claunia/libexeinfo
1
0
Fork 0
mirror of https://github.com/claunia/libexeinfo.git synced 2025-12-16 19:14:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
Natalia Portillo
2018-02-25 03:08:28 +00:00
parent 9dd6c1efa0
commit cf1f1c0289
38 changed files with 3118 additions and 3138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
exeinfo/Program.cs
View File

@@ -25,10 +25,9 @@
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Text;
using libexeinfo;
@@ -67,7 +66,6 @@ namespace exeinfo
recognized = true;
Console.Write(neExe.GetInfo());
if(neExe.Versions != null)
{
foreach(NE.Version vers in neExe.Versions)
{
Console.WriteLine("\tVersion resource {0}:", vers.Name);
@@ -75,7 +73,8 @@ namespace exeinfo
Console.WriteLine("\t\tProduct version: {0}", vers.ProductVersion);
Console.WriteLine("\t\tFile type: {0}", NE.Version.TypeToString(vers.FileType));
if(vers.FileType == NE.VersionFileType.VFT_DRV)
Console.WriteLine("\t\tFile subtype: {0} driver", NE.Version.DriverToString(vers.FileSubtype));
Console.WriteLine("\t\tFile subtype: {0} driver",
NE.Version.DriverToString(vers.FileSubtype));
else if(vers.FileType == NE.VersionFileType.VFT_DRV)
Console.WriteLine("\t\tFile subtype: {0} font", NE.Version.FontToString(vers.FileSubtype));
else if(vers.FileSubtype > 0)
@@ -90,20 +89,25 @@ namespace exeinfo
try
{
cultureName = new CultureInfo(Convert.ToInt32(strByLang.Key.Substring(0, 4), 16)).DisplayName;
cultureName = new CultureInfo(Convert.ToInt32(strByLang.Key.Substring(0, 4), 16))
.DisplayName;
}
catch
{
cultureName = string.Format("unsupported culture 0x{0:X4}", Convert.ToInt32(strByLang.Key.Substring(0, 4), 16));
cultureName =
$"unsupported culture 0x{Convert.ToInt32(strByLang.Key.Substring(0, 4), 16):X4}";
}
try
{
encodingName = Encoding.GetEncoding(Convert.ToInt32(strByLang.Key.Substring(4), 16)).EncodingName;
encodingName = Encoding
.GetEncoding(Convert.ToInt32(strByLang.Key.Substring(4), 16))
.EncodingName;
}
catch
{
encodingName = string.Format("unsupported encoding 0x{0:X4}", Convert.ToInt32(strByLang.Key.Substring(4), 16));
encodingName =
$"unsupported encoding 0x{Convert.ToInt32(strByLang.Key.Substring(4), 16):X4}";
}
Console.WriteLine("\t\tStrings for {0} in codepage {1}:", cultureName, encodingName);
@@ -112,7 +116,6 @@ namespace exeinfo
}
}
}
}
if(stExe.IsAtariST)
{
@@ -138,8 +141,7 @@ namespace exeinfo
Console.Write(peExe.GetInfo());
}
if (!recognized)
Console.WriteLine("Executable format not recognized");
if(!recognized) Console.WriteLine("Executable format not recognized");
}
}
}

34
exeinfogui.Desktop/Program.cs
View File

@@ -1,15 +1,41 @@
using System;
//
// Program.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using Eto;
using Eto.Forms;
using Eto.Drawing;
namespace exeinfogui.Desktop
{
class Program
static class Program
{
[STAThread]
static void Main(string[] args)
{
new Application(Eto.Platform.Detect).Run(new MainForm());
new Application(Platform.Detect).Run(new MainForm());
}
}
}

28
exeinfogui.XamMac/Program.cs
View File

@@ -1,4 +1,30 @@
using AppKit;
//
// Program.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using AppKit;
using Eto.Forms;
namespace exeinfogui.XamMac

28
exeinfogui/MainForm.xeto.cs
View File

@@ -1,3 +1,29 @@
//
// MainForm.xeto.cs
//
// Author:
// Natalia Portillo <claunia@claunia.com>
//
// Copyright (c) 2017 Copyright © Claunia.com
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using Eto.Forms;
@@ -9,8 +35,8 @@ namespace exeinfogui
public class MainForm : Form
{
TextBox txtFile;
TextBox txtType;
TextArea txtInformation;
TextBox txtType;
public MainForm()
{

7
libexeinfo/AtariST/AtariST.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System.IO;
using System.Runtime.InteropServices;
@@ -58,7 +59,7 @@ namespace libexeinfo
BaseStream.Position = 0;
BaseStream.Read(buffer, 0, buffer.Length);
Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
IsAtariST = Header.signature == Signature;
IsAtariST = Header.signature == SIGNATURE;
}
/// <summary>
@@ -73,7 +74,7 @@ namespace libexeinfo
BaseStream.Position = 0;
BaseStream.Read(buffer, 0, buffer.Length);
Header = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
IsAtariST = Header.signature == Signature;
IsAtariST = Header.signature == SIGNATURE;
}
/// <summary>
@@ -100,7 +101,7 @@ namespace libexeinfo
stream.Read(buffer, 0, buffer.Length);
AtariHeader hdr = BigEndianMarshal.ByteArrayToStructureBigEndian<AtariHeader>(buffer);
return hdr.signature == Signature;
return hdr.signature == SIGNATURE;
}
}
}

4
libexeinfo/AtariST/Consts.cs
View File

@@ -23,11 +23,11 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class AtariST
{
public const ushort Signature = 0x601A;
const ushort SIGNATURE = 0x601A;
}
}

2
libexeinfo/AtariST/Structs.cs
View File

@@ -23,7 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Runtime.InteropServices;
namespace libexeinfo

4
libexeinfo/BigEndianMarshal.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Linq;
using System.Reflection;
@@ -59,7 +60,6 @@ namespace libexeinfo
Type t = str.GetType();
FieldInfo[] fieldInfo = t.GetFields();
foreach(FieldInfo fi in fieldInfo)
{
if(fi.FieldType == typeof(short))
{
short int16 = (short)fi.GetValue(str);
@@ -116,7 +116,7 @@ namespace libexeinfo
byte[] dbl_r = dbl_b.Reverse().ToArray();
fi.SetValueDirect(__makeref(str), BitConverter.ToDouble(dbl_r, 0));
}
}
return str;
}
}

34
libexeinfo/COFF/COFF.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;
@@ -42,11 +43,11 @@ namespace libexeinfo
/// Header for this executable
/// </summary>
public readonly COFFHeader Header;
public readonly bool IsBigEndian;
/// <summary>
/// If true this instance correctly represents a Common Object File Format
/// </summary>
public readonly bool IsCOFF;
public readonly bool IsBigEndian;
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.COFF" /> class.
@@ -63,15 +64,17 @@ namespace libexeinfo
Marshal.Copy(buffer, 0, hdrPtr, buffer.Length);
Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = false;
if(!IsCOFF)
{
Header = SwapHeader(Header);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = !IsCOFF;
}
}
@@ -91,15 +94,17 @@ namespace libexeinfo
Marshal.Copy(buffer, 0, hdrPtr, buffer.Length);
Header = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = false;
if(!IsCOFF)
{
Header = SwapHeader(Header);
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC || Header.optionalHeader.magic == JMAGIC ||
Header.optionalHeader.magic == DMAGIC || Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsCOFF = Header.optionalHeader.magic == STMAGIC || Header.optionalHeader.magic == OMAGIC ||
Header.optionalHeader.magic == JMAGIC || Header.optionalHeader.magic == DMAGIC ||
Header.optionalHeader.magic == ZMAGIC || Header.optionalHeader.magic == SHMAGIC;
IsBigEndian = !IsCOFF;
}
}
@@ -131,13 +136,14 @@ namespace libexeinfo
COFFHeader COFFHdr = (COFFHeader)Marshal.PtrToStructure(hdrPtr, typeof(COFFHeader));
Marshal.FreeHGlobal(hdrPtr);
if (COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC || COFFHdr.optionalHeader.magic == JMAGIC ||
COFFHdr.optionalHeader.magic == DMAGIC || COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC)
return true;
if(COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC ||
COFFHdr.optionalHeader.magic == JMAGIC || COFFHdr.optionalHeader.magic == DMAGIC ||
COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC) return true;
COFFHdr = SwapHeader(COFFHdr);
return COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC || COFFHdr.optionalHeader.magic == JMAGIC ||
COFFHdr.optionalHeader.magic == DMAGIC || COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC;
return COFFHdr.optionalHeader.magic == STMAGIC || COFFHdr.optionalHeader.magic == OMAGIC ||
COFFHdr.optionalHeader.magic == JMAGIC || COFFHdr.optionalHeader.magic == DMAGIC ||
COFFHdr.optionalHeader.magic == ZMAGIC || COFFHdr.optionalHeader.magic == SHMAGIC;
}
static COFFHeader SwapHeader(COFFHeader header)

46
libexeinfo/COFF/Consts.cs
View File

@@ -60,6 +60,29 @@ namespace libexeinfo
/// </summary>
public readonly string SectionData = ".data";
/// <summary>
/// Debug information
/// </summary>
public readonly string SectionDebug = ".debug";
/// <summary>
/// A .drectve section consists of a string of ASCII text. This string is
/// a series of linker options (each option containing hyphen, option
/// name, and any appropriate attribute) separated by spaces.The
/// .drectve section must not have relocations or line numbers.
/// </summary>
public readonly string SectionDirectives = ".drectve";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectioneXception = ".xdata";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectionException = ".pdata";
/// <summary>
/// Executable code
/// </summary>
public readonly string SectionExecutable = ".text";
/// <summary>
/// The export data section, named .edata, contains information about
/// symbols that other images can access through dynamic linking.
/// Exports are generally found in DLLs, but DLLs can import symbols as
@@ -71,10 +94,6 @@ namespace libexeinfo
/// </summary>
public readonly string SectionImport = ".idata";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectionException = ".pdata";
/// <summary>
/// Read-only initialized data
/// </summary>
public readonly string SectionReadOnly = ".rdata";
@@ -87,27 +106,8 @@ namespace libexeinfo
/// </summary>
public readonly string SectionResource = ".rsrc";
/// <summary>
/// Executable code
/// </summary>
public readonly string SectionExecutable = ".text";
/// <summary>
/// Thread-local storage
/// </summary>
public readonly string SectionTls = ".tls";
/// <summary>
/// Exception information
/// </summary>
public readonly string SectioneXception = ".xdata";
/// <summary>
/// Debug information
/// </summary>
public readonly string SectionDebug = ".debug";
/// <summary>
/// A .drectve section consists of a string of ASCII text. This string is
/// a series of linker options (each option containing hyphen, option
/// name, and any appropriate attribute) separated by spaces.The
/// .drectve section must not have relocations or line numbers.
/// </summary>
public readonly string SectionDirectives = ".drectve";
}
}

160
libexeinfo/COFF/Enums.cs
View File

@@ -25,12 +25,92 @@
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class COFF
{
/// <summary>
/// The Machine field has one of the following values that specifies its CPU type. An image file can be run only on the specified machine or on a system that emulates the specified machine.
/// The Characteristics field contains flags that indicate attributes of the object or image file.
/// </summary>
[Flags]
public enum Characteristics : ushort
{
/// <summary>
/// Image only, Windows CE, and Microsoft Windows NT and later. This indicates that the file does not contain base
/// relocations and must therefore be loaded at its preferred base address. If the base address is not available, the
/// loader reports an error. The default behavior of the linker is to strip base relocations from executable (EXE)
/// files.
/// </summary>
IMAGE_FILE_RELOCS_STRIPPED = 0x0001,
/// <summary>
/// Image only. This indicates that the image file is valid and can be run. If this flag is not set, it indicates a
/// linker error.
/// </summary>
IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002,
/// <summary>
/// COFF line numbers have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004,
/// <summary>
/// COFF symbol table entries for local symbols have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008,
/// <summary>
/// Obsolete. Aggressively trim working set. This flag is deprecated for Windows 2000 and later and must be zero.
/// </summary>
IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010,
/// <summary>
/// Application can handle > 2-GB addresses.
/// </summary>
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020,
/// <summary>
/// Machine is based on a 16-bit-word architecture.
/// </summary>
IMAGE_FILE_16BIT_MACHINE = 0x0040,
/// <summary>
/// Little endian: the least significant bit (LSB) precedes the most significant bit (MSB) in memory. This flag is
/// deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_LO = 0x0080,
/// <summary>
/// Machine is based on a 32-bit-word architecture.
/// </summary>
IMAGE_FILE_32BIT_MACHINE = 0x0100,
/// <summary>
/// Debugging information is removed from the image file.
/// </summary>
IMAGE_FILE_DEBUG_STRIPPED = 0x0200,
/// <summary>
/// If the image is on removable media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,
/// <summary>
/// If the image is on network media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800,
/// <summary>
/// The image file is a system file, not a user program.
/// </summary>
IMAGE_FILE_SYSTEM = 0x1000,
/// <summary>
/// The image file is a dynamic-link library (DLL). Such files are considered executable files for almost all purposes,
/// although they cannot be directly run.
/// </summary>
IMAGE_FILE_DLL = 0x2000,
/// <summary>
/// The file should be run only on a uniprocessor machine.
/// </summary>
IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000,
/// <summary>
/// Big endian: the MSB precedes the LSB in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_HI = 0x8000
}
/// <summary>
/// The Machine field has one of the following values that specifies its CPU type. An image file can be run only on the
/// specified machine or on a system that emulates the specified machine.
/// </summary>
public enum MachineTypes : ushort
{
@@ -176,79 +256,6 @@ namespace libexeinfo
IMAGE_FILE_MACHINE_WE32000 = 0x170
}
/// <summary>
/// The Characteristics field contains flags that indicate attributes of the object or image file.
/// </summary>
[Flags]
public enum Characteristics : ushort
{
/// <summary>
/// Image only, Windows CE, and Microsoft Windows NT and later. This indicates that the file does not contain base relocations and must therefore be loaded at its preferred base address. If the base address is not available, the loader reports an error. The default behavior of the linker is to strip base relocations from executable (EXE) files.
/// </summary>
IMAGE_FILE_RELOCS_STRIPPED = 0x0001,
/// <summary>
/// Image only. This indicates that the image file is valid and can be run. If this flag is not set, it indicates a linker error.
/// </summary>
IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002,
/// <summary>
/// COFF line numbers have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004,
/// <summary>
/// COFF symbol table entries for local symbols have been removed. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008,
/// <summary>
/// Obsolete. Aggressively trim working set. This flag is deprecated for Windows 2000 and later and must be zero.
/// </summary>
IMAGE_FILE_AGGRESSIVE_WS_TRIM = 0x0010,
/// <summary>
/// Application can handle > 2-GB addresses.
/// </summary>
IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020,
/// <summary>
/// Machine is based on a 16-bit-word architecture.
/// </summary>
IMAGE_FILE_16BIT_MACHINE = 0x0040,
/// <summary>
/// Little endian: the least significant bit (LSB) precedes the most significant bit (MSB) in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_LO = 0x0080,
/// <summary>
/// Machine is based on a 32-bit-word architecture.
/// </summary>
IMAGE_FILE_32BIT_MACHINE = 0x0100,
/// <summary>
/// Debugging information is removed from the image file.
/// </summary>
IMAGE_FILE_DEBUG_STRIPPED = 0x0200,
/// <summary>
/// If the image is on removable media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,
/// <summary>
/// If the image is on network media, fully load it and copy it to the swap file.
/// </summary>
IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800,
/// <summary>
/// The image file is a system file, not a user program.
/// </summary>
IMAGE_FILE_SYSTEM = 0x1000,
/// <summary>
/// The image file is a dynamic-link library (DLL). Such files are considered executable files for almost all purposes, although they cannot be directly run.
/// </summary>
IMAGE_FILE_DLL = 0x2000,
/// <summary>
/// The file should be run only on a uniprocessor machine.
/// </summary>
IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000,
/// <summary>
/// Big endian: the MSB precedes the LSB in memory. This flag is deprecated and should be zero.
/// </summary>
IMAGE_FILE_BYTES_REVERSED_HI = 0x8000
}
public const uint IMAGE_SCN_ALIGN_MASK = 0x00F00000;
[Flags]
public enum SectionFlags : uint
{
@@ -291,7 +298,8 @@ namespace libexeinfo
/// </summary>
IMAGE_SCN_LNK_OTHER = 0x00000100,
/// <summary>
/// Section contains comments or other information. The .drectve section has this type. This is valid for object files only.
/// Section contains comments or other information. The .drectve section has this type. This is valid for object files
/// only.
/// </summary>
IMAGE_SCN_LNK_INFO = 0x00000200,
/// <summary>
@@ -411,5 +419,7 @@ namespace libexeinfo
/// </summary>
IMAGE_SCN_MEM_WRITE = 0x80000000
}
public const uint IMAGE_SCN_ALIGN_MASK = 0x00F00000;
}
}

20
libexeinfo/COFF/Info.cs
View File

@@ -25,8 +25,6 @@
// THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace libexeinfo
@@ -56,7 +54,8 @@ namespace libexeinfo
sb.AppendLine("\tPE32+ executable");
break;
default:
sb.AppendFormat("\tUnknown executable type with magic {0}", header.optionalHeader.magic).AppendLine();
sb.AppendFormat("\tUnknown executable type with magic {0}", header.optionalHeader.magic)
.AppendLine();
break;
}
@@ -66,8 +65,7 @@ namespace libexeinfo
sb.AppendLine("\tExecutable contains no relocations.");
if(header.characteristics.HasFlag(Characteristics.IMAGE_FILE_EXECUTABLE_IMAGE))
sb.AppendLine("\tExecutable is valid.");
else
sb.AppendLine("\tExecutable is invalid, contains errors or has not been linked correctly.");
else sb.AppendLine("\tExecutable is invalid, contains errors or has not been linked correctly.");
if(!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LINE_NUMS_STRIPPED))
sb.AppendLine("\tExecutable contains line numbers.");
if(!header.characteristics.HasFlag(Characteristics.IMAGE_FILE_LOCAL_SYMS_STRIPPED))
@@ -99,13 +97,17 @@ namespace libexeinfo
sb.AppendFormat("\tExecutable has {0} sections", header.numberOfSections).AppendLine();
sb.AppendFormat("\tExecutable was linked on {0}", epoch.AddSeconds(header.timeDateStamp)).AppendLine();
sb.AppendFormat("\tSymbol table starts at {0} and contains {1} symbols", header.pointerToSymbolTable, header.numberOfSymbols).AppendLine();
sb.AppendFormat("\tSymbol table starts at {0} and contains {1} symbols", header.pointerToSymbolTable,
header.numberOfSymbols).AppendLine();
sb.AppendFormat("\tOptional header has {0} bytes", header.sizeOfOptionalHeader).AppendLine();
if(header.optionalHeader.majorLinkerVersion > 0 || header.optionalHeader.minorLinkerVersion > 0)
sb.AppendFormat("\tLinker version: {0}.{1}", header.optionalHeader.majorLinkerVersion, header.optionalHeader.minorLinkerVersion).AppendLine();
sb.AppendFormat("\tLinker version: {0}.{1}", header.optionalHeader.majorLinkerVersion,
header.optionalHeader.minorLinkerVersion).AppendLine();
sb.AppendFormat("\tCode has {0} bytes", header.optionalHeader.sizeOfCode).AppendLine();
sb.AppendFormat("\tInitialized data has {0} bytes", header.optionalHeader.sizeOfInitializedData).AppendLine();
sb.AppendFormat("\tUninitialized data has {0} bytes", header.optionalHeader.sizeOfUninitializedData).AppendLine();
sb.AppendFormat("\tInitialized data has {0} bytes", header.optionalHeader.sizeOfInitializedData)
.AppendLine();
sb.AppendFormat("\tUninitialized data has {0} bytes", header.optionalHeader.sizeOfUninitializedData)
.AppendLine();
sb.AppendFormat("\tAddress point starts at {0}", header.optionalHeader.addressOfEntryPoint).AppendLine();
sb.AppendFormat("\tCode starts at {0}", header.optionalHeader.baseOfCode).AppendLine();
if(header.optionalHeader.magic != PE.PE32Plus)

96
libexeinfo/COFF/MachineTypes.cs
View File

@@ -32,74 +32,42 @@ namespace libexeinfo
{
switch(machine)
{
case MachineTypes.IMAGE_FILE_MACHINE_UNKNOWN:
return "Any machine";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA:
return "Alpha AXP";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA64:
return "Alpha AXP 64-bit.";
case MachineTypes.IMAGE_FILE_MACHINE_AM33:
return "Matsushita AM33";
case MachineTypes.IMAGE_FILE_MACHINE_AMD64:
return "AMD64 / EM64T";
case MachineTypes.IMAGE_FILE_MACHINE_ARM:
return "ARM little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARM64:
return "ARM64 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARMNT:
return "ARM Thumb-2 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_EBC:
return "EFI byte code";
case MachineTypes.IMAGE_FILE_MACHINE_UNKNOWN: return "Any machine";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA: return "Alpha AXP";
case MachineTypes.IMAGE_FILE_MACHINE_ALPHA64: return "Alpha AXP 64-bit.";
case MachineTypes.IMAGE_FILE_MACHINE_AM33: return "Matsushita AM33";
case MachineTypes.IMAGE_FILE_MACHINE_AMD64: return "AMD64 / EM64T";
case MachineTypes.IMAGE_FILE_MACHINE_ARM: return "ARM little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARM64: return "ARM64 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_ARMNT: return "ARM Thumb-2 little endian";
case MachineTypes.IMAGE_FILE_MACHINE_EBC: return "EFI byte code";
case MachineTypes.IMAGE_FILE_MACHINE_I386:
case MachineTypes.IMAGE_FILE_MACHINE_I386_AIX:
return "Intel 386 or later processors and compatible processors";
case MachineTypes.IMAGE_FILE_MACHINE_IA64:
return "Intel Itanium processor family";
case MachineTypes.IMAGE_FILE_MACHINE_M32R:
return "Mitsubishi M32R little endian";
case MachineTypes.IMAGE_FILE_MACHINE_IA64: return "Intel Itanium processor family";
case MachineTypes.IMAGE_FILE_MACHINE_M32R: return "Mitsubishi M32R little endian";
case MachineTypes.IMAGE_FILE_MACHINE_M68K:
case MachineTypes.IMAGE_FILE_MACHINE_M68K_OTHER:
return "Motorola 68000 series";
case MachineTypes.IMAGE_FILE_MACHINE_MIPS16:
return "MIPS16";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU:
return "MIPS with FPU";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU16:
return "MIPS16 with FPU";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPC:
return "PowerPC little endian";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPCFP:
return "PowerPC with floating point support";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSEB:
return "MIPS R3000 or later (big endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R3000:
return "MIPS R3000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R4000:
return "MIPS R4000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R10000:
return "MIPS R10000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV32:
return "RISC-V 32-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV64:
return "RISC-V 64-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV128:
return "RISC-V 128-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_SH3:
return "Hitachi SH3";
case MachineTypes.IMAGE_FILE_MACHINE_SH3DSP:
return "Hitachi SH3 DSP";
case MachineTypes.IMAGE_FILE_MACHINE_SH4:
return "Hitachi SH4";
case MachineTypes.IMAGE_FILE_MACHINE_SH5:
return "Hitachi SH5";
case MachineTypes.IMAGE_FILE_MACHINE_THUMB:
return "ARM Thumb";
case MachineTypes.IMAGE_FILE_MACHINE_WCEMIPSV2:
return "MIPS little-endian WCE v2";
case MachineTypes.IMAGE_FILE_MACHINE_CLIPPER:
return "Clipper";
case MachineTypes.IMAGE_FILE_MACHINE_WE32000:
return "WE32000 series";
case MachineTypes.IMAGE_FILE_MACHINE_M68K_OTHER: return "Motorola 68000 series";
case MachineTypes.IMAGE_FILE_MACHINE_MIPS16: return "MIPS16";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU: return "MIPS with FPU";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSFPU16: return "MIPS16 with FPU";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPC: return "PowerPC little endian";
case MachineTypes.IMAGE_FILE_MACHINE_POWERPCFP: return "PowerPC with floating point support";
case MachineTypes.IMAGE_FILE_MACHINE_MIPSEB: return "MIPS R3000 or later (big endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R3000: return "MIPS R3000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R4000: return "MIPS R4000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_R10000: return "MIPS R10000 or later (little endian)";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV32: return "RISC-V 32-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV64: return "RISC-V 64-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_RISCV128: return "RISC-V 128-bit address space";
case MachineTypes.IMAGE_FILE_MACHINE_SH3: return "Hitachi SH3";
case MachineTypes.IMAGE_FILE_MACHINE_SH3DSP: return "Hitachi SH3 DSP";
case MachineTypes.IMAGE_FILE_MACHINE_SH4: return "Hitachi SH4";
case MachineTypes.IMAGE_FILE_MACHINE_SH5: return "Hitachi SH5";
case MachineTypes.IMAGE_FILE_MACHINE_THUMB: return "ARM Thumb";
case MachineTypes.IMAGE_FILE_MACHINE_WCEMIPSV2: return "MIPS little-endian WCE v2";
case MachineTypes.IMAGE_FILE_MACHINE_CLIPPER: return "Clipper";
case MachineTypes.IMAGE_FILE_MACHINE_WE32000: return "WE32000 series";
default:
return string.Format("Unknown machine type with code {0}", (ushort)machine);
}

27
libexeinfo/COFF/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Runtime.InteropServices;
namespace libexeinfo
@@ -33,7 +32,8 @@ namespace libexeinfo
public partial class COFF
{
/// <summary>
/// At the beginning of an object file, or immediately after the signature of an image file, is a standard COFF file header in the following format. Note that the Windows loader limits the number of sections to 96.
/// At the beginning of an object file, or immediately after the signature of an image file, is a standard COFF file
/// header in the following format. Note that the Windows loader limits the number of sections to 96.
/// </summary>
[StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct COFFHeader
@@ -47,15 +47,18 @@ namespace libexeinfo
/// </summary>
public ushort numberOfSections;
/// <summary>
/// The low 32 bits of the number of seconds since 00:00 January 1, 1970 (a C run-time time_t value), that indicates when the file was created.
/// The low 32 bits of the number of seconds since 00:00 January 1, 1970 (a C run-time time_t value), that indicates
/// when the file was created.
/// </summary>
public uint timeDateStamp;
/// <summary>
/// The file offset of the COFF symbol table, or zero if no COFF symbol table is present. This value should be zero for an image because COFF debugging information is deprecated.
/// The file offset of the COFF symbol table, or zero if no COFF symbol table is present. This value should be zero for
/// an image because COFF debugging information is deprecated.
/// </summary>
public uint pointerToSymbolTable;
/// <summary>
/// The number of entries in the symbol table. This data can be used to locate the string table, which immediately follows the symbol table. This value should be zero for an image because COFF debugging information is deprecated.
/// The number of entries in the symbol table. This data can be used to locate the string table, which immediately
/// follows the symbol table. This value should be zero for an image because COFF debugging information is deprecated.
/// </summary>
public uint numberOfSymbols;
public ushort sizeOfOptionalHeader;
@@ -67,13 +70,16 @@ namespace libexeinfo
}
/// <summary>
/// The first eight fields of the optional header are standard fields that are defined for every implementation of COFF. These fields contain general information that is useful for loading and running an executable file. They are unchanged for the PE32+ format.
/// The first eight fields of the optional header are standard fields that are defined for every implementation of
/// COFF. These fields contain general information that is useful for loading and running an executable file. They are
/// unchanged for the PE32+ format.
/// </summary>
[StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct OptionalHeader
{
/// <summary>
/// The unsigned integer that identifies the state of the image file. The most common number is 0x10B, which identifies it as a normal executable file. 0x107 identifies it as a ROM image, and 0x20B identifies it as a PE32+ executable.
/// The unsigned integer that identifies the state of the image file. The most common number is 0x10B, which identifies
/// it as a normal executable file. 0x107 identifies it as a ROM image, and 0x20B identifies it as a PE32+ executable.
/// </summary>
public ushort magic;
/// <summary>
@@ -93,11 +99,14 @@ namespace libexeinfo
/// </summary>
public uint sizeOfInitializedData;
/// <summary>
/// The size of the uninitialized data section (BSS), or the sum of all such sections if there are multiple BSS sections.
/// The size of the uninitialized data section (BSS), or the sum of all such sections if there are multiple BSS
/// sections.
/// </summary>
public uint sizeOfUninitializedData;
/// <summary>
/// The address of the entry point relative to the image base when the executable file is loaded into memory. For program images, this is the starting address. For device drivers, this is the address of the initialization function. An entry point is optional for DLLs. When no entry point is present, this field must be zero.
/// The address of the entry point relative to the image base when the executable file is loaded into memory. For
/// program images, this is the starting address. For device drivers, this is the address of the initialization
/// function. An entry point is optional for DLLs. When no entry point is present, this field must be zero.
/// </summary>
public uint addressOfEntryPoint;
/// <summary>

1
libexeinfo/LX/Consts.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class LX

1
libexeinfo/LX/Enums.cs
View File

@@ -25,6 +25,7 @@
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class LX

77
libexeinfo/LX/Info.cs
View File

@@ -24,9 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace libexeinfo
@@ -36,51 +33,59 @@ namespace libexeinfo
public static string GetInfo(LXHeader header)
{
StringBuilder sb = new StringBuilder();
if(header.signature == Signature16)
sb.AppendLine("Linear Executable (LE):");
else
sb.AppendLine("Linear eXecutable (LX):");
if(header.signature == Signature16) sb.AppendLine("Linear Executable (LE):");
else sb.AppendLine("Linear eXecutable (LX):");
if(header.os_type == TargetOS.OS2)
{
sb.AppendLine("\tOS/2 application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible))
if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Presentation Manager");
}
else if (header.os_type == TargetOS.Windows || header.os_type == TargetOS.Win32 || header.os_type == TargetOS.Unknown)
else if(header.os_type == TargetOS.Windows || header.os_type == TargetOS.Win32 ||
header.os_type == TargetOS.Unknown)
{
if(header.os_type == TargetOS.Windows || header.os_type == TargetOS.Unknown)
sb.AppendLine("\t16-bit Windows application");
else if(header.os_type == TargetOS.Win32)
sb.AppendLine("\t32-bit Windows application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible))
if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Windows");
}
else if(header.os_type == TargetOS.DOS)
{
sb.AppendLine("\tDOS application");
if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && !header.module_flags.HasFlag(ModuleFlags.PMCompatible))
if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
!header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(!header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.module_flags.HasFlag(ModuleFlags.PMIncompatible) && header.module_flags.HasFlag(ModuleFlags.PMCompatible))
else if(header.module_flags.HasFlag(ModuleFlags.PMIncompatible) &&
header.module_flags.HasFlag(ModuleFlags.PMCompatible))
sb.AppendLine("\tApplication uses Windows");
}
else
{
sb.AppendFormat("\tApplication for unknown OS {0}", (ushort)header.os_type).AppendLine();
}
sb.AppendFormat("\tByte ordering: {0}", header.byte_order == 1 ? "Big-endian" : "Little-Endian").AppendLine();
sb.AppendFormat("\tWord ordering: {0}", header.word_order == 1 ? "Big-endian" : "Little-Endian").AppendLine();
sb.AppendFormat("\tByte ordering: {0}", header.byte_order == 1 ? "Big-endian" : "Little-Endian")
.AppendLine();
sb.AppendFormat("\tWord ordering: {0}", header.word_order == 1 ? "Big-endian" : "Little-Endian")
.AppendLine();
sb.AppendFormat("\tFormat level: {0}", header.format_level).AppendLine();
sb.AppendFormat("\tExecutable version: {0}", header.module_version).AppendLine();
@@ -114,7 +119,8 @@ namespace libexeinfo
sb.AppendLine("\tExecutable requires at least a MIPS III processor to run.");
break;
default:
sb.AppendFormat("\tExecutable requires unknown cpu with type code {0} to run.", (ushort)header.cpu_type).AppendLine();
sb.AppendFormat("\tExecutable requires unknown cpu with type code {0} to run.",
(ushort)header.cpu_type).AppendLine();
break;
}
@@ -138,8 +144,10 @@ namespace libexeinfo
else if(header.module_flags.HasFlag(ModuleFlags.Library))
sb.AppendLine("Executable is a library.");
sb.AppendFormat("\tThis executable contains {0} pages", header.module_pages_no).AppendLine();
sb.AppendFormat("\tObject number to which the Entry Address is relative: {0}", header.eip_object).AppendLine();
sb.AppendFormat("\tThis executable contains {0} pages", header.module_pages_no)
.AppendLine();
sb.AppendFormat("\tObject number to which the Entry Address is relative: {0}", header.eip_object)
.AppendLine();
sb.AppendFormat("\tEntry address of module: {0:X8}h", header.eip).AppendLine();
sb.AppendFormat("\tObject number to which the ESP is relative: {0}", header.esp_object).AppendLine();
sb.AppendFormat("\tStarting stack address of module: {0:X8}h", header.esp).AppendLine();
@@ -149,24 +157,31 @@ namespace libexeinfo
sb.AppendFormat("\tChecksum for fixup information: 0x{0:X8}", header.fixup_checksum).AppendLine();
sb.AppendFormat("\tMemory resident tables are {0} bytes long", header.loader_size).AppendLine();
sb.AppendFormat("\tChecksum for loader section: 0x{0:X8}", header.loader_checksum).AppendLine();
sb.AppendFormat("\tObject table starts at {0} and contains {1} objects", header.obj_table_off, header.obj_no).AppendLine();
sb.AppendFormat("\tObject table starts at {0} and contains {1} objects", header.obj_table_off,
header.obj_no).AppendLine();
sb.AppendFormat("\tObject page table starts at {0}", header.obj_page_table_off).AppendLine();
sb.AppendFormat("\tObject iterated pages starts at {0}", header.obj_iter_pages_off).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_off, header.resource_entries).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_off,
header.resource_entries).AppendLine();
sb.AppendFormat("\tResident name table starts at {0}", header.resident_names_off).AppendLine();
sb.AppendFormat("\tEntry table starts at {0}", header.entry_table_off).AppendLine();
sb.AppendFormat("\tModule format directives table starts at {0} and contains {1} entries", header.directives_off, header.directives_no).AppendLine();
sb.AppendFormat("\tModule format directives table starts at {0} and contains {1} entries",
header.directives_off, header.directives_no).AppendLine();
sb.AppendFormat("\tFixup page table starts at {0}", header.fixup_page_table_off).AppendLine();
sb.AppendFormat("\tFixup record table starts at {0}", header.fixup_record_table_off).AppendLine();
sb.AppendFormat("\tImport module name table starts at {0} and contains {1} entries", header.import_module_table_off, header.import_module_entries).AppendLine();
sb.AppendFormat("\tImport module name table starts at {0} and contains {1} entries",
header.import_module_table_off, header.import_module_entries).AppendLine();
sb.AppendFormat("\tImport procedure name table starts at {0}", header.import_proc_table_off).AppendLine();
sb.AppendFormat("\tPer-page checksum table starts at {0}", header.perpage_checksum_off).AppendLine();
sb.AppendFormat("\tData pages start at {0}", header.data_pages_off).AppendLine();
sb.AppendFormat("\t{0} pages to preload in this executable", header.preload_pages_no).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes", header.nonresident_name_table_off, header.nonresident_name_table_len).AppendLine();
sb.AppendFormat("\tNon-resident name table checksum: 0x{0:X8}", header.nonresident_name_table_checksum).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes",
header.nonresident_name_table_off, header.nonresident_name_table_len).AppendLine();
sb.AppendFormat("\tNon-resident name table checksum: 0x{0:X8}", header.nonresident_name_table_checksum)
.AppendLine();
sb.AppendFormat("\tThe auto data segment object number: {0}", header.auto_ds_obj_no).AppendLine();
sb.AppendFormat("\tDebug information starts at {0} and is {1} bytes", header.debug_info_off, header.debug_info_len).AppendLine();
sb.AppendFormat("\tDebug information starts at {0} and is {1} bytes", header.debug_info_off,
header.debug_info_len).AppendLine();
sb.AppendFormat("\tInstance pages in preload section: {0}", header.instance_preload_no).AppendLine();
sb.AppendFormat("\tInstance pages in demand section: {0}", header.instance_demand_no).AppendLine();
sb.AppendFormat("\tHeap size added to the auto ds object: {0}", header.heap_size).AppendLine();

11
libexeinfo/LX/LX.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;
@@ -35,6 +36,7 @@ namespace libexeinfo
// TODO: Big-endian (really needed?)
public partial class LX
{
public readonly MZ BaseExecutable;
/// <summary>
/// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary>
@@ -47,7 +49,6 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft/IBM Linear EXecutable
/// </summary>
public readonly bool IsLX;
public readonly MZ BaseExecutable;
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
@@ -59,7 +60,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -72,7 +72,6 @@ namespace libexeinfo
IsLX = Header.signature == Signature || Header.signature == Signature16;
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
@@ -84,7 +83,6 @@ namespace libexeinfo
BaseStream = stream;
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -97,7 +95,6 @@ namespace libexeinfo
IsLX = Header.signature == Signature || Header.signature == Signature16;
}
}
}
/// <summary>
/// Identifies if the specified executable is a Microsoft/IBM Linear EXecutable
@@ -109,7 +106,6 @@ namespace libexeinfo
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -121,7 +117,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature || Header.signature == Signature16;
}
}
return false;
}
@@ -136,7 +131,6 @@ namespace libexeinfo
FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -148,7 +142,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature || Header.signature == Signature16;
}
}
return false;
}

1
libexeinfo/LX/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Runtime.InteropServices;
namespace libexeinfo

1
libexeinfo/MZ/Consts.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class MZ

9
libexeinfo/MZ/Info.cs
View File

@@ -40,11 +40,14 @@ namespace libexeinfo
StringBuilder sb = new StringBuilder();
sb.AppendLine("DOS MZ executable:");
sb.AppendFormat("\tBlocks in file: {0}", header.blocks_in_file).AppendLine();
sb.AppendFormat("\t{0} bytes used in last block", header.bytes_in_last_block == 0 ? 512 : header.bytes_in_last_block).AppendLine();
sb.AppendFormat("\t{0} bytes used in last block",
header.bytes_in_last_block == 0 ? 512 : header.bytes_in_last_block).AppendLine();
sb.AppendFormat("\t{0} relocations present after the header", header.num_relocs).AppendLine();
sb.AppendFormat("\t{0} paragraphs in header", header.header_paragraphs).AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory required", header.min_extra_paragraphs).AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory requested", header.max_extra_paragraphs).AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory required", header.min_extra_paragraphs)
.AppendLine();
sb.AppendFormat("\t{0} paragraphs of additional memory requested", header.max_extra_paragraphs)
.AppendLine();
sb.AppendFormat("\tSegment address for SS: {0:X4}h", header.ss).AppendLine();
sb.AppendFormat("\tInitial value of SP: {0:X4}h", header.sp).AppendLine();
sb.AppendFormat("\tInitial value of IP: {0:X4}h", header.ip).AppendLine();

1
libexeinfo/MZ/MZ.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;

83
libexeinfo/NE/Consts.cs
View File

@@ -24,8 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.ComponentModel;
namespace libexeinfo
{
public partial class NE
@@ -52,60 +50,33 @@ namespace libexeinfo
{
switch(id & 0x7FFF)
{
case (int)ResourceTypes.RT_ACCELERATOR:
return "RT_ACCELERATOR";
case (int)ResourceTypes.RT_ANICURSOR:
return "RT_ANICURSOR";
case (int)ResourceTypes.RT_ANIICON:
return "RT_ANIICON";
case (int)ResourceTypes.RT_BITMAP:
return "RT_BITMAP";
case (int)ResourceTypes.RT_CURSOR:
return "RT_CURSOR";
case (int)ResourceTypes.RT_DIALOG:
return "RT_DIALOG";
case (int)ResourceTypes.RT_DIALOGEX:
return "RT_DIALOGEX";
case (int)ResourceTypes.RT_DLGINCLUDE:
return "RT_DLGINCLUDE";
case (int)ResourceTypes.RT_DLGINIT:
return "RT_DLGINIT";
case (int)ResourceTypes.RT_FONT:
return "RT_FONT";
case (int)ResourceTypes.RT_FONTDIR:
return "RT_FONTDIR";
case (int)ResourceTypes.RT_GROUP_CURSOR:
return "RT_GROUP_CURSOR";
case (int)ResourceTypes.RT_GROUP_ICON:
return "RT_GROUP_ICON";
case (int)ResourceTypes.RT_HTML:
return "RT_HTML";
case (int)ResourceTypes.RT_ICON:
return "RT_ICON";
case (int)ResourceTypes.RT_MANIFEST:
return "RT_MANIFEST";
case (int)ResourceTypes.RT_MENU:
return "RT_MENU";
case (int)ResourceTypes.RT_MENUEX:
return "RT_MENUEX";
case (int)ResourceTypes.RT_MESSAGETABLE:
return "RT_MESSAGETABLE";
case (int)ResourceTypes.RT_NEWBITMAP:
return "RT_NEWBITMAP";
case (int)ResourceTypes.RT_PLUGPLAY:
return "RT_PLUGPLAY";
case (int)ResourceTypes.RT_RCDATA:
return "RT_RCDATA";
case (int)ResourceTypes.RT_STRING:
return "RT_STRING";
case (int)ResourceTypes.RT_TOOLBAR:
return "RT_TOOLBAR";
case (int)ResourceTypes.RT_VERSION:
return "RT_VERSION";
case (int)ResourceTypes.RT_VXD:
return "RT_VXD";
default:
return string.Format("{0}", id & 0x7FFF);
case (int)ResourceTypes.RT_ACCELERATOR: return "RT_ACCELERATOR";
case (int)ResourceTypes.RT_ANICURSOR: return "RT_ANICURSOR";
case (int)ResourceTypes.RT_ANIICON: return "RT_ANIICON";
case (int)ResourceTypes.RT_BITMAP: return "RT_BITMAP";
case (int)ResourceTypes.RT_CURSOR: return "RT_CURSOR";
case (int)ResourceTypes.RT_DIALOG: return "RT_DIALOG";
case (int)ResourceTypes.RT_DIALOGEX: return "RT_DIALOGEX";
case (int)ResourceTypes.RT_DLGINCLUDE: return "RT_DLGINCLUDE";
case (int)ResourceTypes.RT_DLGINIT: return "RT_DLGINIT";
case (int)ResourceTypes.RT_FONT: return "RT_FONT";
case (int)ResourceTypes.RT_FONTDIR: return "RT_FONTDIR";
case (int)ResourceTypes.RT_GROUP_CURSOR: return "RT_GROUP_CURSOR";
case (int)ResourceTypes.RT_GROUP_ICON: return "RT_GROUP_ICON";
case (int)ResourceTypes.RT_HTML: return "RT_HTML";
case (int)ResourceTypes.RT_ICON: return "RT_ICON";
case (int)ResourceTypes.RT_MANIFEST: return "RT_MANIFEST";
case (int)ResourceTypes.RT_MENU: return "RT_MENU";
case (int)ResourceTypes.RT_MENUEX: return "RT_MENUEX";
case (int)ResourceTypes.RT_MESSAGETABLE: return "RT_MESSAGETABLE";
case (int)ResourceTypes.RT_NEWBITMAP: return "RT_NEWBITMAP";
case (int)ResourceTypes.RT_PLUGPLAY: return "RT_PLUGPLAY";
case (int)ResourceTypes.RT_RCDATA: return "RT_RCDATA";
case (int)ResourceTypes.RT_STRING: return "RT_STRING";
case (int)ResourceTypes.RT_TOOLBAR: return "RT_TOOLBAR";
case (int)ResourceTypes.RT_VERSION: return "RT_VERSION";
case (int)ResourceTypes.RT_VXD: return "RT_VXD";
default: return string.Format("{0}", id & 0x7FFF);
}
}
}

99
libexeinfo/NE/Enums.cs
View File

@@ -25,40 +25,11 @@
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class NE
{
/// <summary>
/// Program flags.
/// </summary>
[Flags]
public enum ProgramFlags : byte
{
NoDGroup = 0,
SingleDGroup = 1,
MultipleDGroup = 2,
GlobalInit = 1 << 2,
ProtectedMode = 1 << 3,
i86 = 1 << 4,
i286 = 1 << 5,
i386 = 1 << 6,
i87 = 1 << 7
}
/// <summary>
/// Target operating system.
/// </summary>
public enum TargetOS : byte
{
Unknown = 0,
OS2 = 1,
Windows = 2,
DOS = 3,
Win32 = 4,
Borland = 5
}
/// <summary>
/// Application flags.
/// </summary>
@@ -81,7 +52,24 @@ namespace libexeinfo
LongFilename = 1 << 0,
ProtectedMode2 = 1 << 1,
ProportionalFonts = 1 << 2,
GangloadArea = 1 << 3,
GangloadArea = 1 << 3
}
/// <summary>
/// Program flags.
/// </summary>
[Flags]
public enum ProgramFlags : byte
{
NoDGroup = 0,
SingleDGroup = 1,
MultipleDGroup = 2,
GlobalInit = 1 << 2,
ProtectedMode = 1 << 3,
i86 = 1 << 4,
i286 = 1 << 5,
i386 = 1 << 6,
i87 = 1 << 7
}
/// <summary>
@@ -126,7 +114,20 @@ namespace libexeinfo
RT_TOOLBAR = 241,
RT_VERSION = 16,
RT_VXD = 20,
RT_NEW = 0x2000,
RT_NEW = 0x2000
}
/// <summary>
/// Target operating system.
/// </summary>
public enum TargetOS : byte
{
Unknown = 0,
OS2 = 1,
Windows = 2,
DOS = 3,
Win32 = 4,
Borland = 5
}
/// <summary>
@@ -140,7 +141,7 @@ namespace libexeinfo
VS_FF_PATCHED = 0x00000004,
VS_FF_PRERELEASE = 0x00000002,
VS_FF_PRIVATEBUILD = 0x00000008,
VS_FF_SPECIALBUILD = 0x00000020,
VS_FF_SPECIALBUILD = 0x00000020
}
/// <summary>
@@ -175,21 +176,7 @@ namespace libexeinfo
VOS_OS232_WINDOWS16 = 0x00030001,
VOS_OS232_WINDOWS32 = 0x00030004,
VOS_OS232_PM16 = 0x00030002,
VOS_OS232_PM32 = 0x00030003,
}
/// <summary>
/// Version file type.
/// </summary>
public enum VersionFileType : uint
{
VFT_APP = 0x00000001,
VFT_DLL = 0x00000002,
VFT_DRV = 0x00000003,
VFT_FONT = 0x00000004,
VFT_STATIC_LIB = 0x00000007,
VFT_UNKNOWN = 0x00000000,
VFT_VXD = 0x00000005,
VOS_OS232_PM32 = 0x00030003
}
/// <summary>
@@ -213,7 +200,21 @@ namespace libexeinfo
// Fonts
VFT2_FONT_RASTER = 0x00000001,
VFT2_FONT_TRUETYPE = 0x00000003,
VFT2_FONT_VECTOR = 0x00000002,
VFT2_FONT_VECTOR = 0x00000002
}
/// <summary>
/// Version file type.
/// </summary>
public enum VersionFileType : uint
{
VFT_APP = 0x00000001,
VFT_DLL = 0x00000002,
VFT_DRV = 0x00000003,
VFT_FONT = 0x00000004,
VFT_STATIC_LIB = 0x00000007,
VFT_UNKNOWN = 0x00000000,
VFT_VXD = 0x00000005
}
}
}

122
libexeinfo/NE/Info.cs
View File

@@ -39,24 +39,25 @@ namespace libexeinfo
sb.AppendLine("New Executable (NE):");
sb.AppendFormat("\tFile's CRC: 0x{0:X8}", header.crc).AppendLine();
sb.AppendFormat("\tLinker version: {0}.{1}", header.linker_major, header.linker_minor).AppendLine();
if (header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && !header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
if(header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
!header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication uses a single shared DGroup");
else if (!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
else if(!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication uses a multiple DGroup");
else if (header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
else if(header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication indicates an incorrect DGroup value");
else if (!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) && !header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
else if(!header.program_flags.HasFlag(ProgramFlags.SingleDGroup) &&
!header.program_flags.HasFlag(ProgramFlags.MultipleDGroup))
sb.AppendLine("\tApplication does not use DGroup");
if(header.program_flags.HasFlag(ProgramFlags.GlobalInit))
sb.AppendLine("\tApplication uses global initialization");
if(header.program_flags.HasFlag(ProgramFlags.ProtectedMode))
sb.AppendLine("\tApplication uses protected mode");
if (header.program_flags.HasFlag(ProgramFlags.i86))
sb.AppendLine("\tApplication uses 8086 instructions");
if (header.program_flags.HasFlag(ProgramFlags.i286))
sb.AppendLine("\tApplication uses 80286 instructions");
if (header.program_flags.HasFlag(ProgramFlags.i386))
sb.AppendLine("\tApplication uses 80386 instructions");
if(header.program_flags.HasFlag(ProgramFlags.i86)) sb.AppendLine("\tApplication uses 8086 instructions");
if(header.program_flags.HasFlag(ProgramFlags.i286)) sb.AppendLine("\tApplication uses 80286 instructions");
if(header.program_flags.HasFlag(ProgramFlags.i386)) sb.AppendLine("\tApplication uses 80386 instructions");
if(header.program_flags.HasFlag(ProgramFlags.i87))
sb.AppendLine("\tApplication uses floating point instructions");
@@ -64,14 +65,17 @@ namespace libexeinfo
{
sb.AppendLine("\tOS/2 application");
if(header.os_major > 0)
sb.AppendFormat("\tApplication requires OS/2 {0}.{1} to run", header.os_major, header.os_minor).AppendLine();
else
sb.AppendLine("\tApplication requires OS/2 1.0 to run");
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendFormat("\tApplication requires OS/2 {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
else sb.AppendLine("\tApplication requires OS/2 1.0 to run");
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Presentation Manager");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Presentation Manager, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Presentation Manager");
if(header.os2_flags.HasFlag(OS2Flags.LongFilename))
sb.AppendLine("\tApplication supports long filenames");
@@ -80,30 +84,37 @@ namespace libexeinfo
if(header.os2_flags.HasFlag(OS2Flags.ProportionalFonts))
sb.AppendLine("\tApplication uses OS/2 2.x proportional fonts");
if(header.os2_flags.HasFlag(OS2Flags.GangloadArea))
sb.AppendFormat("\tGangload area starts at {0} an runs for {1} bytes", header.return_thunks_offset, header.segment_reference_thunks).AppendLine();
sb.AppendFormat("\tGangload area starts at {0} an runs for {1} bytes", header.return_thunks_offset,
header.segment_reference_thunks).AppendLine();
else
{
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks)
.AppendLine();
}
}
else if (header.target_os == TargetOS.Windows || header.target_os == TargetOS.Win32 || header.target_os == TargetOS.Unknown)
else if(header.target_os == TargetOS.Windows || header.target_os == TargetOS.Win32 ||
header.target_os == TargetOS.Unknown)
{
if(header.target_os == TargetOS.Windows || header.target_os == TargetOS.Unknown)
sb.AppendLine("\t16-bit Windows application");
else if(header.target_os == TargetOS.Win32)
sb.AppendLine("\t32-bit Windows application");
if(header.os_major > 0)
sb.AppendFormat("\tApplication requires Windows {0}.{1} to run", header.os_major, header.os_minor).AppendLine();
sb.AppendFormat("\tApplication requires Windows {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
else if(header.target_os == TargetOS.Windows)
sb.AppendLine("\tApplication requires Windows 2.0 to run");
else if(header.target_os == TargetOS.Unknown)
sb.AppendLine("\tApplication requires Windows 1.0 to run");
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
@@ -111,12 +122,16 @@ namespace libexeinfo
else if(header.target_os == TargetOS.DOS)
{
sb.AppendLine("\tDOS application");
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor).AppendLine();
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
@@ -124,12 +139,16 @@ namespace libexeinfo
else if(header.target_os == TargetOS.Borland)
{
sb.AppendLine("\tBorland Operating System Services application");
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor).AppendLine();
if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && !header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendFormat("\tApplication requires DOS {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
!header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is full screen, unaware of Windows");
else if (!header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(!header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication is aware of Windows, but doesn't use it");
else if (header.application_flags.HasFlag(ApplicationFlags.FullScreen) && header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
else if(header.application_flags.HasFlag(ApplicationFlags.FullScreen) &&
header.application_flags.HasFlag(ApplicationFlags.GUICompatible))
sb.AppendLine("\tApplication uses Windows");
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
@@ -137,13 +156,13 @@ namespace libexeinfo
else
{
sb.AppendFormat("\tApplication for unknown OS {0}", (byte)header.target_os).AppendLine();
sb.AppendFormat("\tApplication requires OS {0}.{1} to run", header.os_major, header.os_minor).AppendLine();
sb.AppendFormat("\tApplication requires OS {0}.{1} to run", header.os_major, header.os_minor)
.AppendLine();
sb.AppendFormat("\tReturn thunks are at: {0}", header.return_thunks_offset).AppendLine();
sb.AppendFormat("\tSegment reference thunks are at: {0}", header.segment_reference_thunks).AppendLine();
}
if (header.application_flags.HasFlag(ApplicationFlags.Errors))
sb.AppendLine("\tExecutable has errors");
if(header.application_flags.HasFlag(ApplicationFlags.Errors)) sb.AppendLine("\tExecutable has errors");
if(header.application_flags.HasFlag(ApplicationFlags.NonConforming))
sb.AppendLine("\tExecutable is non conforming");
if(header.application_flags.HasFlag(ApplicationFlags.DLL))
@@ -153,14 +172,21 @@ namespace libexeinfo
sb.AppendFormat("\tFile alignment shift: {0}", 512 << header.alignment_shift).AppendLine();
sb.AppendFormat("\tInitial local heap should be {0} bytes", header.initial_heap).AppendLine();
sb.AppendFormat("\tInitial stack size should be {0} bytes", header.initial_stack).AppendLine();
sb.AppendFormat("\tCS:IP entry point: {0:X4}:{1:X4}", (header.entry_point & 0xFFFF0000) >> 16, header.entry_point & 0xFFFF).AppendLine();
sb.AppendFormat("\tCS:IP entry point: {0:X4}:{1:X4}", (header.entry_point & 0xFFFF0000) >> 16,
header.entry_point & 0xFFFF).AppendLine();
if(!header.application_flags.HasFlag(ApplicationFlags.DLL))
sb.AppendFormat("\tSS:SP initial stack pointer: {0:X4}:{1:X4}", (header.stack_pointer & 0xFFFF0000) >> 16, header.stack_pointer & 0xFFFF).AppendLine();
sb.AppendFormat("\tEntry table starts at {0} and runs for {1} bytes", header.entry_table_offset, header.entry_table_length).AppendLine();
sb.AppendFormat("\tSegment table starts at {0} and contain {1} segments", header.segment_table_offset, header.segment_count).AppendLine();
sb.AppendFormat("\tModule reference table starts at {0} and contain {1} references", header.module_reference_offset, header.reference_count).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes", header.nonresident_names_offset, header.nonresident_table_size).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_offset, header.resource_entries).AppendLine();
sb.AppendFormat("\tSS:SP initial stack pointer: {0:X4}:{1:X4}",
(header.stack_pointer & 0xFFFF0000) >> 16, header.stack_pointer & 0xFFFF).AppendLine();
sb.AppendFormat("\tEntry table starts at {0} and runs for {1} bytes", header.entry_table_offset,
header.entry_table_length).AppendLine();
sb.AppendFormat("\tSegment table starts at {0} and contain {1} segments", header.segment_table_offset,
header.segment_count).AppendLine();
sb.AppendFormat("\tModule reference table starts at {0} and contain {1} references",
header.module_reference_offset, header.reference_count).AppendLine();
sb.AppendFormat("\tNon-resident names table starts at {0} and runs for {1} bytes",
header.nonresident_names_offset, header.nonresident_table_size).AppendLine();
sb.AppendFormat("\tResources table starts at {0} and contains {1} entries", header.resource_table_offset,
header.resource_entries).AppendLine();
sb.AppendFormat("\tResident names table starts at {0}", header.resident_names_offset).AppendLine();
sb.AppendFormat("\tImported names table starts at {0}", header.imported_names_offset).AppendLine();
return sb.ToString();
@@ -189,8 +215,7 @@ namespace libexeinfo
ResourceType type = new ResourceType();
stream.Read(DW, 0, 2);
type.id = BitConverter.ToUInt16(DW, 0);
if (type.id == 0)
break;
if(type.id == 0) break;
stream.Read(DW, 0, 2);
type.count = BitConverter.ToUInt16(DW, 0);
@@ -214,7 +239,7 @@ namespace libexeinfo
}
types.Add(type);
System.Console.WriteLine("{0}", stream.Position);
Console.WriteLine("{0}", stream.Position);
}
table.types = types.ToArray();
@@ -231,8 +256,7 @@ namespace libexeinfo
stream.Read(str, 0, len);
table.types[t].name = Encoding.ASCII.GetString(str);
}
else
table.types[t].name = ResourceIdToName(table.types[t].id);
else table.types[t].name = ResourceIdToName(table.types[t].id);
for(int r = 0; r < table.types[t].resources.Length; r++)
{
@@ -247,9 +271,11 @@ namespace libexeinfo
table.types[t].resources[r].name = Encoding.ASCII.GetString(str);
}
else
table.types[t].resources[r].name = string.Format("{0}", table.types[t].resources[r].id & 0x7FFF);
table.types[t].resources[r].name =
string.Format("{0}", table.types[t].resources[r].id & 0x7FFF);
table.types[t].resources[r].data = new byte[table.types[t].resources[r].length * (1 << table.alignment_shift)];
table.types[t].resources[r].data =
new byte[table.types[t].resources[r].length * (1 << table.alignment_shift)];
stream.Position = table.types[t].resources[r].dataOffset * (1 << table.alignment_shift);
stream.Read(table.types[t].resources[r].data, 0, table.types[t].resources[r].data.Length);
}

17
libexeinfo/NE/NE.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;
@@ -34,6 +35,7 @@ namespace libexeinfo
/// </summary>
public partial class NE
{
public readonly MZ BaseExecutable;
/// <summary>
/// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary>
@@ -46,7 +48,6 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft New Executable
/// </summary>
public readonly bool IsNE;
public readonly MZ BaseExecutable;
public readonly ResourceTable Resources;
public readonly Version[] Versions;
@@ -60,7 +61,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -75,13 +75,13 @@ namespace libexeinfo
IsNE = true;
if(Header.resource_entries > 0)
{
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset, Header.resource_table_offset);
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset,
Header.resource_table_offset);
Versions = GetVersions().ToArray();
}
}
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE" /> class.
@@ -93,7 +93,6 @@ namespace libexeinfo
BaseStream = stream;
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -108,13 +107,13 @@ namespace libexeinfo
IsNE = true;
if(Header.resource_entries > 0)
{
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset, Header.resource_table_offset);
Resources = GetResources(BaseStream, BaseExecutable.Header.new_offset,
Header.resource_table_offset);
Versions = GetVersions().ToArray();
}
}
}
}
}
/// <summary>
/// Identifies if the specified executable is a Microsoft New Executable
@@ -126,7 +125,6 @@ namespace libexeinfo
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -138,7 +136,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature;
}
}
return false;
}
@@ -153,7 +150,6 @@ namespace libexeinfo
FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -165,7 +161,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature;
}
}
return false;
}

29
libexeinfo/NE/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Runtime.InteropServices;
namespace libexeinfo
@@ -115,11 +114,11 @@ namespace libexeinfo
/// </summary>
class VersionNode
{
public ushort cbNode;
public ushort cbData;
public string szName;
public byte[] rgbData;
public ushort cbNode;
public VersionNode[] children;
public byte[] rgbData;
public string szName;
}
/// <summary>
@@ -128,19 +127,19 @@ namespace libexeinfo
[StructLayout(LayoutKind.Sequential)]
public class FixedFileInfo
{
public uint dwFileDateLS;
public uint dwFileDateMS;
public uint dwFileFlags;
public uint dwFileFlagsMask;
public uint dwFileOS;
public uint dwFileSubtype;
public uint dwFileType;
public uint dwFileVersionLS;
public uint dwFileVersionMS;
public uint dwProductVersionLS;
public uint dwProductVersionMS;
public uint dwSignature;
public uint dwStrucVersion;
public uint dwFileVersionMS;
public uint dwFileVersionLS;
public uint dwProductVersionMS;
public uint dwProductVersionLS;
public uint dwFileFlagsMask;
public uint dwFileFlags;
public uint dwFileOS;
public uint dwFileType;
public uint dwFileSubtype;
public uint dwFileDateMS;
public uint dwFileDateLS;
}
}
}

369
libexeinfo/NE/Version.cs
View File

@@ -43,16 +43,12 @@ namespace libexeinfo
List<Version> versions = new List<Version>();
foreach(ResourceType type in Resources.types)
{
if((type.id & 0x7FFF) == (int)ResourceTypes.RT_VERSION)
{
foreach(Resource resource in type.resources)
{
Version vers = new Version(resource.data, resource.name);
versions.Add(vers);
}
}
}
return versions;
}
@@ -62,114 +58,6 @@ namespace libexeinfo
/// </summary>
public class Version
{
/// <summary>
/// This contains a list of all name=value strings pairs sorted by language
/// </summary>
/// <value>List of all name=value strings pairs sorted by language.</value>
public Dictionary<string, Dictionary<string, string>> StringsByLanguage { get; }
string fileVersion;
string productVersion;
VersionFileFlags fileFlags;
VersionFileOS fileOS;
VersionFileType fileType;
VersionFileSubtype fileSubtype;
DateTime fileDate;
string name;
/// <summary>
/// File version.
/// </summary>
/// <value>The file version.</value>
public string FileVersion
{
get
{
return fileVersion;
}
}
/// <summary>
/// Product version.
/// </summary>
/// <value>The product version.</value>
public string ProductVersion
{
get
{
return productVersion;
}
}
/// <summary>
/// File flags.
/// </summary>
/// <value>The file flags.</value>
public VersionFileFlags FileFlags
{
get
{
return fileFlags;
}
}
/// <summary>
/// File operating system.
/// </summary>
/// <value>The file operating system.</value>
public VersionFileOS FileOS
{
get
{
return fileOS;
}
}
/// <summary>
/// File type.
/// </summary>
/// <value>The type of the file.</value>
public VersionFileType FileType
{
get
{
return fileType;
}
}
/// <summary>
/// File subtype.
/// </summary>
/// <value>The file subtype.</value>
public VersionFileSubtype FileSubtype
{
get
{
return fileSubtype;
}
}
/// <summary>
/// File date.
/// </summary>
/// <value>The file date.</value>
public DateTime FileDate
{
get
{
return fileDate;
}
}
/// <summary>
/// Resource name
/// </summary>
/// <value>The resource name.</value>
public string Name
{
get { return name; }
}
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.NE.Version" /> class.
/// </summary>
@@ -177,10 +65,9 @@ namespace libexeinfo
/// <param name="resourceName">Resource name.</param>
public Version(byte[] data, string resourceName = null)
{
if (data == null || data.Length < 5)
return;
if(data == null || data.Length < 5) return;
name = resourceName;
Name = resourceName;
StringsByLanguage = new Dictionary<string, Dictionary<string, string>>();
@@ -188,6 +75,60 @@ namespace libexeinfo
DecodeNode(root, null, null);
}
/// <summary>
/// This contains a list of all name=value strings pairs sorted by language
/// </summary>
/// <value>List of all name=value strings pairs sorted by language.</value>
public Dictionary<string, Dictionary<string, string>> StringsByLanguage { get; }
/// <summary>
/// File version.
/// </summary>
/// <value>The file version.</value>
public string FileVersion { get; set; }
/// <summary>
/// Product version.
/// </summary>
/// <value>The product version.</value>
public string ProductVersion { get; set; }
/// <summary>
/// File flags.
/// </summary>
/// <value>The file flags.</value>
public VersionFileFlags FileFlags { get; set; }
/// <summary>
/// File operating system.
/// </summary>
/// <value>The file operating system.</value>
public VersionFileOS FileOS { get; set; }
/// <summary>
/// File type.
/// </summary>
/// <value>The type of the file.</value>
public VersionFileType FileType { get; set; }
/// <summary>
/// File subtype.
/// </summary>
/// <value>The file subtype.</value>
public VersionFileSubtype FileSubtype { get; set; }
/// <summary>
/// File date.
/// </summary>
/// <value>The file date.</value>
public DateTime FileDate { get; set; }
/// <summary>
/// Resource name
/// </summary>
/// <value>The resource name.</value>
public string Name { get; }
VersionNode GetNode(byte[] data, int startPosition, out int nodeLength)
{
nodeLength = 0;
@@ -205,17 +146,16 @@ namespace libexeinfo
nameMs.WriteByte(data[startPosition + nodeLength]);
nodeLength++;
}
node.szName = Encoding.ASCII.GetString(nameMs.ToArray());
nodeLength++;
if (nodeLength % 4 > 0)
nodeLength += 4 - (nodeLength % 4);
if(nodeLength % 4 > 0) nodeLength += 4 - nodeLength % 4;
node.rgbData = new byte[node.cbData];
Array.Copy(data, startPosition + nodeLength, node.rgbData, 0, node.cbData);
nodeLength += node.cbData;
if (nodeLength % 4 > 0)
nodeLength += 4 - (nodeLength % 4);
if(nodeLength % 4 > 0) nodeLength += 4 - nodeLength % 4;
List<VersionNode> children = new List<VersionNode>();
@@ -225,8 +165,7 @@ namespace libexeinfo
nodeLength += childLength;
}
if (children.Count > 0)
node.children = children.ToArray();
if(children.Count > 0) node.children = children.ToArray();
return node;
}
@@ -240,15 +179,20 @@ namespace libexeinfo
FixedFileInfo info = (FixedFileInfo)Marshal.PtrToStructure(infoPtr, typeof(FixedFileInfo));
Marshal.FreeHGlobal(infoPtr);
fileVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwFileVersionMS & 0xFFFF0000) >> 16, info.dwFileVersionMS & 0xFFFF,
(info.dwFileVersionLS & 0xFFFF0000) >> 16, info.dwFileVersionLS & 0xFFFF);
productVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwProductVersionMS & 0xFFFF0000) >> 16, info.dwProductVersionMS & 0xFFFF,
(info.dwProductVersionLS & 0xFFFF0000) >> 16, info.dwProductVersionLS & 0xFFFF);
fileFlags = (VersionFileFlags)(info.dwFileFlags & info.dwFileFlagsMask);
fileOS = (VersionFileOS)info.dwFileOS;
fileType = (VersionFileType)info.dwFileType;
fileSubtype = (VersionFileSubtype)info.dwFileSubtype;
fileDate = DateTime.FromFileTime(info.dwFileDateMS * 0x100000000 + info.dwFileDateLS);
FileVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwFileVersionMS & 0xFFFF0000) >> 16,
info.dwFileVersionMS & 0xFFFF,
(info.dwFileVersionLS & 0xFFFF0000) >> 16,
info.dwFileVersionLS & 0xFFFF);
ProductVersion = string.Format("{0}.{1:D2}.{2}.{3}", (info.dwProductVersionMS & 0xFFFF0000) >> 16,
info.dwProductVersionMS & 0xFFFF,
(info.dwProductVersionLS & 0xFFFF0000) >> 16,
info.dwProductVersionLS & 0xFFFF);
FileFlags =
(VersionFileFlags)(info.dwFileFlags & info.dwFileFlagsMask);
FileOS = (VersionFileOS)info.dwFileOS;
FileType = (VersionFileType)info.dwFileType;
FileSubtype = (VersionFileSubtype)info.dwFileSubtype;
FileDate = DateTime.FromFileTime(info.dwFileDateMS * 0x100000000 + info.dwFileDateLS);
}
if(parent == StringFileInfo)
@@ -258,56 +202,40 @@ namespace libexeinfo
}
if(grandparent == StringFileInfo)
{
if(StringsByLanguage.TryGetValue(parent, out Dictionary<string, string> strings))
{
Encoding encoding;
try
{
encoding = Encoding.GetEncoding(Convert.ToInt32(parent.Substring(4), 16));
}
catch
{
encoding = Encoding.ASCII;
}
try { encoding = Encoding.GetEncoding(Convert.ToInt32(parent.Substring(4), 16)); }
catch { encoding = Encoding.ASCII; }
strings.Add(node.szName, encoding.GetString(node.rgbData));
}
}
if(node.children != null)
{
for(int i = 0; i < node.children.Length; i++)
DecodeNode(node.children[i], node.szName, parent);
}
}
/// <summary>
/// Converts a <see cref="VersionFileType" /> to string
/// </summary>
/// <returns>The string.</returns>
/// <param name="type"><see cref="VersionFileType"/></param>
/// <param name="type">
/// <see cref="VersionFileType" />
/// </param>
public static string TypeToString(VersionFileType type)
{
switch(type)
{
case VersionFileType.VFT_APP:
return "Application";
case VersionFileType.VFT_DLL:
return "Dynamic-link library";
case VersionFileType.VFT_DRV:
return "Device driver";
case VersionFileType.VFT_FONT:
return "Font";
case VersionFileType.VFT_STATIC_LIB:
return "Static-link library";
case VersionFileType.VFT_UNKNOWN:
return "Unknown";
case VersionFileType.VFT_VXD:
return "Virtual device";
default:
return string.Format("Unknown type code {0}", (uint)type);
case VersionFileType.VFT_APP: return "Application";
case VersionFileType.VFT_DLL: return "Dynamic-link library";
case VersionFileType.VFT_DRV: return "Device driver";
case VersionFileType.VFT_FONT: return "Font";
case VersionFileType.VFT_STATIC_LIB: return "Static-link library";
case VersionFileType.VFT_UNKNOWN: return "Unknown";
case VersionFileType.VFT_VXD: return "Virtual device";
default: return string.Format("Unknown type code {0}", (uint)type);
}
}
@@ -315,35 +243,25 @@ namespace libexeinfo
/// Converts a <see cref="VersionFileSubtype" /> to string, considering file type to be a driver
/// </summary>
/// <returns>The string.</returns>
/// <param name="subtype"><see cref="VersionFileSubtype"/></param>
/// <param name="subtype">
/// <see cref="VersionFileSubtype" />
/// </param>
public static string DriverToString(VersionFileSubtype subtype)
{
switch(subtype)
{
case VersionFileSubtype.VFT2_DRV_COMM:
return "Communications";
case VersionFileSubtype.VFT2_DRV_DISPLAY:
return "Display";
case VersionFileSubtype.VFT2_DRV_INSTALLABLE:
return "Installable";
case VersionFileSubtype.VFT2_DRV_KEYBOARD:
return "Keyboard";
case VersionFileSubtype.VFT2_DRV_LANGUAGE:
return "Language";
case VersionFileSubtype.VFT2_DRV_MOUSE:
return "Mouse";
case VersionFileSubtype.VFT2_DRV_NETWORK:
return "Network";
case VersionFileSubtype.VFT2_DRV_PRINTER:
return "Printer";
case VersionFileSubtype.VFT2_DRV_SOUND:
return "Sound";
case VersionFileSubtype.VFT2_DRV_SYSTEM:
return "System";
case VersionFileSubtype.VFT2_DRV_VERSIONED_PRINTER:
return "Versioned";
case VersionFileSubtype.VFT2_UNKNOWN:
return "Unknown";
case VersionFileSubtype.VFT2_DRV_COMM: return "Communications";
case VersionFileSubtype.VFT2_DRV_DISPLAY: return "Display";
case VersionFileSubtype.VFT2_DRV_INSTALLABLE: return "Installable";
case VersionFileSubtype.VFT2_DRV_KEYBOARD: return "Keyboard";
case VersionFileSubtype.VFT2_DRV_LANGUAGE: return "Language";
case VersionFileSubtype.VFT2_DRV_MOUSE: return "Mouse";
case VersionFileSubtype.VFT2_DRV_NETWORK: return "Network";
case VersionFileSubtype.VFT2_DRV_PRINTER: return "Printer";
case VersionFileSubtype.VFT2_DRV_SOUND: return "Sound";
case VersionFileSubtype.VFT2_DRV_SYSTEM: return "System";
case VersionFileSubtype.VFT2_DRV_VERSIONED_PRINTER: return "Versioned";
case VersionFileSubtype.VFT2_UNKNOWN: return "Unknown";
default:
return string.Format("Unknown type code {0}", (uint)subtype);
}
@@ -353,19 +271,17 @@ namespace libexeinfo
/// Converts a <see cref="VersionFileSubtype" /> to string, considering file type to be a font
/// </summary>
/// <returns>The string.</returns>
/// <param name="subtype"><see cref="VersionFileSubtype"/></param>
/// <param name="subtype">
/// <see cref="VersionFileSubtype" />
/// </param>
public static string FontToString(VersionFileSubtype subtype)
{
switch(subtype)
{
case VersionFileSubtype.VFT2_FONT_RASTER:
return "Raster";
case VersionFileSubtype.VFT2_FONT_TRUETYPE:
return "TrueType";
case VersionFileSubtype.VFT2_FONT_VECTOR:
return "Vector";
case VersionFileSubtype.VFT2_UNKNOWN:
return "Unknown";
case VersionFileSubtype.VFT2_FONT_RASTER: return "Raster";
case VersionFileSubtype.VFT2_FONT_TRUETYPE: return "TrueType";
case VersionFileSubtype.VFT2_FONT_VECTOR: return "Vector";
case VersionFileSubtype.VFT2_UNKNOWN: return "Unknown";
default:
return string.Format("Unknown type code {0}", (uint)subtype);
}
@@ -375,65 +291,46 @@ namespace libexeinfo
/// Converts a <see cref="VersionFileOS" /> to string
/// </summary>
/// <returns>The string.</returns>
/// <param name="os"><see cref="VersionFileOS"/></param>
/// <param name="os">
/// <see cref="VersionFileOS" />
/// </param>
public static string OsToString(VersionFileOS os)
{
switch(os)
{
case VersionFileOS.VOS_DOS:
return "DOS";
case VersionFileOS.VOS_NT:
return "Windows NT";
case VersionFileOS.VOS_WINDOWS16:
return "16-bit Windows";
case VersionFileOS.VOS_WINDOWS32:
return "32-bit Windows";
case VersionFileOS.VOS_OS216:
return "16-bit OS/2";
case VersionFileOS.VOS_OS232:
return "32-bit OS/2";
case VersionFileOS.VOS_PM16:
return "16-bit Presentation Manager";
case VersionFileOS.VOS_PM32:
return "32-bit Presentation Manager";
case VersionFileOS.VOS_UNKNOWN:
return "Unknown";
case VersionFileOS.VOS_DOS_NT:
return "DOS running under Windows NT";
case VersionFileOS.VOS_DOS_WINDOWS16:
return "16-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_WINDOWS32:
return "32-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_PM16:
return "16-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_DOS_PM32:
return "32-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_NT_WINDOWS16:
return "16-bit Windows running under Windows NT";
case VersionFileOS.VOS_NT_WINDOWS32:
return "32-bit Windows running under Windows NT";
case VersionFileOS.VOS_DOS: return "DOS";
case VersionFileOS.VOS_NT: return "Windows NT";
case VersionFileOS.VOS_WINDOWS16: return "16-bit Windows";
case VersionFileOS.VOS_WINDOWS32: return "32-bit Windows";
case VersionFileOS.VOS_OS216: return "16-bit OS/2";
case VersionFileOS.VOS_OS232: return "32-bit OS/2";
case VersionFileOS.VOS_PM16: return "16-bit Presentation Manager";
case VersionFileOS.VOS_PM32: return "32-bit Presentation Manager";
case VersionFileOS.VOS_UNKNOWN: return "Unknown";
case VersionFileOS.VOS_DOS_NT: return "DOS running under Windows NT";
case VersionFileOS.VOS_DOS_WINDOWS16: return "16-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_WINDOWS32: return "32-bit Windows running under DOS";
case VersionFileOS.VOS_DOS_PM16: return "16-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_DOS_PM32: return "32-bit Presentation Manager running under DOS";
case VersionFileOS.VOS_NT_WINDOWS16: return "16-bit Windows running under Windows NT";
case VersionFileOS.VOS_NT_WINDOWS32: return "32-bit Windows running under Windows NT";
case VersionFileOS.VOS_NT_PM16:
return "16-bit Presentation Manager running under Windows NT";
case VersionFileOS.VOS_NT_PM32:
return "32-bit Presentation Manager running under Windows NT";
case VersionFileOS.VOS_OS216_WINDOWS16:
return "16-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_WINDOWS32:
return "32-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_WINDOWS16: return "16-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_WINDOWS32: return "32-bit Windows running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_PM16:
return "16-bit Presentation Manager running under 16-bit OS/2";
case VersionFileOS.VOS_OS216_PM32:
return "32-bit Presentation Manager running under 16-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS16:
return "16-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS32:
return "32-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS16: return "16-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_WINDOWS32: return "32-bit Windows running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_PM16:
return "16-bit Presentation Manager running under 32-bit OS/2";
case VersionFileOS.VOS_OS232_PM32:
return "32-bit Presentation Manager running under 32-bit OS/2";
default:
return string.Format("Unknown OS code {0}", (uint)os);
default: return string.Format("Unknown OS code {0}", (uint)os);
}
}
}

168
libexeinfo/PE/Enums.cs
View File

@@ -25,12 +25,96 @@
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class PE
{
public enum DebugTypes : uint
{
/// <summary>
/// The following values defined for the Subsystem field of the optional header determine which Windows subsystem (if any) is required to run the image.
/// Unknown value, ignored by all tools.
/// </summary>
IMAGE_DEBUG_TYPE_UNKNOWN = 0,
/// <summary>
/// COFF debug information (line numbers, symbol table, and string table).
/// This type of debug information is also pointed to by fields in the file headers.
/// </summary>
IMAGE_DEBUG_TYPE_COFF = 1,
/// <summary>
/// CodeView debug information. The format of the data block is described
/// by the CV4 specification.
/// </summary>
IMAGE_DEBUG_TYPE_CODEVIEW = 2,
/// <summary>
/// Frame Pointer Omission (FPO) information. This information tells the
/// debugger how to interpret non-standard stack frames, which use the
/// EBP register for a purpose other than as a frame pointer.
/// </summary>
IMAGE_DEBUG_TYPE_FPO = 3,
IMAGE_DEBUG_TYPE_MISC = 4,
IMAGE_DEBUG_TYPE_EXCEPTION = 5,
IMAGE_DEBUG_TYPE_FIXUP = 6,
IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7,
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8,
IMAGE_DEBUG_TYPE_BORLAND = 9
}
/// <summary>
/// The following values are defined for the DllCharacteristics field of the optional header.
/// </summary>
[Flags]
public enum DllCharacteristics : ushort
{
/// <summary>
/// Image can handle a high entropy 64-bit virtual address space.
/// </summary>
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020,
/// <summary>
/// DLL can be relocated at load time.
/// </summary>
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
/// <summary>
/// Code Integrity checks are enforced.
/// </summary>
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
/// <summary>
/// Image is NX compatible.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
/// <summary>
/// Isolation aware, but do not isolate the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
/// <summary>
/// Does not use structured exception (SE) handling. No SE handler may be called in this image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
/// <summary>
/// Do not bind the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
/// <summary>
/// Image must execute in an AppContainer.
/// </summary>
IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000,
/// <summary>
/// A WDM driver.
/// </summary>
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
/// <summary>
/// Image supports Control Flow Guard.
/// </summary>
IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000,
/// <summary>
/// Terminal Server aware.
/// </summary>
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
}
/// <summary>
/// The following values defined for the Subsystem field of the optional header determine which Windows subsystem (if
/// any) is required to run the image.
/// </summary>
public enum Subsystems : ushort
{
@@ -90,88 +174,6 @@ namespace libexeinfo
/// Windows boot application
/// </summary>
IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16
}
/// <summary>
/// The following values are defined for the DllCharacteristics field of the optional header.
/// </summary>
[Flags]
public enum DllCharacteristics : ushort
{
/// <summary>
/// Image can handle a high entropy 64-bit virtual address space.
/// </summary>
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020,
/// <summary>
/// DLL can be relocated at load time.
/// </summary>
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
/// <summary>
/// Code Integrity checks are enforced.
/// </summary>
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
/// <summary>
/// Image is NX compatible.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
/// <summary>
/// Isolation aware, but do not isolate the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
/// <summary>
/// Does not use structured exception (SE) handling. No SE handler may be called in this image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
/// <summary>
/// Do not bind the image.
/// </summary>
IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
/// <summary>
/// Image must execute in an AppContainer.
/// </summary>
IMAGE_DLLCHARACTERISTICS_APPCONTAINER = 0x1000,
/// <summary>
/// A WDM driver.
/// </summary>
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000,
/// <summary>
/// Image supports Control Flow Guard.
/// </summary>
IMAGE_DLLCHARACTERISTICS_GUARD_CF = 0x4000,
/// <summary>
/// Terminal Server aware.
/// </summary>
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000
}
public enum DebugTypes : uint
{
/// <summary>
/// Unknown value, ignored by all tools.
/// </summary>
IMAGE_DEBUG_TYPE_UNKNOWN = 0,
/// <summary>
/// COFF debug information (line numbers, symbol table, and string table).
/// This type of debug information is also pointed to by fields in the file headers.
/// </summary>
IMAGE_DEBUG_TYPE_COFF = 1,
/// <summary>
/// CodeView debug information. The format of the data block is described
/// by the CV4 specification.
/// </summary>
IMAGE_DEBUG_TYPE_CODEVIEW = 2,
/// <summary>
/// Frame Pointer Omission (FPO) information. This information tells the
/// debugger how to interpret non-standard stack frames, which use the
/// EBP register for a purpose other than as a frame pointer.
/// </summary>
IMAGE_DEBUG_TYPE_FPO = 3,
IMAGE_DEBUG_TYPE_MISC = 4,
IMAGE_DEBUG_TYPE_EXCEPTION = 5,
IMAGE_DEBUG_TYPE_FIXUP = 6,
IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7,
IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8,
IMAGE_DEBUG_TYPE_BORLAND = 9
}
}
}

40
libexeinfo/PE/Info.cs
View File

@@ -24,9 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace libexeinfo
@@ -41,17 +38,21 @@ namespace libexeinfo
if(header.coff.optionalHeader.magic == PE32Plus)
sb.AppendFormat("\tExecutable base address: 0x{0:X16}", winheader.imageBase).AppendLine();
else
sb.AppendFormat("\tExecutable base address: 0x{0:X8}", winheader.imageBase).AppendLine();
else sb.AppendFormat("\tExecutable base address: 0x{0:X8}", winheader.imageBase).AppendLine();
sb.AppendFormat("\tSections are aligned to {0} bytes", winheader.sectionAlignment).AppendLine();
sb.AppendFormat("\tFile is aligned to {0} bytes", winheader.fileAlignment).AppendLine();
if(winheader.majorOperatingSystemVersion > 0 || winheader.minorOperatingSystemVersion > 0)
sb.AppendFormat("\tExecutable requires at least operating system version {0}.{1} to run", winheader.majorOperatingSystemVersion, winheader.minorOperatingSystemVersion).AppendLine();
sb.AppendFormat("\tExecutable requires at least operating system version {0}.{1} to run",
winheader.majorOperatingSystemVersion, winheader.minorOperatingSystemVersion)
.AppendLine();
if(winheader.majorImageVersion > 0 || winheader.minorImageVersion > 0)
sb.AppendFormat("\tExecutable version: {0}.{1}", winheader.majorImageVersion, winheader.minorImageVersion).AppendLine();
sb.AppendFormat("\tAccording to subsystem, executable is {0}", SubsystemToString(winheader.subsystem)).AppendLine();
sb.AppendFormat("\tExecutable version: {0}.{1}", winheader.majorImageVersion,
winheader.minorImageVersion).AppendLine();
sb.AppendFormat("\tAccording to subsystem, executable is {0}", SubsystemToString(winheader.subsystem))
.AppendLine();
if(winheader.majorSubsystemVersion > 0 || winheader.minorSubsystemVersion > 0)
sb.AppendFormat("\tExecutable requires at least subsystem version {0}.{1} to run", winheader.majorSubsystemVersion, winheader.minorSubsystemVersion).AppendLine();
sb.AppendFormat("\tExecutable requires at least subsystem version {0}.{1} to run",
winheader.majorSubsystemVersion, winheader.minorSubsystemVersion).AppendLine();
if(winheader.dllCharacteristics.HasFlag(DllCharacteristics.IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA))
sb.AppendLine("\tExecutable can handle a high entropy 64-bit virtual address space");
@@ -77,17 +78,22 @@ namespace libexeinfo
sb.AppendLine("\tExecutable is Terminal Server aware");
if(winheader.win32VersionValue > 0)
sb.AppendFormat("\tWin32 version value: {0}", winheader.win32VersionValue).AppendLine();
sb.AppendFormat("\tWin32 version value: {0}", winheader.win32VersionValue)
.AppendLine();
sb.AppendFormat("\tExecutable is {0} bytes", winheader.sizeOfImage).AppendLine();
sb.AppendFormat("\tHeaders are {0} bytes", winheader.sizeOfHeaders).AppendLine();
sb.AppendFormat("\tChecksum: 0x{0:X8}", winheader.checksum).AppendLine();
sb.AppendFormat("\t{0} bytes of stack should be reserved", winheader.sizeOfStackReserve).AppendLine();
sb.AppendFormat("\t{0} bytes of stack should be committed", winheader.sizeOfStackCommit).AppendLine();
sb.AppendFormat("\t{0} bytes of heap should be reserved", winheader.sizeOfHeapReserve).AppendLine();
sb.AppendFormat("\t{0} bytes of heap should be committed", winheader.sizeOfHeapCommit).AppendLine();
if (winheader.loaderFlags > 0)
sb.AppendFormat("\tLoader flags: {0}", winheader.loaderFlags).AppendLine();
sb.AppendFormat("\t{0} RVA entries follow the header", winheader.numberOfRvaAndSizes).AppendLine();
sb.AppendFormat("\t{0} bytes of stack should be reserved", winheader.sizeOfStackReserve)
.AppendLine();
sb.AppendFormat("\t{0} bytes of stack should be committed", winheader.sizeOfStackCommit)
.AppendLine();
sb.AppendFormat("\t{0} bytes of heap should be reserved", winheader.sizeOfHeapReserve)
.AppendLine();
sb.AppendFormat("\t{0} bytes of heap should be committed", winheader.sizeOfHeapCommit)
.AppendLine();
if(winheader.loaderFlags > 0) sb.AppendFormat("\tLoader flags: {0}", winheader.loaderFlags).AppendLine();
sb.AppendFormat("\t{0} RVA entries follow the header", winheader.numberOfRvaAndSizes)
.AppendLine();
return sb.ToString();
}

15
libexeinfo/PE/PE.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONPECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.IO;
using System.Runtime.InteropServices;
@@ -34,6 +35,7 @@ namespace libexeinfo
/// </summary>
public partial class PE
{
public readonly MZ BaseExecutable;
/// <summary>
/// The <see cref="FileStream" /> that contains the executable represented by this instance
/// </summary>
@@ -46,7 +48,6 @@ namespace libexeinfo
/// If true this instance correctly represents a Microsoft Portable Executable
/// </summary>
public readonly bool IsPE;
public readonly MZ BaseExecutable;
public readonly WindowsHeader64 WinHeader;
/// <summary>
@@ -59,7 +60,6 @@ namespace libexeinfo
BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -72,7 +72,6 @@ namespace libexeinfo
IsPE = Header.signature == Signature;
if(IsPE)
{
if(Header.coff.optionalHeader.magic == PE32Plus)
{
BaseStream.Position -= 4;
@@ -95,8 +94,6 @@ namespace libexeinfo
}
}
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="T:libexeinfo.PE" /> class.
@@ -108,7 +105,6 @@ namespace libexeinfo
BaseStream = stream;
BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -121,7 +117,6 @@ namespace libexeinfo
IsPE = Header.signature == Signature;
if(IsPE)
{
if(Header.coff.optionalHeader.magic == PE32Plus)
{
BaseStream.Position -= 4;
@@ -144,8 +139,6 @@ namespace libexeinfo
}
}
}
}
}
/// <summary>
/// Identifies if the specified executable is a Microsoft Portable Executable
@@ -157,7 +150,6 @@ namespace libexeinfo
FileStream BaseStream = File.Open(path, FileMode.Open, FileAccess.Read);
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -169,7 +161,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature;
}
}
return false;
}
@@ -184,7 +175,6 @@ namespace libexeinfo
FileStream BaseStream = stream;
MZ BaseExecutable = new MZ(BaseStream);
if(BaseExecutable.IsMZ)
{
if(BaseExecutable.Header.new_offset < BaseStream.Length)
{
BaseStream.Seek(BaseExecutable.Header.new_offset, SeekOrigin.Begin);
@@ -196,7 +186,6 @@ namespace libexeinfo
Marshal.FreeHGlobal(hdrPtr);
return Header.signature == Signature;
}
}
return false;
}

64
libexeinfo/PE/Structs.cs
View File

@@ -24,7 +24,6 @@
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Runtime.InteropServices;
using static libexeinfo.COFF;
@@ -39,28 +38,35 @@ namespace libexeinfo
public struct PEHeader
{
/// <summary>
/// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
/// After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file
/// as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
/// </summary>
public uint signature;
public COFFHeader coff;
}
/// <summary>
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is required by the linker and loader in Windows.
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is
/// required by the linker and loader in Windows.
/// </summary>
[StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct WindowsHeader
{
/// <summary>
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default
/// for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000,
/// Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// </summary>
public uint imageBase;
/// <summary>
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to FileAlignment. The default is the page size for the architecture.
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to
/// FileAlignment. The default is the page size for the architecture.
/// </summary>
public uint sectionAlignment;
/// <summary>
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the architecture's page size, then FileAlignment must match SectionAlignment.
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should
/// be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the
/// architecture's page size, then FileAlignment must match SectionAlignment.
/// </summary>
public uint fileAlignment;
/// <summary>
@@ -92,7 +98,8 @@ namespace libexeinfo
/// </summary>
public uint win32VersionValue;
/// <summary>
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of SectionAlignment.
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of
/// SectionAlignment.
/// </summary>
public uint sizeOfImage;
/// <summary>
@@ -100,7 +107,9 @@ namespace libexeinfo
/// </summary>
public uint sizeOfHeaders;
/// <summary>
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process.
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following
/// are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into
/// a critical Windows process.
/// </summary>
public uint checksum;
/// <summary>
@@ -112,7 +121,8 @@ namespace libexeinfo
/// </summary>
public DllCharacteristics dllCharacteristics;
/// <summary>
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached.
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a
/// time until the reserve size is reached.
/// </summary>
public uint sizeOfStackReserve;
/// <summary>
@@ -120,7 +130,8 @@ namespace libexeinfo
/// </summary>
public uint sizeOfStackCommit;
/// <summary>
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached.
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one
/// page at a time until the reserve size is reached.
/// </summary>
public uint sizeOfHeapReserve;
/// <summary>
@@ -138,21 +149,27 @@ namespace libexeinfo
}
/// <summary>
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is required by the linker and loader in Windows.
/// The next 21 fields are an extension to the COFF optional header format. They contain additional information that is
/// required by the linker and loader in Windows.
/// </summary>
[StructLayout(LayoutKind.Sequential /*, Pack = 2*/)]
public struct WindowsHeader64
{
/// <summary>
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000, Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// The preferred address of the first byte of image when loaded into memory; must be a multiple of 64 K. The default
/// for DLLs is 0x10000000. The default for Windows CE EXEs is 0x00010000. The default for Windows NT, Windows 2000,
/// Windows XP, Windows 95, Windows 98, and Windows Me is 0x00400000.
/// </summary>
public ulong imageBase;
/// <summary>
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to FileAlignment. The default is the page size for the architecture.
/// The alignment (in bytes) of sections when they are loaded into memory. It must be greater than or equal to
/// FileAlignment. The default is the page size for the architecture.
/// </summary>
public uint sectionAlignment;
/// <summary>
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the architecture's page size, then FileAlignment must match SectionAlignment.
/// The alignment factor (in bytes) that is used to align the raw data of sections in the image file. The value should
/// be a power of 2 between 512 and 64 K, inclusive. The default is 512. If the SectionAlignment is less than the
/// architecture's page size, then FileAlignment must match SectionAlignment.
/// </summary>
public uint fileAlignment;
/// <summary>
@@ -184,7 +201,8 @@ namespace libexeinfo
/// </summary>
public uint win32VersionValue;
/// <summary>
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of SectionAlignment.
/// The size (in bytes) of the image, including all headers, as the image is loaded in memory. It must be a multiple of
/// SectionAlignment.
/// </summary>
public uint sizeOfImage;
/// <summary>
@@ -192,7 +210,9 @@ namespace libexeinfo
/// </summary>
public uint sizeOfHeaders;
/// <summary>
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into a critical Windows process.
/// The image file checksum. The algorithm for computing the checksum is incorporated into IMAGHELP.DLL. The following
/// are checked for validation at load time: all drivers, any DLL loaded at boot time, and any DLL that is loaded into
/// a critical Windows process.
/// </summary>
public uint checksum;
/// <summary>
@@ -204,7 +224,8 @@ namespace libexeinfo
/// </summary>
public DllCharacteristics dllCharacteristics;
/// <summary>
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a time until the reserve size is reached.
/// The size of the stack to reserve. Only SizeOfStackCommit is committed; the rest is made available one page at a
/// time until the reserve size is reached.
/// </summary>
public ulong sizeOfStackReserve;
/// <summary>
@@ -212,7 +233,8 @@ namespace libexeinfo
/// </summary>
public ulong sizeOfStackCommit;
/// <summary>
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one page at a time until the reserve size is reached.
/// The size of the local heap space to reserve. Only SizeOfHeapCommit is committed; the rest is made available one
/// page at a time until the reserve size is reached.
/// </summary>
public ulong sizeOfHeapReserve;
/// <summary>
@@ -262,7 +284,8 @@ namespace libexeinfo
/// </summary>
public ushort minorVersion;
/// <summary>
/// Format of debugging information: this field enables support of multiple debuggers. <see cref="DebugTypes"/> for more information.
/// Format of debugging information: this field enables support of multiple debuggers. <see cref="DebugTypes" /> for
/// more information.
/// </summary>
public DebugTypes type;
/// <summary>
@@ -339,7 +362,8 @@ namespace libexeinfo
/// </summary>
public uint size;
/// <summary>
/// Code page used to decode code point values within the resource data.Typically, the code page would be the Unicode code page.
/// Code page used to decode code point values within the resource data.Typically, the code page would be the Unicode
/// code page.
/// </summary>
public uint codepage;
/// <summary>

44
libexeinfo/PE/Subsystems.cs
View File

@@ -23,7 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
namespace libexeinfo
{
public partial class PE
@@ -32,39 +32,23 @@ namespace libexeinfo
{
switch(subsystem)
{
/// <summary>
/// An unknown subsystem
/// </summary>
case Subsystems.IMAGE_SUBSYSTEM_UNKNOWN:
return "for an unknown subsystem with no code";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE:
return "an application for native Windows API";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_GUI:
return "an application for Windows GUI";
case Subsystems.IMAGE_SUBSYSTEM_UNKNOWN: return "for an unknown subsystem with no code";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE: return "an application for native Windows API";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_GUI: return "an application for Windows GUI";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CUI:
return "an application for Windows command-line";
case Subsystems.IMAGE_SUBSYSTEM_OS2_CUI:
return "an application for OS/2 command-line";
case Subsystems.IMAGE_SUBSYSTEM_POSIX_CUI:
return "an application for POSIX command-line";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE_WINDOWS:
return "a driver for Windows 9x";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CE_GUI:
return "an application for Windows CE";
case Subsystems.IMAGE_SUBSYSTEM_EFI_APPLICATION:
return "an EFI application";
case Subsystems.IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
return "an EFI boot services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
return "an EFI run-time services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_ROM:
return "an EFI ROM image";
case Subsystems.IMAGE_SUBSYSTEM_XBOX:
return "a Xbox executable";
case Subsystems.IMAGE_SUBSYSTEM_OS2_CUI: return "an application for OS/2 command-line";
case Subsystems.IMAGE_SUBSYSTEM_POSIX_CUI: return "an application for POSIX command-line";
case Subsystems.IMAGE_SUBSYSTEM_NATIVE_WINDOWS: return "a driver for Windows 9x";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_CE_GUI: return "an application for Windows CE";
case Subsystems.IMAGE_SUBSYSTEM_EFI_APPLICATION: return "an EFI application";
case Subsystems.IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: return "an EFI boot services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: return "an EFI run-time services driver";
case Subsystems.IMAGE_SUBSYSTEM_EFI_ROM: return "an EFI ROM image";
case Subsystems.IMAGE_SUBSYSTEM_XBOX: return "a Xbox executable";
case Subsystems.IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION:
return "an application for Windows Boot environment";
default:
return string.Format("for an unknown subsystem with code {0}", (ushort)subsystem);
default: return $"for an unknown subsystem with code {(ushort)subsystem}";
}
}
}

1
libexeinfo/Properties/AssemblyInfo.cs
View File

@@ -1,5 +1,4 @@
using System.Reflection;
using System.Runtime.CompilerServices;
// Information about this assembly is defined by the following attributes.
// Change them to the values specific to your project.

7
libexeinfo/Swapping.cs
View File

@@ -23,6 +23,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Linq;
@@ -98,9 +99,9 @@ namespace libexeinfo
public static ulong Swap(ulong x)
{
x = (x & 0x00000000FFFFFFFF) << 32 | (x & 0xFFFFFFFF00000000) >> 32;
x = (x & 0x0000FFFF0000FFFF) << 16 | (x & 0xFFFF0000FFFF0000) >> 16;
x = (x & 0x00FF00FF00FF00FF) << 8 | (x & 0xFF00FF00FF00FF00) >> 8;
x = ((x & 0x00000000FFFFFFFF) << 32) | ((x & 0xFFFFFFFF00000000) >> 32);
x = ((x & 0x0000FFFF0000FFFF) << 16) | ((x & 0xFFFF0000FFFF0000) >> 16);
x = ((x & 0x00FF00FF00FF00FF) << 8) | ((x & 0xFF00FF00FF00FF00) >> 8);
return x;
}