* Handle MZ/PE signatures in endianness-aware way.

* TImageNTHeaders32/TImageNTHeaders64 commented out. It seems not used anymore.

Author: vdisasmdev

PE.Image.Saving.pas

@@ -43,7 +43,7 @@ function DoDosHdr(PE: TPEImage; AStream: TStream): boolean;
   DosBlockSize: integer;
 begin
   h := PE.DOSHeader;
-  h^.e_magic := MZ_SIGNATURE;
+  h^.e_magic.SetMZ;
   h^.e_lfanew := PE.LFANew;
 
   // Write DOS header.
@@ -58,13 +58,11 @@ function DoDosHdr(PE: TPEImage; AStream: TStream): boolean;
 { NT }
 
 function DoFileHdr(PE: TPEImage; AStream: TStream): boolean;
-const
-  sig: uint32 = PE00_SIGNATURE;
 begin
-  Result := False;
-  if StreamWrite(AStream, sig, SizeOf(sig)) then
+  if StreamWrite(AStream, PE00_SIGNATURE, SizeOf(PE00_SIGNATURE)) then
     if StreamWrite(AStream, PE.FileHeader^, SizeOf(PE.FileHeader^)) then
-      Result := true;
+      exit(true);
+  exit(false);
 end;
 
 { Optional }

PE.Image.pas

@@ -960,21 +960,20 @@ class function TPEImage.IsPE(const FileName: string): boolean;
 class function TPEImage.IsPE(AStream: TStream; Ofs: UInt64): boolean;
 var
   dos: TImageDOSHeader;
-  pe00: uint32;
+  peSig: TNTSignature;
 begin
-  if AStream.Seek(Ofs, TSeekOrigin.soBeginning) <> Ofs then
+  if not StreamSeek(AStream, Ofs) then
     exit(false);
 
-  if (AStream.Read(dos, SizeOf(dos)) = SizeOf(dos)) then
-    if (dos.e_magic = MZ_SIGNATURE) then
+  if StreamRead(AStream, dos, SizeOf(dos)) then
+    if dos.e_magic.IsMZ then
     begin
       Ofs := Ofs + dos.e_lfanew;
       if Ofs >= AStream.Size then
         exit(false);
-      if AStream.Seek(Ofs, TSeekOrigin.soBeginning) = Ofs then
-        if AStream.Read(pe00, SizeOf(pe00)) = SizeOf(pe00) then
-          if pe00 = PE00_SIGNATURE then
-            exit(true);
+      if StreamSeek(AStream, Ofs) then
+        if StreamRead(AStream, peSig, SizeOf(peSig)) then
+          exit(peSig.IsPE00);
     end;
   exit(false);
 end;
@@ -1184,10 +1183,10 @@ function TPEImage.ReadEx(var Buffer; Size: cardinal): boolean;
 
 function TPEImage.ReadAnsiString: string;
 var
-  len: Integer;
+  Len: integer;
 begin
-  if not ReadAnsiStringLen(0, len, result) then
-    result := '';
+  if not ReadAnsiStringLen(0, Len, Result) then
+    Result := '';
 end;
 
 function TPEImage.ReadAnsiStringLen(MaxLen: integer; out Len: integer; out Str: string): boolean;
@@ -1228,7 +1227,7 @@ function TPEImage.ReadAnsiStringLen(MaxLen: integer; out Len: integer; out Str:
     Str := string(pBegin);
 
     // Include null at end.
-    inc(len);
+    inc(Len);
 
     // Move current position.
     inc(FPositionRVA, Len);
@@ -1464,7 +1463,7 @@ function TPEImage.LoadFromStream(AStream: TStream; AParseStages: TParserFlags;
   OptHdrSizeRead: int32; // w/o directories
   Stage: TParserFlag;
   Parser: TPEParser;
-  Signature: uint32;
+  Signature: TNTSignature;
   DOSBlockSize: uint32;
 begin
   Result := false;
@@ -1535,7 +1534,7 @@ function TPEImage.LoadFromStream(AStream: TStream; AParseStages: TParserFlags;
   if not StreamRead(AStream, Signature, SizeOf(Signature)) then
     exit;
   // Check signature.
-  if Signature <> PE00_SIGNATURE then
+  if not Signature.IsPE00 then
     exit; // not PE file
 
   // Load File Header.

PE.MemoryStream.pas

@@ -193,12 +193,12 @@ class function TPEMemoryStream.GetModuleImageSize(ModulePtr: PByte): uint32;
 begin
   dos := PImageDOSHeader(ModulePtr);
 
-  if dos.e_magic <> MZ_SIGNATURE then
+  if not dos.e_magic.IsMZ then
     raise Exception.Create('Not PE image');
 
   nt := PImageNTHeaders(ModulePtr + dos^.e_lfanew);
 
-  if nt.Signature <> PE00_SIGNATURE then
+  if not nt.Signature.IsPE00 then
     raise Exception.Create('Not PE image');
 
   Result := nt^.OptionalHeader.pe32.SizeOfImage;

PE.Parser.Headers.pas

@@ -20,7 +20,7 @@ implementation
 
 function LoadDosHeader;
 begin
-  Result := StreamRead(AStream, AHdr, SizeOf(AHdr)) and (AHdr.e_magic = MZ_SIGNATURE);
+  Result := StreamRead(AStream, AHdr, SizeOf(AHdr)) and AHdr.e_magic.IsMZ;
 end;
 
 function LoadFileHeader;

PE.Types.DOSHeader.pas

@@ -2,13 +2,20 @@
 
 interface
 
-const
-  MZ_SIGNATURE = $5A4D;
-  ZM_SIGNATURE = $4D5A;
+type
+  TDOSMagic = packed record
+  public
+    function IsMZ: boolean; inline;
+    procedure SetMZ; inline;
+  public
+    case integer of
+      0:
+        (chars: array [0 .. 1] of AnsiChar);
+  end;
 
 type
   TImageDOSHeader = packed record
-    e_magic: uint16;                  // Magic number.
+    e_magic: TDOSMagic;               // Magic number.
     e_cblp: uint16;                   // Bytes on last page of file.
     e_cp: uint16;                     // Pages in file.
     e_crlc: uint16;                   // Relocations.
@@ -40,4 +47,17 @@ interface
 
 implementation
 
+{ TDOSMagic }
+
+function TDOSMagic.IsMZ: boolean;
+begin
+  result := self.chars = 'MZ';
+end;
+
+procedure TDOSMagic.SetMZ;
+begin
+  self.chars[0] := 'M';
+  self.chars[1] := 'Z';
+end;
+
 end.

PE.Types.NTHeaders.pas

@@ -6,31 +6,52 @@ interface
   PE.Types.FileHeader,
   PE.Types.OptionalHeader;
 
-const
-  PE00_SIGNATURE = $00004550;
-
 type
+{
   TImageNTHeaders32 = packed record
-    Signature:      uint32;
-    FileHeader:     TImageFileHeader;
+    Signature: uint32;
+    FileHeader: TImageFileHeader;
     OptionalHeader: TImageOptionalHeader32;
   end;
+
   PImageNTHeaders32 = ^TImageNTHeaders32;
 
   TImageNTHeaders64 = packed record
-    Signature:      uint32;
-    FileHeader:     TImageFileHeader;
+    Signature: uint32;
+    FileHeader: TImageFileHeader;
     OptionalHeader: TImageOptionalHeader64;
   end;
+
   PImageNTHeaders64 = ^TImageNTHeaders64;
+}
+
+  TNTSignature = record
+  public
+    function IsPE00: boolean; inline;
+  public
+    case integer of
+      0:
+        (chars: array [0 .. 3] of AnsiChar);
+  end;
 
   TImageNTHeaders = packed record
-    Signature:      uint32;
-    FileHeader:     TImageFileHeader;
+    Signature: TNTSignature;
+    FileHeader: TImageFileHeader;
     OptionalHeader: TImageOptionalHeader;
   end;
+
   PImageNTHeaders = ^TImageNTHeaders;
 
+const
+  PE00_SIGNATURE: TNTSignature = (chars: 'PE'#0#0);
+
 implementation
 
+{ TNTSignature }
+
+function TNTSignature.IsPE00: boolean;
+begin
+  result := self.chars = PE00_SIGNATURE.chars;
+end;
+
 end.