indicate that`
			`// the object file contains managed code. The format of the metadata is not`
			`// documented, but can be handed to the CLR interfaces for handling metadata.`

Add PE partial debug table parsing 2022-11-10 21:24:28 -08:00			`/// <summary>`
			`/// Debug table (.debug*)`
			`/// </summary>`
			`public DebugTable DebugTable { get; set; }`

Add PE export table to builder 2022-11-09 23:06:52 -08:00			`/// <summary>`
Add PE import table to model 2022-11-10 10:10:12 -08:00			`/// Export table (.edata)`
Add PE export table to builder 2022-11-09 23:06:52 -08:00			`/// </summary>`
			`public ExportTable ExportTable { get; set; }`

Add PE import table to model 2022-11-10 10:10:12 -08:00			`/// <summary>`
			`/// Import table (.idata)`
			`/// </summary>`
			`public ImportTable ImportTable { get; set; }`

Add PE resource table parsing (incomplete) 2022-11-09 11:11:30 -08:00			`/// <summary>`
			`/// Resource directory table (.rsrc)`
			`/// </summary>`
			`public ResourceDirectoryTable ResourceDirectoryTable { get; set; }`

Add PE .sxdata section notes 2022-11-10 12:42:34 -08:00			`// .sxdata - The valid exception handlers of an object are listed in the .sxdata`
			`// section of that object. The section is marked IMAGE_SCN_LNK_INFO. It contains`
			`// the COFF symbol index of each valid handler, using 4 bytes per index.`
			`//`
			`// Additionally, the compiler marks a COFF object as registered SEH by emitting`
			`// the absolute symbol "@feat.00" with the LSB of the value field set to 1. A`
			`// COFF object with no registered SEH handlers would have the "@feat.00" symbol,`
			`// but no .sxdata section.`
			`//`
			`// TODO: Can we implement reading/parsing the .sxdata section?`

Add PE resource table parsing (incomplete) 2022-11-09 11:11:30 -08:00			`#endregion`
Add "missing" pieces list, so far 2022-11-05 21:54:36 -07:00
			`// TODO: Implement and/or document the following non-modeled parts:`
			`// - Delay Import Address Table`
			`// - Delay Import Name Table`
			`// - Delay Bound Import Address Table`
			`// - Delay Unload Import Address Table`
			`// - The .drectve Section (Object Only)`
Add PE base relocation blocks 2022-11-05 22:03:17 -07:00			`// - The .pdata Section [Multiple formats per entry]`
Add PE TLS directory 2022-11-05 22:11:41 -07:00			`// - TLS Callback Functions`
Add COFF archive note 2022-11-05 22:46:50 -07:00
			`// TODO: Determine if "Archive (Library) File Format" is worth modelling`
Add PE skeleton, change MZ stubs 2022-11-04 21:05:03 -07:00			`}`
			`}`