Exemplo n.º 1
0
  public static LoadConfigDirectory readLoadConfigDirectory(PE pe, byte[] b) throws IOException {
    DataReader dr = new DataReader(b);
    LoadConfigDirectory lcd = new LoadConfigDirectory();
    lcd.set(b);
    lcd.setSize(dr.readDoubleWord());
    lcd.setTimeDateStamp(dr.readDoubleWord());
    lcd.setMajorVersion(dr.readWord());
    lcd.setMinorVersion(dr.readWord());
    lcd.setGlobalFlagsClear(dr.readDoubleWord());
    lcd.setGlobalFlagsSet(dr.readDoubleWord());
    lcd.setCriticalSectionDefaultTimeout(dr.readDoubleWord());
    lcd.setDeCommitFreeBlockThreshold(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setDeCommitTotalFreeThreshold(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setLockPrefixTable(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setMaximumAllocationSize(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setVirtualMemoryThreshold(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setProcessAffinityMask(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    lcd.setProcessHeapFlags(dr.readDoubleWord());
    lcd.setCsdVersion(dr.readWord());
    lcd.setReserved(dr.readWord());
    lcd.setEditList(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    if (dr.hasMore()) // optional
    lcd.setSecurityCookie(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    if (dr.hasMore()) // optional
    lcd.setSeHandlerTable(pe.is64() ? dr.readLong() : dr.readDoubleWord());
    if (dr.hasMore()) // optional
    lcd.setSeHandlerCount(pe.is64() ? dr.readLong() : dr.readDoubleWord());

    return lcd;
  }
Exemplo n.º 2
0
 public static ExportDirectory readExportDirectory(byte[] b) throws IOException {
   DataReader dr = new DataReader(b);
   ExportDirectory edt = new ExportDirectory();
   edt.set(b);
   edt.setExportFlags(dr.readDoubleWord());
   edt.setTimeDateStamp(dr.readDoubleWord());
   edt.setMajorVersion(dr.readWord());
   edt.setMinorVersion(dr.readWord());
   edt.setNameRVA(dr.readDoubleWord());
   edt.setOrdinalBase(dr.readDoubleWord());
   edt.setAddressTableEntries(dr.readDoubleWord());
   edt.setNumberOfNamePointers(dr.readDoubleWord());
   edt.setExportAddressTableRVA(dr.readDoubleWord());
   edt.setNamePointerRVA(dr.readDoubleWord());
   edt.setOrdinalTableRVA(dr.readDoubleWord());
   return edt;
 }