forked from KolibriOS/kolibrios
upload Stripped PE Dumper by 0CodErr, see http://board.kolibrios.org/viewtopic.php?f=9&t=3742&p=71045&hilit=SPEDump#p71045
git-svn-id: svn://kolibrios.org@9006 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
parent
b7127c3170
commit
db5bb5377d
25
programs/develop/SPEDump/LScript.x
Normal file
25
programs/develop/SPEDump/LScript.x
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
PATH_SIZE = 1024;
|
||||||
|
PARAMS_SIZE = 256;
|
||||||
|
STACK_SIZE = 1024;
|
||||||
|
|
||||||
|
"@@HandleFinally" = 0;
|
||||||
|
|
||||||
|
SECTIONS
|
||||||
|
{
|
||||||
|
.all : AT(0){
|
||||||
|
LONG(0x554e454D);
|
||||||
|
LONG(0x31305445);
|
||||||
|
LONG(1);
|
||||||
|
LONG("@Main");
|
||||||
|
LONG(END);
|
||||||
|
LONG($END + PATH_SIZE + PARAMS_SIZE + STACK_SIZE);
|
||||||
|
LONG($END + PATH_SIZE + PARAMS_SIZE + STACK_SIZE);
|
||||||
|
LONG($END + PATH_SIZE);
|
||||||
|
LONG($END);
|
||||||
|
*(.text)
|
||||||
|
*(.data)
|
||||||
|
}
|
||||||
|
END = .;
|
||||||
|
.bss ALIGN(16) : {*(.bss)}
|
||||||
|
$END = .;
|
||||||
|
}
|
BIN
programs/develop/SPEDump/SPEDump.kex
Normal file
BIN
programs/develop/SPEDump/SPEDump.kex
Normal file
Binary file not shown.
297
programs/develop/SPEDump/SPEDump.pas
Normal file
297
programs/develop/SPEDump/SPEDump.pas
Normal file
@ -0,0 +1,297 @@
|
|||||||
|
(************************************************************
|
||||||
|
|
||||||
|
Simple Stripped PE Binary File Dumper
|
||||||
|
|
||||||
|
************************************************************)
|
||||||
|
Unit SPEDump;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Interface
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Uses KolibriOS;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Type
|
||||||
|
Dword = LongWord;
|
||||||
|
|
||||||
|
PDword = ^Dword;
|
||||||
|
|
||||||
|
TDwordArray = Packed Array[0..0] Of Dword;
|
||||||
|
|
||||||
|
PDwordArray = ^TDwordArray;
|
||||||
|
|
||||||
|
Const
|
||||||
|
STRIPPED_PE_SIGNATURE = $4503; // 'PE' Xor 'S'
|
||||||
|
SPE_DIRECTORY_IMPORT = 0;
|
||||||
|
SPE_DIRECTORY_EXPORT = 1;
|
||||||
|
SPE_DIRECTORY_BASERELOC = 2;
|
||||||
|
|
||||||
|
SPE_MAX_DIRECTORY_ENTRIES = SPE_DIRECTORY_BASERELOC;
|
||||||
|
|
||||||
|
Type
|
||||||
|
TStrippedPEHeader = Packed Record
|
||||||
|
Signature: Word;
|
||||||
|
Characteristics: Word;
|
||||||
|
AddressOfEntryPoint: Dword;
|
||||||
|
ImageBase: Dword;
|
||||||
|
SectionAlignmentLog: Byte;
|
||||||
|
FileAlignmentLog: Byte;
|
||||||
|
MajorOSVersion: Byte;
|
||||||
|
MinorOSVersion: Byte;
|
||||||
|
SizeOfImage: Dword;
|
||||||
|
SizeOfStackReserve: Dword;
|
||||||
|
SizeOfHeapReserve: Dword;
|
||||||
|
SizeOfHeaders: Dword;
|
||||||
|
Subsystem: Byte;
|
||||||
|
NumberOfRvaAndSizes: Byte;
|
||||||
|
NumberOfSections: Word;
|
||||||
|
End;
|
||||||
|
|
||||||
|
PStrippedPEHeader = ^TStrippedPEHeader;
|
||||||
|
|
||||||
|
TStrippedSectionHeader = Packed Record
|
||||||
|
Name: Packed Array[0..7] Of Char;
|
||||||
|
VirtualSize: Dword;
|
||||||
|
VirtualAddress: Dword;
|
||||||
|
SizeOfRawData: Dword;
|
||||||
|
PointerToRawData: Dword;
|
||||||
|
Characteristics: Dword;
|
||||||
|
End;
|
||||||
|
|
||||||
|
PStrippedSectionHeader = ^TStrippedSectionHeader;
|
||||||
|
|
||||||
|
TDataDirectory = Packed Record
|
||||||
|
VirtualAddress: Dword;
|
||||||
|
Size: Dword;
|
||||||
|
End;
|
||||||
|
|
||||||
|
PDataDirectory = ^TDataDirectory;
|
||||||
|
|
||||||
|
TDataDirectoryArray = Packed Array[0..SPE_MAX_DIRECTORY_ENTRIES] Of TDataDirectory;
|
||||||
|
|
||||||
|
PDataDirectoryArray = ^TDataDirectoryArray;
|
||||||
|
|
||||||
|
TImportDescriptor = Packed Record
|
||||||
|
OriginalFirstThunk: Dword;
|
||||||
|
TimeDateStamp: Dword;
|
||||||
|
ForwarderChain: Dword;
|
||||||
|
Name: Dword;
|
||||||
|
FirstThunk: Dword;
|
||||||
|
End;
|
||||||
|
|
||||||
|
PImportDescriptor = ^TImportDescriptor;
|
||||||
|
|
||||||
|
TExportDescriptor = Packed Record
|
||||||
|
Characteristics: Dword;
|
||||||
|
TimeDateStamp: Dword;
|
||||||
|
MajorVersion: Word;
|
||||||
|
MinorVersion: Word;
|
||||||
|
Name: Dword;
|
||||||
|
Base: Dword;
|
||||||
|
NumberOfFunctions: Dword;
|
||||||
|
NumberOfNames: Dword;
|
||||||
|
AddressOfFunctions: Dword;
|
||||||
|
AddressOfNames: Dword;
|
||||||
|
AddressOfNameOrdinals: Dword;
|
||||||
|
End;
|
||||||
|
|
||||||
|
PExportDescriptor = ^TExportDescriptor;
|
||||||
|
|
||||||
|
Var
|
||||||
|
FileName: PChar;
|
||||||
|
FileHandle: Integer;
|
||||||
|
FileLength: Dword;
|
||||||
|
BytesRead: Dword;
|
||||||
|
Buffer: PStrippedPEHeader;
|
||||||
|
Section: PStrippedSectionHeader;
|
||||||
|
DataDirectory: PDataDirectoryArray;
|
||||||
|
ImportDescriptor: PImportDescriptor;
|
||||||
|
ExportDescriptor: PExportDescriptor;
|
||||||
|
Thunk: PDword;
|
||||||
|
|
||||||
|
(* --------------------- Console stuff -------------------- *)
|
||||||
|
hConsole: Pointer;
|
||||||
|
ConsoleInit: Procedure(WndWidth, WndHeight, ScrWidth, ScrHeight: Dword; Caption: PChar); StdCall;
|
||||||
|
ConsoleExit: Procedure(bCloseWindow: Boolean); StdCall;
|
||||||
|
Printf: Function(Const Format: PChar): Integer; CDecl VarArgs;
|
||||||
|
GetCh: Function: Integer; StdCall;
|
||||||
|
WriteN: Procedure(Const Str: PChar; Count: Dword); StdCall;
|
||||||
|
Write: Procedure(Const Str: PChar); StdCall;
|
||||||
|
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Procedure Main;
|
||||||
|
Function FileIsValid: Boolean;
|
||||||
|
Procedure WriteHex(Number: Dword);
|
||||||
|
Procedure WriteLn(Text: PChar);
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Implementation
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Function FileIsValid : Boolean;
|
||||||
|
Begin
|
||||||
|
FileIsValid := FALSE;
|
||||||
|
With Buffer^ Do Begin
|
||||||
|
If BytesRead < SizeOf(TStrippedPEHeader) Then Exit;
|
||||||
|
If Signature <> STRIPPED_PE_SIGNATURE Then Exit;
|
||||||
|
End;
|
||||||
|
FileIsValid := TRUE;
|
||||||
|
End;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Function RVA2Offset(RVA: Dword; StrippedPEHeader: PStrippedPEHeader): Dword;
|
||||||
|
Var
|
||||||
|
i: Dword;
|
||||||
|
StrippedSectionHeader: PStrippedSectionHeader;
|
||||||
|
Begin
|
||||||
|
With StrippedPEHeader^ Do Begin
|
||||||
|
StrippedSectionHeader := PStrippedSectionHeader(Dword(StrippedPEHeader) + SizeOf(TStrippedPEHeader) + NumberOfRvaAndSizes * SizeOf(TDataDirectory));
|
||||||
|
For i := 0 To NumberOfSections Do Begin
|
||||||
|
With StrippedSectionHeader^ Do Begin
|
||||||
|
If (RVA >= VirtualAddress) And (RVA < VirtualAddress + SizeOfRawData) Then Begin
|
||||||
|
Result := PointerToRawData + RVA - VirtualAddress;
|
||||||
|
Exit;
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
Inc(StrippedSectionHeader);
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
Result := 0;
|
||||||
|
End;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Procedure WriteHex(Number: Dword); Begin Printf('%X', Number); End;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Procedure WriteLn(Text: PChar); Begin Printf('%s'#10, Text); End;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
Procedure Main;
|
||||||
|
Const
|
||||||
|
CmdLine = PPChar(28);
|
||||||
|
Var
|
||||||
|
i: Dword;
|
||||||
|
Begin
|
||||||
|
hConsole := LoadLibrary('/sys/lib/console.obj');
|
||||||
|
ConsoleInit := GetProcAddress(hConsole, 'con_init');
|
||||||
|
ConsoleExit := GetProcAddress(hConsole, 'con_exit');
|
||||||
|
Printf := GetProcAddress(hConsole, 'con_printf');
|
||||||
|
GetCh := GetProcAddress(hConsole, 'con_getch');
|
||||||
|
WriteN := GetProcAddress(hConsole, 'con_write_string');
|
||||||
|
Write := GetProcAddress(hConsole, 'con_write_asciiz');
|
||||||
|
ConsoleInit($FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF, 'SPEDump');
|
||||||
|
|
||||||
|
(* skip spaces *)
|
||||||
|
i := 0; While CmdLine^[i] = ' ' Do Inc(i);
|
||||||
|
FileName := @CmdLine^[i];
|
||||||
|
|
||||||
|
WriteLn('Simple Stripped PE Binary File Dumper Version 0.1; 2018.');
|
||||||
|
If FileName[0] = #0 Then Begin
|
||||||
|
WriteLn('Usage: SPEDump [<file>]')
|
||||||
|
End Else Begin
|
||||||
|
WriteLn(''); Write('Dump of "'); Write(FileName); WriteLn('"'); WriteLn('');
|
||||||
|
Buffer := PStrippedPEHeader(LoadFile(FileName, BytesRead));
|
||||||
|
If Buffer <> Nil Then Begin
|
||||||
|
|
||||||
|
If FileIsValid Then Begin
|
||||||
|
WriteLn('File header');
|
||||||
|
WriteLn('-----------');
|
||||||
|
|
||||||
|
With Buffer^ Do Begin
|
||||||
|
Write(' Signature = '); WriteHex(Signature); WriteLn('');
|
||||||
|
Write(' Characteristics = '); WriteHex(Characteristics); WriteLn('');
|
||||||
|
Write(' AddressOfEntryPoint = '); WriteHex(AddressOfEntryPoint); WriteLn('');
|
||||||
|
Write(' ImageBase = '); WriteHex(ImageBase); WriteLn('');
|
||||||
|
Write(' SectionAlignmentLog = '); WriteHex(SectionAlignmentLog); WriteLn('');
|
||||||
|
Write(' FileAlignmentLog = '); WriteHex(FileAlignmentLog); WriteLn('');
|
||||||
|
Write(' MajorOSVersion = '); WriteHex(MajorOSVersion); WriteLn('');
|
||||||
|
Write(' MinorOSVersion = '); WriteHex(MinorOSVersion); WriteLn('');
|
||||||
|
Write(' SizeOfImage = '); WriteHex(SizeOfImage); WriteLn('');
|
||||||
|
Write(' SizeOfStackReserve = '); WriteHex(SizeOfStackReserve); WriteLn('');
|
||||||
|
Write(' SizeOfHeapReserve = '); WriteHex(SizeOfHeapReserve); WriteLn('');
|
||||||
|
Write(' SizeOfHeaders = '); WriteHex(SizeOfHeaders); WriteLn('');
|
||||||
|
Write(' Subsystem = '); WriteHex(Subsystem); WriteLn('');
|
||||||
|
Write(' NumberOfRvaAndSizes = '); WriteHex(NumberOfRvaAndSizes); WriteLn('');
|
||||||
|
Write(' NumberOfSections = '); WriteHex(NumberOfSections); WriteLn('');
|
||||||
|
|
||||||
|
WriteLn('');
|
||||||
|
|
||||||
|
If NumberOfSections > 0 Then Begin
|
||||||
|
i := 1;
|
||||||
|
Section := PStrippedSectionHeader(Dword(Buffer) + SizeOf(TStrippedPEHeader) + NumberOfRvaAndSizes * SizeOf(TDataDirectory));
|
||||||
|
Repeat
|
||||||
|
Write('Section #'); WriteHex(i); WriteLn('');
|
||||||
|
WriteLn('-----------');
|
||||||
|
With Section^ Do Begin
|
||||||
|
Write(' Name = ');
|
||||||
|
(* Handle situation when Name length = 8 Then Name is NOT ASCIIZ *)
|
||||||
|
If Name[High(Name)] <> #0 Then WriteN(Name, 8) Else Write(Name);
|
||||||
|
WriteLn('');
|
||||||
|
Write(' VirtualSize = '); WriteHex(VirtualSize); WriteLn('');
|
||||||
|
Write(' VirtualAddress = '); WriteHex(VirtualAddress); WriteLn('');
|
||||||
|
Write(' SizeOfRawData = '); WriteHex(SizeOfRawData); WriteLn('');
|
||||||
|
Write(' PointerToRawData = '); WriteHex(PointerToRawData); WriteLn('');
|
||||||
|
Write(' Flags = '); WriteHex(Characteristics); WriteLn('');
|
||||||
|
End;
|
||||||
|
WriteLn('');
|
||||||
|
inc(Section);
|
||||||
|
inc(i);
|
||||||
|
Until i > NumberOfSections;
|
||||||
|
|
||||||
|
DataDirectory := PDataDirectoryArray(Dword(Buffer) + SizeOf(TStrippedPEHeader));
|
||||||
|
|
||||||
|
If NumberOfRvaAndSizes > SPE_DIRECTORY_IMPORT Then Begin
|
||||||
|
If DataDirectory[SPE_DIRECTORY_IMPORT].VirtualAddress <> 0 Then Begin
|
||||||
|
WriteLn('Imports');
|
||||||
|
WriteLn('-------');
|
||||||
|
ImportDescriptor := PImportDescriptor(RVA2Offset(DataDirectory[SPE_DIRECTORY_IMPORT].VirtualAddress, Buffer) + Dword(Buffer));
|
||||||
|
While ImportDescriptor.Name <> 0 Do Begin
|
||||||
|
With ImportDescriptor^ Do Begin
|
||||||
|
Write(' OriginalFirstThunk = '); WriteHex(OriginalFirstThunk); WriteLn('');
|
||||||
|
Write(' TimeDateStamp = '); WriteHex(TimeDateStamp); WriteLn('');
|
||||||
|
Write(' ForwarderChain = '); WriteHex(ForwarderChain); WriteLn('');
|
||||||
|
Write(' Name = '); WriteLn(PChar(RVA2Offset(Name, Buffer) + Dword(Buffer)));
|
||||||
|
Write(' FirstThunk = '); WriteHex(FirstThunk); WriteLn('');
|
||||||
|
End;
|
||||||
|
Thunk := PDword(RVA2Offset(ImportDescriptor.FirstThunk, Buffer) + Dword(Buffer));
|
||||||
|
While Thunk^ <> 0 Do Begin
|
||||||
|
Write(' '); WriteLn(PChar(RVA2Offset(Thunk^, Buffer) + Dword(Buffer) + SizeOf(Word)));
|
||||||
|
Inc(Thunk);
|
||||||
|
End;
|
||||||
|
WriteLn('');
|
||||||
|
Inc(ImportDescriptor);
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
|
||||||
|
If NumberOfRvaAndSizes > SPE_DIRECTORY_EXPORT Then Begin
|
||||||
|
If DataDirectory[SPE_DIRECTORY_EXPORT].VirtualAddress <> 0 Then Begin
|
||||||
|
WriteLn('Exports');
|
||||||
|
WriteLn('-------');
|
||||||
|
ExportDescriptor := PExportDescriptor(RVA2Offset(DataDirectory[SPE_DIRECTORY_EXPORT].VirtualAddress, Buffer) + Dword(Buffer));
|
||||||
|
With ExportDescriptor^ Do Begin
|
||||||
|
Write(' Characteristics = '); WriteHex(Characteristics); WriteLn('');
|
||||||
|
Write(' TimeDateStamp = '); WriteHex(TimeDateStamp); WriteLn('');
|
||||||
|
Write(' MajorVersion = '); WriteHex(MajorVersion); WriteLn('');
|
||||||
|
Write(' MinorVersion = '); WriteHex(MinorVersion); WriteLn('');
|
||||||
|
Write(' Name = '); WriteLn(PChar(RVA2Offset(Name, Buffer) + Dword(Buffer)));
|
||||||
|
Write(' Base = '); WriteHex(Base); WriteLn('');
|
||||||
|
Write(' NumberOfFunctions = '); WriteHex(NumberOfFunctions); WriteLn('');
|
||||||
|
Write(' NumberOfNames = '); WriteHex(NumberOfNames); WriteLn('');
|
||||||
|
Write(' AddressOfFunctions = '); WriteHex(AddressOfFunctions); WriteLn('');
|
||||||
|
Write(' AddressOfNames = '); WriteHex(AddressOfNames); WriteLn('');
|
||||||
|
Write(' AddressOfNameOrdinals = '); WriteHex(AddressOfNameOrdinals); WriteLn('');
|
||||||
|
For i := 0 To NumberOfNames - 1 Do Begin
|
||||||
|
Write(' '); WriteLn(PChar(RVA2Offset(PDwordArray(RVA2Offset(AddressOfNames, Buffer) + Dword(Buffer))^[i], Buffer)) + Dword(Buffer));
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
End Else Begin
|
||||||
|
WriteLn('File corrupted or invalid.')
|
||||||
|
End;
|
||||||
|
End Else Begin
|
||||||
|
WriteLn('ReadFile Error.');
|
||||||
|
End;
|
||||||
|
End;
|
||||||
|
GetCh;
|
||||||
|
ConsoleExit(TRUE);
|
||||||
|
ThreadTerminate;
|
||||||
|
End;
|
||||||
|
(* -------------------------------------------------------- *)
|
||||||
|
End.
|
18
programs/develop/SPEDump/make.bat
Normal file
18
programs/develop/SPEDump/make.bat
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
Set NAME=SPEDump
|
||||||
|
|
||||||
|
: KOLIBRIOS_PAS - path to KolibriOS.pas
|
||||||
|
Set KOLIBRIOS_PAS=
|
||||||
|
|
||||||
|
: KOLIBRIOS_LIB - path to KolibriOS.lib
|
||||||
|
Set KOLIBRIOS_LIB=
|
||||||
|
|
||||||
|
dcc32 -J -U%KOLIBRIOS_PAS% %NAME%.pas
|
||||||
|
omf2d %NAME%.obj
|
||||||
|
link -edit %NAME%.obj
|
||||||
|
LD -T LScript.x %NAME%.obj -o %NAME%.kex -L %KOLIBRIOS_LIB% -l KolibriOS
|
||||||
|
objcopy -O binary -j .all %NAME%.kex
|
||||||
|
|
||||||
|
Del %NAME%.obj
|
||||||
|
Del %NAME%.dcu
|
||||||
|
|
||||||
|
Pause
|
Loading…
Reference in New Issue
Block a user