claunia/libexeinfo
1
0
Fork 0
mirror of https://github.com/claunia/libexeinfo.git synced 2025-12-16 19:14:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
Natalia Portillo
2018-02-25 03:08:28 +00:00
parent 9dd6c1efa0
commit cf1f1c0289
38 changed files with 3118 additions and 3138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
exeinfo/Program.cs
View File

@@ -25,10 +25,9 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Collections.Generic; using System.Collections.Generic;
using System.Globalization; using System.Globalization;
using System.IO;
using System.Text; using System.Text;
using libexeinfo; using libexeinfo;
@@ -38,7 +37,7 @@ namespace exeinfo
{ {
public static void Main(string[] args) public static void Main(string[] args)
{ {
if (args.Length != 1) if(args.Length != 1)
{ {
Console.WriteLine("exeinfo version 0.1 © 2017 Natalia Portillo"); Console.WriteLine("exeinfo version 0.1 © 2017 Natalia Portillo");
Console.WriteLine("Usage: exeinfo file.exe"); Console.WriteLine("Usage: exeinfo file.exe");
@@ -56,90 +55,93 @@ namespace exeinfo
COFF coffExe = new COFF(exeFs); COFF coffExe = new COFF(exeFs);
PE peExe = new PE(exeFs); PE peExe = new PE(exeFs);
if (mzExe.IsMZ) if(mzExe.IsMZ)
{ {
recognized = true; recognized = true;
Console.Write(mzExe.GetInfo()); Console.Write(mzExe.GetInfo());
} }
if (neExe.IsNE) if(neExe.IsNE)
{ {
recognized = true; recognized = true;
Console.Write(neExe.GetInfo()); Console.Write(neExe.GetInfo());
if (neExe.Versions != null) if(neExe.Versions != null)
{ foreach(NE.Version vers in neExe.Versions)
foreach (NE.Version vers in neExe.Versions)
{ {
Console.WriteLine("\tVersion resource {0}:", vers.Name); Console.WriteLine("\tVersion resource {0}:", vers.Name);
Console.WriteLine("\t\tFile version: {0}", vers.FileVersion); Console.WriteLine("\t\tFile version: {0}", vers.FileVersion);
Console.WriteLine("\t\tProduct version: {0}", vers.ProductVersion); Console.WriteLine("\t\tProduct version: {0}", vers.ProductVersion);
Console.WriteLine("\t\tFile type: {0}", NE.Version.TypeToString(vers.FileType)); Console.WriteLine("\t\tFile type: {0}", NE.Version.TypeToString(vers.FileType));
if (vers.FileType == NE.VersionFileType.VFT_DRV) if(vers.FileType == NE.VersionFileType.VFT_DRV)
Console.WriteLine("\t\tFile subtype: {0} driver", NE.Version.DriverToString(vers.FileSubtype)); Console.WriteLine("\t\tFile subtype: {0} driver",
else if (vers.FileType == NE.VersionFileType.VFT_DRV) NE.Version.DriverToString(vers.FileSubtype));
else if(vers.FileType == NE.VersionFileType.VFT_DRV)
Console.WriteLine("\t\tFile subtype: {0} font", NE.Version.FontToString(vers.FileSubtype)); Console.WriteLine("\t\tFile subtype: {0} font", NE.Version.FontToString(vers.FileSubtype));
else if (vers.FileSubtype > 0) else if(vers.FileSubtype > 0)
Console.WriteLine("\t\tFile subtype: {0}", (uint)vers.FileSubtype); Console.WriteLine("\t\tFile subtype: {0}", (uint)vers.FileSubtype);
Console.WriteLine("\t\tFile flags: {0}", vers.FileFlags); Console.WriteLine("\t\tFile flags: {0}", vers.FileFlags);
Console.WriteLine("\t\tFile OS: {0}", NE.Version.OsToString(vers.FileOS)); Console.WriteLine("\t\tFile OS: {0}", NE.Version.OsToString(vers.FileOS));
foreach (KeyValuePair<string, Dictionary<string, string>> strByLang in vers.StringsByLanguage) foreach(KeyValuePair<string, Dictionary<string, string>> strByLang in vers.StringsByLanguage)
{ {
string cultureName; string cultureName;
string encodingName; string encodingName;
try try
{ {
cultureName = new CultureInfo(Convert.ToInt32(strByLang.Key.Substring(0, 4), 16)).DisplayName; cultureName = new CultureInfo(Convert.ToInt32(strByLang.Key.Substring(0, 4), 16))
.DisplayName;
} }
catch catch
{ {
cultureName = string.Format("unsupported culture 0x{0:X4}", Convert.ToInt32(strByLang.Key.Substring(0, 4), 16)); cultureName =
$"unsupported culture 0x{Convert.ToInt32(strByLang.Key.Substring(0, 4), 16):X4}";
} }
try try
{ {
encodingName = Encoding.GetEncoding(Convert.ToInt32(strByLang.Key.Substring(4), 16)).EncodingName; encodingName = Encoding
.GetEncoding(Convert.ToInt32(strByLang.Key.Substring(4), 16))
.EncodingName;
} }
catch catch
{ {
encodingName = string.Format("unsupported encoding 0x{0:X4}", Convert.ToInt32(strByLang.Key.Substring(4), 16)); encodingName =
$"unsupported encoding 0x{Convert.ToInt32(strByLang.Key.Substring(4), 16):X4}";
} }
Console.WriteLine("\t\tStrings for {0} in codepage {1}:", cultureName, encodingName); Console.WriteLine("\t\tStrings for {0} in codepage {1}:", cultureName, encodingName);
foreach (KeyValuePair<string, string> strings in strByLang.Value) foreach(KeyValuePair<string, string> strings in strByLang.Value)
Console.WriteLine("\t\t\t{0}: {1}", strings.Key, strings.Value); Console.WriteLine("\t\t\t{0}: {1}", strings.Key, strings.Value);
} }
} }
} }
}
if (stExe.IsAtariST) if(stExe.IsAtariST)
{ {
recognized = true; recognized = true;
Console.Write(stExe.GetInfo()); Console.Write(stExe.GetInfo());
} }
if (lxExe.IsLX) if(lxExe.IsLX)
{ {
recognized = true; recognized = true;
Console.Write(lxExe.GetInfo()); Console.Write(lxExe.GetInfo());
} }
if (coffExe.IsCOFF) if(coffExe.IsCOFF)
{ {
recognized = true; recognized = true;
Console.Write(coffExe.GetInfo()); Console.Write(coffExe.GetInfo());
} }
if (peExe.IsPE) if(peExe.IsPE)
{ {
recognized = true; recognized = true;
Console.Write(peExe.GetInfo()); Console.Write(peExe.GetInfo());
} }
if (!recognized) if(!recognized) Console.WriteLine("Executable format not recognized");
Console.WriteLine("Executable format not recognized");
} }
} }
} }

34
exeinfogui.Desktop/Program.cs
View File

@@ -1,15 +1,41 @@
using System; //
// Program.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using Eto;
using Eto.Forms; using Eto.Forms;
using Eto.Drawing;
namespace exeinfogui.Desktop namespace exeinfogui.Desktop
{ {
class Program static class Program
{ {
[STAThread] [STAThread]
static void Main(string[] args) static void Main(string[] args)
{ {
new Application(Eto.Platform.Detect).Run(new MainForm()); new Application(Platform.Detect).Run(new MainForm());
} }
} }
} }

28
exeinfogui.XamMac/Program.cs
View File

@@ -1,4 +1,30 @@
using AppKit; //
// Program.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using AppKit;
using Eto.Forms; using Eto.Forms;
namespace exeinfogui.XamMac namespace exeinfogui.XamMac

30
exeinfogui/MainForm.xeto.cs
View File

@@ -1,3 +1,29 @@
//
// MainForm.xeto.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using Eto.Forms; using Eto.Forms;
@@ -9,8 +35,8 @@ namespace exeinfogui
public class MainForm : Form public class MainForm : Form
{ {
TextBox txtFile; TextBox txtFile;
TextBox txtType;
TextArea txtInformation; TextArea txtInformation;
TextBox txtType;
public MainForm() public MainForm()
{ {
@@ -21,7 +47,7 @@ namespace exeinfogui
{ {
txtFile.Text = ""; txtFile.Text = "";
txtType.Text = ""; txtType.Text = "";
txtInformation.Text =""; txtInformation.Text = "";
OpenFileDialog dlgOpen = new OpenFileDialog {Title = "Choose executable file", MultiSelect = false}; OpenFileDialog dlgOpen = new OpenFileDialog {Title = "Choose executable file", MultiSelect = false};

13
libexeinfo/AtariST/AtariST.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -34,7 +35,7 @@ namespace libexeinfo
public partial class AtariST public partial class AtariST
{ {
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
@@ -47,7 +48,7 @@ namespace libexeinfo
public readonly bool IsAtariST; public readonly bool IsAtariST;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.AtariST"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.AtariST" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public AtariST(string path) public AtariST(string path)
@@ -58,11 +59,11 @@ namespace libexeinfo
BaseStream.Position = 0; BaseStream.Position = 0;
BaseStream.Read(buffer, 0, buffer.Length); BaseStream.Read(buffer, 0, buffer.Length);
Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer); Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
IsAtariST = Header.signature == Signature; IsAtariST = Header.signature == SIGNATURE;
} }
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.AtariST"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.AtariST" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public AtariST(FileStream stream) public AtariST(FileStream stream)
@@ -73,7 +74,7 @@ namespace libexeinfo
BaseStream.Position = 0; BaseStream.Position = 0;
BaseStream.Read(buffer, 0, buffer.Length); BaseStream.Read(buffer, 0, buffer.Length);
Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer); Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
IsAtariST = Header.signature == Signature; IsAtariST = Header.signature == SIGNATURE;
} }
/// <summary> /// <summary>
@@ -100,7 +101,7 @@ namespace libexeinfo
stream.Read(buffer, 0, buffer.Length); stream.Read(buffer, 0, buffer.Length);
AtariHeader hdr = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer); AtariHeader hdr = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
return hdr.signature == Signature; return hdr.signature == SIGNATURE;
} }
} }
} }

4
libexeinfo/AtariST/Consts.cs
View File

@@ -23,11 +23,11 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class AtariST public partial class AtariST
{ {
public const ushort Signature = 0x601A; const ushort SIGNATURE = 0x601A;
} }
} }

2
libexeinfo/AtariST/Structs.cs
View File

@@ -23,7 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
namespace libexeinfo namespace libexeinfo

22
libexeinfo/BigEndianMarshal.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
@@ -58,65 +59,64 @@ namespace libexeinfo
{ {
Type t = str.GetType(); Type t = str.GetType();
FieldInfo[] fieldInfo = t.GetFields(); FieldInfo[] fieldInfo = t.GetFields();
foreach (FieldInfo fi in fieldInfo) foreach(FieldInfo fi in fieldInfo)
{ if(fi.FieldType == typeof(short))
if (fi.FieldType == typeof(short))
{ {
short int16 = (short)fi.GetValue(str); short int16 = (short)fi.GetValue(str);
byte[] int16_b = BitConverter.GetBytes(int16); byte[] int16_b = BitConverter.GetBytes(int16);
byte[] int16_r = int16_b.Reverse().ToArray(); byte[] int16_r = int16_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt16(int16_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt16(int16_r, 0));
} }
else if (fi.FieldType == typeof(int)) else if(fi.FieldType == typeof(int))
{ {
int int32 = (int)fi.GetValue(str); int int32 = (int)fi.GetValue(str);
byte[] int32_b = BitConverter.GetBytes(int32); byte[] int32_b = BitConverter.GetBytes(int32);
byte[] int32_r = int32_b.Reverse().ToArray(); byte[] int32_r = int32_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt32(int32_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt32(int32_r, 0));
} }
else if (fi.FieldType == typeof(long)) else if(fi.FieldType == typeof(long))
{ {
long int64 = (long)fi.GetValue(str); long int64 = (long)fi.GetValue(str);
byte[] int64_b = BitConverter.GetBytes(int64); byte[] int64_b = BitConverter.GetBytes(int64);
byte[] int64_r = int64_b.Reverse().ToArray(); byte[] int64_r = int64_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt64(int64_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt64(int64_r, 0));
} }
else if (fi.FieldType == typeof(ushort)) else if(fi.FieldType == typeof(ushort))
{ {
ushort uint16 = (ushort)fi.GetValue(str); ushort uint16 = (ushort)fi.GetValue(str);
byte[] uint16_b = BitConverter.GetBytes(uint16); byte[] uint16_b = BitConverter.GetBytes(uint16);
byte[] uint16_r = uint16_b.Reverse().ToArray(); byte[] uint16_r = uint16_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt16(uint16_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt16(uint16_r, 0));
} }
else if (fi.FieldType == typeof(uint)) else if(fi.FieldType == typeof(uint))
{ {
uint uint32 = (uint)fi.GetValue(str); uint uint32 = (uint)fi.GetValue(str);
byte[] uint32_b = BitConverter.GetBytes(uint32); byte[] uint32_b = BitConverter.GetBytes(uint32);
byte[] uint32_r = uint32_b.Reverse().ToArray(); byte[] uint32_r = uint32_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt32(uint32_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt32(uint32_r, 0));
} }
else if (fi.FieldType == typeof(ulong)) else if(fi.FieldType == typeof(ulong))
{ {
ulong uint64 = (ulong)fi.GetValue(str); ulong uint64 = (ulong)fi.GetValue(str);
byte[] uint64_b = BitConverter.GetBytes(uint64); byte[] uint64_b = BitConverter.GetBytes(uint64);
byte[] uint64_r = uint64_b.Reverse().ToArray(); byte[] uint64_r = uint64_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToInt64(uint64_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToInt64(uint64_r, 0));
} }
else if (fi.FieldType == typeof(float)) else if(fi.FieldType == typeof(float))
{ {
float flt = (float)fi.GetValue(str); float flt = (float)fi.GetValue(str);
byte[] flt_b = BitConverter.GetBytes(flt); byte[] flt_b = BitConverter.GetBytes(flt);
byte[] flt_r = flt_b.Reverse().ToArray(); byte[] flt_r = flt_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToSingle(flt_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToSingle(flt_r, 0));
} }
else if (fi.FieldType == typeof(double)) else if(fi.FieldType == typeof(double))
{ {
double dbl = (double)fi.GetValue(str); double dbl = (double)fi.GetValue(str);
byte[] dbl_b = BitConverter.GetBytes(dbl); byte[] dbl_b = BitConverter.GetBytes(dbl);
byte[] dbl_r = dbl_b.Reverse().ToArray(); byte[] dbl_r = dbl_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToDouble(dbl_r, 0)); fi.SetValueDirect(__makeref(str), BitConverter.ToDouble(dbl_r, 0));
} }
}
return str; return str;
} }
} }

42
libexeinfo/COFF/COFF.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -35,21 +36,21 @@ namespace libexeinfo
public partial class COFF public partial class COFF
{ {
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
/// Header for this executable /// Header for this executable
/// </summary> /// </summary>
public readonly COFFHeader Header; public readonly COFFHeader Header;
public readonly bool IsBigEndian;
/// <summary> /// <summary>
/// If true this instance correctly represents a Common Object File Format /// If true this instance correctly represents a Common Object File Format
/// </summary> /// </summary>
public readonly bool IsCOFF; public readonly bool IsCOFF;
public readonly bool IsBigEndian;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.COFF"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.COFF" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public COFF(string path) public COFF(string path)
@@ -63,21 +64,23 @@ namespace libexeinfo
Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length);
Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader)); Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC || IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC; Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = false; IsBigEndian = false;
if(!IsCOFF) if(!IsCOFF)
{ {
Header = SwapHeader(Header); Header = SwapHeader(Header);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC || IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC; Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = !IsCOFF; IsBigEndian = !IsCOFF;
} }
} }
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.COFF"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.COFF" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public COFF(FileStream stream) public COFF(FileStream stream)
@@ -91,15 +94,17 @@ namespace libexeinfo
Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length);
Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader)); Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC || IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC; Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = false; IsBigEndian = false;
if (!IsCOFF) if(!IsCOFF)
{ {
Header = SwapHeader(Header); Header = SwapHeader(Header);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC || IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC; Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = !IsCOFF; IsBigEndian = !IsCOFF;
} }
} }
@@ -131,13 +136,14 @@ namespace libexeinfo
COFFHeader COFFHdr = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader)); COFFHeader COFFHdr = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
if (COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC || COFFHdr.optionalHeader.magic == JMAGIC || if(COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC ||
COFFHdr.optionalHeader.magic == DMAGIC || COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC) COFFHdr.optionalHeader.magic == JMAGIC || COFFHdr.optionalHeader.magic == DMAGIC ||
return true; COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC) return true;
COFFHdr = SwapHeader(COFFHdr); COFFHdr = SwapHeader(COFFHdr);
return COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC || COFFHdr.optionalHeader.magic == JMAGIC || return COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC ||
COFFHdr.optionalHeader.magic == DMAGIC || COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC; COFFHdr.optionalHeader.magic == JMAGIC || COFFHdr.optionalHeader.magic == DMAGIC ||
COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC;
} }
static COFFHeader SwapHeader(COFFHeader header) static COFFHeader SwapHeader(COFFHeader header)

46
libexeinfo/COFF/Consts.cs
View File

@@ -60,6 +60,29 @@ namespace libexeinfo
/// </summary> /// </summary>
public readonly string SectionData = ".data"; public readonly string SectionData = ".data";
/// <summary> /// <summary>
/// Debug information
/// </summary>
public readonly string SectionDebug = ".debug";
/// <summary>
/// A .drectve section consists of a string of ASCII text. This string is
/// a series of linker options (each option containing hyphen, option
/// name, and any appropriate attribute) separated by spaces.The
/// .drectve section must not have relocations or line numbers.
/// </summary>
public readonly string SectionDirectives = ".drectve";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectioneXception = ".xdata";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectionException = ".pdata";
/// <summary>
/// Executable code
/// </summary>
public readonly string SectionExecutable = ".text";
/// <summary>
/// The export data section, named .edata, contains information about /// The export data section, named .edata, contains information about
/// symbols that other images can access through dynamic linking. /// symbols that other images can access through dynamic linking.
/// Exports are generally found in DLLs, but DLLs can import symbols as /// Exports are generally found in DLLs, but DLLs can import symbols as
@@ -71,10 +94,6 @@ namespace libexeinfo
/// </summary> /// </summary>
public readonly string SectionImport = ".idata"; public readonly string SectionImport = ".idata";
/// <summary> /// <summary>
/// Exception information
/// </summary>
public readonly string SectionException = ".pdata";
/// <summary>
/// Read-only initialized data /// Read-only initialized data
/// </summary> /// </summary>
public readonly string SectionReadOnly = ".rdata"; public readonly string SectionReadOnly = ".rdata";
@@ -87,27 +106,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public readonly string SectionResource = ".rsrc"; public readonly string SectionResource = ".rsrc";
/// <summary> /// <summary>
/// Executable code
/// </summary>
public readonly string SectionExecutable = ".text";
/// <summary>
/// Thread-local storage /// Thread-local storage
/// </summary> /// </summary>
public readonly string SectionTls = ".tls"; public readonly string SectionTls = ".tls";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectioneXception = ".xdata";
/// <summary>
/// Debug information
/// </summary>
public readonly string SectionDebug = ".debug";
/// <summary>
/// A .drectve section consists of a string of ASCII text. This string is
/// a series of linker options (each option containing hyphen, option
/// name, and any appropriate attribute) separated by spaces.The
/// .drectve section must not have relocations or line numbers.
/// </summary>
public readonly string SectionDirectives = ".drectve";
} }
} }

240
libexeinfo/COFF/Enums.cs
View File

@@ -25,12 +25,92 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class COFF public partial class COFF
{ {
/// <summary> /// <summary>
/// The Machine field has one of the following values that specifies its CPU type. An image file can be run only on the specified machine or on a system that emulates the specified machine. /// The Characteristics field contains flags that indicate attributes of the object or image file.
/// </summary>
[Flags]
public enum Characteristics : ushort
{
/// <summary>
/// Image only, Windows CE, and Microsoft Windows NT and later. This indicates that the file does not contain base
/// relocations and must therefore be loaded at its preferred base address. If the base address is not available, the
/// loader reports an error. The default behavior of the linker is to strip base relocations from executable (EXE)
/// files.
/// </summary>
IMAGE_FILE_RELOCS_STRIPPED = 0x0001,
/// <summary>
/// Image only. This indicates that the image file is valid and can be run. If this flag is not set, it indicates a
/// linker error.
/// </summary>
IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002,
/// <summary>
/// COFF line numbers have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004,
/// <summary>
/// COFF symbol table entries for local symbols have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008,
/// <summary>
/// Obsolete. Aggressively trim working set. This flag is deprecated for Windows 2000 and later and must be zero.
/// </summary>
IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010,
/// <summary>
/// Application can handle > 2-GB addresses.
/// </summary>
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020,
/// <summary>
/// Machine is based on a 16-bit-word architecture.
/// </summary>
IMAGE_FILE_16BIT_MACHINE = 0x0040,
/// <summary>
/// Little endian: the least significant bit (LSB) precedes the most significant bit (MSB) in memory. This flag is
/// deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_LO = 0x0080,
/// <summary>
/// Machine is based on a 32-bit-word architecture.
/// </summary>
IMAGE_FILE_32BIT_MACHINE = 0x0100,
/// <summary>
/// Debugging information is removed from the image file.
/// </summary>
IMAGE_FILE_DEBUG_STRIPPED = 0x0200,
/// <summary>
/// If the image is on removable media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,
/// <summary>
/// If the image is on network media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800,
/// <summary>
/// The image file is a system file, not a user program.
/// </summary>
IMAGE_FILE_SYSTEM = 0x1000,
/// <summary>
/// The image file is a dynamic-link library (DLL). Such files are considered executable files for almost all purposes,
/// although they cannot be directly run.
/// </summary>
IMAGE_FILE_DLL = 0x2000,
/// <summary>
/// The file should be run only on a uniprocessor machine.
/// </summary>
IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000,
/// <summary>
/// Big endian: the MSB precedes the LSB in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_HI = 0x8000
}
/// <summary>
/// The Machine field has one of the following values that specifies its CPU type. An image file can be run only on the
/// specified machine or on a system that emulates the specified machine.
/// </summary> /// </summary>
public enum MachineTypes : ushort public enum MachineTypes : ushort
{ {
@@ -176,240 +256,170 @@ namespace libexeinfo
IMAGE_FILE_MACHINE_WE32000 = 0x170 IMAGE_FILE_MACHINE_WE32000 = 0x170
} }
/// <summary>
/// The Characteristics field contains flags that indicate attributes of the object or image file.
/// </summary>
[Flags]
public enum Characteristics : ushort
{
/// <summary>
/// Image only, Windows CE, and Microsoft Windows NT and later. This indicates that the file does not contain base relocations and must therefore be loaded at its preferred base address. If the base address is not available, the loader reports an error. The default behavior of the linker is to strip base relocations from executable (EXE) files.
/// </summary>
IMAGE_FILE_RELOCS_STRIPPED = 0x0001,
/// <summary>
/// Image only. This indicates that the image file is valid and can be run. If this flag is not set, it indicates a linker error.
/// </summary>
IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002,
/// <summary>
/// COFF line numbers have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004,
/// <summary>
/// COFF symbol table entries for local symbols have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008,
/// <summary>
/// Obsolete. Aggressively trim working set. This flag is deprecated for Windows 2000 and later and must be zero.
/// </summary>
IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010,
/// <summary>
/// Application can handle > 2-GB addresses.
/// </summary>
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020,
/// <summary>
/// Machine is based on a 16-bit-word architecture.
/// </summary>
IMAGE_FILE_16BIT_MACHINE = 0x0040,
/// <summary>
/// Little endian: the least significant bit (LSB) precedes the most significant bit (MSB) in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_LO = 0x0080,
/// <summary>
/// Machine is based on a 32-bit-word architecture.
/// </summary>
IMAGE_FILE_32BIT_MACHINE = 0x0100,
/// <summary>
/// Debugging information is removed from the image file.
/// </summary>
IMAGE_FILE_DEBUG_STRIPPED = 0x0200,
/// <summary>
/// If the image is on removable media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,
/// <summary>
/// If the image is on network media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800,
/// <summary>
/// The image file is a system file, not a user program.
/// </summary>
IMAGE_FILE_SYSTEM = 0x1000,
/// <summary>
/// The image file is a dynamic-link library (DLL). Such files are considered executable files for almost all purposes, although they cannot be directly run.
/// </summary>
IMAGE_FILE_DLL = 0x2000,
/// <summary>
/// The file should be run only on a uniprocessor machine.
/// </summary>
IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000,
/// <summary>
/// Big endian: the MSB precedes the LSB in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_HI = 0x8000
}
public const uint IMAGE_SCN_ALIGN_MASK = 0x00F00000;
[Flags] [Flags]
public enum SectionFlags : uint public enum SectionFlags : uint
{ {
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_DSECT=0x00000001, IMAGE_SCN_TYPE_DSECT = 0x00000001,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_NOLOAD=0x00000002, IMAGE_SCN_TYPE_NOLOAD = 0x00000002,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_GROUP=0x00000004, IMAGE_SCN_TYPE_GROUP = 0x00000004,
/// <summary> /// <summary>
/// Section should not be padded to next boundary. /// Section should not be padded to next boundary.
/// This is obsolete and replaced by <see cref="IMAGE_SCN_ALIGN_1BYTES"/>. /// This is obsolete and replaced by <see cref="IMAGE_SCN_ALIGN_1BYTES" />.
/// This is valid for object files only. /// This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_NO_PAD=0x00000008, IMAGE_SCN_TYPE_NO_PAD = 0x00000008,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_COPY=0x00000010, IMAGE_SCN_TYPE_COPY = 0x00000010,
/// <summary> /// <summary>
/// Section contains executable code. /// Section contains executable code.
/// </summary> /// </summary>
IMAGE_SCN_CNT_CODE=0x00000020, IMAGE_SCN_CNT_CODE = 0x00000020,
/// <summary> /// <summary>
/// Section contains initialized data. /// Section contains initialized data.
/// </summary> /// </summary>
IMAGE_SCN_CNT_INITIALIZED_DATA=0x00000040, IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040,
/// <summary> /// <summary>
/// Section contains uninitialized data. /// Section contains uninitialized data.
/// </summary> /// </summary>
IMAGE_SCN_CNT_UNINITIALIZED_DATA=0x00000080, IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_LNK_OTHER=0x00000100, IMAGE_SCN_LNK_OTHER = 0x00000100,
/// <summary> /// <summary>
/// Section contains comments or other information. The .drectve section has this type. This is valid for object files only. /// Section contains comments or other information. The .drectve section has this type. This is valid for object files
/// only.
/// </summary> /// </summary>
IMAGE_SCN_LNK_INFO=0x00000200, IMAGE_SCN_LNK_INFO = 0x00000200,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_TYPE_OVER=0x00000400, IMAGE_SCN_TYPE_OVER = 0x00000400,
/// <summary> /// <summary>
/// Section will not become part of the image. This is valid for object files only. /// Section will not become part of the image. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_LNK_REMOVE=0x00000800, IMAGE_SCN_LNK_REMOVE = 0x00000800,
/// <summary> /// <summary>
/// Section contains COMDAT data. This is valid for object files only. /// Section contains COMDAT data. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_LNK_COMDAT=0x00001000, IMAGE_SCN_LNK_COMDAT = 0x00001000,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_MEM_FARDATA=0x00008000, IMAGE_SCN_MEM_FARDATA = 0x00008000,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_MEM_16BIT =0x00020000, IMAGE_SCN_MEM_16BIT = 0x00020000,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_MEM_LOCKED=0x00040000, IMAGE_SCN_MEM_LOCKED = 0x00040000,
/// <summary> /// <summary>
/// Reserved for future use. /// Reserved for future use.
/// </summary> /// </summary>
IMAGE_SCN_MEM_PRELOAD=0x00080000, IMAGE_SCN_MEM_PRELOAD = 0x00080000,
/// <summary> /// <summary>
/// Align data on a 1-byte boundary. This is valid for object files only. /// Align data on a 1-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_1BYTES=0x00100000, IMAGE_SCN_ALIGN_1BYTES = 0x00100000,
/// <summary> /// <summary>
/// Align data on a 2-byte boundary. This is valid for object files only. /// Align data on a 2-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_2BYTES=0x00200000, IMAGE_SCN_ALIGN_2BYTES = 0x00200000,
/// <summary> /// <summary>
/// Align data on a 4-byte boundary. This is valid for object files only. /// Align data on a 4-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_4BYTES=0x00300000, IMAGE_SCN_ALIGN_4BYTES = 0x00300000,
/// <summary> /// <summary>
/// Align data on a 8-byte boundary. This is valid for object files only. /// Align data on a 8-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_8BYTES=0x00400000, IMAGE_SCN_ALIGN_8BYTES = 0x00400000,
/// <summary> /// <summary>
/// Align data on a 16-byte boundary. This is valid for object files only. /// Align data on a 16-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_16BYTES=0x00500000, IMAGE_SCN_ALIGN_16BYTES = 0x00500000,
/// <summary> /// <summary>
/// Align data on a 32-byte boundary. This is valid for object files only. /// Align data on a 32-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_32BYTES=0x00600000, IMAGE_SCN_ALIGN_32BYTES = 0x00600000,
/// <summary> /// <summary>
/// Align data on a 64-byte boundary. This is valid for object files only. /// Align data on a 64-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_64BYTES=0x00700000, IMAGE_SCN_ALIGN_64BYTES = 0x00700000,
/// <summary> /// <summary>
/// Align data on a 128-byte boundary. This is valid for object files only. /// Align data on a 128-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_128BYTES=0x00800000, IMAGE_SCN_ALIGN_128BYTES = 0x00800000,
/// <summary> /// <summary>
/// Align data on a 256-byte boundary. This is valid for object files only. /// Align data on a 256-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_256BYTES=0x00900000, IMAGE_SCN_ALIGN_256BYTES = 0x00900000,
/// <summary> /// <summary>
/// Align data on a 512-byte boundary. This is valid for object files only. /// Align data on a 512-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_512BYTES=0x00A00000, IMAGE_SCN_ALIGN_512BYTES = 0x00A00000,
/// <summary> /// <summary>
/// Align data on a 1024-byte boundary. This is valid for object files only. /// Align data on a 1024-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_1024BYTES=0x00B00000, IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000,
/// <summary> /// <summary>
/// Align data on a 2048-byte boundary. This is valid for object files only. /// Align data on a 2048-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_2048BYTES=0x00C00000, IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000,
/// <summary> /// <summary>
/// Align data on a 4096-byte boundary. This is valid for object files only. /// Align data on a 4096-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_4096BYTES=0x00D00000, IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000,
/// <summary> /// <summary>
/// Align data on a 8192-byte boundary. This is valid for object files only. /// Align data on a 8192-byte boundary. This is valid for object files only.
/// </summary> /// </summary>
IMAGE_SCN_ALIGN_8192BYTES=0x00E00000, IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000,
/// <summary> /// <summary>
/// Section contains extended relocations. /// Section contains extended relocations.
/// </summary> /// </summary>
IMAGE_SCN_LNK_NRELOC_OVFL=0x01000000, IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000,
/// <summary> /// <summary>
/// Section can be discarded as needed. /// Section can be discarded as needed.
/// </summary> /// </summary>
IMAGE_SCN_MEM_DISCARDABLE=0x02000000, IMAGE_SCN_MEM_DISCARDABLE = 0x02000000,
/// <summary> /// <summary>
/// Section cannot be cached. /// Section cannot be cached.
/// </summary> /// </summary>
IMAGE_SCN_MEM_NOT_CACHED=0x04000000, IMAGE_SCN_MEM_NOT_CACHED = 0x04000000,
/// <summary> /// <summary>
/// Section is not pageable. /// Section is not pageable.
/// </summary> /// </summary>
IMAGE_SCN_MEM_NOT_PAGED=0x08000000, IMAGE_SCN_MEM_NOT_PAGED = 0x08000000,
/// <summary> /// <summary>
/// Section can be shared in memory. /// Section can be shared in memory.
/// </summary> /// </summary>
IMAGE_SCN_MEM_SHARED=0x10000000, IMAGE_SCN_MEM_SHARED = 0x10000000,
/// <summary> /// <summary>
/// Section can be executed as code. /// Section can be executed as code.
/// </summary> /// </summary>
IMAGE_SCN_MEM_EXECUTE=0x20000000, IMAGE_SCN_MEM_EXECUTE = 0x20000000,
/// <summary> /// <summary>
/// Section can be read. /// Section can be read.
/// </summary> /// </summary>
IMAGE_SCN_MEM_READ=0x40000000, IMAGE_SCN_MEM_READ = 0x40000000,
/// <summary> /// <summary>
/// Section can be written to. /// Section can be written to.
/// </summary> /// </summary>
IMAGE_SCN_MEM_WRITE=0x80000000 IMAGE_SCN_MEM_WRITE = 0x80000000
} }
public const uint IMAGE_SCN_ALIGN_MASK = 0x00F00000;
} }
} }

56
libexeinfo/COFF/Info.cs
View File

@@ -25,8 +25,6 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.Collections.Generic;
using System.IO;
using System.Text; using System.Text;
namespace libexeinfo namespace libexeinfo
@@ -38,7 +36,7 @@ namespace libexeinfo
DateTime epoch = new DateTime(1970, 1, 1); DateTime epoch = new DateTime(1970, 1, 1);
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.AppendLine("Common Object File Format (COFF):"); sb.AppendLine("Common Object File Format (COFF):");
switch (header.optionalHeader.magic) switch(header.optionalHeader.magic)
{ {
case JMAGIC: case JMAGIC:
sb.AppendLine("\tExecutable is dirty and unshareable"); sb.AppendLine("\tExecutable is dirty and unshareable");
@@ -56,59 +54,63 @@ namespace libexeinfo
sb.AppendLine("\tPE32+ executable"); sb.AppendLine("\tPE32+ executable");
break; break;
default: default:
sb.AppendFormat("\tUnknown executable type with magic {0}", header.optionalHeader.magic).AppendLine(); sb.AppendFormat("\tUnknown executable type with magic {0}", header.optionalHeader.magic)
.AppendLine();
break; break;
} }
sb.AppendFormat("\tMachine: {0}", MachineTypeToString(header.machine)).AppendLine(); sb.AppendFormat("\tMachine: {0}", MachineTypeToString(header.machine)).AppendLine();
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_RELOCS_STRIPPED)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_RELOCS_STRIPPED))
sb.AppendLine("\tExecutable contains no relocations."); sb.AppendLine("\tExecutable contains no relocations.");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_EXECUTABLE_IMAGE)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_EXECUTABLE_IMAGE))
sb.AppendLine("\tExecutable is valid."); sb.AppendLine("\tExecutable is valid.");
else else sb.AppendLine("\tExecutable is invalid, contains errors or has not been linked correctly.");
sb.AppendLine("\tExecutable is invalid, contains errors or has not been linked correctly."); if(!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LINE_NUMS_STRIPPED))
if (!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LINE_NUMS_STRIPPED))
sb.AppendLine("\tExecutable contains line numbers."); sb.AppendLine("\tExecutable contains line numbers.");
if (!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LOCAL_SYMS_STRIPPED)) if(!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LOCAL_SYMS_STRIPPED))
sb.AppendLine("\tExecutable contains debug symbols."); sb.AppendLine("\tExecutable contains debug symbols.");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_AGGRESSIVE_WS_TRIM)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_AGGRESSIVE_WS_TRIM))
sb.AppendLine("\tWorking set should be aggressively trimmed"); sb.AppendLine("\tWorking set should be aggressively trimmed");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LARGE_ADDRESS_AWARE)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LARGE_ADDRESS_AWARE))
sb.AppendLine("\tExecutable can handle addresses bigger than 2GiB"); sb.AppendLine("\tExecutable can handle addresses bigger than 2GiB");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_16BIT_MACHINE)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_16BIT_MACHINE))
sb.AppendLine("\tExecutable is for a 16-bit per word machine"); sb.AppendLine("\tExecutable is for a 16-bit per word machine");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_BYTES_REVERSED_LO)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_BYTES_REVERSED_LO))
sb.AppendLine("\tExecutable is little-endian"); sb.AppendLine("\tExecutable is little-endian");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_32BIT_MACHINE)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_32BIT_MACHINE))
sb.AppendLine("\tExecutable is for a 32-bit per word machine"); sb.AppendLine("\tExecutable is for a 32-bit per word machine");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_DEBUG_STRIPPED)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_DEBUG_STRIPPED))
sb.AppendLine("\tDebug information has been removed"); sb.AppendLine("\tDebug information has been removed");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP))
sb.AppendLine("\tWhen executable is run from removable media, it should be copied to swap and run from there"); sb.AppendLine("\tWhen executable is run from removable media, it should be copied to swap and run from there");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_NET_RUN_FROM_SWAP)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_NET_RUN_FROM_SWAP))
sb.AppendLine("\tWhen executable is run from a network share, it should be copied to swap and run from there"); sb.AppendLine("\tWhen executable is run from a network share, it should be copied to swap and run from there");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_SYSTEM)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_SYSTEM))
sb.AppendLine("\tExecutable is a system file"); sb.AppendLine("\tExecutable is a system file");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_DLL)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_DLL))
sb.AppendLine("\tExecutable is a dynamically linkable library"); sb.AppendLine("\tExecutable is a dynamically linkable library");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_UP_SYSTEM_ONLY)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_UP_SYSTEM_ONLY))
sb.AppendLine("\tExecutable can only run on uniprocessor machines"); sb.AppendLine("\tExecutable can only run on uniprocessor machines");
if (header.characteristics.HasFlag(Characteristics.IMAGE_FILE_BYTES_REVERSED_HI)) if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_BYTES_REVERSED_HI))
sb.AppendLine("\tExecutable is big-endian"); sb.AppendLine("\tExecutable is big-endian");
sb.AppendFormat("\tExecutable has {0} sections", header.numberOfSections).AppendLine(); sb.AppendFormat("\tExecutable has {0} sections", header.numberOfSections).AppendLine();
sb.AppendFormat("\tExecutable was linked on {0}", epoch.AddSeconds(header.timeDateStamp)).AppendLine(); sb.AppendFormat("\tExecutable was linked on {0}", epoch.AddSeconds(header.timeDateStamp)).AppendLine();
sb.AppendFormat("\tSymbol table starts at {0} and contains {1} symbols", header.pointerToSymbolTable, header.numberOfSymbols).AppendLine(); sb.AppendFormat("\tSymbol table starts at {0} and contains {1} symbols", header.pointerToSymbolTable,
header.numberOfSymbols).AppendLine();
sb.AppendFormat("\tOptional header has {0} bytes", header.sizeOfOptionalHeader).AppendLine(); sb.AppendFormat("\tOptional header has {0} bytes", header.sizeOfOptionalHeader).AppendLine();
if(header.optionalHeader.majorLinkerVersion > 0 || header.optionalHeader.minorLinkerVersion > 0) if(header.optionalHeader.majorLinkerVersion > 0 || header.optionalHeader.minorLinkerVersion > 0)
sb.AppendFormat("\tLinker version: {0}.{1}", header.optionalHeader.majorLinkerVersion, header.optionalHeader.minorLinkerVersion).AppendLine(); sb.AppendFormat("\tLinker version: {0}.{1}", header.optionalHeader.majorLinkerVersion,
header.optionalHeader.minorLinkerVersion).AppendLine();
sb.AppendFormat("\tCode has {0} bytes", header.optionalHeader.sizeOfCode).AppendLine(); sb.AppendFormat("\tCode has {0} bytes", header.optionalHeader.sizeOfCode).AppendLine();
sb.AppendFormat("\tInitialized data has {0} bytes", header.optionalHeader.sizeOfInitializedData).AppendLine(); sb.AppendFormat("\tInitialized data has {0} bytes", header.optionalHeader.sizeOfInitializedData)
sb.AppendFormat("\tUninitialized data has {0} bytes", header.optionalHeader.sizeOfUninitializedData).AppendLine(); .AppendLine();
sb.AppendFormat("\tUninitialized data has {0} bytes", header.optionalHeader.sizeOfUninitializedData)
.AppendLine();
sb.AppendFormat("\tAddress point starts at {0}", header.optionalHeader.addressOfEntryPoint).AppendLine(); sb.AppendFormat("\tAddress point starts at {0}", header.optionalHeader.addressOfEntryPoint).AppendLine();
sb.AppendFormat("\tCode starts at {0}", header.optionalHeader.baseOfCode).AppendLine(); sb.AppendFormat("\tCode starts at {0}", header.optionalHeader.baseOfCode).AppendLine();
if (header.optionalHeader.magic != PE.PE32Plus) if(header.optionalHeader.magic != PE.PE32Plus)
sb.AppendFormat("\tData starts at {0}", header.optionalHeader.baseOfData).AppendLine(); sb.AppendFormat("\tData starts at {0}", header.optionalHeader.baseOfData).AppendLine();
return sb.ToString(); return sb.ToString();
} }

98
libexeinfo/COFF/MachineTypes.cs
View File

@@ -30,76 +30,44 @@ namespace libexeinfo
{ {
public static string MachineTypeToString(MachineTypes machine) public static string MachineTypeToString(MachineTypes machine)
{ {
switch (machine) switch(machine)
{ {
case MachineTypes.IMAGE_FILE_MACHINE_UNKNOWN: case MachineTypes.IMAGE_FILE_MACHINE_UNKNOWN: return "Any machine";
return "Any machine"; case MachineTypes.IMAGE_FILE_MACHINE_ALPHA: return "Alpha AXP";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA: case MachineTypes.IMAGE_FILE_MACHINE_ALPHA64: return "Alpha AXP 64-bit.";
return "Alpha AXP"; case MachineTypes.IMAGE_FILE_MACHINE_AM33: return "Matsushita AM33";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA64: case MachineTypes.IMAGE_FILE_MACHINE_AMD64: return "AMD64 / EM64T";
return "Alpha AXP 64-bit."; case MachineTypes.IMAGE_FILE_MACHINE_ARM: return "ARM little endian";
case MachineTypes.IMAGE_FILE_MACHINE_AM33: case MachineTypes.IMAGE_FILE_MACHINE_ARM64: return "ARM64 little endian";
return "Matsushita AM33"; case MachineTypes.IMAGE_FILE_MACHINE_ARMNT: return "ARM Thumb-2 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_AMD64: case MachineTypes.IMAGE_FILE_MACHINE_EBC: return "EFI byte code";
return "AMD64 / EM64T";
case MachineTypes.IMAGE_FILE_MACHINE_ARM:
return "ARM little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARM64:
return "ARM64 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARMNT:
return "ARM Thumb-2 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_EBC:
return "EFI byte code";
case MachineTypes.IMAGE_FILE_MACHINE_I386: case MachineTypes.IMAGE_FILE_MACHINE_I386:
case MachineTypes.IMAGE_FILE_MACHINE_I386_AIX: case MachineTypes.IMAGE_FILE_MACHINE_I386_AIX:
return "Intel 386 or later processors and compatible processors"; return "Intel 386 or later processors and compatible processors";
case MachineTypes.IMAGE_FILE_MACHINE_IA64: case MachineTypes.IMAGE_FILE_MACHINE_IA64: return "Intel Itanium processor family";
return "Intel Itanium processor family"; case MachineTypes.IMAGE_FILE_MACHINE_M32R: return "Mitsubishi M32R little endian";
case MachineTypes.IMAGE_FILE_MACHINE_M32R:
return "Mitsubishi M32R little endian";
case MachineTypes.IMAGE_FILE_MACHINE_M68K: case MachineTypes.IMAGE_FILE_MACHINE_M68K:
case MachineTypes.IMAGE_FILE_MACHINE_M68K_OTHER: case MachineTypes.IMAGE_FILE_MACHINE_M68K_OTHER: return "Motorola 68000 series";
return "Motorola 68000 series"; case MachineTypes.IMAGE_FILE_MACHINE_MIPS16: return "MIPS16";
case MachineTypes.IMAGE_FILE_MACHINE_MIPS16: case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU: return "MIPS with FPU";
return "MIPS16"; case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU16: return "MIPS16 with FPU";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU: case MachineTypes.IMAGE_FILE_MACHINE_POWERPC: return "PowerPC little endian";
return "MIPS with FPU"; case MachineTypes.IMAGE_FILE_MACHINE_POWERPCFP: return "PowerPC with floating point support";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU16: case MachineTypes.IMAGE_FILE_MACHINE_MIPSEB: return "MIPS R3000 or later (big endian)";
return "MIPS16 with FPU"; case MachineTypes.IMAGE_FILE_MACHINE_R3000: return "MIPS R3000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPC: case MachineTypes.IMAGE_FILE_MACHINE_R4000: return "MIPS R4000 or later (little endian)";
return "PowerPC little endian"; case MachineTypes.IMAGE_FILE_MACHINE_R10000: return "MIPS R10000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPCFP: case MachineTypes.IMAGE_FILE_MACHINE_RISCV32: return "RISC-V 32-bit address space";
return "PowerPC with floating point support"; case MachineTypes.IMAGE_FILE_MACHINE_RISCV64: return "RISC-V 64-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSEB: case MachineTypes.IMAGE_FILE_MACHINE_RISCV128: return "RISC-V 128-bit address space";
return "MIPS R3000 or later (big endian)"; case MachineTypes.IMAGE_FILE_MACHINE_SH3: return "Hitachi SH3";
case MachineTypes.IMAGE_FILE_MACHINE_R3000: case MachineTypes.IMAGE_FILE_MACHINE_SH3DSP: return "Hitachi SH3 DSP";
return "MIPS R3000 or later (little endian)"; case MachineTypes.IMAGE_FILE_MACHINE_SH4: return "Hitachi SH4";
case MachineTypes.IMAGE_FILE_MACHINE_R4000: case MachineTypes.IMAGE_FILE_MACHINE_SH5: return "Hitachi SH5";
return "MIPS R4000 or later (little endian)"; case MachineTypes.IMAGE_FILE_MACHINE_THUMB: return "ARM Thumb";
case MachineTypes.IMAGE_FILE_MACHINE_R10000: case MachineTypes.IMAGE_FILE_MACHINE_WCEMIPSV2: return "MIPS little-endian WCE v2";
return "MIPS R10000 or later (little endian)"; case MachineTypes.IMAGE_FILE_MACHINE_CLIPPER: return "Clipper";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV32: case MachineTypes.IMAGE_FILE_MACHINE_WE32000: return "WE32000 series";
return "RISC-V 32-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV64:
return "RISC-V 64-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV128:
return "RISC-V 128-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_SH3:
return "Hitachi SH3";
case MachineTypes.IMAGE_FILE_MACHINE_SH3DSP:
return "Hitachi SH3 DSP";
case MachineTypes.IMAGE_FILE_MACHINE_SH4:
return "Hitachi SH4";
case MachineTypes.IMAGE_FILE_MACHINE_SH5:
return "Hitachi SH5";
case MachineTypes.IMAGE_FILE_MACHINE_THUMB:
return "ARM Thumb";
case MachineTypes.IMAGE_FILE_MACHINE_WCEMIPSV2:
return "MIPS little-endian WCE v2";
case MachineTypes.IMAGE_FILE_MACHINE_CLIPPER:
return "Clipper";
case MachineTypes.IMAGE_FILE_MACHINE_WE32000:
return "WE32000 series";
default: default:
return string.Format("Unknown machine type with code {0}", (ushort)machine); return string.Format("Unknown machine type with code {0}", (ushort)machine);
} }

49
libexeinfo/COFF/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
namespace libexeinfo namespace libexeinfo
@@ -33,13 +32,14 @@ namespace libexeinfo
public partial class COFF public partial class COFF
{ {
/// <summary> /// <summary>
/// At the beginning of an object file, or immediately after the signature of an image file, is a standard COFF file header in the following format. Note that the Windows loader limits the number of sections to 96. /// At the beginning of an object file, or immediately after the signature of an image file, is a standard COFF file
/// header in the following format. Note that the Windows loader limits the number of sections to 96.
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct COFFHeader public struct COFFHeader
{ {
/// <summary> /// <summary>
/// The number that identifies the type of target machine. For more information, <see cref="MachineTypes"/>. /// The number that identifies the type of target machine. For more information, <see cref="MachineTypes" />.
/// </summary> /// </summary>
public MachineTypes machine; public MachineTypes machine;
/// <summary> /// <summary>
@@ -47,33 +47,39 @@ namespace libexeinfo
/// </summary> /// </summary>
public ushort numberOfSections; public ushort numberOfSections;
/// <summary> /// <summary>
/// The low 32 bits of the number of seconds since 00:00 January 1, 1970 (a C run-time time_t value), that indicates when the file was created. /// The low 32 bits of the number of seconds since 00:00 January 1, 1970 (a C run-time time_t value), that indicates
/// when the file was created.
/// </summary> /// </summary>
public uint timeDateStamp; public uint timeDateStamp;
/// <summary> /// <summary>
/// The file offset of the COFF symbol table, or zero if no COFF symbol table is present. This value should be zero for an image because COFF debugging information is deprecated. /// The file offset of the COFF symbol table, or zero if no COFF symbol table is present. This value should be zero for
/// an image because COFF debugging information is deprecated.
/// </summary> /// </summary>
public uint pointerToSymbolTable; public uint pointerToSymbolTable;
/// <summary> /// <summary>
/// The number of entries in the symbol table. This data can be used to locate the string table, which immediately follows the symbol table. This value should be zero for an image because COFF debugging information is deprecated. /// The number of entries in the symbol table. This data can be used to locate the string table, which immediately
/// follows the symbol table. This value should be zero for an image because COFF debugging information is deprecated.
/// </summary> /// </summary>
public uint numberOfSymbols; public uint numberOfSymbols;
public ushort sizeOfOptionalHeader; public ushort sizeOfOptionalHeader;
/// <summary> /// <summary>
/// The flags that indicate the attributes of the file. For specific flag values, <see cref="Characteristics"/> /// The flags that indicate the attributes of the file. For specific flag values, <see cref="Characteristics" />
/// </summary> /// </summary>
public Characteristics characteristics; public Characteristics characteristics;
public OptionalHeader optionalHeader; public OptionalHeader optionalHeader;
} }
/// <summary> /// <summary>
/// The first eight fields of the optional header are standard fields that are defined for every implementation of COFF. These fields contain general information that is useful for loading and running an executable file. They are unchanged for the PE32+ format. /// The first eight fields of the optional header are standard fields that are defined for every implementation of
/// COFF. These fields contain general information that is useful for loading and running an executable file. They are
/// unchanged for the PE32+ format.
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct OptionalHeader public struct OptionalHeader
{ {
/// <summary> /// <summary>
/// The unsigned integer that identifies the state of the image file. The most common number is 0x10B, which identifies it as a normal executable file. 0x107 identifies it as a ROM image, and 0x20B identifies it as a PE32+ executable. /// The unsigned integer that identifies the state of the image file. The most common number is 0x10B, which identifies
/// it as a normal executable file. 0x107 identifies it as a ROM image, and 0x20B identifies it as a PE32+ executable.
/// </summary> /// </summary>
public ushort magic; public ushort magic;
/// <summary> /// <summary>
@@ -93,11 +99,14 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint sizeOfInitializedData; public uint sizeOfInitializedData;
/// <summary> /// <summary>
/// The size of the uninitialized data section (BSS), or the sum of all such sections if there are multiple BSS sections. /// The size of the uninitialized data section (BSS), or the sum of all such sections if there are multiple BSS
/// sections.
/// </summary> /// </summary>
public uint sizeOfUninitializedData; public uint sizeOfUninitializedData;
/// <summary> /// <summary>
/// The address of the entry point relative to the image base when the executable file is loaded into memory. For program images, this is the starting address. For device drivers, this is the address of the initialization function. An entry point is optional for DLLs. When no entry point is present, this field must be zero. /// The address of the entry point relative to the image base when the executable file is loaded into memory. For
/// program images, this is the starting address. For device drivers, this is the address of the initialization
/// function. An entry point is optional for DLLs. When no entry point is present, this field must be zero.
/// </summary> /// </summary>
public uint addressOfEntryPoint; public uint addressOfEntryPoint;
/// <summary> /// <summary>
@@ -105,13 +114,13 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint baseOfCode; public uint baseOfCode;
/// <summary> /// <summary>
/// PE32 contains this additional field, which is absent in PE32+, following BaseOfCode.<br/> /// PE32 contains this additional field, which is absent in PE32+, following BaseOfCode.<br />
/// The address that is relative to the image base of the beginning-of-data section when it is loaded into memory. /// The address that is relative to the image base of the beginning-of-data section when it is loaded into memory.
/// </summary> /// </summary>
public uint baseOfData; public uint baseOfData;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct SectionHeader public struct SectionHeader
{ {
/// <summary> /// <summary>
@@ -126,7 +135,7 @@ namespace libexeinfo
public string name; public string name;
/// <summary> /// <summary>
/// Total size of the section when loaded into memory. If this value is greater than /// Total size of the section when loaded into memory. If this value is greater than
/// <see cref="sizeOfRawData"/>, the section is zero-padded.This field is valid only /// <see cref="sizeOfRawData" />, the section is zero-padded.This field is valid only
/// for executable images and should be set to 0 for object files. /// for executable images and should be set to 0 for object files.
/// </summary> /// </summary>
public uint virtualSize; public uint virtualSize;
@@ -141,10 +150,10 @@ namespace libexeinfo
/// <summary> /// <summary>
/// Size of the section (object file) or size of the initialized data on disk(image /// Size of the section (object file) or size of the initialized data on disk(image
/// files). For executable image, this must be a multiple of FileAlignment from the /// files). For executable image, this must be a multiple of FileAlignment from the
/// optional header.If this is less than <see cref="virtualSize"/> the remainder of /// optional header.If this is less than <see cref="virtualSize" /> the remainder of
/// the section is zero filled. Because this field is rounded while the /// the section is zero filled. Because this field is rounded while the
/// <see cref="virtualSize"/> field is not it is possible for this to be greater /// <see cref="virtualSize" /> field is not it is possible for this to be greater
/// than <see cref="virtualSize"/> as well.When a section contains only /// than <see cref="virtualSize" /> as well.When a section contains only
/// uninitialized data, this field should be 0. /// uninitialized data, this field should be 0.
/// </summary> /// </summary>
public uint sizeOfRawData; public uint sizeOfRawData;
@@ -174,7 +183,7 @@ namespace libexeinfo
/// </summary> /// </summary>
public ushort numberOfLineNumbers; public ushort numberOfLineNumbers;
/// <summary> /// <summary>
/// Flags describing sectionís characteristics. <see cref="SectionFlags"/> /// Flags describing sectionís characteristics. <see cref="SectionFlags" />
/// </summary> /// </summary>
public SectionFlags characteristics; public SectionFlags characteristics;
} }

1
libexeinfo/LX/Consts.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class LX public partial class LX

1
libexeinfo/LX/Enums.cs
View File

@@ -25,6 +25,7 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class LX public partial class LX

101
libexeinfo/LX/Info.cs
View File

@@ -24,9 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.IO;
using System.Text; using System.Text;
namespace libexeinfo namespace libexeinfo
@@ -36,51 +33,59 @@ namespace libexeinfo
public static string GetInfo(LXHeader header) public static string GetInfo(LXHeader header)
{ {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
if(header.signature == Signature16) if(header.signature == Signature16) sb.AppendLine("Linear Executable (LE):");
sb.AppendLine("Linear Executable (LE):"); else sb.AppendLine("Linear eXecutable (LX):");
else
sb.AppendLine("Linear eXecutable (LX):");
if (header.os_type == TargetOS.OS2) if(header.os_type == TargetOS.OS2)
{ {
sb.AppendLine("\tOS/2 application"); sb.AppendLine("\tOS/2 application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible)) if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager"); sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it"); sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Presentation Manager"); sb.AppendLine("\tApplication uses Presentation Manager");
} }
else if (header.os_type == TargetOS.Windows || header.os_type == TargetOS.Win32 || header.os_type == TargetOS.Unknown) else if(header.os_type == TargetOS.Windows || header.os_type == TargetOS.Win32 ||
header.os_type == TargetOS.Unknown)
{ {
if (header.os_type == TargetOS.Windows || header.os_type == TargetOS.Unknown) if(header.os_type == TargetOS.Windows || header.os_type == TargetOS.Unknown)
sb.AppendLine("\t16-bit Windows application"); sb.AppendLine("\t16-bit Windows application");
else if (header.os_type == TargetOS.Win32) else if(header.os_type == TargetOS.Win32)
sb.AppendLine("\t32-bit Windows application"); sb.AppendLine("\t32-bit Windows application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible)) if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows"); sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it"); sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Windows"); sb.AppendLine("\tApplication uses Windows");
} }
else if (header.os_type == TargetOS.DOS) else if(header.os_type == TargetOS.DOS)
{ {
sb.AppendLine("\tDOS application"); sb.AppendLine("\tDOS application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible)) if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows"); sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it"); sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible)) else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Windows"); sb.AppendLine("\tApplication uses Windows");
} }
else else
{
sb.AppendFormat("\tApplication for unknown OS {0}", (ushort)header.os_type).AppendLine(); sb.AppendFormat("\tApplication for unknown OS {0}", (ushort)header.os_type).AppendLine();
}
sb.AppendFormat("\tByte ordering: {0}", header.byte_order == 1 ? "Big-endian" : "Little-Endian").AppendLine(); sb.AppendFormat("\tByte ordering: {0}", header.byte_order == 1 ? "Big-endian" : "Little-Endian")
sb.AppendFormat("\tWord ordering: {0}", header.word_order == 1 ? "Big-endian" : "Little-Endian").AppendLine(); .AppendLine();
sb.AppendFormat("\tWord ordering: {0}", header.word_order == 1 ? "Big-endian" : "Little-Endian")
.AppendLine();
sb.AppendFormat("\tFormat level: {0}", header.format_level).AppendLine(); sb.AppendFormat("\tFormat level: {0}", header.format_level).AppendLine();
sb.AppendFormat("\tExecutable version: {0}", header.module_version).AppendLine(); sb.AppendFormat("\tExecutable version: {0}", header.module_version).AppendLine();
@@ -114,32 +119,35 @@ namespace libexeinfo
sb.AppendLine("\tExecutable requires at least a MIPS III processor to run."); sb.AppendLine("\tExecutable requires at least a MIPS III processor to run.");
break; break;
default: default:
sb.AppendFormat("\tExecutable requires unknown cpu with type code {0} to run.", (ushort)header.cpu_type).AppendLine(); sb.AppendFormat("\tExecutable requires unknown cpu with type code {0} to run.",
(ushort)header.cpu_type).AppendLine();
break; break;
} }
if (header.module_flags.HasFlag(ModuleFlags.PerProcessLibrary)) if(header.module_flags.HasFlag(ModuleFlags.PerProcessLibrary))
sb.AppendLine("Library should be initialized per-process."); sb.AppendLine("Library should be initialized per-process.");
if (header.module_flags.HasFlag(ModuleFlags.PerProcessTermination)) if(header.module_flags.HasFlag(ModuleFlags.PerProcessTermination))
sb.AppendLine("Library should be terminated per-process."); sb.AppendLine("Library should be terminated per-process.");
if (header.module_flags.HasFlag(ModuleFlags.InternalFixups)) if(header.module_flags.HasFlag(ModuleFlags.InternalFixups))
sb.AppendLine("Internal fixups have been applied."); sb.AppendLine("Internal fixups have been applied.");
if (header.module_flags.HasFlag(ModuleFlags.ExternalFixups)) if(header.module_flags.HasFlag(ModuleFlags.ExternalFixups))
sb.AppendLine("External fixups have been applied."); sb.AppendLine("External fixups have been applied.");
if (header.module_flags.HasFlag(ModuleFlags.NotLoadable)) if(header.module_flags.HasFlag(ModuleFlags.NotLoadable))
sb.AppendLine("Executable is not loadable, it contains errors or is still being linked."); sb.AppendLine("Executable is not loadable, it contains errors or is still being linked.");
if(header.module_flags.HasFlag(ModuleFlags.VirtualDeviceDriver)) if(header.module_flags.HasFlag(ModuleFlags.VirtualDeviceDriver))
sb.AppendLine("Executable is a driver for a virtual device."); sb.AppendLine("Executable is a driver for a virtual device.");
else if (header.module_flags.HasFlag(ModuleFlags.PhysicalDeviceDriver)) else if(header.module_flags.HasFlag(ModuleFlags.PhysicalDeviceDriver))
sb.AppendLine("Executable is a driver for a physical device."); sb.AppendLine("Executable is a driver for a physical device.");
else if (header.module_flags.HasFlag(ModuleFlags.ProtectedMemoryLibrary)) else if(header.module_flags.HasFlag(ModuleFlags.ProtectedMemoryLibrary))
sb.AppendLine("Executable is a protected mode library."); sb.AppendLine("Executable is a protected mode library.");
else if (header.module_flags.HasFlag(ModuleFlags.Library)) else if(header.module_flags.HasFlag(ModuleFlags.Library))
sb.AppendLine("Executable is a library."); sb.AppendLine("Executable is a library.");
sb.AppendFormat("\tThis executable contains {0} pages", header.module_pages_no).AppendLine(); sb.AppendFormat("\tThis executable contains {0} pages", header.module_pages_no)
sb.AppendFormat("\tObject number to which the Entry Address is relative: {0}", header.eip_object).AppendLine(); .AppendLine();
sb.AppendFormat("\tObject number to which the Entry Address is relative: {0}", header.eip_object)
.AppendLine();
sb.AppendFormat("\tEntry address of module: {0:X8}h", header.eip).AppendLine(); sb.AppendFormat("\tEntry address of module: {0:X8}h", header.eip).AppendLine();
sb.AppendFormat("\tObject number to which the ESP is relative: {0}", header.esp_object).AppendLine(); sb.AppendFormat("\tObject number to which the ESP is relative: {0}", header.esp_object).AppendLine();
sb.AppendFormat("\tStarting stack address of module: {0:X8}h", header.esp).AppendLine(); sb.AppendFormat("\tStarting stack address of module: {0:X8}h", header.esp).AppendLine();
@@ -149,24 +157,31 @@ namespace libexeinfo
sb.AppendFormat("\tChecksum for fixup information: 0x{0:X8}", header.fixup_checksum).AppendLine(); sb.AppendFormat("\tChecksum for fixup information: 0x{0:X8}", header.fixup_checksum).AppendLine();
sb.AppendFormat("\tMemory resident tables are {0} bytes long", header.loader_size).AppendLine(); sb.AppendFormat("\tMemory resident tables are {0} bytes long", header.loader_size).AppendLine();
sb.AppendFormat("\tChecksum for loader section: 0x{0:X8}", header.loader_checksum).AppendLine(); sb.AppendFormat("\tChecksum for loader section: 0x{0:X8}", header.loader_checksum).AppendLine();
sb.AppendFormat("\tObject table starts at {0} and contains {1} objects", header.obj_table_off, header.obj_no).AppendLine(); sb.AppendFormat("\tObject table starts at {0} and contains {1} objects", header.obj_table_off,
header.obj_no).AppendLine();
sb.AppendFormat("\tObject page table starts at {0}", header.obj_page_table_off).AppendLine(); sb.AppendFormat("\tObject page table starts at {0}", header.obj_page_table_off).AppendLine();
sb.AppendFormat("\tObject iterated pages starts at {0}", header.obj_iter_pages_off).AppendLine(); sb.AppendFormat("\tObject iterated pages starts at {0}", header.obj_iter_pages_off).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_off, header.resource_entries).AppendLine(); sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_off,
header.resource_entries).AppendLine();
sb.AppendFormat("\tResident name table starts at {0}", header.resident_names_off).AppendLine(); sb.AppendFormat("\tResident name table starts at {0}", header.resident_names_off).AppendLine();
sb.AppendFormat("\tEntry table starts at {0}", header.entry_table_off).AppendLine(); sb.AppendFormat("\tEntry table starts at {0}", header.entry_table_off).AppendLine();
sb.AppendFormat("\tModule format directives table starts at {0} and contains {1} entries", header.directives_off, header.directives_no).AppendLine(); sb.AppendFormat("\tModule format directives table starts at {0} and contains {1} entries",
header.directives_off, header.directives_no).AppendLine();
sb.AppendFormat("\tFixup page table starts at {0}", header.fixup_page_table_off).AppendLine(); sb.AppendFormat("\tFixup page table starts at {0}", header.fixup_page_table_off).AppendLine();
sb.AppendFormat("\tFixup record table starts at {0}", header.fixup_record_table_off).AppendLine(); sb.AppendFormat("\tFixup record table starts at {0}", header.fixup_record_table_off).AppendLine();
sb.AppendFormat("\tImport module name table starts at {0} and contains {1} entries", header.import_module_table_off, header.import_module_entries).AppendLine(); sb.AppendFormat("\tImport module name table starts at {0} and contains {1} entries",
header.import_module_table_off, header.import_module_entries).AppendLine();
sb.AppendFormat("\tImport procedure name table starts at {0}", header.import_proc_table_off).AppendLine(); sb.AppendFormat("\tImport procedure name table starts at {0}", header.import_proc_table_off).AppendLine();
sb.AppendFormat("\tPer-page checksum table starts at {0}", header.perpage_checksum_off).AppendLine(); sb.AppendFormat("\tPer-page checksum table starts at {0}", header.perpage_checksum_off).AppendLine();
sb.AppendFormat("\tData pages start at {0}", header.data_pages_off).AppendLine(); sb.AppendFormat("\tData pages start at {0}", header.data_pages_off).AppendLine();
sb.AppendFormat("\t{0} pages to preload in this executable", header.preload_pages_no).AppendLine(); sb.AppendFormat("\t{0} pages to preload in this executable", header.preload_pages_no).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes", header.nonresident_name_table_off, header.nonresident_name_table_len).AppendLine(); sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes",
sb.AppendFormat("\tNon-resident name table checksum: 0x{0:X8}", header.nonresident_name_table_checksum).AppendLine(); header.nonresident_name_table_off, header.nonresident_name_table_len).AppendLine();
sb.AppendFormat("\tNon-resident name table checksum: 0x{0:X8}", header.nonresident_name_table_checksum)
.AppendLine();
sb.AppendFormat("\tThe auto data segment object number: {0}", header.auto_ds_obj_no).AppendLine(); sb.AppendFormat("\tThe auto data segment object number: {0}", header.auto_ds_obj_no).AppendLine();
sb.AppendFormat("\tDebug information starts at {0} and is {1} bytes", header.debug_info_off, header.debug_info_len).AppendLine(); sb.AppendFormat("\tDebug information starts at {0} and is {1} bytes", header.debug_info_off,
header.debug_info_len).AppendLine();
sb.AppendFormat("\tInstance pages in preload section: {0}", header.instance_preload_no).AppendLine(); sb.AppendFormat("\tInstance pages in preload section: {0}", header.instance_preload_no).AppendLine();
sb.AppendFormat("\tInstance pages in demand section: {0}", header.instance_demand_no).AppendLine(); sb.AppendFormat("\tInstance pages in demand section: {0}", header.instance_demand_no).AppendLine();
sb.AppendFormat("\tHeap size added to the auto ds object: {0}", header.heap_size).AppendLine(); sb.AppendFormat("\tHeap size added to the auto ds object: {0}", header.heap_size).AppendLine();

29
libexeinfo/LX/LX.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -35,8 +36,9 @@ namespace libexeinfo
// TODO: Big-endian (really needed?) // TODO: Big-endian (really needed?)
public partial class LX public partial class LX
{ {
public readonly MZ BaseExecutable;
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
@@ -47,10 +49,9 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft/IBM Linear EXecutable /// If true this instance correctly represents a Microsoft/IBM Linear EXecutable
/// </summary> /// </summary>
public readonly bool IsLX; public readonly bool IsLX;
public readonly MZ BaseExecutable;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public LX(string path) public LX(string path)
@@ -59,7 +60,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length) if(BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -72,10 +72,9 @@ namespace libexeinfo
IsLX = Header.signature == Signature || Header.signature == Signature16; IsLX = Header.signature == Signature || Header.signature == Signature16;
} }
} }
}
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public LX(FileStream stream) public LX(FileStream stream)
@@ -83,9 +82,8 @@ namespace libexeinfo
IsLX = false; IsLX = false;
BaseStream = stream; BaseStream = stream;
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))];
@@ -97,7 +95,6 @@ namespace libexeinfo
IsLX = Header.signature == Signature || Header.signature == Signature16; IsLX = Header.signature == Signature || Header.signature == Signature16;
} }
} }
}
/// <summary> /// <summary>
/// Identifies if the specified executable is a Microsoft/IBM Linear EXecutable /// Identifies if the specified executable is a Microsoft/IBM Linear EXecutable
@@ -108,9 +105,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))];
@@ -121,7 +117,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature || Header.signature == Signature16; return Header.signature == Signature || Header.signature == Signature16;
} }
}
return false; return false;
} }
@@ -135,9 +130,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = stream; FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(LXHeader))];
@@ -148,7 +142,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature || Header.signature == Signature16; return Header.signature == Signature || Header.signature == Signature16;
} }
}
return false; return false;
} }

3
libexeinfo/LX/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
namespace libexeinfo namespace libexeinfo
@@ -34,7 +33,7 @@ namespace libexeinfo
/// <summary> /// <summary>
/// Header for a Microsoft Linear Executable and IBM Linear eXecutable /// Header for a Microsoft Linear Executable and IBM Linear eXecutable
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct LXHeader public struct LXHeader
{ {
/// <summary> /// <summary>

1
libexeinfo/MZ/Consts.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class MZ public partial class MZ

9
libexeinfo/MZ/Info.cs
View File

@@ -40,11 +40,14 @@ namespace libexeinfo
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.AppendLine("DOS MZ executable:"); sb.AppendLine("DOS MZ executable:");
sb.AppendFormat("\tBlocks in file: {0}", header.blocks_in_file).AppendLine(); sb.AppendFormat("\tBlocks in file: {0}", header.blocks_in_file).AppendLine();
sb.AppendFormat("\t{0} bytes used in last block", header.bytes_in_last_block == 0 ? 512 : header.bytes_in_last_block).AppendLine(); sb.AppendFormat("\t{0} bytes used in last block",
header.bytes_in_last_block == 0 ? 512 : header.bytes_in_last_block).AppendLine();
sb.AppendFormat("\t{0} relocations present after the header", header.num_relocs).AppendLine(); sb.AppendFormat("\t{0} relocations present after the header", header.num_relocs).AppendLine();
sb.AppendFormat("\t{0} paragraphs in header", header.header_paragraphs).AppendLine(); sb.AppendFormat("\t{0} paragraphs in header", header.header_paragraphs).AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory required", header.min_extra_paragraphs).AppendLine(); sb.AppendFormat("\t{0} paragraphs of additional memory required", header.min_extra_paragraphs)
sb.AppendFormat("\t{0} paragraphs of additional memory requested", header.max_extra_paragraphs).AppendLine(); .AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory requested", header.max_extra_paragraphs)
.AppendLine();
sb.AppendFormat("\tSegment address for SS: {0:X4}h", header.ss).AppendLine(); sb.AppendFormat("\tSegment address for SS: {0:X4}h", header.ss).AppendLine();
sb.AppendFormat("\tInitial value of SP: {0:X4}h", header.sp).AppendLine(); sb.AppendFormat("\tInitial value of SP: {0:X4}h", header.sp).AppendLine();
sb.AppendFormat("\tInitial value of IP: {0:X4}h", header.ip).AppendLine(); sb.AppendFormat("\tInitial value of IP: {0:X4}h", header.ip).AppendLine();

7
libexeinfo/MZ/MZ.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -35,7 +36,7 @@ namespace libexeinfo
public partial class MZ public partial class MZ
{ {
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
@@ -48,7 +49,7 @@ namespace libexeinfo
public readonly bool IsMZ; public readonly bool IsMZ;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.MZ"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.MZ" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public MZ(string path) public MZ(string path)
@@ -66,7 +67,7 @@ namespace libexeinfo
} }
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.MZ"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.MZ" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public MZ(FileStream stream) public MZ(FileStream stream)

87
libexeinfo/NE/Consts.cs
View File

@@ -24,8 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.ComponentModel;
namespace libexeinfo namespace libexeinfo
{ {
public partial class NE public partial class NE
@@ -35,7 +33,7 @@ namespace libexeinfo
/// </summary> /// </summary>
public const ushort Signature = 0x454E; public const ushort Signature = 0x454E;
/// <summary> /// <summary>
/// Signature for a <see cref="FixedFileInfo"/> /// Signature for a <see cref="FixedFileInfo" />
/// </summary> /// </summary>
public static readonly string FixedFileInfoSig = "VS_VERSION_INFO"; public static readonly string FixedFileInfoSig = "VS_VERSION_INFO";
/// <summary> /// <summary>
@@ -50,62 +48,35 @@ namespace libexeinfo
/// <param name="id">Resource type identifier.</param> /// <param name="id">Resource type identifier.</param>
public static string ResourceIdToName(ushort id) public static string ResourceIdToName(ushort id)
{ {
switch (id & 0x7FFF) switch(id & 0x7FFF)
{ {
case (int)ResourceTypes.RT_ACCELERATOR: case (int)ResourceTypes.RT_ACCELERATOR: return "RT_ACCELERATOR";
return "RT_ACCELERATOR"; case (int)ResourceTypes.RT_ANICURSOR: return "RT_ANICURSOR";
case (int)ResourceTypes.RT_ANICURSOR: case (int)ResourceTypes.RT_ANIICON: return "RT_ANIICON";
return "RT_ANICURSOR"; case (int)ResourceTypes.RT_BITMAP: return "RT_BITMAP";
case (int)ResourceTypes.RT_ANIICON: case (int)ResourceTypes.RT_CURSOR: return "RT_CURSOR";
return "RT_ANIICON"; case (int)ResourceTypes.RT_DIALOG: return "RT_DIALOG";
case (int)ResourceTypes.RT_BITMAP: case (int)ResourceTypes.RT_DIALOGEX: return "RT_DIALOGEX";
return "RT_BITMAP"; case (int)ResourceTypes.RT_DLGINCLUDE: return "RT_DLGINCLUDE";
case (int)ResourceTypes.RT_CURSOR: case (int)ResourceTypes.RT_DLGINIT: return "RT_DLGINIT";
return "RT_CURSOR"; case (int)ResourceTypes.RT_FONT: return "RT_FONT";
case (int)ResourceTypes.RT_DIALOG: case (int)ResourceTypes.RT_FONTDIR: return "RT_FONTDIR";
return "RT_DIALOG"; case (int)ResourceTypes.RT_GROUP_CURSOR: return "RT_GROUP_CURSOR";
case (int)ResourceTypes.RT_DIALOGEX: case (int)ResourceTypes.RT_GROUP_ICON: return "RT_GROUP_ICON";
return "RT_DIALOGEX"; case (int)ResourceTypes.RT_HTML: return "RT_HTML";
case (int)ResourceTypes.RT_DLGINCLUDE: case (int)ResourceTypes.RT_ICON: return "RT_ICON";
return "RT_DLGINCLUDE"; case (int)ResourceTypes.RT_MANIFEST: return "RT_MANIFEST";
case (int)ResourceTypes.RT_DLGINIT: case (int)ResourceTypes.RT_MENU: return "RT_MENU";
return "RT_DLGINIT"; case (int)ResourceTypes.RT_MENUEX: return "RT_MENUEX";
case (int)ResourceTypes.RT_FONT: case (int)ResourceTypes.RT_MESSAGETABLE: return "RT_MESSAGETABLE";
return "RT_FONT"; case (int)ResourceTypes.RT_NEWBITMAP: return "RT_NEWBITMAP";
case (int)ResourceTypes.RT_FONTDIR: case (int)ResourceTypes.RT_PLUGPLAY: return "RT_PLUGPLAY";
return "RT_FONTDIR"; case (int)ResourceTypes.RT_RCDATA: return "RT_RCDATA";
case (int)ResourceTypes.RT_GROUP_CURSOR: case (int)ResourceTypes.RT_STRING: return "RT_STRING";
return "RT_GROUP_CURSOR"; case (int)ResourceTypes.RT_TOOLBAR: return "RT_TOOLBAR";
case (int)ResourceTypes.RT_GROUP_ICON: case (int)ResourceTypes.RT_VERSION: return "RT_VERSION";
return "RT_GROUP_ICON"; case (int)ResourceTypes.RT_VXD: return "RT_VXD";
case (int)ResourceTypes.RT_HTML: default: return string.Format("{0}", id & 0x7FFF);
return "RT_HTML";
case (int)ResourceTypes.RT_ICON:
return "RT_ICON";
case (int)ResourceTypes.RT_MANIFEST:
return "RT_MANIFEST";
case (int)ResourceTypes.RT_MENU:
return "RT_MENU";
case (int)ResourceTypes.RT_MENUEX:
return "RT_MENUEX";
case (int)ResourceTypes.RT_MESSAGETABLE:
return "RT_MESSAGETABLE";
case (int)ResourceTypes.RT_NEWBITMAP:
return "RT_NEWBITMAP";
case (int)ResourceTypes.RT_PLUGPLAY:
return "RT_PLUGPLAY";
case (int)ResourceTypes.RT_RCDATA:
return "RT_RCDATA";
case (int)ResourceTypes.RT_STRING:
return "RT_STRING";
case (int)ResourceTypes.RT_TOOLBAR:
return "RT_TOOLBAR";
case (int)ResourceTypes.RT_VERSION:
return "RT_VERSION";
case (int)ResourceTypes.RT_VXD:
return "RT_VXD";
default:
return string.Format("{0}", id & 0x7FFF);
} }
} }
} }

99
libexeinfo/NE/Enums.cs
View File

@@ -25,40 +25,11 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class NE public partial class NE
{ {
/// <summary>
/// Program flags.
/// </summary>
[Flags]
public enum ProgramFlags : byte
{
NoDGroup = 0,
SingleDGroup = 1,
MultipleDGroup = 2,
GlobalInit = 1 << 2,
ProtectedMode = 1 << 3,
i86 = 1 << 4,
i286 = 1 << 5,
i386 = 1 << 6,
i87 = 1 << 7
}
/// <summary>
/// Target operating system.
/// </summary>
public enum TargetOS : byte
{
Unknown = 0,
OS2 = 1,
Windows = 2,
DOS = 3,
Win32 = 4,
Borland = 5
}
/// <summary> /// <summary>
/// Application flags. /// Application flags.
/// </summary> /// </summary>
@@ -81,7 +52,24 @@ namespace libexeinfo
LongFilename = 1 << 0, LongFilename = 1 << 0,
ProtectedMode2 = 1 << 1, ProtectedMode2 = 1 << 1,
ProportionalFonts = 1 << 2, ProportionalFonts = 1 << 2,
GangloadArea = 1 << 3, GangloadArea = 1 << 3
}
/// <summary>
/// Program flags.
/// </summary>
[Flags]
public enum ProgramFlags : byte
{
NoDGroup = 0,
SingleDGroup = 1,
MultipleDGroup = 2,
GlobalInit = 1 << 2,
ProtectedMode = 1 << 3,
i86 = 1 << 4,
i286 = 1 << 5,
i386 = 1 << 6,
i87 = 1 << 7
} }
/// <summary> /// <summary>
@@ -126,7 +114,20 @@ namespace libexeinfo
RT_TOOLBAR = 241, RT_TOOLBAR = 241,
RT_VERSION = 16, RT_VERSION = 16,
RT_VXD = 20, RT_VXD = 20,
RT_NEW = 0x2000, RT_NEW = 0x2000
}
/// <summary>
/// Target operating system.
/// </summary>
public enum TargetOS : byte
{
Unknown = 0,
OS2 = 1,
Windows = 2,
DOS = 3,
Win32 = 4,
Borland = 5
} }
/// <summary> /// <summary>
@@ -140,7 +141,7 @@ namespace libexeinfo
VS_FF_PATCHED = 0x00000004, VS_FF_PATCHED = 0x00000004,
VS_FF_PRERELEASE = 0x00000002, VS_FF_PRERELEASE = 0x00000002,
VS_FF_PRIVATEBUILD = 0x00000008, VS_FF_PRIVATEBUILD = 0x00000008,
VS_FF_SPECIALBUILD = 0x00000020, VS_FF_SPECIALBUILD = 0x00000020
} }
/// <summary> /// <summary>
@@ -175,21 +176,7 @@ namespace libexeinfo
VOS_OS232_WINDOWS16 = 0x00030001, VOS_OS232_WINDOWS16 = 0x00030001,
VOS_OS232_WINDOWS32 = 0x00030004, VOS_OS232_WINDOWS32 = 0x00030004,
VOS_OS232_PM16 = 0x00030002, VOS_OS232_PM16 = 0x00030002,
VOS_OS232_PM32 = 0x00030003, VOS_OS232_PM32 = 0x00030003
}
/// <summary>
/// Version file type.
/// </summary>
public enum VersionFileType : uint
{
VFT_APP = 0x00000001,
VFT_DLL = 0x00000002,
VFT_DRV = 0x00000003,
VFT_FONT = 0x00000004,
VFT_STATIC_LIB = 0x00000007,
VFT_UNKNOWN = 0x00000000,
VFT_VXD = 0x00000005,
} }
/// <summary> /// <summary>
@@ -213,7 +200,21 @@ namespace libexeinfo
// Fonts // Fonts
VFT2_FONT_RASTER = 0x00000001, VFT2_FONT_RASTER = 0x00000001,
VFT2_FONT_TRUETYPE = 0x00000003, VFT2_FONT_TRUETYPE = 0x00000003,
VFT2_FONT_VECTOR = 0x00000002, VFT2_FONT_VECTOR = 0x00000002
}
/// <summary>
/// Version file type.
/// </summary>
public enum VersionFileType : uint
{
VFT_APP = 0x00000001,
VFT_DLL = 0x00000002,
VFT_DRV = 0x00000003,
VFT_FONT = 0x00000004,
VFT_STATIC_LIB = 0x00000007,
VFT_UNKNOWN = 0x00000000,
VFT_VXD = 0x00000005
} }
} }
} }

166
libexeinfo/NE/Info.cs
View File

@@ -39,97 +39,116 @@ namespace libexeinfo
sb.AppendLine("New Executable (NE):"); sb.AppendLine("New Executable (NE):");
sb.AppendFormat("\tFile's CRC: 0x{0:X8}", header.crc).AppendLine(); sb.AppendFormat("\tFile's CRC: 0x{0:X8}", header.crc).AppendLine();
sb.AppendFormat("\tLinker version: {0}.{1}", header.linker_major, header.linker_minor).AppendLine(); sb.AppendFormat("\tLinker version: {0}.{1}", header.linker_major, header.linker_minor).AppendLine();
if (header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && !header.program_flags.HasFlag(ProgramFlags.MultipleDGroup)) if(header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
!header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication uses a single shared DGroup"); sb.AppendLine("\tApplication uses a single shared DGroup");
else if (!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && header.program_flags.HasFlag(ProgramFlags.MultipleDGroup)) else if(!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication uses a multiple DGroup"); sb.AppendLine("\tApplication uses a multiple DGroup");
else if (header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && header.program_flags.HasFlag(ProgramFlags.MultipleDGroup)) else if(header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication indicates an incorrect DGroup value"); sb.AppendLine("\tApplication indicates an incorrect DGroup value");
else if (!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && !header.program_flags.HasFlag(ProgramFlags.MultipleDGroup)) else if(!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
!header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication does not use DGroup"); sb.AppendLine("\tApplication does not use DGroup");
if (header.program_flags.HasFlag(ProgramFlags.GlobalInit)) if(header.program_flags.HasFlag(ProgramFlags.GlobalInit))
sb.AppendLine("\tApplication uses global initialization"); sb.AppendLine("\tApplication uses global initialization");
if (header.program_flags.HasFlag(ProgramFlags.ProtectedMode)) if(header.program_flags.HasFlag(ProgramFlags.ProtectedMode))
sb.AppendLine("\tApplication uses protected mode"); sb.AppendLine("\tApplication uses protected mode");
if (header.program_flags.HasFlag(ProgramFlags.i86)) if(header.program_flags.HasFlag(ProgramFlags.i86)) sb.AppendLine("\tApplication uses 8086 instructions");
sb.AppendLine("\tApplication uses 8086 instructions"); if(header.program_flags.HasFlag(ProgramFlags.i286)) sb.AppendLine("\tApplication uses 80286 instructions");
if (header.program_flags.HasFlag(ProgramFlags.i286)) if(header.program_flags.HasFlag(ProgramFlags.i386)) sb.AppendLine("\tApplication uses 80386 instructions");
sb.AppendLine("\tApplication uses 80286 instructions"); if(header.program_flags.HasFlag(ProgramFlags.i87))
if (header.program_flags.HasFlag(ProgramFlags.i386))
sb.AppendLine("\tApplication uses 80386 instructions");
if (header.program_flags.HasFlag(ProgramFlags.i87))
sb.AppendLine("\tApplication uses floating point instructions"); sb.AppendLine("\tApplication uses floating point instructions");
if (header.target_os == TargetOS.OS2) if(header.target_os == TargetOS.OS2)
{ {
sb.AppendLine("\tOS/2 application"); sb.AppendLine("\tOS/2 application");
if(header.os_major > 0) if(header.os_major > 0)
sb.AppendFormat("\tApplication requires OS/2 {0}.{1} to run", header.os_major, header.os_minor).AppendLine(); sb.AppendFormat("\tApplication requires OS/2 {0}.{1} to run", header.os_major, header.os_minor)
else .AppendLine();
sb.AppendLine("\tApplication requires OS/2 1.0 to run"); else sb.AppendLine("\tApplication requires OS/2 1.0 to run");
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager"); sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it"); sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Presentation Manager"); sb.AppendLine("\tApplication uses Presentation Manager");
if (header.os2_flags.HasFlag(OS2Flags.LongFilename)) if(header.os2_flags.HasFlag(OS2Flags.LongFilename))
sb.AppendLine("\tApplication supports long filenames"); sb.AppendLine("\tApplication supports long filenames");
if (header.os2_flags.HasFlag(OS2Flags.ProtectedMode2)) if(header.os2_flags.HasFlag(OS2Flags.ProtectedMode2))
sb.AppendLine("\tApplication uses OS/2 2.x protected mode"); sb.AppendLine("\tApplication uses OS/2 2.x protected mode");
if (header.os2_flags.HasFlag(OS2Flags.ProportionalFonts)) if(header.os2_flags.HasFlag(OS2Flags.ProportionalFonts))
sb.AppendLine("\tApplication uses OS/2 2.x proportional fonts"); sb.AppendLine("\tApplication uses OS/2 2.x proportional fonts");
if (header.os2_flags.HasFlag(OS2Flags.GangloadArea)) if(header.os2_flags.HasFlag(OS2Flags.GangloadArea))
sb.AppendFormat("\tGangload area starts at {0} an runs for {1} bytes", header.return_thunks_offset, header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tGangload area starts at {0} an runs for {1} bytes", header.return_thunks_offset,
header.segment_reference_thunks).AppendLine();
else else
{ {
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine(); sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks)
.AppendLine();
} }
} }
else if (header.target_os == TargetOS.Windows || header.target_os == TargetOS.Win32 || header.target_os == TargetOS.Unknown) else if(header.target_os == TargetOS.Windows || header.target_os == TargetOS.Win32 ||
header.target_os == TargetOS.Unknown)
{ {
if (header.target_os == TargetOS.Windows || header.target_os == TargetOS.Unknown) if(header.target_os == TargetOS.Windows || header.target_os == TargetOS.Unknown)
sb.AppendLine("\t16-bit Windows application"); sb.AppendLine("\t16-bit Windows application");
else if (header.target_os == TargetOS.Win32) else if(header.target_os == TargetOS.Win32)
sb.AppendLine("\t32-bit Windows application"); sb.AppendLine("\t32-bit Windows application");
if(header.os_major > 0) if(header.os_major > 0)
sb.AppendFormat("\tApplication requires Windows {0}.{1} to run", header.os_major, header.os_minor).AppendLine(); sb.AppendFormat("\tApplication requires Windows {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
else if(header.target_os == TargetOS.Windows) else if(header.target_os == TargetOS.Windows)
sb.AppendLine("\tApplication requires Windows 2.0 to run"); sb.AppendLine("\tApplication requires Windows 2.0 to run");
else if (header.target_os == TargetOS.Unknown) else if(header.target_os == TargetOS.Unknown)
sb.AppendLine("\tApplication requires Windows 1.0 to run"); sb.AppendLine("\tApplication requires Windows 1.0 to run");
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows"); sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it"); sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows"); sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine(); sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
} }
else if (header.target_os == TargetOS.DOS) else if(header.target_os == TargetOS.DOS)
{ {
sb.AppendLine("\tDOS application"); sb.AppendLine("\tDOS application");
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor).AppendLine(); sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor)
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) .AppendLine();
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows"); sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it"); sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows"); sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine(); sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
} }
else if (header.target_os == TargetOS.Borland) else if(header.target_os == TargetOS.Borland)
{ {
sb.AppendLine("\tBorland Operating System Services application"); sb.AppendLine("\tBorland Operating System Services application");
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor).AppendLine(); sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor)
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) .AppendLine();
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows"); sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it"); sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible)) else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows"); sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine(); sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
@@ -137,30 +156,37 @@ namespace libexeinfo
else else
{ {
sb.AppendFormat("\tApplication for unknown OS {0}", (byte)header.target_os).AppendLine(); sb.AppendFormat("\tApplication for unknown OS {0}", (byte)header.target_os).AppendLine();
sb.AppendFormat("\tApplication requires OS {0}.{1} to run", header.os_major, header.os_minor).AppendLine(); sb.AppendFormat("\tApplication requires OS {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine(); sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine(); sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
} }
if (header.application_flags.HasFlag(ApplicationFlags.Errors)) if(header.application_flags.HasFlag(ApplicationFlags.Errors)) sb.AppendLine("\tExecutable has errors");
sb.AppendLine("\tExecutable has errors"); if(header.application_flags.HasFlag(ApplicationFlags.NonConforming))
if (header.application_flags.HasFlag(ApplicationFlags.NonConforming))
sb.AppendLine("\tExecutable is non conforming"); sb.AppendLine("\tExecutable is non conforming");
if (header.application_flags.HasFlag(ApplicationFlags.DLL)) if(header.application_flags.HasFlag(ApplicationFlags.DLL))
sb.AppendLine("\tExecutable is a dynamic library or a driver"); sb.AppendLine("\tExecutable is a dynamic library or a driver");
sb.AppendFormat("\tMinimum code swap area: {0} bytes", header.minimum_swap_area).AppendLine(); sb.AppendFormat("\tMinimum code swap area: {0} bytes", header.minimum_swap_area).AppendLine();
sb.AppendFormat("\tFile alignment shift: {0}", 512 << header.alignment_shift).AppendLine(); sb.AppendFormat("\tFile alignment shift: {0}", 512 << header.alignment_shift).AppendLine();
sb.AppendFormat("\tInitial local heap should be {0} bytes", header.initial_heap).AppendLine(); sb.AppendFormat("\tInitial local heap should be {0} bytes", header.initial_heap).AppendLine();
sb.AppendFormat("\tInitial stack size should be {0} bytes", header.initial_stack).AppendLine(); sb.AppendFormat("\tInitial stack size should be {0} bytes", header.initial_stack).AppendLine();
sb.AppendFormat("\tCS:IP entry point: {0:X4}:{1:X4}", (header.entry_point & 0xFFFF0000) >> 16, header.entry_point & 0xFFFF).AppendLine(); sb.AppendFormat("\tCS:IP entry point: {0:X4}:{1:X4}", (header.entry_point & 0xFFFF0000) >> 16,
if (!header.application_flags.HasFlag(ApplicationFlags.DLL)) header.entry_point & 0xFFFF).AppendLine();
sb.AppendFormat("\tSS:SP initial stack pointer: {0:X4}:{1:X4}", (header.stack_pointer & 0xFFFF0000) >> 16, header.stack_pointer & 0xFFFF).AppendLine(); if(!header.application_flags.HasFlag(ApplicationFlags.DLL))
sb.AppendFormat("\tEntry table starts at {0} and runs for {1} bytes", header.entry_table_offset, header.entry_table_length).AppendLine(); sb.AppendFormat("\tSS:SP initial stack pointer: {0:X4}:{1:X4}",
sb.AppendFormat("\tSegment table starts at {0} and contain {1} segments", header.segment_table_offset, header.segment_count).AppendLine(); (header.stack_pointer & 0xFFFF0000) >> 16, header.stack_pointer & 0xFFFF).AppendLine();
sb.AppendFormat("\tModule reference table starts at {0} and contain {1} references", header.module_reference_offset, header.reference_count).AppendLine(); sb.AppendFormat("\tEntry table starts at {0} and runs for {1} bytes", header.entry_table_offset,
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes", header.nonresident_names_offset, header.nonresident_table_size).AppendLine(); header.entry_table_length).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_offset, header.resource_entries).AppendLine(); sb.AppendFormat("\tSegment table starts at {0} and contain {1} segments", header.segment_table_offset,
header.segment_count).AppendLine();
sb.AppendFormat("\tModule reference table starts at {0} and contain {1} references",
header.module_reference_offset, header.reference_count).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes",
header.nonresident_names_offset, header.nonresident_table_size).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_offset,
header.resource_entries).AppendLine();
sb.AppendFormat("\tResident names table starts at {0}", header.resident_names_offset).AppendLine(); sb.AppendFormat("\tResident names table starts at {0}", header.resident_names_offset).AppendLine();
sb.AppendFormat("\tImported names table starts at {0}", header.imported_names_offset).AppendLine(); sb.AppendFormat("\tImported names table starts at {0}", header.imported_names_offset).AppendLine();
return sb.ToString(); return sb.ToString();
@@ -184,13 +210,12 @@ namespace libexeinfo
List<ResourceType> types = new List<ResourceType>(); List<ResourceType> types = new List<ResourceType>();
while (true) while(true)
{ {
ResourceType type = new ResourceType(); ResourceType type = new ResourceType();
stream.Read(DW, 0, 2); stream.Read(DW, 0, 2);
type.id = BitConverter.ToUInt16(DW, 0); type.id = BitConverter.ToUInt16(DW, 0);
if (type.id == 0) if(type.id == 0) break;
break;
stream.Read(DW, 0, 2); stream.Read(DW, 0, 2);
type.count = BitConverter.ToUInt16(DW, 0); type.count = BitConverter.ToUInt16(DW, 0);
@@ -198,7 +223,7 @@ namespace libexeinfo
type.reserved = BitConverter.ToUInt32(DD, 0); type.reserved = BitConverter.ToUInt32(DD, 0);
type.resources = new Resource[type.count]; type.resources = new Resource[type.count];
for (int i = 0; i < type.count; i++) for(int i = 0; i < type.count; i++)
{ {
type.resources[i] = new Resource(); type.resources[i] = new Resource();
stream.Read(DW, 0, 2); stream.Read(DW, 0, 2);
@@ -214,14 +239,14 @@ namespace libexeinfo
} }
types.Add(type); types.Add(type);
System.Console.WriteLine("{0}", stream.Position); Console.WriteLine("{0}", stream.Position);
} }
table.types = types.ToArray(); table.types = types.ToArray();
for (int t = 0; t < table.types.Length; t++) for(int t = 0; t < table.types.Length; t++)
{ {
if ((table.types[t].id & 0x8000) == 0) if((table.types[t].id & 0x8000) == 0)
{ {
byte len; byte len;
byte[] str; byte[] str;
@@ -231,12 +256,11 @@ namespace libexeinfo
stream.Read(str, 0, len); stream.Read(str, 0, len);
table.types[t].name = Encoding.ASCII.GetString(str); table.types[t].name = Encoding.ASCII.GetString(str);
} }
else else table.types[t].name = ResourceIdToName(table.types[t].id);
table.types[t].name = ResourceIdToName(table.types[t].id);
for (int r = 0; r < table.types[t].resources.Length; r++) for(int r = 0; r < table.types[t].resources.Length; r++)
{ {
if ((table.types[t].resources[r].id & 0x8000) == 0) if((table.types[t].resources[r].id & 0x8000) == 0)
{ {
byte len; byte len;
byte[] str; byte[] str;
@@ -247,9 +271,11 @@ namespace libexeinfo
table.types[t].resources[r].name = Encoding.ASCII.GetString(str); table.types[t].resources[r].name = Encoding.ASCII.GetString(str);
} }
else else
table.types[t].resources[r].name = string.Format("{0}", table.types[t].resources[r].id & 0x7FFF); table.types[t].resources[r].name =
string.Format("{0}", table.types[t].resources[r].id & 0x7FFF);
table.types[t].resources[r].data = new byte[table.types[t].resources[r].length * (1 << table.alignment_shift)]; table.types[t].resources[r].data =
new byte[table.types[t].resources[r].length * (1 << table.alignment_shift)];
stream.Position = table.types[t].resources[r].dataOffset * (1 << table.alignment_shift); stream.Position = table.types[t].resources[r].dataOffset * (1 << table.alignment_shift);
stream.Read(table.types[t].resources[r].data, 0, table.types[t].resources[r].data.Length); stream.Read(table.types[t].resources[r].data, 0, table.types[t].resources[r].data.Length);
} }

41
libexeinfo/NE/NE.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -34,8 +35,9 @@ namespace libexeinfo
/// </summary> /// </summary>
public partial class NE public partial class NE
{ {
public readonly MZ BaseExecutable;
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
@@ -46,12 +48,11 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft New Executable /// If true this instance correctly represents a Microsoft New Executable
/// </summary> /// </summary>
public readonly bool IsNE; public readonly bool IsNE;
public readonly MZ BaseExecutable;
public readonly ResourceTable Resources; public readonly ResourceTable Resources;
public readonly Version[] Versions; public readonly Version[] Versions;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public NE(string path) public NE(string path)
@@ -60,7 +61,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length) if(BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -73,18 +73,18 @@ namespace libexeinfo
if(Header.signature == Signature) if(Header.signature == Signature)
{ {
IsNE = true; IsNE = true;
if (Header.resource_entries > 0) if(Header.resource_entries > 0)
{ {
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset, Header.resource_table_offset); Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset,
Header.resource_table_offset);
Versions = GetVersions().ToArray(); Versions = GetVersions().ToArray();
} }
} }
} }
} }
}
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public NE(FileStream stream) public NE(FileStream stream)
@@ -92,9 +92,8 @@ namespace libexeinfo
IsNE = false; IsNE = false;
BaseStream = stream; BaseStream = stream;
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))];
@@ -103,18 +102,18 @@ namespace libexeinfo
Marshal.Copy(buffer, 0, hdrPtr, buffer.Length); Marshal.Copy(buffer, 0, hdrPtr, buffer.Length);
Header = (NEHeader)Marshal.PtrToStructure(hdrPtr, typeof(NEHeader)); Header = (NEHeader)Marshal.PtrToStructure(hdrPtr, typeof(NEHeader));
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
if (Header.signature == Signature) if(Header.signature == Signature)
{ {
IsNE = true; IsNE = true;
if (Header.resource_entries > 0) if(Header.resource_entries > 0)
{ {
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset, Header.resource_table_offset); Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset,
Header.resource_table_offset);
Versions = GetVersions().ToArray(); Versions = GetVersions().ToArray();
} }
} }
} }
} }
}
/// <summary> /// <summary>
/// Identifies if the specified executable is a Microsoft New Executable /// Identifies if the specified executable is a Microsoft New Executable
@@ -125,9 +124,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))];
@@ -138,7 +136,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature; return Header.signature == Signature;
} }
}
return false; return false;
} }
@@ -152,9 +149,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = stream; FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(NEHeader))];
@@ -165,7 +161,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature; return Header.signature == Signature;
} }
}
return false; return false;
} }

31
libexeinfo/NE/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
namespace libexeinfo namespace libexeinfo
@@ -34,7 +33,7 @@ namespace libexeinfo
/// <summary> /// <summary>
/// Header for a Microsoft New Executable /// Header for a Microsoft New Executable
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct NEHeader public struct NEHeader
{ {
public ushort signature; public ushort signature;
@@ -115,11 +114,11 @@ namespace libexeinfo
/// </summary> /// </summary>
class VersionNode class VersionNode
{ {
public ushort cbNode;
public ushort cbData; public ushort cbData;
public string szName; public ushort cbNode;
public byte[] rgbData;
public VersionNode[] children; public VersionNode[] children;
public byte[] rgbData;
public string szName;
} }
/// <summary> /// <summary>
@@ -128,19 +127,19 @@ namespace libexeinfo
[StructLayout(LayoutKind.Sequential)] [StructLayout(LayoutKind.Sequential)]
public class FixedFileInfo public class FixedFileInfo
{ {
public uint dwFileDateLS;
public uint dwFileDateMS;
public uint dwFileFlags;
public uint dwFileFlagsMask;
public uint dwFileOS;
public uint dwFileSubtype;
public uint dwFileType;
public uint dwFileVersionLS;
public uint dwFileVersionMS;
public uint dwProductVersionLS;
public uint dwProductVersionMS;
public uint dwSignature; public uint dwSignature;
public uint dwStrucVersion; public uint dwStrucVersion;
public uint dwFileVersionMS;
public uint dwFileVersionLS;
public uint dwProductVersionMS;
public uint dwProductVersionLS;
public uint dwFileFlagsMask;
public uint dwFileFlags;
public uint dwFileOS;
public uint dwFileType;
public uint dwFileSubtype;
public uint dwFileDateMS;
public uint dwFileDateLS;
} }
} }
} }

409
libexeinfo/NE/Version.cs
View File

@@ -42,17 +42,13 @@ namespace libexeinfo
{ {
List<Version> versions = new List<Version>(); List<Version> versions = new List<Version>();
foreach (ResourceType type in Resources.types) foreach(ResourceType type in Resources.types)
{ if((type.id & 0x7FFF) == (int)ResourceTypes.RT_VERSION)
if ((type.id & 0x7FFF) == (int)ResourceTypes.RT_VERSION) foreach(Resource resource in type.resources)
{
foreach (Resource resource in type.resources)
{ {
Version vers = new Version(resource.data, resource.name); Version vers = new Version(resource.data, resource.name);
versions.Add(vers); versions.Add(vers);
} }
}
}
return versions; return versions;
} }
@@ -63,124 +59,15 @@ namespace libexeinfo
public class Version public class Version
{ {
/// <summary> /// <summary>
/// This contains a list of all name=value strings pairs sorted by language /// Initializes a new instance of the <see cref="T:libexeinfo.NE.Version" /> class.
/// </summary>
/// <value>List of all name=value strings pairs sorted by language.</value>
public Dictionary<string, Dictionary<string, string>> StringsByLanguage { get; }
string fileVersion;
string productVersion;
VersionFileFlags fileFlags;
VersionFileOS fileOS;
VersionFileType fileType;
VersionFileSubtype fileSubtype;
DateTime fileDate;
string name;
/// <summary>
/// File version.
/// </summary>
/// <value>The file version.</value>
public string FileVersion
{
get
{
return fileVersion;
}
}
/// <summary>
/// Product version.
/// </summary>
/// <value>The product version.</value>
public string ProductVersion
{
get
{
return productVersion;
}
}
/// <summary>
/// File flags.
/// </summary>
/// <value>The file flags.</value>
public VersionFileFlags FileFlags
{
get
{
return fileFlags;
}
}
/// <summary>
/// File operating system.
/// </summary>
/// <value>The file operating system.</value>
public VersionFileOS FileOS
{
get
{
return fileOS;
}
}
/// <summary>
/// File type.
/// </summary>
/// <value>The type of the file.</value>
public VersionFileType FileType
{
get
{
return fileType;
}
}
/// <summary>
/// File subtype.
/// </summary>
/// <value>The file subtype.</value>
public VersionFileSubtype FileSubtype
{
get
{
return fileSubtype;
}
}
/// <summary>
/// File date.
/// </summary>
/// <value>The file date.</value>
public DateTime FileDate
{
get
{
return fileDate;
}
}
/// <summary>
/// Resource name
/// </summary>
/// <value>The resource name.</value>
public string Name
{
get { return name; }
}
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE.Version"/> class.
/// </summary> /// </summary>
/// <param name="data">Resource data.</param> /// <param name="data">Resource data.</param>
/// <param name="resourceName">Resource name.</param> /// <param name="resourceName">Resource name.</param>
public Version(byte[] data, string resourceName = null) public Version(byte[] data, string resourceName = null)
{ {
if (data == null || data.Length < 5) if(data == null || data.Length < 5) return;
return;
name = resourceName; Name = resourceName;
StringsByLanguage = new Dictionary<string, Dictionary<string, string>>(); StringsByLanguage = new Dictionary<string, Dictionary<string, string>>();
@@ -188,6 +75,60 @@ namespace libexeinfo
DecodeNode(root, null, null); DecodeNode(root, null, null);
} }
/// <summary>
/// This contains a list of all name=value strings pairs sorted by language
/// </summary>
/// <value>List of all name=value strings pairs sorted by language.</value>
public Dictionary<string, Dictionary<string, string>> StringsByLanguage { get; }
/// <summary>
/// File version.
/// </summary>
/// <value>The file version.</value>
public string FileVersion { get; set; }
/// <summary>
/// Product version.
/// </summary>
/// <value>The product version.</value>
public string ProductVersion { get; set; }
/// <summary>
/// File flags.
/// </summary>
/// <value>The file flags.</value>
public VersionFileFlags FileFlags { get; set; }
/// <summary>
/// File operating system.
/// </summary>
/// <value>The file operating system.</value>
public VersionFileOS FileOS { get; set; }
/// <summary>
/// File type.
/// </summary>
/// <value>The type of the file.</value>
public VersionFileType FileType { get; set; }
/// <summary>
/// File subtype.
/// </summary>
/// <value>The file subtype.</value>
public VersionFileSubtype FileSubtype { get; set; }
/// <summary>
/// File date.
/// </summary>
/// <value>The file date.</value>
public DateTime FileDate { get; set; }
/// <summary>
/// Resource name
/// </summary>
/// <value>The resource name.</value>
public string Name { get; }
VersionNode GetNode(byte[] data, int startPosition, out int nodeLength) VersionNode GetNode(byte[] data, int startPosition, out int nodeLength)
{ {
nodeLength = 0; nodeLength = 0;
@@ -200,240 +141,196 @@ namespace libexeinfo
nodeLength += 4; nodeLength += 4;
MemoryStream nameMs = new MemoryStream(); MemoryStream nameMs = new MemoryStream();
while (data[startPosition + nodeLength] > 0) while(data[startPosition + nodeLength] > 0)
{ {
nameMs.WriteByte(data[startPosition + nodeLength]); nameMs.WriteByte(data[startPosition + nodeLength]);
nodeLength++; nodeLength++;
} }
node.szName = Encoding.ASCII.GetString(nameMs.ToArray()); node.szName = Encoding.ASCII.GetString(nameMs.ToArray());
nodeLength++; nodeLength++;
if (nodeLength % 4 > 0) if(nodeLength % 4 > 0) nodeLength += 4 - nodeLength % 4;
nodeLength += 4 - (nodeLength % 4);
node.rgbData = new byte[node.cbData]; node.rgbData = new byte[node.cbData];
Array.Copy(data, startPosition + nodeLength, node.rgbData, 0, node.cbData); Array.Copy(data, startPosition + nodeLength, node.rgbData, 0, node.cbData);
nodeLength += node.cbData; nodeLength += node.cbData;
if (nodeLength % 4 > 0) if(nodeLength % 4 > 0) nodeLength += 4 - nodeLength % 4;
nodeLength += 4 - (nodeLength % 4);
List<VersionNode> children = new List<VersionNode>(); List<VersionNode> children = new List<VersionNode>();
while (nodeLength < node.cbNode) while(nodeLength < node.cbNode)
{ {
children.Add(GetNode(data, startPosition + nodeLength, out int childLength)); children.Add(GetNode(data, startPosition + nodeLength, out int childLength));
nodeLength += childLength; nodeLength += childLength;
} }
if (children.Count > 0) if(children.Count > 0) node.children = children.ToArray();
node.children = children.ToArray();
return node; return node;
} }
void DecodeNode(VersionNode node, string parent, string grandparent) void DecodeNode(VersionNode node, string parent, string grandparent)
{ {
if (node.szName == FixedFileInfoSig) if(node.szName == FixedFileInfoSig)
{ {
IntPtr infoPtr = Marshal.AllocHGlobal(node.cbData); IntPtr infoPtr = Marshal.AllocHGlobal(node.cbData);
Marshal.Copy(node.rgbData, 0, infoPtr, node.cbData); Marshal.Copy(node.rgbData, 0, infoPtr, node.cbData);
FixedFileInfo info = (FixedFileInfo)Marshal.PtrToStructure(infoPtr, typeof(FixedFileInfo)); FixedFileInfo info = (FixedFileInfo)Marshal.PtrToStructure(infoPtr, typeof(FixedFileInfo));
Marshal.FreeHGlobal(infoPtr); Marshal.FreeHGlobal(infoPtr);
fileVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwFileVersionMS & 0xFFFF0000) >> 16, info.dwFileVersionMS & 0xFFFF, FileVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwFileVersionMS & 0xFFFF0000) >> 16,
(info.dwFileVersionLS & 0xFFFF0000) >> 16, info.dwFileVersionLS & 0xFFFF); info.dwFileVersionMS & 0xFFFF,
productVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwProductVersionMS & 0xFFFF0000) >> 16, info.dwProductVersionMS & 0xFFFF, (info.dwFileVersionLS & 0xFFFF0000) >> 16,
(info.dwProductVersionLS & 0xFFFF0000) >> 16, info.dwProductVersionLS & 0xFFFF); info.dwFileVersionLS & 0xFFFF);
fileFlags = (VersionFileFlags)(info.dwFileFlags & info.dwFileFlagsMask); ProductVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwProductVersionMS & 0xFFFF0000) >> 16,
fileOS = (VersionFileOS)info.dwFileOS; info.dwProductVersionMS & 0xFFFF,
fileType = (VersionFileType)info.dwFileType; (info.dwProductVersionLS & 0xFFFF0000) >> 16,
fileSubtype = (VersionFileSubtype)info.dwFileSubtype; info.dwProductVersionLS & 0xFFFF);
fileDate = DateTime.FromFileTime(info.dwFileDateMS * 0x100000000 + info.dwFileDateLS); FileFlags =
(VersionFileFlags)(info.dwFileFlags & info.dwFileFlagsMask);
FileOS = (VersionFileOS)info.dwFileOS;
FileType = (VersionFileType)info.dwFileType;
FileSubtype = (VersionFileSubtype)info.dwFileSubtype;
FileDate = DateTime.FromFileTime(info.dwFileDateMS * 0x100000000 + info.dwFileDateLS);
} }
if (parent == StringFileInfo) if(parent == StringFileInfo)
{ {
Dictionary<string, string> strings = new Dictionary<string, string>(); Dictionary<string, string> strings = new Dictionary<string, string>();
StringsByLanguage.Add(node.szName, strings); StringsByLanguage.Add(node.szName, strings);
} }
if (grandparent == StringFileInfo) if(grandparent == StringFileInfo)
{ if(StringsByLanguage.TryGetValue(parent, out Dictionary<string, string> strings))
if (StringsByLanguage.TryGetValue(parent, out Dictionary<string, string> strings))
{ {
Encoding encoding; Encoding encoding;
try try { encoding = Encoding.GetEncoding(Convert.ToInt32(parent.Substring(4), 16)); }
{ catch { encoding = Encoding.ASCII; }
encoding = Encoding.GetEncoding(Convert.ToInt32(parent.Substring(4), 16));
}
catch
{
encoding = Encoding.ASCII;
}
strings.Add(node.szName, encoding.GetString(node.rgbData)); strings.Add(node.szName, encoding.GetString(node.rgbData));
} }
}
if (node.children != null) if(node.children != null)
{ for(int i = 0; i < node.children.Length; i++)
for (int i = 0; i < node.children.Length; i++)
DecodeNode(node.children[i], node.szName, parent); DecodeNode(node.children[i], node.szName, parent);
}
} }
/// <summary> /// <summary>
/// Converts a <see cref="VersionFileType"/> to string /// Converts a <see cref="VersionFileType" /> to string
/// </summary> /// </summary>
/// <returns>The string.</returns> /// <returns>The string.</returns>
/// <param name="type"><see cref="VersionFileType"/></param> /// <param name="type">
/// <see cref="VersionFileType" />
/// </param>
public static string TypeToString(VersionFileType type) public static string TypeToString(VersionFileType type)
{ {
switch (type) switch(type)
{ {
case VersionFileType.VFT_APP: case VersionFileType.VFT_APP: return "Application";
return "Application"; case VersionFileType.VFT_DLL: return "Dynamic-link library";
case VersionFileType.VFT_DLL: case VersionFileType.VFT_DRV: return "Device driver";
return "Dynamic-link library"; case VersionFileType.VFT_FONT: return "Font";
case VersionFileType.VFT_DRV: case VersionFileType.VFT_STATIC_LIB: return "Static-link library";
return "Device driver"; case VersionFileType.VFT_UNKNOWN: return "Unknown";
case VersionFileType.VFT_FONT: case VersionFileType.VFT_VXD: return "Virtual device";
return "Font"; default: return string.Format("Unknown type code {0}", (uint)type);
case VersionFileType.VFT_STATIC_LIB:
return "Static-link library";
case VersionFileType.VFT_UNKNOWN:
return "Unknown";
case VersionFileType.VFT_VXD:
return "Virtual device";
default:
return string.Format("Unknown type code {0}", (uint)type);
} }
} }
/// <summary> /// <summary>
/// Converts a <see cref="VersionFileSubtype"/> to string, considering file type to be a driver /// Converts a <see cref="VersionFileSubtype" /> to string, considering file type to be a driver
/// </summary> /// </summary>
/// <returns>The string.</returns> /// <returns>The string.</returns>
/// <param name="subtype"><see cref="VersionFileSubtype"/></param> /// <param name="subtype">
/// <see cref="VersionFileSubtype" />
/// </param>
public static string DriverToString(VersionFileSubtype subtype) public static string DriverToString(VersionFileSubtype subtype)
{ {
switch (subtype) switch(subtype)
{ {
case VersionFileSubtype.VFT2_DRV_COMM: case VersionFileSubtype.VFT2_DRV_COMM: return "Communications";
return "Communications"; case VersionFileSubtype.VFT2_DRV_DISPLAY: return "Display";
case VersionFileSubtype.VFT2_DRV_DISPLAY: case VersionFileSubtype.VFT2_DRV_INSTALLABLE: return "Installable";
return "Display"; case VersionFileSubtype.VFT2_DRV_KEYBOARD: return "Keyboard";
case VersionFileSubtype.VFT2_DRV_INSTALLABLE: case VersionFileSubtype.VFT2_DRV_LANGUAGE: return "Language";
return "Installable"; case VersionFileSubtype.VFT2_DRV_MOUSE: return "Mouse";
case VersionFileSubtype.VFT2_DRV_KEYBOARD: case VersionFileSubtype.VFT2_DRV_NETWORK: return "Network";
return "Keyboard"; case VersionFileSubtype.VFT2_DRV_PRINTER: return "Printer";
case VersionFileSubtype.VFT2_DRV_LANGUAGE: case VersionFileSubtype.VFT2_DRV_SOUND: return "Sound";
return "Language"; case VersionFileSubtype.VFT2_DRV_SYSTEM: return "System";
case VersionFileSubtype.VFT2_DRV_MOUSE: case VersionFileSubtype.VFT2_DRV_VERSIONED_PRINTER: return "Versioned";
return "Mouse"; case VersionFileSubtype.VFT2_UNKNOWN: return "Unknown";
case VersionFileSubtype.VFT2_DRV_NETWORK:
return "Network";
case VersionFileSubtype.VFT2_DRV_PRINTER:
return "Printer";
case VersionFileSubtype.VFT2_DRV_SOUND:
return "Sound";
case VersionFileSubtype.VFT2_DRV_SYSTEM:
return "System";
case VersionFileSubtype.VFT2_DRV_VERSIONED_PRINTER:
return "Versioned";
case VersionFileSubtype.VFT2_UNKNOWN:
return "Unknown";
default: default:
return string.Format("Unknown type code {0}", (uint)subtype); return string.Format("Unknown type code {0}", (uint)subtype);
} }
} }
/// <summary> /// <summary>
/// Converts a <see cref="VersionFileSubtype"/> to string, considering file type to be a font /// Converts a <see cref="VersionFileSubtype" /> to string, considering file type to be a font
/// </summary> /// </summary>
/// <returns>The string.</returns> /// <returns>The string.</returns>
/// <param name="subtype"><see cref="VersionFileSubtype"/></param> /// <param name="subtype">
/// <see cref="VersionFileSubtype" />
/// </param>
public static string FontToString(VersionFileSubtype subtype) public static string FontToString(VersionFileSubtype subtype)
{ {
switch (subtype) switch(subtype)
{ {
case VersionFileSubtype.VFT2_FONT_RASTER: case VersionFileSubtype.VFT2_FONT_RASTER: return "Raster";
return "Raster"; case VersionFileSubtype.VFT2_FONT_TRUETYPE: return "TrueType";
case VersionFileSubtype.VFT2_FONT_TRUETYPE: case VersionFileSubtype.VFT2_FONT_VECTOR: return "Vector";
return "TrueType"; case VersionFileSubtype.VFT2_UNKNOWN: return "Unknown";
case VersionFileSubtype.VFT2_FONT_VECTOR:
return "Vector";
case VersionFileSubtype.VFT2_UNKNOWN:
return "Unknown";
default: default:
return string.Format("Unknown type code {0}", (uint)subtype); return string.Format("Unknown type code {0}", (uint)subtype);
} }
} }
/// <summary> /// <summary>
/// Converts a <see cref="VersionFileOS"/> to string /// Converts a <see cref="VersionFileOS" /> to string
/// </summary> /// </summary>
/// <returns>The string.</returns> /// <returns>The string.</returns>
/// <param name="os"><see cref="VersionFileOS"/></param> /// <param name="os">
/// <see cref="VersionFileOS" />
/// </param>
public static string OsToString(VersionFileOS os) public static string OsToString(VersionFileOS os)
{ {
switch (os) switch(os)
{ {
case VersionFileOS.VOS_DOS: case VersionFileOS.VOS_DOS: return "DOS";
return "DOS"; case VersionFileOS.VOS_NT: return "Windows NT";
case VersionFileOS.VOS_NT: case VersionFileOS.VOS_WINDOWS16: return "16-bit Windows";
return "Windows NT"; case VersionFileOS.VOS_WINDOWS32: return "32-bit Windows";
case VersionFileOS.VOS_WINDOWS16: case VersionFileOS.VOS_OS216: return "16-bit OS/2";
return "16-bit Windows"; case VersionFileOS.VOS_OS232: return "32-bit OS/2";
case VersionFileOS.VOS_WINDOWS32: case VersionFileOS.VOS_PM16: return "16-bit Presentation Manager";
return "32-bit Windows"; case VersionFileOS.VOS_PM32: return "32-bit Presentation Manager";
case VersionFileOS.VOS_OS216: case VersionFileOS.VOS_UNKNOWN: return "Unknown";
return "16-bit OS/2"; case VersionFileOS.VOS_DOS_NT: return "DOS running under Windows NT";
case VersionFileOS.VOS_OS232: case VersionFileOS.VOS_DOS_WINDOWS16: return "16-bit Windows running under DOS";
return "32-bit OS/2"; case VersionFileOS.VOS_DOS_WINDOWS32: return "32-bit Windows running under DOS";
case VersionFileOS.VOS_PM16: case VersionFileOS.VOS_DOS_PM16: return "16-bit Presentation Manager running under DOS";
return "16-bit Presentation Manager"; case VersionFileOS.VOS_DOS_PM32: return "32-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_PM32: case VersionFileOS.VOS_NT_WINDOWS16: return "16-bit Windows running under Windows NT";
return "32-bit Presentation Manager"; case VersionFileOS.VOS_NT_WINDOWS32: return "32-bit Windows running under Windows NT";
case VersionFileOS.VOS_UNKNOWN:
return "Unknown";
case VersionFileOS.VOS_DOS_NT:
return "DOS running under Windows NT";
case VersionFileOS.VOS_DOS_WINDOWS16:
return "16-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_WINDOWS32:
return "32-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_PM16:
return "16-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_DOS_PM32:
return "32-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_NT_WINDOWS16:
return "16-bit Windows running under Windows NT";
case VersionFileOS.VOS_NT_WINDOWS32:
return "32-bit Windows running under Windows NT";
case VersionFileOS.VOS_NT_PM16: case VersionFileOS.VOS_NT_PM16:
return "16-bit Presentation Manager running under Windows NT"; return "16-bit Presentation Manager running under Windows NT";
case VersionFileOS.VOS_NT_PM32: case VersionFileOS.VOS_NT_PM32:
return "32-bit Presentation Manager running under Windows NT"; return "32-bit Presentation Manager running under Windows NT";
case VersionFileOS.VOS_OS216_WINDOWS16: case VersionFileOS.VOS_OS216_WINDOWS16: return "16-bit Windows running under 16-bit OS/2";
return "16-bit Windows running under 16-bit OS/2"; case VersionFileOS.VOS_OS216_WINDOWS32: return "32-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_WINDOWS32:
return "32-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_PM16: case VersionFileOS.VOS_OS216_PM16:
return "16-bit Presentation Manager running under 16-bit OS/2"; return "16-bit Presentation Manager running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_PM32: case VersionFileOS.VOS_OS216_PM32:
return "32-bit Presentation Manager running under 16-bit OS/2"; return "32-bit Presentation Manager running under 16-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS16: case VersionFileOS.VOS_OS232_WINDOWS16: return "16-bit Windows running under 32-bit OS/2";
return "16-bit Windows running under 32-bit OS/2"; case VersionFileOS.VOS_OS232_WINDOWS32: return "32-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS32:
return "32-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_PM16: case VersionFileOS.VOS_OS232_PM16:
return "16-bit Presentation Manager running under 32-bit OS/2"; return "16-bit Presentation Manager running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_PM32: case VersionFileOS.VOS_OS232_PM32:
return "32-bit Presentation Manager running under 32-bit OS/2"; return "32-bit Presentation Manager running under 32-bit OS/2";
default: default: return string.Format("Unknown OS code {0}", (uint)os);
return string.Format("Unknown OS code {0}", (uint)os);
} }
} }
} }

168
libexeinfo/PE/Enums.cs
View File

@@ -25,12 +25,96 @@
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class PE public partial class PE
{
public enum DebugTypes : uint
{ {
/// <summary> /// <summary>
/// The following values defined for the Subsystem field of the optional header determine which Windows subsystem (if any) is required to run the image. /// Unknown value, ignored by all tools.
/// </summary>
IMAGE_DEBUG_TYPE_UNKNOWN = 0,
/// <summary>
/// COFF debug information (line numbers, symbol table, and string table).
/// This type of debug information is also pointed to by fields in the file headers.
/// </summary>
IMAGE_DEBUG_TYPE_COFF = 1,
/// <summary>
/// CodeView debug information. The format of the data block is described
/// by the CV4 specification.
/// </summary>
IMAGE_DEBUG_TYPE_CODEVIEW = 2,
/// <summary>
/// Frame Pointer Omission (FPO) information. This information tells the
/// debugger how to interpret non-standard stack frames, which use the
/// EBP register for a purpose other than as a frame pointer.
/// </summary>
IMAGE_DEBUG_TYPE_FPO = 3,
IMAGE_DEBUG_TYPE_MISC = 4,
IMAGE_DEBUG_TYPE_EXCEPTION = 5,
IMAGE_DEBUG_TYPE_FIXUP = 6,
IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7,
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8,
IMAGE_DEBUG_TYPE_BORLAND = 9
}
/// <summary>
/// The following values are defined for the DllCharacteristics field of the optional header.
/// </summary>
[Flags]
public enum DllCharacteristics : ushort
{
/// <summary>
/// Image can handle a high entropy 64-bit virtual address space.
/// </summary>
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020,
/// <summary>
/// DLL can be relocated at load time.
/// </summary>
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
/// <summary>
/// Code Integrity checks are enforced.
/// </summary>
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
/// <summary>
/// Image is NX compatible.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
/// <summary>
/// Isolation aware, but do not isolate the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
/// <summary>
/// Does not use structured exception (SE) handling. No SE handler may be called in this image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
/// <summary>
/// Do not bind the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
/// <summary>
/// Image must execute in an AppContainer.
/// </summary>
IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000,
/// <summary>
/// A WDM driver.
/// </summary>
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
/// <summary>
/// Image supports Control Flow Guard.
/// </summary>
IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000,
/// <summary>
/// Terminal Server aware.
/// </summary>
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
}
/// <summary>
/// The following values defined for the Subsystem field of the optional header determine which Windows subsystem (if
/// any) is required to run the image.
/// </summary> /// </summary>
public enum Subsystems : ushort public enum Subsystems : ushort
{ {
@@ -90,88 +174,6 @@ namespace libexeinfo
/// Windows boot application /// Windows boot application
/// </summary> /// </summary>
IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16 IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16
}
/// <summary>
/// The following values are defined for the DllCharacteristics field of the optional header.
/// </summary>
[Flags]
public enum DllCharacteristics : ushort
{
/// <summary>
/// Image can handle a high entropy 64-bit virtual address space.
/// </summary>
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020,
/// <summary>
/// DLL can be relocated at load time.
/// </summary>
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
/// <summary>
/// Code Integrity checks are enforced.
/// </summary>
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
/// <summary>
/// Image is NX compatible.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
/// <summary>
/// Isolation aware, but do not isolate the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
/// <summary>
/// Does not use structured exception (SE) handling. No SE handler may be called in this image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
/// <summary>
/// Do not bind the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
/// <summary>
/// Image must execute in an AppContainer.
/// </summary>
IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000,
/// <summary>
/// A WDM driver.
/// </summary>
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
/// <summary>
/// Image supports Control Flow Guard.
/// </summary>
IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000,
/// <summary>
/// Terminal Server aware.
/// </summary>
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
}
public enum DebugTypes : uint
{
/// <summary>
/// Unknown value, ignored by all tools.
/// </summary>
IMAGE_DEBUG_TYPE_UNKNOWN = 0,
/// <summary>
/// COFF debug information (line numbers, symbol table, and string table).
/// This type of debug information is also pointed to by fields in the file headers.
/// </summary>
IMAGE_DEBUG_TYPE_COFF = 1,
/// <summary>
/// CodeView debug information. The format of the data block is described
/// by the CV4 specification.
/// </summary>
IMAGE_DEBUG_TYPE_CODEVIEW = 2,
/// <summary>
/// Frame Pointer Omission (FPO) information. This information tells the
/// debugger how to interpret non-standard stack frames, which use the
/// EBP register for a purpose other than as a frame pointer.
/// </summary>
IMAGE_DEBUG_TYPE_FPO = 3,
IMAGE_DEBUG_TYPE_MISC = 4,
IMAGE_DEBUG_TYPE_EXCEPTION = 5,
IMAGE_DEBUG_TYPE_FIXUP = 6,
IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7,
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8,
IMAGE_DEBUG_TYPE_BORLAND = 9
} }
} }
} }

68
libexeinfo/PE/Info.cs
View File

@@ -24,9 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.IO;
using System.Text; using System.Text;
namespace libexeinfo namespace libexeinfo
@@ -41,53 +38,62 @@ namespace libexeinfo
if(header.coff.optionalHeader.magic == PE32Plus) if(header.coff.optionalHeader.magic == PE32Plus)
sb.AppendFormat("\tExecutable base address: 0x{0:X16}", winheader.imageBase).AppendLine(); sb.AppendFormat("\tExecutable base address: 0x{0:X16}", winheader.imageBase).AppendLine();
else else sb.AppendFormat("\tExecutable base address: 0x{0:X8}", winheader.imageBase).AppendLine();
sb.AppendFormat("\tExecutable base address: 0x{0:X8}", winheader.imageBase).AppendLine();
sb.AppendFormat("\tSections are aligned to {0} bytes", winheader.sectionAlignment).AppendLine(); sb.AppendFormat("\tSections are aligned to {0} bytes", winheader.sectionAlignment).AppendLine();
sb.AppendFormat("\tFile is aligned to {0} bytes", winheader.fileAlignment).AppendLine(); sb.AppendFormat("\tFile is aligned to {0} bytes", winheader.fileAlignment).AppendLine();
if(winheader.majorOperatingSystemVersion > 0 || winheader.minorOperatingSystemVersion > 0) if(winheader.majorOperatingSystemVersion > 0 || winheader.minorOperatingSystemVersion > 0)
sb.AppendFormat("\tExecutable requires at least operating system version {0}.{1} to run", winheader.majorOperatingSystemVersion, winheader.minorOperatingSystemVersion).AppendLine(); sb.AppendFormat("\tExecutable requires at least operating system version {0}.{1} to run",
if (winheader.majorImageVersion > 0 || winheader.minorImageVersion > 0) winheader.majorOperatingSystemVersion, winheader.minorOperatingSystemVersion)
sb.AppendFormat("\tExecutable version: {0}.{1}", winheader.majorImageVersion, winheader.minorImageVersion).AppendLine(); .AppendLine();
sb.AppendFormat("\tAccording to subsystem, executable is {0}", SubsystemToString(winheader.subsystem)).AppendLine(); if(winheader.majorImageVersion > 0 || winheader.minorImageVersion > 0)
if (winheader.majorSubsystemVersion > 0 || winheader.minorSubsystemVersion > 0) sb.AppendFormat("\tExecutable version: {0}.{1}", winheader.majorImageVersion,
sb.AppendFormat("\tExecutable requires at least subsystem version {0}.{1} to run", winheader.majorSubsystemVersion, winheader.minorSubsystemVersion).AppendLine(); winheader.minorImageVersion).AppendLine();
sb.AppendFormat("\tAccording to subsystem, executable is {0}", SubsystemToString(winheader.subsystem))
.AppendLine();
if(winheader.majorSubsystemVersion > 0 || winheader.minorSubsystemVersion > 0)
sb.AppendFormat("\tExecutable requires at least subsystem version {0}.{1} to run",
winheader.majorSubsystemVersion, winheader.minorSubsystemVersion).AppendLine();
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA))
sb.AppendLine("\tExecutable can handle a high entropy 64-bit virtual address space"); sb.AppendLine("\tExecutable can handle a high entropy 64-bit virtual address space");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE))
sb.AppendLine("\tExecutable can be relocated at load time"); sb.AppendLine("\tExecutable can be relocated at load time");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY))
sb.AppendLine("\tCode Integrity checks are enforced"); sb.AppendLine("\tCode Integrity checks are enforced");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NX_COMPAT)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NX_COMPAT))
sb.AppendLine("\tExecutable is NX compatible"); sb.AppendLine("\tExecutable is NX compatible");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_ISOLATION)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_ISOLATION))
sb.AppendLine("\tExecutable is isolation aware, but should not be isolated"); sb.AppendLine("\tExecutable is isolation aware, but should not be isolated");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_SEH)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_SEH))
sb.AppendLine("\tExecutable does not use structured exception handling"); sb.AppendLine("\tExecutable does not use structured exception handling");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_BIND)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_NO_BIND))
sb.AppendLine("\tExecutable should not be binded"); sb.AppendLine("\tExecutable should not be binded");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_APPCONTAINER)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_APPCONTAINER))
sb.AppendLine("\tExecutable must be run inside an AppContainer"); sb.AppendLine("\tExecutable must be run inside an AppContainer");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_WDM_DRIVER)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_WDM_DRIVER))
sb.AppendLine("\tExecutable contains a WDM driver"); sb.AppendLine("\tExecutable contains a WDM driver");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_GUARD_CF)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_GUARD_CF))
sb.AppendLine("\tExecutable supports Control Flow Guard"); sb.AppendLine("\tExecutable supports Control Flow Guard");
if (winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE)) if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE))
sb.AppendLine("\tExecutable is Terminal Server aware"); sb.AppendLine("\tExecutable is Terminal Server aware");
if (winheader.win32VersionValue > 0) if(winheader.win32VersionValue > 0)
sb.AppendFormat("\tWin32 version value: {0}", winheader.win32VersionValue).AppendLine(); sb.AppendFormat("\tWin32 version value: {0}", winheader.win32VersionValue)
.AppendLine();
sb.AppendFormat("\tExecutable is {0} bytes", winheader.sizeOfImage).AppendLine(); sb.AppendFormat("\tExecutable is {0} bytes", winheader.sizeOfImage).AppendLine();
sb.AppendFormat("\tHeaders are {0} bytes", winheader.sizeOfHeaders).AppendLine(); sb.AppendFormat("\tHeaders are {0} bytes", winheader.sizeOfHeaders).AppendLine();
sb.AppendFormat("\tChecksum: 0x{0:X8}", winheader.checksum).AppendLine(); sb.AppendFormat("\tChecksum: 0x{0:X8}", winheader.checksum).AppendLine();
sb.AppendFormat("\t{0} bytes of stack should be reserved", winheader.sizeOfStackReserve).AppendLine(); sb.AppendFormat("\t{0} bytes of stack should be reserved", winheader.sizeOfStackReserve)
sb.AppendFormat("\t{0} bytes of stack should be committed", winheader.sizeOfStackCommit).AppendLine(); .AppendLine();
sb.AppendFormat("\t{0} bytes of heap should be reserved", winheader.sizeOfHeapReserve).AppendLine(); sb.AppendFormat("\t{0} bytes of stack should be committed", winheader.sizeOfStackCommit)
sb.AppendFormat("\t{0} bytes of heap should be committed", winheader.sizeOfHeapCommit).AppendLine(); .AppendLine();
if (winheader.loaderFlags > 0) sb.AppendFormat("\t{0} bytes of heap should be reserved", winheader.sizeOfHeapReserve)
sb.AppendFormat("\tLoader flags: {0}", winheader.loaderFlags).AppendLine(); .AppendLine();
sb.AppendFormat("\t{0} RVA entries follow the header", winheader.numberOfRvaAndSizes).AppendLine(); sb.AppendFormat("\t{0} bytes of heap should be committed", winheader.sizeOfHeapCommit)
.AppendLine();
if(winheader.loaderFlags > 0) sb.AppendFormat("\tLoader flags: {0}", winheader.loaderFlags).AppendLine();
sb.AppendFormat("\t{0} RVA entries follow the header", winheader.numberOfRvaAndSizes)
.AppendLine();
return sb.ToString(); return sb.ToString();
} }

37
libexeinfo/PE/PE.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONPECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONPECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.IO; using System.IO;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
@@ -34,8 +35,9 @@ namespace libexeinfo
/// </summary> /// </summary>
public partial class PE public partial class PE
{ {
public readonly MZ BaseExecutable;
/// <summary> /// <summary>
/// The <see cref="FileStream"/> that contains the executable represented by this instance /// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary> /// </summary>
public readonly FileStream BaseStream; public readonly FileStream BaseStream;
/// <summary> /// <summary>
@@ -46,11 +48,10 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft Portable Executable /// If true this instance correctly represents a Microsoft Portable Executable
/// </summary> /// </summary>
public readonly bool IsPE; public readonly bool IsPE;
public readonly MZ BaseExecutable;
public readonly WindowsHeader64 WinHeader; public readonly WindowsHeader64 WinHeader;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.PE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.PE" /> class.
/// </summary> /// </summary>
/// <param name="path">Executable path.</param> /// <param name="path">Executable path.</param>
public PE(string path) public PE(string path)
@@ -59,7 +60,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length) if(BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -72,7 +72,6 @@ namespace libexeinfo
IsPE = Header.signature == Signature; IsPE = Header.signature == Signature;
if(IsPE) if(IsPE)
{
if(Header.coff.optionalHeader.magic == PE32Plus) if(Header.coff.optionalHeader.magic == PE32Plus)
{ {
BaseStream.Position -= 4; BaseStream.Position -= 4;
@@ -95,11 +94,9 @@ namespace libexeinfo
} }
} }
} }
}
}
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.PE"/> class. /// Initializes a new instance of the <see cref="T:libexeinfo.PE" /> class.
/// </summary> /// </summary>
/// <param name="stream">Stream containing the executable.</param> /// <param name="stream">Stream containing the executable.</param>
public PE(FileStream stream) public PE(FileStream stream)
@@ -107,9 +104,8 @@ namespace libexeinfo
IsPE = false; IsPE = false;
BaseStream = stream; BaseStream = stream;
BaseExecutable = new MZ(BaseStream); BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))];
@@ -120,9 +116,8 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
IsPE = Header.signature == Signature; IsPE = Header.signature == Signature;
if (IsPE) if(IsPE)
{ if(Header.coff.optionalHeader.magic == PE32Plus)
if (Header.coff.optionalHeader.magic == PE32Plus)
{ {
BaseStream.Position -= 4; BaseStream.Position -= 4;
buffer = new byte[Marshal.SizeOf(typeof(WindowsHeader64))]; buffer = new byte[Marshal.SizeOf(typeof(WindowsHeader64))];
@@ -144,8 +139,6 @@ namespace libexeinfo
} }
} }
} }
}
}
/// <summary> /// <summary>
/// Identifies if the specified executable is a Microsoft Portable Executable /// Identifies if the specified executable is a Microsoft Portable Executable
@@ -156,9 +149,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read); FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))];
@@ -169,7 +161,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature; return Header.signature == Signature;
} }
}
return false; return false;
} }
@@ -183,9 +174,8 @@ namespace libexeinfo
{ {
FileStream BaseStream = stream; FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream); MZ BaseExecutable = new MZ(BaseStream);
if (BaseExecutable.IsMZ) if(BaseExecutable.IsMZ)
{ if(BaseExecutable.Header.new_offset < BaseStream.Length)
if (BaseExecutable.Header.new_offset < BaseStream.Length)
{ {
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin); BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))]; byte[] buffer = new byte[Marshal.SizeOf(typeof(PEHeader))];
@@ -196,7 +186,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr); Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature; return Header.signature == Signature;
} }
}
return false; return false;
} }

88
libexeinfo/PE/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using static libexeinfo.COFF; using static libexeinfo.COFF;
@@ -35,32 +34,39 @@ namespace libexeinfo
/// <summary> /// <summary>
/// Header for a Microsoft New Executable /// Header for a Microsoft New Executable
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct PEHeader public struct PEHeader
{ {
/// <summary> /// <summary>
/// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes). /// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file
/// as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
/// </summary> /// </summary>
public uint signature; public uint signature;
public COFFHeader coff; public COFFHeader coff;
} }
/// <summary> /// <summary>
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is required by the linker and loader in Windows. /// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is
/// required by the linker and loader in Windows.
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct WindowsHeader public struct WindowsHeader
{ {
/// <summary> /// <summary>
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000. /// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default
/// for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000,
/// Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// </summary> /// </summary>
public uint imageBase; public uint imageBase;
/// <summary> /// <summary>
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to FileAlignment. The default is the page size for the architecture. /// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to
/// FileAlignment. The default is the page size for the architecture.
/// </summary> /// </summary>
public uint sectionAlignment; public uint sectionAlignment;
/// <summary> /// <summary>
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the architecture's page size, then FileAlignment must match SectionAlignment. /// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should
/// be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the
/// architecture's page size, then FileAlignment must match SectionAlignment.
/// </summary> /// </summary>
public uint fileAlignment; public uint fileAlignment;
/// <summary> /// <summary>
@@ -92,7 +98,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint win32VersionValue; public uint win32VersionValue;
/// <summary> /// <summary>
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of SectionAlignment. /// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of
/// SectionAlignment.
/// </summary> /// </summary>
public uint sizeOfImage; public uint sizeOfImage;
/// <summary> /// <summary>
@@ -100,19 +107,22 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint sizeOfHeaders; public uint sizeOfHeaders;
/// <summary> /// <summary>
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process. /// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following
/// are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into
/// a critical Windows process.
/// </summary> /// </summary>
public uint checksum; public uint checksum;
/// <summary> /// <summary>
/// The subsystem that is required to run this image. For more information, <see cref="Subsystems"/>. /// The subsystem that is required to run this image. For more information, <see cref="Subsystems" />.
/// </summary> /// </summary>
public Subsystems subsystem; public Subsystems subsystem;
/// <summary> /// <summary>
/// For more information, <see cref="DllCharacteristics"/>. /// For more information, <see cref="DllCharacteristics" />.
/// </summary> /// </summary>
public DllCharacteristics dllCharacteristics; public DllCharacteristics dllCharacteristics;
/// <summary> /// <summary>
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached. /// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a
/// time until the reserve size is reached.
/// </summary> /// </summary>
public uint sizeOfStackReserve; public uint sizeOfStackReserve;
/// <summary> /// <summary>
@@ -120,7 +130,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint sizeOfStackCommit; public uint sizeOfStackCommit;
/// <summary> /// <summary>
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached. /// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one
/// page at a time until the reserve size is reached.
/// </summary> /// </summary>
public uint sizeOfHeapReserve; public uint sizeOfHeapReserve;
/// <summary> /// <summary>
@@ -138,21 +149,27 @@ namespace libexeinfo
} }
/// <summary> /// <summary>
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is required by the linker and loader in Windows. /// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is
/// required by the linker and loader in Windows.
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct WindowsHeader64 public struct WindowsHeader64
{ {
/// <summary> /// <summary>
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000. /// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default
/// for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000,
/// Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// </summary> /// </summary>
public ulong imageBase; public ulong imageBase;
/// <summary> /// <summary>
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to FileAlignment. The default is the page size for the architecture. /// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to
/// FileAlignment. The default is the page size for the architecture.
/// </summary> /// </summary>
public uint sectionAlignment; public uint sectionAlignment;
/// <summary> /// <summary>
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the architecture's page size, then FileAlignment must match SectionAlignment. /// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should
/// be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the
/// architecture's page size, then FileAlignment must match SectionAlignment.
/// </summary> /// </summary>
public uint fileAlignment; public uint fileAlignment;
/// <summary> /// <summary>
@@ -184,7 +201,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint win32VersionValue; public uint win32VersionValue;
/// <summary> /// <summary>
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of SectionAlignment. /// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of
/// SectionAlignment.
/// </summary> /// </summary>
public uint sizeOfImage; public uint sizeOfImage;
/// <summary> /// <summary>
@@ -192,19 +210,22 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint sizeOfHeaders; public uint sizeOfHeaders;
/// <summary> /// <summary>
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process. /// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following
/// are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into
/// a critical Windows process.
/// </summary> /// </summary>
public uint checksum; public uint checksum;
/// <summary> /// <summary>
/// The subsystem that is required to run this image. For more information, <see cref="Subsystems"/>. /// The subsystem that is required to run this image. For more information, <see cref="Subsystems" />.
/// </summary> /// </summary>
public Subsystems subsystem; public Subsystems subsystem;
/// <summary> /// <summary>
/// For more information, <see cref="DllCharacteristics"/>. /// For more information, <see cref="DllCharacteristics" />.
/// </summary> /// </summary>
public DllCharacteristics dllCharacteristics; public DllCharacteristics dllCharacteristics;
/// <summary> /// <summary>
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached. /// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a
/// time until the reserve size is reached.
/// </summary> /// </summary>
public ulong sizeOfStackReserve; public ulong sizeOfStackReserve;
/// <summary> /// <summary>
@@ -212,7 +233,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public ulong sizeOfStackCommit; public ulong sizeOfStackCommit;
/// <summary> /// <summary>
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached. /// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one
/// page at a time until the reserve size is reached.
/// </summary> /// </summary>
public ulong sizeOfHeapReserve; public ulong sizeOfHeapReserve;
/// <summary> /// <summary>
@@ -229,7 +251,7 @@ namespace libexeinfo
public uint numberOfRvaAndSizes; public uint numberOfRvaAndSizes;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct ImageDataDirectory public struct ImageDataDirectory
{ {
/// <summary> /// <summary>
@@ -242,7 +264,7 @@ namespace libexeinfo
uint size; uint size;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct DebugDirectory public struct DebugDirectory
{ {
/// <summary> /// <summary>
@@ -262,7 +284,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public ushort minorVersion; public ushort minorVersion;
/// <summary> /// <summary>
/// Format of debugging information: this field enables support of multiple debuggers. <see cref="DebugTypes"/> for more information. /// Format of debugging information: this field enables support of multiple debuggers. <see cref="DebugTypes" /> for
/// more information.
/// </summary> /// </summary>
public DebugTypes type; public DebugTypes type;
/// <summary> /// <summary>
@@ -279,7 +302,7 @@ namespace libexeinfo
public uint pointerToRawData; public uint pointerToRawData;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct ResourceDirectoryTable public struct ResourceDirectoryTable
{ {
/// <summary> /// <summary>
@@ -311,7 +334,7 @@ namespace libexeinfo
public ushort idEntries; public ushort idEntries;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct ResourceDirectoryEntries public struct ResourceDirectoryEntries
{ {
/// <summary> /// <summary>
@@ -327,7 +350,7 @@ namespace libexeinfo
public uint rva; public uint rva;
} }
[StructLayout(LayoutKind.Sequential/*, Pack = 2*/)] [StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct ResourceDataEntry public struct ResourceDataEntry
{ {
/// <summary> /// <summary>
@@ -339,7 +362,8 @@ namespace libexeinfo
/// </summary> /// </summary>
public uint size; public uint size;
/// <summary> /// <summary>
/// Code page used to decode code point values within the resource data.Typically, the code page would be the Unicode code page. /// Code page used to decode code point values within the resource data.Typically, the code page would be the Unicode
/// code page.
/// </summary> /// </summary>
public uint codepage; public uint codepage;
/// <summary> /// <summary>

44
libexeinfo/PE/Subsystems.cs
View File

@@ -23,7 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System;
namespace libexeinfo namespace libexeinfo
{ {
public partial class PE public partial class PE
@@ -32,39 +32,23 @@ namespace libexeinfo
{ {
switch(subsystem) switch(subsystem)
{ {
/// <summary> case Subsystems.IMAGE_SUBSYSTEM_UNKNOWN: return "for an unknown subsystem with no code";
/// An unknown subsystem case Subsystems.IMAGE_SUBSYSTEM_NATIVE: return "an application for native Windows API";
/// </summary> case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_GUI: return "an application for Windows GUI";
case Subsystems.IMAGE_SUBSYSTEM_UNKNOWN:
return "for an unknown subsystem with no code";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE:
return "an application for native Windows API";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_GUI:
return "an application for Windows GUI";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CUI: case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CUI:
return "an application for Windows command-line"; return "an application for Windows command-line";
case Subsystems.IMAGE_SUBSYSTEM_OS2_CUI: case Subsystems.IMAGE_SUBSYSTEM_OS2_CUI: return "an application for OS/2 command-line";
return "an application for OS/2 command-line"; case Subsystems.IMAGE_SUBSYSTEM_POSIX_CUI: return "an application for POSIX command-line";
case Subsystems.IMAGE_SUBSYSTEM_POSIX_CUI: case Subsystems.IMAGE_SUBSYSTEM_NATIVE_WINDOWS: return "a driver for Windows 9x";
return "an application for POSIX command-line"; case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: return "an application for Windows CE";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE_WINDOWS: case Subsystems.IMAGE_SUBSYSTEM_EFI_APPLICATION: return "an EFI application";
return "a driver for Windows 9x"; case Subsystems.IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: return "an EFI boot services driver";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: case Subsystems.IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: return "an EFI run-time services driver";
return "an application for Windows CE"; case Subsystems.IMAGE_SUBSYSTEM_EFI_ROM: return "an EFI ROM image";
case Subsystems.IMAGE_SUBSYSTEM_EFI_APPLICATION: case Subsystems.IMAGE_SUBSYSTEM_XBOX: return "a Xbox executable";
return "an EFI application";
case Subsystems.IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
return "an EFI boot services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
return "an EFI run-time services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_ROM:
return "an EFI ROM image";
case Subsystems.IMAGE_SUBSYSTEM_XBOX:
return "a Xbox executable";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION: case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION:
return "an application for Windows Boot environment"; return "an application for Windows Boot environment";
default: default: return $"for an unknown subsystem with code {(ushort)subsystem}";
return string.Format("for an unknown subsystem with code {0}", (ushort)subsystem);
} }
} }
} }

1
libexeinfo/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection; using System.Reflection;
using System.Runtime.CompilerServices;
// Information about this assembly is defined by the following attributes. // Information about this assembly is defined by the following attributes.
// Change them to the values specific to your project. // Change them to the values specific to your project.

7
libexeinfo/Swapping.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE. // THE SOFTWARE.
using System; using System;
using System.Linq; using System.Linq;
@@ -98,9 +99,9 @@ namespace libexeinfo
public static ulong Swap(ulong x) public static ulong Swap(ulong x)
{ {
x = (x & 0x00000000FFFFFFFF) << 32 | (x & 0xFFFFFFFF00000000) >> 32; x = ((x & 0x00000000FFFFFFFF) << 32) | ((x & 0xFFFFFFFF00000000) >> 32);
x = (x & 0x0000FFFF0000FFFF) << 16 | (x & 0xFFFF0000FFFF0000) >> 16; x = ((x & 0x0000FFFF0000FFFF) << 16) | ((x & 0xFFFF0000FFFF0000) >> 16);
x = (x & 0x00FF00FF00FF00FF) << 8 | (x & 0xFF00FF00FF00FF00) >> 8; x = ((x & 0x00FF00FF00FF00FF) << 8) | ((x & 0xFF00FF00FF00FF00) >> 8);
return x; return x;
} }