From db5bb5377dcef9ceaa01c84ec0b1b851d09d06b2 Mon Sep 17 00:00:00 2001 From: "Kirill Lipatov (Leency)" Date: Tue, 6 Jul 2021 08:23:46 +0000 Subject: [PATCH] upload Stripped PE Dumper by 0CodErr, see http://board.kolibrios.org/viewtopic.php?f=9&t=3742&p=71045&hilit=SPEDump#p71045 git-svn-id: svn://kolibrios.org@9006 a494cfbc-eb01-0410-851d-a64ba20cac60 --- programs/develop/SPEDump/LScript.x | 25 +++ programs/develop/SPEDump/SPEDump.kex | Bin 0 -> 1441 bytes programs/develop/SPEDump/SPEDump.pas | 297 +++++++++++++++++++++++++++ programs/develop/SPEDump/make.bat | 18 ++ 4 files changed, 340 insertions(+) create mode 100644 programs/develop/SPEDump/LScript.x create mode 100644 programs/develop/SPEDump/SPEDump.kex create mode 100644 programs/develop/SPEDump/SPEDump.pas create mode 100644 programs/develop/SPEDump/make.bat diff --git a/programs/develop/SPEDump/LScript.x b/programs/develop/SPEDump/LScript.x new file mode 100644 index 0000000000..d75bd7e54a --- /dev/null +++ b/programs/develop/SPEDump/LScript.x @@ -0,0 +1,25 @@ +PATH_SIZE = 1024; +PARAMS_SIZE = 256; +STACK_SIZE = 1024; + +"@@HandleFinally" = 0; + +SECTIONS +{ + .all : AT(0){ + LONG(0x554e454D); + LONG(0x31305445); + LONG(1); + LONG("@Main"); + LONG(END); + LONG($END + PATH_SIZE + PARAMS_SIZE + STACK_SIZE); + LONG($END + PATH_SIZE + PARAMS_SIZE + STACK_SIZE); + LONG($END + PATH_SIZE); + LONG($END); + *(.text) + *(.data) + } +END = .; + .bss ALIGN(16) : {*(.bss)} +$END = .; +} \ No newline at end of file diff --git a/programs/develop/SPEDump/SPEDump.kex b/programs/develop/SPEDump/SPEDump.kex new file mode 100644 index 0000000000000000000000000000000000000000..4393403e22f44d0d342a59ae01a331ecb5608802 GIT binary patch literal 1441 zcmV;S1z!3~P(w?s4FCXv00001Mv*2LLXK;4&&M|89B1k_xhxo&`yw4p<0;hsY_J(r zE6$oW@sWs~B4_b5NHhaM3?YJK(yTo)=~~iM0(RhBWMnt7{IVqUc&{tX!uzdGW-cyu zM6T-)k$633FeD3pW6lpjDkh;QOZ_Zi_w@nKg!6TIVY-2oo)j_}-wav2kc2x&P|%I4 zl#}owg&gJKcRf2xp@kMpm3;t=$#rPvUF&T=lGZseftu$-kVHn23%v!d=j9pOI*6{2 zxBX)hyef2zav_beM(Mf&h>UPoUOEC@j0E(E*3ZkQ)sF`O@WysU+LybLQSoaSv@hl8 zOrhc);`~bpJB|z z&sLV40bGIl!;N`281R~|%m`GA-h2#U@5Z5BqA~%lt__H2Zc?wSDG$5eLp*non#I}< zQY~mZ7zZba#FHD!*2a(})N}_{Xr|?8nP7a@1>FXJCEh~cm!*73dFRqqp2pVnr1=iz zd4~TWuzHh#J%j7KI&J@0b`OhJqt(9Py-r_5=8v@4xAFq`>APzp>ipDUT)H<60;VDD zIs!CJ6^^^ybMDg-xJ~VlhZB9vi`673lEoD4fYz}{Z&s8>Qx}nGO72(R-f1d<7I(Xo zTakfas4#*0HloEey@*|4!A$ z=@2S+f)VD1cMKPRZ821y)QKu13bt4X1^xL{&bF0bKbD+Mwq;Mq4K|%=NZG>eSI5HvGM9oB1t6CCM zWbXCZvE%iD#A{485YiXD7eq0Y3e!C7W*oO?o;Ezhs~u8HX1qoGgr@8N4Qi!t5Wp&{ zYLr%=X##I-nU5ug%^hV6U)~6<6R_s9*y!1Uh0b5jx0nEw?@1v@^#Ql+o%$wad&-i! zjqWEocefHeb_n`k3)vM}tBOgO?OkZKHBG3OCqJYZOb=g6Q5R8nXdkPmBDRM!xVW=AL<*@V7M^YBe*--_4kN?)1&)msv^6-ty&gP$^t{GGgA8I6G$XWKx>F=(U3x-~{L2LstW2$@h%8&F zl)nqSlSh95etH_ljA?eR0a)s`D_I#kzvZ2J}KYP$x{WxM~GrpoKKPF%Zpj!catxTmhVh| zTPB$Z$I79)e|Q^hbG)9&>k~P(Luz8YMZ~t0rv3|hH}SO3*fgC<<5(Ei|M{tmMmTk$cgwz}Cu=5h}<9ee#P!#vz<{|Os@_}+x0}Q#wR-*Wq z1y-{czs>|fjGgb5x0ocoGjM~lLQ=D3Y~&)^IQny%4o~K v6X6t}<@jkkt^P(XAJ-gBF^^VIeSyWNSFtZ7Yox! STRIPPED_PE_SIGNATURE Then Exit; + End; + FileIsValid := TRUE; +End; +(* -------------------------------------------------------- *) +Function RVA2Offset(RVA: Dword; StrippedPEHeader: PStrippedPEHeader): Dword; +Var + i: Dword; + StrippedSectionHeader: PStrippedSectionHeader; +Begin + With StrippedPEHeader^ Do Begin + StrippedSectionHeader := PStrippedSectionHeader(Dword(StrippedPEHeader) + SizeOf(TStrippedPEHeader) + NumberOfRvaAndSizes * SizeOf(TDataDirectory)); + For i := 0 To NumberOfSections Do Begin + With StrippedSectionHeader^ Do Begin + If (RVA >= VirtualAddress) And (RVA < VirtualAddress + SizeOfRawData) Then Begin + Result := PointerToRawData + RVA - VirtualAddress; + Exit; + End; + End; + Inc(StrippedSectionHeader); + End; + End; + Result := 0; +End; +(* -------------------------------------------------------- *) +Procedure WriteHex(Number: Dword); Begin Printf('%X', Number); End; +(* -------------------------------------------------------- *) +Procedure WriteLn(Text: PChar); Begin Printf('%s'#10, Text); End; +(* -------------------------------------------------------- *) +Procedure Main; +Const + CmdLine = PPChar(28); +Var + i: Dword; +Begin + hConsole := LoadLibrary('/sys/lib/console.obj'); + ConsoleInit := GetProcAddress(hConsole, 'con_init'); + ConsoleExit := GetProcAddress(hConsole, 'con_exit'); + Printf := GetProcAddress(hConsole, 'con_printf'); + GetCh := GetProcAddress(hConsole, 'con_getch'); + WriteN := GetProcAddress(hConsole, 'con_write_string'); + Write := GetProcAddress(hConsole, 'con_write_asciiz'); + ConsoleInit($FFFFFFFF, $FFFFFFFF, $FFFFFFFF, $FFFFFFFF, 'SPEDump'); + + (* skip spaces *) + i := 0; While CmdLine^[i] = ' ' Do Inc(i); + FileName := @CmdLine^[i]; + + WriteLn('Simple Stripped PE Binary File Dumper Version 0.1; 2018.'); + If FileName[0] = #0 Then Begin + WriteLn('Usage: SPEDump []') + End Else Begin + WriteLn(''); Write('Dump of "'); Write(FileName); WriteLn('"'); WriteLn(''); + Buffer := PStrippedPEHeader(LoadFile(FileName, BytesRead)); + If Buffer <> Nil Then Begin + + If FileIsValid Then Begin + WriteLn('File header'); + WriteLn('-----------'); + + With Buffer^ Do Begin + Write(' Signature = '); WriteHex(Signature); WriteLn(''); + Write(' Characteristics = '); WriteHex(Characteristics); WriteLn(''); + Write(' AddressOfEntryPoint = '); WriteHex(AddressOfEntryPoint); WriteLn(''); + Write(' ImageBase = '); WriteHex(ImageBase); WriteLn(''); + Write(' SectionAlignmentLog = '); WriteHex(SectionAlignmentLog); WriteLn(''); + Write(' FileAlignmentLog = '); WriteHex(FileAlignmentLog); WriteLn(''); + Write(' MajorOSVersion = '); WriteHex(MajorOSVersion); WriteLn(''); + Write(' MinorOSVersion = '); WriteHex(MinorOSVersion); WriteLn(''); + Write(' SizeOfImage = '); WriteHex(SizeOfImage); WriteLn(''); + Write(' SizeOfStackReserve = '); WriteHex(SizeOfStackReserve); WriteLn(''); + Write(' SizeOfHeapReserve = '); WriteHex(SizeOfHeapReserve); WriteLn(''); + Write(' SizeOfHeaders = '); WriteHex(SizeOfHeaders); WriteLn(''); + Write(' Subsystem = '); WriteHex(Subsystem); WriteLn(''); + Write(' NumberOfRvaAndSizes = '); WriteHex(NumberOfRvaAndSizes); WriteLn(''); + Write(' NumberOfSections = '); WriteHex(NumberOfSections); WriteLn(''); + + WriteLn(''); + + If NumberOfSections > 0 Then Begin + i := 1; + Section := PStrippedSectionHeader(Dword(Buffer) + SizeOf(TStrippedPEHeader) + NumberOfRvaAndSizes * SizeOf(TDataDirectory)); + Repeat + Write('Section #'); WriteHex(i); WriteLn(''); + WriteLn('-----------'); + With Section^ Do Begin + Write(' Name = '); + (* Handle situation when Name length = 8 Then Name is NOT ASCIIZ *) + If Name[High(Name)] <> #0 Then WriteN(Name, 8) Else Write(Name); + WriteLn(''); + Write(' VirtualSize = '); WriteHex(VirtualSize); WriteLn(''); + Write(' VirtualAddress = '); WriteHex(VirtualAddress); WriteLn(''); + Write(' SizeOfRawData = '); WriteHex(SizeOfRawData); WriteLn(''); + Write(' PointerToRawData = '); WriteHex(PointerToRawData); WriteLn(''); + Write(' Flags = '); WriteHex(Characteristics); WriteLn(''); + End; + WriteLn(''); + inc(Section); + inc(i); + Until i > NumberOfSections; + + DataDirectory := PDataDirectoryArray(Dword(Buffer) + SizeOf(TStrippedPEHeader)); + + If NumberOfRvaAndSizes > SPE_DIRECTORY_IMPORT Then Begin + If DataDirectory[SPE_DIRECTORY_IMPORT].VirtualAddress <> 0 Then Begin + WriteLn('Imports'); + WriteLn('-------'); + ImportDescriptor := PImportDescriptor(RVA2Offset(DataDirectory[SPE_DIRECTORY_IMPORT].VirtualAddress, Buffer) + Dword(Buffer)); + While ImportDescriptor.Name <> 0 Do Begin + With ImportDescriptor^ Do Begin + Write(' OriginalFirstThunk = '); WriteHex(OriginalFirstThunk); WriteLn(''); + Write(' TimeDateStamp = '); WriteHex(TimeDateStamp); WriteLn(''); + Write(' ForwarderChain = '); WriteHex(ForwarderChain); WriteLn(''); + Write(' Name = '); WriteLn(PChar(RVA2Offset(Name, Buffer) + Dword(Buffer))); + Write(' FirstThunk = '); WriteHex(FirstThunk); WriteLn(''); + End; + Thunk := PDword(RVA2Offset(ImportDescriptor.FirstThunk, Buffer) + Dword(Buffer)); + While Thunk^ <> 0 Do Begin + Write(' '); WriteLn(PChar(RVA2Offset(Thunk^, Buffer) + Dword(Buffer) + SizeOf(Word))); + Inc(Thunk); + End; + WriteLn(''); + Inc(ImportDescriptor); + End; + End; + End; + + If NumberOfRvaAndSizes > SPE_DIRECTORY_EXPORT Then Begin + If DataDirectory[SPE_DIRECTORY_EXPORT].VirtualAddress <> 0 Then Begin + WriteLn('Exports'); + WriteLn('-------'); + ExportDescriptor := PExportDescriptor(RVA2Offset(DataDirectory[SPE_DIRECTORY_EXPORT].VirtualAddress, Buffer) + Dword(Buffer)); + With ExportDescriptor^ Do Begin + Write(' Characteristics = '); WriteHex(Characteristics); WriteLn(''); + Write(' TimeDateStamp = '); WriteHex(TimeDateStamp); WriteLn(''); + Write(' MajorVersion = '); WriteHex(MajorVersion); WriteLn(''); + Write(' MinorVersion = '); WriteHex(MinorVersion); WriteLn(''); + Write(' Name = '); WriteLn(PChar(RVA2Offset(Name, Buffer) + Dword(Buffer))); + Write(' Base = '); WriteHex(Base); WriteLn(''); + Write(' NumberOfFunctions = '); WriteHex(NumberOfFunctions); WriteLn(''); + Write(' NumberOfNames = '); WriteHex(NumberOfNames); WriteLn(''); + Write(' AddressOfFunctions = '); WriteHex(AddressOfFunctions); WriteLn(''); + Write(' AddressOfNames = '); WriteHex(AddressOfNames); WriteLn(''); + Write(' AddressOfNameOrdinals = '); WriteHex(AddressOfNameOrdinals); WriteLn(''); + For i := 0 To NumberOfNames - 1 Do Begin + Write(' '); WriteLn(PChar(RVA2Offset(PDwordArray(RVA2Offset(AddressOfNames, Buffer) + Dword(Buffer))^[i], Buffer)) + Dword(Buffer)); + End; + End; + End; + End; + + End; + End; + End Else Begin + WriteLn('File corrupted or invalid.') + End; + End Else Begin + WriteLn('ReadFile Error.'); + End; + End; + GetCh; + ConsoleExit(TRUE); + ThreadTerminate; +End; +(* -------------------------------------------------------- *) +End. \ No newline at end of file diff --git a/programs/develop/SPEDump/make.bat b/programs/develop/SPEDump/make.bat new file mode 100644 index 0000000000..427416a778 --- /dev/null +++ b/programs/develop/SPEDump/make.bat @@ -0,0 +1,18 @@ +Set NAME=SPEDump + +: KOLIBRIOS_PAS - path to KolibriOS.pas +Set KOLIBRIOS_PAS= + +: KOLIBRIOS_LIB - path to KolibriOS.lib +Set KOLIBRIOS_LIB= + +dcc32 -J -U%KOLIBRIOS_PAS% %NAME%.pas +omf2d %NAME%.obj +link -edit %NAME%.obj +LD -T LScript.x %NAME%.obj -o %NAME%.kex -L %KOLIBRIOS_LIB% -l KolibriOS +objcopy -O binary -j .all %NAME%.kex + +Del %NAME%.obj +Del %NAME%.dcu + +Pause \ No newline at end of file