mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-06-19 16:08:02 +03:00
Code Issues Releases Activity

Update code style to follow project rules with one-liner namespace declarations

Browse Source
This commit is contained in:
bird_egop
2025-04-12 18:23:18 +03:00
parent 53de948376
commit 6a69b0b91b
16 changed files with 1126 additions and 1172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
X86Disassembler/PE/DOSHeader.cs
View File

@ -1,40 +1,37 @@
using System; namespace X86Disassembler.PE;
namespace X86Disassembler.PE /// <summary>
/// Represents the DOS header of a PE file
/// </summary>
public class DOSHeader
{ {
/// <summary> public ushort e_magic; // Magic number (MZ)
/// Represents the DOS header of a PE file public ushort e_cblp; // Bytes on last page of file
/// </summary> public ushort e_cp; // Pages in file
public class DOSHeader public ushort e_crlc; // Relocations
{ public ushort e_cparhdr; // Size of header in paragraphs
public ushort e_magic; // Magic number (MZ) public ushort e_minalloc; // Minimum extra paragraphs needed
public ushort e_cblp; // Bytes on last page of file public ushort e_maxalloc; // Maximum extra paragraphs needed
public ushort e_cp; // Pages in file public ushort e_ss; // Initial (relative) SS value
public ushort e_crlc; // Relocations public ushort e_sp; // Initial SP value
public ushort e_cparhdr; // Size of header in paragraphs public ushort e_csum; // Checksum
public ushort e_minalloc; // Minimum extra paragraphs needed public ushort e_ip; // Initial IP value
public ushort e_maxalloc; // Maximum extra paragraphs needed public ushort e_cs; // Initial (relative) CS value
public ushort e_ss; // Initial (relative) SS value public ushort e_lfarlc; // File address of relocation table
public ushort e_sp; // Initial SP value public ushort e_ovno; // Overlay number
public ushort e_csum; // Checksum public ushort[] e_res; // Reserved words
public ushort e_ip; // Initial IP value public ushort e_oemid; // OEM identifier (for e_oeminfo)
public ushort e_cs; // Initial (relative) CS value public ushort e_oeminfo; // OEM information; e_oemid specific
public ushort e_lfarlc; // File address of relocation table public ushort[] e_res2; // Reserved words
public ushort e_ovno; // Overlay number public uint e_lfanew; // File address of new exe header
public ushort[] e_res; // Reserved words
public ushort e_oemid; // OEM identifier (for e_oeminfo)
public ushort e_oeminfo; // OEM information; e_oemid specific
public ushort[] e_res2; // Reserved words
public uint e_lfanew; // File address of new exe header
/// <summary> /// <summary>
/// Initializes a new instance of the DOSHeader class /// Initializes a new instance of the DOSHeader class
/// </summary> /// </summary>
public DOSHeader() public DOSHeader()
{ {
// Initialize arrays to avoid nullability warnings // Initialize arrays to avoid nullability warnings
e_res = new ushort[4]; e_res = new ushort[4];
e_res2 = new ushort[10]; e_res2 = new ushort[10];
}
} }
} }

53
X86Disassembler/PE/ExportDirectory.cs
View File

@ -1,30 +1,29 @@
namespace X86Disassembler.PE namespace X86Disassembler.PE;
{
/// <summary>
/// Represents the Export Directory of a PE file
/// </summary>
public class ExportDirectory
{
public uint Characteristics; // Reserved, must be 0
public uint TimeDateStamp; // Time and date stamp
public ushort MajorVersion; // Major version
public ushort MinorVersion; // Minor version
public uint Name; // RVA of the name of the DLL
public string DllName; // The actual name of the DLL
public uint Base; // Ordinal base
public uint NumberOfFunctions; // Number of functions
public uint NumberOfNames; // Number of names
public uint AddressOfFunctions; // RVA of the export address table
public uint AddressOfNames; // RVA of the export names table
public uint AddressOfNameOrdinals; // RVA of the ordinal table
/// <summary> /// <summary>
/// Initializes a new instance of the ExportDirectory class /// Represents the Export Directory of a PE file
/// </summary> /// </summary>
public ExportDirectory() public class ExportDirectory
{ {
// Initialize string field to avoid nullability warning public uint Characteristics; // Reserved, must be 0
DllName = string.Empty; public uint TimeDateStamp; // Time and date stamp
} public ushort MajorVersion; // Major version
public ushort MinorVersion; // Minor version
public uint Name; // RVA of the name of the DLL
public string DllName; // The actual name of the DLL
public uint Base; // Ordinal base
public uint NumberOfFunctions; // Number of functions
public uint NumberOfNames; // Number of names
public uint AddressOfFunctions; // RVA of the export address table
public uint AddressOfNames; // RVA of the export names table
public uint AddressOfNameOrdinals; // RVA of the ordinal table
/// <summary>
/// Initializes a new instance of the ExportDirectory class
/// </summary>
public ExportDirectory()
{
// Initialize string field to avoid nullability warning
DllName = string.Empty;
} }
} }

27
X86Disassembler/PE/FileHeader.cs
View File

@ -1,16 +1,15 @@
namespace X86Disassembler.PE namespace X86Disassembler.PE;
/// <summary>
/// Represents the File header of a PE file
/// </summary>
public class FileHeader
{ {
/// <summary> public ushort Machine; // Target machine type
/// Represents the File header of a PE file public ushort NumberOfSections; // Number of sections
/// </summary> public uint TimeDateStamp; // Time and date stamp
public class FileHeader public uint PointerToSymbolTable; // File pointer to COFF symbol table
{ public uint NumberOfSymbols; // Number of symbols
public ushort Machine; // Target machine type public ushort SizeOfOptionalHeader; // Size of optional header
public ushort NumberOfSections; // Number of sections public ushort Characteristics; // Characteristics
public uint TimeDateStamp; // Time and date stamp
public uint PointerToSymbolTable; // File pointer to COFF symbol table
public uint NumberOfSymbols; // Number of symbols
public ushort SizeOfOptionalHeader; // Size of optional header
public ushort Characteristics; // Characteristics
}
} }

39
X86Disassembler/PE/ImportDescriptor.cs
View File

@ -1,28 +1,25 @@
using System.Collections.Generic; namespace X86Disassembler.PE;
namespace X86Disassembler.PE /// <summary>
/// Represents an Import Descriptor in a PE file
/// </summary>
public class ImportDescriptor
{ {
public uint OriginalFirstThunk; // RVA to original first thunk
public uint TimeDateStamp; // Time and date stamp
public uint ForwarderChain; // Forwarder chain
public uint Name; // RVA to the name of the DLL
public string DllName; // The actual name of the DLL
public uint FirstThunk; // RVA to first thunk
public List<ImportedFunction> Functions { get; } = new List<ImportedFunction>();
/// <summary> /// <summary>
/// Represents an Import Descriptor in a PE file /// Initializes a new instance of the ImportDescriptor class
/// </summary> /// </summary>
public class ImportDescriptor public ImportDescriptor()
{ {
public uint OriginalFirstThunk; // RVA to original first thunk // Initialize string field to avoid nullability warning
public uint TimeDateStamp; // Time and date stamp DllName = string.Empty;
public uint ForwarderChain; // Forwarder chain
public uint Name; // RVA to the name of the DLL
public string DllName; // The actual name of the DLL
public uint FirstThunk; // RVA to first thunk
public List<ImportedFunction> Functions { get; } = new List<ImportedFunction>();
/// <summary>
/// Initializes a new instance of the ImportDescriptor class
/// </summary>
public ImportDescriptor()
{
// Initialize string field to avoid nullability warning
DllName = string.Empty;
}
} }
} }

129
X86Disassembler/PE/OptionalHeader.cs
View File

@ -1,73 +1,72 @@
namespace X86Disassembler.PE namespace X86Disassembler.PE;
/// <summary>
/// Represents the Optional header of a PE file
/// </summary>
public class OptionalHeader
{ {
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
// Standard fields
public ushort Magic; // Magic number (PE32 or PE32+)
public byte MajorLinkerVersion; // Major linker version
public byte MinorLinkerVersion; // Minor linker version
public uint SizeOfCode; // Size of code section
public uint SizeOfInitializedData; // Size of initialized data section
public uint SizeOfUninitializedData; // Size of uninitialized data section
public uint AddressOfEntryPoint; // Address of entry point
public uint BaseOfCode; // Base of code section
public uint BaseOfData; // Base of data section (PE32 only)
// Windows-specific fields
public object ImageBase; // Image base address (uint for PE32, ulong for PE32+)
public uint SectionAlignment; // Section alignment
public uint FileAlignment; // File alignment
public ushort MajorOperatingSystemVersion; // Major OS version
public ushort MinorOperatingSystemVersion; // Minor OS version
public ushort MajorImageVersion; // Major image version
public ushort MinorImageVersion; // Minor image version
public ushort MajorSubsystemVersion; // Major subsystem version
public ushort MinorSubsystemVersion; // Minor subsystem version
public uint Win32VersionValue; // Win32 version value
public uint SizeOfImage; // Size of image
public uint SizeOfHeaders; // Size of headers
public uint CheckSum; // Checksum
public ushort Subsystem; // Subsystem
public ushort DllCharacteristics; // DLL characteristics
public object SizeOfStackReserve; // Size of stack reserve (uint for PE32, ulong for PE32+)
public object SizeOfStackCommit; // Size of stack commit (uint for PE32, ulong for PE32+)
public object SizeOfHeapReserve; // Size of heap reserve (uint for PE32, ulong for PE32+)
public object SizeOfHeapCommit; // Size of heap commit (uint for PE32, ulong for PE32+)
public uint LoaderFlags; // Loader flags
public uint NumberOfRvaAndSizes; // Number of RVA and sizes
public DataDirectory[] DataDirectories; // Data directories
/// <summary> /// <summary>
/// Represents the Optional header of a PE file /// Initializes a new instance of the OptionalHeader class
/// </summary> /// </summary>
public class OptionalHeader public OptionalHeader()
{ {
// Optional Header Magic values // Initialize object fields to avoid nullability warnings
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable ImageBase = 0u; // Default to 32-bit value
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable SizeOfStackReserve = 0u;
SizeOfStackCommit = 0u;
SizeOfHeapReserve = 0u;
SizeOfHeapCommit = 0u;
// Standard fields // Initialize array to avoid nullability warning
public ushort Magic; // Magic number (PE32 or PE32+) DataDirectories = new DataDirectory[0];
public byte MajorLinkerVersion; // Major linker version }
public byte MinorLinkerVersion; // Minor linker version
public uint SizeOfCode; // Size of code section
public uint SizeOfInitializedData; // Size of initialized data section
public uint SizeOfUninitializedData; // Size of uninitialized data section
public uint AddressOfEntryPoint; // Address of entry point
public uint BaseOfCode; // Base of code section
public uint BaseOfData; // Base of data section (PE32 only)
// Windows-specific fields /// <summary>
public object ImageBase; // Image base address (uint for PE32, ulong for PE32+) /// Determines if the PE file is 64-bit based on the Magic value
public uint SectionAlignment; // Section alignment /// </summary>
public uint FileAlignment; // File alignment /// <returns>True if the PE file is 64-bit, false otherwise</returns>
public ushort MajorOperatingSystemVersion; // Major OS version public bool Is64Bit()
public ushort MinorOperatingSystemVersion; // Minor OS version {
public ushort MajorImageVersion; // Major image version return Magic == PE32PLUS_MAGIC;
public ushort MinorImageVersion; // Minor image version
public ushort MajorSubsystemVersion; // Major subsystem version
public ushort MinorSubsystemVersion; // Minor subsystem version
public uint Win32VersionValue; // Win32 version value
public uint SizeOfImage; // Size of image
public uint SizeOfHeaders; // Size of headers
public uint CheckSum; // Checksum
public ushort Subsystem; // Subsystem
public ushort DllCharacteristics; // DLL characteristics
public object SizeOfStackReserve; // Size of stack reserve (uint for PE32, ulong for PE32+)
public object SizeOfStackCommit; // Size of stack commit (uint for PE32, ulong for PE32+)
public object SizeOfHeapReserve; // Size of heap reserve (uint for PE32, ulong for PE32+)
public object SizeOfHeapCommit; // Size of heap commit (uint for PE32, ulong for PE32+)
public uint LoaderFlags; // Loader flags
public uint NumberOfRvaAndSizes; // Number of RVA and sizes
public DataDirectory[] DataDirectories; // Data directories
/// <summary>
/// Initializes a new instance of the OptionalHeader class
/// </summary>
public OptionalHeader()
{
// Initialize object fields to avoid nullability warnings
ImageBase = 0u; // Default to 32-bit value
SizeOfStackReserve = 0u;
SizeOfStackCommit = 0u;
SizeOfHeapReserve = 0u;
SizeOfHeapCommit = 0u;
// Initialize array to avoid nullability warning
DataDirectories = new DataDirectory[0];
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Magic value
/// </summary>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit()
{
return Magic == PE32PLUS_MAGIC;
}
} }
} }

415
X86Disassembler/PE/PEFormat.cs
View File

@ -1,236 +1,231 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using X86Disassembler.PE.Parsers; using X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE namespace X86Disassembler.PE;
/// <summary>
/// Represents a Portable Executable (PE) file format parser
/// </summary>
public class PEFormat
{ {
// DOS Header constants
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
private const uint PE_SIGNATURE = 0x00004550; // 'PE\0\0'
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
// Section characteristics flags
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable
// Data directories
private const int IMAGE_DIRECTORY_ENTRY_EXPORT = 0; // Export Directory
private const int IMAGE_DIRECTORY_ENTRY_IMPORT = 1; // Import Directory
private const int IMAGE_DIRECTORY_ENTRY_RESOURCE = 2; // Resource Directory
private const int IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3; // Exception Directory
private const int IMAGE_DIRECTORY_ENTRY_SECURITY = 4; // Security Directory
private const int IMAGE_DIRECTORY_ENTRY_BASERELOC = 5; // Base Relocation Table
private const int IMAGE_DIRECTORY_ENTRY_DEBUG = 6; // Debug Directory
private const int IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7; // Architecture Specific Data
private const int IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8; // RVA of GP
private const int IMAGE_DIRECTORY_ENTRY_TLS = 9; // TLS Directory
private const int IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10; // Load Configuration Directory
private const int IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11; // Bound Import Directory
private const int IMAGE_DIRECTORY_ENTRY_IAT = 12; // Import Address Table
private const int IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13; // Delay Load Import Descriptors
private const int IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14; // COM Runtime descriptor
// PE file data
private byte[] _fileData;
// Parser instances
private readonly DOSHeaderParser _dosHeaderParser;
private readonly FileHeaderParser _fileHeaderParser;
private readonly OptionalHeaderParser _optionalHeaderParser;
private readonly SectionHeaderParser _sectionHeaderParser;
private PEUtility _peUtility;
private ExportDirectoryParser _exportDirectoryParser;
private ImportDescriptorParser _importDescriptorParser;
// Parsed headers
public DOSHeader DosHeader { get; private set; }
public FileHeader FileHeader { get; private set; }
public OptionalHeader OptionalHeader { get; private set; }
public List<SectionHeader> SectionHeaders { get; private set; }
public bool Is64Bit { get; private set; }
// Export and Import information
public ExportDirectory ExportDirectory { get; private set; }
public List<ExportedFunction> ExportedFunctions { get; private set; }
public List<ImportDescriptor> ImportDescriptors { get; private set; }
/// <summary> /// <summary>
/// Represents a Portable Executable (PE) file format parser /// Initializes a new instance of the PEFormat class
/// </summary> /// </summary>
public class PEFormat /// <param name="fileData">The raw file data</param>
public PEFormat(byte[] fileData)
{ {
// DOS Header constants _fileData = fileData;
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ' SectionHeaders = new List<SectionHeader>();
private const uint PE_SIGNATURE = 0x00004550; // 'PE\0\0' ExportedFunctions = new List<ExportedFunction>();
ImportDescriptors = new List<ImportDescriptor>();
// Optional Header Magic values // Initialize parsers
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable _dosHeaderParser = new DOSHeaderParser();
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable _fileHeaderParser = new FileHeaderParser();
_optionalHeaderParser = new OptionalHeaderParser();
_sectionHeaderParser = new SectionHeaderParser();
// Section characteristics flags // Initialize properties to avoid nullability warnings
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code DosHeader = new DOSHeader();
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable FileHeader = new FileHeader();
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable OptionalHeader = new OptionalHeader();
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable ExportDirectory = new ExportDirectory();
// Data directories // These will be initialized during Parse()
private const int IMAGE_DIRECTORY_ENTRY_EXPORT = 0; // Export Directory _peUtility = null!;
private const int IMAGE_DIRECTORY_ENTRY_IMPORT = 1; // Import Directory _exportDirectoryParser = null!;
private const int IMAGE_DIRECTORY_ENTRY_RESOURCE = 2; // Resource Directory _importDescriptorParser = null!;
private const int IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3; // Exception Directory }
private const int IMAGE_DIRECTORY_ENTRY_SECURITY = 4; // Security Directory
private const int IMAGE_DIRECTORY_ENTRY_BASERELOC = 5; // Base Relocation Table
private const int IMAGE_DIRECTORY_ENTRY_DEBUG = 6; // Debug Directory
private const int IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7; // Architecture Specific Data
private const int IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8; // RVA of GP
private const int IMAGE_DIRECTORY_ENTRY_TLS = 9; // TLS Directory
private const int IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10; // Load Configuration Directory
private const int IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11; // Bound Import Directory
private const int IMAGE_DIRECTORY_ENTRY_IAT = 12; // Import Address Table
private const int IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13; // Delay Load Import Descriptors
private const int IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14; // COM Runtime descriptor
// PE file data /// <summary>
private byte[] _fileData; /// Parses the PE file structure
/// </summary>
// Parser instances /// <returns>True if parsing was successful, false otherwise</returns>
private readonly DOSHeaderParser _dosHeaderParser; public bool Parse()
private readonly FileHeaderParser _fileHeaderParser; {
private readonly OptionalHeaderParser _optionalHeaderParser; try
private readonly SectionHeaderParser _sectionHeaderParser;
private PEUtility _peUtility;
private ExportDirectoryParser _exportDirectoryParser;
private ImportDescriptorParser _importDescriptorParser;
// Parsed headers
public DOSHeader DosHeader { get; private set; }
public FileHeader FileHeader { get; private set; }
public OptionalHeader OptionalHeader { get; private set; }
public List<SectionHeader> SectionHeaders { get; private set; }
public bool Is64Bit { get; private set; }
// Export and Import information
public ExportDirectory ExportDirectory { get; private set; }
public List<ExportedFunction> ExportedFunctions { get; private set; }
public List<ImportDescriptor> ImportDescriptors { get; private set; }
/// <summary>
/// Initializes a new instance of the PEFormat class
/// </summary>
/// <param name="fileData">The raw file data</param>
public PEFormat(byte[] fileData)
{ {
_fileData = fileData; using (MemoryStream stream = new MemoryStream(_fileData))
SectionHeaders = new List<SectionHeader>(); using (BinaryReader reader = new BinaryReader(stream))
ExportedFunctions = new List<ExportedFunction>();
ImportDescriptors = new List<ImportDescriptor>();
// Initialize parsers
_dosHeaderParser = new DOSHeaderParser();
_fileHeaderParser = new FileHeaderParser();
_optionalHeaderParser = new OptionalHeaderParser();
_sectionHeaderParser = new SectionHeaderParser();
// Initialize properties to avoid nullability warnings
DosHeader = new DOSHeader();
FileHeader = new FileHeader();
OptionalHeader = new OptionalHeader();
ExportDirectory = new ExportDirectory();
// These will be initialized during Parse()
_peUtility = null!;
_exportDirectoryParser = null!;
_importDescriptorParser = null!;
}
/// <summary>
/// Parses the PE file structure
/// </summary>
/// <returns>True if parsing was successful, false otherwise</returns>
public bool Parse()
{
try
{ {
using (MemoryStream stream = new MemoryStream(_fileData)) // Parse DOS header
using (BinaryReader reader = new BinaryReader(stream)) DosHeader = _dosHeaderParser.Parse(reader);
// Move to PE header
reader.BaseStream.Seek(DosHeader.e_lfanew, SeekOrigin.Begin);
// Verify PE signature
uint peSignature = reader.ReadUInt32();
if (peSignature != PE_SIGNATURE)
{ {
// Parse DOS header throw new InvalidDataException("Invalid PE signature");
DosHeader = _dosHeaderParser.Parse(reader);
// Move to PE header
reader.BaseStream.Seek(DosHeader.e_lfanew, SeekOrigin.Begin);
// Verify PE signature
uint peSignature = reader.ReadUInt32();
if (peSignature != PE_SIGNATURE)
{
throw new InvalidDataException("Invalid PE signature");
}
// Parse File Header
FileHeader = _fileHeaderParser.Parse(reader);
// Parse Optional Header
OptionalHeader = _optionalHeaderParser.Parse(reader);
Is64Bit = OptionalHeader.Is64Bit();
// Parse Section Headers
for (int i = 0; i < FileHeader.NumberOfSections; i++)
{
SectionHeaders.Add(_sectionHeaderParser.Parse(reader));
}
// Initialize utility after section headers are parsed
_peUtility = new PEUtility(SectionHeaders, OptionalHeader.SizeOfHeaders);
_exportDirectoryParser = new ExportDirectoryParser(_peUtility);
_importDescriptorParser = new ImportDescriptorParser(_peUtility);
// Parse Export Directory
if (OptionalHeader.DataDirectories.Length > IMAGE_DIRECTORY_ENTRY_EXPORT &&
OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != 0)
{
uint exportDirRva = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
uint exportDirSize = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ExportDirectory = _exportDirectoryParser.Parse(reader, exportDirRva);
ExportedFunctions = _exportDirectoryParser.ParseExportedFunctions(reader, ExportDirectory, exportDirRva, exportDirSize);
}
// Parse Import Descriptors
if (OptionalHeader.DataDirectories.Length > IMAGE_DIRECTORY_ENTRY_IMPORT &&
OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != 0)
{
uint importDirRva = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
ImportDescriptors = _importDescriptorParser.Parse(reader, importDirRva);
}
} }
return true; // Parse File Header
} FileHeader = _fileHeaderParser.Parse(reader);
catch (Exception ex)
{
Console.WriteLine($"Error parsing PE file: {ex.Message}");
return false;
}
}
/// <summary> // Parse Optional Header
/// Gets the raw data for a specific section OptionalHeader = _optionalHeaderParser.Parse(reader);
/// </summary> Is64Bit = OptionalHeader.Is64Bit();
/// <param name="sectionIndex">Index of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(int sectionIndex)
{
if (sectionIndex < 0 || sectionIndex >= SectionHeaders.Count)
{
throw new ArgumentOutOfRangeException(nameof(sectionIndex));
}
SectionHeader section = SectionHeaders[sectionIndex]; // Parse Section Headers
byte[] sectionData = new byte[section.SizeOfRawData]; for (int i = 0; i < FileHeader.NumberOfSections; i++)
Array.Copy(_fileData, section.PointerToRawData, sectionData, 0, section.SizeOfRawData);
return sectionData;
}
/// <summary>
/// Gets the raw data for a section by name
/// </summary>
/// <param name="sectionName">Name of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(string sectionName)
{
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i].Name == sectionName)
{ {
return GetSectionData(i); SectionHeaders.Add(_sectionHeaderParser.Parse(reader));
}
// Initialize utility after section headers are parsed
_peUtility = new PEUtility(SectionHeaders, OptionalHeader.SizeOfHeaders);
_exportDirectoryParser = new ExportDirectoryParser(_peUtility);
_importDescriptorParser = new ImportDescriptorParser(_peUtility);
// Parse Export Directory
if (OptionalHeader.DataDirectories.Length > IMAGE_DIRECTORY_ENTRY_EXPORT &&
OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress != 0)
{
uint exportDirRva = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
uint exportDirSize = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
ExportDirectory = _exportDirectoryParser.Parse(reader, exportDirRva);
ExportedFunctions = _exportDirectoryParser.ParseExportedFunctions(reader, ExportDirectory, exportDirRva, exportDirSize);
}
// Parse Import Descriptors
if (OptionalHeader.DataDirectories.Length > IMAGE_DIRECTORY_ENTRY_IMPORT &&
OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress != 0)
{
uint importDirRva = OptionalHeader.DataDirectories[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
ImportDescriptors = _importDescriptorParser.Parse(reader, importDirRva);
} }
} }
throw new ArgumentException($"Section '{sectionName}' not found"); return true;
} }
catch (Exception ex)
/// <summary>
/// Gets all code sections
/// </summary>
/// <returns>List of section indices that contain code</returns>
public List<int> GetCodeSections()
{ {
List<int> codeSections = new List<int>(); Console.WriteLine($"Error parsing PE file: {ex.Message}");
return false;
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i].ContainsCode())
{
codeSections.Add(i);
}
}
return codeSections;
}
/// <summary>
/// Checks if a section contains code
/// </summary>
/// <param name="section">The section to check</param>
/// <returns>True if the section contains code, false otherwise</returns>
public bool IsSectionContainsCode(SectionHeader section)
{
return section.ContainsCode();
} }
} }
/// <summary>
/// Gets the raw data for a specific section
/// </summary>
/// <param name="sectionIndex">Index of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(int sectionIndex)
{
if (sectionIndex < 0 || sectionIndex >= SectionHeaders.Count)
{
throw new ArgumentOutOfRangeException(nameof(sectionIndex));
}
SectionHeader section = SectionHeaders[sectionIndex];
byte[] sectionData = new byte[section.SizeOfRawData];
Array.Copy(_fileData, section.PointerToRawData, sectionData, 0, section.SizeOfRawData);
return sectionData;
}
/// <summary>
/// Gets the raw data for a section by name
/// </summary>
/// <param name="sectionName">Name of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(string sectionName)
{
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i].Name == sectionName)
{
return GetSectionData(i);
}
}
throw new ArgumentException($"Section '{sectionName}' not found");
}
/// <summary>
/// Gets all code sections
/// </summary>
/// <returns>List of section indices that contain code</returns>
public List<int> GetCodeSections()
{
List<int> codeSections = new List<int>();
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i].ContainsCode())
{
codeSections.Add(i);
}
}
return codeSections;
}
/// <summary>
/// Checks if a section contains code
/// </summary>
/// <param name="section">The section to check</param>
/// <returns>True if the section contains code, false otherwise</returns>
public bool IsSectionContainsCode(SectionHeader section)
{
return section.ContainsCode();
}
} }

90
X86Disassembler/PE/PEUtility.cs
View File

@ -1,62 +1,58 @@
using System; namespace X86Disassembler.PE;
using System.Collections.Generic;
namespace X86Disassembler.PE /// <summary>
/// Utility class for PE format operations
/// </summary>
public class PEUtility
{ {
/// <summary> private readonly List<SectionHeader> _sectionHeaders;
/// Utility class for PE format operations private readonly uint _sizeOfHeaders;
/// </summary>
public class PEUtility
{
private readonly List<SectionHeader> _sectionHeaders;
private readonly uint _sizeOfHeaders;
/// <summary> /// <summary>
/// Initialize a new instance of the PEUtility class /// Initialize a new instance of the PEUtility class
/// </summary> /// </summary>
/// <param name="sectionHeaders">The section headers</param> /// <param name="sectionHeaders">The section headers</param>
/// <param name="sizeOfHeaders">The size of the headers</param> /// <param name="sizeOfHeaders">The size of the headers</param>
public PEUtility(List<SectionHeader> sectionHeaders, uint sizeOfHeaders) public PEUtility(List<SectionHeader> sectionHeaders, uint sizeOfHeaders)
{
_sectionHeaders = sectionHeaders;
_sizeOfHeaders = sizeOfHeaders;
}
/// <summary>
/// Converts a Relative Virtual Address (RVA) to a file offset
/// </summary>
/// <param name="rva">The RVA to convert</param>
/// <returns>The corresponding file offset</returns>
public uint RvaToOffset(uint rva)
{
if (rva == 0)
{ {
_sectionHeaders = sectionHeaders; return 0;
_sizeOfHeaders = sizeOfHeaders;
} }
/// <summary> foreach (var section in _sectionHeaders)
/// Converts a Relative Virtual Address (RVA) to a file offset
/// </summary>
/// <param name="rva">The RVA to convert</param>
/// <returns>The corresponding file offset</returns>
public uint RvaToOffset(uint rva)
{ {
if (rva == 0) // Check if the RVA is within this section
if (rva >= section.VirtualAddress && rva < section.VirtualAddress + section.VirtualSize)
{ {
return 0; // Calculate the offset within the section
} uint offsetInSection = rva - section.VirtualAddress;
foreach (var section in _sectionHeaders) // Make sure we don't exceed the raw data size
{ if (offsetInSection < section.SizeOfRawData)
// Check if the RVA is within this section
if (rva >= section.VirtualAddress && rva < section.VirtualAddress + section.VirtualSize)
{ {
// Calculate the offset within the section return section.PointerToRawData + offsetInSection;
uint offsetInSection = rva - section.VirtualAddress;
// Make sure we don't exceed the raw data size
if (offsetInSection < section.SizeOfRawData)
{
return section.PointerToRawData + offsetInSection;
}
} }
} }
// If the RVA is not within any section, it might be in the headers
if (rva < _sizeOfHeaders)
{
return rva;
}
throw new ArgumentException($"RVA {rva:X8} is not within any section");
} }
// If the RVA is not within any section, it might be in the headers
if (rva < _sizeOfHeaders)
{
return rva;
}
throw new ArgumentException($"RVA {rva:X8} is not within any section");
} }
} }

102
X86Disassembler/PE/Parsers/DOSHeaderParser.cs
View File

@ -1,63 +1,59 @@
using System; namespace X86Disassembler.PE.Parsers;
using System.IO;
namespace X86Disassembler.PE.Parsers /// <summary>
/// Parser for the DOS header of a PE file
/// </summary>
public class DOSHeaderParser : IParser<DOSHeader>
{ {
// DOS Header constants
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
/// <summary> /// <summary>
/// Parser for the DOS header of a PE file /// Parse the DOS header from the binary reader
/// </summary> /// </summary>
public class DOSHeaderParser : IParser<DOSHeader> /// <param name="reader">The binary reader positioned at the start of the DOS header</param>
/// <returns>The parsed DOS header</returns>
public DOSHeader Parse(BinaryReader reader)
{ {
// DOS Header constants DOSHeader header = new DOSHeader();
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
/// <summary> header.e_magic = reader.ReadUInt16();
/// Parse the DOS header from the binary reader if (header.e_magic != DOS_SIGNATURE)
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the DOS header</param>
/// <returns>The parsed DOS header</returns>
public DOSHeader Parse(BinaryReader reader)
{ {
DOSHeader header = new DOSHeader(); throw new InvalidDataException("Invalid DOS signature (MZ)");
header.e_magic = reader.ReadUInt16();
if (header.e_magic != DOS_SIGNATURE)
{
throw new InvalidDataException("Invalid DOS signature (MZ)");
}
header.e_cblp = reader.ReadUInt16();
header.e_cp = reader.ReadUInt16();
header.e_crlc = reader.ReadUInt16();
header.e_cparhdr = reader.ReadUInt16();
header.e_minalloc = reader.ReadUInt16();
header.e_maxalloc = reader.ReadUInt16();
header.e_ss = reader.ReadUInt16();
header.e_sp = reader.ReadUInt16();
header.e_csum = reader.ReadUInt16();
header.e_ip = reader.ReadUInt16();
header.e_cs = reader.ReadUInt16();
header.e_lfarlc = reader.ReadUInt16();
header.e_ovno = reader.ReadUInt16();
header.e_res = new ushort[4];
for (int i = 0; i < 4; i++)
{
header.e_res[i] = reader.ReadUInt16();
}
header.e_oemid = reader.ReadUInt16();
header.e_oeminfo = reader.ReadUInt16();
header.e_res2 = new ushort[10];
for (int i = 0; i < 10; i++)
{
header.e_res2[i] = reader.ReadUInt16();
}
header.e_lfanew = reader.ReadUInt32();
return header;
} }
header.e_cblp = reader.ReadUInt16();
header.e_cp = reader.ReadUInt16();
header.e_crlc = reader.ReadUInt16();
header.e_cparhdr = reader.ReadUInt16();
header.e_minalloc = reader.ReadUInt16();
header.e_maxalloc = reader.ReadUInt16();
header.e_ss = reader.ReadUInt16();
header.e_sp = reader.ReadUInt16();
header.e_csum = reader.ReadUInt16();
header.e_ip = reader.ReadUInt16();
header.e_cs = reader.ReadUInt16();
header.e_lfarlc = reader.ReadUInt16();
header.e_ovno = reader.ReadUInt16();
header.e_res = new ushort[4];
for (int i = 0; i < 4; i++)
{
header.e_res[i] = reader.ReadUInt16();
}
header.e_oemid = reader.ReadUInt16();
header.e_oeminfo = reader.ReadUInt16();
header.e_res2 = new ushort[10];
for (int i = 0; i < 10; i++)
{
header.e_res2[i] = reader.ReadUInt16();
}
header.e_lfanew = reader.ReadUInt32();
return header;
} }
} }

322
X86Disassembler/PE/Parsers/ExportDirectoryParser.cs
View File

@ -1,176 +1,172 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text; using System.Text;
namespace X86Disassembler.PE.Parsers namespace X86Disassembler.PE.Parsers;
/// <summary>
/// Parser for the Export Directory of a PE file
/// </summary>
public class ExportDirectoryParser
{ {
/// <summary> private readonly PEUtility _utility;
/// Parser for the Export Directory of a PE file
/// </summary> public ExportDirectoryParser(PEUtility utility)
public class ExportDirectoryParser
{ {
private readonly PEUtility _utility; _utility = utility;
}
public ExportDirectoryParser(PEUtility utility) /// <summary>
/// Parse the Export Directory from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Export Directory</param>
/// <returns>The parsed Export Directory</returns>
public ExportDirectory Parse(BinaryReader reader, uint rva)
{
ExportDirectory directory = new ExportDirectory();
reader.BaseStream.Seek(_utility.RvaToOffset(rva), SeekOrigin.Begin);
directory.Characteristics = reader.ReadUInt32();
directory.TimeDateStamp = reader.ReadUInt32();
directory.MajorVersion = reader.ReadUInt16();
directory.MinorVersion = reader.ReadUInt16();
directory.Name = reader.ReadUInt32();
directory.Base = reader.ReadUInt32();
directory.NumberOfFunctions = reader.ReadUInt32();
directory.NumberOfNames = reader.ReadUInt32();
directory.AddressOfFunctions = reader.ReadUInt32();
directory.AddressOfNames = reader.ReadUInt32();
directory.AddressOfNameOrdinals = reader.ReadUInt32();
// Read the DLL name
try
{ {
_utility = utility; uint dllNameRVA = directory.Name;
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
directory.DllName = nameBuilder.ToString();
}
catch (Exception)
{
directory.DllName = "Unknown";
} }
/// <summary> return directory;
/// Parse the Export Directory from the binary reader }
/// </summary>
/// <param name="reader">The binary reader</param> /// <summary>
/// <param name="rva">The RVA of the Export Directory</param> /// Parse the exported functions using the export directory information
/// <returns>The parsed Export Directory</returns> /// </summary>
public ExportDirectory Parse(BinaryReader reader, uint rva) /// <param name="reader">The binary reader</param>
/// <param name="directory">The Export Directory</param>
/// <param name="exportDirRva">The RVA of the Export Directory</param>
/// <param name="exportDirSize">The size of the Export Directory</param>
/// <returns>List of exported functions</returns>
public List<ExportedFunction> ParseExportedFunctions(BinaryReader reader, ExportDirectory directory, uint exportDirRva, uint exportDirSize)
{
List<ExportedFunction> exportedFunctions = new List<ExportedFunction>();
if (directory == null)
{ {
ExportDirectory directory = new ExportDirectory();
reader.BaseStream.Seek(_utility.RvaToOffset(rva), SeekOrigin.Begin);
directory.Characteristics = reader.ReadUInt32();
directory.TimeDateStamp = reader.ReadUInt32();
directory.MajorVersion = reader.ReadUInt16();
directory.MinorVersion = reader.ReadUInt16();
directory.Name = reader.ReadUInt32();
directory.Base = reader.ReadUInt32();
directory.NumberOfFunctions = reader.ReadUInt32();
directory.NumberOfNames = reader.ReadUInt32();
directory.AddressOfFunctions = reader.ReadUInt32();
directory.AddressOfNames = reader.ReadUInt32();
directory.AddressOfNameOrdinals = reader.ReadUInt32();
// Read the DLL name
try
{
uint dllNameRVA = directory.Name;
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
directory.DllName = nameBuilder.ToString();
}
catch (Exception)
{
directory.DllName = "Unknown";
}
return directory;
}
/// <summary>
/// Parse the exported functions using the export directory information
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="directory">The Export Directory</param>
/// <param name="exportDirRva">The RVA of the Export Directory</param>
/// <param name="exportDirSize">The size of the Export Directory</param>
/// <returns>List of exported functions</returns>
public List<ExportedFunction> ParseExportedFunctions(BinaryReader reader, ExportDirectory directory, uint exportDirRva, uint exportDirSize)
{
List<ExportedFunction> exportedFunctions = new List<ExportedFunction>();
if (directory == null)
{
return exportedFunctions;
}
// Read the array of function addresses (RVAs)
uint[] functionRVAs = new uint[directory.NumberOfFunctions];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfFunctions), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfFunctions; i++)
{
functionRVAs[i] = reader.ReadUInt32();
}
// Read the array of name RVAs
uint[] nameRVAs = new uint[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNames), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameRVAs[i] = reader.ReadUInt32();
}
// Read the array of name ordinals
ushort[] nameOrdinals = new ushort[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNameOrdinals), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameOrdinals[i] = reader.ReadUInt16();
}
// Create a dictionary to map ordinals to names
Dictionary<ushort, string> ordinalToName = new Dictionary<ushort, string>();
for (int i = 0; i < directory.NumberOfNames; i++)
{
// Read the function name
reader.BaseStream.Seek(_utility.RvaToOffset(nameRVAs[i]), SeekOrigin.Begin);
List<byte> nameBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBytes.Add(b);
}
string name = Encoding.ASCII.GetString(nameBytes.ToArray());
// Map the ordinal to the name
ordinalToName[nameOrdinals[i]] = name;
}
// Create the exported functions
for (ushort i = 0; i < directory.NumberOfFunctions; i++)
{
uint functionRVA = functionRVAs[i];
if (functionRVA == 0)
{
continue; // Skip empty entries
}
ExportedFunction function = new ExportedFunction();
function.Ordinal = (ushort)(i + directory.Base);
function.Address = functionRVA;
// Check if this function has a name
if (ordinalToName.TryGetValue(i, out string? name))
{
function.Name = name ?? $"Ordinal_{function.Ordinal}";
}
else
{
function.Name = $"Ordinal_{function.Ordinal}";
}
// Check if this is a forwarder
uint exportDirEnd = exportDirRva + exportDirSize;
if (functionRVA >= exportDirRva && functionRVA < exportDirEnd)
{
function.IsForwarder = true;
// Read the forwarder string
reader.BaseStream.Seek(_utility.RvaToOffset(functionRVA), SeekOrigin.Begin);
List<byte> forwarderBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
forwarderBytes.Add(b);
}
function.ForwarderName = Encoding.ASCII.GetString(forwarderBytes.ToArray());
}
exportedFunctions.Add(function);
}
return exportedFunctions; return exportedFunctions;
} }
// Read the array of function addresses (RVAs)
uint[] functionRVAs = new uint[directory.NumberOfFunctions];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfFunctions), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfFunctions; i++)
{
functionRVAs[i] = reader.ReadUInt32();
}
// Read the array of name RVAs
uint[] nameRVAs = new uint[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNames), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameRVAs[i] = reader.ReadUInt32();
}
// Read the array of name ordinals
ushort[] nameOrdinals = new ushort[directory.NumberOfNames];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfNameOrdinals), SeekOrigin.Begin);
for (int i = 0; i < directory.NumberOfNames; i++)
{
nameOrdinals[i] = reader.ReadUInt16();
}
// Create a dictionary to map ordinals to names
Dictionary<ushort, string> ordinalToName = new Dictionary<ushort, string>();
for (int i = 0; i < directory.NumberOfNames; i++)
{
// Read the function name
reader.BaseStream.Seek(_utility.RvaToOffset(nameRVAs[i]), SeekOrigin.Begin);
List<byte> nameBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBytes.Add(b);
}
string name = Encoding.ASCII.GetString(nameBytes.ToArray());
// Map the ordinal to the name
ordinalToName[nameOrdinals[i]] = name;
}
// Create the exported functions
for (ushort i = 0; i < directory.NumberOfFunctions; i++)
{
uint functionRVA = functionRVAs[i];
if (functionRVA == 0)
{
continue; // Skip empty entries
}
ExportedFunction function = new ExportedFunction();
function.Ordinal = (ushort)(i + directory.Base);
function.Address = functionRVA;
// Check if this function has a name
if (ordinalToName.TryGetValue(i, out string? name))
{
function.Name = name ?? $"Ordinal_{function.Ordinal}";
}
else
{
function.Name = $"Ordinal_{function.Ordinal}";
}
// Check if this is a forwarder
uint exportDirEnd = exportDirRva + exportDirSize;
if (functionRVA >= exportDirRva && functionRVA < exportDirEnd)
{
function.IsForwarder = true;
// Read the forwarder string
reader.BaseStream.Seek(_utility.RvaToOffset(functionRVA), SeekOrigin.Begin);
List<byte> forwarderBytes = new List<byte>();
byte b;
while ((b = reader.ReadByte()) != 0)
{
forwarderBytes.Add(b);
}
function.ForwarderName = Encoding.ASCII.GetString(forwarderBytes.ToArray());
}
exportedFunctions.Add(function);
}
return exportedFunctions;
} }
} }

39
X86Disassembler/PE/Parsers/FileHeaderParser.cs
View File

@ -1,30 +1,27 @@
using System.IO; namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers /// <summary>
/// Parser for the File header of a PE file
/// </summary>
public class FileHeaderParser : IParser<FileHeader>
{ {
/// <summary> /// <summary>
/// Parser for the File header of a PE file /// Parse the File header from the binary reader
/// </summary> /// </summary>
public class FileHeaderParser : IParser<FileHeader> /// <param name="reader">The binary reader positioned at the start of the File header</param>
/// <returns>The parsed File header</returns>
public FileHeader Parse(BinaryReader reader)
{ {
/// <summary> FileHeader header = new FileHeader();
/// Parse the File header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the File header</param>
/// <returns>The parsed File header</returns>
public FileHeader Parse(BinaryReader reader)
{
FileHeader header = new FileHeader();
header.Machine = reader.ReadUInt16(); header.Machine = reader.ReadUInt16();
header.NumberOfSections = reader.ReadUInt16(); header.NumberOfSections = reader.ReadUInt16();
header.TimeDateStamp = reader.ReadUInt32(); header.TimeDateStamp = reader.ReadUInt32();
header.PointerToSymbolTable = reader.ReadUInt32(); header.PointerToSymbolTable = reader.ReadUInt32();
header.NumberOfSymbols = reader.ReadUInt32(); header.NumberOfSymbols = reader.ReadUInt32();
header.SizeOfOptionalHeader = reader.ReadUInt16(); header.SizeOfOptionalHeader = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt16(); header.Characteristics = reader.ReadUInt16();
return header; return header;
}
} }
} }

23
X86Disassembler/PE/Parsers/IParser.cs
View File

@ -1,18 +1,15 @@
using System.IO; namespace X86Disassembler.PE.Parsers;
namespace X86Disassembler.PE.Parsers /// <summary>
/// Interface for PE format component parsers
/// </summary>
/// <typeparam name="T">The type of component to parse</typeparam>
public interface IParser<out T>
{ {
/// <summary> /// <summary>
/// Interface for PE format component parsers /// Parse a component from the binary reader
/// </summary> /// </summary>
/// <typeparam name="T">The type of component to parse</typeparam> /// <param name="reader">The binary reader positioned at the start of the component</param>
public interface IParser<T> /// <returns>The parsed component</returns>
{ T Parse(BinaryReader reader);
/// <summary>
/// Parse a component from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the component</param>
/// <returns>The parsed component</returns>
T Parse(BinaryReader reader);
}
} }

322
X86Disassembler/PE/Parsers/ImportDescriptorParser.cs
View File

@ -1,192 +1,188 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text; using System.Text;
namespace X86Disassembler.PE.Parsers namespace X86Disassembler.PE.Parsers;
{
/// <summary>
/// Parser for Import Descriptors in a PE file
/// </summary>
public class ImportDescriptorParser
{
private readonly PEUtility _utility;
public ImportDescriptorParser(PEUtility utility) /// <summary>
/// Parser for Import Descriptors in a PE file
/// </summary>
public class ImportDescriptorParser
{
private readonly PEUtility _utility;
public ImportDescriptorParser(PEUtility utility)
{
_utility = utility;
}
/// <summary>
/// Parse the Import Descriptors from the binary reader
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="rva">The RVA of the Import Directory</param>
/// <returns>List of Import Descriptors</returns>
public List<ImportDescriptor> Parse(BinaryReader reader, uint rva)
{
List<ImportDescriptor> descriptors = new List<ImportDescriptor>();
try
{ {
_utility = utility; uint importTableOffset = _utility.RvaToOffset(rva);
reader.BaseStream.Seek(importTableOffset, SeekOrigin.Begin);
int descriptorCount = 0;
while (true)
{
descriptorCount++;
// Read the import descriptor
uint originalFirstThunk = reader.ReadUInt32();
uint timeDateStamp = reader.ReadUInt32();
uint forwarderChain = reader.ReadUInt32();
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
// Check if we've reached the end of the import descriptors
if (originalFirstThunk == 0 && nameRva == 0 && firstThunk == 0)
{
break;
}
ImportDescriptor descriptor = new ImportDescriptor
{
OriginalFirstThunk = originalFirstThunk,
TimeDateStamp = timeDateStamp,
ForwarderChain = forwarderChain,
Name = nameRva,
FirstThunk = firstThunk,
DllName = "Unknown" // Default name in case we can't read it
};
// Try to read the DLL name
try
{
if (nameRva != 0)
{
uint nameOffset = _utility.RvaToOffset(nameRva);
reader.BaseStream.Seek(nameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
descriptor.DllName = nameBuilder.ToString();
}
}
catch (Exception)
{
// If we can't read the name, keep the default "Unknown"
}
// Parse the imported functions
ParseImportedFunctions(reader, descriptor);
descriptors.Add(descriptor);
// Return to the import table to read the next descriptor
reader.BaseStream.Seek(importTableOffset + (descriptorCount * 20), SeekOrigin.Begin);
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing import descriptors: {ex.Message}");
// Return whatever descriptors we've managed to parse
} }
/// <summary> return descriptors;
/// Parse the Import Descriptors from the binary reader }
/// </summary>
/// <param name="reader">The binary reader</param> /// <summary>
/// <param name="rva">The RVA of the Import Directory</param> /// Parse the imported functions for a given import descriptor
/// <returns>List of Import Descriptors</returns> /// </summary>
public List<ImportDescriptor> Parse(BinaryReader reader, uint rva) /// <param name="reader">The binary reader</param>
/// <param name="descriptor">The Import Descriptor</param>
private void ParseImportedFunctions(BinaryReader reader, ImportDescriptor descriptor)
{
try
{ {
List<ImportDescriptor> descriptors = new List<ImportDescriptor>(); // Use OriginalFirstThunk if available, otherwise use FirstThunk
uint thunkRva = descriptor.OriginalFirstThunk != 0 ? descriptor.OriginalFirstThunk : descriptor.FirstThunk;
try if (thunkRva == 0)
{ {
uint importTableOffset = _utility.RvaToOffset(rva); return; // No functions to parse
reader.BaseStream.Seek(importTableOffset, SeekOrigin.Begin); }
int descriptorCount = 0; uint thunkOffset = _utility.RvaToOffset(thunkRva);
int functionCount = 0;
while (true) while (true)
{
reader.BaseStream.Seek(thunkOffset + (functionCount * 4), SeekOrigin.Begin);
uint thunkData = reader.ReadUInt32();
if (thunkData == 0)
{ {
descriptorCount++; break; // End of the function list
}
// Read the import descriptor ImportedFunction function = new ImportedFunction
uint originalFirstThunk = reader.ReadUInt32(); {
uint timeDateStamp = reader.ReadUInt32(); ThunkRVA = thunkRva + (uint)(functionCount * 4)
uint forwarderChain = reader.ReadUInt32(); };
uint nameRva = reader.ReadUInt32();
uint firstThunk = reader.ReadUInt32();
// Check if we've reached the end of the import descriptors // Check if imported by ordinal (high bit set)
if (originalFirstThunk == 0 && nameRva == 0 && firstThunk == 0) if ((thunkData & 0x80000000) != 0)
{ {
break; function.IsOrdinal = true;
} function.Ordinal = (ushort)(thunkData & 0xFFFF);
function.Name = $"Ordinal {function.Ordinal}";
ImportDescriptor descriptor = new ImportDescriptor }
{ else
OriginalFirstThunk = originalFirstThunk, {
TimeDateStamp = timeDateStamp, // Imported by name - the thunkData is an RVA to a hint/name structure
ForwarderChain = forwarderChain,
Name = nameRva,
FirstThunk = firstThunk,
DllName = "Unknown" // Default name in case we can't read it
};
// Try to read the DLL name
try try
{ {
if (nameRva != 0) uint hintNameOffset = _utility.RvaToOffset(thunkData);
reader.BaseStream.Seek(hintNameOffset, SeekOrigin.Begin);
// Read the hint (2 bytes)
function.Hint = reader.ReadUInt16();
// Read the function name (null-terminated ASCII string)
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{ {
uint nameOffset = _utility.RvaToOffset(nameRva); nameBuilder.Append((char)b);
reader.BaseStream.Seek(nameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
descriptor.DllName = nameBuilder.ToString();
} }
}
catch (Exception)
{
// If we can't read the name, keep the default "Unknown"
}
// Parse the imported functions function.Name = nameBuilder.ToString();
ParseImportedFunctions(reader, descriptor);
descriptors.Add(descriptor); if (string.IsNullOrEmpty(function.Name))
// Return to the import table to read the next descriptor
reader.BaseStream.Seek(importTableOffset + (descriptorCount * 20), SeekOrigin.Begin);
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing import descriptors: {ex.Message}");
// Return whatever descriptors we've managed to parse
}
return descriptors;
}
/// <summary>
/// Parse the imported functions for a given import descriptor
/// </summary>
/// <param name="reader">The binary reader</param>
/// <param name="descriptor">The Import Descriptor</param>
private void ParseImportedFunctions(BinaryReader reader, ImportDescriptor descriptor)
{
try
{
// Use OriginalFirstThunk if available, otherwise use FirstThunk
uint thunkRva = descriptor.OriginalFirstThunk != 0 ? descriptor.OriginalFirstThunk : descriptor.FirstThunk;
if (thunkRva == 0)
{
return; // No functions to parse
}
uint thunkOffset = _utility.RvaToOffset(thunkRva);
int functionCount = 0;
while (true)
{
reader.BaseStream.Seek(thunkOffset + (functionCount * 4), SeekOrigin.Begin);
uint thunkData = reader.ReadUInt32();
if (thunkData == 0)
{
break; // End of the function list
}
ImportedFunction function = new ImportedFunction
{
ThunkRVA = thunkRva + (uint)(functionCount * 4)
};
// Check if imported by ordinal (high bit set)
if ((thunkData & 0x80000000) != 0)
{
function.IsOrdinal = true;
function.Ordinal = (ushort)(thunkData & 0xFFFF);
function.Name = $"Ordinal {function.Ordinal}";
}
else
{
// Imported by name - the thunkData is an RVA to a hint/name structure
try
{
uint hintNameOffset = _utility.RvaToOffset(thunkData);
reader.BaseStream.Seek(hintNameOffset, SeekOrigin.Begin);
// Read the hint (2 bytes)
function.Hint = reader.ReadUInt16();
// Read the function name (null-terminated ASCII string)
StringBuilder nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBuilder.Append((char)b);
}
function.Name = nameBuilder.ToString();
if (string.IsNullOrEmpty(function.Name))
{
function.Name = $"Function_at_{thunkData:X8}";
}
}
catch (Exception)
{ {
function.Name = $"Function_at_{thunkData:X8}"; function.Name = $"Function_at_{thunkData:X8}";
} }
} }
catch (Exception)
descriptor.Functions.Add(function); {
functionCount++; function.Name = $"Function_at_{thunkData:X8}";
}
} }
descriptor.Functions.Add(function);
functionCount++;
} }
catch (Exception ex) }
{ catch (Exception ex)
Console.WriteLine($"Error parsing imported functions for {descriptor.DllName}: {ex.Message}"); {
} Console.WriteLine($"Error parsing imported functions for {descriptor.DllName}: {ex.Message}");
} }
} }
} }

198
X86Disassembler/PE/Parsers/OptionalHeaderParser.cs
View File

@ -1,114 +1,110 @@
using System; namespace X86Disassembler.PE.Parsers;
using System.IO;
namespace X86Disassembler.PE.Parsers /// <summary>
/// Parser for the Optional header of a PE file
/// </summary>
public class OptionalHeaderParser : IParser<OptionalHeader>
{ {
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
/// <summary> /// <summary>
/// Parser for the Optional header of a PE file /// Parse the Optional header from the binary reader
/// </summary> /// </summary>
public class OptionalHeaderParser : IParser<OptionalHeader> /// <param name="reader">The binary reader positioned at the start of the Optional header</param>
/// <returns>The parsed Optional header</returns>
public OptionalHeader Parse(BinaryReader reader)
{ {
// Optional Header Magic values OptionalHeader header = new OptionalHeader();
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable bool is64Bit;
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
/// <summary> // Standard fields
/// Parse the Optional header from the binary reader header.Magic = reader.ReadUInt16();
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the Optional header</param> // Determine if this is a PE32 or PE32+ file
/// <returns>The parsed Optional header</returns> is64Bit = header.Magic == PE32PLUS_MAGIC;
public OptionalHeader Parse(BinaryReader reader)
header.MajorLinkerVersion = reader.ReadByte();
header.MinorLinkerVersion = reader.ReadByte();
header.SizeOfCode = reader.ReadUInt32();
header.SizeOfInitializedData = reader.ReadUInt32();
header.SizeOfUninitializedData = reader.ReadUInt32();
header.AddressOfEntryPoint = reader.ReadUInt32();
header.BaseOfCode = reader.ReadUInt32();
// PE32 has BaseOfData, PE32+ doesn't
if (!is64Bit)
{ {
OptionalHeader header = new OptionalHeader(); header.BaseOfData = reader.ReadUInt32();
bool is64Bit;
// Standard fields
header.Magic = reader.ReadUInt16();
// Determine if this is a PE32 or PE32+ file
is64Bit = header.Magic == PE32PLUS_MAGIC;
header.MajorLinkerVersion = reader.ReadByte();
header.MinorLinkerVersion = reader.ReadByte();
header.SizeOfCode = reader.ReadUInt32();
header.SizeOfInitializedData = reader.ReadUInt32();
header.SizeOfUninitializedData = reader.ReadUInt32();
header.AddressOfEntryPoint = reader.ReadUInt32();
header.BaseOfCode = reader.ReadUInt32();
// PE32 has BaseOfData, PE32+ doesn't
if (!is64Bit)
{
header.BaseOfData = reader.ReadUInt32();
}
// Windows-specific fields
if (is64Bit)
{
header.ImageBase = reader.ReadUInt64();
}
else
{
header.ImageBase = reader.ReadUInt32();
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = reader.ReadUInt16();
header.DllCharacteristics = reader.ReadUInt16();
// Size fields differ between PE32 and PE32+
if (is64Bit)
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
// Data directories
int numDirectories = (int)Math.Min(header.NumberOfRvaAndSizes, 16); // Maximum of 16 directories
header.DataDirectories = new DataDirectory[numDirectories];
for (int i = 0; i < numDirectories; i++)
{
DataDirectory dir = new DataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
header.DataDirectories[i] = dir;
}
return header;
} }
/// <summary> // Windows-specific fields
/// Determines if the PE file is 64-bit based on the Optional header if (is64Bit)
/// </summary>
/// <param name="header">The Optional header</param>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit(OptionalHeader header)
{ {
return header.Magic == PE32PLUS_MAGIC; header.ImageBase = reader.ReadUInt64();
} }
else
{
header.ImageBase = reader.ReadUInt32();
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.MajorOperatingSystemVersion = reader.ReadUInt16();
header.MinorOperatingSystemVersion = reader.ReadUInt16();
header.MajorImageVersion = reader.ReadUInt16();
header.MinorImageVersion = reader.ReadUInt16();
header.MajorSubsystemVersion = reader.ReadUInt16();
header.MinorSubsystemVersion = reader.ReadUInt16();
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.CheckSum = reader.ReadUInt32();
header.Subsystem = reader.ReadUInt16();
header.DllCharacteristics = reader.ReadUInt16();
// Size fields differ between PE32 and PE32+
if (is64Bit)
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
header.LoaderFlags = reader.ReadUInt32();
header.NumberOfRvaAndSizes = reader.ReadUInt32();
// Data directories
int numDirectories = (int)Math.Min(header.NumberOfRvaAndSizes, 16); // Maximum of 16 directories
header.DataDirectories = new DataDirectory[numDirectories];
for (int i = 0; i < numDirectories; i++)
{
DataDirectory dir = new DataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
header.DataDirectories[i] = dir;
}
return header;
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Optional header
/// </summary>
/// <param name="header">The Optional header</param>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit(OptionalHeader header)
{
return header.Magic == PE32PLUS_MAGIC;
} }
} }

52
X86Disassembler/PE/Parsers/SectionHeaderParser.cs
View File

@ -1,38 +1,36 @@
using System.IO;
using System.Text; using System.Text;
namespace X86Disassembler.PE.Parsers namespace X86Disassembler.PE.Parsers;
/// <summary>
/// Parser for section headers in a PE file
/// </summary>
public class SectionHeaderParser : IParser<SectionHeader>
{ {
/// <summary> /// <summary>
/// Parser for section headers in a PE file /// Parse a section header from the binary reader
/// </summary> /// </summary>
public class SectionHeaderParser : IParser<SectionHeader> /// <param name="reader">The binary reader positioned at the start of the section header</param>
/// <returns>The parsed section header</returns>
public SectionHeader Parse(BinaryReader reader)
{ {
/// <summary> SectionHeader header = new SectionHeader();
/// Parse a section header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the section header</param>
/// <returns>The parsed section header</returns>
public SectionHeader Parse(BinaryReader reader)
{
SectionHeader header = new SectionHeader();
// Read section name (8 bytes) // Read section name (8 bytes)
byte[] nameBytes = reader.ReadBytes(8); byte[] nameBytes = reader.ReadBytes(8);
// Convert to string, removing any null characters // Convert to string, removing any null characters
header.Name = Encoding.ASCII.GetString(nameBytes).TrimEnd('\0'); header.Name = Encoding.ASCII.GetString(nameBytes).TrimEnd('\0');
header.VirtualSize = reader.ReadUInt32(); header.VirtualSize = reader.ReadUInt32();
header.VirtualAddress = reader.ReadUInt32(); header.VirtualAddress = reader.ReadUInt32();
header.SizeOfRawData = reader.ReadUInt32(); header.SizeOfRawData = reader.ReadUInt32();
header.PointerToRawData = reader.ReadUInt32(); header.PointerToRawData = reader.ReadUInt32();
header.PointerToRelocations = reader.ReadUInt32(); header.PointerToRelocations = reader.ReadUInt32();
header.PointerToLinenumbers = reader.ReadUInt32(); header.PointerToLinenumbers = reader.ReadUInt32();
header.NumberOfRelocations = reader.ReadUInt16(); header.NumberOfRelocations = reader.ReadUInt16();
header.NumberOfLinenumbers = reader.ReadUInt16(); header.NumberOfLinenumbers = reader.ReadUInt16();
header.Characteristics = reader.ReadUInt32(); header.Characteristics = reader.ReadUInt32();
return header; return header;
}
} }
} }

121
X86Disassembler/PE/SectionHeader.cs
View File

@ -1,71 +1,70 @@
namespace X86Disassembler.PE namespace X86Disassembler.PE;
/// <summary>
/// Represents a section header in a PE file
/// </summary>
public class SectionHeader
{ {
// Section characteristics flags
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable
public string Name; // Section name
public uint VirtualSize; // Virtual size
public uint VirtualAddress; // Virtual address
public uint SizeOfRawData; // Size of raw data
public uint PointerToRawData; // Pointer to raw data
public uint PointerToRelocations; // Pointer to relocations
public uint PointerToLinenumbers; // Pointer to line numbers
public ushort NumberOfRelocations; // Number of relocations
public ushort NumberOfLinenumbers; // Number of line numbers
public uint Characteristics; // Characteristics
/// <summary> /// <summary>
/// Represents a section header in a PE file /// Initializes a new instance of the SectionHeader class
/// </summary> /// </summary>
public class SectionHeader public SectionHeader()
{ {
// Section characteristics flags // Initialize string field to avoid nullability warning
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code Name = string.Empty;
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable }
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable
public string Name; // Section name /// <summary>
public uint VirtualSize; // Virtual size /// Checks if the section contains code
public uint VirtualAddress; // Virtual address /// </summary>
public uint SizeOfRawData; // Size of raw data /// <returns>True if the section contains code, false otherwise</returns>
public uint PointerToRawData; // Pointer to raw data public bool ContainsCode()
public uint PointerToRelocations; // Pointer to relocations {
public uint PointerToLinenumbers; // Pointer to line numbers return (Characteristics & IMAGE_SCN_CNT_CODE) != 0 ||
public ushort NumberOfRelocations; // Number of relocations (Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
public ushort NumberOfLinenumbers; // Number of line numbers }
public uint Characteristics; // Characteristics
/// <summary> /// <summary>
/// Initializes a new instance of the SectionHeader class /// Checks if the section is readable
/// </summary> /// </summary>
public SectionHeader() /// <returns>True if the section is readable, false otherwise</returns>
{ public bool IsReadable()
// Initialize string field to avoid nullability warning {
Name = string.Empty; return (Characteristics & IMAGE_SCN_MEM_READ) != 0;
} }
/// <summary> /// <summary>
/// Checks if the section contains code /// Checks if the section is writable
/// </summary> /// </summary>
/// <returns>True if the section contains code, false otherwise</returns> /// <returns>True if the section is writable, false otherwise</returns>
public bool ContainsCode() public bool IsWritable()
{ {
return (Characteristics & IMAGE_SCN_CNT_CODE) != 0 || return (Characteristics & IMAGE_SCN_MEM_WRITE) != 0;
(Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0; }
}
/// <summary> /// <summary>
/// Checks if the section is readable /// Checks if the section is executable
/// </summary> /// </summary>
/// <returns>True if the section is readable, false otherwise</returns> /// <returns>True if the section is executable, false otherwise</returns>
public bool IsReadable() public bool IsExecutable()
{ {
return (Characteristics & IMAGE_SCN_MEM_READ) != 0; return (Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
/// <summary>
/// Checks if the section is writable
/// </summary>
/// <returns>True if the section is writable, false otherwise</returns>
public bool IsWritable()
{
return (Characteristics & IMAGE_SCN_MEM_WRITE) != 0;
}
/// <summary>
/// Checks if the section is executable
/// </summary>
/// <returns>True if the section is executable, false otherwise</returns>
public bool IsExecutable()
{
return (Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
} }
} }

237
X86Disassembler/Program.cs
View File

@ -1,148 +1,145 @@
using System;
using System.IO;
using X86Disassembler.PE; using X86Disassembler.PE;
namespace X86Disassembler namespace X86Disassembler;
internal class Program
{ {
internal class Program // Path to the DLL file to disassemble
private const string DllPath = @"C:\Program Files (x86)\Nikita\Iron Strategy\Terrain.dll"; // Example path, replace with your target DLL
static void Main(string[] args)
{ {
// Path to the DLL file to disassemble Console.WriteLine("X86 Disassembler and Decompiler");
private const string DllPath = @"C:\Program Files (x86)\Nikita\Iron Strategy\Terrain.dll"; // Example path, replace with your target DLL Console.WriteLine("--------------------------------");
static void Main(string[] args) Console.WriteLine($"Loading file: {DllPath}");
// Load the DLL file
byte[] binaryData = File.ReadAllBytes(DllPath);
Console.WriteLine($"Successfully loaded {DllPath}");
Console.WriteLine($"File size: {binaryData.Length} bytes");
// Create the PE format parser
PEFormat peFile = new PEFormat(binaryData);
// Parse the PE format
Console.WriteLine("\nParsing PE format...");
if (!peFile.Parse())
{ {
Console.WriteLine("X86 Disassembler and Decompiler"); Console.WriteLine("Failed to parse PE file. Exiting.");
Console.WriteLine("--------------------------------"); return;
Console.WriteLine($"Loading file: {DllPath}");
// Load the DLL file
byte[] binaryData = File.ReadAllBytes(DllPath);
Console.WriteLine($"Successfully loaded {DllPath}");
Console.WriteLine($"File size: {binaryData.Length} bytes");
// Create the PE format parser
PEFormat peFile = new PEFormat(binaryData);
// Parse the PE format
Console.WriteLine("\nParsing PE format...");
if (!peFile.Parse())
{
Console.WriteLine("Failed to parse PE file. Exiting.");
return;
}
// Display basic PE information
DisplayPEInfo(peFile);
// Display exported functions
DisplayExportedFunctions(peFile);
// Display imported functions
DisplayImportedFunctions(peFile);
// Find code sections for disassembly
var codeSections = peFile.GetCodeSections();
Console.WriteLine($"\nFound {codeSections.Count} code section(s):");
foreach (int sectionIndex in codeSections)
{
var section = peFile.SectionHeaders[sectionIndex];
Console.WriteLine($" - {section.Name}: Size={section.SizeOfRawData} bytes, RVA=0x{section.VirtualAddress:X8}");
// Get the section data for disassembly
byte[] sectionData = peFile.GetSectionData(sectionIndex);
// TODO: Implement disassembling logic here
// This is where we would pass the section data to our disassembler
}
Console.WriteLine("\nPress any key to exit...");
Console.ReadKey();
} }
private static void DisplayPEInfo(PEFormat peFile) // Display basic PE information
DisplayPEInfo(peFile);
// Display exported functions
DisplayExportedFunctions(peFile);
// Display imported functions
DisplayImportedFunctions(peFile);
// Find code sections for disassembly
var codeSections = peFile.GetCodeSections();
Console.WriteLine($"\nFound {codeSections.Count} code section(s):");
foreach (int sectionIndex in codeSections)
{ {
Console.WriteLine("\nPE File Information:"); var section = peFile.SectionHeaders[sectionIndex];
Console.WriteLine($"Architecture: {(peFile.Is64Bit ? "64-bit" : "32-bit")}"); Console.WriteLine($" - {section.Name}: Size={section.SizeOfRawData} bytes, RVA=0x{section.VirtualAddress:X8}");
Console.WriteLine($"Entry Point: 0x{peFile.OptionalHeader.AddressOfEntryPoint:X8}");
Console.WriteLine($"Image Base: 0x{peFile.OptionalHeader.ImageBase:X}");
Console.WriteLine($"Number of Sections: {peFile.FileHeader.NumberOfSections}");
// Display section information // Get the section data for disassembly
Console.WriteLine("\nSections:"); byte[] sectionData = peFile.GetSectionData(sectionIndex);
for (int i = 0; i < peFile.SectionHeaders.Count; i++)
{
var section = peFile.SectionHeaders[i];
string flags = "";
if ((section.Characteristics & 0x00000020) != 0) flags += "Code "; // IMAGE_SCN_CNT_CODE // TODO: Implement disassembling logic here
if ((section.Characteristics & 0x20000000) != 0) flags += "Exec "; // IMAGE_SCN_MEM_EXECUTE // This is where we would pass the section data to our disassembler
if ((section.Characteristics & 0x40000000) != 0) flags += "Read "; // IMAGE_SCN_MEM_READ
if ((section.Characteristics & 0x80000000) != 0) flags += "Write"; // IMAGE_SCN_MEM_WRITE
Console.WriteLine($" {i}: {section.Name,-8} VA=0x{section.VirtualAddress:X8} Size={section.SizeOfRawData,-8} [{flags}]");
}
} }
private static void DisplayExportedFunctions(PEFormat peFile) Console.WriteLine("\nPress any key to exit...");
Console.ReadKey();
}
private static void DisplayPEInfo(PEFormat peFile)
{
Console.WriteLine("\nPE File Information:");
Console.WriteLine($"Architecture: {(peFile.Is64Bit ? "64-bit" : "32-bit")}");
Console.WriteLine($"Entry Point: 0x{peFile.OptionalHeader.AddressOfEntryPoint:X8}");
Console.WriteLine($"Image Base: 0x{peFile.OptionalHeader.ImageBase:X}");
Console.WriteLine($"Number of Sections: {peFile.FileHeader.NumberOfSections}");
// Display section information
Console.WriteLine("\nSections:");
for (int i = 0; i < peFile.SectionHeaders.Count; i++)
{ {
if (peFile.ExportDirectory == null) var section = peFile.SectionHeaders[i];
{ string flags = "";
Console.WriteLine("\nNo exported functions found.");
return;
}
Console.WriteLine("\nExported Functions:"); if ((section.Characteristics & 0x00000020) != 0) flags += "Code "; // IMAGE_SCN_CNT_CODE
Console.WriteLine($"DLL Name: {peFile.ExportDirectory.DllName}"); if ((section.Characteristics & 0x20000000) != 0) flags += "Exec "; // IMAGE_SCN_MEM_EXECUTE
Console.WriteLine($"Number of Functions: {peFile.ExportDirectory.NumberOfFunctions}"); if ((section.Characteristics & 0x40000000) != 0) flags += "Read "; // IMAGE_SCN_MEM_READ
Console.WriteLine($"Number of Names: {peFile.ExportDirectory.NumberOfNames}"); if ((section.Characteristics & 0x80000000) != 0) flags += "Write"; // IMAGE_SCN_MEM_WRITE
// Display all exported functions Console.WriteLine($" {i}: {section.Name,-8} VA=0x{section.VirtualAddress:X8} Size={section.SizeOfRawData,-8} [{flags}]");
for (int i = 0; i < peFile.ExportedFunctions.Count; i++) }
{ }
var function = peFile.ExportedFunctions[i];
Console.WriteLine($" {i}: {function.Name} (Ordinal={function.Ordinal}, RVA=0x{function.Address:X8})"); private static void DisplayExportedFunctions(PEFormat peFile)
} {
if (peFile.ExportDirectory == null)
{
Console.WriteLine("\nNo exported functions found.");
return;
} }
private static void DisplayImportedFunctions(PEFormat peFile) Console.WriteLine("\nExported Functions:");
Console.WriteLine($"DLL Name: {peFile.ExportDirectory.DllName}");
Console.WriteLine($"Number of Functions: {peFile.ExportDirectory.NumberOfFunctions}");
Console.WriteLine($"Number of Names: {peFile.ExportDirectory.NumberOfNames}");
// Display all exported functions
for (int i = 0; i < peFile.ExportedFunctions.Count; i++)
{ {
if (peFile.ImportDescriptors.Count == 0) var function = peFile.ExportedFunctions[i];
Console.WriteLine($" {i}: {function.Name} (Ordinal={function.Ordinal}, RVA=0x{function.Address:X8})");
}
}
private static void DisplayImportedFunctions(PEFormat peFile)
{
if (peFile.ImportDescriptors.Count == 0)
{
Console.WriteLine("\nNo imported functions found.");
return;
}
Console.WriteLine("\nImported Functions:");
Console.WriteLine($"Number of Imported DLLs: {peFile.ImportDescriptors.Count}");
// Display all imported DLLs and their functions
for (int i = 0; i < peFile.ImportDescriptors.Count; i++)
{
var descriptor = peFile.ImportDescriptors[i];
Console.WriteLine($" DLL: {descriptor.DllName}");
// Display all functions from this DLL
for (int j = 0; j < descriptor.Functions.Count; j++)
{ {
Console.WriteLine("\nNo imported functions found."); var function = descriptor.Functions[j];
return; if (function.IsOrdinal)
}
Console.WriteLine("\nImported Functions:");
Console.WriteLine($"Number of Imported DLLs: {peFile.ImportDescriptors.Count}");
// Display all imported DLLs and their functions
for (int i = 0; i < peFile.ImportDescriptors.Count; i++)
{
var descriptor = peFile.ImportDescriptors[i];
Console.WriteLine($" DLL: {descriptor.DllName}");
// Display all functions from this DLL
for (int j = 0; j < descriptor.Functions.Count; j++)
{ {
var function = descriptor.Functions[j]; Console.WriteLine($" {j}: Ordinal {function.Ordinal}");
if (function.IsOrdinal)
{
Console.WriteLine($" {j}: Ordinal {function.Ordinal}");
}
else
{
Console.WriteLine($" {j}: {function.Name} (Hint={function.Hint})");
}
} }
else
if (i < peFile.ImportDescriptors.Count - 1)
{ {
Console.WriteLine(); // Add a blank line between DLLs for better readability Console.WriteLine($" {j}: {function.Name} (Hint={function.Hint})");
} }
} }
if (i < peFile.ImportDescriptors.Count - 1)
{
Console.WriteLine(); // Add a blank line between DLLs for better readability
}
} }
} }
} }