-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Lots of work on Imports, still work in progress but making it as gene…
…ric as possible so code isn't duplicated.
- Loading branch information
Lloyd Kinsella
committed
Jul 31, 2018
1 parent
1fe51e4
commit 326bae1
Showing
23 changed files
with
972 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
src/Workshell.PE/Content/Imports/DelayedImportAddressTable.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class DelayedImportAddressTable : ImportAddressTableBase<DelayedImportAddressTableEntry, DelayedImportDirectoryEntry> | ||
| { | ||
| internal DelayedImportAddressTable(PortableExecutableImage image, DelayedImportDirectoryEntry directoryEntry, uint tableRVA, ulong[] tableEntries) : base(image, directoryEntry, tableRVA, tableEntries, false) | ||
| { | ||
| } | ||
| } | ||
| } |
15 changes: 15 additions & 0 deletions
15
src/Workshell.PE/Content/Imports/DelayedImportAddressTableEntry.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
| using Workshell.PE.Extensions; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class DelayedImportAddressTableEntry : ImportAddressTableEntryBase | ||
| { | ||
| internal DelayedImportAddressTableEntry(PortableExecutableImage image, ulong offset, ulong value, uint address, ushort ordinal, bool isOrdinal) : base(image, offset, value, address, ordinal, isOrdinal, true) | ||
| { | ||
| } | ||
| } | ||
| } |
46 changes: 46 additions & 0 deletions
46
src/Workshell.PE/Content/Imports/DelayedImportAddressTables.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class DelayedImportAddressTables : ImportAddressTablesBase<DelayedImportAddressTable, DelayedImportAddressTableEntry, DelayedImportDirectoryEntry> | ||
| { | ||
| internal DelayedImportAddressTables(PortableExecutableImage image, DataDirectory directory, Location location, Tuple<uint, DelayedImportDirectoryEntry, ulong[]>[] tables) : base(image, directory, location, tables) | ||
| { | ||
| } | ||
|
|
||
| #region Static Methods | ||
|
|
||
| public static async Task<DelayedImportAddressTables> GetLookupTableAsync(PortableExecutableImage image, DelayedImportDirectory directory = null) | ||
| { | ||
| if (directory == null) | ||
| directory = await DelayedImportDirectory.LoadAsync(image).ConfigureAwait(false); | ||
|
|
||
| var tables = await LoadAsync<DelayedImportAddressTable, DelayedImportAddressTableEntry, DelayedImportDirectoryEntry, DelayedImportAddressTables>( | ||
| image, | ||
| directory, | ||
| entry => entry.DelayNameTable | ||
| ).ConfigureAwait(false); | ||
|
|
||
| return tables; | ||
| } | ||
|
|
||
| public static async Task<DelayedImportAddressTables> GetAddressTableAsync(PortableExecutableImage image, DelayedImportDirectory directory = null) | ||
| { | ||
| if (directory == null) | ||
| directory = await DelayedImportDirectory.LoadAsync(image).ConfigureAwait(false); | ||
|
|
||
| var tables = await LoadAsync<DelayedImportAddressTable, DelayedImportAddressTableEntry, DelayedImportDirectoryEntry, DelayedImportAddressTables>( | ||
| image, | ||
| directory, | ||
| entry => entry.DelayAddressTable | ||
| ).ConfigureAwait(false); | ||
|
|
||
| return tables; | ||
| } | ||
|
|
||
| #endregion | ||
| } | ||
| } |
94 changes: 94 additions & 0 deletions
94
src/Workshell.PE/Content/Imports/DelayedImportDirectory.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.IO; | ||
| using System.Runtime.InteropServices; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
|
|
||
| using Workshell.PE.Extensions; | ||
| using Workshell.PE.Native; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class DelayedImportDirectory : ImportDirectoryBase<DelayedImportDirectoryEntry> | ||
| { | ||
| internal DelayedImportDirectory(PortableExecutableImage image, DataDirectory directory, Location location, DelayedImportDirectoryEntry[] entries) : base(image, directory, location, entries) | ||
| { | ||
| } | ||
|
|
||
| #region Static Methods | ||
|
|
||
| internal static async Task<DelayedImportDirectory> LoadAsync(PortableExecutableImage image) | ||
| { | ||
| if (!image.NTHeaders.DataDirectories.Exists(DataDirectoryType.DelayImportDescriptor)) | ||
| return null; | ||
|
|
||
| var dataDirectory = image.NTHeaders.DataDirectories[DataDirectoryType.DelayImportDescriptor]; | ||
|
|
||
| if (DataDirectory.IsNullOrEmpty(dataDirectory)) | ||
| return null; | ||
|
|
||
| var calc = image.GetCalculator(); | ||
| var section = calc.RVAToSection(dataDirectory.VirtualAddress); | ||
| var fileOffset = calc.RVAToOffset(section, dataDirectory.VirtualAddress); | ||
| var stream = image.GetStream(); | ||
|
|
||
| stream.Seek(fileOffset.ToInt64(), SeekOrigin.Begin); | ||
|
|
||
| var size = Marshal.SizeOf<IMAGE_DELAY_IMPORT_DESCRIPTOR>(); | ||
| var descriptors = new List<Tuple<ulong, IMAGE_DELAY_IMPORT_DESCRIPTOR>>(); | ||
|
|
||
| try | ||
| { | ||
| ulong offset = 0; | ||
|
|
||
| while (true) | ||
| { | ||
| var descriptor = await stream.ReadStructAsync<IMAGE_DELAY_IMPORT_DESCRIPTOR>(size).ConfigureAwait(false); | ||
|
|
||
| if (descriptor.Name == 0 && descriptor.ModuleHandle == 0) | ||
| break; | ||
|
|
||
| var tuple = new Tuple<ulong, IMAGE_DELAY_IMPORT_DESCRIPTOR>(offset, descriptor); | ||
|
|
||
| offset += size.ToUInt32(); | ||
|
|
||
| descriptors.Add(tuple); | ||
| } | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| throw new PortableExecutableImageException(image, "Could not read delay import descriptor from stream.", ex); | ||
| } | ||
|
|
||
| var imageBase = image.NTHeaders.OptionalHeader.ImageBase; | ||
| var totalSize = (descriptors.Count + 1) * size; | ||
| var location = new Location(fileOffset, dataDirectory.VirtualAddress, imageBase + dataDirectory.VirtualAddress, totalSize.ToUInt32(), totalSize.ToUInt32(), section); | ||
| var entries = new DelayedImportDirectoryEntry[descriptors.Count]; | ||
|
|
||
| for (var i = 0; i < descriptors.Count; i++) | ||
| { | ||
| try | ||
| { | ||
| var entryOffset = fileOffset + descriptors[i].Item1; | ||
| var entryRVA = calc.OffsetToRVA(entryOffset); | ||
| var entryVA = imageBase + entryRVA; | ||
| var entryLocation = new Location(calc, entryOffset, entryRVA, entryVA, size.ToUInt32(), size.ToUInt32()); | ||
| var name = await GetNameAsync(calc, stream, descriptors[i].Item2.Name).ConfigureAwait(false); | ||
|
|
||
| entries[i] = new DelayedImportDirectoryEntry(image, entryLocation, descriptors[i].Item2, name); | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| throw new PortableExecutableImageException(image, "Could not read delay import library name from stream.", ex); | ||
| } | ||
| } | ||
|
|
||
| var result = new DelayedImportDirectory(image, dataDirectory, location, entries); | ||
|
|
||
| return result; | ||
| } | ||
|
|
||
| #endregion | ||
| } | ||
| } |
69 changes: 69 additions & 0 deletions
69
src/Workshell.PE/Content/Imports/DelayedImportDirectoryEntry.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using Workshell.PE.Annotations; | ||
| using Workshell.PE.Native; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class DelayedImportDirectoryEntry : ImportDirectoryEntryBase | ||
| { | ||
| private readonly string _name; | ||
|
|
||
| internal DelayedImportDirectoryEntry(PortableExecutableImage image, Location location, IMAGE_DELAY_IMPORT_DESCRIPTOR descriptor, string name) : base(image, location, true) | ||
| { | ||
| _name = name; | ||
|
|
||
| Attributes = descriptor.Attributes; | ||
| Name = descriptor.Name; | ||
| ModuleHandle = descriptor.ModuleHandle; | ||
| DelayAddressTable = descriptor.DelayAddressTable; | ||
| DelayNameTable = descriptor.DelayNameTable; | ||
| BoundDelayIAT = descriptor.BoundDelayIAT; | ||
| UnloadDelayIAT = descriptor.UnloadDelayIAT; | ||
| TimeDateStamp = descriptor.TimeDateStamp; | ||
| } | ||
|
|
||
| #region Methods | ||
|
|
||
| public DateTime GetTimeDateStamp() | ||
| { | ||
| return Utils.ConvertTimeDateStamp(TimeDateStamp); | ||
| } | ||
|
|
||
| public string GetName() | ||
| { | ||
| return _name; | ||
| } | ||
|
|
||
| #endregion | ||
|
|
||
| #region Properties | ||
|
|
||
| [FieldAnnotation("Attributes")] | ||
| public uint Attributes { get; } | ||
|
|
||
| [FieldAnnotation("Name")] | ||
| public uint Name { get; } | ||
|
|
||
| [FieldAnnotation("Module Handle")] | ||
| public uint ModuleHandle { get; } | ||
|
|
||
| [FieldAnnotation("Delay Import Address Table")] | ||
| public uint DelayAddressTable { get; } | ||
|
|
||
| [FieldAnnotation("Delay Import Hint/Name Table")] | ||
| public uint DelayNameTable { get; } | ||
|
|
||
| [FieldAnnotation("Bound Delay Import Address Table")] | ||
| public uint BoundDelayIAT { get; } | ||
|
|
||
| [FieldAnnotation("Unload Delay Import Address Table")] | ||
| public uint UnloadDelayIAT { get; } | ||
|
|
||
| [FieldAnnotation("Date/Time Stamp")] | ||
| public uint TimeDateStamp { get; } | ||
|
|
||
| #endregion | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| using System; | ||
| using System.Collections.Generic; | ||
| using System.Text; | ||
| using System.Threading.Tasks; | ||
|
|
||
| namespace Workshell.PE.Content | ||
| { | ||
| public sealed class ImportAddressTable : ImportAddressTableBase<ImportAddressTableEntry, ImportDirectoryEntry> | ||
| { | ||
| internal ImportAddressTable(PortableExecutableImage image, ImportDirectoryEntry directoryEntry, uint tableRVA, ulong[] tableEntries) : base(image, directoryEntry, tableRVA, tableEntries, false) | ||
| { | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.