Method | Description | |
---|---|---|
BytesToUInt16 ( this buff, ulong i ) : ushort |
Convert a two bytes in a byte array to an 16 bit unsigned integer.
|
|
BytesToUInt32 ( this buff, uint i ) : uint |
Convert 4 consecutive bytes out of a buffer to an 32 bit unsigned integer.
|
|
BytesToUInt64 ( this buff, ulong i ) : ulong |
Convert 8 consecutive byte in a buffer to an 64 bit unsigned integer.
|
|
GetName ( ulong name, byte buff ) : string |
Get a name (C string) at a specific position in a buffer.
|
|
GetNameLength ( ulong name, byte buff ) : ulong |
For a given offset in an byte array, find the next null value which terminates a C string.
|
|
IsSignatureValid ( string filePath ) : bool |
Checks if the digital signature of a PE file is valid. Since .Net has not function for it, PInvoke is used to query the native API like here http://geekswithblogs.net/robp/archive/2007/05/04/112250.aspx
|
|
IsSigned ( string filePath ) : bool |
Checks is a PE file is digitally signed. It does not verify the signature!
|
|
IsValidCertChain ( |
Checks if cert is from a trusted CA with a valid certificate chain.
|
|
IsValidCertChain ( string filePath, bool online ) : bool |
Checks if cert is from a trusted CA with a valid certificate chain.
|
|
MD5 ( byte buff ) : string |
Compute the MD5 from a byte array.
|
|
MD5 ( string file ) : string |
Compute the MD5 from a file.
|
|
RVAtoFileMapping ( this RVA, ICollection |
Map an relative virtual address to the raw file address.
|
|
RVAtoFileMapping ( this RVA, ICollection |
Map an relative virtual address to the raw file address.
|
|
ResolveFileCharacteristics ( ushort characteristics ) : FileCharacteristics |
Resolves the characteristics attribute from the COFF header to an object which holds all the characteristics a boolean properties.
|
|
ResolveResourceId ( uint id ) : string |
Resolve the resource identifier of resource entries to a human readable string with a meaning.
|
|
ResolveSectionFlags ( uint sectionFlags ) : List |
Resolves the section flags to human readable strings.
|
|
ResolveSectionName ( byte name ) : string |
Converts the section name (UTF-8 byte array) to a string.
|
|
ResolveSubsystem ( ushort subsystem ) : string |
Resolve the subsystem attribute to a human readable string.
|
|
ResolveTargetMachine ( ushort targetMachine ) : string |
Resolves the target machine number to a string containing the name of the target machine.
|
|
SetUInt16 ( this buff, ulong offset, ushort value ) : void |
Set an UInt16 value at an offset in an byte array.
|
|
SetUInt32 ( this buff, uint offset, uint value ) : void |
Sets an UInt32 value at an offset in a buffer.
|
|
SetUInt64 ( this buff, ulong offset, ulong value ) : void |
Sets an UInt64 value at an offset in a buffer.
|
|
Sha1 ( byte buff ) : string |
Compute the SHA-1 from a byte array.
|
|
Sha1 ( string file ) : string |
Compute the SHA-1 from a file.
|
|
Sha256 ( byte buff ) : string |
Compute the SHA-256 from a byte array.
|
|
Sha256 ( string file ) : string |
Compute the SHA-256 from a file.
|
|
ToHexString ( this input, ulong from, ulong length ) : List |
Convert a sub array of an byte array to an hex string where every byte is separated by an whitespace.
|
|
ToHexString ( this value ) : string |
Convert ushort into a hexadecimal string.
|
|
ToHexString ( this |
Convert a sequence of bytes into a hexadecimal string.
|
|
ToHexString ( this |
Convert a sequence of ushorts into a hexadecimal string.
|
|
ToIntFromHexString ( this hexString ) : long |
Converts a hex string of the form 0x435A4DE3 to a long value.
|
|
VAtoFileMapping ( this VA, ICollection |
Map an virtual address to the raw file address.
|
|
VAtoFileMapping ( this VA, ICollection |
Map an virtual address to the raw file address.
|
Method | Description | |
---|---|---|
BytesToUInt16 ( byte b1, byte b2 ) : ushort |
Convert to bytes to an 16 bit unsigned integer.
|
|
BytesToUInt32 ( byte b1, byte b2, byte b3, byte b4 ) : uint |
Convert 4 bytes to an 32 bit unsigned integer.
|
|
BytesToUInt64 ( byte b1, byte b2, byte b3, byte b4, byte b5, byte b6, byte b7, byte b8 ) : ulong |
Converts 8 bytes to an 64 bit unsigned integer.
|
|
GetOrdinal ( uint ordinal, byte buff ) : ushort | ||
PropertiesToString ( object obj, string format ) : string | ||
UInt16ToBytes ( ushort value ) : byte[] |
Convert an UIn16 to an byte array.
|
|
UInt32ToBytes ( uint value ) : byte[] |
Convert an UInt32 value into an byte array.
|
|
UInt64ToBytes ( ulong value ) : byte[] |
Convert an UIn64 value into an byte array.
|
public static BytesToUInt16 ( this buff, ulong i ) : ushort | ||
buff | this | Byte buffer. |
i | ulong | Position of the high byte. Low byte is i+1. |
return | ushort |
public static BytesToUInt32 ( this buff, uint i ) : uint | ||
buff | this | Byte buffer. |
i | uint | Offset of the highest byte. |
return | uint |
public static BytesToUInt64 ( this buff, ulong i ) : ulong | ||
buff | this | Byte buffer. |
i | ulong | Offset of the highest byte. |
return | ulong |
public static GetName ( ulong name, byte buff ) : string | ||
name | ulong | Offset of the string. |
buff | byte | Containing buffer. |
return | string |
public static GetNameLength ( ulong name, byte buff ) : ulong | ||
name | ulong | Offset of the string. |
buff | byte | Buffer which contains the string. |
return | ulong |
public static IsSignatureValid ( string filePath ) : bool | ||
filePath | string | Path to a PE file. |
return | bool |
public static IsSigned ( string filePath ) : bool | ||
filePath | string | Path to a PE file. |
return | bool |
public static IsValidCertChain ( |
||
cert | X509 Certificate | |
online | bool | Check certificate chain online or offline. |
return | bool |
public static IsValidCertChain ( string filePath, bool online ) : bool | ||
filePath | string | Path to a PE file. |
online | bool | Check certificate chain online or offline. |
return | bool |
public static MD5 ( byte buff ) : string | ||
buff | byte | Binary as a byte buffer. |
return | string |
public static MD5 ( string file ) : string | ||
file | string | Path to the file |
return | string |
public static RVAtoFileMapping ( this RVA, ICollection |
||
RVA | this | Relative Virtual Address |
sh | ICollection |
Section Headers |
return | uint |
public static RVAtoFileMapping ( this RVA, ICollection |
||
RVA | this | Relative Virtual Address |
sh | ICollection |
Section Headers |
return | ulong |
public static ResolveFileCharacteristics ( ushort characteristics ) : FileCharacteristics | ||
characteristics | ushort | File header characteristics. |
return | FileCharacteristics |
public static ResolveResourceId ( uint id ) : string | ||
id | uint | Resource identifier. |
return | string |
public static ResolveSectionFlags ( uint sectionFlags ) : List |
||
sectionFlags | uint | Sections flags from the SectionHeader object. |
return | List |
public static ResolveSectionName ( byte name ) : string | ||
name | byte | Section name byte array. |
return | string |
public static ResolveSubsystem ( ushort subsystem ) : string | ||
subsystem | ushort | Subsystem attribute. |
return | string |
public static ResolveTargetMachine ( ushort targetMachine ) : string | ||
targetMachine | ushort | Target machine value from the COFF header. |
return | string |
public static SetUInt16 ( this buff, ulong offset, ushort value ) : void | ||
buff | this | Buffer in which the value is set. |
offset | ulong | Offset where the value is set. |
value | ushort | The value to set. |
return | void |
public static SetUInt32 ( this buff, uint offset, uint value ) : void | ||
buff | this | Buffer to set the value in. |
offset | uint | Offset in the array for the value. |
value | uint | Value to set. |
return | void |
public static SetUInt64 ( this buff, ulong offset, ulong value ) : void | ||
buff | this | Buffer to set the value in. |
offset | ulong | Offset in the array for the value. |
value | ulong | Value to set. |
return | void |
public static Sha1 ( byte buff ) : string | ||
buff | byte | Binary as a byte buffer. |
return | string |
public static Sha1 ( string file ) : string | ||
file | string | Path to the file |
return | string |
public static Sha256 ( byte buff ) : string | ||
buff | byte | Binary as a byte buffer. |
return | string |
public static Sha256 ( string file ) : string | ||
file | string | Path to the file |
return | string |
public static ToHexString ( this input, ulong from, ulong length ) : List |
||
input | this | Byte array. |
from | ulong | Index in the byte array where the hex string starts. |
length | ulong | Length of the hex string in the byte array. |
return | List |
public static ToHexString ( this value ) : string | ||
value | this | Value |
return | string |
public static ToHexString ( this |
||
bytes | this |
Byte sequence. |
return | string |
public static ToHexString ( this |
||
values | this |
Value sequence. |
return | string |
public static ToIntFromHexString ( this hexString ) : long | ||
hexString | this | |
return | long |
public static VAtoFileMapping ( this VA, ICollection |
||
VA | this | Virtual Address |
sh | ICollection |
Section Headers |
return | uint |
public static VAtoFileMapping ( this VA, ICollection |
||
VA | this | Virtual Address |
sh | ICollection |
Section Headers |
return | ulong |