mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-06-20 00:18:02 +03:00
Code Issues Releases Activity

Update code style to follow project rules with one-liner namespace declarations

Browse Source
This commit is contained in:
bird_egop
2025-04-12 18:23:18 +03:00
parent 53de948376
commit 6a69b0b91b
16 changed files with 1126 additions and 1172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
X86Disassembler/PE/Parsers/DOSHeaderParser.cs
View File

@ -1,63 +1,59 @@
using System;
using System.IO;
namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers
/// <summary>
/// Parser for the DOS header of a PE file
/// </summary>
public class DOSHeaderParser : IParser<DOSHeader>
{
// DOS Header constants
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
/// <summary>
/// Parser for the DOS header of a PE file
/// Parse the DOS header from the binary reader
/// </summary>
public class DOSHeaderParser : IParser<DOSHeader>
/// <param name="reader">The binary reader positioned at the start of the DOS header</param>
/// <returns>The parsed DOS header</returns>
public DOSHeader Parse(BinaryReader reader)
{
// DOS Header constants
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
DOSHeader header = new DOSHeader();
/// <summary>
/// Parse the DOS header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the DOS header</param>
/// <returns>The parsed DOS header</returns>
public DOSHeader Parse(BinaryReader reader)
header.e_magic = reader.ReadUInt16();
if (header.e_magic != DOS_SIGNATURE)
{
DOSHeader header = new DOSHeader();
header.e_magic = reader.ReadUInt16();
if (header.e_magic != DOS_SIGNATURE)
{
throw new InvalidDataException("Invalid DOS signature (MZ)");
}
header.e_cblp = reader.ReadUInt16();
header.e_cp = reader.ReadUInt16();
header.e_crlc = reader.ReadUInt16();
header.e_cparhdr = reader.ReadUInt16();
header.e_minalloc = reader.ReadUInt16();
header.e_maxalloc = reader.ReadUInt16();
header.e_ss = reader.ReadUInt16();
header.e_sp = reader.ReadUInt16();
header.e_csum = reader.ReadUInt16();
header.e_ip = reader.ReadUInt16();
header.e_cs = reader.ReadUInt16();
header.e_lfarlc = reader.ReadUInt16();
header.e_ovno = reader.ReadUInt16();
header.e_res = new ushort[4];
for (int i = 0; i < 4; i++)
{
header.e_res[i] = reader.ReadUInt16();
}
header.e_oemid = reader.ReadUInt16();
header.e_oeminfo = reader.ReadUInt16();
header.e_res2 = new ushort[10];
for (int i = 0; i < 10; i++)
{
header.e_res2[i] = reader.ReadUInt16();
}
header.e_lfanew = reader.ReadUInt32();
return header;
throw new InvalidDataException("Invalid DOS signature (MZ)");
}
header.e_cblp = reader.ReadUInt16();
header.e_cp = reader.ReadUInt16();
header.e_crlc = reader.ReadUInt16();
header.e_cparhdr = reader.ReadUInt16();
header.e_minalloc = reader.ReadUInt16();
header.e_maxalloc = reader.ReadUInt16();
header.e_ss = reader.ReadUInt16();
header.e_sp = reader.ReadUInt16();
header.e_csum = reader.ReadUInt16();
header.e_ip = reader.ReadUInt16();
header.e_cs = reader.ReadUInt16();
header.e_lfarlc = reader.ReadUInt16();
header.e_ovno = reader.ReadUInt16();
header.e_res = new ushort[4];
for (int i = 0; i < 4; i++)
{
header.e_res[i] = reader.ReadUInt16();
}
header.e_oemid = reader.ReadUInt16();
header.e_oeminfo = reader.ReadUInt16();
header.e_res2 = new ushort[10];
for (int i = 0; i < 10; i++)
{
header.e_res2[i] = reader.ReadUInt16();
}
header.e_lfanew = reader.ReadUInt32();
return header;
}
}

320
X86Disassembler/PE/Parsers/ExportDirectoryParser.cs
View File

@ -1,176 +1,172 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace X86Disassembler.PE.Parsers
namespace X86Disassembler.PE.Parsers;
/// <summary>
/// Parser for the Export Directory of a PE file
/// </summary>
public class ExportDirectoryParser
{
/// <summary>
/// Parser for the Export Directory of a PE file
/// </summary>
public class ExportDirectoryParser
private readonly PEUtility _utility;
public ExportDirectoryParser(PEUtility utility)
{
private readonly PEUtility _utility;
_utility = utility;
}
/// <summary>
/// Parse the Export Directory from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Export Directory</param>
/// <returns>The parsed Export Directory</returns>
public ExportDirectory Parse(BinaryReader reader, uint rva)
{
ExportDirectory directory = new ExportDirectory();
public ExportDirectoryParser(PEUtility utility)
reader.BaseStream.Seek(_utility.RvaToOffset(rva), SeekOrigin.Begin);
directory.Characteristics = reader.ReadUInt32();
directory.TimeDateStamp = reader.ReadUInt32();
directory.MajorVersion = reader.ReadUInt16();
directory.MinorVersion = reader.ReadUInt16();
directory.Name = reader.ReadUInt32();
directory.Base = reader.ReadUInt32();
directory.NumberOfFunctions = reader.ReadUInt32();
directory.NumberOfNames = reader.ReadUInt32();
directory.AddressOfFunctions = reader.ReadUInt32();
directory.AddressOfNames = reader.ReadUInt32();
directory.AddressOfNameOrdinals = reader.ReadUInt32();
// Read the DLL name
try
{
_utility = utility;
uint dllNameRVA = directory.Name;
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
directory.DllName = nameBuilder.ToString();
}
catch (Exception)
{
directory.DllName = "Unknown";
}
/// <summary>
/// Parse the Export Directory from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Export Directory</param>
/// <returns>The parsed Export Directory</returns>
public ExportDirectory Parse(BinaryReader reader, uint rva)
{
ExportDirectory directory = new ExportDirectory();
reader.BaseStream.Seek(_utility.RvaToOffset(rva), SeekOrigin.Begin);
directory.Characteristics = reader.ReadUInt32();
directory.TimeDateStamp = reader.ReadUInt32();
directory.MajorVersion = reader.ReadUInt16();
directory.MinorVersion = reader.ReadUInt16();
directory.Name = reader.ReadUInt32();
directory.Base = reader.ReadUInt32();
directory.NumberOfFunctions = reader.ReadUInt32();
directory.NumberOfNames = reader.ReadUInt32();
directory.AddressOfFunctions = reader.ReadUInt32();
directory.AddressOfNames = reader.ReadUInt32();
directory.AddressOfNameOrdinals = reader.ReadUInt32();
// Read the DLL name
try
{
uint dllNameRVA = directory.Name;
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
directory.DllName = nameBuilder.ToString();
}
catch (Exception)
{
directory.DllName = "Unknown";
}
return directory;
}
return directory;
}
/// <summary>
/// Parse the exported functions using the export directory information
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="directory">The Export Directory</param>
/// <param name="exportDirRva">The RVA of the Export Directory</param>
/// <param name="exportDirSize">The size of the Export Directory</param>
/// <returns>List of exported functions</returns>
public List<ExportedFunction> ParseExportedFunctions(BinaryReader reader, ExportDirectory directory, uint exportDirRva, uint exportDirSize)
{
List<ExportedFunction> exportedFunctions = new List<ExportedFunction>();
/// <summary>
/// Parse the exported functions using the export directory information
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="directory">The Export Directory</param>
/// <param name="exportDirRva">The RVA of the Export Directory</param>
/// <param name="exportDirSize">The size of the Export Directory</param>
/// <returns>List of exported functions</returns>
public List<ExportedFunction> ParseExportedFunctions(BinaryReader reader, ExportDirectory directory, uint exportDirRva, uint exportDirSize)
if (directory == null)
{
List<ExportedFunction> exportedFunctions = new List<ExportedFunction>();
if (directory == null)
{
return exportedFunctions;
}
// Read the array of function addresses (RVAs)
uint[] functionRVAs = new uint[directory.NumberOfFunctions];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfFunctions), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfFunctions; i++)
{
functionRVAs[i] = reader.ReadUInt32();
}
// Read the array of name RVAs
uint[] nameRVAs = new uint[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNames), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameRVAs[i] = reader.ReadUInt32();
}
// Read the array of name ordinals
ushort[] nameOrdinals = new ushort[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNameOrdinals), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameOrdinals[i] = reader.ReadUInt16();
}
// Create a dictionary to map ordinals to names
Dictionary<ushort, string> ordinalToName = new Dictionary<ushort, string>();
for (int i = 0; i < directory.NumberOfNames; i++)
{
// Read the function name
reader.BaseStream.Seek(_utility.RvaToOffset(nameRVAs[i]), SeekOrigin.Begin);
List<byte> nameBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBytes.Add(b);
}
string name = Encoding.ASCII.GetString(nameBytes.ToArray());
// Map the ordinal to the name
ordinalToName[nameOrdinals[i]] = name;
}
// Create the exported functions
for (ushort i = 0; i < directory.NumberOfFunctions; i++)
{
uint functionRVA = functionRVAs[i];
if (functionRVA == 0)
{
continue; // Skip empty entries
}
ExportedFunction function = new ExportedFunction();
function.Ordinal = (ushort)(i + directory.Base);
function.Address = functionRVA;
// Check if this function has a name
if (ordinalToName.TryGetValue(i, out string? name))
{
function.Name = name ?? $"Ordinal_{function.Ordinal}";
}
else
{
function.Name = $"Ordinal_{function.Ordinal}";
}
// Check if this is a forwarder
uint exportDirEnd = exportDirRva + exportDirSize;
if (functionRVA >= exportDirRva && functionRVA < exportDirEnd)
{
function.IsForwarder = true;
// Read the forwarder string
reader.BaseStream.Seek(_utility.RvaToOffset(functionRVA), SeekOrigin.Begin);
List<byte> forwarderBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
forwarderBytes.Add(b);
}
function.ForwarderName = Encoding.ASCII.GetString(forwarderBytes.ToArray());
}
exportedFunctions.Add(function);
}
return exportedFunctions;
}
// Read the array of function addresses (RVAs)
uint[] functionRVAs = new uint[directory.NumberOfFunctions];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfFunctions), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfFunctions; i++)
{
functionRVAs[i] = reader.ReadUInt32();
}
// Read the array of name RVAs
uint[] nameRVAs = new uint[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNames), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameRVAs[i] = reader.ReadUInt32();
}
// Read the array of name ordinals
ushort[] nameOrdinals = new ushort[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNameOrdinals), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameOrdinals[i] = reader.ReadUInt16();
}
// Create a dictionary to map ordinals to names
Dictionary<ushort, string> ordinalToName = new Dictionary<ushort, string>();
for (int i = 0; i < directory.NumberOfNames; i++)
{
// Read the function name
reader.BaseStream.Seek(_utility.RvaToOffset(nameRVAs[i]), SeekOrigin.Begin);
List<byte> nameBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBytes.Add(b);
}
string name = Encoding.ASCII.GetString(nameBytes.ToArray());
// Map the ordinal to the name
ordinalToName[nameOrdinals[i]] = name;
}
// Create the exported functions
for (ushort i = 0; i < directory.NumberOfFunctions; i++)
{
uint functionRVA = functionRVAs[i];
if (functionRVA == 0)
{
continue; // Skip empty entries
}
ExportedFunction function = new ExportedFunction();
function.Ordinal = (ushort)(i + directory.Base);
function.Address = functionRVA;
// Check if this function has a name
if (ordinalToName.TryGetValue(i, out string? name))
{
function.Name = name ?? $"Ordinal_{function.Ordinal}";
}
else
{
function.Name = $"Ordinal_{function.Ordinal}";
}
// Check if this is a forwarder
uint exportDirEnd = exportDirRva + exportDirSize;
if (functionRVA >= exportDirRva && functionRVA < exportDirEnd)
{
function.IsForwarder = true;
// Read the forwarder string
reader.BaseStream.Seek(_utility.RvaToOffset(functionRVA), SeekOrigin.Begin);
List<byte> forwarderBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
forwarderBytes.Add(b);
}
function.ForwarderName = Encoding.ASCII.GetString(forwarderBytes.ToArray());
}
exportedFunctions.Add(function);
}
return exportedFunctions;
}
}

43
X86Disassembler/PE/Parsers/FileHeaderParser.cs
View File

@ -1,30 +1,27 @@
using System.IO;
namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers
/// <summary>
/// Parser for the File header of a PE file
/// </summary>
public class FileHeaderParser : IParser<FileHeader>
{
/// <summary>
/// Parser for the File header of a PE file
/// Parse the File header from the binary reader
/// </summary>
public class FileHeaderParser : IParser<FileHeader>
/// <param name="reader">The binary reader positioned at the start of the File header</param>
/// <returns>The parsed File header</returns>
public FileHeader Parse(BinaryReader reader)
{
/// <summary>
/// Parse the File header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the File header</param>
/// <returns>The parsed File header</returns>
public FileHeader Parse(BinaryReader reader)
{
FileHeader header = new FileHeader();
header.Machine = reader.ReadUInt16();
header.NumberOfSections = reader.ReadUInt16();
header.TimeDateStamp = reader.ReadUInt32();
header.PointerToSymbolTable = reader.ReadUInt32();
header.NumberOfSymbols = reader.ReadUInt32();
header.SizeOfOptionalHeader = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt16();
return header;
}
FileHeader header = new FileHeader();
header.Machine = reader.ReadUInt16();
header.NumberOfSections = reader.ReadUInt16();
header.TimeDateStamp = reader.ReadUInt32();
header.PointerToSymbolTable = reader.ReadUInt32();
header.NumberOfSymbols = reader.ReadUInt32();
header.SizeOfOptionalHeader = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt16();
return header;
}
}

23
X86Disassembler/PE/Parsers/IParser.cs
View File

@ -1,18 +1,15 @@
using System.IO;
namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers
/// <summary>
/// Interface for PE format component parsers
/// </summary>
/// <typeparam name="T">The type of component to parse</typeparam>
public interface IParser<out T>
{
/// <summary>
/// Interface for PE format component parsers
/// Parse a component from the binary reader
/// </summary>
/// <typeparam name="T">The type of component to parse</typeparam>
public interface IParser<T>
{
/// <summary>
/// Parse a component from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the component</param>
/// <returns>The parsed component</returns>
T Parse(BinaryReader reader);
}
/// <param name="reader">The binary reader positioned at the start of the component</param>
/// <returns>The parsed component</returns>
T Parse(BinaryReader reader);
}

328
X86Disassembler/PE/Parsers/ImportDescriptorParser.cs
View File

@ -1,192 +1,188 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace X86Disassembler.PE.Parsers
namespace X86Disassembler.PE.Parsers;
/// <summary>
/// Parser for Import Descriptors in a PE file
/// </summary>
public class ImportDescriptorParser
{
/// <summary>
/// Parser for Import Descriptors in a PE file
/// </summary>
public class ImportDescriptorParser
private readonly PEUtility _utility;
public ImportDescriptorParser(PEUtility utility)
{
private readonly PEUtility _utility;
_utility = utility;
}
/// <summary>
/// Parse the Import Descriptors from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Import Directory</param>
/// <returns>List of Import Descriptors</returns>
public List<ImportDescriptor> Parse(BinaryReader reader, uint rva)
{
List<ImportDescriptor> descriptors = new List<ImportDescriptor>();
public ImportDescriptorParser(PEUtility utility)
try
{
_utility = utility;
uint importTableOffset = _utility.RvaToOffset(rva);
reader.BaseStream.Seek(importTableOffset, SeekOrigin.Begin);
int descriptorCount = 0;
while (true)
{
descriptorCount++;
// Read the import descriptor
uint originalFirstThunk = reader.ReadUInt32();
uint timeDateStamp = reader.ReadUInt32();
uint forwarderChain = reader.ReadUInt32();
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
// Check if we've reached the end of the import descriptors
if (originalFirstThunk == 0 && nameRva == 0 && firstThunk == 0)
{
break;
}
ImportDescriptor descriptor = new ImportDescriptor
{
OriginalFirstThunk = originalFirstThunk,
TimeDateStamp = timeDateStamp,
ForwarderChain = forwarderChain,
Name = nameRva,
FirstThunk = firstThunk,
DllName = "Unknown" // Default name in case we can't read it
};
// Try to read the DLL name
try
{
if (nameRva != 0)
{
uint nameOffset = _utility.RvaToOffset(nameRva);
reader.BaseStream.Seek(nameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
descriptor.DllName = nameBuilder.ToString();
}
}
catch (Exception)
{
// If we can't read the name, keep the default "Unknown"
}
// Parse the imported functions
ParseImportedFunctions(reader, descriptor);
descriptors.Add(descriptor);
// Return to the import table to read the next descriptor
reader.BaseStream.Seek(importTableOffset + (descriptorCount * 20), SeekOrigin.Begin);
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing import descriptors: {ex.Message}");
// Return whatever descriptors we've managed to parse
}
/// <summary>
/// Parse the Import Descriptors from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Import Directory</param>
/// <returns>List of Import Descriptors</returns>
public List<ImportDescriptor> Parse(BinaryReader reader, uint rva)
return descriptors;
}
/// <summary>
/// Parse the imported functions for a given import descriptor
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="descriptor">The Import Descriptor</param>
private void ParseImportedFunctions(BinaryReader reader, ImportDescriptor descriptor)
{
try
{
List<ImportDescriptor> descriptors = new List<ImportDescriptor>();
// Use OriginalFirstThunk if available, otherwise use FirstThunk
uint thunkRva = descriptor.OriginalFirstThunk != 0 ? descriptor.OriginalFirstThunk : descriptor.FirstThunk;
try
if (thunkRva == 0)
{
uint importTableOffset = _utility.RvaToOffset(rva);
reader.BaseStream.Seek(importTableOffset, SeekOrigin.Begin);
return; // No functions to parse
}
uint thunkOffset = _utility.RvaToOffset(thunkRva);
int functionCount = 0;
while (true)
{
reader.BaseStream.Seek(thunkOffset + (functionCount * 4), SeekOrigin.Begin);
uint thunkData = reader.ReadUInt32();
int descriptorCount = 0;
while (true)
if (thunkData == 0)
{
descriptorCount++;
// Read the import descriptor
uint originalFirstThunk = reader.ReadUInt32();
uint timeDateStamp = reader.ReadUInt32();
uint forwarderChain = reader.ReadUInt32();
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
// Check if we've reached the end of the import descriptors
if (originalFirstThunk == 0 && nameRva == 0 && firstThunk == 0)
{
break;
}
ImportDescriptor descriptor = new ImportDescriptor
{
OriginalFirstThunk = originalFirstThunk,
TimeDateStamp = timeDateStamp,
ForwarderChain = forwarderChain,
Name = nameRva,
FirstThunk = firstThunk,
DllName = "Unknown" // Default name in case we can't read it
};
// Try to read the DLL name
break; // End of the function list
}
ImportedFunction function = new ImportedFunction
{
ThunkRVA = thunkRva + (uint)(functionCount * 4)
};
// Check if imported by ordinal (high bit set)
if ((thunkData & 0x80000000) != 0)
{
function.IsOrdinal = true;
function.Ordinal = (ushort)(thunkData & 0xFFFF);
function.Name = $"Ordinal {function.Ordinal}";
}
else
{
// Imported by name - the thunkData is an RVA to a hint/name structure
try
{
if (nameRva != 0)
uint hintNameOffset = _utility.RvaToOffset(thunkData);
reader.BaseStream.Seek(hintNameOffset, SeekOrigin.Begin);
// Read the hint (2 bytes)
function.Hint = reader.ReadUInt16();
// Read the function name (null-terminated ASCII string)
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
uint nameOffset = _utility.RvaToOffset(nameRva);
reader.BaseStream.Seek(nameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
descriptor.DllName = nameBuilder.ToString();
nameBuilder.Append((char)b);
}
}
catch (Exception)
{
// If we can't read the name, keep the default "Unknown"
}
// Parse the imported functions
ParseImportedFunctions(reader, descriptor);
descriptors.Add(descriptor);
// Return to the import table to read the next descriptor
reader.BaseStream.Seek(importTableOffset + (descriptorCount * 20), SeekOrigin.Begin);
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing import descriptors: {ex.Message}");
// Return whatever descriptors we've managed to parse
}
return descriptors;
}
/// <summary>
/// Parse the imported functions for a given import descriptor
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="descriptor">The Import Descriptor</param>
private void ParseImportedFunctions(BinaryReader reader, ImportDescriptor descriptor)
{
try
{
// Use OriginalFirstThunk if available, otherwise use FirstThunk
uint thunkRva = descriptor.OriginalFirstThunk != 0 ? descriptor.OriginalFirstThunk : descriptor.FirstThunk;
if (thunkRva == 0)
{
return; // No functions to parse
}
uint thunkOffset = _utility.RvaToOffset(thunkRva);
int functionCount = 0;
while (true)
{
reader.BaseStream.Seek(thunkOffset + (functionCount * 4), SeekOrigin.Begin);
uint thunkData = reader.ReadUInt32();
if (thunkData == 0)
{
break; // End of the function list
}
ImportedFunction function = new ImportedFunction
{
ThunkRVA = thunkRva + (uint)(functionCount * 4)
};
// Check if imported by ordinal (high bit set)
if ((thunkData & 0x80000000) != 0)
{
function.IsOrdinal = true;
function.Ordinal = (ushort)(thunkData & 0xFFFF);
function.Name = $"Ordinal {function.Ordinal}";
}
else
{
// Imported by name - the thunkData is an RVA to a hint/name structure
try
{
uint hintNameOffset = _utility.RvaToOffset(thunkData);
reader.BaseStream.Seek(hintNameOffset, SeekOrigin.Begin);
// Read the hint (2 bytes)
function.Hint = reader.ReadUInt16();
// Read the function name (null-terminated ASCII string)
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
function.Name = nameBuilder.ToString();
if (string.IsNullOrEmpty(function.Name))
{
function.Name = $"Function_at_{thunkData:X8}";
}
}
catch (Exception)
function.Name = nameBuilder.ToString();
if (string.IsNullOrEmpty(function.Name))
{
function.Name = $"Function_at_{thunkData:X8}";
}
}
descriptor.Functions.Add(function);
functionCount++;
catch (Exception)
{
function.Name = $"Function_at_{thunkData:X8}";
}
}
descriptor.Functions.Add(function);
functionCount++;
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing imported functions for {descriptor.DllName}: {ex.Message}");
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing imported functions for {descriptor.DllName}: {ex.Message}");
}
}
}

204
X86Disassembler/PE/Parsers/OptionalHeaderParser.cs
View File

@ -1,114 +1,110 @@
using System;
using System.IO;
namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers
/// <summary>
/// Parser for the Optional header of a PE file
/// </summary>
public class OptionalHeaderParser : IParser<OptionalHeader>
{
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
/// <summary>
/// Parser for the Optional header of a PE file
/// Parse the Optional header from the binary reader
/// </summary>
public class OptionalHeaderParser : IParser<OptionalHeader>
/// <param name="reader">The binary reader positioned at the start of the Optional header</param>
/// <returns>The parsed Optional header</returns>
public OptionalHeader Parse(BinaryReader reader)
{
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
/// <summary>
/// Parse the Optional header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the Optional header</param>
/// <returns>The parsed Optional header</returns>
public OptionalHeader Parse(BinaryReader reader)
OptionalHeader header = new OptionalHeader();
bool is64Bit;
// Standard fields
header.Magic = reader.ReadUInt16();
// Determine if this is a PE32 or PE32+ file
is64Bit = header.Magic == PE32PLUS_MAGIC;
header.MajorLinkerVersion = reader.ReadByte();
header.MinorLinkerVersion = reader.ReadByte();
header.SizeOfCode = reader.ReadUInt32();
header.SizeOfInitializedData = reader.ReadUInt32();
header.SizeOfUninitializedData = reader.ReadUInt32();
header.AddressOfEntryPoint = reader.ReadUInt32();
header.BaseOfCode = reader.ReadUInt32();
// PE32 has BaseOfData, PE32+ doesn't
if (!is64Bit)
{
OptionalHeader header = new OptionalHeader();
bool is64Bit;
// Standard fields
header.Magic = reader.ReadUInt16();
// Determine if this is a PE32 or PE32+ file
is64Bit = header.Magic == PE32PLUS_MAGIC;
header.MajorLinkerVersion = reader.ReadByte();
header.MinorLinkerVersion = reader.ReadByte();
header.SizeOfCode = reader.ReadUInt32();
header.SizeOfInitializedData = reader.ReadUInt32();
header.SizeOfUninitializedData = reader.ReadUInt32();
header.AddressOfEntryPoint = reader.ReadUInt32();
header.BaseOfCode = reader.ReadUInt32();
// PE32 has BaseOfData, PE32+ doesn't
if (!is64Bit)
{
header.BaseOfData = reader.ReadUInt32();
}
// Windows-specific fields
if (is64Bit)
{
header.ImageBase = reader.ReadUInt64();
}
else
{
header.ImageBase = reader.ReadUInt32();
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = reader.ReadUInt16();
header.DllCharacteristics = reader.ReadUInt16();
// Size fields differ between PE32 and PE32+
if (is64Bit)
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
// Data directories
int numDirectories = (int)Math.Min(header.NumberOfRvaAndSizes, 16); // Maximum of 16 directories
header.DataDirectories = new DataDirectory[numDirectories];
for (int i = 0; i < numDirectories; i++)
{
DataDirectory dir = new DataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
header.DataDirectories[i] = dir;
}
return header;
header.BaseOfData = reader.ReadUInt32();
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Optional header
/// </summary>
/// <param name="header">The Optional header</param>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit(OptionalHeader header)
// Windows-specific fields
if (is64Bit)
{
return header.Magic == PE32PLUS_MAGIC;
header.ImageBase = reader.ReadUInt64();
}
else
{
header.ImageBase = reader.ReadUInt32();
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = reader.ReadUInt16();
header.DllCharacteristics = reader.ReadUInt16();
// Size fields differ between PE32 and PE32+
if (is64Bit)
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
// Data directories
int numDirectories = (int)Math.Min(header.NumberOfRvaAndSizes, 16); // Maximum of 16 directories
header.DataDirectories = new DataDirectory[numDirectories];
for (int i = 0; i < numDirectories; i++)
{
DataDirectory dir = new DataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
header.DataDirectories[i] = dir;
}
return header;
}
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Optional header
/// </summary>
/// <param name="header">The Optional header</param>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit(OptionalHeader header)
{
return header.Magic == PE32PLUS_MAGIC;
}
}

58
X86Disassembler/PE/Parsers/SectionHeaderParser.cs
View File

@ -1,38 +1,36 @@
using System.IO;
using System.Text;
namespace X86Disassembler.PE.Parsers
namespace X86Disassembler.PE.Parsers;
/// <summary>
/// Parser for section headers in a PE file
/// </summary>
public class SectionHeaderParser : IParser<SectionHeader>
{
/// <summary>
/// Parser for section headers in a PE file
/// Parse a section header from the binary reader
/// </summary>
public class SectionHeaderParser : IParser<SectionHeader>
/// <param name="reader">The binary reader positioned at the start of the section header</param>
/// <returns>The parsed section header</returns>
public SectionHeader Parse(BinaryReader reader)
{
/// <summary>
/// Parse a section header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the section header</param>
/// <returns>The parsed section header</returns>
public SectionHeader Parse(BinaryReader reader)
{
SectionHeader header = new SectionHeader();
// Read section name (8 bytes)
byte[] nameBytes = reader.ReadBytes(8);
// Convert to string, removing any null characters
header.Name = Encoding.ASCII.GetString(nameBytes).TrimEnd('\0');
header.VirtualSize = reader.ReadUInt32();
header.VirtualAddress = reader.ReadUInt32();
header.SizeOfRawData = reader.ReadUInt32();
header.PointerToRawData = reader.ReadUInt32();
header.PointerToRelocations = reader.ReadUInt32();
header.PointerToLinenumbers = reader.ReadUInt32();
header.NumberOfRelocations = reader.ReadUInt16();
header.NumberOfLinenumbers = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt32();
return header;
}
SectionHeader header = new SectionHeader();
// Read section name (8 bytes)
byte[] nameBytes = reader.ReadBytes(8);
// Convert to string, removing any null characters
header.Name = Encoding.ASCII.GetString(nameBytes).TrimEnd('\0');
header.VirtualSize = reader.ReadUInt32();
header.VirtualAddress = reader.ReadUInt32();
header.SizeOfRawData = reader.ReadUInt32();
header.PointerToRawData = reader.ReadUInt32();
header.PointerToRelocations = reader.ReadUInt32();
header.PointerToLinenumbers = reader.ReadUInt32();
header.NumberOfRelocations = reader.ReadUInt16();
header.NumberOfLinenumbers = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt32();
return header;
}
}