Portable Executable File Unit...

[Teddy Rogers]

Unit Version: 1.3

Functions:

  Quote

* AllgemeinesLoadFromFile - shop of a file.

* SaveToFile - memory of a file.

* ValidHeaders - examined whether the DOS are + NTHEADERS correct.

* ReadPeHeaders - let all sections and headers in.

* Align - Align.

* SectionToString - returns the names of a section in stringer.

* StringToSection - sets a new name of a section.

* SetAddressOfEntryPoint - sets a new entry POINT.

* set image cousin - a new image cousin sets.

* CopyMemoryToBuffer - thus one can change the memory of the loaded file.

* CopyMemoryFromBuffer - thus one can read from the memory of the loaded file.

Conversions:

  Quote

* RvaToFileOffset - the relative virtual address computes into the physical address over.

* FileOffsetToRva - the physical one computes into the relative virtual address over.

* VaToFileOffset - the virtual address in our memory computes into the physical address over.

* FileOffsetToVa - the physical address computes into the virtual address in our memory over.

* VaToRva - the virtual address in our memory computes into the relative virtual address.

* RvaToVa - the relative virtual address in the virtual address in our memory computes.

* RvaToSection - the number of the section supplies it in that is on the basis the relative virtual address.

* FileOffsetToSection - supply on the basis the physical address the number of the section in that it is.

Add/remove:

  Quote

* INSERT bytes - x adds bytes in the memory of the file.

* DELETE bytes - x deletes bytes in the memory of the file.

* FindCodeCaves - craze after so-called "code caves" (0-Bytes) in the memory of the file.

Sections:

  Quote

* ADD section - a new section adds. Here however examined whether still place for a new section is present, if no more again put on.

* DELETE section - a certain section from PE deletes file.

* GetCharacteristics - the Characteristics supplies to stringer of a section.

* GET code section - the number of the section supplies the code section in that is.

* GET DATA section - the number of the section supplies the DATA section in that is.

* GET resource section - supply the number of the section in that the resources section is.

* GetImportAddressTable - supplies all imported goods of a file (Zurzeit normal IAT, Delayed IAT, Bound IAT).

* GetExportsAddressTable - those of export of a file supplies.

* GetThreadLocalStorage - supplies information to TLS.

* GetResources - supplies all resources of the file (resources types, resource names).

* GetDebugDirectory - supplies information to the Debug directory.

* GetLoadConfigDirectory - to the load supplies information Config directory.

* GET entry exception directory - to entry exception directory supplies information.

* dump section - thus one can store a section on the non removable disk.

* GetHighestSectionSize - the "groesste"/letzte section supplies (thus PointerToRawData + SizeOfRawData).

* GetDataFromEOF - thus one knows the data after end of all sections is to select and buffers.

* RecalcImageSize - thus the SizeOfImage can be computed again.

* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!

* CalcChecksum - thus the check sum of PE file is computed.

* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.

* WriteImageSectionHeader - writes all image sections in the memory!

Again with it:

  Quote

* ADD section - RawSize added, VirtualSize removed - is computed automatically by RecalcImageSize, added lpData and dwDataLength (that is, that one can fill the new section equal with data).

* DELETE section - ImageSize is computed over RecalcImageSize, calls RecalcCheckSum at the end of the function!

* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!

* GetResources - revised (RVA was wrongly computed!), new structure (size contains the Entries)

* Resources example - adapted to the new structure and dump function added!

* CalcChecksum - thus the check sum of PE file is computed.

* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.

Examples:

  Quote

* IAT - To select and spend an example program around import of an application.

* EAT - To select and spend an example program around export of a DLL file.

* Resources - to pick out and spend an example program around resources of an application. One can dump also selected resources!

* sections - to pick out and spend an example program around the sections of an application.

* ExeLoader - a completely small Exe Loader that codes the code section by means of XOR. It adds a new Loader in a new section, which at run-time the code section decodes and jumps to the original entry POINT.

Portable_Executable_File_Unit.zip

Ted.

[tonyweb]

Thank you.

It seems really interesting.

I'm downloading it !

Post Scriptum: Wow ... I'm a bit too "out of date"

Edited January 20, 2008 by tonyweb

[reptilla]

thx for sharing Teddy! :biggrin: