From a1d7e65ffb0fcd9feab05fad19adabb73f36e018 Mon Sep 17 00:00:00 2001
From: Matt Nadareski <mnadareski@outlook.com>
Date: Sat, 5 Nov 2022 22:11:41 -0700
Subject: [PATCH] Add PE TLS directory

---
 .../PortableExecutable/Executable.cs          |  4 +-
 .../PortableExecutable/TLSDirectory.cs        | 96 +++++++++++++++++++
 2 files changed, 99 insertions(+), 1 deletion(-)
 create mode 100644 BurnOutSharp.Models/PortableExecutable/TLSDirectory.cs

diff --git a/BurnOutSharp.Models/PortableExecutable/Executable.cs b/BurnOutSharp.Models/PortableExecutable/Executable.cs
index 9c1075ba..b8d22d1d 100644
--- a/BurnOutSharp.Models/PortableExecutable/Executable.cs
+++ b/BurnOutSharp.Models/PortableExecutable/Executable.cs
@@ -56,7 +56,7 @@ namespace BurnOutSharp.Models.PortableExecutable
         /// </summary>
         public DelayLoadDirectoryTableEntry[] DelayLoadDirectoryTable { get; set; }
 
-        // TODO: Left off at "The .tls Section"
+        // TODO: Left off at "The Load Configuration Structure (Image Only)"
 
         // TODO: Implement and/or document the following non-modeled parts:
         // - Grouped Sections (Object Only)
@@ -80,5 +80,7 @@ namespace BurnOutSharp.Models.PortableExecutable
         // - Import Lookup Table [has model, but bit-based]
         // - Import Address Table
         // - The .pdata Section [Multiple formats per entry]
+        // - TLS Callback Functions
+        // 
     }
 }
diff --git a/BurnOutSharp.Models/PortableExecutable/TLSDirectory.cs b/BurnOutSharp.Models/PortableExecutable/TLSDirectory.cs
new file mode 100644
index 00000000..354694f7
--- /dev/null
+++ b/BurnOutSharp.Models/PortableExecutable/TLSDirectory.cs
@@ -0,0 +1,96 @@
+namespace BurnOutSharp.Models.PortableExecutable
+{
+    /// <see href="https://learn.microsoft.com/en-us/windows/win32/debug/pe-format"/>
+    public class TLSDirectory
+    {
+        #region RawDataStartVA
+
+        /// <summary>
+        /// The starting address of the TLS template. The template is a block of data
+        /// that is used to initialize TLS data. The system copies all of this data
+        /// each time a thread is created, so it must not be corrupted. Note that this
+        /// address is not an RVA; it is an address for which there should be a base
+        /// relocation in the .reloc section.
+        /// </summary>
+        public uint RawDataStartVAPE32;
+
+        /// <summary>
+        /// The starting address of the TLS template. The template is a block of data
+        /// that is used to initialize TLS data. The system copies all of this data
+        /// each time a thread is created, so it must not be corrupted. Note that this
+        /// address is not an RVA; it is an address for which there should be a base
+        /// relocation in the .reloc section.
+        /// </summary>
+        public ulong RawDataStartVAPE32Plus;
+
+        #endregion
+
+        #region RawDataEndVA
+
+        /// <summary>
+        /// The address of the last byte of the TLS, except for the zero fill. As
+        /// with the Raw Data Start VA field, this is a VA, not an RVA.
+        /// </summary>
+        public uint RawDataEndVAPE32;
+
+        /// <summary>
+        /// The address of the last byte of the TLS, except for the zero fill. As
+        /// with the Raw Data Start VA field, this is a VA, not an RVA.
+        /// </summary>
+        public ulong RawDataEndVAPE32Plus;
+
+        #endregion
+
+        #region AddressOfIndex
+
+        /// <summary>
+        /// The location to receive the TLS index, which the loader assigns. This
+        /// location is in an ordinary data section, so it can be given a symbolic
+        /// name that is accessible to the program.
+        /// </summary>
+        public uint AddressOfIndexPE32;
+
+        /// <summary>
+        /// The location to receive the TLS index, which the loader assigns. This
+        /// location is in an ordinary data section, so it can be given a symbolic
+        /// name that is accessible to the program.
+        /// </summary>
+        public ulong AddressOfIndexPE32Plus;
+
+        #endregion
+
+        #region AddressOfCallbacks
+
+        /// <summary>
+        /// The pointer to an array of TLS callback functions. The array is
+        /// null-terminated, so if no callback function is supported, this field
+        /// points to 4 bytes set to zero.
+        /// </summary>
+        public uint AddressOfCallbacksPE32;
+
+        /// <summary>
+        /// The pointer to an array of TLS callback functions. The array is
+        /// null-terminated, so if no callback function is supported, this field
+        /// points to 4 bytes set to zero.
+        /// </summary>
+        public ulong AddressOfCallbacksPE32Plus;
+
+        #endregion
+
+        /// <summary>
+        /// The size in bytes of the template, beyond the initialized data delimited
+        /// by the Raw Data Start VA and Raw Data End VA fields. The total template
+        /// size should be the same as the total size of TLS data in the image file.
+        /// The zero fill is the amount of data that comes after the initialized
+        /// nonzero data.
+        /// </summary>
+        public uint SizeOfZeroFill;
+
+        /// <summary>
+        /// The four bits [23:20] describe alignment info. Possible values are those
+        /// defined as IMAGE_SCN_ALIGN_*, which are also used to describe alignment
+        /// of section in object files. The other 28 bits are reserved for future use.
+        /// </summary>
+        public uint Characteristics;
+    }
+}