EnableExplicit ;By Celtic88 ;) #IMAGE_RESOURCE_NAME_IS_STRING =$80000000 #IMAGE_RESOURCE_DATA_IS_DIRECTORY =$80000000 ;IMAGE_DOS_HEADER\e_magic #IMAGE_DOS_HEADER=$5A4D;Magic number ;IMAGE_NT_HEADERS\Signature #IMAGE_NT_SIGNATURE=$00004550;signature ;IMAGE_FILE_HEADER\Machine #IMAGE_FILE_MACHINE_I386=$014c;x86 #IMAGE_FILE_MACHINE_IA64=$0200;Intel Itanium #IMAGE_FILE_MACHINE_AMD64=$8664;x64 ;IMAGE_NT_HEADERS\FileHeader\Characteristics #IMAGE_FILE_RELOCS_STRIPPED=$0001;Relocation information was stripped from the file. The file must be loaded at its preferred base address. If the base address is not available, the loader reports an error. #IMAGE_FILE_EXECUTABLE_IMAGE=$0002;The file is executable (there are no unresolved external references). #IMAGE_FILE_LINE_NUMS_STRIPPED=$0004;COFF line numbers were stripped from the file. #IMAGE_FILE_LOCAL_SYMS_STRIPPED=$0008;COFF symbol table entries were stripped from file. #IMAGE_FILE_AGGRESIVE_WS_TRIM=$0010 ;Aggressively trim the working set. This value is obsolete. #IMAGE_FILE_LARGE_ADDRESS_AWARE=$0020;The application can handle addresses larger than 2 GB. #IMAGE_FILE_BYTES_REVERSED_LO=$0080 ;The bytes of the word are reversed. This flag is obsolete. #IMAGE_FILE_32BIT_MACHINE=$0100 ;The computer supports 32-bit words. #IMAGE_FILE_DEBUG_STRIPPED=$0200 ;Debugging information was removed and stored separately in another file. #IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP=$0400;If the image is on removable media, copy it to and run it from the swap file. #IMAGE_FILE_NET_RUN_FROM_SWAP=$0800 ;If the image is on the network, copy it to and run it from the swap file. #IMAGE_FILE_SYSTEM=$1000 ;The image is a system file. #IMAGE_FILE_DLL=$2000 ;The image is a DLL file. While it is an executable file, it cannot be run directly. #IMAGE_FILE_UP_SYSTEM_ONLY=$4000 ;The file should be run only on a uniprocessor computer. #IMAGE_FILE_BYTES_REVERSED_HI=$8000 ;The bytes of the word are reversed. This flag is obsolete. ;IMAGE_NT_HEADERS\OptionalHeader\Magic #IMAGE_NT_OPTIONAL_HDR32_MAGIC = $10B;32-bit application #IMAGE_NT_OPTIONAL_HDR64_MAGIC = $20B;64-bit application #IMAGE_ROM_OPTIONAL_HDR_MAGIC = $107 ;ROM image ;IMAGE_NT_HEADERS\OptionalHeader\Subsystem #IMAGE_SUBSYSTEM_UNKNOWN = 0;Unknown subsystem. #IMAGE_SUBSYSTEM_NATIVE = 1 ;No subsystem required (device drivers and native system processes). #IMAGE_SUBSYSTEM_WINDOWS_GUI = 2;Windows graphical user interface (GUI) subsystem. #IMAGE_SUBSYSTEM_WINDOWS_CUI = 3;Windows character-mode user interface (CUI) subsystem. #IMAGE_SUBSYSTEM_OS2_CUI = 5 ;OS/2 CUI subsystem. #IMAGE_SUBSYSTEM_POSIX_CUI = 7 ;POSIX CUI subsystem. #IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9;Windows CE system. #IMAGE_SUBSYSTEM_EFI_APPLICATION = 10;Extensible Firmware Interface (EFI) application. #IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11;EFI driver with boot services. #IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12 ;EFI driver with run-time services. #IMAGE_SUBSYSTEM_EFI_ROM = 13 ;EFI ROM image. #IMAGE_SUBSYSTEM_XBOX = 14 ;Xbox system. #IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION = 16;Boot application. ;IMAGE_NT_HEADERS\OptionalHeader\DllCharacteristics #IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE=$0040;The DLL can be relocated at load time. #IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY=$0080;Code integrity checks are forced. If you set this flag and a section contains only uninitialized data, set the PointerToRawData member of #IMAGE_SECTION_HEADER for that section to zero; otherwise, the image will fail to load because the digital signature cannot be verified. #IMAGE_DLLCHARACTERISTICS_NX_COMPAT=$0100 ;The image is compatible with data execution prevention (DEP). #IMAGE_DLLCHARACTERISTICS_NO_ISOLATION=$0200 ;The image is isolation aware, but should not be isolated. #IMAGE_DLLCHARACTERISTICS_NO_SEH=$0400 ;The image does not use structured exception handling (SEH). No handlers can be called in this image. #IMAGE_DLLCHARACTERISTICS_NO_BIND=$0800 ;Do not bind the image #IMAGE_DLLCHARACTERISTICS_WDM_DRIVER=$2000 ;A WDM driver #IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE=$8000;The image is terminal server aware. ;IMAGE_NT_HEADERS\OptionalHeader\DllCharacteristics #IMAGE_DIRECTORY_ENTRY_EXPORT = 0 #IMAGE_DIRECTORY_ENTRY_IMPORT = 1 #IMAGE_DIRECTORY_ENTRY_RESOURCE = 2 #IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3 #IMAGE_DIRECTORY_ENTRY_SECURITY = 4 #IMAGE_DIRECTORY_ENTRY_BASERELOC = 5 #IMAGE_DIRECTORY_ENTRY_DEBUG = 6 #IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7 #IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7 #IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8 #IMAGE_DIRECTORY_ENTRY_TLS = 9 #IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10 #IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11 #IMAGE_DIRECTORY_ENTRY_IAT = 12 #IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13 #IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14 #IMAGE_ORDINAL_FLAG = $80000000 #IMAGE_ORDINAL_FLAGx64=$8000000000000000 #IMAGE_SCN_CNT_CODE = $00000020 #IMAGE_SCN_CNT_INITIALIZED_DATA = $00000040 #IMAGE_SCN_CNT_UNINITIALIZED_DATA = $00000080 #IMAGE_SCN_MEM_SHARED = $10000000 #IMAGE_SCN_MEM_EXECUTE = $20000000 #IMAGE_SCN_MEM_READ = $40000000 #IMAGE_SCN_MEM_WRITE = $80000000 #IMAGE_REL_BASED_ABSOLUTE = 0 #IMAGE_REL_BASED_HIGH = 1 #IMAGE_REL_BASED_LOW = 2 #IMAGE_REL_BASED_HIGHLOW = 3 #IMAGE_REL_BASED_HIGHADJ = 4 #IMAGE_REL_BASED_MIPS_JMPADDR = 5 #IMAGE_REL_BASED_DIR64 = 10 Structure IMAGE_IMPORT_DESCRIPTOR ; from winnt.h OriginalFirstThunk.l TimeDateStamp.l ForwarderChain.l Name.l FirstThunk.l EndStructure Structure IMAGE_THUNK_DATA32 ; from winnt.h StructureUnion ForwarderString.l Function.l Ordinal.l AddressOfData.l EndStructureUnion EndStructure Structure IMAGE_THUNK_DATA64 ; from winnt.h StructureUnion ForwarderString.q Function.q Ordinal.q AddressOfData.q EndStructureUnion EndStructure Structure IMAGE_RESOURCE_DIRECTORY Characteristics.l; TimeDateStamp.l ; MajorVersion.w ; MinorVersion.w ; NumberOfNamedEntries.w; NumberOfIdEntries.w ; EndStructure Structure IMAGE_RESOURCE_DIRECTORY_ENTRY NameOffset.l; OffsetToData.l; EndStructure Structure IMAGE_RESOURCE_DATA_ENTRY OffsetToData.l; Size.l ; CodePage.l ; Reserved.l ; EndStructure Structure IMAGE_RESOURCE_DIRECTORY_STRING Length.u ; NameString.a[1] EndStructure Structure ImportFunctionList IMAGE_THUNK_DATA.q Ordinal.q FunctionName.s EndStructure Structure IMAGE_BASE_RELOCATION ; from winnt.h VirtualAddress.l SizeOfBlock.l EndStructure Structure IMAGE_IMPORT_DESCRIPTORList Extends IMAGE_IMPORT_DESCRIPTOR LibraryName.s; name of imported dll List ImportFunctionList.ImportFunctionList() ;list of imported function EndStructure Structure IMAGE_IMPORT_DESCRIPTORInfo List IMAGE_IMPORT_DESCRIPTORList.IMAGE_IMPORT_DESCRIPTORList() EndStructure Structure ExportFunctionNameListe FunctionName.s ; Function Name FunctionAddress.l ; Function Address Ordinale.w ; Function Ordinale EndStructure Structure IMAGE_EXPORT_DIRECTORYInfo Extends IMAGE_EXPORT_DIRECTORY __File_OriginalDllName.s ;original dll name List ExportFunctionNameListe.ExportFunctionNameListe() EndStructure Structure ResourceSubDirectoryList Extends IMAGE_RESOURCE_DIRECTORY __File_ResourceDirectoryName.s; Resource Directory Name __File_ResourceDirectoryID.l;Resource Directory ID __File_ResourceOffset.l;Resource Offset OffsetToData.l; Size.l ; CodePage.l ; EndStructure Structure ResourceDirectoryList Extends IMAGE_RESOURCE_DIRECTORY __File_ResourceDirectoryName.s __File_ResourceDirectoryID.l __File_ResourceSubDirectoryCount.l List ResourceSubDirectoryList.ResourceSubDirectoryList() EndStructure Structure IMAGE_RESOURCE_DIRECTORYInfo Extends IMAGE_RESOURCE_DIRECTORY __File_ResourceDirectoryCount.l; number of Resource List ResourceDirectoryList.ResourceDirectoryList() EndStructure Structure IMAGE_SECTION_HEADERInfo Extends IMAGE_SECTION_HEADER __File_Selction_Name.s ; pe section name EndStructure Structure IMAGE_BASE_RELOCATIONInfo Extends IMAGE_BASE_RELOCATION List RelocationTypeList.unicode() ; Relocation EndStructure Structure PB_PEExplorer __File_OffsetEntryCode.l ; start code offset __File_ImageSize.l IMAGE_DOS_HEADER.IMAGE_DOS_HEADER IMAGE_NT_HEADERS64.IMAGE_NT_HEADERS64 IMAGE_NT_HEADERS32.IMAGE_NT_HEADERS32 List IMAGE_SECTION_HEADERList.IMAGE_SECTION_HEADERInfo() IMAGE_IMPORT_DESCRIPTORInfo.IMAGE_IMPORT_DESCRIPTORInfo IMAGE_EXPORT_DIRECTORYInfo.IMAGE_EXPORT_DIRECTORYInfo IMAGE_RESOURCE_DIRECTORYInfo.IMAGE_RESOURCE_DIRECTORYInfo List IMAGE_BASE_RELOCATIONList.IMAGE_BASE_RELOCATIONInfo() EndStructure Macro Resource_IsNameString(NameOffset);Gets a value indicating whether the directory name is a string. (NameOffset & $80000000) EndMacro Macro Resource_NameAddress(NameOffset);Gets an offset, relative to the beginning of the resource directory of the string, which is of type (NameOffset & $7FFFFFFF) EndMacro Macro Resource_IsDirectory(OffsetToData);Gets a value indicating whether the entry is a directory. (OffsetToData & $80000000) EndMacro Macro Resource_DirectoryAddress(OffsetToData);Offset to the child or (OffsetToData & $7FFFFFFF) EndMacro Macro Resource_IsDataEntry(tOffset);Gets a value indicating whether the child structure is a structure. Resource_IsNameString(tOffset) And Resource_IsDirectory(tOffset) EndMacro Procedure Pb_PEExplorer(PeFile_ID ,*iPB_PEExplorer.PB_PEExplorer); Get Pe info Protected tIMAGE_DOS_HEADER.IMAGE_DOS_HEADER Protected tIMAGE_NT_HEADERS64.IMAGE_NT_HEADERS64 Protected tIMAGE_NT_HEADERS32.IMAGE_NT_HEADERS32 Protected tIMAGE_SECTION_HEADER.IMAGE_SECTION_HEADER Protected tIMAGE_IMPORT_DESCRIPTOR.IMAGE_IMPORT_DESCRIPTOR Protected tIMAGE_THUNK_DATA32.IMAGE_THUNK_DATA32 Protected tIMAGE_THUNK_DATA64.IMAGE_THUNK_DATA64 Protected tIMAGE_EXPORT_DIRECTORY.IMAGE_EXPORT_DIRECTORY Protected tIMAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY Protected tIMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY Protected tIMAGE_RESOURCE_DIRECTORY_STRING.IMAGE_RESOURCE_DIRECTORY_STRING Protected tChildIMAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY Protected tChildIMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY Protected tChildI1MAGE_RESOURCE_DIRECTORY.IMAGE_RESOURCE_DIRECTORY Protected tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY.IMAGE_RESOURCE_DIRECTORY_ENTRY Protected tIMAGE_RESOURCE_DATA_ENTRY.IMAGE_RESOURCE_DATA_ENTRY Protected tIMAGE_BASE_RELOCATION.IMAGE_BASE_RELOCATION,offsetReloc Protected.l i,inct,incid,incrd,o,z,ii.w,itr FileSeek(PeFile_ID,0) ReadData(PeFile_ID,@tIMAGE_DOS_HEADER,SizeOf(IMAGE_DOS_HEADER));get IMAGE_DOS_HEADER If tIMAGE_DOS_HEADER\e_magic <> #IMAGE_DOS_HEADER:ProcedureReturn 0:EndIf CopyMemory(@tIMAGE_DOS_HEADER,@*iPB_PEExplorer\IMAGE_DOS_HEADER,SizeOf(IMAGE_DOS_HEADER)) FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew) ReadData(PeFile_ID,@tIMAGE_NT_HEADERS32,SizeOf(IMAGE_NT_HEADERS32));get IMAGE_NT_HEADERS If tIMAGE_NT_HEADERS32\Signature <> #IMAGE_NT_SIGNATURE:ProcedureReturn 0:EndIf CopyMemory(@tIMAGE_NT_HEADERS32,@*iPB_PEExplorer\IMAGE_NT_HEADERS32,SizeOf(IMAGE_NT_HEADERS32)) Protected ImportVirtualAddress.l=tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_IMPORT]\VirtualAddress Protected ExportVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress Protected ResourceVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_RESOURCE]\VirtualAddress Protected RelocVirtualAddress.l= tIMAGE_NT_HEADERS32\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_BASERELOC]\VirtualAddress Protected endOfImage.l Protected IMAGE_ORDINAL_FLAG.q = #IMAGE_ORDINAL_FLAG,SizeIMAGE_NT_HEADERS.l = SizeOf(IMAGE_NT_HEADERS32),SizeIMAGE_THUNK_DATA.l=SizeOf(IMAGE_THUNK_DATA32) If tIMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC IMAGE_ORDINAL_FLAG = #IMAGE_ORDINAL_FLAGx64 FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew) ReadData(PeFile_ID,@tIMAGE_NT_HEADERS64,SizeOf(IMAGE_NT_HEADERS64)) CopyMemory(@tIMAGE_NT_HEADERS64,@*iPB_PEExplorer\IMAGE_NT_HEADERS64,SizeOf(IMAGE_NT_HEADERS64)) SizeIMAGE_NT_HEADERS = SizeOf(IMAGE_NT_HEADERS64) SizeIMAGE_THUNK_DATA = SizeOf(IMAGE_THUNK_DATA64) ImportVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_IMPORT]\VirtualAddress ExportVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_EXPORT]\VirtualAddress ResourceVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_RESOURCE]\VirtualAddress RelocVirtualAddress = tIMAGE_NT_HEADERS64\OptionalHeader\DataDirectory[#IMAGE_DIRECTORY_ENTRY_BASERELOC]\VirtualAddress EndIf Protected tIMAGE_THUNK_DATA.Quad,iInitialOffset.l For i=0 To (tIMAGE_NT_HEADERS32\FileHeader\NumberOfSections-1);get all pe sections FileSeek(PeFile_ID,tIMAGE_DOS_HEADER\e_lfanew+SizeIMAGE_NT_HEADERS+ (SizeOf(IMAGE_SECTION_HEADER)*i)) ReadData(PeFile_ID,@tIMAGE_SECTION_HEADER,SizeOf(IMAGE_SECTION_HEADER)) With tIMAGE_SECTION_HEADER If \VirtualAddress AddElement(*iPB_PEExplorer\IMAGE_SECTION_HEADERList()) CopyMemory(@tIMAGE_SECTION_HEADER,@*iPB_PEExplorer\IMAGE_SECTION_HEADERList(),SizeOf(IMAGE_SECTION_HEADER)) *iPB_PEExplorer\IMAGE_SECTION_HEADERList()\__File_Selction_Name = PeekS(@\SecName,8,#PB_Ascii) If *iPB_PEExplorer\__File_ImageSize < \PointerToRawData+\SizeOfRawData:*iPB_PEExplorer\__File_ImageSize= \PointerToRawData+\SizeOfRawData:EndIf If tIMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC If \VirtualAddress <= tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint And tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint < \VirtualAddress + \SizeOfRawData *iPB_PEExplorer\__File_OffsetEntryCode=( tIMAGE_NT_HEADERS64\OptionalHeader\AddressOfEntryPoint-\VirtualAddress)+\PointerToRawData;file offset to entry code EndIf Else If \VirtualAddress <= tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint And tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint < \VirtualAddress + \SizeOfRawData *iPB_PEExplorer\__File_OffsetEntryCode=( tIMAGE_NT_HEADERS32\OptionalHeader\AddressOfEntryPoint-\VirtualAddress)+\PointerToRawData;file offset to entry code EndIf EndIf If \VirtualAddress <= ImportVirtualAddress And \VirtualAddress+ \VirtualSize > ImportVirtualAddress ;import library address FileSeek(PeFile_ID,( ImportVirtualAddress-\VirtualAddress)+\PointerToRawData) ReadData(PeFile_ID,@tIMAGE_IMPORT_DESCRIPTOR,SizeOf(IMAGE_IMPORT_DESCRIPTOR)) While tIMAGE_IMPORT_DESCRIPTOR\FirstThunk FileSeek(PeFile_ID,tIMAGE_IMPORT_DESCRIPTOR\Name -(\VirtualAddress - \PointerToRawData)) AddElement(*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()) CopyMemory(@tIMAGE_IMPORT_DESCRIPTOR,@*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList(),SizeOf(IMAGE_IMPORT_DESCRIPTOR)) *iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName = ReadString(PeFile_ID); set library name iInitialOffset=tIMAGE_IMPORT_DESCRIPTOR\FirstThunk If tIMAGE_IMPORT_DESCRIPTOR\OriginalFirstThunk iInitialOffset=tIMAGE_IMPORT_DESCRIPTOR\OriginalFirstThunk EndIf FileSeek(PeFile_ID,iInitialOffset -(\VirtualAddress - \PointerToRawData)) ReadData(PeFile_ID,@tIMAGE_THUNK_DATA,SizeIMAGE_THUNK_DATA) inct=0 While tIMAGE_THUNK_DATA\q AddElement(*iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()) If tIMAGE_THUNK_DATA\q & IMAGE_ORDINAL_FLAG *iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal = tIMAGE_THUNK_DATA\q;is a ordinal function Else FileSeek(PeFile_ID,((tIMAGE_THUNK_DATA\q +2)-(\VirtualAddress - \PointerToRawData))) *iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName = ReadString(PeFile_ID);get function name EndIf *iPB_PEExplorer\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA=tIMAGE_THUNK_DATA\q inct + SizeIMAGE_THUNK_DATA FileSeek(PeFile_ID,(iInitialOffset -(\VirtualAddress - \PointerToRawData))+inct) ReadData(PeFile_ID,@tIMAGE_THUNK_DATA,SizeIMAGE_THUNK_DATA) Wend incid+ SizeOf(IMAGE_IMPORT_DESCRIPTOR) FileSeek(PeFile_ID,(( ImportVirtualAddress-\VirtualAddress)+\PointerToRawData)+incid) ReadData(PeFile_ID,@tIMAGE_IMPORT_DESCRIPTOR,SizeOf(IMAGE_IMPORT_DESCRIPTOR)) Wend EndIf If \VirtualAddress <= ExportVirtualAddress And \VirtualAddress+ \VirtualSize > ExportVirtualAddress ;Export function FileSeek(PeFile_ID,( ExportVirtualAddress-\VirtualAddress)+\PointerToRawData) ReadData(PeFile_ID,@tIMAGE_EXPORT_DIRECTORY,SizeOf(IMAGE_EXPORT_DIRECTORY)) CopyMemory(@tIMAGE_EXPORT_DIRECTORY,@*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo,SizeOf(IMAGE_EXPORT_DIRECTORY)) FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\Name-(\VirtualAddress - \PointerToRawData))) *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\__File_OriginalDllName = ReadString(PeFile_ID) For o = 0 To tIMAGE_EXPORT_DIRECTORY\NumberOfNames-1 AddElement( *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()) FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfNames-(\VirtualAddress - \PointerToRawData))+(o*SizeOf(long))) FileSeek(PeFile_ID, ReadLong(PeFile_ID)-(\VirtualAddress - \PointerToRawData)) *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionName = ReadString(PeFile_ID) FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfNameOrdinals-(\VirtualAddress - \PointerToRawData))+(o*SizeOf(word))) *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\Ordinale = ReadWord(PeFile_ID) FileSeek(PeFile_ID, (tIMAGE_EXPORT_DIRECTORY\AddressOfFunctions-(\VirtualAddress - \PointerToRawData))+ (*iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\Ordinale*SizeOf(long))) *iPB_PEExplorer\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionAddress= ReadLong(PeFile_ID) Next EndIf If \VirtualAddress <= ResourceVirtualAddress And \VirtualAddress+ \VirtualSize > ResourceVirtualAddress FileSeek(PeFile_ID,ResourceVirtualAddress-\VirtualAddress+\PointerToRawData) ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY)) CopyMemory(@tIMAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo,SizeOf(IMAGE_RESOURCE_DIRECTORY)) *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\__File_ResourceDirectoryCount = (tIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1 For o=0 To (tIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1 FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+(SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)*o)) ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)) AddElement(*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()) If Resource_IsNameString(tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset) FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_NameAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset))) ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_STRING,SizeOf(IMAGE_RESOURCE_DIRECTORY_STRING)) *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName = ReadString(PeFile_ID,#PB_Unicode,tIMAGE_RESOURCE_DIRECTORY_STRING\Length) Else *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID = (tIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset) EndIf If Resource_IsDirectory(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData) FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData))) ReadData(PeFile_ID,@tChildIMAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY)) CopyMemory(@tChildIMAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList(),SizeOf(IMAGE_RESOURCE_DIRECTORY)) *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceSubDirectoryCount = tChildIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tChildIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries For z=0 To (tChildIMAGE_RESOURCE_DIRECTORY\NumberOfIdEntries+tChildIMAGE_RESOURCE_DIRECTORY\NumberOfNamedEntries)-1 AddElement(*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()) FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+Resource_DirectoryAddress(tIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData) +(SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)*z)) ReadData(PeFile_ID,@tChildIMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)) If Resource_IsNameString(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset) FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_NameAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset))) ReadData(PeFile_ID,@tIMAGE_RESOURCE_DIRECTORY_STRING,SizeOf(IMAGE_RESOURCE_DIRECTORY_STRING)) *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName = ReadString(PeFile_ID,#PB_Unicode,tIMAGE_RESOURCE_DIRECTORY_STRING\Length) Else *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID = ( tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\NameOffset) EndIf If Resource_IsDirectory(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData) FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData))) ReadData(PeFile_ID,@tChildI1MAGE_RESOURCE_DIRECTORY,SizeOf(IMAGE_RESOURCE_DIRECTORY)) CopyMemory(@tChildI1MAGE_RESOURCE_DIRECTORY,@*iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList(),SizeOf(IMAGE_RESOURCE_DIRECTORY)) FileSeek(PeFile_ID,(ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+SizeOf(IMAGE_RESOURCE_DIRECTORY)+Resource_DirectoryAddress(tChildIMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData)) ReadData(PeFile_ID,@tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY,SizeOf(IMAGE_RESOURCE_DIRECTORY_ENTRY)) FileSeek(PeFile_ID,((ResourceVirtualAddress-\VirtualAddress+\PointerToRawData)+Resource_DirectoryAddress(tChild1IMAGE_RESOURCE_DIRECTORY_ENTRY\OffsetToData))) ReadData(PeFile_ID,@tIMAGE_RESOURCE_DATA_ENTRY,SizeOf(IMAGE_RESOURCE_DATA_ENTRY)) *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset = (Resource_DirectoryAddress(tIMAGE_RESOURCE_DATA_ENTRY\OffsetToData)-\VirtualAddress)+\PointerToRawData ;imagebas + OffsetToData *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\Size = tIMAGE_RESOURCE_DATA_ENTRY\Size *iPB_PEExplorer\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\CodePage = tIMAGE_RESOURCE_DATA_ENTRY\CodePage EndIf Next EndIf Next EndIf If \VirtualAddress <= RelocVirtualAddress And \VirtualAddress+ \VirtualSize > RelocVirtualAddress ;Relec section FileSeek(PeFile_ID,( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData) ReadData(PeFile_ID,@tIMAGE_BASE_RELOCATION,SizeOf(IMAGE_BASE_RELOCATION)) While tIMAGE_BASE_RELOCATION\VirtualAddress AddElement(*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList()) CopyMemory(@tIMAGE_BASE_RELOCATION,@*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList(),SizeOf(IMAGE_BASE_RELOCATION)) FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd+SizeOf(IMAGE_BASE_RELOCATION)) offsetReloc=ReadUnicodeCharacter(PeFile_ID) For itr=1 To (tIMAGE_BASE_RELOCATION\SizeOfBlock-SizeOf(IMAGE_BASE_RELOCATION))/SizeOf(Word) AddElement(*iPB_PEExplorer\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()) *iPB_PEExplorer\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u = offsetReloc FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd+SizeOf(IMAGE_BASE_RELOCATION)+ (itr * SizeOf(Unicode))) offsetReloc=ReadUnicodeCharacter(PeFile_ID) Next incrd+ tIMAGE_BASE_RELOCATION\SizeOfBlock FileSeek(PeFile_ID,(( RelocVirtualAddress-\VirtualAddress)+\PointerToRawData)+incrd) ReadData(PeFile_ID,@tIMAGE_BASE_RELOCATION,SizeOf(IMAGE_BASE_RELOCATION)) Wend EndIf EndIf EndWith Next ProcedureReturn 1 EndProcedure DisableExplicit Structure VS_VERSION_INFO wLength.u; wValueLength.u; wType.u ; szKey.u[15] ; Padding1.u[2] ; Value.VS_FIXEDFILEINFO; ; Padding2.u ; ; Children.u ; EndStructure Macro HiWord(a) (a>>16 & $ffff) EndMacro Macro LowWord(a) (a & $ffff) EndMacro EnableExplicit CoInitializeEx_(0, #COINIT_MULTITHREADED) Global pIShellLink.IShellLinkW Global pIPersistFile.IPersistFile If CoCreateInstance_(?CLSID_ShellLink, 0, #CLSCTX_INPROC_SERVER, ?IID_IShellLink, @pIShellLink) = 0 pIShellLink\QueryInterface(?IID_IPersistFile , @pIPersistFile) EndIf #File_Info="File Info" #DOS_HEADER="DOS_HEADER" #IMAGE_NT_HEADERS="IMAGE_NT_HEADERS" #FILE_HEADER="FILE_HEADER" #OPTIONAL_HEADER="OPTIONAL_HEADER" #SECTION_HEADER="SECTION_HEADER" #DESCRIPTOR_IMPORT="DESCRIPTOR_IMPORT" #DESCRIPTOR_EXPORT="DESCRIPTOR_EXPORT" #DESCRIPTOR_RESOURCE="DESCRIPTOR_RESOURCE" #DESCRIPTOR_RELOCATION="DESCRIPTOR_RELOCATION" #ENDOFDATA="+Overlay" Enumeration Window_PeExplorer #Window_PeExplorer EndEnumeration Enumeration Window_Gadget_PeExplorer #Gadget_ListIcon_PeExplorer #Gadget_Tree_PeExplorer #Gadget_Splitter_PeExplorer EndEnumeration Enumeration FormMenu_PeExplorer #Menu_Window_PeExplorer EndEnumeration Enumeration FormMenuItem_PeExplorer #MenuItem_SelectFile #MenuItem_Exit EndEnumeration Enumeration FormStatusBar_PeExplorer #StatusBar_PeExplorer EndEnumeration Enumeration FormStatusBarItem_PeExplorer #StatusBarItem_PeInfo #StatusBarItem_PeProgress EndEnumeration Global CurrentPB_PEExplorerFile.PB_PEExplorer Global CurrentFileLoc.s{#MAX_PATH} Procedure.s GetFilePathFromLnk(Lnk.s) Protected pWIN32_FIND_DATA.WIN32_FIND_DATA Protected Path.s{#MAX_PATH} If pIPersistFile And pIShellLink If pIPersistFile\Load(Lnk,0) = 0 If pIShellLink\GetPath(@Path,#MAX_PATH*2,@pWIN32_FIND_DATA,1) = 0 ProcedureReturn Path EndIf EndIf EndIf EndProcedure Procedure.s GetLongPathName(lpszShortPath.s) Protected lpszLongPath.s{#MAX_PATH} GetLongPathName_(@lpszShortPath,@lpszLongPath,#MAX_PATH) ProcedureReturn lpszLongPath EndProcedure Procedure.s GetShortPathName(lpszLongPath.s) Protected lpszShortPath.s{#MAX_PATH} GetShortPathName_(@lpszLongPath,@lpszShortPath,#MAX_PATH) ProcedureReturn lpszShortPath EndProcedure Procedure.s FindFile(Pthdll$,aDll$,SubDirCount.l=0,Pcall.b=1) Protected iReturn$,DirectoryEntryName$ Protected ed=ExamineDirectory(#PB_Any, Pthdll$, "*.*") If ed While NextDirectoryEntry(ed) DirectoryEntryName$=DirectoryEntryName(ed) If DirectoryEntryType(ed) = #PB_DirectoryEntry_File If FindString(DirectoryEntryName$, aDll$,1,#PB_String_NoCase) iReturn$ = Pthdll$ + "\" + aDll$ EndIf ElseIf SubDirCount < 5 If DirectoryEntryName$="." Or DirectoryEntryName$=".." :Continue:EndIf SubDirCount+1 iReturn$=FindFile(Pthdll$+"\" + DirectoryEntryName$,aDll$,SubDirCount,0) Else If Pcall=1 SubDirCount=0 EndIf EndIf If iReturn$:Break:EndIf Wend FinishDirectory(ed) EndIf ProcedureReturn iReturn$ EndProcedure Macro AddList(strlist,s) AddElement(strlist):strlist = s EndMacro Procedure ResizeGadgetsWindow_PeExplorer() Protected FormWindowWidth, FormWindowHeight FormWindowWidth = WindowWidth(#Window_PeExplorer) FormWindowHeight = WindowHeight(#Window_PeExplorer) ResizeGadget(#Gadget_Splitter_PeExplorer, 5, 5, FormWindowWidth-10, FormWindowHeight - MenuHeight() - StatusBarHeight(#StatusBar_PeExplorer) - 10) EndProcedure Procedure CloseWindow_PeExplorer() PostEvent(#PB_Event_CloseWindow, #Window_PeExplorer, 0) EndProcedure Procedure LoadPlugins_PeExplorer() Protected ed=ExamineDirectory(#PB_Any, "Plugins", "*.dll") If ed While NextDirectoryEntry(ed) If DirectoryEntryType(ed) = #PB_DirectoryEntry_File Protected ol=OpenLibrary(#PB_Any,"Plugins\"+DirectoryEntryName(ed)) If ol If Not CallFunction(ol,"PeExplorer_Plugin_Ini",WindowID(#Window_PeExplorer),@CurrentFileLoc) CloseLibrary(ol) EndIf EndIf EndIf Wend FinishDirectory(ed) EndIf EndProcedure Procedure.s Pex_Hex_Value(Value.q,Type.l, Addx.s="0x") Protected slong.l Select Type Case #PB_Byte slong=2 Case #PB_Word slong=4 Case #PB_Long slong=8 Case #PB_Quad slong=16 EndSelect ProcedureReturn Addx+RSet (Hex(Value,Type),slong,"0") EndProcedure Procedure.s Pex_Resource_Type (nRes.u) Select nRes Case #RT_ACCELERATOR:ProcedureReturn "#RT_ACCELERATOR" Case #RT_ANICURSOR:ProcedureReturn "#RT_ANICURSOR" Case #RT_ANIICON:ProcedureReturn "#RT_ANIICON" Case #RT_BITMAP:ProcedureReturn "#RT_BITMAP" Case #RT_CURSOR:ProcedureReturn "#RT_CURSOR" Case #RT_DIALOG:ProcedureReturn "#RT_DIALOG" Case #RT_DLGINCLUDE:ProcedureReturn "#RT_DLGINCLUDE" Case #RT_FONT:ProcedureReturn "#RT_FONT" Case #RT_FONTDIR:ProcedureReturn "#RT_FONTDIR" Case #RT_GROUP_CURSOR:ProcedureReturn "#RT_GROUP_CURSOR" Case #RT_GROUP_ICON:ProcedureReturn "#RT_GROUP_ICON" Case #RT_HTML:ProcedureReturn "#RT_HTML" Case #RT_ICON:ProcedureReturn "#RT_ICON" Case #RT_MANIFEST:ProcedureReturn "#RT_MANIFEST" Case #RT_MENU:ProcedureReturn "#RT_MENU" Case #RT_MESSAGETABLE:ProcedureReturn "#RT_MESSAGETABLE" Case #RT_PLUGPLAY:ProcedureReturn "#RT_PLUGPLAY" Case #RT_RCDATA:ProcedureReturn "#RT_RCDATA" Case #RT_STRING:ProcedureReturn "#RT_STRING" Case #RT_VERSION:ProcedureReturn "#RT_VERSION" Case #RT_VXD:ProcedureReturn "#RT_VXD" EndSelect ProcedureReturn Str(nRes) EndProcedure Procedure.s Pex_Machine_Type(Machine.u) Select Machine Case #IMAGE_FILE_MACHINE_I386:ProcedureReturn "X86" Case #IMAGE_FILE_MACHINE_IA64:ProcedureReturn "Intel Itanium" Case #IMAGE_FILE_MACHINE_AMD64:ProcedureReturn "X64" EndSelect EndProcedure Procedure.s Pex_Exe_Type(Characteristics.u) If Characteristics &#IMAGE_FILE_DLL = #IMAGE_FILE_DLL ProcedureReturn "Image is a DLL" ElseIf Characteristics &#IMAGE_FILE_EXECUTABLE_IMAGE = #IMAGE_FILE_EXECUTABLE_IMAGE ProcedureReturn "Image is a EXE" EndIf EndProcedure Procedure.s Pex_Image_Type(Magic.u) Select Magic Case #IMAGE_NT_OPTIONAL_HDR32_MAGIC ProcedureReturn "32bit" Case #IMAGE_NT_OPTIONAL_HDR64_MAGIC ProcedureReturn "64bit" Case #IMAGE_ROM_OPTIONAL_HDR_MAGIC ProcedureReturn "Rom image" EndSelect EndProcedure Structure ImageFile_Type Characteristics.u Desc.s EndStructure Procedure.s Pex_ImageFile_Type(Characteristics.w) Dim aImageFile_Type.ImageFile_Type(14) aImageFile_Type(0)\Characteristics = #IMAGE_FILE_RELOCS_STRIPPED aImageFile_Type(1)\Characteristics = #IMAGE_FILE_EXECUTABLE_IMAGE aImageFile_Type(2)\Characteristics = #IMAGE_FILE_LINE_NUMS_STRIPPED aImageFile_Type(3)\Characteristics = #IMAGE_FILE_LOCAL_SYMS_STRIPPED aImageFile_Type(4)\Characteristics = #IMAGE_FILE_AGGRESIVE_WS_TRIM aImageFile_Type(5)\Characteristics = #IMAGE_FILE_LARGE_ADDRESS_AWARE aImageFile_Type(6)\Characteristics = #IMAGE_FILE_BYTES_REVERSED_LO aImageFile_Type(7)\Characteristics = #IMAGE_FILE_32BIT_MACHINE aImageFile_Type(8)\Characteristics = #IMAGE_FILE_DEBUG_STRIPPED aImageFile_Type(9)\Characteristics = #IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP aImageFile_Type(10)\Characteristics = #IMAGE_FILE_NET_RUN_FROM_SWAP aImageFile_Type(11)\Characteristics = #IMAGE_FILE_SYSTEM aImageFile_Type(12)\Characteristics = #IMAGE_FILE_DLL aImageFile_Type(13)\Characteristics = #IMAGE_FILE_UP_SYSTEM_ONLY aImageFile_Type(14)\Characteristics = #IMAGE_FILE_BYTES_REVERSED_HI aImageFile_Type(0)\Desc = "IMAGE_FILE_RELOCS_STRIPPED" aImageFile_Type(1)\Desc = "IMAGE_FILE_EXECUTABLE_IMAGE" aImageFile_Type(2)\Desc = "IMAGE_FILE_LINE_NUMS_STRIPPED" aImageFile_Type(3)\Desc = "IMAGE_FILE_LOCAL_SYMS_STRIPPED" aImageFile_Type(4)\Desc = "IMAGE_FILE_AGGRESIVE_WS_TRIM" aImageFile_Type(5)\Desc = "IMAGE_FILE_LARGE_ADDRESS_AWARE" aImageFile_Type(6)\Desc = "IMAGE_FILE_BYTES_REVERSED_LO" aImageFile_Type(7)\Desc = "IMAGE_FILE_32BIT_MACHINE" aImageFile_Type(8)\Desc = "IMAGE_FILE_DEBUG_STRIPPED" aImageFile_Type(9)\Desc = "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP" aImageFile_Type(10)\Desc = "IMAGE_FILE_NET_RUN_FROM_SWAP" aImageFile_Type(11)\Desc = "IMAGE_FILE_SYSTEM" aImageFile_Type(12)\Desc = "IMAGE_FILE_DLL" aImageFile_Type(13)\Desc = "IMAGE_FILE_UP_SYSTEM_ONLY" aImageFile_Type(14)\Desc = "IMAGE_FILE_BYTES_REVERSED_HI" Protected sReturn.s,o For o = 0 To 14 If aImageFile_Type(o)\Characteristics & Characteristics = aImageFile_Type(o)\Characteristics sReturn + aImageFile_Type(o)\Desc + " | " EndIf Next ProcedureReturn Mid(sReturn,1,Len(sReturn) - 3) EndProcedure Procedure.s Pex_Subsystem_Type(Subsystem.u) Select Subsystem Case #IMAGE_SUBSYSTEM_NATIVE ProcedureReturn "Subsystem : native" Case #IMAGE_SUBSYSTEM_WINDOWS_GUI ProcedureReturn "Subsystem : Windows GUI" Case #IMAGE_SUBSYSTEM_WINDOWS_CUI ProcedureReturn "Subsystem : Windows CUI" Case #IMAGE_SUBSYSTEM_OS2_CUI ProcedureReturn "Subsystem : OS2." Case #IMAGE_SUBSYSTEM_POSIX_CUI ProcedureReturn "Subsystem : Posix." Case #IMAGE_SUBSYSTEM_WINDOWS_CE_GUI ProcedureReturn "Subsystem : Windows CE." Case #IMAGE_SUBSYSTEM_EFI_APPLICATION ProcedureReturn "Subsystem : Extensible Firmware Interface." Case #IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER ProcedureReturn "Subsystem : Extensible Firmware Interface." Case #IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER ProcedureReturn "Subsystem : Extensible Firmware Interface." Case #IMAGE_SUBSYSTEM_EFI_ROM ProcedureReturn "Subsystem : Extensible Firmware Interface." Case #IMAGE_SUBSYSTEM_XBOX ProcedureReturn "Subsystem : Xbox." Case #IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION ProcedureReturn "Subsystem : Boot Application." Default ProcedureReturn "unknown Subsystem" EndSelect EndProcedure Procedure.s Pex_Dll_Characteristics(DllCharacteristics.u) Select DllCharacteristics Case #IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE ProcedureReturn "The DLL can be relocated at load time." Case #IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY ProcedureReturn "Code integrity checks are forced." Case #IMAGE_DLLCHARACTERISTICS_NX_COMPAT ProcedureReturn "The image is compatible With Data execution prevention (DEP)." Case #IMAGE_DLLCHARACTERISTICS_NO_ISOLATION ProcedureReturn "The image is isolation aware, but should Not be isolated." Case #IMAGE_DLLCHARACTERISTICS_NO_SEH ProcedureReturn "The image does Not use structured exception handling (SEH)." Case #IMAGE_DLLCHARACTERISTICS_NO_BIND ProcedureReturn "Do Not bind the image" Case #IMAGE_DLLCHARACTERISTICS_WDM_DRIVER ProcedureReturn "A WDM driver" Case #IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE ProcedureReturn "The image is terminal server aware." EndSelect EndProcedure Procedure.s Pex_HexRawData_Read(ResOffset.l,ResSize.l,ReadSize.l,ReturnHex.b=1) Protected Rd = ReadFile(#PB_Any, CurrentFileLoc) If Rd If ReadSize >= ResSize:ReadSize=ResSize:EndIf If ReadSize > 0 And ResOffset > 0 And ResOffset + ReadSize <= Lof(Rd) FileSeek(Rd,ResOffset) Protected u.l,pb.a,Returna$ ,Returns$ For u=1 To ReadSize pb = ReadAsciiCharacter(Rd) Returna$ + Pex_Hex_Value(pb,#PB_Byte,"") + " " If pb=0:pb=Asc("."):EndIf Returns$ + Chr(pb) Next EndIf CloseFile(Rd) EndIf If ReturnHex ProcedureReturn Returna$ EndIf ProcedureReturn Returns$ EndProcedure Procedure.i Pex_MemRawData_Read(ResOffset.l,ReadSize.l) Protected Rd = ReadFile(#PB_Any, CurrentFileLoc) If Rd If ReadSize > 0 And ResOffset > 0 And ResOffset + ReadSize <= Lof(Rd) Protected *Almem=AllocateMemory(ReadSize) If *Almem FileSeek(Rd,ResOffset) ReadData(Rd,*Almem,ReadSize) EndIf EndIf CloseFile(Rd) EndIf ProcedureReturn *Almem EndProcedure Procedure.b Pex_UpxPacker_Detect() Protected IspUpx.b With CurrentPB_PEExplorerFile ForEach \IMAGE_SECTION_HEADERList() If Left(\IMAGE_SECTION_HEADERList()\__File_Selction_Name,3) = "UPX" IspUpx+1 EndIf Next EndWith ProcedureReturn IspUpx EndProcedure Procedure.b Pex_UpxPacker_UnPacked() Protected ru,Sortie$,Rderr$ If MessageRequester("","UPX packer Detected.. "+#CRLF$ + "Do you want decompress file !", #PB_MessageRequester_YesNo)<>#PB_MessageRequester_Yes ProcedureReturn EndIf If FileSize("upx.exe") < 1 ProcedureReturn MessageRequester("","Upx.exe not found!") EndIf ru=RunProgram("upx","-d " + GetShortPathName(CurrentFileLoc), GetCurrentDirectory(), #PB_Program_Open | #PB_Program_Read |#PB_Program_Error|#PB_Program_Hide) If ru While ProgramRunning(ru) If AvailableProgramOutput(ru) ReadProgramString(ru) Rderr$=ReadProgramError(ru) If Rderr$ Sortie$ + Rderr$ + Chr(13) EndIf EndIf Wend If ProgramExitCode(ru)=1 MessageRequester("UPX Error!",Sortie$) ProcedureReturn 0 EndIf ProcedureReturn 1 EndIf EndProcedure Procedure.s Pex_DLL_FindPath(aDll$) Protected WindowsDirectory.s{#MAX_PATH},SystemWindowsDirectory.s{#MAX_PATH} GetWindowsDirectory_(@WindowsDirectory,#MAX_PATH) GetSystemDirectory_(@SystemWindowsDirectory,#MAX_PATH) If FileSize(WindowsDirectory+"\"+aDll$) > 0 ProcedureReturn WindowsDirectory+"\"+aDll$ EndIf If FileSize(SystemWindowsDirectory+"\"+aDll$) > 0 ProcedureReturn SystemWindowsDirectory+"\"+aDll$ EndIf Protected DllPath.s{#MAX_PATH} Protected lb,CloseLib.b lb= GetModuleHandle_(aDll$) If Not lb lb=LoadLibraryEx_(aDll$,0,$00000001) CloseLib = 1 EndIf If lb GetModuleFileName_(lb,@DllPath,#MAX_PATH) If CloseLib FreeLibrary_(lb) EndIf If DllPath ProcedureReturn DllPath EndIf EndIf Protected Pthdll$=RTrim(GetPathPart(CurrentFileLoc),"\") If Pthdll$ Protected iFind$=FindFile(Pthdll$,aDll$) If iFind$ ProcedureReturn iFind$ EndIf EndIf ProcedureReturn "?\"+aDll$ EndProcedure Procedure.s Pex_RawData_Hash(ReadOffset.l=0,ReadSize.l=0) Protected Rdf=ReadFile(#PB_Any,CurrentFileLoc) If Rdf If ReadSize=0:ReadSize=Lof(Rdf):EndIf If Lof(Rdf) < ReadOffset+ReadSize:ReadSize=Lof(Rdf)-ReadOffset:EndIf If ReadSize < 1 :ProcedureReturn:EndIf FileSeek(Rdf,ReadOffset) Protected *Dataf=AllocateMemory(1024*64) If *Dataf UseMD5Fingerprint() Protected fmd5 = StartFingerprint(#PB_Any, #PB_Cipher_MD5) If fmd5 Protected Rd.l,iReturn$,irds.l=1024*64,ird.l Repeat If ird+irds > ReadSize:irds=ReadSize-ird:EndIf Rd=ReadData(Rdf,*Dataf,irds) AddFingerprintBuffer(fmd5, *Dataf, Rd) ird+Rd If ird=ReadSize:Break:EndIf ForEver iReturn$= FinishFingerprint(fmd5) EndIf FreeMemory(*Dataf) EndIf CloseFile(Rdf) EndIf ProcedureReturn iReturn$ EndProcedure Procedure.s Pex_Section_Characteristics(Characteristics.l) Protected sReturn.s If Characteristics& #IMAGE_SCN_CNT_CODE :sReturn + "CODE + ":EndIf If Characteristics& #IMAGE_SCN_CNT_INITIALIZED_DATA :sReturn + "INITIALIZED_DATA + ":EndIf If Characteristics& #IMAGE_SCN_CNT_UNINITIALIZED_DATA :sReturn + "UNINITIALIZED_DATA + ":EndIf If Characteristics& #IMAGE_SCN_MEM_SHARED :sReturn + "MEM_SHARED + ":EndIf If Characteristics& #IMAGE_SCN_MEM_EXECUTE :sReturn + "MEM_EXECUTE + ":EndIf If Characteristics& #IMAGE_SCN_MEM_READ :sReturn + "MEM_READ + ":EndIf If Characteristics& #IMAGE_SCN_MEM_WRITE :sReturn + "MEM_WRITE + ":EndIf ProcedureReturn Mid(sReturn,1,Len(sReturn)-2) EndProcedure Macro Pex_Is64Bit() Bool(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader\Magic = #IMAGE_NT_OPTIONAL_HDR64_MAGIC) EndMacro Procedure.s Pex_Date_Format(lDat.l) If lDat > 0 ProcedureReturn FormatDate("%yyyy/ %mm/ %dd %hh:%ii:%ss",lDat)+" UTC" EndIf EndProcedure Procedure Pex_Resource_Read(ResourceDir.l,ResourceNameStr.s,ResourceNameInt.l,ResourceOffset.l,ResourceSize.l) Protected sReturn.s Select ResourceDir Case #RT_MANIFEST Protected *Versionmem =Pex_MemRawData_Read(ResourceOffset,ResourceSize) If *Versionmem sReturn= PeekS(*Versionmem,ResourceSize,#PB_Ascii) FreeMemory(*Versionmem) EndIf Case #RT_VERSION *Versionmem =Pex_MemRawData_Read(ResourceOffset,ResourceSize) If *Versionmem Protected *vr.VS_VERSION_INFO=*Versionmem Protected FileVersion.s= Str(HiWord(*vr\Value\dwFileVersionMS)) + "." +Str(LowWord(*vr\Value\dwFileVersionMS)) + "." +Str(HiWord(*vr\Value\dwFileVersionLS)) + "." + Str(LowWord(*vr\Value\dwFileVersionLS)) Protected ProductVersion.s= Str(HiWord(*vr\Value\dwProductVersionMS)) + "." +Str(LowWord(*vr\Value\dwProductVersionMS)) + "." +Str(HiWord(*vr\Value\dwProductVersionLS)) + "." + Str(LowWord(*vr\Value\dwProductVersionLS)) sReturn + "<" + PeekS(@*vr\szKey)+ ">" + #CRLF$ + #CRLF$ sReturn + " File Version: " + FileVersion + #CRLF$ sReturn + " Product Version: " + ProductVersion + #CRLF$ sReturn + " Characteristics: " + Pex_Hex_Value(*vr\Value\dwFileType,#PB_Long) + ", " + Pex_Hex_Value(*vr\Value\dwFileOS,#PB_Long) + #CRLF$ Protected ChildrenLen.l Protected *cvr.VS_VERSION_INFO While ChildrenLen < *vr\wLength-SizeOf(VS_VERSION_INFO) *cvr = *vr+SizeOf(VS_VERSION_INFO)+ChildrenLen ChildrenLen+*cvr\wLength If Mod(ChildrenLen,4) ChildrenLen+4-Mod(ChildrenLen,4) EndIf Select PeekS(@*cvr\szKey) Case "StringFileInfo" Protected *ccvr.VS_VERSION_INFO=*cvr+36 sReturn + #CRLF$ + " " Protected szKey.s= PeekS(@*ccvr\szKey) sReturn + #CRLF$ + " <" + szKey + ">" + #CRLF$ sReturn + " Language identifier: " + "0x" + Mid(szKey,1,4)+ #CRLF$ sReturn + " Code page: " + "0x" + Mid(szKey,3,4)+ #CRLF$ + #CRLF$ Protected iOffset.l,iPadding.l,iLength.l While iOffset < *ccvr\wLength - 24 Protected *cccvr.VS_VERSION_INFO=*ccvr+24+iOffset iLength=*cccvr\wLength iPadding=Mod(iLength,4) If iPadding:iLength+4-iPadding:EndIf szKey= PeekS(@*cccvr\szKey) iPadding = 4 - Mod(2 * Len(szKey) + 6, 4) sReturn + " " + szKey + ": " + PeekS(@*cccvr\szKey+(Len(szKey)*2)+iPadding) +#CRLF$ iOffset+iLength Wend sReturn + #CRLF$ + " " sReturn + #CRLF$ + " " + #CRLF$ Case "VarFileInfo" *ccvr=*cvr+32 sReturn + #CRLF$ + " " sReturn + #CRLF$ + " <" + PeekS(@*ccvr\szKey) + ">" + #CRLF$ Protected i.l,Val.w For i=0 To (*ccvr\wValueLength/2)-1 Val= PeekW(*ccvr+32+(2*i)) If Mod(i,2) sReturn + " Language identifier: " + Pex_Hex_Value(Val,#PB_Word) + #CRLF$ Else sReturn + " Code page: " + Pex_Hex_Value(Val,#PB_Word) + #CRLF$ EndIf Next sReturn + #CRLF$ + " " sReturn + #CRLF$ + " " + #CRLF$ EndSelect Wend sReturn + #CRLF$ + "" + #CRLF$ FreeMemory(*Versionmem) EndIf EndSelect If sReturn MessageRequester("", sReturn) EndIf EndProcedure Procedure.s Pex_Reloc_Type(Type.u) Protected sReturn.s Select Type Case #IMAGE_REL_BASED_ABSOLUTE sReturn = "IMAGE_REL_BASED_ABSOLUTE(0)" Case #IMAGE_REL_BASED_HIGH sReturn = "IMAGE_REL_BASED_HIGH(1)" Case #IMAGE_REL_BASED_LOW sReturn = "IMAGE_REL_BASED_LOW(2)" Case #IMAGE_REL_BASED_HIGHLOW sReturn = "IMAGE_REL_BASED_HIGHLOW(3)" Case #IMAGE_REL_BASED_HIGHADJ sReturn = "IMAGE_REL_BASED_HIGHADJ(4)" Case #IMAGE_REL_BASED_MIPS_JMPADDR sReturn = "IMAGE_REL_BASED_MIPS_JMPADDR(5)" Case #IMAGE_REL_BASED_DIR64 sReturn = "IMAGE_REL_BASED_DIR64(10)" EndSelect ProcedureReturn sReturn EndProcedure Procedure SetInfoHeader_PeExplorer(ItHeader.s,SelectType.s="",ResFileType.s="") NewList gilist.s() Select ItHeader Case #DESCRIPTOR_RELOCATION If ResFileType <> "" With CurrentPB_PEExplorerFile ForEach \IMAGE_BASE_RELOCATIONList() If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long) = SelectType Protected SRVA = \IMAGE_BASE_RELOCATIONList()\VirtualAddress ForEach \IMAGE_BASE_RELOCATIONList()\RelocationTypeList() If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u,#PB_Word) = ResFileType Protected Offset = (\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u & $0fff) Protected Type = ((\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u >> 12) & $000F) AddList(gilist(),"RVA" +Chr(10) + Pex_Hex_Value(Offset + \IMAGE_BASE_RELOCATIONList()\VirtualAddress ,#PB_Long)+Chr(10) + "Offset : " + Str(Offset)) AddList(gilist(),"Type" +Chr(10) +Pex_Reloc_Type(Type)) Break EndIf Next EndIf Next EndWith If Offset ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() If \VirtualAddress <= SRVA And \VirtualAddress+ \VirtualSize > SRVA Protected *plong.long = Pex_MemRawData_Read(\PointerToRawData + Offset,SizeOf(long)) If *plong Protected ImageBase.q = CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader\ImageBase If Pex_Is64Bit() ImageBase = CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase EndIf Protected RRVA = *plong\l - ImageBase AddList(gilist(),"Data" +Chr(10) +Pex_Hex_Value(*plong\l,#PB_Long) + Chr(10) + *plong\l) FreeMemory(*plong) EndIf Break EndIf EndWith Next If RRVA > 0 ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() If \VirtualAddress <= RRVA And \VirtualAddress+ \VirtualSize > RRVA AddList(gilist(),"Remote Section " + Chr(10) + \__File_Selction_Name + Chr(10) + "Remote Offset : " + Str(RRVA)) Break EndIf EndWith Next EndIf EndIf ElseIf SelectType <> "" With CurrentPB_PEExplorerFile ForEach \IMAGE_BASE_RELOCATIONList() If Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long) = SelectType AddList(gilist(),"SizeOfBlock" +Chr(10) + Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\SizeOfBlock,#PB_Long) + Chr(10) + Str(\IMAGE_BASE_RELOCATIONList()\SizeOfBlock) + " Byte") AddList(gilist(),"Items" +Chr(10) +Str(ListSize(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()))) SRVA = \IMAGE_BASE_RELOCATIONList()\VirtualAddress Break EndIf Next EndWith ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() If \VirtualAddress <= SRVA And \VirtualAddress+ \VirtualSize > SRVA AddList(gilist(),"Section" +Chr(10) +\__File_Selction_Name) Break EndIf EndWith Next Else Protected RelocCount.l With CurrentPB_PEExplorerFile ForEach \IMAGE_BASE_RELOCATIONList() RelocCount+ListSize(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()) Next EndWith AddList(gilist(),"Relocation Count" + Chr(10) + Str(RelocCount)) EndIf Case#File_Info AddList(gilist(),"Name" +Chr(10) + GetFilePart(CurrentFileLoc)) AddList(gilist(),"Size" +Chr(10) +Str(FileSize(CurrentFileLoc) ) + " Byte") AddList(gilist(),"Offset Entry Code" +Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\__File_OffsetEntryCode,#PB_Long ) + Chr(10) + Str(CurrentPB_PEExplorerFile\__File_OffsetEntryCode)) AddList(gilist(),"MD5 Hash" +Chr(10) + Pex_RawData_Hash()) With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32 StatusBarText(#StatusBar_PeExplorer, #StatusBarItem_PeInfo, (CurrentFileLoc) + " " + " Made for :" + Pex_Machine_Type(\FileHeader\Machine) + " " + " Machine :" + Pex_Image_Type(\OptionalHeader\Magic)) EndWith Case #DOS_HEADER With CurrentPB_PEExplorerFile\IMAGE_DOS_HEADER AddList(gilist(),"e_magic" + Chr(10) + Pex_Hex_Value(\e_magic,#PB_Word) + Chr(10) + Chr(PeekA(@\e_magic)) + Chr(PeekA(@\e_magic+1))) AddList(gilist(),"e_cblp" + Chr(10) + Pex_Hex_Value(\e_cblp,#PB_Word)) AddList(gilist(),"e_cp" + Chr(10) + Pex_Hex_Value(\e_cp,#PB_Word)) AddList(gilist(),"e_crlc" + Chr(10) + Pex_Hex_Value(\e_crlc,#PB_Word)) AddList(gilist(),"e_cparhdr" + Chr(10) + Pex_Hex_Value(\e_cparhdr,#PB_Word)) AddList(gilist(),"e_minalloc" + Chr(10) + Pex_Hex_Value(\e_minalloc,#PB_Word)) AddList(gilist(),"e_maxalloc" + Chr(10) + Pex_Hex_Value(\e_maxalloc,#PB_Word)) AddList(gilist(),"e_ss" + Chr(10) + Pex_Hex_Value(\e_ss,#PB_Word)) AddList(gilist(),"e_sp" + Chr(10) + Pex_Hex_Value(\e_sp,#PB_Word)) AddList(gilist(),"e_csum" + Chr(10) + Pex_Hex_Value(\e_csum,#PB_Word)) AddList(gilist(),"e_ip" + Chr(10) + Pex_Hex_Value(\e_ip,#PB_Word)) AddList(gilist(),"e_cs" + Chr(10) + Pex_Hex_Value(\e_cs,#PB_Word)) AddList(gilist(),"e_lfarlc" + Chr(10) + Pex_Hex_Value(\e_lfarlc,#PB_Word)) AddList(gilist(),"e_ovno" + Chr(10) + Pex_Hex_Value(\e_ovno,#PB_Word)) AddList(gilist(),"e_res[0]" + Chr(10) + Pex_Hex_Value(\e_res[0],#PB_Word)) AddList(gilist(),"e_res[1]" + Chr(10) + Pex_Hex_Value(\e_res[1],#PB_Word)) AddList(gilist(),"e_res[2]" + Chr(10) + Pex_Hex_Value(\e_res[2],#PB_Word)) AddList(gilist(),"e_res[3]" + Chr(10) + Pex_Hex_Value(\e_res[3],#PB_Word)) AddList(gilist(),"e_oemid" + Chr(10) + Pex_Hex_Value(\e_oemid,#PB_Word)) AddList(gilist(),"e_oeminfo" + Chr(10) + Pex_Hex_Value(\e_oeminfo,#PB_Word)) AddList(gilist(),"e_res2[0]" + Chr(10) + Pex_Hex_Value(\e_res2[0],#PB_Word)) AddList(gilist(),"e_res2[1]" + Chr(10) + Pex_Hex_Value(\e_res2[1],#PB_Word)) AddList(gilist(),"e_res2[2]" + Chr(10) + Pex_Hex_Value(\e_res2[2],#PB_Word)) AddList(gilist(),"e_res2[3]" + Chr(10) + Pex_Hex_Value(\e_res2[3],#PB_Word)) AddList(gilist(),"e_res2[4]" + Chr(10) + Pex_Hex_Value(\e_res2[4],#PB_Word)) AddList(gilist(),"e_res2[5]" + Chr(10) + Pex_Hex_Value(\e_res2[5],#PB_Word)) AddList(gilist(),"e_res2[6]" + Chr(10) + Pex_Hex_Value(\e_res2[6],#PB_Word)) AddList(gilist(),"e_res2[7]" + Chr(10) + Pex_Hex_Value(\e_res2[7],#PB_Word)) AddList(gilist(),"e_res2[8]" + Chr(10) + Pex_Hex_Value(\e_res2[8],#PB_Word)) AddList(gilist(),"e_res2[9]" + Chr(10) + Pex_Hex_Value(\e_res2[9],#PB_Word)) AddList(gilist(),"e_lfanew" + Chr(10) + Pex_Hex_Value(\e_lfanew,#PB_Long)) EndWith Case #IMAGE_NT_HEADERS With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32 AddList(gilist(),"Signature" + Chr(10) + Pex_Hex_Value(\Signature,#PB_Long)+ Chr(10) + Chr(PeekA(@\Signature)) + Chr(PeekA(@\Signature+1))) EndWith Case #FILE_HEADER With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\FileHeader AddList(gilist(),"Machine" + Chr(10) + Pex_Hex_Value(\Machine,#PB_Word)+ Chr(10) + Pex_Machine_Type(\Machine)) AddList(gilist(),"NumberOfSections" + Chr(10) + Pex_Hex_Value(\NumberOfSections,#PB_Word) + Chr(10) + Str(\NumberOfSections)) AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+ Chr(10) + "Date created : " + Pex_Date_Format(\TimeDateStamp)) AddList(gilist(),"PointerToSymbolTable" + Chr(10) + Pex_Hex_Value(\PointerToSymbolTable,#PB_Long)) AddList(gilist(),"NumberOfSymbols" + Chr(10) + Pex_Hex_Value(\NumberOfSymbols,#PB_Long)) AddList(gilist(),"SizeOfOptionalHeader" + Chr(10) + Pex_Hex_Value(\SizeOfOptionalHeader,#PB_Word) + Chr(10) + Str(\SizeOfOptionalHeader) + " Byte") AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Word) + Chr(10) + Pex_ImageFile_Type(\Characteristics)) EndWith Case #OPTIONAL_HEADER With CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS32\OptionalHeader AddList(gilist(),"Magic" + Chr(10) + Pex_Hex_Value(\Magic,#PB_Word)+ Chr(10) + Pex_Image_Type(\Magic)) AddList(gilist(),"MajorLinkerVersion" + Chr(10) + Pex_Hex_Value(\MajorLinkerVersion,#PB_Byte)+ Chr(10) + "Linker Version : " + Str(\MajorLinkerVersion) +"."+ Str( \MinorLinkerVersion)) AddList(gilist(),"MinorLinkerVersion" + Chr(10) + Pex_Hex_Value(\MinorLinkerVersion,#PB_Byte)) AddList(gilist(),"SizeOfCode" + Chr(10) + Pex_Hex_Value(\SizeOfCode,#PB_Long) + Chr(10) + Str(\SizeOfCode) + " Byte") AddList(gilist(),"SizeOfInitializedData" + Chr(10) + Pex_Hex_Value(\SizeOfInitializedData,#PB_Long) + Chr(10) + Str(\SizeOfInitializedData) + " Byte") AddList(gilist(),"SizeOfUninitializedData" + Chr(10) + Pex_Hex_Value(\SizeOfUninitializedData,#PB_Long) + Chr(10) + Str(\SizeOfUninitializedData) + " Byte") AddList(gilist(),"AddressOfEntryPoint" + Chr(10) + Pex_Hex_Value(\AddressOfEntryPoint,#PB_Long) + Chr(10) + Str(\AddressOfEntryPoint)) AddList(gilist(),"BaseOfCode" + Chr(10) + Pex_Hex_Value(\BaseOfCode,#PB_Long) + Chr(10) + Str(\baseofcode)) If Pex_Is64Bit() AddList(gilist(),"ImageBase" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase,#PB_Quad) + Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\ImageBase)) Else AddList(gilist(),"BaseOfData" + Chr(10) + Pex_Hex_Value(\BaseOfData,#PB_Long) + Chr(10) + Str(\BaseOfData)) AddList(gilist(),"ImageBase" + Chr(10) + Pex_Hex_Value(\ImageBase,#PB_Long) + Chr(10) + Str(\ImageBase)) EndIf AddList(gilist(),"SectionAlignment" + Chr(10) + Pex_Hex_Value(\SectionAlignment,#PB_Long)+ Chr(10) + Str(\SectionAlignment)) AddList(gilist(),"FileAlignment" + Chr(10) + Pex_Hex_Value(\FileAlignment,#PB_Long) + Chr(10) + Str(\FileAlignment)) AddList(gilist(),"MajorOperatingSystemVersion" + Chr(10) + Pex_Hex_Value(\MajorOperatingSystemVersion,#PB_Word)+ Chr(10) + "Required operating system Version :" + Str(\MajorOperatingSystemVersion) + "."+ Str( \MinorOperatingSystemVersion)) AddList(gilist(),"MinorOperatingSystemVersion" + Chr(10) + Pex_Hex_Value(\MinorOperatingSystemVersion,#PB_Word)) AddList(gilist(),"MajorImageVersion" + Chr(10) + Pex_Hex_Value(\MajorImageVersion,#PB_Word)+ Chr(10) + "Image Version : " + Str(\MajorImageVersion) +"."+ Str( \MinorImageVersion)) AddList(gilist(),"MinorImageVersion" + Chr(10) + Pex_Hex_Value(\MinorImageVersion,#PB_Word)) AddList(gilist(),"MajorSubsystemVersion" + Chr(10) + Pex_Hex_Value(\MajorSubsystemVersion,#PB_Word)+ Chr(10) + "Subsystem Version : " + Str(\MajorSubsystemVersion) +"."+ Str( \MinorSubsystemVersion)) AddList(gilist(),"MinorSubsystemVersion" + Chr(10) + Pex_Hex_Value(\MinorSubsystemVersion,#PB_Word)) AddList(gilist(),"Win32VersionValue" + Chr(10) + Pex_Hex_Value(\Win32VersionValue,#PB_Long)) AddList(gilist(),"SizeOfImage" + Chr(10) + Pex_Hex_Value(\SizeOfImage,#PB_Long) + Chr(10) + Str(\SizeOfImage) + " Byte") AddList(gilist(),"SizeOfHeaders" + Chr(10) + Pex_Hex_Value(\SizeOfHeaders,#PB_Long) + Chr(10) + Str(\SizeOfHeaders) + " Byte") AddList(gilist(),"CheckSum" + Chr(10) + Pex_Hex_Value(\CheckSum,#PB_Long)) AddList(gilist(),"Subsystem" + Chr(10) + Pex_Hex_Value(\Subsystem,#PB_Word)+ Chr(10) + Pex_Subsystem_Type(\Subsystem)) AddList(gilist(),"DllCharacteristics" + Chr(10) + Pex_Hex_Value(\DllCharacteristics,#PB_Word)+ Chr(10) + Pex_Dll_Characteristics(\DllCharacteristics)) If Pex_Is64Bit() AddList(gilist(),"SizeOfStackReserve" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackReserve,#PB_Quad)+ Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackReserve)) AddList(gilist(),"SizeOfStackCommit" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackCommit,#PB_Quad)+ Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfStackCommit)) AddList(gilist(),"SizeOfHeapReserve" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapReserve,#PB_Quad) + Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapReserve)) AddList(gilist(),"SizeOfHeapCommit" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapCommit,#PB_Quad) + Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\SizeOfHeapCommit)) AddList(gilist(),"LoaderFlags" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\LoaderFlags,#PB_Long) + Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\LoaderFlags)) AddList(gilist(),"NumberOfRvaAndSizes" + Chr(10) + Pex_Hex_Value(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\NumberOfRvaAndSizes,#PB_Long) + Chr(10) + Str(CurrentPB_PEExplorerFile\IMAGE_NT_HEADERS64\OptionalHeader\NumberOfRvaAndSizes)) Else AddList(gilist(),"SizeOfStackReserve" + Chr(10) + Pex_Hex_Value(\SizeOfStackReserve,#PB_Long) + Chr(10) + Str(\SizeOfStackReserve)) AddList(gilist(),"SizeOfStackCommit" + Chr(10) + Pex_Hex_Value(\SizeOfStackCommit,#PB_Long) + Chr(10) + Str(\SizeOfStackCommit)) AddList(gilist(),"SizeOfHeapReserve" + Chr(10) + Pex_Hex_Value(\SizeOfHeapReserve,#PB_Long) + Chr(10) + Str(\SizeOfHeapReserve)) AddList(gilist(),"SizeOfHeapCommit" + Chr(10) + Pex_Hex_Value(\SizeOfHeapCommit,#PB_Long) + Chr(10) + Str(\SizeOfHeapCommit)) AddList(gilist(),"LoaderFlags" + Chr(10) + Pex_Hex_Value(\LoaderFlags,#PB_Long) + Chr(10) + Str(\LoaderFlags)) AddList(gilist(),"NumberOfRvaAndSizes" + Chr(10) + Pex_Hex_Value(\NumberOfRvaAndSizes,#PB_Long) + Chr(10) + Str(\NumberOfRvaAndSizes)) EndIf EndWith Case #SECTION_HEADER If SelectType = #SECTION_HEADER With CurrentPB_PEExplorerFile AddList(gilist(),"Section count" + Chr(10) + Str(ListSize(\IMAGE_SECTION_HEADERList()))) EndWith Else ForEach CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() With CurrentPB_PEExplorerFile\IMAGE_SECTION_HEADERList() If \__File_Selction_Name = SelectType AddList(gilist(),"SecName[8]" + Chr(10) + Pex_Hex_Value(PeekQ(@\SecName),#PB_Quad)+ Chr(10) + SelectType) AddList(gilist(),"PhysicalAddr" + Chr(10) + Pex_Hex_Value(\PhysicalAddr,#PB_Long)) AddList(gilist(),"VirtualSize" + Chr(10) + Pex_Hex_Value(\VirtualSize,#PB_Long) + Chr(10) + Str(\VirtualSize) + " Byte") AddList(gilist(),"VirtualAddress" + Chr(10) + Pex_Hex_Value(\VirtualAddress,#PB_Long) + Chr(10) + Str(\VirtualAddress)) AddList(gilist(),"SizeOfRawData" + Chr(10) + Pex_Hex_Value(\SizeOfRawData,#PB_Long) + Chr(10) + Str(\SizeOfRawData) + " Byte") AddList(gilist(),"PointerToRawData" + Chr(10) + Pex_Hex_Value(\PointerToRawData,#PB_Long) + Chr(10) + Str(\PointerToRawData)) AddList(gilist(),"PointerToRelocations" + Chr(10) + Pex_Hex_Value(\PointerToRelocations,#PB_Long)) AddList(gilist(),"PointerToLinenumbers" + Chr(10) + Pex_Hex_Value(\PointerToLinenumbers,#PB_Long)) AddList(gilist(),"NumberOfRelocations" + Chr(10) + Pex_Hex_Value(\NumberOfRelocations,#PB_Word)) AddList(gilist(),"NumberOfLinenumbers" + Chr(10) + Pex_Hex_Value(\NumberOfLinenumbers,#PB_Word)) AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long)+ Chr(10) + Pex_Section_Characteristics(\Characteristics)) AddList(gilist(),"") AddList(gilist(),"Section MD5 Hash" + Chr(10) +Pex_RawData_Hash(\PointerToRawData,\SizeOfRawData)) Break EndIf EndWith Next EndIf Case #DESCRIPTOR_IMPORT If ResFileType <> "" Protected fUnctioname$ With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo ForEach \IMAGE_IMPORT_DESCRIPTORList() If \IMAGE_IMPORT_DESCRIPTORList()\LibraryName = SelectType ForEach \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList() If \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal If Pex_Is64Bit() fUnctioname$=Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Quad) Else fUnctioname$=Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Long) EndIf Else fUnctioname$= \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName EndIf If fUnctioname$ = ResFileType If \IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal AddList(gilist(),"Ordinal" + Chr(10) + fUnctioname$) Else AddList(gilist(),"Name" + Chr(10) + fUnctioname$) EndIf If Pex_Is64Bit() AddList(gilist(),"IMAGE_THUNK_DATA" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA,#PB_Quad)) Else AddList(gilist(),"IMAGE_THUNK_DATA" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\IMAGE_THUNK_DATA,#PB_Long)) EndIf Break EndIf Next Break EndIf Next EndWith ElseIf SelectType <> "" With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo ForEach \IMAGE_IMPORT_DESCRIPTORList() If \IMAGE_IMPORT_DESCRIPTORList()\LibraryName = SelectType AddList(gilist(),"OriginalFirstThunk" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\OriginalFirstThunk,#PB_Long)) AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " + Pex_Date_Format(\IMAGE_IMPORT_DESCRIPTORList()\TimeDateStamp)) AddList(gilist(),"ForwarderChain" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\ForwarderChain,#PB_Long)) AddList(gilist(),"Name" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\Name,#PB_Long)) AddList(gilist(),"FirstThunk" + Chr(10) + Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORList()\FirstThunk,#PB_Long)) Break EndIf Next EndWith Else Protected FuncCount.l With CurrentPB_PEExplorerFile\IMAGE_IMPORT_DESCRIPTORInfo ForEach \IMAGE_IMPORT_DESCRIPTORList() FuncCount+ListSize(\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()) Next EndWith AddList(gilist(),"Function Count" + Chr(10) + Str(FuncCount)) EndIf Case #DESCRIPTOR_EXPORT If SelectType <> "" With CurrentPB_PEExplorerFile\IMAGE_EXPORT_DIRECTORYInfo ForEach \ExportFunctionNameListe() If \ExportFunctionNameListe()\FunctionName = SelectType AddList(gilist(),"Address" + Chr(10) + Pex_Hex_Value(\ExportFunctionNameListe()\FunctionAddress,#PB_Long)) AddList(gilist(),"Ordinale" + Chr(10) + Pex_Hex_Value(\ExportFunctionNameListe()\Ordinale,#PB_Word)) Break EndIf Next EndWith Else With CurrentPB_PEExplorerFile\IMAGE_EXPORT_DIRECTORYInfo AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long)) AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " + Pex_Date_Format(\TimeDateStamp)) AddList(gilist(),"MajorVersion" + Chr(10) + Pex_Hex_Value(\MajorVersion,#PB_Word)+ Chr(10) + Str(\MajorVersion) + "." + Str(\MinorVersion)) AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word)) AddList(gilist(),"Name" + Chr(10) + Pex_Hex_Value(\Name,#PB_Long)+ Chr(10) + \__File_OriginalDllName) AddList(gilist(),"Base" + Chr(10) + Pex_Hex_Value(\Base,#PB_Long)) AddList(gilist(),"NumberOfFunctions" + Chr(10) + Pex_Hex_Value(\NumberOfFunctions,#PB_Long) + Chr(10) + Str(\NumberOfFunctions)) AddList(gilist(),"NumberOfNames" + Chr(10) + Pex_Hex_Value(\NumberOfNames,#PB_Long) + Chr(10) + Str(\NumberOfNames)) AddList(gilist(),"AddressOfFunctions" + Chr(10) + Pex_Hex_Value(\AddressOfFunctions,#PB_Long)) AddList(gilist(),"AddressOfNames" + Chr(10) + Pex_Hex_Value(\AddressOfNames,#PB_Long)) AddList(gilist(),"AddressOfNameOrdinals" + Chr(10) + Pex_Hex_Value(\AddressOfNameOrdinals,#PB_Long)) EndWith EndIf Case #ENDOFDATA With CurrentPB_PEExplorerFile AddList(gilist(),"Size" + Chr(10) + Str(FileSize(CurrentFileLoc)-\__File_ImageSize) + " Byte") AddList(gilist(),"File Offset" + Chr(10) + Pex_Hex_Value(\__File_ImageSize,#PB_Long) + Chr(10) + Str(\__File_ImageSize)) AddList(gilist(),"Frist 30 Byte Of Data" + Chr(10) + Pex_HexRawData_Read(\__File_ImageSize,FileSize(CurrentFileLoc)-\__File_ImageSize,30,1) + Chr(10) + ReplaceString(Pex_HexRawData_Read(\__File_ImageSize,FileSize(CurrentFileLoc)-\__File_ImageSize,30,0),Chr(10),"")) EndWith Case #DESCRIPTOR_RESOURCE Protected Cres$,ResnType$ If SelectType <> "" If ResFileType <> "" With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo ForEach \ResourceDirectoryList() If \ResourceDirectoryList()\__File_ResourceDirectoryName Cres$= \ResourceDirectoryList()\__File_ResourceDirectoryName ResnType$ = "String" Else Cres$ = Pex_Resource_Type(\ResourceDirectoryList()\__File_ResourceDirectoryID) ResnType$ = "Integer" EndIf If Cres$ = SelectType ForEach \ResourceDirectoryList()\ResourceSubDirectoryList() If \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName Cres$= \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName ResnType$ = "String" Else Cres$ = Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID) ResnType$ = "Integer" EndIf If Cres$ = ResFileType AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\Characteristics,#PB_Long)+ Chr(10) + "Entry Name Type : " + ResnType$); AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " + Pex_Date_Format(\ResourceDirectoryList()\ResourceSubDirectoryList()\TimeDateStamp)) AddList(gilist(),"MajorVersion" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\MajorVersion,#PB_Word)+ Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\MajorVersion) + "." + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\MinorVersion)) AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\MinorVersion,#PB_Word)) AddList(gilist(),"NumberOfNamedEntries" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfNamedEntries,#PB_Word)+ Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfNamedEntries)) AddList(gilist(),"NumberOfIdEntries" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfIdEntries,#PB_Word) + Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\NumberOfIdEntries)) AddList(gilist(),"") AddList(gilist(),"File Resource Offset" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,#PB_Long)+ Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset)) AddList(gilist(),"OffsetToData" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\OffsetToData,#PB_Long)) AddList(gilist(),"Size" + Chr(10) + Str(\ResourceDirectoryList()\ResourceSubDirectoryList()\Size) + " Byte") AddList(gilist(),"CodePage" + Chr(10) + Pex_Hex_Value(\ResourceDirectoryList()\ResourceSubDirectoryList()\CodePage,#PB_Long)) AddList(gilist(),"Frist 30 Byte Of resource" + Chr(10) + Pex_HexRawData_Read(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,\ResourceDirectoryList()\ResourceSubDirectoryList()\Size,30) + Chr(10) + ReplaceString(Pex_HexRawData_Read(\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset,\ResourceDirectoryList()\ResourceSubDirectoryList()\Size,30,0),Chr(10),"")) Pex_Resource_Read(\ResourceDirectoryList()\__File_ResourceDirectoryID, \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName, \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID, \ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceOffset, \ResourceDirectoryList()\ResourceSubDirectoryList()\Size) Break EndIf Next Break EndIf Next EndWith Else ForEach CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList() If CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName Cres$= CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName ResnType$ = "String" Else Cres$ = Pex_Resource_Type(CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID) ResnType$ = "Integer" EndIf If Cres$ = SelectType With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList() AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long)+ Chr(10) + "Entry Name Type : " + ResnType$); AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " + Pex_Date_Format(\TimeDateStamp)) AddList(gilist(),"MajorVersion" + Chr(10) + Pex_Hex_Value(\MajorVersion,#PB_Word)+ Chr(10) + Str(\MajorVersion) + "." + Str(\MinorVersion)) AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word)) AddList(gilist(),"NumberOfNamedEntries" + Chr(10) + Pex_Hex_Value(\NumberOfNamedEntries,#PB_Word) + Chr(10) + Str(\NumberOfNamedEntries)) AddList(gilist(),"NumberOfIdEntries" + Chr(10) + Pex_Hex_Value(\NumberOfIdEntries,#PB_Word) + Chr(10) + Str(\NumberOfIdEntries)) EndWith Break EndIf Next EndIf Else With CurrentPB_PEExplorerFile\IMAGE_RESOURCE_DIRECTORYInfo AddList(gilist(),"Characteristics" + Chr(10) + Pex_Hex_Value(\Characteristics,#PB_Long)); AddList(gilist(),"TimeDateStamp" + Chr(10) + Pex_Hex_Value(\TimeDateStamp,#PB_Long)+ Chr(10) + "Date : " + Pex_Date_Format(\TimeDateStamp)) AddList(gilist(),"MajorVersion" + Chr(10) + Pex_Hex_Value(\MajorVersion,#PB_Word)+ Chr(10) + Str(\MajorVersion) + "." + Str(\MinorVersion)) AddList(gilist(),"MinorVersion" + Chr(10) + Pex_Hex_Value(\MinorVersion,#PB_Word)) AddList(gilist(),"NumberOfNamedEntries" + Chr(10) + Pex_Hex_Value(\NumberOfNamedEntries,#PB_Word) + Chr(10) + Str(\NumberOfNamedEntries)) AddList(gilist(),"NumberOfIdEntries" + Chr(10) + Pex_Hex_Value(\NumberOfIdEntries,#PB_Word) + Chr(10) + Str(\NumberOfIdEntries)) EndWith EndIf EndSelect ForEach gilist() AddGadgetItem(#Gadget_ListIcon_PeExplorer,-1,gilist()) Next EndProcedure Procedure PeGetInfo_PeExplorer() Protected Sttree = GetGadgetState(#Gadget_Tree_PeExplorer) If Sttree = -1 :ProcedureReturn:EndIf Protected gettreeTxt$ = GetGadgetItemText(#Gadget_Tree_PeExplorer,Sttree) Protected t.l,Selectednode$,PerSdir$ ClearGadgetItems(#Gadget_ListIcon_PeExplorer) Select gettreeTxt$ Case #ENDOFDATA SetInfoHeader_PeExplorer(#ENDOFDATA) Case #File_Info SetInfoHeader_PeExplorer(#File_Info) Case #FILE_HEADER, #OPTIONAL_HEADER SetInfoHeader_PeExplorer(gettreeTxt$) Default For t=Sttree To 0 Step -1 If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, t, #PB_Tree_SubLevel) = 2 If PerSdir$ ="" PerSdir$= GetGadgetItemText(#Gadget_Tree_PeExplorer,t) EndIf EndIf If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, t, #PB_Tree_SubLevel) = 1 Selectednode$= GetGadgetItemText(#Gadget_Tree_PeExplorer,t) Break EndIf Next Select Selectednode$ Case #DESCRIPTOR_RESOURCE If gettreeTxt$ = #DESCRIPTOR_RESOURCE SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE) Else If GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2 SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE,gettreeTxt$) Else SetInfoHeader_PeExplorer(#DESCRIPTOR_RESOURCE, PerSdir$,gettreeTxt$) EndIf EndIf Case #DESCRIPTOR_EXPORT If gettreeTxt$ = #DESCRIPTOR_EXPORT SetInfoHeader_PeExplorer(#DESCRIPTOR_EXPORT) Else SetInfoHeader_PeExplorer(#DESCRIPTOR_EXPORT,gettreeTxt$) EndIf Case #DESCRIPTOR_IMPORT If gettreeTxt$ = #DESCRIPTOR_IMPORT SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT) ElseIf GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2 SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT,GetFilePart(gettreeTxt$)) Else SetInfoHeader_PeExplorer(#DESCRIPTOR_IMPORT,GetFilePart(PerSdir$),gettreeTxt$) EndIf Case #DESCRIPTOR_RELOCATION If gettreeTxt$ = #DESCRIPTOR_RELOCATION SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION) ElseIf GetGadgetItemAttribute(#Gadget_Tree_PeExplorer, Sttree, #PB_Tree_SubLevel) = 2 SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION,GetFilePart(gettreeTxt$)) Else SetInfoHeader_PeExplorer(#DESCRIPTOR_RELOCATION,GetFilePart(PerSdir$),gettreeTxt$) EndIf Default SetInfoHeader_PeExplorer(Selectednode$,gettreeTxt$) EndSelect EndSelect EndProcedure Procedure PeSetInfo_PeExplorer(FilePath.s) If UCase(GetExtensionPart(FilePath)) = "LNK" FilePath = GetFilePathFromLnk(FilePath) If FilePath = "":MessageRequester("","Unable to open file!"):ProcedureReturn 0:EndIf EndIf FilePath = GetLongPathName(FilePath) Protected tPB_PEExplorerFile.PB_PEExplorer Protected RdExe = ReadFile(#PB_Any, FilePath); open pe file to read If Not RdExe:MessageRequester("","Unable to open file!"):ProcedureReturn 0:EndIf If Pb_PEExplorer(RdExe ,@tPB_PEExplorerFile) = 0:CloseFile(RdExe) MessageRequester("","Error Get Pe Info!") ProcedureReturn:EndIf StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 40) CloseFile(RdExe) ClearStructure(@CurrentPB_PEExplorerFile,PB_PEExplorer) CurrentPB_PEExplorerFile=tPB_PEExplorerFile CurrentFileLoc = FilePath ClearGadgetItems(#Gadget_Tree_PeExplorer) ClearGadgetItems(#Gadget_ListIcon_PeExplorer) With CurrentPB_PEExplorerFile AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#File_Info) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DOS_HEADER,0,1) SetGadgetItemState(#Gadget_Tree_PeExplorer, 0, #PB_Tree_Expanded) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#IMAGE_NT_HEADERS,0,1) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#FILE_HEADER,0,2) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#OPTIONAL_HEADER,0,2) SetGadgetItemState(#Gadget_Tree_PeExplorer, 2, #PB_Tree_Expanded) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#SECTION_HEADER,0,1) ForEach \IMAGE_SECTION_HEADERList() AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_SECTION_HEADERList()\__File_Selction_Name),0,2) Next StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 60) If ListSize(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()) >0 AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_IMPORT,0,1) ForEach \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList() ; AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName),0,2) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_DLL_FindPath(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\LibraryName),0,2) ForEach \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList() If \IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal If Pex_Is64Bit() AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Quad),0,3) Else AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\Ordinal&$ffffff,#PB_Long),0,3) EndIf Else AddGadgetItem(#Gadget_Tree_PeExplorer,-1,\IMAGE_IMPORT_DESCRIPTORInfo\IMAGE_IMPORT_DESCRIPTORList()\ImportFunctionList()\FunctionName,0,3) EndIf Next Next EndIf StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 70) If ListSize(\IMAGE_BASE_RELOCATIONList()) >0 AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_RELOCATION,0,1) ForEach \IMAGE_BASE_RELOCATIONList() AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\VirtualAddress,#PB_Long),0,2) ForEach \IMAGE_BASE_RELOCATIONList()\RelocationTypeList() AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Hex_Value(\IMAGE_BASE_RELOCATIONList()\RelocationTypeList()\u,#PB_Word),0,3) Next Next EndIf If ListSize(\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()) >0 AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_EXPORT,0,1) ForEach \IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe() AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_EXPORT_DIRECTORYInfo\ExportFunctionNameListe()\FunctionName),0,2) Next EndIf StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 80) If ListSize(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()) >0 AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#DESCRIPTOR_RESOURCE,0,1) ForEach \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList() If \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryName),0,2) Else AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Pex_Resource_Type(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\__File_ResourceDirectoryID),0,2) EndIf ForEach \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList() If \IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName AddGadgetItem(#Gadget_Tree_PeExplorer,-1,(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryName),0,3) Else AddGadgetItem(#Gadget_Tree_PeExplorer,-1,Str(\IMAGE_RESOURCE_DIRECTORYInfo\ResourceDirectoryList()\ResourceSubDirectoryList()\__File_ResourceDirectoryID),0,3) EndIf Next Next EndIf StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 90) If \__File_ImageSize <> FileSize(CurrentFileLoc) AddGadgetItem(#Gadget_Tree_PeExplorer,-1,#ENDOFDATA,0,1) EndIf EndWith StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 100) SetInfoHeader_PeExplorer(#File_Info) SetWindowTitle(#Window_PeExplorer,"PeExplorer v 1.0 [" + GetFilePart(FilePath) + "]") If Pex_UpxPacker_Detect() If Pex_UpxPacker_UnPacked() = 1 PeSetInfo_PeExplorer(FilePath) EndIf EndIf EndProcedure Procedure SelectaFile_PeExplorer() Protected FilePath.s=OpenFileRequester("Select a file...","","Exe or Dll|*.dll;*.exe|All|*.*",0) If FilePath="":ProcedureReturn:EndIf PeSetInfo_PeExplorer(FilePath) EndProcedure Procedure DropFileWindow_PeExplorer() PeSetInfo_PeExplorer(EventDropFiles()) EndProcedure Procedure OpenWindow_PeExplorer() OpenWindow(#Window_PeExplorer, 0, 0, 820, 465, "PeExplorer v 1.0", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_ScreenCentered) CreateStatusBar( #StatusBar_PeExplorer, WindowID(#Window_PeExplorer)) AddStatusBarField(#PB_Ignore) StatusBarText( #StatusBar_PeExplorer, #StatusBarItem_PeInfo, "Hi " + UserName()) AddStatusBarField(50) StatusBarProgress(#StatusBar_PeExplorer, #StatusBarItem_PeProgress, 0) CreateMenu(#Menu_Window_PeExplorer, WindowID(#Window_PeExplorer)) MenuTitle("&File") MenuItem(#MenuItem_SelectFile, "&Open a Pe") MenuBar() MenuItem(#MenuItem_Exit, "Exit") MenuTitle("Plugins") MenuTitle("About") TreeGadget(#Gadget_Tree_PeExplorer, 5, 5, 205, 410) ListIconGadget(#Gadget_ListIcon_PeExplorer, 215, 5, 600, 410, "Member", 200) AddGadgetColumn(#Gadget_ListIcon_PeExplorer,1,"Value",200) AddGadgetColumn(#Gadget_ListIcon_PeExplorer,2,"Comment",200) SplitterGadget(#Gadget_Splitter_PeExplorer,5,5,600+205+5,410,#Gadget_Tree_PeExplorer,#Gadget_ListIcon_PeExplorer,#PB_Splitter_Vertical) EnableWindowDrop(#Window_PeExplorer, #PB_Drop_Files, #PB_Drag_Copy) BindEvent(#PB_Event_WindowDrop , @DropFileWindow_PeExplorer()) BindEvent(#PB_Event_SizeWindow , @ResizeGadgetsWindow_PeExplorer()) BindEvent(#PB_Event_CloseWindow , @CloseWindow_PeExplorer()) BindMenuEvent(#Menu_Window_PeExplorer,#MenuItem_SelectFile,@SelectaFile_PeExplorer()) BindMenuEvent(#Menu_Window_PeExplorer,#MenuItem_Exit,@CloseWindow_PeExplorer()) BindGadgetEvent(#Gadget_Tree_PeExplorer,@PeGetInfo_PeExplorer(),#PB_EventType_LeftClick ) SetGadgetState(#Gadget_Splitter_PeExplorer, 300) EndProcedure OpenWindow_PeExplorer() LoadPlugins_PeExplorer() If ProgramParameter(0) PeSetInfo_PeExplorer(ProgramParameter(0)) EndIf While WaitWindowEvent() <> #PB_Event_CloseWindow:Wend If pIPersistFile:pIPersistFile\Release():EndIf If pIShellLink:pIShellLink\Release():EndIf DataSection CLSID_ShellLink: Data.l $00021401 Data.w $0000 Data.w $0000 Data.b $C0,$00,$00,$00,$00,$00,$00,$46 IID_IShellLink: Data.l $000214F9 Data.w $0000 Data.w $0000 Data.b $C0,$00,$00,$00,$00,$00,$00,$46 IID_IPersistFile: Data.l $0000010b Data.w $0000 Data.w $0000 Data.b $C0,$00,$00,$00,$00,$00,$00,$46 EndDataSection