2015-11-08 23:54:41 +01:00
|
|
|
/*************************************************************************/
|
|
|
|
/* Copyright (c) 2015 dx, http://kaimi.ru */
|
|
|
|
/* */
|
|
|
|
/* Permission is hereby granted, free of charge, to any person */
|
|
|
|
/* obtaining a copy of this software and associated documentation */
|
|
|
|
/* files (the "Software"), to deal in the Software without */
|
|
|
|
/* restriction, including without limitation the rights to use, */
|
|
|
|
/* copy, modify, merge, publish, distribute, sublicense, and/or */
|
|
|
|
/* sell copies of the Software, and to permit persons to whom the */
|
|
|
|
/* Software is furnished to do so, subject to the following conditions: */
|
|
|
|
/* The above copyright notice and this permission notice shall be */
|
|
|
|
/* included in all copies or substantial portions of the Software. */
|
|
|
|
/* */
|
|
|
|
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
|
|
|
|
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
|
|
|
|
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
|
|
|
|
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
|
|
|
|
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
|
|
|
|
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
|
|
|
|
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
|
|
|
|
/*************************************************************************/
|
2015-11-08 23:53:58 +01:00
|
|
|
#include <string.h>
|
|
|
|
#include "pe_dotnet.h"
|
|
|
|
|
|
|
|
namespace pe_bliss
|
|
|
|
{
|
|
|
|
using namespace pe_win;
|
|
|
|
|
|
|
|
//.NET
|
|
|
|
basic_dotnet_info::basic_dotnet_info()
|
|
|
|
{
|
|
|
|
memset(&header_, 0, sizeof(header_));
|
|
|
|
}
|
|
|
|
|
|
|
|
//Constructor from data
|
|
|
|
basic_dotnet_info::basic_dotnet_info(const image_cor20_header& header)
|
|
|
|
:header_(header)
|
|
|
|
{}
|
|
|
|
|
|
|
|
//Returns major runtime version
|
|
|
|
uint16_t basic_dotnet_info::get_major_runtime_version() const
|
|
|
|
{
|
|
|
|
return header_.MajorRuntimeVersion;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns minor runtime version
|
|
|
|
uint16_t basic_dotnet_info::get_minor_runtime_version() const
|
|
|
|
{
|
|
|
|
return header_.MinorRuntimeVersion;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of metadata (symbol table and startup information)
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_metadata() const
|
|
|
|
{
|
|
|
|
return header_.MetaData.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of metadata (symbol table and startup information)
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_metadata() const
|
|
|
|
{
|
|
|
|
return header_.MetaData.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns flags
|
|
|
|
uint32_t basic_dotnet_info::get_flags() const
|
|
|
|
{
|
|
|
|
return header_.Flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns true if entry point is native
|
|
|
|
bool basic_dotnet_info::is_native_entry_point() const
|
|
|
|
{
|
|
|
|
return (header_.Flags & comimage_flags_native_entrypoint) ? true : false;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns true if 32 bit required
|
|
|
|
bool basic_dotnet_info::is_32bit_required() const
|
|
|
|
{
|
|
|
|
return (header_.Flags & comimage_flags_32bitrequired) ? true : false;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns true if image is IL library
|
|
|
|
bool basic_dotnet_info::is_il_library() const
|
|
|
|
{
|
|
|
|
return (header_.Flags & comimage_flags_il_library) ? true : false;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns true if image uses IL only
|
|
|
|
bool basic_dotnet_info::is_il_only() const
|
|
|
|
{
|
|
|
|
return (header_.Flags & comimage_flags_ilonly) ? true : false;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns entry point RVA (if entry point is native)
|
|
|
|
//Returns entry point managed token (if entry point is managed)
|
|
|
|
uint32_t basic_dotnet_info::get_entry_point_rva_or_token() const
|
|
|
|
{
|
|
|
|
return header_.EntryPointToken;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of managed resources
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_resources() const
|
|
|
|
{
|
|
|
|
return header_.Resources.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of managed resources
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_resources() const
|
|
|
|
{
|
|
|
|
return header_.Resources.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of strong name signature
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_strong_name_signature() const
|
|
|
|
{
|
|
|
|
return header_.StrongNameSignature.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of strong name signature
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_strong_name_signature() const
|
|
|
|
{
|
|
|
|
return header_.StrongNameSignature.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of code manager table
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_code_manager_table() const
|
|
|
|
{
|
|
|
|
return header_.CodeManagerTable.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of code manager table
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_code_manager_table() const
|
|
|
|
{
|
|
|
|
return header_.CodeManagerTable.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of VTable fixups
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_vtable_fixups() const
|
|
|
|
{
|
|
|
|
return header_.VTableFixups.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of VTable fixups
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_vtable_fixups() const
|
|
|
|
{
|
|
|
|
return header_.VTableFixups.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of export address table jumps
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_export_address_table_jumps() const
|
|
|
|
{
|
|
|
|
return header_.ExportAddressTableJumps.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of export address table jumps
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_export_address_table_jumps() const
|
|
|
|
{
|
|
|
|
return header_.ExportAddressTableJumps.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns RVA of managed native header
|
|
|
|
//(precompiled header info, usually set to zero, for internal use)
|
|
|
|
uint32_t basic_dotnet_info::get_rva_of_managed_native_header() const
|
|
|
|
{
|
|
|
|
return header_.ManagedNativeHeader.VirtualAddress;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns size of managed native header
|
|
|
|
//(precompiled header info, usually set to zero, for internal use)
|
|
|
|
uint32_t basic_dotnet_info::get_size_of_managed_native_header() const
|
|
|
|
{
|
|
|
|
return header_.ManagedNativeHeader.Size;
|
|
|
|
}
|
|
|
|
|
|
|
|
//Returns basic .NET information
|
|
|
|
//If image is not native, throws an exception
|
|
|
|
const basic_dotnet_info get_basic_dotnet_info(const pe_base& pe)
|
|
|
|
{
|
|
|
|
//If there's no debug directory, return empty list
|
|
|
|
if(!pe.is_dotnet())
|
|
|
|
throw pe_exception("Image does not have managed code", pe_exception::image_does_not_have_managed_code);
|
|
|
|
|
|
|
|
//Return basic .NET information
|
|
|
|
return basic_dotnet_info(pe.section_data_from_rva<image_cor20_header>(pe.get_directory_rva(image_directory_entry_com_descriptor), section_data_virtual, true));
|
|
|
|
}
|
|
|
|
}
|