Portable Executable mise à jour
Re: Portable Executable
Site: http://michel.dobro.free.fr/
Devise :"dis moi ce dont tu as besoin, je t'expliquerai comment t'en passer"
Re: Portable Executable
Bonjour,
=>celtic88 , pourrais-tu expliquer comment faire pour intégrer le plugin détecteur de compilation pb avec ton soft stp ?
Merci,
edit : j'ai trouvé , ça fonctionne impec
=>celtic88 , pourrais-tu expliquer comment faire pour intégrer le plugin détecteur de compilation pb avec ton soft stp ?
Merci,
edit : j'ai trouvé , ça fonctionne impec
Re: *Portable Executable
mise a jour !
correction quelque bug...
ajoute la table des relocalisations
correction quelque bug...
ajoute la table des relocalisations
.....i Love Pb
Re: *Portable Executable
Ça me rappelle des souvenirs !
Tu as lu dans le dernier «virus informatique», on parle d'un truc très intéressant sur les puces intel et Minix.
Re: Portable Executable mise à jour
nouveau plugin
désassembleur Basé sur BeaEngine dll
https://github.com/BeaEngine/beaengine
loader :
désassembleur Window
beaengine inclu
désassembleur Basé sur BeaEngine dll
https://github.com/BeaEngine/beaengine
loader :
Code : Tout sélectionner
EnableExplicit
Macro HiWord(a)
(a>>16 & $ffff)
EndMacro
Macro LowWord(a)
(a & $ffff)
EndMacro
IncludeFile "Disasm_Window.Pbi"
Global DllModuleHandle
Global *CurrentFileLocation
Global Cwhwnd
Global MenuItemName.s = "Disassembler v0.1 b"
Global MenuItemId.l
Global hWindowsHook
Procedure _HookProc(code.l, wParam.l, lParam.l)
Protected *msg.MSG = lParam
With *msg
If Cwhwnd=\hwnd And
\message = #WM_COMMAND And
HiWord(\wParam)=0 And
LowWord(\wParam)=MenuItemId
Protected *Window_Disassemble.Window_Disassemble = AllocateMemory(SizeOf(Window_Disassemble))
*Window_Disassemble\Win_Par = Cwhwnd
*Window_Disassemble\Win_SelectedFile = PeekS(*CurrentFileLocation)
Window_Disassemble(*Window_Disassemble)
EndIf
EndWith
ProcedureReturn CallNextHookEx_(@_HookProc(), code, wParam, lParam)
EndProcedure
ProcedureDLL AttachProcess(Instance)
DllModuleHandle = Instance
EndProcedure
ProcedureDLL DetachProcess(Instance)
UnhookWindowsHookEx_(hWindowsHook)
EndProcedure
ProcedureDLL PeExplorer_Plugin_Ini(Hwindow,*pCurrentFileLocation)
*CurrentFileLocation=*pCurrentFileLocation
Protected hm = GetMenu_(Hwindow)
Protected hPlug = GetSubMenu_(hm,1)
Protected iMENUITEMINFO.MENUITEMINFO\cbSize = SizeOf(MENUITEMINFO)
With iMENUITEMINFO
\hSubMenu=hPlug
\fMask=#MIIM_ID|#MIIM_STRING;|#MIIM_SUBMENU
\fType = #MFT_STRING
\dwTypeData = @MenuItemName
\wID=GetMenuItemCount_(hPlug) +999
MenuItemId=\wID
EndWith
If InsertMenuItem_(hPlug,1,1,@iMENUITEMINFO)
Cwhwnd=Hwindow
hWindowsHook = SetWindowsHookEx_(#WH_GETMESSAGE,@_HookProc(),DllModuleHandle,GetCurrentThreadId_())
ProcedureReturn hWindowsHook
EndIf
EndProcedure
Code : Tout sélectionner
EnableExplicit
;Gui Disassembler Multi-thread
IncludeFile "BeaEngine.Pbi"
Prototype BeaEngineVersion()
Prototype BeaEngineRevision()
Prototype Disasm(*pDisasm._Disasm)
Global Disasm.Disasm
Procedure Load_BeaEngine()
If Not Disasm
Protected oDll = OpenLibrary(0,"Plugins\BeaEngine.dll")
CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
oDll = OpenLibrary(0,"BeaEngine.dll")
CompilerEndIf
If Not oDll
MessageRequester("ERROR","BeaEngine.dll not exists!.")
ProcedureReturn 0
EndIf
Disasm = GetFunction(0,"Disasm")
If Not Disasm
Disasm = GetFunction(0,"_Disasm@4")
EndIf
EndIf
ProcedureReturn Disasm
EndProcedure
Structure Window_Disassemble
Win_Par.i
Win_Id.i
Win_Sbar.i
Win_CmBo.i
Win_St_Offset.i
Win_St_Size.i
Win_St_BaseAddress.i
Win_LIcon.i
Win_Bo_Disas.i
Win_Bo_Sfile.i
Win_OnDisassemble.b
Win_ThreadDisassemble.i
Win_CurrentPos.i
Win_ThreadNextData.b
Win_Archi.l
Win_File_Offset.i
Win_File_Size.i
Win_File_BaseAddress.i
Win_File_AllSize.q
Win_File_Mem.i
Win_File_Disasm._Disasm
Win_AddItemTxt.s{#MAX_PATH}
Win_SelectedFile.s{#MAX_PATH}
EndStructure
#Window_Disassemble_AddItem = 1024
Declare Window_Disassemble_Thread(*Window_Disassemble.Window_Disassemble)
Procedure Window_Disassemble_Close()
Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
With *Window_Disassemble
If \Win_OnDisassemble = 1 Or \Win_ThreadDisassemble
\Win_OnDisassemble = 0
ProcedureReturn ;Wait thread...
EndIf
FreeStatusBar(\Win_Sbar)
CloseWindow(\Win_Id)
EndWith
FreeMemory(*Window_Disassemble)
CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
End
CompilerEndIf
EndProcedure
Procedure Window_Disassemble_Resize()
Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
With *Window_Disassemble
Protected FormWindowWidth, FormWindowHeight
FormWindowWidth = WindowWidth(\Win_Id)
FormWindowHeight = WindowHeight(\Win_Id)
ResizeGadget(\Win_LIcon, 220, 10, FormWindowWidth - 230, FormWindowHeight - StatusBarHeight(\Win_Sbar) - 17)
EndWith
EndProcedure
Procedure.s Pex_memToHex(pMem, Size)
Protected binstr.s="",p
For p= 0 To Size -1
binstr + RSet(Hex(PeekA(pMem+ p),#PB_Byte),2,"0")
Next
ProcedureReturn binstr
EndProcedure
Procedure Window_Disassemble_AddItem()
Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
With *Window_Disassemble
If EventData() = 1
ClearGadgetItems(\Win_LIcon)
StatusBarProgress(\Win_Sbar, 1, 0)
ElseIf EventData() = 2
SetGadgetText(\Win_Bo_Disas, "Disassemble")
Else
AddGadgetItem(\Win_LIcon,-1,\Win_AddItemTxt)
StatusBarProgress(\Win_Sbar, 1, (\Win_CurrentPos* 100) / \Win_File_Size )
\Win_ThreadNextData = 1
EndIf
EndWith
EndProcedure
Procedure Window_Disassemble_Thread(*Window_Disassemble.Window_Disassemble)
With *Window_Disassemble
FillMemory(\Win_File_Disasm,SizeOf(_Disasm))
\Win_File_Disasm\EIP = \Win_File_Mem
\Win_File_Disasm\VirtualAddr = \Win_File_BaseAddress
\Win_File_Disasm\Archi = \Win_Archi
\Win_File_Disasm\Options = #Tabulation|#NasmSyntax|#PrefixedNumeral
Protected len = Disasm(\Win_File_Disasm)
\Win_AddItemTxt = ""
\Win_CurrentPos =0
PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0,0,1)
While len > 0 And \Win_OnDisassemble = 1
\Win_AddItemTxt = RSet(Hex(\Win_File_Disasm\EIP,#PB_Long),8,"0") + "-" +
Hex(\Win_CurrentPos,#PB_Long) + Chr(10) +
Pex_memToHex(\Win_File_Disasm\EIP, len) + Chr(10) +
PeekS(@\Win_File_Disasm\CompleteInstr,-1,#PB_Ascii)
; If \Win_File_Disasm\Instruction\BranchType = #CallType
; Debug Hex(\Win_File_Disasm\Instruction\AddrValue)
; EndIf
\Win_CurrentPos +len
\Win_ThreadNextData = 0
PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0)
While \Win_ThreadNextData =0:Wend
If \Win_CurrentPos >= \Win_File_Size:Break:EndIf
\Win_File_Disasm\EIP + len
len = Disasm(\Win_File_Disasm)
Wend
PostEvent(#Window_Disassemble_AddItem, \Win_Id, 0,0,2)
FreeMemory(\Win_File_Mem)
\Win_ThreadDisassemble = 0
\Win_OnDisassemble = 0
EndWith
EndProcedure
Procedure Window_Disassemble_Start(*Window_Disassemble.Window_Disassemble)
With *Window_Disassemble
\Win_File_AllSize = FileSize(\Win_SelectedFile)
If \Win_File_AllSize > 0
\Win_File_Offset = Val(GetGadgetText(\Win_St_Offset))
\Win_File_Size = Val(GetGadgetText(\Win_St_Size))
\Win_File_BaseAddress = Val(GetGadgetText(\Win_St_BaseAddress))
Protected GetMachineType.s = GetGadgetText(\Win_CmBo)
If GetMachineType = "x64"
\Win_Archi = 64
Else
\Win_Archi = 0
EndIf
If \Win_File_Size < 1 Or
\Win_File_Size > \Win_File_AllSize: \Win_File_Size = \Win_File_AllSize : SetGadgetText(\Win_St_Size,Str(\Win_File_Size)):EndIf
If \Win_File_Offset < \Win_File_AllSize
\Win_File_Mem = AllocateMemory(\Win_File_Size)
Protected FielID = OpenFile(#PB_Any, \Win_SelectedFile, #PB_File_SharedRead|#PB_File_SharedWrite)
FileSeek(FielID,\Win_File_Offset)
ReadData(FielID,\Win_File_Mem,\Win_File_Size)
CloseFile(FielID)
\Win_OnDisassemble = 1
\Win_ThreadDisassemble = CreateThread(@Window_Disassemble_Thread(),*Window_Disassemble)
If \Win_ThreadDisassemble
SetGadgetText(\Win_Bo_Disas, "Stop")
Else
FreeMemory(\Win_File_Mem)
\Win_OnDisassemble = 0
EndIf
EndIf
EndIf
EndWith
EndProcedure
Procedure Window_Disassemble_Event()
Protected *Window_Disassemble.Window_Disassemble = GetWindowData(EventWindow())
With *Window_Disassemble
Select EventGadget()
Case \Win_Bo_Sfile
Protected selFile.s = OpenFileRequester("Select a file..", "", "All|*.*", 0)
If selFile
\Win_SelectedFile = selFile
StatusBarText(\Win_Sbar, 0, \Win_SelectedFile, #PB_StatusBar_Raised)
EndIf
Case \Win_Bo_Disas
If \Win_OnDisassemble = 1 Or \Win_ThreadDisassemble
\Win_OnDisassemble = 0
ProcedureReturn
EndIf
Window_Disassemble_Start(*Window_Disassemble)
EndSelect
EndWith
EndProcedure
Procedure Window_Disassemble(*Window_Disassemble.Window_Disassemble)
If Load_BeaEngine() = 0:ProcedureReturn:EndIf
With *Window_Disassemble
\Win_Id = OpenWindow(#PB_Any, 0, 0, 580, 360, "Disassembler v0.1 b", #PB_Window_SystemMenu | #PB_Window_MinimizeGadget | #PB_Window_MaximizeGadget | #PB_Window_SizeGadget | #PB_Window_ScreenCentered | #PB_Window_WindowCentered,\Win_Par)
SetWindowData(\Win_Id, *Window_Disassemble)
\Win_Sbar = CreateStatusBar(#PB_Any, WindowID(\Win_Id))
AddStatusBarField(#PB_Ignore)
StatusBarText(\Win_Sbar, 0, \Win_SelectedFile, #PB_StatusBar_Raised)
AddStatusBarField(50)
StatusBarProgress(\Win_Sbar, 1, 0)
TextGadget(#PB_Any, 10, 10, 60, 20, "Machine")
TextGadget(#PB_Any, 10, 35, 60, 20, "Offset")
TextGadget(#PB_Any, 10, 60, 60, 20, "Size")
TextGadget(#PB_Any, 10, 85, 90, 20, "Base Address")
\Win_CmBo = ComboBoxGadget(#PB_Any, 110, 10, 100, 20, #PB_ComboBox_UpperCase)
AddGadgetItem(\Win_CmBo, -1, "x86")
AddGadgetItem(\Win_CmBo, -1, "x64")
SetGadgetState(\Win_CmBo, 1)
If \Win_Archi = 0
SetGadgetState(\Win_CmBo, 0)
EndIf
\Win_St_Offset = StringGadget(#PB_Any, 110, 35, 100, 20, Str(\Win_File_Offset))
\Win_St_Size = StringGadget(#PB_Any, 110, 60, 100, 20, Str(\Win_File_Size))
\Win_St_BaseAddress = StringGadget(#PB_Any, 110, 85, 100, 20, Str(\Win_File_BaseAddress))
\Win_LIcon = ListIconGadget(#PB_Any, 220, 10, 350, 320, "Address", 100)
AddGadgetColumn(\Win_LIcon, 1, "OPcode", 100)
AddGadgetColumn(\Win_LIcon, 2, "Instruction", 255)
\Win_Bo_Disas = ButtonGadget(#PB_Any, 110, 120, 100, 20, "Disassemble")
\Win_Bo_Sfile = ButtonGadget(#PB_Any, 8, 120, 100, 20, "Select File..")
BindGadgetEvent(\Win_Bo_Disas, @Window_Disassemble_Event(), #PB_EventType_LeftClick)
BindGadgetEvent(\Win_Bo_Sfile, @Window_Disassemble_Event(), #PB_EventType_LeftClick)
BindEvent(#PB_Event_CloseWindow ,@Window_Disassemble_Close(),\Win_Id)
BindEvent(#PB_Event_SizeWindow ,@Window_Disassemble_Resize(),\Win_Id)
BindEvent(#Window_Disassemble_AddItem ,@Window_Disassemble_AddItem(),\Win_Id)
EndWith
EndProcedure
CompilerIf #PB_Compiler_ExecutableFormat = #PB_Compiler_Executable
Define *Window_Disassemble.Window_Disassemble = AllocateMemory(SizeOf(Window_Disassemble))
Window_Disassemble(*Window_Disassemble)
Repeat:WaitWindowEvent():ForEver
CompilerEndIf
Code : Tout sélectionner
; Rewrite by celtic88
Structure REX_Struct
W_.b
R_.b
X_.b
B_.b
state.b
EndStructure
Structure PREFIXINFO
Number.l
NbUndefined.l
LockPrefix.b
OperandSize.b
AddressSize.b
RepnePrefix.b
RepPrefix.b
FSPrefix.b
SSPrefix.b
GSPrefix.b
ESPrefix.b
CSPrefix.b
DSPrefix.b
BranchTaken.b
BranchNotTaken.b
REX.REX_Struct
alignment.b[2]
EndStructure
Structure EFLStruct
OF_.b
SF_.b
ZF_.b
AF_.b
PF_.b
CF_.b
TF_.b
IF_.b
DF_.b
NT_.b
RF_.b
alignment.b
EndStructure
Structure MEMORYTYPE
BaseRegister.l
IndexRegister.l
Scale.l
Displacement.q
EndStructure
Structure INSTRTYPE
Category.l
Opcode.l
Mnemonic.b[16]
BranchType.l
Flags.EFLStruct
AddrValue.q
Immediat.q
ImplicitModifiedRegs.l
EndStructure
Structure ARGTYPE
ArgMnemonic.b[64]
ArgType.l
ArgSize.l
ArgPosition.l
AccessMode.l
Memory.MEMORYTYPE
SegmentReg.l
EndStructure
#INSTRUCT_LENGTH = 64
Structure _Disasm
EIP.i
VirtualAddr.q
SecurityBlock.l
CompleteInstr.b[#INSTRUCT_LENGTH]
Archi.l
Options.q
Instruction.INSTRTYPE
Argument1.ARGTYPE
Argument2.ARGTYPE
Argument3.ARGTYPE
Prefix.PREFIXINFO
Reserved_.l[40]
EndStructure
#LowPosition = 0
#HighPosition = 1
#ESReg = 1
#DSReg = 2
#FSReg = 3
#GSReg = 4
#CSReg = 5
#SSReg = 6
;Prefixes
#InvalidPrefix = 4
#InUsePrefix = 1
#SuperfluousPrefix = 2
#NotUsedPrefix = 0
#MandatoryPrefix = 8
;EFLAGS states
#TE_ = 1 ;test
#MO_ = 2 ;modify
#RE_ = 4 ;reset
#SE_ = 8 ;set
#UN_ = 16 ;undefined
#PR_ = 32 ;restore prior value
;INSTRUCTION_TYPE
#GENERAL_PURPOSE_INSTRUCTION = $00010000
#FPU_INSTRUCTION = $00020000
#MMX_INSTRUCTION = $00040000
#SSE_INSTRUCTION = $00080000
#SSE2_INSTRUCTION = $00100000
#SSE3_INSTRUCTION = $00200000
#SSSE3_INSTRUCTION = $00400000
#SSE41_INSTRUCTION = $00800000
#SSE42_INSTRUCTION = $01000000
#SYSTEM_INSTRUCTION = $02000000
#VM_INSTRUCTION = $04000000
#UNDOCUMENTED_INSTRUCTION = $08000000
#AMD_INSTRUCTION = $10000000
#ILLEGAL_INSTRUCTION = $20000000
#AES_INSTRUCTION = $40000000
#CLMUL_INSTRUCTION = $80000000
#AVX_INSTRUCTION = $100000000
#AVX2_INSTRUCTION = $200000000
#MPX_INSTRUCTION = $400000000
#DATA_TRANSFER = 1
#ARITHMETIC_INSTRUCTION = 2
#LOGICAL_INSTRUCTION = 3
#SHIFT_ROTATE = 4
#BIT_BYTE = 5
#CONTROL_TRANSFER = 6
#STRING_INSTRUCTION = 7
#InOutINSTRUCTION = 8
#ENTER_LEAVE_INSTRUCTION = 9
#FLAG_CONTROL_INSTRUCTION = 10
#SEGMENT_REGISTER = 11
#MISCELLANEOUS_INSTRUCTION = 12
#COMPARISON_INSTRUCTION = 13
#LOGARITHMIC_INSTRUCTION = 14
#TRIGONOMETRIC_INSTRUCTION = 15
#UNSUPPORTED_INSTRUCTION = 16
#LOAD_CONSTANTS = 17
#FPUCONTROL = 18
#STATE_MANAGEMENT = 19
#CONVERSION_INSTRUCTION = 20
#SHUFFLE_UNPACK = 21
#PACKED_SINGLE_PRECISION = 22
#SIMD128bits = 23
#SIMD64bits = 24
#CACHEABILITY_CONTROL = 25
#FP_INTEGER_CONVERSION = 26
#SPECIALIZED_128bits = 27
#SIMD_FP_PACKED = 28
#SIMD_FP_HORIZONTAL = 29
#AGENT_SYNCHRONISATION = 30
#PACKED_ALIGN_RIGHT = 31
#PACKED_SIGN = 32
;SSE4
#PACKED_BLENDING_INSTRUCTION = 33
#PACKED_TEST = 34
; CONVERSION_INSTRUCTION -> Packed Integer Format Conversions et Dword Packing With Unsigned Saturation
; COMPARISON -> Packed Comparison SIMD Integer Instruction
; ARITHMETIC_INSTRUCTION -> Dword Multiply Instruction
; DATA_TRANSFER -> POPCNT
#PACKED_MINMAX = 35
#HORIZONTAL_SEARCH = 36
#PACKED_EQUALITY = 37
#STREAMING_LOAD = 38
#INSERTION_EXTRACTION = 39
#DOT_PRODUCT = 40
#SAD_INSTRUCTION = 41
#ACCELERATOR_INSTRUCTION = 42
#ROUND_INSTRUCTION = 43
;BranchTYPE
#Jo_ = 1
#Jno_ = -1
#Jc_ = 2
#Jnc_ = -2
#Je_ = 3
#Jne_ = -3
#Ja_ = 4
#Jna_ = -4
#Js_ = 5
#Jns_ = -5
#Jp_ = 6
#Jnp_ = -6
#Jl_ = 7
#Jnl_ = -7
#Jg_ = 8
#Jng_ = -8
#Jb_ = 2
#Jnb_ = -2
#Jecxz_ = 10
#JmpType = 11
#CallType = 12
#RetType = 13
;ARGUMENTS_TYPE
#NO_ARGUMENT = $10000000
#REGISTER_TYPE = $20000000
#MEMORY_TYPE = $40000000
#CONSTANT_TYPE = $80000000
#MMX_REG = $00010000
#GENERAL_REG = $00020000
#FPU_REG = $00040000
#SSE_REG = $00080000
#CR_REG = $00100000
#DR_REG = $00200000
#SPECIAL_REG = $00400000
#MEMORY_MANAGEMENT_REG = $00800000 ; GDTR (REG0), LDTR (REG1), IDTR (REG2), TR (REG3)
#SEGMENT_REG = $01000000 ; ES (REG0), CS (REG1), SS (REG2), DS (REG3), FS (REG4), GS (REG5)
#AVX_REG = $02000000
#MPX_REG = $04000000
#RELATIVE_ = $04000000
#ABSOLUTE_ = $08000000
#Read = 1
#WRITE = 2
;Regs
#REG0 = 1 ; 30h
#REG1 = 2 ; 31h
#REG2 = 4 ; 32h
#REG3 = 8 ; 33h
#REG4 = $10 ; 34h
#REG5 = $20 ; 35h
#REG6 = $40 ; 36h
#REG7 = $80 ; 37h
#REG8 = $100; 38h
#REG9 = $200; 39h
#REG10 = $400 ; 3Ah
#REG11 = $800 ; 3Bh
#REG12 = $1000 ; 3Ch
#REG13 = $2000 ; 3Dh
#REG14 = $4000 ; 3Eh
#REG15 = $8000 ; 3Fh
;SPECIAL_REG
#UNKNOWN_OPCODE = -1
#OUT_OF_BLOCK = 0
#NoTabulation = 0
#Tabulation = 1
#MasmSyntax = 0
#GoAsmSyntax = $100
#NasmSyntax = $200
#ATSyntax = $400
#IntrinsicMemSyntax = $800
#PrefixedNumeral = $10000
#SuffixedNumeral = 0
#ShowSegmentRegs = $01000000
; Import "BeaEngine.lib"
; BeaEngineVersion()
; BeaEngineRevision()
; Disasm(*pDisasm._Disasm)
; EndImport
;Debug SizeOf(_Disasm); 652
;test
; Debug Hex(?da)
; pDisasm._Disasm\EIP = ?da
; pDisasm\SecurityBlock = 13
; pDisasm\Archi = 0
; pDisasm\Options = #Tabulation|#NasmSyntax|#PrefixedNumeral
; len = Disasm(pDisasm)
; While len > 0
; pDisasm\EIP + len
; Debug PeekS(@pDisasm\CompleteInstr,-1,#PB_Ascii)
;
; len = Disasm(pDisasm)
; Wend
;
; DataSection
; da:
; Data.b $E8 ,$4 ,$0 ,$0 ,$0 ,$83 ,$C0 ,$10 ,$C3 ,$8B ,$4 ,$24 ,$83 ,$E8 ,$5 ,$C3 ,$42 ,$79 ,$20 ,$63 ,$65 ,$6C ,$74 ,$69 ,$63 ,$38 ,$38 ,$0
; EndDataSection
.....i Love Pb
Re: Portable Executable mise à jour
Ro! La cuisine! Je regarde ça dès que j'ai du temps. C'est intéressant de découvrir un autre désassembleur. Et puis tu n'as pas dû y passer que deux minutes. Merci pour le partage!
Re: Portable Executable mise à jour
Essaie de regarder ta messagerie privée si tu as le temps, s'il-te-plaît. Il y a un message depuis lundi.