.Net PE

// ConsoleApplication26.cpp: 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <Windows.h>
typedef ULONG_PTR TADDR;
#define VAL16(x) x
#define VAL32(x) x
#define DPTR(type) type*
#define ALIGN4BYTE(val) (((val) + 3) & ~0x3)
typedef DPTR(IMAGE_DOS_HEADER) PTR_IMAGE_DOS_HEADER;
typedef DPTR(IMAGE_NT_HEADERS) PTR_IMAGE_NT_HEADERS;
typedef DPTR(IMAGE_DATA_DIRECTORY) PTR_IMAGE_DATA_DIRECTORY;
typedef DPTR(IMAGE_COR20_HEADER) PTR_IMAGE_COR20_HEADER;

struct STORAGEHEADER
{
public:
BYTE fFlags;
BYTE pad;
USHORT iStreams;
public:
BYTE GetFlags()
{
return fFlags;
}
void SetFlags(BYTE flags)
{
fFlags = flags;
}
void AddFlags(BYTE flags)
{
fFlags |= flags;
}


USHORT GetiStreams()
{
return VAL16(iStreams);
}
void SetiStreams(USHORT iStreamsCount)
{
iStreams = VAL16(iStreamsCount);
}
};


struct STORAGESIGNATURE
{
public:
ULONG lSignature;
USHORT iMajorVer;
USHORT iMinorVer;
ULONG iExtraData;
ULONG iVersionString;
public:
BYTE pVersion[0];
ULONG GetSignature()
{
return VAL32(lSignature);
}
void SetSignature(ULONG Signature)
{
lSignature = VAL32(Signature);
}

USHORT GetMajorVer()
{
return VAL16(iMajorVer);
}
void SetMajorVer(USHORT MajorVer)
{
iMajorVer = VAL16(MajorVer);
}

USHORT GetMinorVer()
{
return VAL16(iMinorVer);
}
void SetMinorVer(USHORT MinorVer)
{
iMinorVer = VAL16(MinorVer);
}

ULONG GetExtraDataOffset()
{
return VAL32(iExtraData);
}
void SetExtraDataOffset(ULONG ExtraDataOffset)
{
iExtraData = VAL32(ExtraDataOffset);
}

ULONG GetVersionStringLength()
{
return VAL32(iVersionString);
}
void SetVersionStringLength(ULONG VersionStringLength)
{
iVersionString = VAL32(VersionStringLength);
}
};
struct STORAGESTREAM
{
public:
ULONG iOffset;
ULONG iSize;
char rcName[32];
};
int main()
{
HMODULE HE = LoadLibraryExW(L"C:\Users\tangyz17\Desktop\coreclr\ClassLibrary1.dll", NULL, 8);
TADDR m_base = TADDR((void*)HE);
IMAGE_DOS_HEADER *SR= PTR_IMAGE_DOS_HEADER(HE);
IMAGE_NT_HEADERS *HR = PTR_IMAGE_NT_HEADERS(m_base + VAL32(SR->e_lfanew));//注意这个地方的IMAGE_NT_HEADERS和 IMAGE_NT_HEADERS64的区别，用后者无法获取OR，DR数值
IMAGE_DATA_DIRECTORY *PDR = PTR_IMAGE_DATA_DIRECTORY(TADDR(HR)+offsetof(IMAGE_NT_HEADERS, OptionalHeader.DataDirectory) + 14 * sizeof(IMAGE_DATA_DIRECTORY));
IMAGE_COR20_HEADER *OR = PTR_IMAGE_COR20_HEADER(m_base + VAL32(PDR->VirtualAddress));
IMAGE_DATA_DIRECTORY *DR = &(OR->MetaData);

const void *pMeta = NULL;
pMeta = (const void *)(VAL32(m_base + DR->VirtualAddress));

const BYTE *pbMd;
pbMd = (const BYTE*)pMeta;
pbMd += sizeof(STORAGESIGNATURE);
ULONG cbVersionString = ((STORAGESIGNATURE *)pMeta)->GetVersionStringLength();
pbMd += cbVersionString;
pbMd += sizeof(STORAGEHEADER);

STORAGESTREAM *stream = (STORAGESTREAM*)pbMd;

printf("%s", "Hello World");
getchar();
return 0;
}