Description
We need some kind of helper function for PE images that will return regions of the file based on their characteristics. (This would solve one of the shortcomings in #70)
The simplest example is situations where we want to scan all code bytes. Right now we only use .text, which is not even the only code section in LEGO1.DLL and BETA10.DLL. There is also no requirement that the section be called .text. (I have a Borland-compiled game with CODE and no .text)
PE sections have a characteristics field and we already have an IntEnum to parse them.
This table on Microsoft's site shows common section names and their expected characteristics. (Scroll down past the bullet list.)
So... just look at the characteristics? This works for code because we can test for IMAGE_SCN_MEM_EXECUTE or IMAGE_SCN_CNT_CODE. Searching for const data is harder because almost all sections in that table have IMAGE_SCN_CNT_INITIALIZED_DATA and IMAGE_SCN_MEM_READ set.
We could refer to the data directory and exclude those regions, but there is no guarantee that the directory entry points at the beginning of a section. The directory can also point to a data structure inside a segment used for other things. For example, exports in LEGO1 are in .rdata. There is no .edata section.
Do we refer to the "standard" section names as an exclusion list? For example, if I want to look at const data, get all sections with the "init_data" and "readable" flags set, but where section.name not in {".debug", ".edata", ".idata", ".pdata", ...}.
Is there a better way that I'm missing?