Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class Definitions
- {
- //Credits for some of the headers: https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- // _IMAGE_DOS_HEADER
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- #region Image Dos Header
- [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
- public struct _IMAGE_DOS_HEADER
- {
- public UInt16 e_magic; // Magic number
- public UInt16 e_cblp; // Bytes on last page of file
- public UInt16 e_cp; // Pages in file
- public UInt16 e_crlc; // Relocations
- public UInt16 e_cparhdr; // Size of header in paragraphs
- public UInt16 e_minalloc; // Minimum extra paragraphs needed
- public UInt16 e_maxalloc; // Maximum extra paragraphs needed
- public UInt16 e_ss; // Initial (relative) SS value
- public UInt16 e_sp; // Initial SP value
- public UInt16 e_csum; // Checksum
- public UInt16 e_ip; // Initial IP value
- public UInt16 e_cs; // Initial (relative) CS value
- public UInt16 e_lfarlc; // File address of relocation table
- public UInt16 e_ovno; // Overlay number
- public UInt16 e_res_0; // Reserved words
- public UInt16 e_res_1;
- public UInt16 e_res_2;
- public UInt16 e_res_3;
- public UInt16 e_oemid; // OEM identifier (for e_oeminfo)
- public UInt16 e_oeminfo; // OEM information; e_oemid specific
- public UInt16 e_res2_0; // Reserved words
- public UInt16 e_res2_1;
- public UInt16 e_res2_2;
- public UInt16 e_res2_3;
- public UInt16 e_res2_4;
- public UInt16 e_res2_5;
- public UInt16 e_res2_6;
- public UInt16 e_res2_7;
- public UInt16 e_res2_8;
- public UInt16 e_res2_9;
- public UInt32 e_lfanew; // File address of new exe header
- };
- #endregion
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- // _IMAGE_FILE_HEADER
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- #region Image File Header
- [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
- public struct _IMAGE_FILE_HEADER
- {
- public UInt16 Machine;
- public UInt16 NumberOfSections;
- public UInt32 TimeDateStamp;
- public UInt32 PointerToSymbolTable;
- public UInt32 NumberOfSymbols;
- public UInt16 SizeOfOptionalHeader;
- public UInt16 Characteristics;
- };
- #region _IMAGE_FILE_HEADER Data Options
- public static class IMAGE_FILE_HEADER
- {
- public enum Machine
- {
- //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
- IMAGE_FILE_MACHINE_I386 = (UInt16)0x014c,
- IMAGE_FILE_MACHINE_IA64 = (UInt16)0x0200,
- IMAGE_FILE_MACHINE_AMD64 = (UInt16)0x8664
- };
- public enum Characteristics
- {
- //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx
- IMAGE_FILE_RELOCS_STRIPPED = (UInt16)0x0001,
- IMAGE_FILE_EXECUTABLE_IMAGE = (UInt16)0x0002,
- IMAGE_FILE_LINE_NUMS_STRIPPED = (UInt16)0x0004,
- IMAGE_FILE_LOCAL_SYMS_STRIPPED = (UInt16)0x0008,
- IMAGE_FILE_AGGRESIVE_WS_TRIM = (UInt16)0x0010,
- IMAGE_FILE_LARGE_ADDRESS_AWARE = (UInt16)0x0020,
- IMAGE_FILE_BYTES_REVERSED_LO = (UInt16)0x0080,
- IMAGE_FILE_32BIT_MACHINE = (UInt16)0x0100,
- IMAGE_FILE_DEBUG_STRIPPED = (UInt16)0x0200,
- IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = (UInt16)0x0400,
- IMAGE_FILE_NET_RUN_FROM_SWAP = (UInt16)0x0800,
- IMAGE_FILE_SYSTEM = (UInt16)0x1000,
- IMAGE_FILE_DLL = (UInt16)0x2000,
- IMAGE_FILE_UP_SYSTEM_ONLY = (UInt16)0x4000,
- IMAGE_FILE_BYTES_REVERSED_HI = (UInt16)0x8000
- };
- }
- #endregion
- #endregion
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- // _IMAGE_FILE_HEADER
- //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- #region Image File Header
- [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
- public struct _IMAGE_OPTIONAL_HEADER
- {
- public UInt16 Magic;
- public Byte MajorLinkerVersion;
- public Byte MinorLinkerVersion;
- public UInt32 SizeOfCode;
- public UInt32 SizeOfInitializedData;
- public UInt32 SizeOfUninitializedData;
- public UInt32 AddressOfEntryPoint;
- public UInt32 BaseOfCode;
- public UInt32 BaseOfData;
- public UInt32 ImageBase;
- public UInt32 SectionAlignment;
- public UInt32 FileAlignment;
- public UInt16 MajorOperatingSystemVersion;
- public UInt16 MinorOperatingSystemVersion;
- public UInt16 MajorImageVersion;
- public UInt16 MinorImageVersion;
- public UInt16 MajorSubsystemVersion;
- public UInt16 MinorSubsystemVersion;
- public UInt32 Win32VersionValue;
- public UInt32 SizeOfImage;
- public UInt32 SizeOfHeaders;
- public UInt32 CheckSum;
- public UInt16 Subsystem;
- public UInt16 DllCharacteristics;
- public UInt32 SizeOfStackReserve;
- public UInt32 SizeOfStackCommit;
- public UInt32 SizeOfHeapReserve;
- public UInt32 SizeOfHeapCommit;
- public UInt32 LoaderFlags;
- public UInt32 NumberOfRvaAndSizes;
- [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
- IMAGE_OPTIONAL_HEADER_DATA._IMAGE_DATA_DIRECTORY[] DataDirectory;
- };
- #region _IMAGE_OPTIONAL_HEADER Data options
- public static class IMAGE_OPTIONAL_HEADER_DATA
- {
- public enum Magic
- {
- IMAGE_NT_OPTIONAL_HDR_MAGIC,
- IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b,
- IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b,
- IMAGE_ROM_OPTIONAL_HDR_MAGIC = 0x107
- };
- public enum Subsystem
- {
- IMAGE_SUBSYSTEM_UNKNOWN = 0,
- IMAGE_SUBSYSTEM_NATIVE = 1,
- IMAGE_SUBSYSTEM_WINDOWS_GUI = 2,
- IMAGE_SUBSYSTEM_WINDOWS_CUI = 3,
- IMAGE_SUBSYSTEM_OS2_CUI = 5,
- IMAGE_SUBSYSTEM_POSIX_CUI = 7,
- IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9,
- IMAGE_SUBSYSTEM_EFI_APPLICATION = 10,
- IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11,
- IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12,
- IMAGE_SUBSYSTEM_EFI_ROM = 13,
- IMAGE_SUBSYSTEM_XBOX = 14,
- IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16,
- };
- public enum DllCharacteristics
- {
- Reserved = 0x0001,
- Reserved = 0x0002,
- Reserved = 0x0004,
- Reserved = 0x0008,
- IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = 0x0040,
- IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY = 0x0080,
- IMAGE_DLLCHARACTERISTICS_NX_COMPAT = 0x0100,
- IMAGE_DLLCHARACTERISTICS_NO_ISOLATION = 0x0200,
- IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400,
- IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800,
- Reserved = 0x1000,
- IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x4000,
- IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000,
- };
- [StructLayout(LayoutKind.Sequential, Pack = 1), Serializable]
- public struct _IMAGE_DATA_DIRECTORY
- {
- public UInt32 VirtualAddress;
- public UInt32 Size;
- };
- public static class IMAGE_DATA_DIRECTORY_DATA
- {
- public enum DataDirectory
- {
- //Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms680305(v=vs.85).aspx
- Export_table,
- Import_table,
- Resource_table,
- Exception_table,
- Certificate_table,
- Base_relocation_table,
- Debugging_information,
- Architecture,
- Global_pointer,
- Thread_local_storage,
- Load_configuration,
- Bound_import,
- Import_address_table,
- Delay_import_descriptor,
- CLR_header,
- Reserved
- };
- }
- }
- #endregion
- #endregion
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement