mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-07-01 04:40:25 +03:00
Code Issues Releases Activity

refactorings

Browse Source
This commit is contained in:
bird_egop
2025-04-20 19:54:52 +03:00
parent 1c7054781c
commit c044db1b96
30 changed files with 513 additions and 863 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
X86Disassembler/PE/DOSHeader.cs
View File

@ -1,37 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents the DOS header of a PE file
/// </summary>
public class DOSHeader
{
public ushort e_magic; // Magic number (MZ)
public ushort e_cblp; // Bytes on last page of file
public ushort e_cp; // Pages in file
public ushort e_crlc; // Relocations
public ushort e_cparhdr; // Size of header in paragraphs
public ushort e_minalloc; // Minimum extra paragraphs needed
public ushort e_maxalloc; // Maximum extra paragraphs needed
public ushort e_ss; // Initial (relative) SS value
public ushort e_sp; // Initial SP value
public ushort e_csum; // Checksum
public ushort e_ip; // Initial IP value
public ushort e_cs; // Initial (relative) CS value
public ushort e_lfarlc; // File address of relocation table
public ushort e_ovno; // Overlay number
public ushort[] e_res; // Reserved words
public ushort e_oemid; // OEM identifier (for e_oeminfo)
public ushort e_oeminfo; // OEM information; e_oemid specific
public ushort[] e_res2; // Reserved words
public uint e_lfanew; // File address of new exe header
/// <summary>
/// Initializes a new instance of the DOSHeader class
/// </summary>
public DOSHeader()
{
// Initialize arrays to avoid nullability warnings
e_res = new ushort[4];
e_res2 = new ushort[10];
}
}

9
X86Disassembler/PE/DataDirectory.cs
View File

@ -1,9 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents a data directory in the optional header
/// </summary>
public class DataDirectory
{
public uint VirtualAddress; // RVA of the table
public uint Size; // Size of the table
}

29
X86Disassembler/PE/ExportDirectory.cs
View File

@ -1,29 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents the Export Directory of a PE file
/// </summary>
public class ExportDirectory
{
public uint Characteristics; // Reserved, must be 0
public uint TimeDateStamp; // Time and date stamp
public ushort MajorVersion; // Major version
public ushort MinorVersion; // Minor version
public uint DllNameRva; // RVA of the name of the DLL
public string DllName; // The actual name of the DLL
public uint Base; // Ordinal base
public uint NumberOfFunctions; // Number of functions
public uint NumberOfNames; // Number of names
public uint AddressOfFunctions; // RVA of the export address table
public uint AddressOfNames; // RVA of the export names table
public uint AddressOfNameOrdinals; // RVA of the ordinal table
/// <summary>
/// Initializes a new instance of the ExportDirectory class
/// </summary>
public ExportDirectory()
{
// Initialize string field to avoid nullability warning
DllName = string.Empty;
}
}

23
X86Disassembler/PE/ExportedFunction.cs
View File

@ -1,23 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents an exported function in a PE file
/// </summary>
public class ExportedFunction
{
public string Name; // Function name
public ushort Ordinal; // Function ordinal
public uint AddressRva; // Function RVA
public bool IsForwarder; // True if this is a forwarder
public string ForwarderName; // Name of the forwarded function
/// <summary>
/// Initializes a new instance of the ExportedFunction class
/// </summary>
public ExportedFunction()
{
// Initialize string fields to avoid nullability warnings
Name = string.Empty;
ForwarderName = string.Empty;
}
}

15
X86Disassembler/PE/FileHeader.cs
View File

@ -1,15 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents the File header of a PE file
/// </summary>
public class FileHeader
{
public ushort Machine; // Target machine type
public ushort NumberOfSections; // Number of sections
public uint TimeDateStamp; // Time and date stamp
public uint PointerToSymbolTable; // File pointer to COFF symbol table
public uint NumberOfSymbols; // Number of symbols
public ushort SizeOfOptionalHeader; // Size of optional header
public ushort Characteristics; // Characteristics
}

25
X86Disassembler/PE/ImportDescriptor.cs
View File

@ -1,25 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents an Import Descriptor in a PE file
/// </summary>
public class ImportDescriptor
{
public uint OriginalFirstThunkRva; // RVA to original first thunk
public uint TimeDateStamp; // Time and date stamp
public uint ForwarderChain; // Forwarder chain
public uint DllNameRva; // RVA to the name of the DLL
public string DllName; // The actual name of the DLL
public uint FirstThunkRva; // RVA to first thunk
public List<ImportedFunction> Functions { get; } = new List<ImportedFunction>();
/// <summary>
/// Initializes a new instance of the ImportDescriptor class
/// </summary>
public ImportDescriptor()
{
// Initialize string field to avoid nullability warning
DllName = string.Empty;
}
}

22
X86Disassembler/PE/ImportedFunction.cs
View File

@ -1,22 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents an imported function in a PE file
/// </summary>
public class ImportedFunction
{
public string Name; // Function name
public ushort Hint; // Hint value
public bool IsOrdinal; // True if imported by ordinal
public ushort Ordinal; // Ordinal value (if imported by ordinal)
public uint ThunkRva; // RVA of the thunk for this function
/// <summary>
/// Initializes a new instance of the ImportedFunction class
/// </summary>
public ImportedFunction()
{
// Initialize string field to avoid nullability warning
Name = string.Empty;
}
}

72
X86Disassembler/PE/OptionalHeader.cs
View File

@ -1,72 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents the Optional header of a PE file
/// </summary>
public class OptionalHeader
{
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
// Standard fields
public ushort Magic; // Magic number (PE32 or PE32+)
public byte MajorLinkerVersion; // Major linker version
public byte MinorLinkerVersion; // Minor linker version
public uint SizeOfCode; // Size of code section
public uint SizeOfInitializedData; // Size of initialized data section
public uint SizeOfUninitializedData; // Size of uninitialized data section
public uint AddressOfEntryPoint; // Address of entry point
public uint BaseOfCode; // Base of code section
public uint BaseOfData; // Base of data section (PE32 only)
// Windows-specific fields
public ulong ImageBase; // Image base address (uint for PE32, ulong for PE32+)
public uint SectionAlignment; // Section alignment
public uint FileAlignment; // File alignment
public ushort MajorOperatingSystemVersion; // Major OS version
public ushort MinorOperatingSystemVersion; // Minor OS version
public ushort MajorImageVersion; // Major image version
public ushort MinorImageVersion; // Minor image version
public ushort MajorSubsystemVersion; // Major subsystem version
public ushort MinorSubsystemVersion; // Minor subsystem version
public uint Win32VersionValue; // Win32 version value
public uint SizeOfImage; // Size of image
public uint SizeOfHeaders; // Size of headers
public uint CheckSum; // Checksum
public ushort Subsystem; // Subsystem
public ushort DllCharacteristics; // DLL characteristics
public ulong SizeOfStackReserve; // Size of stack reserve (uint for PE32, ulong for PE32+)
public ulong SizeOfStackCommit; // Size of stack commit (uint for PE32, ulong for PE32+)
public ulong SizeOfHeapReserve; // Size of heap reserve (uint for PE32, ulong for PE32+)
public ulong SizeOfHeapCommit; // Size of heap commit (uint for PE32, ulong for PE32+)
public uint LoaderFlags; // Loader flags
public uint NumberOfRvaAndSizes; // Number of RVA and sizes
public DataDirectory[] DataDirectories; // Data directories
/// <summary>
/// Initializes a new instance of the OptionalHeader class
/// </summary>
public OptionalHeader()
{
// Initialize object fields to avoid nullability warnings
ImageBase = 0u; // Default to 32-bit value
SizeOfStackReserve = 0u;
SizeOfStackCommit = 0u;
SizeOfHeapReserve = 0u;
SizeOfHeapCommit = 0u;
// Initialize array to avoid nullability warning
DataDirectories = [];
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Magic value
/// </summary>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit()
{
return Magic == PE32PLUS_MAGIC;
}
}

2
X86Disassembler/PE/PEUtility.cs
View File

@ -1,3 +1,5 @@
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE;
/// <summary>

9
X86Disassembler/PE/Parsers/DOSHeaderParser.cs
View File

@ -1,3 +1,5 @@
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
/// <summary>
@ -8,14 +10,9 @@ public class DOSHeaderParser : IParser<DOSHeader>
// DOS Header constants
private const ushort DOS_SIGNATURE = 0x5A4D; // 'MZ'
/// <summary>
/// Parse the DOS header from the binary reader
/// </summary>
/// <param name="reader">The binary reader positioned at the start of the DOS header</param>
/// <returns>The parsed DOS header</returns>
public DOSHeader Parse(BinaryReader reader)
{
DOSHeader header = new DOSHeader();
var header = new DOSHeader();
header.e_magic = reader.ReadUInt16();
if (header.e_magic != DOS_SIGNATURE)

35
X86Disassembler/PE/Parsers/ExportDirectoryParser.cs
View File

@ -1,4 +1,5 @@
using System.Text;
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
@ -38,15 +39,11 @@ public class ExportDirectoryParser
directory.AddressOfNames = reader.ReadUInt32();
directory.AddressOfNameOrdinals = reader.ReadUInt32();
// Read the DLL name
try
{
uint dllNameRVA = directory.DllNameRva;
uint dllNameOffset = _utility.RvaToOffset(dllNameRVA);
uint dllNameOffset = _utility.RvaToOffset(directory.DllNameRva);
reader.BaseStream.Seek(dllNameOffset, SeekOrigin.Begin);
// Read the null-terminated ASCII string
StringBuilder nameBuilder = new StringBuilder();
var nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
@ -55,11 +52,6 @@ public class ExportDirectoryParser
}
directory.DllName = nameBuilder.ToString();
}
catch (Exception)
{
directory.DllName = "Unknown";
}
return directory;
}
@ -76,11 +68,6 @@ public class ExportDirectoryParser
{
List<ExportedFunction> exportedFunctions = new List<ExportedFunction>();
if (directory == null)
{
return exportedFunctions;
}
// Read the array of function addresses (RVAs)
uint[] functionRVAs = new uint[directory.NumberOfFunctions];
reader.BaseStream.Seek(_utility.RvaToOffset(directory.AddressOfFunctions), SeekOrigin.Begin);
@ -111,13 +98,14 @@ public class ExportDirectoryParser
{
// Read the function name
reader.BaseStream.Seek(_utility.RvaToOffset(nameRVAs[i]), SeekOrigin.Begin);
List<byte> nameBytes = new List<byte>();
var nameBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
nameBytes.Add(b);
nameBuilder.Append((char) b);
}
string name = Encoding.ASCII.GetString(nameBytes.ToArray());
string name = nameBuilder.ToString();
// Map the ordinal to the name
ordinalToName[nameOrdinals[i]] = name;
@ -139,7 +127,7 @@ public class ExportDirectoryParser
// Check if this function has a name
if (ordinalToName.TryGetValue(i, out string? name))
{
function.Name = name ?? $"Ordinal_{function.Ordinal}";
function.Name = name;
}
else
{
@ -155,13 +143,14 @@ public class ExportDirectoryParser
// Read the forwarder string
reader.BaseStream.Seek(_utility.RvaToOffset(functionRVA), SeekOrigin.Begin);
List<byte> forwarderBytes = new List<byte>();
var forwarderBuilder = new StringBuilder();
byte b;
while ((b = reader.ReadByte()) != 0)
{
forwarderBytes.Add(b);
forwarderBuilder.Append((char) b);
}
function.ForwarderName = Encoding.ASCII.GetString(forwarderBytes.ToArray());
function.ForwarderName = forwarderBuilder.ToString();
}
exportedFunctions.Add(function);

4
X86Disassembler/PE/Parsers/FileHeaderParser.cs
View File

@ -1,3 +1,5 @@
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
/// <summary>
@ -12,7 +14,7 @@ public class FileHeaderParser : IParser<FileHeader>
/// <returns>The parsed File header</returns>
public FileHeader Parse(BinaryReader reader)
{
FileHeader header = new FileHeader();
var header = new FileHeader();
header.Machine = reader.ReadUInt16();
header.NumberOfSections = reader.ReadUInt16();

40
X86Disassembler/PE/Parsers/ImportDescriptorParser.cs
View File

@ -1,4 +1,5 @@
using System.Text;
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
@ -22,10 +23,8 @@ public class ImportDescriptorParser
/// <returns>List of Import Descriptors</returns>
public List<ImportDescriptor> Parse(BinaryReader reader, uint rva)
{
List<ImportDescriptor> descriptors = new List<ImportDescriptor>();
var descriptors = new List<ImportDescriptor>();
try
{
uint importTableOffset = _utility.RvaToOffset(rva);
reader.BaseStream.Seek(importTableOffset, SeekOrigin.Begin);
@ -55,12 +54,9 @@ public class ImportDescriptorParser
ForwarderChain = forwarderChain,
DllNameRva = nameRva,
FirstThunkRva = firstThunk,
DllName = "Unknown" // Default name in case we can't read it
DllName = "Unknown"
};
// Try to read the DLL name
try
{
if (nameRva != 0)
{
uint nameOffset = _utility.RvaToOffset(nameRva);
@ -77,11 +73,6 @@ public class ImportDescriptorParser
descriptor.DllName = nameBuilder.ToString();
}
}
catch (Exception)
{
// If we can't read the name, keep the default "Unknown"
}
// Parse the imported functions
ParseImportedFunctions(reader, descriptor);
@ -91,12 +82,6 @@ public class ImportDescriptorParser
// Return to the import table to read the next descriptor
reader.BaseStream.Seek(importTableOffset + (descriptorCount * 20), SeekOrigin.Begin);
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing import descriptors: {ex.Message}");
// Return whatever descriptors we've managed to parse
}
return descriptors;
}
@ -107,11 +92,11 @@ public class ImportDescriptorParser
/// <param name="reader">The binary reader</param>
/// <param name="descriptor">The Import Descriptor</param>
private void ParseImportedFunctions(BinaryReader reader, ImportDescriptor descriptor)
{
try
{
// Use OriginalFirstThunk if available, otherwise use FirstThunk
uint thunkRva = descriptor.OriginalFirstThunkRva != 0 ? descriptor.OriginalFirstThunkRva : descriptor.FirstThunkRva;
uint thunkRva = descriptor.OriginalFirstThunkRva != 0
? descriptor.OriginalFirstThunkRva
: descriptor.FirstThunkRva;
if (thunkRva == 0)
{
@ -146,8 +131,7 @@ public class ImportDescriptorParser
else
{
// Imported by name - the thunkData is an RVA to a hint/name structure
try
{
uint hintNameOffset = _utility.RvaToOffset(thunkData);
reader.BaseStream.Seek(hintNameOffset, SeekOrigin.Begin);
@ -170,19 +154,9 @@ public class ImportDescriptorParser
function.Name = $"Function_at_{thunkData:X8}";
}
}
catch (Exception)
{
function.Name = $"Function_at_{thunkData:X8}";
}
}
descriptor.Functions.Add(function);
functionCount++;
}
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing imported functions for {descriptor.DllName}: {ex.Message}");
}
}
}

35
X86Disassembler/PE/Parsers/OptionalHeaderParser.cs
View File

@ -1,3 +1,5 @@
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
/// <summary>
@ -16,14 +18,13 @@ public class OptionalHeaderParser : IParser<OptionalHeader>
/// <returns>The parsed Optional header</returns>
public OptionalHeader Parse(BinaryReader reader)
{
OptionalHeader header = new OptionalHeader();
bool is64Bit;
var header = new OptionalHeader();
// Standard fields
header.Magic = reader.ReadUInt16();
// Determine if this is a PE32 or PE32+ file
is64Bit = header.Magic == PE32PLUS_MAGIC;
var is64Bit = header.Magic == PE32PLUS_MAGIC;
header.MajorLinkerVersion = reader.ReadByte();
header.MinorLinkerVersion = reader.ReadByte();
@ -40,14 +41,9 @@ public class OptionalHeaderParser : IParser<OptionalHeader>
}
// Windows-specific fields
if (is64Bit)
{
header.ImageBase = reader.ReadUInt64();
}
else
{
header.ImageBase = reader.ReadUInt32();
}
header.ImageBase = is64Bit
? reader.ReadUInt64()
: reader.ReadUInt32();
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
@ -84,12 +80,11 @@ public class OptionalHeaderParser : IParser<OptionalHeader>
header.NumberOfRvaAndSizes = reader.ReadUInt32();
// Data directories
int numDirectories = (int)Math.Min(header.NumberOfRvaAndSizes, 16); // Maximum of 16 directories
header.DataDirectories = new DataDirectory[numDirectories];
header.DataDirectories = new DataDirectory[header.NumberOfRvaAndSizes];
for (int i = 0; i < numDirectories; i++)
for (int i = 0; i < header.NumberOfRvaAndSizes; i++)
{
DataDirectory dir = new DataDirectory();
var dir = new DataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
header.DataDirectories[i] = dir;
@ -97,14 +92,4 @@ public class OptionalHeaderParser : IParser<OptionalHeader>
return header;
}
/// <summary>
/// Determines if the PE file is 64-bit based on the Optional header
/// </summary>
/// <param name="header">The Optional header</param>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit(OptionalHeader header)
{
return header.Magic == PE32PLUS_MAGIC;
}
}

8
X86Disassembler/PE/Parsers/SectionHeaderParser.cs
View File

@ -1,4 +1,5 @@
using System.Text;
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE.Parsers;
@ -14,12 +15,13 @@ public class SectionHeaderParser : IParser<SectionHeader>
/// <returns>The parsed section header</returns>
public SectionHeader Parse(BinaryReader reader)
{
SectionHeader header = new SectionHeader();
var header = new SectionHeader();
// Read section name (8 bytes)
byte[] nameBytes = reader.ReadBytes(8);
var nameBytes = reader.ReadBytes(8);
// Convert to string, removing any null characters
header.Name = Encoding.ASCII.GetString(nameBytes).TrimEnd('\0');
header.Name = Encoding.ASCII.GetString(nameBytes)
.TrimEnd('\0');
header.VirtualSize = reader.ReadUInt32();
header.VirtualAddress = reader.ReadUInt32();

101
X86Disassembler/PE/PeFile.cs
View File

@ -1,4 +1,5 @@
using X86Disassembler.PE.Parsers;
using X86Disassembler.PE.Types;
namespace X86Disassembler.PE;
@ -69,9 +70,9 @@ public class PeFile
public PeFile(byte[] fileData)
{
_fileData = fileData;
SectionHeaders = new List<SectionHeader>();
ExportedFunctions = new List<ExportedFunction>();
ImportDescriptors = new List<ImportDescriptor>();
SectionHeaders = [];
ExportedFunctions = [];
ImportDescriptors = [];
// Initialize parsers
_dosHeaderParser = new DOSHeaderParser();
@ -94,14 +95,11 @@ public class PeFile
/// <summary>
/// Parses the PE file structure
/// </summary>
/// <returns>True if parsing was successful, false otherwise</returns>
public bool Parse()
{
try
{
using (MemoryStream stream = new MemoryStream(_fileData))
using (BinaryReader reader = new BinaryReader(stream))
public void Parse()
{
using var stream = new MemoryStream(_fileData);
using var reader = new BinaryReader(stream);
// Parse DOS header
DosHeader = _dosHeaderParser.Parse(reader);
@ -157,87 +155,4 @@ public class PeFile
ImportDescriptors = _importDescriptorParser.Parse(reader, importDirRva);
}
}
return true;
}
catch (Exception ex)
{
Console.WriteLine($"Error parsing PE file: {ex.Message}");
return false;
}
}
/// <summary>
/// Gets the raw data for a specific section
/// </summary>
/// <param name="sectionIndex">Index of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(int sectionIndex)
{
if (sectionIndex < 0 || sectionIndex >= SectionHeaders.Count)
{
throw new ArgumentOutOfRangeException(nameof(sectionIndex));
}
SectionHeader section = SectionHeaders[sectionIndex];
byte[] sectionData = new byte[section.SizeOfRawData];
Array.Copy(
_fileData,
section.PointerToRawData,
sectionData,
0,
section.SizeOfRawData
);
return sectionData;
}
/// <summary>
/// Gets the raw data for a section by name
/// </summary>
/// <param name="sectionName">Name of the section</param>
/// <returns>Byte array containing the section data</returns>
public byte[] GetSectionData(string sectionName)
{
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i].Name == sectionName)
{
return GetSectionData(i);
}
}
throw new ArgumentException($"Section '{sectionName}' not found");
}
/// <summary>
/// Gets all code sections
/// </summary>
/// <returns>List of section indices that contain code</returns>
public List<int> GetCodeSections()
{
List<int> codeSections = new List<int>();
for (int i = 0; i < SectionHeaders.Count; i++)
{
if (SectionHeaders[i]
.ContainsCode())
{
codeSections.Add(i);
}
}
return codeSections;
}
/// <summary>
/// Checks if a section contains code
/// </summary>
/// <param name="section">The section to check</param>
/// <returns>True if the section contains code, false otherwise</returns>
public bool IsSectionContainsCode(SectionHeader section)
{
return section.ContainsCode();
}
}

70
X86Disassembler/PE/SectionHeader.cs
View File

@ -1,70 +0,0 @@
namespace X86Disassembler.PE;
/// <summary>
/// Represents a section header in a PE file
/// </summary>
public class SectionHeader
{
// Section characteristics flags
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable
public string Name; // Section name
public uint VirtualSize; // Virtual size
public uint VirtualAddress; // Virtual address
public uint SizeOfRawData; // Size of raw data
public uint PointerToRawData; // Pointer to raw data
public uint PointerToRelocations; // Pointer to relocations
public uint PointerToLinenumbers; // Pointer to line numbers
public ushort NumberOfRelocations; // Number of relocations
public ushort NumberOfLinenumbers; // Number of line numbers
public uint Characteristics; // Characteristics
/// <summary>
/// Initializes a new instance of the SectionHeader class
/// </summary>
public SectionHeader()
{
// Initialize string field to avoid nullability warning
Name = string.Empty;
}
/// <summary>
/// Checks if the section contains code
/// </summary>
/// <returns>True if the section contains code, false otherwise</returns>
public bool ContainsCode()
{
return (Characteristics & IMAGE_SCN_CNT_CODE) != 0 ||
(Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
/// <summary>
/// Checks if the section is readable
/// </summary>
/// <returns>True if the section is readable, false otherwise</returns>
public bool IsReadable()
{
return (Characteristics & IMAGE_SCN_MEM_READ) != 0;
}
/// <summary>
/// Checks if the section is writable
/// </summary>
/// <returns>True if the section is writable, false otherwise</returns>
public bool IsWritable()
{
return (Characteristics & IMAGE_SCN_MEM_WRITE) != 0;
}
/// <summary>
/// Checks if the section is executable
/// </summary>
/// <returns>True if the section is executable, false otherwise</returns>
public bool IsExecutable()
{
return (Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
}

27
X86Disassembler/PE/Types/DOSHeader.cs Normal file
View File

@ -0,0 +1,27 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents the DOS header of a PE file
/// </summary>
public class DOSHeader
{
public ushort e_magic; // Magic number (MZ)
public ushort e_cblp; // Bytes on last page of file
public ushort e_cp; // Pages in file
public ushort e_crlc; // Relocations
public ushort e_cparhdr; // Size of header in paragraphs
public ushort e_minalloc; // Minimum extra paragraphs needed
public ushort e_maxalloc; // Maximum extra paragraphs needed
public ushort e_ss; // Initial (relative) SS value
public ushort e_sp; // Initial SP value
public ushort e_csum; // Checksum
public ushort e_ip; // Initial IP value
public ushort e_cs; // Initial (relative) CS value
public ushort e_lfarlc; // File address of relocation table
public ushort e_ovno; // Overlay number
public ushort[] e_res = new ushort[4]; // Reserved words
public ushort e_oemid; // OEM identifier (for e_oeminfo)
public ushort e_oeminfo; // OEM information; e_oemid specific
public ushort[] e_res2 = new ushort[10]; // Reserved words
public uint e_lfanew; // File address of new exe header
}

10
X86Disassembler/PE/Types/DataDirectory.cs Normal file
View File

@ -0,0 +1,10 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents a data directory in the optional header
/// </summary>
public class DataDirectory
{
public uint VirtualAddress; // RVA of the table
public uint Size; // Size of the table
}

20
X86Disassembler/PE/Types/ExportDirectory.cs Normal file
View File

@ -0,0 +1,20 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents the Export Directory of a PE file
/// </summary>
public class ExportDirectory
{
public uint Characteristics; // Reserved, must be 0
public uint TimeDateStamp; // Time and date stamp
public ushort MajorVersion; // Major version
public ushort MinorVersion; // Minor version
public uint DllNameRva; // RVA of the name of the DLL
public string DllName = ""; // The actual name of the DLL
public uint Base; // Ordinal base
public uint NumberOfFunctions; // Number of functions
public uint NumberOfNames; // Number of names
public uint AddressOfFunctions; // RVA of the export address table
public uint AddressOfNames; // RVA of the export names table
public uint AddressOfNameOrdinals; // RVA of the ordinal table
}

13
X86Disassembler/PE/Types/ExportedFunction.cs Normal file
View File

@ -0,0 +1,13 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents an exported function in a PE file
/// </summary>
public class ExportedFunction
{
public string Name = ""; // Function name
public ushort Ordinal; // Function ordinal
public uint AddressRva; // Function RVA
public bool IsForwarder; // True if this is a forwarder
public string ForwarderName = ""; // Name of the forwarded function
}

15
X86Disassembler/PE/Types/FileHeader.cs Normal file
View File

@ -0,0 +1,15 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents the File header of a PE file
/// </summary>
public class FileHeader
{
public ushort Machine; // Target machine type
public ushort NumberOfSections; // Number of sections
public uint TimeDateStamp; // Time and date stamp
public uint PointerToSymbolTable; // File pointer to COFF symbol table
public uint NumberOfSymbols; // Number of symbols
public ushort SizeOfOptionalHeader; // Size of optional header
public ushort Characteristics; // Characteristics
}

16
X86Disassembler/PE/Types/ImportDescriptor.cs Normal file
View File

@ -0,0 +1,16 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents an Import Descriptor in a PE file
/// </summary>
public class ImportDescriptor
{
public uint OriginalFirstThunkRva; // RVA to original first thunk
public uint TimeDateStamp; // Time and date stamp
public uint ForwarderChain; // Forwarder chain
public uint DllNameRva; // RVA to the name of the DLL
public string DllName = ""; // The actual name of the DLL
public uint FirstThunkRva; // RVA to first thunk
public List<ImportedFunction> Functions = [];
}

13
X86Disassembler/PE/Types/ImportedFunction.cs Normal file
View File

@ -0,0 +1,13 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents an imported function in a PE file
/// </summary>
public class ImportedFunction
{
public string Name = ""; // Function name
public ushort Hint; // Hint value
public bool IsOrdinal; // True if imported by ordinal
public ushort Ordinal; // Ordinal value (if imported by ordinal)
public uint ThunkRva; // RVA of the thunk for this function
}

56
X86Disassembler/PE/Types/OptionalHeader.cs Normal file
View File

@ -0,0 +1,56 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents the Optional header of a PE file
/// </summary>
public class OptionalHeader
{
// Optional Header Magic values
private const ushort PE32_MAGIC = 0x10B; // 32-bit executable
private const ushort PE32PLUS_MAGIC = 0x20B; // 64-bit executable
// Standard fields
public ushort Magic; // Magic number (PE32 or PE32+)
public byte MajorLinkerVersion; // Major linker version
public byte MinorLinkerVersion; // Minor linker version
public uint SizeOfCode; // Size of code section
public uint SizeOfInitializedData; // Size of initialized data section
public uint SizeOfUninitializedData; // Size of uninitialized data section
public uint AddressOfEntryPoint; // Address of entry point
public uint BaseOfCode; // Base of code section
public uint BaseOfData; // Base of data section (PE32 only)
// Windows-specific fields
public ulong ImageBase; // Image base address (uint for PE32, ulong for PE32+)
public uint SectionAlignment; // Section alignment
public uint FileAlignment; // File alignment
public ushort MajorOperatingSystemVersion; // Major OS version
public ushort MinorOperatingSystemVersion; // Minor OS version
public ushort MajorImageVersion; // Major image version
public ushort MinorImageVersion; // Minor image version
public ushort MajorSubsystemVersion; // Major subsystem version
public ushort MinorSubsystemVersion; // Minor subsystem version
public uint Win32VersionValue; // Win32 version value
public uint SizeOfImage; // Size of image
public uint SizeOfHeaders; // Size of headers
public uint CheckSum; // Checksum
public ushort Subsystem; // Subsystem
public ushort DllCharacteristics; // DLL characteristics
public ulong SizeOfStackReserve; // Size of stack reserve (uint for PE32, ulong for PE32+)
public ulong SizeOfStackCommit; // Size of stack commit (uint for PE32, ulong for PE32+)
public ulong SizeOfHeapReserve; // Size of heap reserve (uint for PE32, ulong for PE32+)
public ulong SizeOfHeapCommit; // Size of heap commit (uint for PE32, ulong for PE32+)
public uint LoaderFlags; // Loader flags
public uint NumberOfRvaAndSizes; // Number of RVA and sizes
public DataDirectory[] DataDirectories = []; // Data directories
/// <summary>
/// Determines if the PE file is 64-bit based on the Magic value
/// </summary>
/// <returns>True if the PE file is 64-bit, false otherwise</returns>
public bool Is64Bit()
{
return Magic == PE32PLUS_MAGIC;
}
}

45
X86Disassembler/PE/Types/SectionHeader.cs Normal file
View File

@ -0,0 +1,45 @@
namespace X86Disassembler.PE.Types;
/// <summary>
/// Represents a section header in a PE file
/// </summary>
public class SectionHeader
{
// Section characteristics flags
private const uint IMAGE_SCN_CNT_CODE = 0x00000020; // Section contains code
private const uint IMAGE_SCN_MEM_EXECUTE = 0x20000000; // Section is executable
private const uint IMAGE_SCN_MEM_READ = 0x40000000; // Section is readable
private const uint IMAGE_SCN_MEM_WRITE = 0x80000000; // Section is writable
public string Name = ""; // Section name
public uint VirtualSize; // Virtual size
public uint VirtualAddress; // Virtual address
public uint SizeOfRawData; // Size of raw data
public uint PointerToRawData; // Pointer to raw data
public uint PointerToRelocations; // Pointer to relocations
public uint PointerToLinenumbers; // Pointer to line numbers
public ushort NumberOfRelocations; // Number of relocations
public ushort NumberOfLinenumbers; // Number of line numbers
public uint Characteristics; // Characteristics
public bool ContainsCode()
{
return (Characteristics & IMAGE_SCN_CNT_CODE) != 0 ||
(Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
public bool IsReadable()
{
return (Characteristics & IMAGE_SCN_MEM_READ) != 0;
}
public bool IsWritable()
{
return (Characteristics & IMAGE_SCN_MEM_WRITE) != 0;
}
public bool IsExecutable()
{
return (Characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
}
}

133
X86Disassembler/Program.cs
View File

@ -1,55 +1,19 @@
using X86Disassembler.Analysers;
using X86Disassembler.PE;
using X86Disassembler.ProjectSystem;
using X86Disassembler.X86;
namespace X86Disassembler;
/// <summary>
/// Main program class
/// </summary>
public class Program
{
// Hardcoded file path for testing
private const string FilePath = @"C:\Program Files (x86)\Nikita\Iron Strategy\Terrain.dll";
/// <summary>
/// Main entry point
/// </summary>
/// <param name="args">Command line arguments</param>
public static void Main(string[] args)
{
Console.WriteLine("X86 Disassembler and Decompiler");
Console.WriteLine("--------------------------------");
// Load the file
Console.WriteLine($"Loading file: {FilePath}");
byte[] fileBytes = File.ReadAllBytes(FilePath);
Console.WriteLine($"Successfully loaded {FilePath}");
Console.WriteLine($"File size: {fileBytes.Length} bytes\n");
// Parse the PE format
Console.WriteLine("Parsing PE format...\n");
PeFile peFile = new PeFile(fileBytes);
peFile.Parse();
// Print PE file information
Console.WriteLine("PE File Information:");
Console.WriteLine($"Architecture: {(peFile.OptionalHeader.Is64Bit() ? "64-bit" : "32-bit")}");
Console.WriteLine($"Entry Point: 0x{peFile.OptionalHeader.AddressOfEntryPoint:X8}");
Console.WriteLine($"Image Base: 0x{peFile.OptionalHeader.ImageBase:X8}");
Console.WriteLine($"Number of Sections: {peFile.FileHeader.NumberOfSections}");
Console.WriteLine();
// Print section information
PrintPeSections(peFile);
// Print export information
PrintPeExports(peFile);
// Print import information
PrintPeImports(peFile);
var projectPeFile = new ProjectPeFile()
{
ImageBase = new VirtualAddress(0, peFile.OptionalHeader.ImageBase),
@ -59,102 +23,5 @@ public class Program
Name = Path.GetFileName(FilePath),
EntryPointAddress = new FileAbsoluteAddress(peFile.OptionalHeader.AddressOfEntryPoint, peFile.OptionalHeader.ImageBase)
};
// Find code sections
var codeSections = peFile.SectionHeaders.FindAll(s => s.ContainsCode());
Console.WriteLine($"Found {codeSections.Count} code section(s):");
foreach (var section in codeSections)
{
Console.WriteLine($" - {section.Name}: Size={section.VirtualSize} bytes, RVA=0x{section.VirtualAddress:X8}");
}
Console.WriteLine();
var projectPeFileSections = peFile.SectionHeaders.Select(
x => new ProjectPeFileSection()
{
Name = x.Name,
Flags = (x.ContainsCode() ? SectionFlags.Code : SectionFlags.None) |
(x.IsReadable() ? SectionFlags.Read : SectionFlags.None) |
(x.IsWritable() ? SectionFlags.Write : SectionFlags.None) |
(x.IsExecutable() ? SectionFlags.Exec : SectionFlags.None) ,
VirtualAddress = new VirtualAddress(x.VirtualAddress, peFile.OptionalHeader.ImageBase),
Size = x.VirtualSize
}
).ToList();
// Disassemble the first code section
if (codeSections.Count > 0)
{
var section = codeSections[0];
byte[] codeBytes = peFile.GetSectionData(peFile.SectionHeaders.IndexOf(section));
var disassembler = new BlockDisassembler(codeBytes, section.VirtualAddress);
var asmFunction = disassembler.DisassembleFromAddress(peFile.OptionalHeader.AddressOfEntryPoint);
Console.WriteLine(asmFunction);
}
// Console.WriteLine("\nPress Enter to exit...");
// Console.ReadLine();
}
private static void PrintPeImports(PeFile peFile)
{
Console.WriteLine("Imported Functions:");
Console.WriteLine($"Number of Imported DLLs: {peFile.ImportDescriptors.Count}");
foreach (var import in peFile.ImportDescriptors)
{
Console.WriteLine($" DLL: {import.DllName}");
for (int i = 0; i < import.Functions.Count; i++)
{
var function = import.Functions[i];
if (function.IsOrdinal)
{
Console.WriteLine($" {i}: Ordinal {function.Ordinal}");
}
else
{
Console.WriteLine($" {i}: {function.Name} (Hint={function.Hint})");
}
}
}
Console.WriteLine();
}
private static void PrintPeExports(PeFile peFile)
{
Console.WriteLine("Exported Functions:");
Console.WriteLine($"DLL Name: {peFile.ExportDirectory.DllName}");
Console.WriteLine($"Number of Functions: {peFile.ExportDirectory.NumberOfFunctions}");
Console.WriteLine($"Number of Names: {peFile.ExportDirectory.NumberOfNames}");
for (int i = 0; i < peFile.ExportedFunctions.Count; i++)
{
var export = peFile.ExportedFunctions[i];
Console.WriteLine($" {i}: {export.Name} (Ordinal={export.Ordinal}, RVA=0x{export.AddressRva:X8})");
}
Console.WriteLine();
}
private static void PrintPeSections(PeFile peFile)
{
Console.WriteLine("Sections:");
foreach (var section in peFile.SectionHeaders)
{
string flags = "";
if (section.ContainsCode()) flags += "Code ";
if (section.IsExecutable()) flags += "Exec ";
if (section.IsReadable()) flags += "Read ";
if (section.IsWritable()) flags += "Write";
Console.WriteLine($" {peFile.SectionHeaders.IndexOf(section)}: {section.Name,-8} VA=0x{section.VirtualAddress:X8} Size={section.VirtualSize,-8} [{flags}]");
}
Console.WriteLine();
}
}

21
X86Disassembler/ProjectSystem/ProjectPeFile.cs
View File

@ -12,24 +12,3 @@ public class ProjectPeFile
public Address ImageBase { get; set; }
}
public class ProjectPeFileSection
{
public string Name { get; set; }
public Address VirtualAddress { get; set; }
public ulong Size { get; set; }
public SectionFlags Flags { get; set; }
}
[Flags]
public enum SectionFlags
{
None = 0,
Code = 1,
Exec = 2,
Read = 4,
Write = 8
}

14
X86Disassembler/ProjectSystem/ProjectPeFileSection.cs Normal file
View File

@ -0,0 +1,14 @@
using X86Disassembler.Analysers;
namespace X86Disassembler.ProjectSystem;
public class ProjectPeFileSection
{
public string Name { get; set; }
public Address VirtualAddress { get; set; }
public ulong Size { get; set; }
public SectionFlags Flags { get; set; }
}

11
X86Disassembler/ProjectSystem/SectionFlags.cs Normal file
View File

@ -0,0 +1,11 @@
namespace X86Disassembler.ProjectSystem;
[Flags]
public enum SectionFlags
{
None = 0,
Code = 1,
Exec = 2,
Read = 4,
Write = 8
}