mirror of
https://github.com/sampletext32/ParkanPlayground.git
synced 2025-06-19 16:08:02 +03:00
clarify rva members
This commit is contained in:
bird_egop
19
.windsurfrules
Normal file
19
.windsurfrules
Normal file
@ -0,0 +1,19 @@
|
||||
when creating or edditing code, adjust namespace declaration style to oneliner, e.g. "namespace MyNamespace;".
|
||||
|
||||
always separate usings, namespaces, type declarations, methods and properties with empty line.
|
||||
|
||||
always add comments to the code, when the code is not trivial.
|
||||
|
||||
always put classes into separate files.
|
||||
|
||||
always try to build the project you've edited.
|
||||
|
||||
always summarize the changes you've made.
|
||||
|
||||
always add changes to git with descriptive comment, but be concise.
|
||||
|
||||
never use terminal commands to edit code. In case of a failure, write it to user and stop execution.
|
||||
|
||||
never address compiler warnings yourself. If you see a warning, suggest to address it.
|
||||
|
||||
when working with RVA variables, always add that to variable name, e.g. "nameRVA".
|
||||
@ -9,7 +9,7 @@ public class ExportDirectory
|
||||
public uint TimeDateStamp; // Time and date stamp
|
||||
public ushort MajorVersion; // Major version
|
||||
public ushort MinorVersion; // Minor version
|
||||
public uint Name; // RVA of the name of the DLL
|
||||
public uint DllNameRva; // RVA of the name of the DLL
|
||||
public string DllName; // The actual name of the DLL
|
||||
public uint Base; // Ordinal base
|
||||
public uint NumberOfFunctions; // Number of functions
|
||||
|
||||
@ -7,7 +7,7 @@ public class ExportedFunction
|
||||
{
|
||||
public string Name; // Function name
|
||||
public ushort Ordinal; // Function ordinal
|
||||
public uint Address; // Function RVA
|
||||
public uint AddressRva; // Function RVA
|
||||
public bool IsForwarder; // True if this is a forwarder
|
||||
public string ForwarderName; // Name of the forwarded function
|
||||
|
||||
|
||||
@ -5,12 +5,12 @@ namespace X86Disassembler.PE;
|
||||
/// </summary>
|
||||
public class ImportDescriptor
|
||||
{
|
||||
public uint OriginalFirstThunk; // RVA to original first thunk
|
||||
public uint OriginalFirstThunkRva; // RVA to original first thunk
|
||||
public uint TimeDateStamp; // Time and date stamp
|
||||
public uint ForwarderChain; // Forwarder chain
|
||||
public uint Name; // RVA to the name of the DLL
|
||||
public uint DllNameRva; // RVA to the name of the DLL
|
||||
public string DllName; // The actual name of the DLL
|
||||
public uint FirstThunk; // RVA to first thunk
|
||||
public uint FirstThunkRva; // RVA to first thunk
|
||||
|
||||
public List<ImportedFunction> Functions { get; } = new List<ImportedFunction>();
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@ public class ImportedFunction
|
||||
public ushort Hint; // Hint value
|
||||
public bool IsOrdinal; // True if imported by ordinal
|
||||
public ushort Ordinal; // Ordinal value (if imported by ordinal)
|
||||
public uint ThunkRVA; // RVA of the thunk for this function
|
||||
public uint ThunkRva; // RVA of the thunk for this function
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new instance of the ImportedFunction class
|
||||
|
||||
@ -58,7 +58,7 @@ public class OptionalHeader
|
||||
SizeOfHeapCommit = 0u;
|
||||
|
||||
// Initialize array to avoid nullability warning
|
||||
DataDirectories = new DataDirectory[0];
|
||||
DataDirectories = [];
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
||||
@ -141,7 +141,12 @@ public class PEFormat
|
||||
uint exportDirSize = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
|
||||
|
||||
ExportDirectory = _exportDirectoryParser.Parse(reader, exportDirRva);
|
||||
ExportedFunctions = _exportDirectoryParser.ParseExportedFunctions(reader, ExportDirectory, exportDirRva, exportDirSize);
|
||||
ExportedFunctions = _exportDirectoryParser.ParseExportedFunctions(
|
||||
reader,
|
||||
ExportDirectory,
|
||||
exportDirRva,
|
||||
exportDirSize
|
||||
);
|
||||
}
|
||||
|
||||
// Parse Import Descriptors
|
||||
@ -177,7 +182,13 @@ public class PEFormat
|
||||
SectionHeader section = SectionHeaders[sectionIndex];
|
||||
byte[] sectionData = new byte[section.SizeOfRawData];
|
||||
|
||||
Array.Copy(_fileData, section.PointerToRawData, sectionData, 0, section.SizeOfRawData);
|
||||
Array.Copy(
|
||||
_fileData,
|
||||
section.PointerToRawData,
|
||||
sectionData,
|
||||
0,
|
||||
section.SizeOfRawData
|
||||
);
|
||||
|
||||
return sectionData;
|
||||
}
|
||||
@ -210,7 +221,8 @@ public class PEFormat
|
||||
|
||||
for (int i = 0; i < SectionHeaders.Count; i++)
|
||||
{
|
||||
if (SectionHeaders[i].ContainsCode())
|
||||
if (SectionHeaders[i]
|
||||
.ContainsCode())
|
||||
{
|
||||
codeSections.Add(i);
|
||||
}
|
||||
|
||||
@ -30,7 +30,7 @@ public class ExportDirectoryParser
|
||||
directory.TimeDateStamp = reader.ReadUInt32();
|
||||
directory.MajorVersion = reader.ReadUInt16();
|
||||
directory.MinorVersion = reader.ReadUInt16();
|
||||
directory.Name = reader.ReadUInt32();
|
||||
directory.DllNameRva = reader.ReadUInt32();
|
||||
directory.Base = reader.ReadUInt32();
|
||||
directory.NumberOfFunctions = reader.ReadUInt32();
|
||||
directory.NumberOfNames = reader.ReadUInt32();
|
||||
@ -41,7 +41,7 @@ public class ExportDirectoryParser
|
||||
// Read the DLL name
|
||||
try
|
||||
{
|
||||
uint dllNameRVA = directory.Name;
|
||||
uint dllNameRVA = directory.DllNameRva;
|
||||
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
|
||||
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
|
||||
|
||||
@ -134,7 +134,7 @@ public class ExportDirectoryParser
|
||||
|
||||
ExportedFunction function = new ExportedFunction();
|
||||
function.Ordinal = (ushort)(i + directory.Base);
|
||||
function.Address = functionRVA;
|
||||
function.AddressRva = functionRVA;
|
||||
|
||||
// Check if this function has a name
|
||||
if (ordinalToName.TryGetValue(i, out string? name))
|
||||
|
||||
@ -50,11 +50,11 @@ public class ImportDescriptorParser
|
||||
|
||||
ImportDescriptor descriptor = new ImportDescriptor
|
||||
{
|
||||
OriginalFirstThunk = originalFirstThunk,
|
||||
OriginalFirstThunkRva = originalFirstThunk,
|
||||
TimeDateStamp = timeDateStamp,
|
||||
ForwarderChain = forwarderChain,
|
||||
Name = nameRva,
|
||||
FirstThunk = firstThunk,
|
||||
DllNameRva = nameRva,
|
||||
FirstThunkRva = firstThunk,
|
||||
DllName = "Unknown" // Default name in case we can't read it
|
||||
};
|
||||
|
||||
@ -111,7 +111,7 @@ public class ImportDescriptorParser
|
||||
try
|
||||
{
|
||||
// Use OriginalFirstThunk if available, otherwise use FirstThunk
|
||||
uint thunkRva = descriptor.OriginalFirstThunk != 0 ? descriptor.OriginalFirstThunk : descriptor.FirstThunk;
|
||||
uint thunkRva = descriptor.OriginalFirstThunkRva != 0 ? descriptor.OriginalFirstThunkRva : descriptor.FirstThunkRva;
|
||||
|
||||
if (thunkRva == 0)
|
||||
{
|
||||
@ -133,7 +133,7 @@ public class ImportDescriptorParser
|
||||
|
||||
ImportedFunction function = new ImportedFunction
|
||||
{
|
||||
ThunkRVA = thunkRva + (uint)(functionCount * 4)
|
||||
ThunkRva = thunkRva + (uint)(functionCount * 4)
|
||||
};
|
||||
|
||||
// Check if imported by ordinal (high bit set)
|
||||
|
||||
@ -99,7 +99,7 @@ internal class Program
|
||||
for (int i = 0; i < peFormat.ExportedFunctions.Count; i++)
|
||||
{
|
||||
var function = peFormat.ExportedFunctions[i];
|
||||
Console.WriteLine($" {i}: {function.Name} (Ordinal={function.Ordinal}, RVA=0x{function.Address:X8})");
|
||||
Console.WriteLine($" {i}: {function.Name} (Ordinal={function.Ordinal}, RVA=0x{function.AddressRva:X8})");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user