From b233b3c17b0fc8f12cd519f0980927002cdea7e8 Mon Sep 17 00:00:00 2001
From: Matt Nadareski <mnadareski@outlook.com>
Date: Sun, 19 Jun 2022 22:40:07 -0700
Subject: [PATCH] Add data at PE entry point

---
 .../Microsoft/PE/Headers/OptionalHeader.cs    |  2 +-
 .../Microsoft/PE/PortableExecutable.cs        | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/BurnOutSharp/ExecutableType/Microsoft/PE/Headers/OptionalHeader.cs b/BurnOutSharp/ExecutableType/Microsoft/PE/Headers/OptionalHeader.cs
index 39c561fb..ec804513 100644
--- a/BurnOutSharp/ExecutableType/Microsoft/PE/Headers/OptionalHeader.cs
+++ b/BurnOutSharp/ExecutableType/Microsoft/PE/Headers/OptionalHeader.cs
@@ -57,7 +57,7 @@ namespace BurnOutSharp.ExecutableType.Microsoft.PE.Headers
         /// The address of the entry point relative to the image base when the executable file is loaded into memory.
         /// For program images, this is the starting address.
         /// For device drivers, this is the address of the initialization function.
-        // An entry point is optional for DLLs.
+        /// An entry point is optional for DLLs.
         /// When no entry point is present, this field must be zero.
         /// </summary>
         public uint AddressOfEntryPoint;
diff --git a/BurnOutSharp/ExecutableType/Microsoft/PE/PortableExecutable.cs b/BurnOutSharp/ExecutableType/Microsoft/PE/PortableExecutable.cs
index 2f134d50..660199a3 100644
--- a/BurnOutSharp/ExecutableType/Microsoft/PE/PortableExecutable.cs
+++ b/BurnOutSharp/ExecutableType/Microsoft/PE/PortableExecutable.cs
@@ -184,6 +184,15 @@ namespace BurnOutSharp.ExecutableType.Microsoft.PE
 
         #endregion
 
+        #region Raw Other Data
+
+        /// <summary>
+        /// Data at the entry point of the application
+        /// </summary>
+        public byte[] EntryPointRaw;
+
+        #endregion
+
         #region Resources
 
         /// <summary>
@@ -366,6 +375,16 @@ namespace BurnOutSharp.ExecutableType.Microsoft.PE
 
                 #endregion
 
+                #region Freeform Data
+
+                if (this.OptionalHeader != null && this.OptionalHeader.AddressOfEntryPoint != 0)
+                {
+                    int entryPointAddress = (int)ConvertVirtualAddress(this.OptionalHeader.AddressOfEntryPoint, SectionTable);
+                    this.EntryPointRaw = this.ReadArbitraryRange(entryPointAddress, 256);
+                }
+
+                #endregion
+
                 // Populate resources, if possible
                 PopulateResourceStrings();
             }
@@ -476,6 +495,13 @@ namespace BurnOutSharp.ExecutableType.Microsoft.PE
 
                 #endregion
 
+                #region Freeform Data
+
+                if (this.OptionalHeader != null && this.OptionalHeader.AddressOfEntryPoint != 0)
+                    this.EntryPointRaw = this.ReadArbitraryRange((int)this.OptionalHeader.AddressOfEntryPoint, 256);
+
+                #endregion
+
                 // Populate resources, if possible
                 PopulateResourceStrings();
             }