Match PE field names with official documentation
This commit is contained in:
Katy Coe
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
Copyright 2017 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
|
Copyright 2017-2019 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
|
||||||
|
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
*/
|
*/
|
||||||
@@ -8,7 +8,10 @@ using NoisyCowStudios.Bin2Object;
|
|||||||
|
|
||||||
namespace Il2CppInspector
|
namespace Il2CppInspector
|
||||||
{
|
{
|
||||||
|
// Source: https://github.com/dotnet/llilc/blob/master/include/clr/ntimage.h
|
||||||
#pragma warning disable CS0649
|
#pragma warning disable CS0649
|
||||||
|
|
||||||
|
// _IMAGE_FILE_HEADER
|
||||||
internal class COFFHeader
|
internal class COFFHeader
|
||||||
{
|
{
|
||||||
public ushort Machine;
|
public ushort Machine;
|
||||||
@@ -20,9 +23,10 @@ namespace Il2CppInspector
|
|||||||
public ushort Characteristics;
|
public ushort Characteristics;
|
||||||
}
|
}
|
||||||
|
|
||||||
internal class PEOptHeader
|
// _IMAGE_OPTIONAL_HEADER
|
||||||
|
internal class PEOptHeader32
|
||||||
{
|
{
|
||||||
public ushort signature;
|
public ushort Magic;
|
||||||
public byte MajorLinkerVersion;
|
public byte MajorLinkerVersion;
|
||||||
public byte MinorLinkerVersion;
|
public byte MinorLinkerVersion;
|
||||||
public uint SizeOfCode;
|
public uint SizeOfCode;
|
||||||
@@ -56,23 +60,62 @@ namespace Il2CppInspector
|
|||||||
public RvaEntry[] DataDirectory;
|
public RvaEntry[] DataDirectory;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// _IMAGE_OPTIONAL_HEADER64
|
||||||
|
internal class PEOptHeader64
|
||||||
|
{
|
||||||
|
public ushort Magic;
|
||||||
|
public byte MajorLinkerVersion;
|
||||||
|
public byte MinorLinkerVersion;
|
||||||
|
public uint SizeOfCode;
|
||||||
|
public uint SizeOfInitializedData;
|
||||||
|
public uint SizeOfUninitializedData;
|
||||||
|
public uint AddressOfEntryPoint;
|
||||||
|
public uint BaseOfCode;
|
||||||
|
public ulong ImageBase;
|
||||||
|
public uint SectionAlignment;
|
||||||
|
public uint FileAlignment;
|
||||||
|
public ushort MajorOSVersion;
|
||||||
|
public ushort MinorOSVersion;
|
||||||
|
public ushort MajorImageVersion;
|
||||||
|
public ushort MinorImageVersion;
|
||||||
|
public ushort MajorSubsystemVersion;
|
||||||
|
public ushort MinorSubsystemVersion;
|
||||||
|
public uint Win32VersionValue;
|
||||||
|
public uint SizeOfImage;
|
||||||
|
public uint SizeOfHeaders;
|
||||||
|
public uint Checksum;
|
||||||
|
public ushort Subsystem;
|
||||||
|
public ushort DLLCharacteristics;
|
||||||
|
public ulong SizeOfStackReserve;
|
||||||
|
public ulong SizeOfStackCommit;
|
||||||
|
public ulong SizeOfHeapReserve;
|
||||||
|
public ulong SizeOfHeapCommit;
|
||||||
|
public uint LoaderFlags;
|
||||||
|
public uint NumberOfRvaAndSizes;
|
||||||
|
[ArrayLength(FieldName = "NumberOfRvaAndSizes")]
|
||||||
|
public RvaEntry[] DataDirectory;
|
||||||
|
}
|
||||||
|
|
||||||
internal class RvaEntry
|
internal class RvaEntry
|
||||||
{
|
{
|
||||||
public uint VirtualAddress;
|
public uint VirtualAddress;
|
||||||
public uint Size;
|
public uint Size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// _IMAGE_SECTION_HEADER
|
||||||
internal class PESection
|
internal class PESection
|
||||||
{
|
{
|
||||||
[String(FixedSize=8)]
|
[String(FixedSize=8)]
|
||||||
public string Name;
|
public string Name;
|
||||||
public uint SizeMemory;
|
public uint VirtualSize; // Size in memory
|
||||||
public uint BaseMemory; // RVA
|
public uint VirtualAddress; // Base address in memory (RVA)
|
||||||
public uint SizeImage; // Size in file
|
public uint SizeOfRawData; // Size in file
|
||||||
public uint BaseImage; // Base address in file
|
public uint PointerToRawData; // Base address in file
|
||||||
[ArrayLength(FixedSize=12)]
|
public uint PointerToRelocations;
|
||||||
public byte[] Reserved;
|
public uint PointerToLinenumbers;
|
||||||
public uint Flags;
|
public ushort NumberOfRelocations;
|
||||||
|
public ushort NumberOfLinenumbers;
|
||||||
|
public uint Characteristics;
|
||||||
}
|
}
|
||||||
#pragma warning restore CS0649
|
#pragma warning restore CS0649
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ namespace Il2CppInspector
|
|||||||
internal class PEReader : FileFormatReader<PEReader>
|
internal class PEReader : FileFormatReader<PEReader>
|
||||||
{
|
{
|
||||||
private COFFHeader coff;
|
private COFFHeader coff;
|
||||||
private PEOptHeader pe;
|
private PEOptHeader32 pe;
|
||||||
private PESection[] sections;
|
private PESection[] sections;
|
||||||
private uint pFuncTable;
|
private uint pFuncTable;
|
||||||
|
|
||||||
@@ -34,7 +34,7 @@ namespace Il2CppInspector
|
|||||||
// IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B
|
// IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20B
|
||||||
// IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10B
|
// IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10B
|
||||||
// Could also use coff.Characteristics (IMAGE_FILE_32BIT_MACHINE) or coff.Machine
|
// Could also use coff.Characteristics (IMAGE_FILE_32BIT_MACHINE) or coff.Machine
|
||||||
public override int Bits => pe.signature == 0x20B ? 64 : 32;
|
public override int Bits => pe.Magic == 0x20B ? 64 : 32;
|
||||||
|
|
||||||
protected override bool Init() {
|
protected override bool Init() {
|
||||||
// Check for MZ signature "MZ"
|
// Check for MZ signature "MZ"
|
||||||
@@ -42,8 +42,7 @@ namespace Il2CppInspector
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Get offset to PE header from DOS header
|
// Get offset to PE header from DOS header
|
||||||
Position = 0x3C;
|
Position = ReadUInt32(0x3C);
|
||||||
Position = ReadUInt32();
|
|
||||||
|
|
||||||
// Check PE signature "PE\0\0"
|
// Check PE signature "PE\0\0"
|
||||||
if (ReadUInt32() != 0x00004550)
|
if (ReadUInt32() != 0x00004550)
|
||||||
@@ -58,10 +57,10 @@ namespace Il2CppInspector
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Read PE optional header
|
// Read PE optional header
|
||||||
pe = ReadObject<PEOptHeader>();
|
pe = ReadObject<PEOptHeader32>();
|
||||||
|
|
||||||
// Ensure IMAGE_NT_OPTIONAL_HDR32_MAGIC (32-bit)
|
// Ensure IMAGE_NT_OPTIONAL_HDR32_MAGIC (32-bit)
|
||||||
if (pe.signature != 0x10B)
|
if (pe.Magic != 0x10B)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Get IAT
|
// Get IAT
|
||||||
@@ -73,11 +72,11 @@ namespace Il2CppInspector
|
|||||||
|
|
||||||
// Confirm that .rdata section begins at same place as IAT
|
// Confirm that .rdata section begins at same place as IAT
|
||||||
var rData = sections.First(x => x.Name == ".rdata");
|
var rData = sections.First(x => x.Name == ".rdata");
|
||||||
if (rData.BaseMemory != IATStart)
|
if (rData.VirtualAddress != IATStart)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Calculate start of function pointer table
|
// Calculate start of function pointer table
|
||||||
pFuncTable = rData.BaseImage + IATSize + 8;
|
pFuncTable = rData.PointerToRawData + IATSize + 8;
|
||||||
GlobalOffset = pe.ImageBase;
|
GlobalOffset = pe.ImageBase;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@@ -95,9 +94,9 @@ namespace Il2CppInspector
|
|||||||
if (uiAddr == 0)
|
if (uiAddr == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
var section = sections.First(x => uiAddr - GlobalOffset >= x.BaseMemory &&
|
var section = sections.First(x => uiAddr - GlobalOffset >= x.VirtualAddress &&
|
||||||
uiAddr - GlobalOffset < x.BaseMemory + x.SizeImage);
|
uiAddr - GlobalOffset < x.VirtualAddress + x.SizeOfRawData);
|
||||||
return (uint) (uiAddr - section.BaseMemory - GlobalOffset + section.BaseImage);
|
return (uint) (uiAddr - section.VirtualAddress - GlobalOffset + section.PointerToRawData);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user