Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Portable Executable File Unit...

Featured Replies

Posted

Unit Version: 1.3

Functions:

* AllgemeinesLoadFromFile - shop of a file.

* SaveToFile - memory of a file.

* ValidHeaders - examined whether the DOS are + NTHEADERS correct.

* ReadPeHeaders - let all sections and headers in.

* Align - Align.

* SectionToString - returns the names of a section in stringer.

* StringToSection - sets a new name of a section.

* SetAddressOfEntryPoint - sets a new entry POINT.

* set image cousin - a new image cousin sets.

* CopyMemoryToBuffer - thus one can change the memory of the loaded file.

* CopyMemoryFromBuffer - thus one can read from the memory of the loaded file.

Conversions:

* RvaToFileOffset - the relative virtual address computes into the physical address over.

* FileOffsetToRva - the physical one computes into the relative virtual address over.

* VaToFileOffset - the virtual address in our memory computes into the physical address over.

* FileOffsetToVa - the physical address computes into the virtual address in our memory over.

* VaToRva - the virtual address in our memory computes into the relative virtual address.

* RvaToVa - the relative virtual address in the virtual address in our memory computes.

* RvaToSection - the number of the section supplies it in that is on the basis the relative virtual address.

* FileOffsetToSection - supply on the basis the physical address the number of the section in that it is.

Add/remove:

* INSERT bytes - x adds bytes in the memory of the file.

* DELETE bytes - x deletes bytes in the memory of the file.

* FindCodeCaves - craze after so-called "code caves" (0-Bytes) in the memory of the file.

Sections:

* ADD section - a new section adds. Here however examined whether still place for a new section is present, if no more again put on.

* DELETE section - a certain section from PE deletes file.

* GetCharacteristics - the Characteristics supplies to stringer of a section.

* GET code section - the number of the section supplies the code section in that is.

* GET DATA section - the number of the section supplies the DATA section in that is.

* GET resource section - supply the number of the section in that the resources section is.

* GetImportAddressTable - supplies all imported goods of a file (Zurzeit normal IAT, Delayed IAT, Bound IAT).

* GetExportsAddressTable - those of export of a file supplies.

* GetThreadLocalStorage - supplies information to TLS.

* GetResources - supplies all resources of the file (resources types, resource names).

* GetDebugDirectory - supplies information to the Debug directory.

* GetLoadConfigDirectory - to the load supplies information Config directory.

* GET entry exception directory - to entry exception directory supplies information.

* dump section - thus one can store a section on the non removable disk.

* GetHighestSectionSize - the "groesste"/letzte section supplies (thus PointerToRawData + SizeOfRawData).

* GetDataFromEOF - thus one knows the data after end of all sections is to select and buffers.

* RecalcImageSize - thus the SizeOfImage can be computed again.

* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!

* CalcChecksum - thus the check sum of PE file is computed.

* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.

* WriteImageSectionHeader - writes all image sections in the memory!

Again with it:

* ADD section - RawSize added, VirtualSize removed - is computed automatically by RecalcImageSize, added lpData and dwDataLength (that is, that one can fill the new section equal with data).

* DELETE section - ImageSize is computed over RecalcImageSize, calls RecalcCheckSum at the end of the function!

* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!

* GetResources - revised (RVA was wrongly computed!), new structure (size contains the Entries)

* Resources example - adapted to the new structure and dump function added!

* CalcChecksum - thus the check sum of PE file is computed.

* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.

Examples:

* IAT - To select and spend an example program around import of an application.

* EAT - To select and spend an example program around export of a DLL file.

* Resources - to pick out and spend an example program around resources of an application. One can dump also selected resources!

* sections - to pick out and spend an example program around the sections of an application.

* ExeLoader - a completely small Exe Loader that codes the code section by means of XOR. It adds a new Loader in a new section, which at run-time the code section decodes and jumps to the original entry POINT.

Portable_Executable_File_Unit.zip

Ted.

  • 5 months later...

Thank you.

It seems really interesting.

I'm downloading it !

Post Scriptum: Wow ... I'm a bit too "out of date" :)

Edited by tonyweb

  • 1 month later...

thx for sharing Teddy! :biggrin:

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.