EnableExplicit
;By Celtic88 ;)
#IMAGE_RESOURCE_NAME_IS_STRING =$80000000
#IMAGE_RESOURCE_DATA_IS_DIRECTORY =$80000000
;IMAGE_DOS_HEADER\e_magic
#IMAGE_DOS_HEADER=$5A4D;Magic number
;IMAGE_NT_HEADERS\Signature
#IMAGE_NT_SIGNATURE=$00004550;signature
;IMAGE_FILE_HEADER\Machine
#IMAGE_FILE_MACHINE_I386=$014c;x86
#IMAGE_FILE_MACHINE_IA64=$0200;Intel Itanium
#IMAGE_FILE_MACHINE_AMD64=$8664;x64
;IMAGE_NT_HEADERS\FileHeader\Characteristics
#IMAGE_FILE_RELOCS_STRIPPED=$0001;Relocation information was stripped from the file. The file must be loaded at its preferred base address. If the base address is not available, the loader reports an error.
#IMAGE_FILE_EXECUTABLE_IMAGE=$0002;The file is executable (there are no unresolved external references).
#IMAGE_FILE_LINE_NUMS_STRIPPED=$0004;COFF line numbers were stripped from the file.
#IMAGE_FILE_LOCAL_SYMS_STRIPPED=$0008;COFF symbol table entries were stripped from file.
#IMAGE_FILE_AGGRESIVE_WS_TRIM=$0010 ;Aggressively trim the working set. This value is obsolete.
#IMAGE_FILE_LARGE_ADDRESS_AWARE=$0020;The application can handle addresses larger than 2 GB.
#IMAGE_FILE_BYTES_REVERSED_LO=$0080 ;The bytes of the word are reversed. This flag is obsolete.
#IMAGE_FILE_32BIT_MACHINE=$0100 ;The computer supports 32-bit words.
#IMAGE_FILE_DEBUG_STRIPPED=$0200 ;Debugging information was removed and stored separately in another file.
#IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP=$0400;If the image is on removable media, copy it to and run it from the swap file.
#IMAGE_FILE_NET_RUN_FROM_SWAP=$0800 ;If the image is on the network, copy it to and run it from the swap file.
#IMAGE_FILE_SYSTEM=$1000 ;The image is a system file.
#IMAGE_FILE_DLL=$2000 ;The image is a DLL file. While it is an executable file, it cannot be run directly.
#IMAGE_FILE_UP_SYSTEM_ONLY=$4000 ;The file should be run only on a uniprocessor computer.
#IMAGE_FILE_BYTES_REVERSED_HI=$8000 ;The bytes of the word are reversed. This flag is obsolete.
;IMAGE_NT_HEADERS\OptionalHeader\Magic
#IMAGE_NT_OPTIONAL_HDR32_MAGIC = $10B;32-bit application
#IMAGE_NT_OPTIONAL_HDR64_MAGIC = $20B;64-bit application
#IMAGE_ROM_OPTIONAL_HDR_MAGIC = $107 ;ROM image
;IMAGE_NT_HEADERS\OptionalHeader\Subsystem
#IMAGE_SUBSYSTEM_UNKNOWN = 0;Unknown subsystem.
#IMAGE_SUBSYSTEM_NATIVE = 1 ;No subsystem required (device drivers and native system processes).
#IMAGE_SUBSYSTEM_WINDOWS_GUI = 2;Windows graphical user interface (GUI) subsystem.
#IMAGE_SUBSYSTEM_WINDOWS_CUI = 3;Windows character-mode user interface (CUI) subsystem.
#IMAGE_SUBSYSTEM_OS2_CUI = 5 ;OS/2 CUI subsystem.
#IMAGE_SUBSYSTEM_POSIX_CUI = 7 ;POSIX CUI subsystem.
#IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9;Windows CE system.
#IMAGE_SUBSYSTEM_EFI_APPLICATION = 10;Extensible Firmware Interface (EFI) application.
#IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11;EFI driver with boot services.
#IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12 ;EFI driver with run-time services.
#IMAGE_SUBSYSTEM_EFI_ROM = 13 ;EFI ROM image.
#IMAGE_SUBSYSTEM_XBOX = 14 ;Xbox system.
#IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16;Boot application.
;IMAGE_NT_HEADERS\OptionalHeader\DllCharacteristics
#IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE=$0040;The DLL can be relocated at load time.
#IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY=$0080;Code integrity checks are forced. If you set this flag and a section contains only uninitialized data, set the PointerToRawData member of #IMAGE_SECTION_HEADER for that section to zero; otherwise, the image will fail to load because the digital signature cannot be verified.
#IMAGE_DLLCHARACTERISTICS_NX_COMPAT=$0100 ;The image is compatible with data execution prevention (DEP).
#IMAGE_DLLCHARACTERISTICS_NO_ISOLATION=$0200 ;The image is isolation aware, but should not be isolated.
#IMAGE_DLLCHARACTERISTICS_NO_SEH=$0400 ;The image does not use structured exception handling (SEH). No handlers can be called in this image.
#IMAGE_DLLCHARACTERISTICS_NO_BIND=$0800 ;Do not bind the image
#IMAGE_DLLCHARACTERISTICS_WDM_DRIVER=$2000 ;A WDM driver
#IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE=$8000;The image is terminal server aware.
;IMAGE_NT_HEADERS\OptionalHeader\DllCharacteristics
#IMAGE_DIRECTORY_ENTRY_EXPORT = 0
#IMAGE_DIRECTORY_ENTRY_IMPORT = 1
#IMAGE_DIRECTORY_ENTRY_RESOURCE = 2
#IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3
#IMAGE_DIRECTORY_ENTRY_SECURITY = 4
#IMAGE_DIRECTORY_ENTRY_BASERELOC = 5
#IMAGE_DIRECTORY_ENTRY_DEBUG = 6
#IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7
#IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7
#IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8
#IMAGE_DIRECTORY_ENTRY_TLS = 9
#IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10
#IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11
#IMAGE_DIRECTORY_ENTRY_IAT = 12
#IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13
#IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14
#IMAGE_ORDINAL_FLAG = $80000000
#IMAGE_ORDINAL_FLAGx64=$8000000000000000
#IMAGE_SCN_CNT_CODE = $00000020
#IMAGE_SCN_CNT_INITIALIZED_DATA = $00000040
#IMAGE_SCN_CNT_UNINITIALIZED_DATA = $00000080
#IMAGE_SCN_MEM_SHARED = $10000000
#IMAGE_SCN_MEM_EXECUTE = $20000000
#IMAGE_SCN_MEM_READ = $40000000
#IMAGE_SCN_MEM_WRITE = $80000000
#IMAGE_REL_BASED_ABSOLUTE = 0
#IMAGE_REL_BASED_HIGH = 1
#IMAGE_REL_BASED_LOW = 2
#IMAGE_REL_BASED_HIGHLOW = 3
#IMAGE_REL_BASED_HIGHADJ = 4
#IMAGE_REL_BASED_MIPS_JMPADDR = 5
#IMAGE_REL_BASED_DIR64 = 10
Structure IMAGE_IMPORT_DESCRIPTOR ; from winnt.h
OriginalFirstThunk.l
TimeDateStamp.l
ForwarderChain.l
Name.l
FirstThunk.l
EndStructure
Structure IMAGE_THUNK_DATA32 ; from winnt.h
StructureUnion
ForwarderString.l
Function.l
Ordinal.l
AddressOfData.l
EndStructureUnion
EndStructure
Structure IMAGE_THUNK_DATA64 ; from winnt.h
StructureUnion
ForwarderString.q
Function.q
Ordinal.q
AddressOfData.q
EndStructureUnion
EndStructure
Structure IMAGE_RESOURCE_DIRECTORY
Characteristics.l;
TimeDateStamp.l ;
MajorVersion.w ;
MinorVersion.w ;
NumberOfNamedEntries.w;
NumberOfIdEntries.w ;
EndStructure
Structure IMAGE_RESOURCE_DIRECTORY_ENTRY
NameOffset.l;
OffsetToData.l;
EndStructure
Structure IMAGE_RESOURCE_DATA_ENTRY
OffsetToData.l;
Size.l ;
CodePage.l ;
Reserved.l ;
EndStructure
Structure IMAGE_RESOURCE_DIRECTORY_STRING
Length.u
; NameString.a[1]
EndStructure
Structure ImportFunctionList
IMAGE_THUNK_DATA.q
Ordinal.q
FunctionName.s
EndStructure
Structure IMAGE_BASE_RELOCATION ; from winnt.h
VirtualAddress.l
SizeOfBlock.l
EndStructure
Structure IMAGE_IMPORT_DESCRIPTORList Extends IMAGE_IMPORT_DESCRIPTOR
LibraryName.s; name of imported dll
List ImportFunctionList.ImportFunctionList() ;list of imported function
EndStructure
Structure IMAGE_IMPORT_DESCRIPTORInfo
List IMAGE_IMPORT_DESCRIPTORList.IMAGE_IMPORT_DESCRIPTORList()
EndStructure
Structure ExportFunctionNameListe
FunctionName.s ; Function Name
FunctionAddress.l ; Function Address
Ordinale.w ; Function Ordinale
EndStructure
Structure IMAGE_EXPORT_DIRECTORYInfo Extends IMAGE_EXPORT_DIRECTORY
__File_OriginalDllName.s ;original dll name
List ExportFunctionNameListe.ExportFunctionNameListe()
EndStructure
Structure ResourceSubDirectoryList Extends IMAGE_RESOURCE_DIRECTORY
__File_ResourceDirectoryName.s; Resource Directory Name
__File_ResourceDirectoryID.l;Resource Directory ID
__File_ResourceOffset.l;Resource Offset
OffsetToData.l;
Size.l ;
CodePage.l ;
EndStructure
Structure ResourceDirectoryList Extends IMAGE_RESOURCE_DIRECTORY
__File_ResourceDirectoryName.s
__File_ResourceDirectoryID.l
__File_ResourceSubDirectoryCount.l
List ResourceSubDirectoryList.ResourceSubDirectoryList()
EndStructure
Structure IMAGE_RESOURCE_DIRECTORYInfo Extends IMAGE_RESOURCE_DIRECTORY
__File_ResourceDirectoryCount.l; number of Resource
List ResourceDirectoryList.ResourceDirectoryList()
EndStructure
Structure IMAGE_SECTION_HEADERInfo Extends IMAGE_SECTION_HEADER
__File_Selction_Name.s ; pe section name
EndStructure
Structure IMAGE_BASE_RELOCATIONInfo Extends IMAGE_BASE_RELOCATION
List RelocationTypeList.unicode() ; Relocation
EndStructure
Structure PB_PEExplorer
__File_OffsetEntryCode.l ; start code offset
__File_ImageSize.l
IMAGE_DOS_HEADER.IMAGE_DOS_HEADER
IMAGE_NT_HEADERS64.IMAGE_NT_HEADERS64
IMAGE_NT_HEADERS32.IMAGE_NT_HEADERS32
List IMAGE_SECTION_HEADERList.IMAGE_SECTION_HEADERInfo()
IMAGE_IMPORT_DESCRIPTORInfo.IMAGE_IMPORT_DESCRIPTORInfo
IMAGE_EXPORT_DIRECTORYInfo.IMAGE_EXPORT_DIRECTORYInfo
IMAGE_RESOURCE_DIRECTORYInfo.IMAGE_RESOURCE_DIRECTORYInfo
List IMAGE_BASE_RELOCATIONList.IMAGE_BASE_RELOCATIONInfo()
EndStructure
Macro Resource_IsNameString(NameOffset);Gets a value indicating whether the directory name is a string.
(NameOffset & $80000000)
EndMacro
Macro Resource_NameAddress(NameOffset);Gets an offset, relative to the beginning of the resource directory of the string, which is of type
(NameOffset & $7FFFFFFF)
EndMacro
Macro Resource_IsDirectory(OffsetToData);Gets a value indicating whether the entry is a directory.
(OffsetToData & $80000000)
EndMacro
Macro Resource_DirectoryAddress(OffsetToData);Offset to the child or
(OffsetToData & $7FFFFFFF)
EndMacro
Macro Resource_IsDataEntry(tOffset);Gets a value indicating whether the child structure is a structure.
Resource_IsNameString(tOffset) And Resource_IsDirectory(tOffset)
EndMacro
Procedure Pb_PEExplorer(PeFile_ID ,*iPB_PEExplorer.PB_PEExplorer); Get Pe info
Protected tIMAGE_DOS_HEADER.IMAGE_DOS_HEADER
Protected tIMAGE_NT_HEADERS64.IMAGE_NT_HEADERS64
Protected tIMAGE_NT_HEADERS32.IMAGE_NT_HEADERS32
Protected tIMAGE_SECTION_HEADER.IMAGE_SECTION_HEADER
Protected tIMAGE_IMPORT_DESCRIPTOR.IMAGE_IMPORT_DESCRIPTOR
Protected tIMAGE_THUNK_DATA32.IMAGE_THUNK_DATA32
Protected tIMAGE_THUNK_DATA64.IMAGE_THUNK_DATA64
Protected tIMAGE_EXPORT_DIRECTORY.IMAGE_EXPORT_DIRECTORY
Protected tIMAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY
Protected tIMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY
Protected tIMAGE_RESOURCE_DIRECTORY_STRING.IMAGE_RESOURCE_DIRECTORY_STRING
Protected tChildIMAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY
Protected tChildIMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY
Protected tChildI1MAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY
Protected tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY
Protected tIMAGE_RESOURCE_DATA_ENTRY.IMAGE_RESOURCE_DATA_ENTRY
Protected tIMAGE_BASE_RELOCATION.IMAGE_BASE_RELOCATION,offsetReloc
Protected.l i,inct,incid,incrd,o,z,ii.w,itr
FileSeek(PeFile_ID,0)
ReadData(PeFile_ID,@tIMAGE_DOS_HEADER,SizeOf(IMAGE_DOS_HEADER));get IMAGE_DOS_HEADER
If tIMAGE_DOS_HEADER\e_magic <> #IMAGE_DOS_HEADER:ProcedureReturn 0:EndIf
CopyMemory(@tIMAGE_DOS_HEADER,@*iPB_PEExplorer\IMAGE_DOS_HEADER,SizeOf(IMAGE_DOS_HEADER))
FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew)
ReadData(PeFile_ID,@tIMAGE_NT_HEADERS32,SizeOf(IMAGE_NT_HEADERS32));get IMAGE_NT_HEADERS
If tIMAGE_NT_HEADERS32\Signature <> #IMAGE_NT_SIGNATURE:ProcedureReturn 0:EndIf
CopyMemory(@tIMAGE_NT_HEADERS32,@*iPB_PEExplorer\IMAGE_NT_HEADERS32,SizeOf(IMAGE_NT_HEADERS32))
Protected ImportVirtualAddress.l=tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_IMPORT]\VirtualAddress
Protected ExportVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress
Protected ResourceVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_RESOURCE]\VirtualAddress
Protected RelocVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_BASERELOC]\VirtualAddress
Protected endOfImage.l
Protected IMAGE_ORDINAL_FLAG.q = #IMAGE_ORDINAL_FLAG,SizeIMAGE_NT_HEADERS.l = SizeOf(IMAGE_NT_HEADERS32),SizeIMAGE_THUNK_DATA.l=SizeOf(IMAGE_THUNK_DATA32)
If tIMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC
IMAGE_ORDINAL_FLAG = #IMAGE_ORDINAL_FLAGx64
FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew)
ReadData(PeFile_ID,@tIMAGE_NT_HEADERS64,SizeOf(IMAGE_NT_HEADERS64))
CopyMemory(@tIMAGE_NT_HEADERS64,@*iPB_PEExplorer\IMAGE_NT_HEADERS64,SizeOf(IMAGE_NT_HEADERS64))
SizeIMAGE_NT_HEADERS = SizeOf(IMAGE_NT_HEADERS64)
SizeIMAGE_THUNK_DATA = SizeOf(IMAGE_THUNK_DATA64)
ImportVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_IMPORT]\VirtualAddress
ExportVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress
ResourceVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_RESOURCE]\VirtualAddress
RelocVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_BASERELOC]\VirtualAddress
EndIf
Protected tIMAGE_THUNK_DATA.Quad,iInitialOffset.l
For i=0 To (tIMAGE_NT_HEADERS32\FileHeader\NumberOfSections-1);get all pe sections
FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew+SizeIMAGE_NT_HEADERS+ (SizeOf(IMAGE_SECTION_HEADER)*i))
ReadData(PeFile_ID,@tIMAGE_SECTION_HEADER,SizeOf(IMAGE_SECTION_HEADER))
With tIMAGE_SECTION_HEADER
If \VirtualAddress
AddElement(*iPB_PEExplorer\IMAGE_SECTION_HEADERList())
CopyMemory(@tIMAGE_SECTION_HEADER,@*iPB_PEExplorer\IMAGE_SECTION_HEADERList(),SizeOf(IMAGE_SECTION_HEADER))
*iPB_PEExplorer\IMAGE_SECTION_HEADERList()\__File_Selction_Name = PeekS(@\SecName,8,#PB_Ascii)
If *iPB_PEExplorer\__File_ImageSize < \PointerToRawData+\SizeOfRawData:*iPB_PEExplorer\__File_ImageSize= \PointerToRawData+\SizeOfRawData:EndIf
If tIMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC
If \VirtualAddress <= tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint And tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint < \VirtualAddress + \SizeOfRawData
*iPB_PEExplorer\__File_OffsetEntryCode=( tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint-\VirtualAddress)+\PointerToRawData;file offset to entry code
EndIf
Else
If \VirtualAddress <= tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint And tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint < \VirtualAddress + \SizeOfRawData
*iPB_PEExplorer\__File_OffsetEntryCode=( tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint-\VirtualAddress)+\PointerToRawData;file offset to entry code
EndIf
EndIf
If \VirtualAddress <= ImportVirtualAddress And \VirtualAddress+ \VirtualSize > ImportVirtualAddress ;import library address
FileSeek(PeFile_ID,( ImportVirtualAddress-\VirtualAddress)+\PointerToRawData)
ReadData(PeFile_ID,@tIMAGE_IMPORT_DESCRIPTOR,SizeOf(IMAGE_IMPORT_DESCRIPTOR))
While tIMAGE_IMPORT_DESCRIPTOR\FirstThunk
FileSeek(PeFile_ID,tIMAGE_IMPORT_DESCRIPTOR\Name -(\VirtualAddress - \PointerToRawData))
AddElement(*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList())
CopyMemory(@tIMAGE_IMPORT_DESCRIPTOR,@*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList(),SizeOf(IMAGE_IMPORT_DESCRIPTOR))
*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName = ReadString(PeFile_ID); set library name
iInitialOffset=tIMAGE_IMPORT_DESCRIPTOR\FirstThunk
If tIMAGE_IMPORT_DESCRIPTOR\OriginalFirstThunk
iInitialOffset=tIMAGE_IMPORT_DESCRIPTOR\OriginalFirstThunk
EndIf
FileSeek(PeFile_ID,iInitialOffset -(\VirtualAddress - \PointerToRawData))
ReadData(PeFile_ID,@tIMAGE_THUNK_DATA,SizeIMAGE_THUNK_DATA)
inct=0
While tIMAGE_THUNK_DATA\q
AddElement(*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList())
If tIMAGE_THUNK_DATA\q & IMAGE_ORDINAL_FLAG
*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal = tIMAGE_THUNK_DATA\q;is a ordinal function
Else
FileSeek(PeFile_ID,((tIMAGE_THUNK_DATA\q +2)-(\VirtualAddress - \PointerToRawData)))
*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName = ReadString(PeFile_ID);get function name
EndIf
*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA=tIMAGE_THUNK_DATA\q
inct + SizeIMAGE_THUNK_DATA
FileSeek(PeFile_ID,(iInitialOffset -(\VirtualAddress - \PointerToRawData))+inct)
ReadData(PeFile_ID,@tIMAGE_THUNK_DATA,SizeIMAGE_THUNK_DATA)
Wend
incid+ SizeOf(IMAGE_IMPORT_DESCRIPTOR)
FileSeek(PeFile_ID,(( ImportVirtualAddress-\VirtualAddress)+\PointerToRawData)+incid)
ReadData(PeFile_ID,@tIMAGE_IMPORT_DESCRIPTOR,SizeOf(IMAGE_IMPORT_DESCRIPTOR))
Wend
EndIf
If \VirtualAddress <= ExportVirtualAddress And \VirtualAddress+ \VirtualSize > ExportVirtualAddress ;Export function
FileSeek(PeFile_ID,( ExportVirtualAddress-\VirtualAddress)+\PointerToRawData)
ReadData(PeFile_ID,@tIMAGE_EXPORT_DIRECTORY,SizeOf(IMAGE_EXPORT_DIRECTORY))
CopyMemory(@tIMAGE_EXPORT_DIRECTORY,@*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo,SizeOf(IMAGE_EXPORT_DIRECTORY))
FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\Name-(\VirtualAddress - \PointerToRawData)))
*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\__File_OriginalDllName = ReadString(PeFile_ID)
For o = 0 To tIMAGE_EXPORT_DIRECTORY\NumberOfNames-1
AddElement( *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe())
FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfNames-(\VirtualAddress - \PointerToRawData))+(o*SizeOf(long)))
FileSeek(PeFile_ID, ReadLong(PeFile_ID)-(\VirtualAddress - \PointerToRawData))
*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionName = ReadString(PeFile_ID)
FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfNameOrdinals-(\VirtualAddress - \PointerToRawData))+(o*SizeOf(word)))
*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\Ordinale = ReadWord(PeFile_ID)
FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfFunctions-(\VirtualAddress - \PointerToRawData))+
(*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\Ordinale*SizeOf(long)))
*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionAddress= ReadLong(PeFile_ID)
Next
EndIf
If \VirtualAddress <= ResourceVirtualAddress And \VirtualAddress+ \VirtualSize > ResourceVirtualAddress
FileSeek(PeFile_ID,ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)
ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY))
CopyMemory(@tIMAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo,SizeOf(IMAGE_RESOURCE_DIRECTORY))
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\__File_ResourceDirectoryCount = (tIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1
For o=0 To (tIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1
FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+(SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)*o))
ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY))
AddElement(*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList())
If Resource_IsNameString(tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)
FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_NameAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)))
ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_STRING,SizeOf(IMAGE_RESOURCE_DIRECTORY_STRING))
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName = ReadString(PeFile_ID,#PB_Unicode,tIMAGE_RESOURCE_DIRECTORY_STRING\Length)
Else
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID = (tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)
EndIf
If Resource_IsDirectory(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)
FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)))
ReadData(PeFile_ID,@tChildIMAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY))
CopyMemory(@tChildIMAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList(),SizeOf(IMAGE_RESOURCE_DIRECTORY))
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceSubDirectoryCount = tChildIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tChildIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries
For z=0 To (tChildIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tChildIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1
AddElement(*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList())
FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+Resource_DirectoryAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData) +(SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)*z))
ReadData(PeFile_ID,@tChildIMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY))
If Resource_IsNameString(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)
FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_NameAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)))
ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_STRING,SizeOf(IMAGE_RESOURCE_DIRECTORY_STRING))
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName = ReadString(PeFile_ID,#PB_Unicode,tIMAGE_RESOURCE_DIRECTORY_STRING\Length)
Else
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID = ( tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset)
EndIf
If Resource_IsDirectory(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)
FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)))
ReadData(PeFile_ID,@tChildI1MAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY))
CopyMemory(@tChildI1MAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList(),SizeOf(IMAGE_RESOURCE_DIRECTORY))
FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+Resource_DirectoryAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData))
ReadData(PeFile_ID,@tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY))
FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)))
ReadData(PeFile_ID,@tIMAGE_RESOURCE_DATA_ENTRY,SizeOf(IMAGE_RESOURCE_DATA_ENTRY))
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset = (Resource_DirectoryAddress(tIMAGE_RESOURCE_DATA_ENTRY\OffsetToData)-\VirtualAddress)+\PointerToRawData ;imagebas + OffsetToData
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\Size = tIMAGE_RESOURCE_DATA_ENTRY\Size
*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\CodePage = tIMAGE_RESOURCE_DATA_ENTRY\CodePage
EndIf
Next
EndIf
Next
EndIf
If \VirtualAddress <= RelocVirtualAddress And \VirtualAddress+ \VirtualSize > RelocVirtualAddress ;Relec section
FileSeek(PeFile_ID,( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)
ReadData(PeFile_ID,@tIMAGE_BASE_RELOCATION,SizeOf(IMAGE_BASE_RELOCATION))
While tIMAGE_BASE_RELOCATION\VirtualAddress
AddElement(*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList())
CopyMemory(@tIMAGE_BASE_RELOCATION,@*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList(),SizeOf(IMAGE_BASE_RELOCATION))
FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd+SizeOf(IMAGE_BASE_RELOCATION))
offsetReloc=ReadUnicodeCharacter(PeFile_ID)
For itr=1 To (tIMAGE_BASE_RELOCATION\SizeOfBlock-SizeOf(IMAGE_BASE_RELOCATION))/SizeOf(Word)
AddElement(*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList()\RelocationTypeList())
*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u = offsetReloc
FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd+SizeOf(IMAGE_BASE_RELOCATION)+ (itr * SizeOf(Unicode)))
offsetReloc=ReadUnicodeCharacter(PeFile_ID)
Next
incrd+ tIMAGE_BASE_RELOCATION\SizeOfBlock
FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd)
ReadData(PeFile_ID,@tIMAGE_BASE_RELOCATION,SizeOf(IMAGE_BASE_RELOCATION))
Wend
EndIf
EndIf
EndWith
Next
ProcedureReturn 1
EndProcedure
DisableExplicit
Structure VS_VERSION_INFO
wLength.u;
wValueLength.u;
wType.u ;
szKey.u[15] ;
Padding1.u[2] ;
Value.VS_FIXEDFILEINFO;
; Padding2.u ;
; Children.u ;
EndStructure
Macro HiWord(a)
(a>>16 & $ffff)
EndMacro
Macro LowWord(a)
(a & $ffff)
EndMacro
EnableExplicit
CoInitializeEx_(0, #COINIT_MULTITHREADED)
Global pIShellLink.IShellLinkW
Global pIPersistFile.IPersistFile
If CoCreateInstance_(?CLSID_ShellLink, 0,
#CLSCTX_INPROC_SERVER, ?IID_IShellLink, @pIShellLink) = 0
pIShellLink\QueryInterface(?IID_IPersistFile , @pIPersistFile)
EndIf
#File_Info="File Info"
#DOS_HEADER="DOS_HEADER"
#IMAGE_NT_HEADERS="IMAGE_NT_HEADERS"
#FILE_HEADER="FILE_HEADER"
#OPTIONAL_HEADER="OPTIONAL_HEADER"
#SECTION_HEADER="SECTION_HEADER"
#DESCRIPTOR_IMPORT="DESCRIPTOR_IMPORT"
#DESCRIPTOR_EXPORT="DESCRIPTOR_EXPORT"
#DESCRIPTOR_RESOURCE="DESCRIPTOR_RESOURCE"
#DESCRIPTOR_RELOCATION="DESCRIPTOR_RELOCATION"
#ENDOFDATA="+Overlay"
Enumeration Window_PeExplorer
#Window_PeExplorer
EndEnumeration
Enumeration Window_Gadget_PeExplorer
#Gadget_ListIcon_PeExplorer
#Gadget_Tree_PeExplorer
#Gadget_Splitter_PeExplorer
EndEnumeration
Enumeration FormMenu_PeExplorer
#Menu_Window_PeExplorer
EndEnumeration
Enumeration FormMenuItem_PeExplorer
#MenuItem_SelectFile
#MenuItem_Exit
EndEnumeration
Enumeration FormStatusBar_PeExplorer
#StatusBar_PeExplorer
EndEnumeration
Enumeration FormStatusBarItem_PeExplorer
#StatusBarItem_PeInfo
#StatusBarItem_PeProgress
EndEnumeration
Global CurrentPB_PEExplorerFile.PB_PEExplorer
Global CurrentFileLoc.s{#MAX_PATH}
Procedure.s GetFilePathFromLnk(Lnk.s)
Protected pWIN32_FIND_DATA.WIN32_FIND_DATA
Protected Path.s{#MAX_PATH}
If pIPersistFile And pIShellLink
If pIPersistFile\Load(Lnk,0) = 0
If pIShellLink\GetPath(@Path,#MAX_PATH*2,@pWIN32_FIND_DATA,1) = 0
ProcedureReturn Path
EndIf
EndIf
EndIf
EndProcedure
Procedure.s GetLongPathName(lpszShortPath.s)
Protected lpszLongPath.s{#MAX_PATH}
GetLongPathName_(@lpszShortPath,@lpszLongPath,#MAX_PATH)
ProcedureReturn lpszLongPath
EndProcedure
Procedure.s GetShortPathName(lpszLongPath.s)
Protected lpszShortPath.s{#MAX_PATH}
GetShortPathName_(@lpszLongPath,@lpszShortPath,#MAX_PATH)
ProcedureReturn lpszShortPath
EndProcedure
Procedure.s FindFile(Pthdll$,aDll$,SubDirCount.l=0,Pcall.b=1)
Protected iReturn$,DirectoryEntryName$
Protected ed=ExamineDirectory(#PB_Any, Pthdll$, "*.*")
If ed
While NextDirectoryEntry(ed)
DirectoryEntryName$=DirectoryEntryName(ed)
If DirectoryEntryType(ed) = #PB_DirectoryEntry_File
If FindString(DirectoryEntryName$, aDll$,1,#PB_String_NoCase)
iReturn$ = Pthdll$ + "\" + aDll$
EndIf
ElseIf SubDirCount < 5
If DirectoryEntryName$="." Or DirectoryEntryName$=".." :Continue:EndIf
SubDirCount+1
iReturn$=FindFile(Pthdll$+"\" + DirectoryEntryName$,aDll$,SubDirCount,0)
Else
If Pcall=1
SubDirCount=0
EndIf
EndIf
If iReturn$:Break:EndIf
Wend
FinishDirectory(ed)
EndIf
ProcedureReturn iReturn$
EndProcedure
Macro AddList(strlist,s)
AddElement(strlist):strlist = s
EndMacro
Procedure ResizeGadgetsWindow_PeExplorer()
Protected FormWindowWidth, FormWindowHeight
FormWindowWidth = WindowWidth(#Window_PeExplorer)
FormWindowHeight = WindowHeight(#Window_PeExplorer)
ResizeGadget(#Gadget_Splitter_PeExplorer, 5, 5, FormWindowWidth-10, FormWindowHeight - MenuHeight() - StatusBarHeight(#StatusBar_PeExplorer) - 10)
EndProcedure
Procedure CloseWindow_PeExplorer()
PostEvent(#PB_Event_CloseWindow, #Window_PeExplorer, 0)
EndProcedure
Procedure LoadPlugins_PeExplorer()
Protected ed=ExamineDirectory(#PB_Any, "Plugins", "*.dll")
If ed
While NextDirectoryEntry(ed)
If DirectoryEntryType(ed) = #PB_DirectoryEntry_File
Protected ol=OpenLibrary(#PB_Any,"Plugins\"+DirectoryEntryName(ed))
If ol
If Not CallFunction(ol,"PeExplorer_Plugin_Ini",WindowID(#Window_PeExplorer),@CurrentFileLoc)
CloseLibrary(ol)
EndIf
EndIf
EndIf
Wend
FinishDirectory(ed)
EndIf
EndProcedure
Procedure.s Pex_Hex_Value(Value.q,Type.l, Addx.s="0x")
Protected slong.l
Select Type
Case #PB_Byte
slong=2
Case #PB_Word
slong=4
Case #PB_Long
slong=8
Case #PB_Quad
slong=16
EndSelect
ProcedureReturn Addx+RSet (Hex(Value,Type),slong,"0")
EndProcedure
Procedure.s Pex_Resource_Type (nRes.u)
Select nRes
Case #RT_ACCELERATOR:ProcedureReturn "#RT_ACCELERATOR"
Case #RT_ANICURSOR:ProcedureReturn "#RT_ANICURSOR"
Case #RT_ANIICON:ProcedureReturn "#RT_ANIICON"
Case #RT_BITMAP:ProcedureReturn "#RT_BITMAP"
Case #RT_CURSOR:ProcedureReturn "#RT_CURSOR"
Case #RT_DIALOG:ProcedureReturn "#RT_DIALOG"
Case #RT_DLGINCLUDE:ProcedureReturn "#RT_DLGINCLUDE"
Case #RT_FONT:ProcedureReturn "#RT_FONT"
Case #RT_FONTDIR:ProcedureReturn "#RT_FONTDIR"
Case #RT_GROUP_CURSOR:ProcedureReturn "#RT_GROUP_CURSOR"
Case #RT_GROUP_ICON:ProcedureReturn "#RT_GROUP_ICON"
Case #RT_HTML:ProcedureReturn "#RT_HTML"
Case #RT_ICON:ProcedureReturn "#RT_ICON"
Case #RT_MANIFEST:ProcedureReturn "#RT_MANIFEST"
Case #RT_MENU:ProcedureReturn "#RT_MENU"
Case #RT_MESSAGETABLE:ProcedureReturn "#RT_MESSAGETABLE"
Case #RT_PLUGPLAY:ProcedureReturn "#RT_PLUGPLAY"
Case #RT_RCDATA:ProcedureReturn "#RT_RCDATA"
Case #RT_STRING:ProcedureReturn "#RT_STRING"
Case #RT_VERSION:ProcedureReturn "#RT_VERSION"
Case #RT_VXD:ProcedureReturn "#RT_VXD"
EndSelect
ProcedureReturn Str(nRes)
EndProcedure
Procedure.s Pex_Machine_Type(Machine.u)
Select Machine
Case #IMAGE_FILE_MACHINE_I386:ProcedureReturn "X86"
Case #IMAGE_FILE_MACHINE_IA64:ProcedureReturn "Intel Itanium"
Case #IMAGE_FILE_MACHINE_AMD64:ProcedureReturn "X64"
EndSelect
EndProcedure
Procedure.s Pex_Exe_Type(Characteristics.u)
If Characteristics IMAGE_FILE_DLL = #IMAGE_FILE_DLL
ProcedureReturn "Image is a DLL"
ElseIf Characteristics IMAGE_FILE_EXECUTABLE_IMAGE = #IMAGE_FILE_EXECUTABLE_IMAGE
ProcedureReturn "Image is a EXE"
EndIf
EndProcedure
Procedure.s Pex_Image_Type(Magic.u)
Select Magic
Case #IMAGE_NT_OPTIONAL_HDR32_MAGIC
ProcedureReturn "32bit"
Case #IMAGE_NT_OPTIONAL_HDR64_MAGIC
ProcedureReturn "64bit"
Case #IMAGE_ROM_OPTIONAL_HDR_MAGIC
ProcedureReturn "Rom image"
EndSelect
EndProcedure
Structure ImageFile_Type
Characteristics.u
Desc.s
EndStructure
Procedure.s Pex_ImageFile_Type(Characteristics.w)
Dim aImageFile_Type.ImageFile_Type(14)
aImageFile_Type(0)\Characteristics = #IMAGE_FILE_RELOCS_STRIPPED
aImageFile_Type(1)\Characteristics = #IMAGE_FILE_EXECUTABLE_IMAGE
aImageFile_Type(2)\Characteristics = #IMAGE_FILE_LINE_NUMS_STRIPPED
aImageFile_Type(3)\Characteristics = #IMAGE_FILE_LOCAL_SYMS_STRIPPED
aImageFile_Type(4)\Characteristics = #IMAGE_FILE_AGGRESIVE_WS_TRIM
aImageFile_Type(5)\Characteristics = #IMAGE_FILE_LARGE_ADDRESS_AWARE
aImageFile_Type(6)\Characteristics = #IMAGE_FILE_BYTES_REVERSED_LO
aImageFile_Type(7)\Characteristics = #IMAGE_FILE_32BIT_MACHINE
aImageFile_Type(8)\Characteristics = #IMAGE_FILE_DEBUG_STRIPPED
aImageFile_Type(9)\Characteristics = #IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
aImageFile_Type(10)\Characteristics = #IMAGE_FILE_NET_RUN_FROM_SWAP
aImageFile_Type(11)\Characteristics = #IMAGE_FILE_SYSTEM
aImageFile_Type(12)\Characteristics = #IMAGE_FILE_DLL
aImageFile_Type(13)\Characteristics = #IMAGE_FILE_UP_SYSTEM_ONLY
aImageFile_Type(14)\Characteristics = #IMAGE_FILE_BYTES_REVERSED_HI
aImageFile_Type(0)\Desc = "IMAGE_FILE_RELOCS_STRIPPED"
aImageFile_Type(1)\Desc = "IMAGE_FILE_EXECUTABLE_IMAGE"
aImageFile_Type(2)\Desc = "IMAGE_FILE_LINE_NUMS_STRIPPED"
aImageFile_Type(3)\Desc = "IMAGE_FILE_LOCAL_SYMS_STRIPPED"
aImageFile_Type(4)\Desc = "IMAGE_FILE_AGGRESIVE_WS_TRIM"
aImageFile_Type(5)\Desc = "IMAGE_FILE_LARGE_ADDRESS_AWARE"
aImageFile_Type(6)\Desc = "IMAGE_FILE_BYTES_REVERSED_LO"
aImageFile_Type(7)\Desc = "IMAGE_FILE_32BIT_MACHINE"
aImageFile_Type(8)\Desc = "IMAGE_FILE_DEBUG_STRIPPED"
aImageFile_Type(9)\Desc = "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP"
aImageFile_Type(10)\Desc = "IMAGE_FILE_NET_RUN_FROM_SWAP"
aImageFile_Type(11)\Desc = "IMAGE_FILE_SYSTEM"
aImageFile_Type(12)\Desc = "IMAGE_FILE_DLL"
aImageFile_Type(13)\Desc = "IMAGE_FILE_UP_SYSTEM_ONLY"
aImageFile_Type(14)\Desc = "IMAGE_FILE_BYTES_REVERSED_HI"
Protected sReturn.s,o
For o = 0 To 14
If aImageFile_Type(o)\Characteristics & Characteristics = aImageFile_Type(o)\Characteristics
sReturn + aImageFile_Type(o)\Desc + " | "
EndIf
Next
ProcedureReturn Mid(sReturn,1,Len(sReturn) - 3)
EndProcedure
Procedure.s Pex_Subsystem_Type(Subsystem.u)
Select Subsystem
Case #IMAGE_SUBSYSTEM_NATIVE
ProcedureReturn "Subsystem : native"
Case #IMAGE_SUBSYSTEM_WINDOWS_GUI
ProcedureReturn "Subsystem : Windows GUI"
Case #IMAGE_SUBSYSTEM_WINDOWS_CUI
ProcedureReturn "Subsystem : Windows CUI"
Case #IMAGE_SUBSYSTEM_OS2_CUI
ProcedureReturn "Subsystem : OS2."
Case #IMAGE_SUBSYSTEM_POSIX_CUI
ProcedureReturn "Subsystem : Posix."
Case #IMAGE_SUBSYSTEM_WINDOWS_CE_GUI
ProcedureReturn "Subsystem : Windows CE."
Case #IMAGE_SUBSYSTEM_EFI_APPLICATION
ProcedureReturn "Subsystem : Extensible Firmware Interface."
Case #IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER
ProcedureReturn "Subsystem : Extensible Firmware Interface."
Case #IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER
ProcedureReturn "Subsystem : Extensible Firmware Interface."
Case #IMAGE_SUBSYSTEM_EFI_ROM
ProcedureReturn "Subsystem : Extensible Firmware Interface."
Case #IMAGE_SUBSYSTEM_XBOX
ProcedureReturn "Subsystem : Xbox."
Case #IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION
ProcedureReturn "Subsystem : Boot Application."
Default
ProcedureReturn "unknown Subsystem"
EndSelect
EndProcedure
Procedure.s Pex_Dll_Characteristics(DllCharacteristics.u)
Select DllCharacteristics
Case #IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
ProcedureReturn "The DLL can be relocated at load time."
Case #IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
ProcedureReturn "Code integrity checks are forced."
Case #IMAGE_DLLCHARACTERISTICS_NX_COMPAT
ProcedureReturn "The image is compatible With Data execution prevention (DEP)."
Case #IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
ProcedureReturn "The image is isolation aware, but should Not be isolated."
Case #IMAGE_DLLCHARACTERISTICS_NO_SEH
ProcedureReturn "The image does Not use structured exception handling (SEH)."
Case #IMAGE_DLLCHARACTERISTICS_NO_BIND
ProcedureReturn "Do Not bind the image"
Case #IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
ProcedureReturn "A WDM driver"
Case #IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
ProcedureReturn "The image is terminal server aware."
EndSelect
EndProcedure
Procedure.s Pex_HexRawData_Read(ResOffset.l,ResSize.l,ReadSize.l,ReturnHex.b=1)
Protected Rd = ReadFile(#PB_Any, CurrentFileLoc)
If Rd
If ReadSize >= ResSize:ReadSize=ResSize:EndIf
If ReadSize > 0 And ResOffset > 0 And ResOffset + ReadSize <= Lof(Rd)
FileSeek(Rd,ResOffset)
Protected u.l,pb.a,Returna$ ,Returns$
For u=1 To ReadSize
pb = ReadAsciiCharacter(Rd)
Returna$ + Pex_Hex_Value(pb,#PB_Byte,"") + " "
If pb=0:pb=Asc("."):EndIf
Returns$ + Chr(pb)
Next
EndIf
CloseFile(Rd)
EndIf
If ReturnHex
ProcedureReturn Returna$
EndIf
ProcedureReturn Returns$
EndProcedure
Procedure.i Pex_MemRawData_Read(ResOffset.l,ReadSize.l)
Protected Rd = ReadFile(#PB_Any, CurrentFileLoc)
If Rd
If ReadSize > 0 And ResOffset > 0 And ResOffset + ReadSize <= Lof(Rd)
Protected *Almem=AllocateMemory(ReadSize)
If *Almem
FileSeek(Rd,ResOffset)
ReadData(Rd,*Almem,ReadSize)
EndIf
EndIf
CloseFile(Rd)
EndIf
ProcedureReturn *Almem
EndProcedure
Procedure.b Pex_UpxPacker_Detect()
Protected IspUpx.b
With CurrentPB_PEExplorerFile
ForEach \IMAGE_SECTION_HEADERList()
If Left(\IMAGE_SECTION_HEADERList()\__File_Selction_Name,3) = "UPX"
IspUpx+1
EndIf
Next
EndWith
ProcedureReturn IspUpx
EndProcedure
Procedure.b Pex_UpxPacker_UnPacked()
Protected ru,Sortie$,Rderr$
If MessageRequester("","UPX packer Detected.. "+#CRLF$ + "Do you want decompress file !", #PB_MessageRequester_YesNo)<>#PB_MessageRequester_Yes
ProcedureReturn
EndIf
If FileSize("upx.exe") < 1
ProcedureReturn MessageRequester("","Upx.exe not found!")
EndIf
ru=RunProgram("upx","-d " + GetShortPathName(CurrentFileLoc), GetCurrentDirectory(), #PB_Program_Open | #PB_Program_Read |#PB_Program_Error|#PB_Program_Hide)
If ru
While ProgramRunning(ru)
If AvailableProgramOutput(ru)
ReadProgramString(ru)
Rderr$=ReadProgramError(ru)
If Rderr$
Sortie$ + Rderr$ + Chr(13)
EndIf
EndIf
Wend
If ProgramExitCode(ru)=1
MessageRequester("UPX Error!",Sortie$)
ProcedureReturn 0
EndIf
ProcedureReturn 1
EndIf
EndProcedure
Procedure.s Pex_DLL_FindPath(aDll$)
Protected WindowsDirectory.s{#MAX_PATH},SystemWindowsDirectory.s{#MAX_PATH}
GetWindowsDirectory_(@WindowsDirectory,#MAX_PATH)
GetSystemDirectory_(@SystemWindowsDirectory,#MAX_PATH)
If FileSize(WindowsDirectory+"\"+aDll$) > 0
ProcedureReturn WindowsDirectory+"\"+aDll$
EndIf
If FileSize(SystemWindowsDirectory+"\"+aDll$) > 0
ProcedureReturn SystemWindowsDirectory+"\"+aDll$
EndIf
Protected DllPath.s{#MAX_PATH}
Protected lb,CloseLib.b
lb= GetModuleHandle_(aDll$)
If Not lb
lb=LoadLibraryEx_(aDll$,0,$00000001)
CloseLib = 1
EndIf
If lb
GetModuleFileName_(lb,@DllPath,#MAX_PATH)
If CloseLib
FreeLibrary_(lb)
EndIf
If DllPath
ProcedureReturn DllPath
EndIf
EndIf
Protected Pthdll$=RTrim(GetPathPart(CurrentFileLoc),"\")
If Pthdll$
Protected iFind$=FindFile(Pthdll$,aDll$)
If iFind$
ProcedureReturn iFind$
EndIf
EndIf
ProcedureReturn "?\"+aDll$
EndProcedure
Procedure.s Pex_RawData_Hash(ReadOffset.l=0,ReadSize.l=0)
Protected Rdf=ReadFile(#PB_Any,CurrentFileLoc)
If Rdf
If ReadSize=0:ReadSize=Lof(Rdf):EndIf
If Lof(Rdf) < ReadOffset+ReadSize:ReadSize=Lof(Rdf)-ReadOffset:EndIf
If ReadSize < 1 :ProcedureReturn:EndIf
FileSeek(Rdf,ReadOffset)
Protected *Dataf=AllocateMemory(1024*64)
If *Dataf
UseMD5Fingerprint()
Protected fmd5 = StartFingerprint(#PB_Any, #PB_Cipher_MD5)
If fmd5
Protected Rd.l,iReturn$,irds.l=1024*64,ird.l
Repeat
If ird+irds > ReadSize:irds=ReadSize-ird:EndIf
Rd=ReadData(Rdf,*Dataf,irds)
AddFingerprintBuffer(fmd5, *Dataf, Rd)
ird+Rd
If ird=ReadSize:Break:EndIf
ForEver
iReturn$= FinishFingerprint(fmd5)
EndIf
FreeMemory(*Dataf)
EndIf
CloseFile(Rdf)
EndIf
ProcedureReturn iReturn$
EndProcedure
Procedure.s Pex_Section_Characteristics(Characteristics.l)
Protected sReturn.s
If Characteristics& #IMAGE_SCN_CNT_CODE :sReturn + "CODE + ":EndIf
If Characteristics& #IMAGE_SCN_CNT_INITIALIZED_DATA :sReturn + "INITIALIZED_DATA + ":EndIf
If Characteristics& #IMAGE_SCN_CNT_UNINITIALIZED_DATA :sReturn + "UNINITIALIZED_DATA + ":EndIf
If Characteristics& #IMAGE_SCN_MEM_SHARED :sReturn + "MEM_SHARED + ":EndIf
If Characteristics& #IMAGE_SCN_MEM_EXECUTE :sReturn + "MEM_EXECUTE + ":EndIf
If Characteristics& #IMAGE_SCN_MEM_READ :sReturn + "MEM_READ + ":EndIf
If Characteristics& #IMAGE_SCN_MEM_WRITE :sReturn + "MEM_WRITE + ":EndIf
ProcedureReturn Mid(sReturn,1,Len(sReturn)-2)
EndProcedure
Macro Pex_Is64Bit()
Bool(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC)
EndMacro
Procedure.s Pex_Date_Format(lDat.l)
If lDat > 0
ProcedureReturn FormatDate("%yyyy/ %mm/ %dd %hh:%ii:%ss",lDat)+" UTC"
EndIf
EndProcedure
Procedure Pex_Resource_Read(ResourceDir.l,ResourceNameStr.s,ResourceNameInt.l,ResourceOffset.l,ResourceSize.l)
Protected sReturn.s
Select ResourceDir
Case #RT_MANIFEST
Protected *Versionmem =Pex_MemRawData_Read(ResourceOffset,ResourceSize)
If *Versionmem
sReturn= PeekS(*Versionmem,ResourceSize,#PB_Ascii)
FreeMemory(*Versionmem)
EndIf
Case #RT_VERSION
*Versionmem =Pex_MemRawData_Read(ResourceOffset,ResourceSize)
If *Versionmem
Protected *vr.VS_VERSION_INFO=*Versionmem
Protected FileVersion.s= Str(HiWord(*vr\Value\dwFileVersionMS)) +
"." +Str(LowWord(*vr\Value\dwFileVersionMS)) +
"." +Str(HiWord(*vr\Value\dwFileVersionLS)) +
"." + Str(LowWord(*vr\Value\dwFileVersionLS))
Protected ProductVersion.s= Str(HiWord(*vr\Value\dwProductVersionMS)) +
"." +Str(LowWord(*vr\Value\dwProductVersionMS)) +
"." +Str(HiWord(*vr\Value\dwProductVersionLS)) +
"." + Str(LowWord(*vr\Value\dwProductVersionLS))
sReturn + "<" + PeekS(@*vr\szKey)+ ">" + #CRLF$ + #CRLF$
sReturn + " File Version: " + FileVersion + #CRLF$
sReturn + " Product Version: " + ProductVersion + #CRLF$
sReturn + " Characteristics: " + Pex_Hex_Value(*vr\Value\dwFileType,#PB_Long) + ", " + Pex_Hex_Value(*vr\Value\dwFileOS,#PB_Long) + #CRLF$
Protected ChildrenLen.l
Protected *cvr.VS_VERSION_INFO
While ChildrenLen < *vr\wLength-SizeOf(VS_VERSION_INFO)
*cvr = *vr+SizeOf(VS_VERSION_INFO)+ChildrenLen
ChildrenLen+*cvr\wLength
If Mod(ChildrenLen,4)
ChildrenLen+4-Mod(ChildrenLen,4)
EndIf
Select PeekS(@*cvr\szKey)
Case "StringFileInfo"
Protected *ccvr.VS_VERSION_INFO=*cvr+36
sReturn + #CRLF$ + " "
Protected szKey.s= PeekS(@*ccvr\szKey)
sReturn + #CRLF$ + " <" + szKey + ">" + #CRLF$
sReturn + " Language identifier: " + "0x" + Mid(szKey,1,4)+ #CRLF$
sReturn + " Code page: " + "0x" + Mid(szKey,3,4)+ #CRLF$ + #CRLF$
Protected iOffset.l,iPadding.l,iLength.l
While iOffset < *ccvr\wLength - 24
Protected *cccvr.VS_VERSION_INFO=*ccvr+24+iOffset
iLength=*cccvr\wLength
iPadding=Mod(iLength,4)
If iPadding:iLength+4-iPadding:EndIf
szKey= PeekS(@*cccvr\szKey)
iPadding = 4 - Mod(2 * Len(szKey) + 6, 4)
sReturn + " " + szKey + ": " + PeekS(@*cccvr\szKey+(Len(szKey)*2)+iPadding) +#CRLF$
iOffset+iLength
Wend
sReturn + #CRLF$ + " " + PeekS(@*ccvr\szKey) + ">"
sReturn + #CRLF$ + " " + #CRLF$
Case "VarFileInfo"
*ccvr=*cvr+32
sReturn + #CRLF$ + " "
sReturn + #CRLF$ + " <" + PeekS(@*ccvr\szKey) + ">" + #CRLF$
Protected i.l,Val.w
For i=0 To (*ccvr\wValueLength/2)-1
Val= PeekW(*ccvr+32+(2*i))
If Mod(i,2)
sReturn + " Language identifier: " + Pex_Hex_Value(Val,#PB_Word) + #CRLF$
Else
sReturn + " Code page: " + Pex_Hex_Value(Val,#PB_Word) + #CRLF$
EndIf
Next
sReturn + #CRLF$ + " " + PeekS(@*ccvr\szKey) + ">"
sReturn + #CRLF$ + " " + #CRLF$
EndSelect
Wend
sReturn + #CRLF$ + "" + PeekS(@*vr\szKey)+ ">" + #CRLF$
FreeMemory(*Versionmem)
EndIf
EndSelect
If sReturn
MessageRequester("", sReturn)
EndIf
EndProcedure
Procedure.s Pex_Reloc_Type(Type.u)
Protected sReturn.s
Select Type
Case #IMAGE_REL_BASED_ABSOLUTE
sReturn = "IMAGE_REL_BASED_ABSOLUTE(0)"
Case #IMAGE_REL_BASED_HIGH
sReturn = "IMAGE_REL_BASED_HIGH(1)"
Case #IMAGE_REL_BASED_LOW
sReturn = "IMAGE_REL_BASED_LOW(2)"
Case #IMAGE_REL_BASED_HIGHLOW
sReturn = "IMAGE_REL_BASED_HIGHLOW(3)"
Case #IMAGE_REL_BASED_HIGHADJ
sReturn = "IMAGE_REL_BASED_HIGHADJ(4)"
Case #IMAGE_REL_BASED_MIPS_JMPADDR
sReturn = "IMAGE_REL_BASED_MIPS_JMPADDR(5)"
Case #IMAGE_REL_BASED_DIR64
sReturn = "IMAGE_REL_BASED_DIR64(10)"
EndSelect
ProcedureReturn sReturn
EndProcedure
Procedure SetInfoHeader_PeExplorer(ItHeader.s,SelectType.s="",ResFileType.s="")
NewList gilist.s()
Select ItHeader
Case #DESCRIPTOR_RELOCATION
If ResFileType <> ""
With CurrentPB_PEExplorerFile
ForEach \IMAGE_BASE_RELOCATIONList()
If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long) = SelectType
Protected SRVA = \IMAGE_BASE_RELOCATIONList()\VirtualAddress
ForEach \IMAGE_BASE_RELOCATIONList()\RelocationTypeList()
If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u,#PB_Word) = ResFileType
Protected Offset = (\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u & $0fff)
Protected Type = ((\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u >> 12) & $000F)
AddList(gilist(),"RVA" +Chr(10) + Pex_Hex_Value(Offset +
\IMAGE_BASE_RELOCATIONList()\VirtualAddress ,#PB_Long)+Chr(10) +
"Offset : " + Str(Offset))
AddList(gilist(),"Type" +Chr(10) +Pex_Reloc_Type(Type))
Break
EndIf
Next
EndIf
Next
EndWith
If Offset
ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
If \VirtualAddress <= SRVA And \VirtualAddress+ \VirtualSize > SRVA
Protected *plong.long = Pex_MemRawData_Read(\PointerToRawData + Offset,SizeOf(long))
If *plong
Protected ImageBase.q = CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader\ImageBase
If Pex_Is64Bit()
ImageBase = CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase
EndIf
Protected RRVA = *plong\l - ImageBase
AddList(gilist(),"Data" +Chr(10) +Pex_Hex_Value(*plong\l,#PB_Long) +
Chr(10) + *plong\l)
FreeMemory(*plong)
EndIf
Break
EndIf
EndWith
Next
If RRVA > 0
ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
If \VirtualAddress <= RRVA And \VirtualAddress+ \VirtualSize > RRVA
AddList(gilist(),"Remote Section " + Chr(10) + \__File_Selction_Name +
Chr(10) + "Remote Offset : " + Str(RRVA))
Break
EndIf
EndWith
Next
EndIf
EndIf
ElseIf SelectType <> ""
With CurrentPB_PEExplorerFile
ForEach \IMAGE_BASE_RELOCATIONList()
If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long) = SelectType
AddList(gilist(),"SizeOfBlock" +Chr(10) + Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\SizeOfBlock,#PB_Long) + Chr(10) +
Str(\IMAGE_BASE_RELOCATIONList()\SizeOfBlock) + " Byte")
AddList(gilist(),"Items" +Chr(10) +Str(ListSize(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList())))
SRVA = \IMAGE_BASE_RELOCATIONList()\VirtualAddress
Break
EndIf
Next
EndWith
ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
If \VirtualAddress <= SRVA And \VirtualAddress+ \VirtualSize > SRVA
AddList(gilist(),"Section" +Chr(10) +\__File_Selction_Name)
Break
EndIf
EndWith
Next
Else
Protected RelocCount.l
With CurrentPB_PEExplorerFile
ForEach \IMAGE_BASE_RELOCATIONList()
RelocCount+ListSize(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList())
Next
EndWith
AddList(gilist(),"Relocation Count" + Chr(10) + Str(RelocCount))
EndIf
Case#File_Info
AddList(gilist(),"Name" +Chr(10) + GetFilePart(CurrentFileLoc))
AddList(gilist(),"Size" +Chr(10) +Str(FileSize(CurrentFileLoc) ) + " Byte")
AddList(gilist(),"Offset Entry Code" +Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\__File_OffsetEntryCode,#PB_Long ) +
Chr(10) + Str(CurrentPB_PEExplorerFile\__File_OffsetEntryCode))
AddList(gilist(),"MD5 Hash" +Chr(10) + Pex_RawData_Hash())
With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32
StatusBarText(#StatusBar_PeExplorer, #StatusBarItem_PeInfo, (CurrentFileLoc) +
" " +
" Made for :" +
Pex_Machine_Type(\FileHeader\Machine) +
" " +
" Machine :" +
Pex_Image_Type(\OptionalHeader\Magic))
EndWith
Case #DOS_HEADER
With CurrentPB_PEExplorerFile\IMAGE_DOS_HEADER
AddList(gilist(),"e_magic" + Chr(10) + Pex_Hex_Value(\e_magic,#PB_Word) +
Chr(10) + Chr(PeekA(@\e_magic)) + Chr(PeekA(@\e_magic+1)))
AddList(gilist(),"e_cblp" + Chr(10) + Pex_Hex_Value(\e_cblp,#PB_Word))
AddList(gilist(),"e_cp" + Chr(10) + Pex_Hex_Value(\e_cp,#PB_Word))
AddList(gilist(),"e_crlc" + Chr(10) + Pex_Hex_Value(\e_crlc,#PB_Word))
AddList(gilist(),"e_cparhdr" + Chr(10) + Pex_Hex_Value(\e_cparhdr,#PB_Word))
AddList(gilist(),"e_minalloc" + Chr(10) + Pex_Hex_Value(\e_minalloc,#PB_Word))
AddList(gilist(),"e_maxalloc" + Chr(10) + Pex_Hex_Value(\e_maxalloc,#PB_Word))
AddList(gilist(),"e_ss" + Chr(10) + Pex_Hex_Value(\e_ss,#PB_Word))
AddList(gilist(),"e_sp" + Chr(10) + Pex_Hex_Value(\e_sp,#PB_Word))
AddList(gilist(),"e_csum" + Chr(10) + Pex_Hex_Value(\e_csum,#PB_Word))
AddList(gilist(),"e_ip" + Chr(10) + Pex_Hex_Value(\e_ip,#PB_Word))
AddList(gilist(),"e_cs" + Chr(10) + Pex_Hex_Value(\e_cs,#PB_Word))
AddList(gilist(),"e_lfarlc" + Chr(10) + Pex_Hex_Value(\e_lfarlc,#PB_Word))
AddList(gilist(),"e_ovno" + Chr(10) + Pex_Hex_Value(\e_ovno,#PB_Word))
AddList(gilist(),"e_res[0]" + Chr(10) + Pex_Hex_Value(\e_res[0],#PB_Word))
AddList(gilist(),"e_res[1]" + Chr(10) + Pex_Hex_Value(\e_res[1],#PB_Word))
AddList(gilist(),"e_res[2]" + Chr(10) + Pex_Hex_Value(\e_res[2],#PB_Word))
AddList(gilist(),"e_res[3]" + Chr(10) + Pex_Hex_Value(\e_res[3],#PB_Word))
AddList(gilist(),"e_oemid" + Chr(10) + Pex_Hex_Value(\e_oemid,#PB_Word))
AddList(gilist(),"e_oeminfo" + Chr(10) + Pex_Hex_Value(\e_oeminfo,#PB_Word))
AddList(gilist(),"e_res2[0]" + Chr(10) + Pex_Hex_Value(\e_res2[0],#PB_Word))
AddList(gilist(),"e_res2[1]" + Chr(10) + Pex_Hex_Value(\e_res2[1],#PB_Word))
AddList(gilist(),"e_res2[2]" + Chr(10) + Pex_Hex_Value(\e_res2[2],#PB_Word))
AddList(gilist(),"e_res2[3]" + Chr(10) + Pex_Hex_Value(\e_res2[3],#PB_Word))
AddList(gilist(),"e_res2[4]" + Chr(10) + Pex_Hex_Value(\e_res2[4],#PB_Word))
AddList(gilist(),"e_res2[5]" + Chr(10) + Pex_Hex_Value(\e_res2[5],#PB_Word))
AddList(gilist(),"e_res2[6]" + Chr(10) + Pex_Hex_Value(\e_res2[6],#PB_Word))
AddList(gilist(),"e_res2[7]" + Chr(10) + Pex_Hex_Value(\e_res2[7],#PB_Word))
AddList(gilist(),"e_res2[8]" + Chr(10) + Pex_Hex_Value(\e_res2[8],#PB_Word))
AddList(gilist(),"e_res2[9]" + Chr(10) + Pex_Hex_Value(\e_res2[9],#PB_Word))
AddList(gilist(),"e_lfanew" + Chr(10) + Pex_Hex_Value(\e_lfanew,#PB_Long))
EndWith
Case #IMAGE_NT_HEADERS
With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32
AddList(gilist(),"Signature" + Chr(10) + Pex_Hex_Value(\Signature,#PB_Long)+
Chr(10) + Chr(PeekA(@\Signature)) + Chr(PeekA(@\Signature+1)))
EndWith
Case #FILE_HEADER
With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\FileHeader
AddList(gilist(),"Machine" + Chr(10) + Pex_Hex_Value(\Machine,#PB_Word)+ Chr(10) + Pex_Machine_Type(\Machine))
AddList(gilist(),"NumberOfSections" + Chr(10) + Pex_Hex_Value(\NumberOfSections,#PB_Word) +
Chr(10) + Str(\NumberOfSections))
AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+
Chr(10) + "Date created : " + Pex_Date_Format(\TimeDateStamp))
AddList(gilist(),"PointerToSymbolTable" + Chr(10) + Pex_Hex_Value(\PointerToSymbolTable,#PB_Long))
AddList(gilist(),"NumberOfSymbols" + Chr(10) + Pex_Hex_Value(\NumberOfSymbols,#PB_Long))
AddList(gilist(),"SizeOfOptionalHeader" + Chr(10) + Pex_Hex_Value(\SizeOfOptionalHeader,#PB_Word) +
Chr(10) + Str(\SizeOfOptionalHeader) + " Byte")
AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Word) +
Chr(10) + Pex_ImageFile_Type(\Characteristics))
EndWith
Case #OPTIONAL_HEADER
With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader
AddList(gilist(),"Magic" + Chr(10) + Pex_Hex_Value(\Magic,#PB_Word)+ Chr(10) + Pex_Image_Type(\Magic))
AddList(gilist(),"MajorLinkerVersion" + Chr(10) + Pex_Hex_Value(\MajorLinkerVersion,#PB_Byte)+
Chr(10) + "Linker Version : " + Str(\MajorLinkerVersion) +"."+ Str( \MinorLinkerVersion))
AddList(gilist(),"MinorLinkerVersion" + Chr(10) + Pex_Hex_Value(\MinorLinkerVersion,#PB_Byte))
AddList(gilist(),"SizeOfCode" + Chr(10) + Pex_Hex_Value(\SizeOfCode,#PB_Long) +
Chr(10) + Str(\SizeOfCode) + " Byte")
AddList(gilist(),"SizeOfInitializedData" + Chr(10) + Pex_Hex_Value(\SizeOfInitializedData,#PB_Long) +
Chr(10) + Str(\SizeOfInitializedData) + " Byte")
AddList(gilist(),"SizeOfUninitializedData" + Chr(10) + Pex_Hex_Value(\SizeOfUninitializedData,#PB_Long) +
Chr(10) + Str(\SizeOfUninitializedData) + " Byte")
AddList(gilist(),"AddressOfEntryPoint" + Chr(10) + Pex_Hex_Value(\AddressOfEntryPoint,#PB_Long) +
Chr(10) + Str(\AddressOfEntryPoint))
AddList(gilist(),"BaseOfCode" + Chr(10) + Pex_Hex_Value(\BaseOfCode,#PB_Long) + Chr(10) + Str(\baseofcode))
If Pex_Is64Bit()
AddList(gilist(),"ImageBase" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase,#PB_Quad) +
Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase))
Else
AddList(gilist(),"BaseOfData" + Chr(10) + Pex_Hex_Value(\BaseOfData,#PB_Long) +
Chr(10) + Str(\BaseOfData))
AddList(gilist(),"ImageBase" + Chr(10) + Pex_Hex_Value(\ImageBase,#PB_Long) +
Chr(10) + Str(\ImageBase))
EndIf
AddList(gilist(),"SectionAlignment" + Chr(10) + Pex_Hex_Value(\SectionAlignment,#PB_Long)+
Chr(10) + Str(\SectionAlignment))
AddList(gilist(),"FileAlignment" + Chr(10) + Pex_Hex_Value(\FileAlignment,#PB_Long) +
Chr(10) + Str(\FileAlignment))
AddList(gilist(),"MajorOperatingSystemVersion" + Chr(10) + Pex_Hex_Value(\MajorOperatingSystemVersion,#PB_Word)+
Chr(10) + "Required operating system Version :" + Str(\MajorOperatingSystemVersion) +
"."+ Str( \MinorOperatingSystemVersion))
AddList(gilist(),"MinorOperatingSystemVersion" + Chr(10) + Pex_Hex_Value(\MinorOperatingSystemVersion,#PB_Word))
AddList(gilist(),"MajorImageVersion" + Chr(10) + Pex_Hex_Value(\MajorImageVersion,#PB_Word)+
Chr(10) + "Image Version : " + Str(\MajorImageVersion) +"."+ Str( \MinorImageVersion))
AddList(gilist(),"MinorImageVersion" + Chr(10) + Pex_Hex_Value(\MinorImageVersion,#PB_Word))
AddList(gilist(),"MajorSubsystemVersion" + Chr(10) + Pex_Hex_Value(\MajorSubsystemVersion,#PB_Word)+
Chr(10) + "Subsystem Version : " + Str(\MajorSubsystemVersion) +"."+
Str( \MinorSubsystemVersion))
AddList(gilist(),"MinorSubsystemVersion" + Chr(10) + Pex_Hex_Value(\MinorSubsystemVersion,#PB_Word))
AddList(gilist(),"Win32VersionValue" + Chr(10) + Pex_Hex_Value(\Win32VersionValue,#PB_Long))
AddList(gilist(),"SizeOfImage" + Chr(10) + Pex_Hex_Value(\SizeOfImage,#PB_Long) +
Chr(10) + Str(\SizeOfImage) + " Byte")
AddList(gilist(),"SizeOfHeaders" + Chr(10) + Pex_Hex_Value(\SizeOfHeaders,#PB_Long) +
Chr(10) + Str(\SizeOfHeaders) + " Byte")
AddList(gilist(),"CheckSum" + Chr(10) + Pex_Hex_Value(\CheckSum,#PB_Long))
AddList(gilist(),"Subsystem" + Chr(10) + Pex_Hex_Value(\Subsystem,#PB_Word)+
Chr(10) + Pex_Subsystem_Type(\Subsystem))
AddList(gilist(),"DllCharacteristics" + Chr(10) + Pex_Hex_Value(\DllCharacteristics,#PB_Word)+
Chr(10) + Pex_Dll_Characteristics(\DllCharacteristics))
If Pex_Is64Bit()
AddList(gilist(),"SizeOfStackReserve" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackReserve,#PB_Quad)+ Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackReserve))
AddList(gilist(),"SizeOfStackCommit" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackCommit,#PB_Quad)+ Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackCommit))
AddList(gilist(),"SizeOfHeapReserve" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapReserve,#PB_Quad) + Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapReserve))
AddList(gilist(),"SizeOfHeapCommit" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapCommit,#PB_Quad) + Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapCommit))
AddList(gilist(),"LoaderFlags" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\LoaderFlags,#PB_Long) + Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\LoaderFlags))
AddList(gilist(),"NumberOfRvaAndSizes" + Chr(10) +
Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\NumberOfRvaAndSizes,#PB_Long) + Chr(10) +
Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\NumberOfRvaAndSizes))
Else
AddList(gilist(),"SizeOfStackReserve" + Chr(10) + Pex_Hex_Value(\SizeOfStackReserve,#PB_Long) +
Chr(10) + Str(\SizeOfStackReserve))
AddList(gilist(),"SizeOfStackCommit" + Chr(10) + Pex_Hex_Value(\SizeOfStackCommit,#PB_Long) +
Chr(10) + Str(\SizeOfStackCommit))
AddList(gilist(),"SizeOfHeapReserve" + Chr(10) + Pex_Hex_Value(\SizeOfHeapReserve,#PB_Long) +
Chr(10) + Str(\SizeOfHeapReserve))
AddList(gilist(),"SizeOfHeapCommit" + Chr(10) + Pex_Hex_Value(\SizeOfHeapCommit,#PB_Long) +
Chr(10) + Str(\SizeOfHeapCommit))
AddList(gilist(),"LoaderFlags" + Chr(10) + Pex_Hex_Value(\LoaderFlags,#PB_Long) + Chr(10) +
Str(\LoaderFlags))
AddList(gilist(),"NumberOfRvaAndSizes" + Chr(10) + Pex_Hex_Value(\NumberOfRvaAndSizes,#PB_Long) +
Chr(10) + Str(\NumberOfRvaAndSizes))
EndIf
EndWith
Case #SECTION_HEADER
If SelectType = #SECTION_HEADER
With CurrentPB_PEExplorerFile
AddList(gilist(),"Section count" + Chr(10) + Str(ListSize(\IMAGE_SECTION_HEADERList())))
EndWith
Else
ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList()
If \__File_Selction_Name = SelectType
AddList(gilist(),"SecName[8]" + Chr(10) + Pex_Hex_Value(PeekQ(@\SecName),#PB_Quad)+ Chr(10) + SelectType)
AddList(gilist(),"PhysicalAddr" + Chr(10) + Pex_Hex_Value(\PhysicalAddr,#PB_Long))
AddList(gilist(),"VirtualSize" + Chr(10) + Pex_Hex_Value(\VirtualSize,#PB_Long) +
Chr(10) + Str(\VirtualSize) + " Byte")
AddList(gilist(),"VirtualAddress" + Chr(10) + Pex_Hex_Value(\VirtualAddress,#PB_Long) +
Chr(10) + Str(\VirtualAddress))
AddList(gilist(),"SizeOfRawData" + Chr(10) + Pex_Hex_Value(\SizeOfRawData,#PB_Long) + Chr(10) +
Str(\SizeOfRawData) + " Byte")
AddList(gilist(),"PointerToRawData" + Chr(10) + Pex_Hex_Value(\PointerToRawData,#PB_Long) +
Chr(10) + Str(\PointerToRawData))
AddList(gilist(),"PointerToRelocations" + Chr(10) + Pex_Hex_Value(\PointerToRelocations,#PB_Long))
AddList(gilist(),"PointerToLinenumbers" + Chr(10) + Pex_Hex_Value(\PointerToLinenumbers,#PB_Long))
AddList(gilist(),"NumberOfRelocations" + Chr(10) + Pex_Hex_Value(\NumberOfRelocations,#PB_Word))
AddList(gilist(),"NumberOfLinenumbers" + Chr(10) + Pex_Hex_Value(\NumberOfLinenumbers,#PB_Word))
AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long)+ Chr(10) +
Pex_Section_Characteristics(\Characteristics))
AddList(gilist(),"")
AddList(gilist(),"Section MD5 Hash" + Chr(10) +Pex_RawData_Hash(\PointerToRawData,\SizeOfRawData))
Break
EndIf
EndWith
Next
EndIf
Case #DESCRIPTOR_IMPORT
If ResFileType <> ""
Protected fUnctioname$
With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo
ForEach \IMAGE_IMPORT_DESCRIPTORList()
If \IMAGE_IMPORT_DESCRIPTORList()\LibraryName = SelectType
ForEach \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()
If \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal
If Pex_Is64Bit()
fUnctioname$=Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Quad)
Else
fUnctioname$=Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Long)
EndIf
Else
fUnctioname$= \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName
EndIf
If fUnctioname$ = ResFileType
If \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal
AddList(gilist(),"Ordinal" + Chr(10) + fUnctioname$)
Else
AddList(gilist(),"Name" + Chr(10) + fUnctioname$)
EndIf
If Pex_Is64Bit()
AddList(gilist(),"IMAGE_THUNK_DATA" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA,#PB_Quad))
Else
AddList(gilist(),"IMAGE_THUNK_DATA" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA,#PB_Long))
EndIf
Break
EndIf
Next
Break
EndIf
Next
EndWith
ElseIf SelectType <> ""
With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo
ForEach \IMAGE_IMPORT_DESCRIPTORList()
If \IMAGE_IMPORT_DESCRIPTORList()\LibraryName = SelectType
AddList(gilist(),"OriginalFirstThunk" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\OriginalFirstThunk,#PB_Long))
AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\TimeDateStamp,#PB_Long)+ Chr(10) +
"Date : " + Pex_Date_Format(\IMAGE_IMPORT_DESCRIPTORList()\TimeDateStamp))
AddList(gilist(),"ForwarderChain" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ForwarderChain,#PB_Long))
AddList(gilist(),"Name" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\Name,#PB_Long))
AddList(gilist(),"FirstThunk" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\FirstThunk,#PB_Long))
Break
EndIf
Next
EndWith
Else
Protected FuncCount.l
With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo
ForEach \IMAGE_IMPORT_DESCRIPTORList()
FuncCount+ListSize(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList())
Next
EndWith
AddList(gilist(),"Function Count" + Chr(10) + Str(FuncCount))
EndIf
Case #DESCRIPTOR_EXPORT
If SelectType <> ""
With CurrentPB_PEExplorerFile\IMAGE_EXPORT_DIRECTORYInfo
ForEach \ExportFunctionNameListe()
If \ExportFunctionNameListe()\FunctionName = SelectType
AddList(gilist(),"Address" + Chr(10) + Pex_Hex_Value(\ExportFunctionNameListe()\FunctionAddress,#PB_Long))
AddList(gilist(),"Ordinale" + Chr(10) + Pex_Hex_Value(\ExportFunctionNameListe()\Ordinale,#PB_Word))
Break
EndIf
Next
EndWith
Else
With CurrentPB_PEExplorerFile\IMAGE_EXPORT_DIRECTORYInfo
AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long))
AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+
Chr(10) + "Date : " + Pex_Date_Format(\TimeDateStamp))
AddList(gilist(),"MajorVersion" + Chr(10) + Pex_Hex_Value(\MajorVersion,#PB_Word)+
Chr(10) + Str(\MajorVersion) + "." + Str(\MinorVersion))
AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word))
AddList(gilist(),"Name" + Chr(10) + Pex_Hex_Value(\Name,#PB_Long)+ Chr(10) + \__File_OriginalDllName)
AddList(gilist(),"Base" + Chr(10) + Pex_Hex_Value(\Base,#PB_Long))
AddList(gilist(),"NumberOfFunctions" + Chr(10) + Pex_Hex_Value(\NumberOfFunctions,#PB_Long) +
Chr(10) + Str(\NumberOfFunctions))
AddList(gilist(),"NumberOfNames" + Chr(10) + Pex_Hex_Value(\NumberOfNames,#PB_Long) +
Chr(10) + Str(\NumberOfNames))
AddList(gilist(),"AddressOfFunctions" + Chr(10) + Pex_Hex_Value(\AddressOfFunctions,#PB_Long))
AddList(gilist(),"AddressOfNames" + Chr(10) + Pex_Hex_Value(\AddressOfNames,#PB_Long))
AddList(gilist(),"AddressOfNameOrdinals" + Chr(10) + Pex_Hex_Value(\AddressOfNameOrdinals,#PB_Long))
EndWith
EndIf
Case #ENDOFDATA
With CurrentPB_PEExplorerFile
AddList(gilist(),"Size" + Chr(10) + Str(FileSize(CurrentFileLoc)-\__File_ImageSize) + " Byte")
AddList(gilist(),"File Offset" + Chr(10) + Pex_Hex_Value(\__File_ImageSize,#PB_Long) +
Chr(10) + Str(\__File_ImageSize))
AddList(gilist(),"Frist 30 Byte Of Data" + Chr(10) +
Pex_HexRawData_Read(\__File_ImageSize,FileSize(CurrentFileLoc)-\__File_ImageSize,30,1) +
Chr(10) + ReplaceString(Pex_HexRawData_Read(\__File_ImageSize,FileSize(CurrentFileLoc)-\__File_ImageSize,30,0),Chr(10),""))
EndWith
Case #DESCRIPTOR_RESOURCE
Protected Cres$,ResnType$
If SelectType <> ""
If ResFileType <> ""
With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo
ForEach \ResourceDirectoryList()
If \ResourceDirectoryList()\__File_ResourceDirectoryName
Cres$= \ResourceDirectoryList()\__File_ResourceDirectoryName
ResnType$ = "String"
Else
Cres$ = Pex_Resource_Type(\ResourceDirectoryList()\__File_ResourceDirectoryID)
ResnType$ = "Integer"
EndIf
If Cres$ = SelectType
ForEach \ResourceDirectoryList()\ResourceSubDirectoryList()
If \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName
Cres$= \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName
ResnType$ = "String"
Else
Cres$ = Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID)
ResnType$ = "Integer"
EndIf
If Cres$ = ResFileType
AddList(gilist(),"Characteristics" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\Characteristics,#PB_Long)+
Chr(10) + "Entry Name Type : " + ResnType$);
AddList(gilist(),"TimeDateStamp" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\TimeDateStamp,#PB_Long)+
Chr(10) + "Date : " + Pex_Date_Format(\ResourceDirectoryList()\ResourceSubDirectoryList()\TimeDateStamp))
AddList(gilist(),"MajorVersion" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\MajorVersion,#PB_Word)+
Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\MajorVersion) + "." +
Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\MinorVersion))
AddList(gilist(),"MinorVersion" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\MinorVersion,#PB_Word))
AddList(gilist(),"NumberOfNamedEntries" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfNamedEntries,#PB_Word)+
Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfNamedEntries))
AddList(gilist(),"NumberOfIdEntries" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfIdEntries,#PB_Word) +
Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfIdEntries))
AddList(gilist(),"")
AddList(gilist(),"File Resource Offset" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,#PB_Long)+
Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset))
AddList(gilist(),"OffsetToData" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\OffsetToData,#PB_Long))
AddList(gilist(),"Size" + Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\Size) + " Byte")
AddList(gilist(),"CodePage" + Chr(10) +
Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\CodePage,#PB_Long))
AddList(gilist(),"Frist 30 Byte Of resource" + Chr(10) +
Pex_HexRawData_Read(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,\ResourceDirectoryList()\ResourceSubDirectoryList()\Size,30) +
Chr(10) + ReplaceString(Pex_HexRawData_Read(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,\ResourceDirectoryList()\ResourceSubDirectoryList()\Size,30,0),Chr(10),""))
Pex_Resource_Read(\ResourceDirectoryList()\__File_ResourceDirectoryID,
\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName,
\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID,
\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,
\ResourceDirectoryList()\ResourceSubDirectoryList()\Size)
Break
EndIf
Next
Break
EndIf
Next
EndWith
Else
ForEach CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()
If CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName
Cres$= CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName
ResnType$ = "String"
Else
Cres$ = Pex_Resource_Type(CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID)
ResnType$ = "Integer"
EndIf
If Cres$ = SelectType
With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()
AddList(gilist(),"Characteristics" + Chr(10) +
Pex_Hex_Value(\Characteristics,#PB_Long)+ Chr(10) + "Entry Name Type : " + ResnType$);
AddList(gilist(),"TimeDateStamp" + Chr(10) +
Pex_Hex_Value(\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " +
Pex_Date_Format(\TimeDateStamp))
AddList(gilist(),"MajorVersion" + Chr(10) +
Pex_Hex_Value(\MajorVersion,#PB_Word)+ Chr(10) +
Str(\MajorVersion) + "." + Str(\MinorVersion))
AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word))
AddList(gilist(),"NumberOfNamedEntries" + Chr(10) + Pex_Hex_Value(\NumberOfNamedEntries,#PB_Word) +
Chr(10) + Str(\NumberOfNamedEntries))
AddList(gilist(),"NumberOfIdEntries" + Chr(10) + Pex_Hex_Value(\NumberOfIdEntries,#PB_Word) +
Chr(10) + Str(\NumberOfIdEntries))
EndWith
Break
EndIf
Next
EndIf
Else
With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo
AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long));
AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+
Chr(10) + "Date : " + Pex_Date_Format(\TimeDateStamp))
AddList(gilist(),"MajorVersion" + Chr(10) +
Pex_Hex_Value(\MajorVersion,#PB_Word)+ Chr(10) + Str(\MajorVersion) + "." +
Str(\MinorVersion))
AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word))
AddList(gilist(),"NumberOfNamedEntries" + Chr(10) + Pex_Hex_Value(\NumberOfNamedEntries,#PB_Word) +
Chr(10) + Str(\NumberOfNamedEntries))
AddList(gilist(),"NumberOfIdEntries" + Chr(10) + Pex_Hex_Value(\NumberOfIdEntries,#PB_Word) +
Chr(10) + Str(\NumberOfIdEntries))
EndWith
EndIf
EndSelect
ForEach gilist()
AddGadgetItem(#Gadget_ListIcon_PeExplorer,-1,gilist())
Next
EndProcedure
Procedure PeGetInfo_PeExplorer()
Protected Sttree = GetGadgetState(#Gadget_Tree_PeExplorer)
If Sttree = -1 :ProcedureReturn:EndIf
Protected gettreeTxt$ = GetGadgetItemText(#Gadget_Tree_PeExplorer,Sttree)
Protected t.l,Selectednode$,PerSdir$
ClearGadgetItems(#Gadget_ListIcon_PeExplorer)
Select gettreeTxt$
Case #ENDOFDATA
SetInfoHeader_PeExplorer(#ENDOFDATA)
Case #File_Info
SetInfoHeader_PeExplorer(#File_Info)
Case #FILE_HEADER, #OPTIONAL_HEADER
SetInfoHeader_PeExplorer(gettreeTxt$)
Default
For t=Sttree To 0 Step -1
If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, t, #PB_Tree_SubLevel) = 2
If PerSdir$ =""
PerSdir$= GetGadgetItemText(#Gadget_Tree_PeExplorer,t)
EndIf
EndIf
If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, t, #PB_Tree_SubLevel) = 1
Selectednode$= GetGadgetItemText(#Gadget_Tree_PeExplorer,t)
Break
EndIf
Next
Select Selectednode$
Case #DESCRIPTOR_RESOURCE
If gettreeTxt$ = #DESCRIPTOR_RESOURCE
SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE)
Else
If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2
SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE,gettreeTxt$)
Else
SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE, PerSdir$,gettreeTxt$)
EndIf
EndIf
Case #DESCRIPTOR_EXPORT
If gettreeTxt$ = #DESCRIPTOR_EXPORT
SetInfoHeader_PeExplorer(#DESCRIPTOR_EXPORT)
Else
SetInfoHeader_PeExplorer(#DESCRIPTOR_EXPORT,gettreeTxt$)
EndIf
Case #DESCRIPTOR_IMPORT
If gettreeTxt$ = #DESCRIPTOR_IMPORT
SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT)
ElseIf GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2
SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT,GetFilePart(gettreeTxt$))
Else
SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT,GetFilePart(PerSdir$),gettreeTxt$)
EndIf
Case #DESCRIPTOR_RELOCATION
If gettreeTxt$ = #DESCRIPTOR_RELOCATION
SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION)
ElseIf GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2
SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION,GetFilePart(gettreeTxt$))
Else
SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION,GetFilePart(PerSdir$),gettreeTxt$)
EndIf
Default
SetInfoHeader_PeExplorer(Selectednode$,gettreeTxt$)
EndSelect
EndSelect
EndProcedure
Procedure PeSetInfo_PeExplorer(FilePath.s)
If UCase(GetExtensionPart(FilePath)) = "LNK"
FilePath = GetFilePathFromLnk(FilePath)
If FilePath = "":MessageRequester("","Unable to open file!"):ProcedureReturn 0:EndIf
EndIf
FilePath = GetLongPathName(FilePath)
Protected tPB_PEExplorerFile.PB_PEExplorer
Protected RdExe = ReadFile(#PB_Any, FilePath); open pe file to read
If Not RdExe:MessageRequester("","Unable to open file!"):ProcedureReturn 0:EndIf
If Pb_PEExplorer(RdExe ,@tPB_PEExplorerFile) = 0:CloseFile(RdExe)
MessageRequester("","Error Get Pe Info!")
ProcedureReturn:EndIf
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 40)
CloseFile(RdExe)
ClearStructure(@CurrentPB_PEExplorerFile,PB_PEExplorer)
CurrentPB_PEExplorerFile=tPB_PEExplorerFile
CurrentFileLoc = FilePath
ClearGadgetItems(#Gadget_Tree_PeExplorer)
ClearGadgetItems(#Gadget_ListIcon_PeExplorer)
With CurrentPB_PEExplorerFile
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#File_Info)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DOS_HEADER,0,1)
SetGadgetItemState(#Gadget_Tree_PeExplorer, 0, #PB_Tree_Expanded)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#IMAGE_NT_HEADERS,0,1)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#FILE_HEADER,0,2)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#OPTIONAL_HEADER,0,2)
SetGadgetItemState(#Gadget_Tree_PeExplorer, 2, #PB_Tree_Expanded)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#SECTION_HEADER,0,1)
ForEach \IMAGE_SECTION_HEADERList()
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_SECTION_HEADERList()\__File_Selction_Name),0,2)
Next
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 60)
If ListSize(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()) >0
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_IMPORT,0,1)
ForEach \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()
; AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName),0,2)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_DLL_FindPath(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName),0,2)
ForEach \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()
If \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal
If Pex_Is64Bit()
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Quad),0,3)
Else
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Long),0,3)
EndIf
Else
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName,0,3)
EndIf
Next
Next
EndIf
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 70)
If ListSize(\IMAGE_BASE_RELOCATIONList()) >0
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_RELOCATION,0,1)
ForEach \IMAGE_BASE_RELOCATIONList()
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long),0,2)
ForEach \IMAGE_BASE_RELOCATIONList()\RelocationTypeList()
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u,#PB_Word),0,3)
Next
Next
EndIf
If ListSize(\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()) >0
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_EXPORT,0,1)
ForEach \IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionName),0,2)
Next
EndIf
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 80)
If ListSize(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()) >0
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_RESOURCE,0,1)
ForEach \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()
If \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName),0,2)
Else
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Resource_Type(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID),0,2)
EndIf
ForEach \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()
If \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName),0,3)
Else
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Str(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID),0,3)
EndIf
Next
Next
EndIf
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 90)
If \__File_ImageSize <> FileSize(CurrentFileLoc)
AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#ENDOFDATA,0,1)
EndIf
EndWith
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 100)
SetInfoHeader_PeExplorer(#File_Info)
SetWindowTitle(#Window_PeExplorer,"PeExplorer v 1.0 [" + GetFilePart(FilePath) + "]")
If Pex_UpxPacker_Detect()
If Pex_UpxPacker_UnPacked() = 1
PeSetInfo_PeExplorer(FilePath)
EndIf
EndIf
EndProcedure
Procedure SelectaFile_PeExplorer()
Protected FilePath.s=OpenFileRequester("Select a file...","","Exe or Dll|*.dll;*.exe|All|*.*",0)
If FilePath="":ProcedureReturn:EndIf
PeSetInfo_PeExplorer(FilePath)
EndProcedure
Procedure DropFileWindow_PeExplorer()
PeSetInfo_PeExplorer(EventDropFiles())
EndProcedure
Procedure OpenWindow_PeExplorer()
OpenWindow(#Window_PeExplorer, 0, 0, 820, 465, "PeExplorer v 1.0", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_ScreenCentered)
CreateStatusBar( #StatusBar_PeExplorer, WindowID(#Window_PeExplorer))
AddStatusBarField(#PB_Ignore)
StatusBarText( #StatusBar_PeExplorer, #StatusBarItem_PeInfo, "Hi " + UserName())
AddStatusBarField(50)
StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 0)
CreateMenu(#Menu_Window_PeExplorer, WindowID(#Window_PeExplorer))
MenuTitle("&File")
MenuItem(#MenuItem_SelectFile, "&Open a Pe")
MenuBar()
MenuItem(#MenuItem_Exit, "Exit")
MenuTitle("Plugins")
MenuTitle("About")
TreeGadget(#Gadget_Tree_PeExplorer, 5, 5, 205, 410)
ListIconGadget(#Gadget_ListIcon_PeExplorer, 215, 5, 600, 410, "Member", 200)
AddGadgetColumn(#Gadget_ListIcon_PeExplorer,1,"Value",200)
AddGadgetColumn(#Gadget_ListIcon_PeExplorer,2,"Comment",200)
SplitterGadget(#Gadget_Splitter_PeExplorer,5,5,600+205+5,410,#Gadget_Tree_PeExplorer,#Gadget_ListIcon_PeExplorer,#PB_Splitter_Vertical)
EnableWindowDrop(#Window_PeExplorer, #PB_Drop_Files, #PB_Drag_Copy)
BindEvent(#PB_Event_WindowDrop , @DropFileWindow_PeExplorer())
BindEvent(#PB_Event_SizeWindow , @ResizeGadgetsWindow_PeExplorer())
BindEvent(#PB_Event_CloseWindow , @CloseWindow_PeExplorer())
BindMenuEvent(#Menu_Window_PeExplorer,#MenuItem_SelectFile,@SelectaFile_PeExplorer())
BindMenuEvent(#Menu_Window_PeExplorer,#MenuItem_Exit,@CloseWindow_PeExplorer())
BindGadgetEvent(#Gadget_Tree_PeExplorer,@PeGetInfo_PeExplorer(),#PB_EventType_LeftClick )
SetGadgetState(#Gadget_Splitter_PeExplorer, 300)
EndProcedure
OpenWindow_PeExplorer()
LoadPlugins_PeExplorer()
If ProgramParameter(0)
PeSetInfo_PeExplorer(ProgramParameter(0))
EndIf
While WaitWindowEvent() <> #PB_Event_CloseWindow:Wend
If pIPersistFile:pIPersistFile\Release():EndIf
If pIShellLink:pIShellLink\Release():EndIf
DataSection
CLSID_ShellLink:
Data.l $00021401
Data.w $0000
Data.w $0000
Data.b $C0,$00,$00,$00,$00,$00,$00,$46
IID_IShellLink:
Data.l $000214F9
Data.w $0000
Data.w $0000
Data.b $C0,$00,$00,$00,$00,$00,$00,$46
IID_IPersistFile:
Data.l $0000010b
Data.w $0000
Data.w $0000
Data.b $C0,$00,$00,$00,$00,$00,$00,$46
EndDataSection