Share your advanced PureBasic knowledge/code with the community.
-
SunSatION
- User
- Posts: 85
- Joined: Tue Jun 21, 2005 7:26 pm
- Location: Malta
Post
by SunSatION »
Code updated for 5.20+
This was a question I ask free months ago.
Code: Select all
js = OpenFile(0,ProgramParameter())
If js <> 0
Dim save.b(1000)
For j = 1 To 1000
save(j) = ReadByte(0)
Next j
For i = 1 To 1000
If save(i) = $50 And save(i+1) = $45
k = i
EndIf
Next i
If k <> 0
If Len(RemoveString(Hex(save(k+42)),"FFFFFF")) = 1 : oep.s = oep + "4" : EndIf
If Len(RemoveString(Hex(save(k+42)),"FFFFFF")) = 2 : oep.s = oep + Str(Val(RemoveString(Hex(save(k+42)),"FFFFFF"))+40) : Else : oep.s = oep + RemoveString(Hex(save(k+42)),"FFFFFF") :EndIf
If Len(RemoveString(Hex(save(k+41)),"FFFFFF")) = 1 : oep.s = oep + "0" : EndIf
oep.s = oep + RemoveString(Hex(save(k+41)),"FFFFFF")
If Len(RemoveString(Hex(save(k+40)),"FFFFFF")) = 1 : oep.s = oep + "0" : EndIf
oep.s = oep + RemoveString(Hex(save(k+40)),"FFFFFF")
CloseFile(0)
If Len(oep) = 6 : Oep = "00" + oep : EndIf
MessageRequester("Found",Oep,0)
Else
MessageRequester("Error","Invalid PE",0)
EndIf
Else
MessageRequester("Error","Unable to open file",0)
EndIf
Hope you find it useful.
-
okasvi
- Enthusiast
- Posts: 150
- Joined: Wed Apr 27, 2005 9:41 pm
- Location: Finland
Post
by okasvi »
Code: Select all
;part of the code is from thefool, but cant remember who
;posted the filemapping method...
#IMAGE_DOS_SIGNATURE = $5A4D
#IMAGE_NT_SIGNATURE = $4550
File.s=OpenFileRequester("","","",0)
Filehandle=CreateFile_(File.s,#GENERIC_READ ,0,0,#OPEN_ALWAYS ,#FILE_ATTRIBUTE_NORMAL ,0)
Filelength=GetFileSize_(Filehandle,0)
Filemap=CreateFileMapping_(Filehandle,0,2,0,Filelength,0)
MemoryPointer=MapViewOfFile_(Filemap,#FILE_MAP_READ ,0,0,0)
Filehandle2=CreateFile(#PB_Any,"c:\okasvi\PureBasic SRC's\PE-viewer.txt")
WriteStringN("---------- BEGINNING OF IMAGE_DOS_HEADER ----------")
*dosheader.IMAGE_DOS_HEADER
*dosheader = MemoryPointer
WriteStringN("e_magic = (hex) $"+Hex(*dosheader\e_magic))
WriteStringN("e_cblp = (hex) $"+Hex(*dosheader\e_cblp))
WriteStringN("e_cp = (hex) $"+Hex(*dosheader\e_cp))
WriteStringN("e_crlc = (hex) $"+Hex(*dosheader\e_crlc))
WriteStringN("e_cparhdr = (hex) $"+Hex(*dosheader\e_cparhdr))
WriteStringN("e_minalloc = (hex) $"+Hex(*dosheader\e_minalloc))
WriteStringN("e_maxalloc = (hex) $"+Hex(*dosheader\e_maxalloc))
WriteStringN("e_ss = (hex) $"+Hex(*dosheader\e_ss))
WriteStringN("e_sp = (hex) $"+Hex(*dosheader\e_sp))
WriteStringN("e_csum = (hex) $"+Hex(*dosheader\e_csum))
WriteStringN("e_ip = (hex) $"+Hex(*dosheader\e_ip))
WriteStringN("e_cs = (hex) $"+Hex(*dosheader\e_cs))
WriteStringN("e_lfarlc = (hex) $"+Hex(*dosheader\e_lfarlc))
WriteStringN("e_ovno = (hex) $"+Hex(*dosheader\e_ovno))
WriteStringN("e_res = (hex) $"+Hex(*dosheader\e_res))
WriteStringN("e_oemid = (hex) $"+Hex(*dosheader\e_oemid))
WriteStringN("e_oeminfo = (hex) $"+Hex(*dosheader\e_oeminfo))
WriteStringN("e_res2 = (hex) $"+Hex(*dosheader\e_res2))
WriteStringN("e_lfanew = (hex) $"+Hex(*dosheader\e_lfanew))
If *dosheader\e_magic <> #IMAGE_DOS_SIGNATURE
WriteStringN( "-- e_magic Invalid. Stopping!")
Else
WriteStringN("-- e_magic Valid!")
EndIf
WriteStringN("------------- END OF IMAGE_DOS_HEADER -------------")
WriteStringN("")
WriteStringN("---------- BEGINNING OF IMAGE_NT_HEADERS ----------")
*ntheaders.IMAGE_NT_HEADERS
*ntheaders = *dosheader\e_lfanew
If PeekL(*ntheaders+MemoryPointer) <> #IMAGE_NT_SIGNATURE
WriteStringN( "-- IMAGE_NT_SIGNATURE Invalid. Stopping!")
End
Else
WriteStringN("-- IMAGE_NT_SIGNATURE Valid!")
EndIf
WriteStringN("FileHeader = (dec) "+Str(*ntheaders\FileHeader))
WriteStringN("FileHeader = (hex) "+Hex(*ntheaders\FileHeader))
WriteStringN("OptionalHeader = (dec) "+Str(*ntheaders\OptionalHeader))
WriteStringN("OptionalHeader = (hex) "+Hex(*ntheaders\OptionalHeader))
WriteStringN("---------------- END OF IMAGE_NT_HEADERS ---------------")
WriteStringN("")
WriteStringN("---------- BEGINNING OF IMAGE_OPTIONAL_HEADER ----------")
*fileheader.IMAGE_FILE_HEADER
*fileheader = MemoryPointer+*ntheaders\FileHeader
WriteStringN("Machine = (dec) "+Str(*fileheader\Machine))
WriteStringN("Machine = (hex) "+Hex(*fileheader\Machine))
WriteStringN("NumberOfSections = (dec) "+Str(*fileheader\NumberOfSections))
WriteStringN("NumberOfSections = (hex) "+Hex(*fileheader\NumberOfSections))
WriteStringN("TimeDateStamp = (dec) "+Str(*fileheader\TimeDateStamp))
WriteStringN("TimeDateStamp = (hex) "+Hex(*fileheader\TimeDateStamp))
WriteStringN("PointerToSymbolTable = (dec) "+Str(*fileheader\PointerToSymbolTable))
WriteStringN("PointerToSymbolTable = (hex) "+Hex(*fileheader\PointerToSymbolTable))
WriteStringN("NumberOfSymbols = (dec) "+Str(*fileheader\NumberOfSymbols))
WriteStringN("NumberOfSymbols = (hex) "+Hex(*fileheader\NumberOfSymbols))
WriteStringN("SizeOfOptionalHeader = (dec) "+Str(*fileheader\SizeOfOptionalHeader))
WriteStringN("SizeOfOptionalHeader = (hex) "+Hex(*fileheader\SizeOfOptionalHeader))
WriteStringN("Characteristics = (dec) "+Str(*fileheader\Characteristics))
WriteStringN("Characteristics = (hex) "+Hex(*fileheader\Characteristics))
WriteStringN("--------------- END OF IMAGE_FILE_HEADER ---------------")
WriteStringN("")
WriteStringN("---------- BEGINNING OF IMAGE_OPTIONAL_HEADER ----------")
*optheader.IMAGE_OPTIONAL_HEADER
*optheader = MemoryPointer+*ntheaders\OptionalHeader
WriteStringN("Magic = (hex) "+Hex(*optheader\Magic))
WriteStringN("MajorLinkerVersion = (hex) "+Hex(*optheader\MajorLinkerVersion))
WriteStringN("MinorLinkerVersion = (hex) "+Hex(*optheader\MinorLinkerVersion))
WriteStringN("SizeOfCode = (hex) "+Hex(*optheader\SizeOfCode))
WriteStringN("SizeOfInitializedData = (hex) "+Hex(*optheader\SizeOfInitializedData))
WriteStringN("SizeOfUninitializedData = (hex) "+Hex(*optheader\SizeOfUninitializedData))
WriteStringN("AddressOfEntryPoint = (hex) "+Hex(*optheader\AddressOfEntryPoint))
WriteStringN("BaseOfCode = (hex) "+Hex(*optheader\BaseOfCode))
WriteStringN("BaseOfData = (hex) "+Hex(*optheader\BaseOfData))
WriteStringN("ImageBase = (hex) "+Hex(*optheader\ImageBase))
WriteStringN("SectionAlignment = (hex) "+Hex(*optheader\SectionAlignment))
WriteStringN("FileAlignment = (hex) "+Hex(*optheader\FileAlignment))
WriteStringN("MajorOperatingSystemVersion = (hex) "+Hex(*optheader\MajorOperatingSystemVersion))
WriteStringN("MinorOperatingSystemVersion = (hex) "+Hex(*optheader\MinorOperatingSystemVersion))
WriteStringN("MajorImageVersion = (hex) "+Hex(*optheader\MajorImageVersion))
WriteStringN("MinorImageVersion = (hex) "+Hex(*optheader\MinorImageVersion))
WriteStringN("MajorSubsystemVersion = (hex) "+Hex(*optheader\MajorSubsystemVersion))
WriteStringN("MinorSubsystemVersion = (hex) "+Hex(*optheader\MinorSubsystemVersion))
WriteStringN("Win32VersionValue = (hex) "+Hex(*optheader\Win32VersionValue))
WriteStringN("SizeOfImage = (hex) "+Hex(*optheader\SizeOfImage))
WriteStringN("SizeOfHeaders = (hex) "+Hex(*optheader\SizeOfHeaders))
WriteStringN("CheckSum = (hex) "+Hex(*optheader\CheckSum))
WriteStringN("Subsystem = (hex) "+Hex(*optheader\Subsystem))
WriteStringN("DllCharacteristics = (hex) "+Hex(*optheader\DllCharacteristics))
WriteStringN("SizeOfStackReserve = (hex) "+Hex(*optheader\SizeOfStackReserve))
WriteStringN("SizeOfStackCommit = (hex) "+Hex(*optheader\SizeOfStackCommit))
WriteStringN("SizeOfHeapReserve = (hex) "+Hex(*optheader\SizeOfHeapReserve))
WriteStringN("SizeOfHeapCommit = (hex) "+Hex(*optheader\SizeOfHeapCommit))
WriteStringN("LoaderFlags = (hex) "+Hex(*optheader\LoaderFlags))
WriteStringN("NumberOfRvaAndSizes = (hex) "+Hex(*optheader\NumberOfRvaAndSizes))
WriteStringN("--------------- END OF IMAGE_OPTIONAL_HEADER ---------------")
WriteStringN("")
#IMAGE_SIZEOF_SHORT_NAME = 8
Structure IMAGE_SECTION_HEADER
Name.b[#IMAGE_SIZEOF_SHORT_NAME]
StructureUnion
PhysicalAddress.l
VirtualSize.l
EndStructureUnion
VirtualAddress.l
SizeOfRawData.l
PointerToRawData.l
PointerToRelocations.l
PointerToLinenumbers.l
NumberOfRelocations.w
NumberOfLinenumbers.w
Characteristics.l
EndStructure
*PEsections.IMAGE_SECTION_HEADER
*PEsections = MemoryPointer + (*dosheader\e_lfanew + SizeOf(IMAGE_NT_HEADERS))
For i=1 To *fileheader\NumberOfSections
WriteStringN("----------- BEGINNING OF IMAGE_SECTION_HEADER("+Str(i)+") -----------")
WriteStringN("Name = (str) "+PeekS(*PEsections,8))
WriteStringN("PhysicalAddress = (hex) "+Hex(*PEsections\PhysicalAddress))
WriteStringN("VirtualSize = (hex) "+Hex(*PEsections\VirtualSize))
WriteStringN("VirtualAddress = (hex) "+Hex(*PEsections\VirtualAddress))
WriteStringN("SizeOfRawData = (hex) "+Hex(*PEsections\SizeOfRawData))
WriteStringN("PointerToRawData = (hex) "+Hex(*PEsections\PointerToRawData))
WriteStringN("PointerToRelocations = (hex) "+Hex(*PEsections\PointerToRelocations))
WriteStringN("PointerToLinenumbers = (hex) "+Hex(*PEsections\PointerToLinenumbers))
WriteStringN("NumberOfRelocations = (hex) "+Hex(*PEsections\NumberOfRelocations))
WriteStringN("NumberOfLinenumbers = (hex) "+Hex(*PEsections\NumberOfLinenumbers))
WriteStringN("Characteristics = (hex) "+Hex(*PEsections\Characteristics))
*PEsections = *PEsections + SizeOf(IMAGE_SECTION_HEADER)
WriteStringN("----------- END OF IMAGE_SECTION_HEADER("+Str(i)+") -----------")
WriteStringN("")
Next
WriteStringN("----- SizeOf(IMAGE_PE_SECTION) = (hex) "+Hex(SizeOf(IMAGE_SECTION_HEADER)))
WriteStringN("----- SizeOf(IMAGE_NT_HEADERS) = (hex) "+Hex(SizeOf(IMAGE_NT_HEADERS)))
CloseFile(filehandle2)
UnmapViewOfFile_(Memorypointer)
CloseHandle_(Filemap)
CloseHandle_(Filehandle)
End
i am aware of code being ugly...
