C# 클래스 PeNet.Utility

This class provides useful functions to work with PE files.

공개 메소드들

메소드	설명
BytesToUInt16 ( this buff, ulong i ) : ushort	Convert a two bytes in a byte array to an 16 bit unsigned integer.
BytesToUInt32 ( this buff, uint i ) : uint	Convert 4 consecutive bytes out of a buffer to an 32 bit unsigned integer.
BytesToUInt64 ( this buff, ulong i ) : ulong	Convert 8 consecutive byte in a buffer to an 64 bit unsigned integer.
GetName ( ulong name, byte buff ) : string	Get a name (C string) at a specific position in a buffer.
GetNameLength ( ulong name, byte buff ) : ulong	For a given offset in an byte array, find the next null value which terminates a C string.
IsSignatureValid ( string filePath ) : bool	Checks if the digital signature of a PE file is valid. Since .Net has not function for it, PInvoke is used to query the native API like here http://geekswithblogs.net/robp/archive/2007/05/04/112250.aspx
IsSigned ( string filePath ) : bool	Checks is a PE file is digitally signed. It does not verify the signature!
IsValidCertChain ( X509Certificate2 cert, bool online ) : bool	Checks if cert is from a trusted CA with a valid certificate chain.
IsValidCertChain ( string filePath, bool online ) : bool	Checks if cert is from a trusted CA with a valid certificate chain.
MD5 ( byte buff ) : string	Compute the MD5 from a byte array.
MD5 ( string file ) : string	Compute the MD5 from a file.
RVAtoFileMapping ( this RVA, ICollection sh ) : uint	Map an relative virtual address to the raw file address.
RVAtoFileMapping ( this RVA, ICollection sh ) : ulong	Map an relative virtual address to the raw file address.
ResolveFileCharacteristics ( ushort characteristics ) : FileCharacteristics	Resolves the characteristics attribute from the COFF header to an object which holds all the characteristics a boolean properties.
ResolveResourceId ( uint id ) : string	Resolve the resource identifier of resource entries to a human readable string with a meaning.
ResolveSectionFlags ( uint sectionFlags ) : List	Resolves the section flags to human readable strings.
ResolveSectionName ( byte name ) : string	Converts the section name (UTF-8 byte array) to a string.
ResolveSubsystem ( ushort subsystem ) : string	Resolve the subsystem attribute to a human readable string.
ResolveTargetMachine ( ushort targetMachine ) : string	Resolves the target machine number to a string containing the name of the target machine.
SetUInt16 ( this buff, ulong offset, ushort value ) : void	Set an UInt16 value at an offset in an byte array.
SetUInt32 ( this buff, uint offset, uint value ) : void	Sets an UInt32 value at an offset in a buffer.
SetUInt64 ( this buff, ulong offset, ulong value ) : void	Sets an UInt64 value at an offset in a buffer.
Sha1 ( byte buff ) : string	Compute the SHA-1 from a byte array.
Sha1 ( string file ) : string	Compute the SHA-1 from a file.
Sha256 ( byte buff ) : string	Compute the SHA-256 from a byte array.
Sha256 ( string file ) : string	Compute the SHA-256 from a file.
ToHexString ( this input, ulong from, ulong length ) : List	Convert a sub array of an byte array to an hex string where every byte is separated by an whitespace.
ToHexString ( this value ) : string	Convert ushort into a hexadecimal string.
ToHexString ( this bytes ) : string	Convert a sequence of bytes into a hexadecimal string.
ToHexString ( this values ) : string	Convert a sequence of ushorts into a hexadecimal string.
ToIntFromHexString ( this hexString ) : long	Converts a hex string of the form 0x435A4DE3 to a long value.
VAtoFileMapping ( this VA, ICollection sh ) : uint	Map an virtual address to the raw file address.
VAtoFileMapping ( this VA, ICollection sh ) : ulong	Map an virtual address to the raw file address.

비공개 메소드들

메소드	설명
BytesToUInt16 ( byte b1, byte b2 ) : ushort	Convert to bytes to an 16 bit unsigned integer.
BytesToUInt32 ( byte b1, byte b2, byte b3, byte b4 ) : uint	Convert 4 bytes to an 32 bit unsigned integer.
BytesToUInt64 ( byte b1, byte b2, byte b3, byte b4, byte b5, byte b6, byte b7, byte b8 ) : ulong	Converts 8 bytes to an 64 bit unsigned integer.
GetOrdinal ( uint ordinal, byte buff ) : ushort
PropertiesToString ( object obj, string format ) : string
UInt16ToBytes ( ushort value ) : byte[]	Convert an UIn16 to an byte array.
UInt32ToBytes ( uint value ) : byte[]	Convert an UInt32 value into an byte array.
UInt64ToBytes ( ulong value ) : byte[]	Convert an UIn64 value into an byte array.

메소드 상세

BytesToUInt16() 공개 정적인 메소드

Convert a two bytes in a byte array to an 16 bit unsigned integer.

public static BytesToUInt16 ( this buff, ulong i ) : ushort
buff	this	Byte buffer.
i	ulong	Position of the high byte. Low byte is i+1.
리턴	ushort

BytesToUInt32() 공개 정적인 메소드

Convert 4 consecutive bytes out of a buffer to an 32 bit unsigned integer.

public static BytesToUInt32 ( this buff, uint i ) : uint
buff	this	Byte buffer.
i	uint	Offset of the highest byte.
리턴	uint

BytesToUInt64() 공개 정적인 메소드

Convert 8 consecutive byte in a buffer to an 64 bit unsigned integer.

public static BytesToUInt64 ( this buff, ulong i ) : ulong
buff	this	Byte buffer.
i	ulong	Offset of the highest byte.
리턴	ulong

GetName() 공개 정적인 메소드

Get a name (C string) at a specific position in a buffer.

public static GetName ( ulong name, byte buff ) : string
name	ulong	Offset of the string.
buff	byte	Containing buffer.
리턴	string

GetNameLength() 공개 정적인 메소드

For a given offset in an byte array, find the next null value which terminates a C string.

public static GetNameLength ( ulong name, byte buff ) : ulong
name	ulong	Offset of the string.
buff	byte	Buffer which contains the string.
리턴	ulong

IsSignatureValid() 공개 정적인 메소드

Checks if the digital signature of a PE file is valid. Since .Net has not function for it, PInvoke is used to query the native API like here http://geekswithblogs.net/robp/archive/2007/05/04/112250.aspx

public static IsSignatureValid ( string filePath ) : bool
filePath	string	Path to a PE file.
리턴	bool

IsSigned() 공개 정적인 메소드

Checks is a PE file is digitally signed. It does not verify the signature!

public static IsSigned ( string filePath ) : bool
filePath	string	Path to a PE file.
리턴	bool

IsValidCertChain() 공개 정적인 메소드

Checks if cert is from a trusted CA with a valid certificate chain.

public static IsValidCertChain ( X509Certificate2 cert, bool online ) : bool
cert	System.Security.Cryptography.X509Certificates.X509Certificate2	X509 Certificate
online	bool	Check certificate chain online or offline.
리턴	bool

IsValidCertChain() 공개 정적인 메소드

Checks if cert is from a trusted CA with a valid certificate chain.

public static IsValidCertChain ( string filePath, bool online ) : bool
filePath	string	Path to a PE file.
online	bool	Check certificate chain online or offline.
리턴	bool

MD5() 공개 정적인 메소드

Compute the MD5 from a byte array.

public static MD5 ( byte buff ) : string
buff	byte	Binary as a byte buffer.
리턴	string

MD5() 공개 정적인 메소드

Compute the MD5 from a file.

public static MD5 ( string file ) : string
file	string	Path to the file
리턴	string

RVAtoFileMapping() 공개 정적인 메소드

Map an relative virtual address to the raw file address.

public static RVAtoFileMapping ( this RVA, ICollection sh ) : uint
RVA	this	Relative Virtual Address
sh	ICollection	Section Headers
리턴	uint

RVAtoFileMapping() 공개 정적인 메소드

Map an relative virtual address to the raw file address.

public static RVAtoFileMapping ( this RVA, ICollection sh ) : ulong
RVA	this	Relative Virtual Address
sh	ICollection	Section Headers
리턴	ulong

ResolveFileCharacteristics() 공개 정적인 메소드

Resolves the characteristics attribute from the COFF header to an object which holds all the characteristics a boolean properties.

public static ResolveFileCharacteristics ( ushort characteristics ) : FileCharacteristics
characteristics	ushort	File header characteristics.
리턴	FileCharacteristics

ResolveResourceId() 공개 정적인 메소드

Resolve the resource identifier of resource entries to a human readable string with a meaning.

public static ResolveResourceId ( uint id ) : string
id	uint	Resource identifier.
리턴	string

ResolveSectionFlags() 공개 정적인 메소드

Resolves the section flags to human readable strings.

public static ResolveSectionFlags ( uint sectionFlags ) : List
sectionFlags	uint	Sections flags from the SectionHeader object.
리턴	List

ResolveSectionName() 공개 정적인 메소드

Converts the section name (UTF-8 byte array) to a string.

public static ResolveSectionName ( byte name ) : string
name	byte	Section name byte array.
리턴	string

ResolveSubsystem() 공개 정적인 메소드

Resolve the subsystem attribute to a human readable string.

public static ResolveSubsystem ( ushort subsystem ) : string
subsystem	ushort	Subsystem attribute.
리턴	string

ResolveTargetMachine() 공개 정적인 메소드

Resolves the target machine number to a string containing the name of the target machine.

public static ResolveTargetMachine ( ushort targetMachine ) : string
targetMachine	ushort	Target machine value from the COFF header.
리턴	string

SetUInt16() 공개 정적인 메소드

Set an UInt16 value at an offset in an byte array.

public static SetUInt16 ( this buff, ulong offset, ushort value ) : void
buff	this	Buffer in which the value is set.
offset	ulong	Offset where the value is set.
value	ushort	The value to set.
리턴	void

SetUInt32() 공개 정적인 메소드

Sets an UInt32 value at an offset in a buffer.

public static SetUInt32 ( this buff, uint offset, uint value ) : void
buff	this	Buffer to set the value in.
offset	uint	Offset in the array for the value.
value	uint	Value to set.
리턴	void

SetUInt64() 공개 정적인 메소드

Sets an UInt64 value at an offset in a buffer.

public static SetUInt64 ( this buff, ulong offset, ulong value ) : void
buff	this	Buffer to set the value in.
offset	ulong	Offset in the array for the value.
value	ulong	Value to set.
리턴	void

Sha1() 공개 정적인 메소드

Compute the SHA-1 from a byte array.

public static Sha1 ( byte buff ) : string
buff	byte	Binary as a byte buffer.
리턴	string

Sha1() 공개 정적인 메소드

Compute the SHA-1 from a file.

public static Sha1 ( string file ) : string
file	string	Path to the file
리턴	string

Sha256() 공개 정적인 메소드

Compute the SHA-256 from a byte array.

public static Sha256 ( byte buff ) : string
buff	byte	Binary as a byte buffer.
리턴	string

Sha256() 공개 정적인 메소드

Compute the SHA-256 from a file.

public static Sha256 ( string file ) : string
file	string	Path to the file
리턴	string

ToHexString() 공개 정적인 메소드

Convert a sub array of an byte array to an hex string where every byte is separated by an whitespace.

public static ToHexString ( this input, ulong from, ulong length ) : List
input	this	Byte array.
from	ulong	Index in the byte array where the hex string starts.
length	ulong	Length of the hex string in the byte array.
리턴	List

ToHexString() 공개 정적인 메소드

Convert ushort into a hexadecimal string.

public static ToHexString ( this value ) : string
value	this	Value
리턴	string

ToHexString() 공개 정적인 메소드

Convert a sequence of bytes into a hexadecimal string.

public static ToHexString ( this bytes ) : string
bytes	this	Byte sequence.
리턴	string

ToHexString() 공개 정적인 메소드

Convert a sequence of ushorts into a hexadecimal string.

public static ToHexString ( this values ) : string
values	this	Value sequence.
리턴	string

ToIntFromHexString() 공개 정적인 메소드

Converts a hex string of the form 0x435A4DE3 to a long value.

public static ToIntFromHexString ( this hexString ) : long
hexString	this
리턴	long

VAtoFileMapping() 공개 정적인 메소드

Map an virtual address to the raw file address.

public static VAtoFileMapping ( this VA, ICollection sh ) : uint
VA	this	Virtual Address
sh	ICollection	Section Headers
리턴	uint

VAtoFileMapping() 공개 정적인 메소드

Map an virtual address to the raw file address.

public static VAtoFileMapping ( this VA, ICollection sh ) : ulong
VA	this	Virtual Address
sh	ICollection	Section Headers
리턴	ulong