From 1308f3684b6170310837211cd0f487030e907834 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Fri, 4 Nov 2022 23:50:54 -0700 Subject: [PATCH] Add PE data directories --- .../PortableExecutable/DataDirectory.cs | 29 +++++++ .../PortableExecutable/OptionalHeader.cs | 85 +++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 BurnOutSharp.Models/PortableExecutable/DataDirectory.cs diff --git a/BurnOutSharp.Models/PortableExecutable/DataDirectory.cs b/BurnOutSharp.Models/PortableExecutable/DataDirectory.cs new file mode 100644 index 00000000..0896f394 --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/DataDirectory.cs @@ -0,0 +1,29 @@ +using System.Runtime.InteropServices; + +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Each data directory gives the address and size of a table or string that Windows uses. + /// These data directory entries are all loaded into memory so that the system can use them + /// at run time. + /// + /// Also, do not assume that the RVAs in this table point to the beginning of a section or + /// that the sections that contain specific tables have specific names. + /// + /// + [StructLayout(LayoutKind.Sequential)] + public class DataDirectory + { + /// + /// The first field, VirtualAddress, is actually the RVA of the table. The RVA + /// is the address of the table relative to the base address of the image when + /// the table is loaded. + /// + public uint VirtualAddress; + + /// + /// The second field gives the size in bytes. + /// + public uint Size; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/OptionalHeader.cs b/BurnOutSharp.Models/PortableExecutable/OptionalHeader.cs index 400342b5..a251fe5a 100644 --- a/BurnOutSharp.Models/PortableExecutable/OptionalHeader.cs +++ b/BurnOutSharp.Models/PortableExecutable/OptionalHeader.cs @@ -271,5 +271,90 @@ public uint NumberOfRvaAndSizes; #endregion + + #region Data Directories (Image Only) + + /// + /// The export table address and size. + /// + public DataDirectory ExportTable; + + /// + /// The import table address and size. + /// + public DataDirectory ImportTable; + + /// + /// The resource table address and size. + /// + public DataDirectory ResourceTable; + + /// + /// The exception table address and size. + /// + public DataDirectory ExceptionTable; + + /// + /// The attribute certificate table address and size. + /// + public DataDirectory CertificateTable; + + /// + /// The base relocation table address and size. + /// + public DataDirectory BaseRelocationTable; + + /// + /// The debug data starting address and size. + /// + public DataDirectory Debug; + + /// + /// Reserved, must be 0 + /// + public ulong Architecture; + + /// + /// The RVA of the value to be stored in the global pointer register. + /// The size member of this structure must be set to zero. + /// + public DataDirectory GlobalPtr; + + /// + /// The thread local storage (TLS) table address and size. + /// + public DataDirectory TLSTable; + + /// + /// The load configuration table address and size. + /// + public DataDirectory LoadConfigTable; + + /// + /// The bound import table address and size. + /// + public DataDirectory BoundImport; + + /// + /// The import address table address and size + /// + public DataDirectory IAT; + + /// + /// The delay import descriptor address and size. + /// + public DataDirectory DelayImportDescriptor; + + /// + /// The CLR runtime header address and size. + /// + public DataDirectory CLRRuntimeHeader; + + /// + /// Reserved, must be zero + /// + public ulong Reserved; + + #endregion } }