def MakeManifestResourceRow():
return construct.Struct('ManifestResourceRow',
construct.ULInt32('Offset'),
construct.ULInt32('Flags'),
MDTag.StringHeapRef.parse('Name'),
MDTag.Implementation.parse('Implementation')
)
def MakeAssemblyRefOSRow():
return construct.Struct('AssemblyRefOSRow',
construct.ULInt32('OSPlatformID'),
construct.ULInt32('OSMajorVersion'),
construct.ULInt32('OSMinorVersion'),
MDTag.AssemblyRefRId.parse('AssemblyRef')
)
def MakeExportedTypeRow():
return construct.Struct('ExportedTypeRow',
construct.ULInt32('Flags'),
construct.ULInt32('TypeDefId'),
MDTag.StringHeapRef.parse('TypeName'),
MDTag.StringHeapRef.parse('TypeNamespace'),
MDTag.Implementation.parse('Implementation')
)
def MakeAssemblyRow():
return construct.Struct('AssemblyRow',
construct.ULInt32('HashAlgId'),
construct.ULInt16('MajorVersion'),
construct.ULInt16('MinorVersion'),
construct.ULInt16('BuildNumber'),
construct.ULInt16('RevisionNumber'),
construct.ULInt32('Flags'),
MDTag.BlobHeapRef.parse('PublicKey'),
MDTag.StringHeapRef.parse('Name'),
MDTag.StringHeapRef.parse('Culture')
)
def MakeTypeDefRow():
return construct.Struct('TypeDefRow',
construct.ULInt32('Flags'),
MDTag.StringHeapRef.parse('Name'),
MDTag.StringHeapRef.parse('Namespace'),
MDTag.TypeDefOrRef.parse('Extends'),
MDTag.FieldRef.parse('FieldList'),
MDTag.MethodRef.parse('MethodList')
)
def MakeFileRow():
return construct.Struct('FileRow',
construct.ULInt32('Flags'),
MDTag.StringHeapRef.parse('Name'),
MDTag.BlobHeapRef.parse('HashValue')
)
def MakeAssemblyRefProcessorRow():
return construct.Struct('AssemblyRefProcessorRow',
construct.ULInt32('Processor'),
MDTag.AssemblyRefRId.parse('AssemblyRef')
)
def MakeAssemblyOSRow():
return construct.Struct('AssemblyOSRow',
construct.ULInt32('OSPlatformID'),
construct.ULInt32('OSMajorVersion'),
construct.ULInt32('OSMinorVersion')
)
def MakeAssemblyProcessorRow():
return construct.Struct('AssemblyProcessorRow',
construct.ULInt32('Processor')
)
def MakeEnCMapRow():
return construct.Struct('EnCMapRow',
construct.ULInt32('Token')
)
def MakeEnCLogRow():
return construct.Struct('EnCLogRow',
construct.ULInt32('Token'),
construct.ULInt32('FuncCode')
)
def MakeFieldLayoutRow():
return construct.Struct('FieldLayoutRow',
construct.ULInt32('Offset'),
MDTag.FieldRId.parse('Field')
)
def MakeClassLayoutRow():
return construct.Struct('ClassLayoutRow',
construct.ULInt16('PackingSize'),
construct.ULInt32('ClassSize'),
MDTag.TypeDefRId.parse('Parent')
)
def MakeImageDataDirectory(name):
return construct.Struct(name,
MakeRva('VirtualAddress'),
construct.ULInt32('Size')
)
def MakeRva(name):
return construct.Embed(construct.Struct('EmbeddedRva',
construct.ULInt32(name),
construct.Value('VA', lambda ctx: idaapi.get_imagebase() + ctx[name])
))
import construct_legacy as construct
import ida_entry
import idaapi
import idautils
import idc
import io
import struct
ImageFileHeader = construct.Struct('ImageFileHeader',
construct.Enum(construct.ULInt16('Machine'),
IMAGE_FILE_MACHINE_I386 = 0x014c,
IMAGE_FILE_MACHINE_AMD64 = 0x8664,
IMAGE_FILE_MACHINE_ARMNT = 0x01c4
),
construct.ULInt16('NumberOfSections'),
construct.ULInt32('TimeDateStamp'),
construct.ULInt32('PointerToSymbolTable'),
construct.ULInt32('NumberOfSymbols'),
construct.ULInt16('SizeOfOptionalHeader'),
construct.ULInt16('Characteristics')
)
def MakeRva(name):
return construct.Embed(construct.Struct('EmbeddedRva',
construct.ULInt32(name),
construct.Value('VA', lambda ctx: idaapi.get_imagebase() + ctx[name])
))
def MakeImageDataDirectory(name):
return construct.Struct(name,
MakeRva('VirtualAddress'),
