From 72f6af7019b493681968fe33e1330cea8f915430 Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Wed, 9 Nov 2022 15:17:53 -0800 Subject: [PATCH] Add PE version resource models --- .../PortableExecutable/Enums.cs | 225 ++++++++++++++++++ .../PortableExecutable/FixedFileInfo.cs | 88 +++++++ .../PortableExecutable/StringData.cs | 79 ++++++ .../PortableExecutable/StringFileInfo.cs | 43 ++++ .../PortableExecutable/StringTable.cs | 46 ++++ .../PortableExecutable/VarData.cs | 50 ++++ .../PortableExecutable/VarFileInfo.cs | 41 ++++ .../PortableExecutable/VersionResource.cs | 61 +++++ 8 files changed, 633 insertions(+) create mode 100644 BurnOutSharp.Models/PortableExecutable/FixedFileInfo.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/StringData.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/StringFileInfo.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/StringTable.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/VarData.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/VarFileInfo.cs create mode 100644 BurnOutSharp.Models/PortableExecutable/VersionResource.cs diff --git a/BurnOutSharp.Models/PortableExecutable/Enums.cs b/BurnOutSharp.Models/PortableExecutable/Enums.cs index 265d965e..8db09aae 100644 --- a/BurnOutSharp.Models/PortableExecutable/Enums.cs +++ b/BurnOutSharp.Models/PortableExecutable/Enums.cs @@ -489,6 +489,225 @@ namespace BurnOutSharp.Models.PortableExecutable IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT = 0x0001, } + public enum FixedFileInfoFileSubtype : uint + { + /// + /// The driver type is unknown by the system. + /// The font type is unknown by the system. + /// + VFT2_UNKNOWN = 0x00000000, + + #region VFT_DRV + + /// + /// The file contains a printer driver. + /// + VFT2_DRV_PRINTER = 0x00000001, + + /// + /// The file contains a keyboard driver. + /// + VFT2_DRV_KEYBOARD = 0x00000002, + + /// + /// The file contains a language driver. + /// + VFT2_DRV_LANGUAGE = 0x00000003, + + /// + /// The file contains a display driver. + /// + VFT2_DRV_DISPLAY = 0x00000004, + + /// + /// The file contains a mouse driver. + /// + VFT2_DRV_MOUSE = 0x00000005, + + /// + /// The file contains a network driver. + /// + VFT2_DRV_NETWORK = 0x00000006, + + /// + /// The file contains a system driver. + /// + VFT2_DRV_SYSTEM = 0x00000007, + + /// + /// The file contains an installable driver. + /// + VFT2_DRV_INSTALLABLE = 0x00000008, + + /// + /// The file contains a sound driver. + /// + VFT2_DRV_SOUND = 0x00000009, + + /// + /// The file contains a communications driver. + /// + VFT2_DRV_COMM = 0x0000000A, + + /// + /// The file contains a versioned printer driver. + /// + VFT2_DRV_VERSIONED_PRINTER = 0x0000000C, + + #endregion + + #region VFT_FONT + + /// + /// The file contains a raster font. + /// + VFT2_FONT_RASTER = 0x00000001, + + /// + /// The file contains a vector font. + /// + VFT2_FONT_VECTOR = 0x00000002, + + /// + /// The file contains a TrueType font. + /// + VFT2_FONT_TRUETYPE = 0x00000003, + + #endregion + } + + public enum FixedFileInfoFileType : uint + { + /// + /// The file type is unknown to the system. + /// + VFT_UNKNOWN = 0x00000000, + + /// + /// The file contains an application. + /// + VFT_APP = 0x00000001, + + /// + /// The file contains a DLL. + /// + VFT_DLL = 0x00000002, + + /// + /// The file contains a device driver. If FileType is VFT_DRV, FileSubtype + /// contains a more specific description of the driver. + /// + VFT_DRV = 0x00000003, + + /// + /// The file contains a font. If FileType is VFT_FONT, FileSubtype contains + /// a more specific description of the font file. + /// + VFT_FONT = 0x00000004, + + /// + /// The file contains a virtual device. + /// + VFT_VXD = 0x00000005, + + /// + /// The file contains a static-link library. + /// + VFT_STATIC_LIB = 0x00000007, + } + + [Flags] + public enum FixedFileInfoFlags : uint + { + /// + /// The file contains debugging information or is compiled with debugging + /// features enabled. + /// + VS_FF_DEBUG = 0x00000001, + + /// + /// The file is a development version, not a commercially released product. + /// + VS_FF_PRERELEASE = 0x00000002, + + /// + /// The file has been modified and is not identical to the original shipping + /// file of the same version number. + /// + VS_FF_PATCHED = 0x00000004, + + /// + /// The file was not built using standard release procedures. If this flag is + /// set, the StringFileInfo structure should contain a PrivateBuild entry. + /// + VS_FF_PRIVATEBUILD = 0x00000008, + + /// + /// The file's version structure was created dynamically; therefore, some + /// of the members in this structure may be empty or incorrect. This flag + /// should never be set in a file's VS_VERSIONINFO data. + /// + VS_FF_INFOINFERRED = 0x00000010, + + /// + /// The file was built by the original company using standard release + /// procedures but is a variation of the normal file of the same version number. + /// If this flag is set, the StringFileInfo structure should contain a SpecialBuild + /// entry. + /// + VS_FF_SPECIALBUILD = 0x00000020, + } + + [Flags] + public enum FixedFileInfoOS : uint + { + /// + /// The operating system for which the file was designed is + /// unknown to the system. + /// + VOS_UNKNOWN = 0x00000000, + + /// + /// The file was designed for 16-bit Windows. + /// + VOS__WINDOWS16 = 0x00000001, + + /// + /// The file was designed for 16-bit Presentation Manager. + /// + VOS__PM16 = 0x00000002, + + /// + /// The file was designed for 32-bit Presentation Manager. + /// + VOS__PM32 = 0x00000003, + + /// + /// The file was designed for 32-bit Windows. + /// + VOS__WINDOWS32 = 0x00000004, + + /// + /// The file was designed for MS-DOS. + /// + VOS_DOS = 0x00010000, + + /// + /// The file was designed for 16-bit OS/2. + /// + VOS_OS216 = 0x00020000, + + /// + /// The file was designed for 32-bit OS/2. + /// + VOS_OS232 = 0x00030000, + + /// + /// The file was designed for Windows NT. + /// + VOS_NT = 0x00040000, + } + [Flags] public enum GuardFlags : uint { @@ -2364,6 +2583,12 @@ namespace BurnOutSharp.Models.PortableExecutable IMAGE_SYM_DTYPE_ARRAY = 0x03, } + public enum VersionResourceType : ushort + { + BinaryData = 0, + TextData = 1, + } + public enum WindowsCertificateRevision : ushort { /// diff --git a/BurnOutSharp.Models/PortableExecutable/FixedFileInfo.cs b/BurnOutSharp.Models/PortableExecutable/FixedFileInfo.cs new file mode 100644 index 00000000..7a3b0009 --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/FixedFileInfo.cs @@ -0,0 +1,88 @@ +using System.Runtime.InteropServices; + +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Contains version information for a file. This information is language and + /// code page independent. + /// + /// + [StructLayout(LayoutKind.Sequential)] + public class FixedFileInfo + { + /// + /// Contains the value 0xFEEF04BD. This is used with the szKey member of the VS_VERSIONINFO + /// structure when searching a file for the FixedFileInfo structure. + /// + public uint Signature; + + /// + /// The binary version number of this structure. The high-order word of this member contains + /// the major version number, and the low-order word contains the minor version number. + /// + public uint StrucVersion; + + /// + /// The most significant 32 bits of the file's binary version number. This member is used with + /// FileVersionLS to form a 64-bit value used for numeric comparisons. + /// + public uint FileVersionMS; + + /// + /// The least significant 32 bits of the file's binary version number. This member is used with + /// FileVersionMS to form a 64-bit value used for numeric comparisons. + /// + public uint FileVersionLS; + + /// + /// The most significant 32 bits of the binary version number of the product with which this file + /// was distributed. This member is used with ProductVersionLS to form a 64-bit value used for + /// numeric comparisons. + /// + public uint ProductVersionMS; + + /// + /// The least significant 32 bits of the binary version number of the product with which this file + /// was distributed. This member is used with ProductVersionMS to form a 64-bit value used for + /// numeric comparisons. + /// + public uint ProductVersionLS; + + /// + /// Contains a bitmask that specifies the valid bits in FileFlags. A bit is valid only if it was + /// defined when the file was created. + /// + public uint FileFlagsMask; + + /// + /// Contains a bitmask that specifies the Boolean attributes of the file. + /// + public FixedFileInfoFlags FileFlags; + + /// + /// The operating system for which this file was designed. + /// + public FixedFileInfoOS FileOS; + + /// + /// The general type of file. + /// + public FixedFileInfoFileType FileType; + + /// + /// The function of the file. The possible values depend on the value of FileType. For all values + /// of FileType not described in the following list, FileSubtype is zero. + /// + public FixedFileInfoFileSubtype FileSubtype; + + /// + /// The most significant 32 bits of the file's 64-bit binary creation date and time stamp. + /// + public uint FileDateMS; + + /// + /// The least significant 32 bits of the file's 64-bit binary creation date and time stamp. + /// + public uint FileDateLS; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/StringData.cs b/BurnOutSharp.Models/PortableExecutable/StringData.cs new file mode 100644 index 00000000..98fb5113 --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/StringData.cs @@ -0,0 +1,79 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It contains a string + /// that describes a specific aspect of a file, for example, a file's version, its + /// copyright notices, or its trademarks. + /// + /// + public class StringData + { + /// + /// The length, in bytes, of this String structure. + /// + public ushort Length; + + /// + /// The size, in words, of the Value member. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. + /// + public VersionResourceType ResourceType; + + /// + /// An arbitrary Unicode string. The Key member can be one or more of the following + /// values. These values are guidelines only. + /// - Comments: The Value member contains any additional information that should be + /// displayed for diagnostic purposes. This string can be an arbitrary length. + /// - CompanyName: The Value member identifies the company that produced the file. + /// For example, "Microsoft Corporation" or "Standard Microsystems Corporation, Inc." + /// - FileDescription: The Value member describes the file in such a way that it can be + /// presented to users. This string may be presented in a list box when the user is + /// choosing files to install. For example, "Keyboard driver for AT-style keyboards" + /// or "Microsoft Word for Windows". + /// - FileVersion: The Value member identifies the version of this file. For example, + /// Value could be "3.00A" or "5.00.RC2". + /// - InternalName: The Value member identifies the file's internal name, if one exists. + /// For example, this string could contain the module name for a DLL, a virtual device + /// name for a Windows virtual device, or a device name for a MS-DOS device driver. + /// - LegalCopyright: The Value member describes all copyright notices, trademarks, and + /// registered trademarks that apply to the file. This should include the full text of + /// all notices, legal symbols, copyright dates, trademark numbers, and so on. In + /// English, this string should be in the format "Copyright Microsoft Corp. 1990 1994". + /// - LegalTrademarks: The Value member describes all trademarks and registered trademarks + /// that apply to the file. This should include the full text of all notices, legal + /// symbols, trademark numbers, and so on. In English, this string should be in the + /// format "Windows is a trademark of Microsoft Corporation". + /// - OriginalFilename: The Value member identifies the original name of the file, not + /// including a path. This enables an application to determine whether a file has been + /// renamed by a user. This name may not be MS-DOS 8.3-format if the file is specific + /// to a non-FAT file system. + /// - PrivateBuild: The Value member describes by whom, where, and why this private version + /// of the file was built. This string should only be present if the VS_FF_PRIVATEBUILD + /// flag is set in the dwFileFlags member of the VS_FIXEDFILEINFO structure. For example, + /// Value could be "Built by OSCAR on \OSCAR2". + /// - ProductName: The Value member identifies the name of the product with which this file is + /// distributed. For example, this string could be "Microsoft Windows". + /// - ProductVersion: The Value member identifies the version of the product with which this + /// file is distributed. For example, Value could be "3.00A" or "5.00.RC2". + /// - SpecialBuild: The Value member describes how this version of the file differs from the + /// normal version. This entry should only be present if the VS_FF_SPECIALBUILD flag is + /// set in the dwFileFlags member of the VS_FIXEDFILEINFO structure. For example, Value + /// could be "Private build for Olivetti solving mouse problems on M250 and M250E computers". + /// + public string Key; + + /// + /// As many zero words as necessary to align the Value member on a 32-bit boundary. + /// + public ushort Padding; + + /// + /// A zero-terminated string. See the szKey member description for more information. + /// + public string Value; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/StringFileInfo.cs b/BurnOutSharp.Models/PortableExecutable/StringFileInfo.cs new file mode 100644 index 00000000..e78f9baf --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/StringFileInfo.cs @@ -0,0 +1,43 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It contains version + /// information that can be displayed for a particular language and code page. + /// + /// + public class StringFileInfo + { + /// + /// The length, in bytes, of the entire StringFileInfo block, including all + /// structures indicated by the Children member. + /// + public ushort Length; + + /// + /// This member is always equal to zero. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. + /// + public VersionResourceType ResourceType; + + /// + /// The Unicode string L"StringFileInfo". + /// + public string Key; + + /// + /// As many zero words as necessary to align the Children member on a 32-bit boundary. + /// + public ushort Padding; + + /// + /// An array of one or more StringTable structures. Each StringTable structure's Key + /// member indicates the appropriate language and code page for displaying the text in + /// that StringTable structure. + /// + public StringTable[] Children; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/StringTable.cs b/BurnOutSharp.Models/PortableExecutable/StringTable.cs new file mode 100644 index 00000000..420faaa1 --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/StringTable.cs @@ -0,0 +1,46 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It contains language + /// and code page formatting information for the strings specified by the Children member. + /// A code page is an ordered character set. + /// + /// + public class StringTable + { + /// + /// The length, in bytes, of this StringTable structure, including all structures + /// indicated by the Children member. + /// + public ushort Length; + + /// + /// This member is always equal to zero. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. + /// + public VersionResourceType ResourceType; + + /// + /// An 8-digit hexadecimal number stored as a Unicode string. The four most significant + /// digits represent the language identifier. The four least significant digits represent + /// the code page for which the data is formatted. Each Microsoft Standard Language + /// identifier contains two parts: the low-order 10 bits specify the major language, + /// and the high-order 6 bits specify the sublanguage. + /// + public string Key; + + /// + /// As many zero words as necessary to align the Children member on a 32-bit boundary. + /// + public ushort Padding; + + /// + /// An array of one or more StringData structures. + /// + public StringData[] Children; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/VarData.cs b/BurnOutSharp.Models/PortableExecutable/VarData.cs new file mode 100644 index 00000000..e375cb21 --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/VarData.cs @@ -0,0 +1,50 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It typically contains a + /// list of language and code page identifier pairs that the version of the application or + /// DLL supports. + /// + /// + public class VarData + { + /// + /// The length, in bytes, of the Var structure. + /// + public ushort Length; + + /// + /// The size, in words, of the Value member. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. + /// + public VersionResourceType ResourceType; + + /// + /// The Unicode string L"Translation". + /// + public string Key; + + /// + /// As many zero words as necessary to align the Value member on a 32-bit boundary. + /// + public ushort Padding; + + /// + /// An array of one or more values that are language and code page identifier pairs. + /// + /// If you use the Var structure to list the languages your application or DLL supports + /// instead of using multiple version resources, use the Value member to contain an array + /// of DWORD values indicating the language and code page combinations supported by this + /// file. The low-order word of each DWORD must contain a Microsoft language identifier, + /// and the high-order word must contain the IBM code page number. Either high-order or + /// low-order word can be zero, indicating that the file is language or code page + /// independent. If the Var structure is omitted, the file will be interpreted as both + /// language and code page independent. + /// + public uint[] Value; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/VarFileInfo.cs b/BurnOutSharp.Models/PortableExecutable/VarFileInfo.cs new file mode 100644 index 00000000..e9f054ad --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/VarFileInfo.cs @@ -0,0 +1,41 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It contains version + /// information not dependent on a particular language and code page combination. + /// + /// + public class VarFileInfo + { + /// + /// The length, in bytes, of the entire VarFileInfo block, including all structures + /// indicated by the Children member. + /// + public ushort Length; + + /// + /// This member is always equal to zero. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. + /// + public VersionResourceType ResourceType; + + /// + /// The Unicode string L"VarFileInfo". + /// + public string Key; + + /// + /// As many zero words as necessary to align the Children member on a 32-bit boundary. + /// + public ushort Padding; + + /// + /// Typically contains a list of languages that the application or DLL supports. + /// + public Var[] Children; + } +} diff --git a/BurnOutSharp.Models/PortableExecutable/VersionResource.cs b/BurnOutSharp.Models/PortableExecutable/VersionResource.cs new file mode 100644 index 00000000..93fd3ebf --- /dev/null +++ b/BurnOutSharp.Models/PortableExecutable/VersionResource.cs @@ -0,0 +1,61 @@ +namespace BurnOutSharp.Models.PortableExecutable +{ + /// + /// Represents the organization of data in a file-version resource. It is the root + /// structure that contains all other file-version information structures. + /// + /// + public class VersionInfo + { + /// + /// The length, in bytes, of the VS_VERSIONINFO structure. This length does not + /// include any padding that aligns any subsequent version resource data on a + /// 32-bit boundary. + /// + public ushort Length; + + /// + /// The length, in bytes, of the Value member. This value is zero if there is no + /// Value member associated with the current version structure. + /// + public ushort ValueLength; + + /// + /// The type of data in the version resource. This member is 1 if the version resource + /// contains text data and 0 if the version resource contains binary data. + /// + public VersionResourceType ResourceType; + + /// + /// The Unicode string L"VS_VERSION_INFO". + /// + public string Key; + + /// + /// Contains as many zero words as necessary to align the Value member on a 32-bit boundary. + /// + public ushort Padding1; + + /// + /// Arbitrary data associated with this VS_VERSIONINFO structure. The ValueLength member + /// specifies the length of this member; if ValueLength is zero, this member does not exist. + /// + public FixedFileInfo Value; + + /// + /// As many zero words as necessary to align the Children member on a 32-bit boundary. + /// These bytes are not included in wValueLength. This member is optional. + /// + public ushort Padding2; + + /// + /// The StringFileInfo structure to store user-defined string information data. + /// + public StringFileInfo StringFileInfo; + + /// + /// The VarFileInfo structure to store language information data. + /// + public VarFileInfo VarFileInfo; + } +}