├── Cmd.ico ├── gears.ico ├── Dll2Def.exe ├── Dll2Def.rc ├── .gitignore ├── Res ├── Dll2DefRes.Rc └── Dll2DefVer.rc ├── .gitattributes ├── README.md ├── Dll2Def.xml ├── Dll2Def.rap ├── Dll2Def.inc ├── PELite.inc ├── Dll2Def.asm └── PELite.asm /Cmd.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrfearless/Dll2Def/HEAD/Cmd.ico -------------------------------------------------------------------------------- /gears.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrfearless/Dll2Def/HEAD/gears.ico -------------------------------------------------------------------------------- /Dll2Def.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mrfearless/Dll2Def/HEAD/Dll2Def.exe -------------------------------------------------------------------------------- /Dll2Def.rc: -------------------------------------------------------------------------------- 1 | #include "Res/Dll2DefVer.rc" 2 | #include "Res/Dll2DefRes.rc" 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | bak/ 2 | *.undo 3 | *.obj 4 | *.pdb 5 | *.ilk 6 | *.exp 7 | *.bat 8 | Help/ 9 | template/ 10 | downloads/ 11 | screenshots/ 12 | wiki/ 13 | version/ -------------------------------------------------------------------------------- /Res/Dll2DefRes.Rc: -------------------------------------------------------------------------------- 1 | #define MANIFEST 24 2 | 1 MANIFEST DISCARDABLE "Dll2Def.xml" 3 | 100 ICON DISCARDABLE "gears.ico" 4 | 101 ICON DISCARDABLE "Cmd.ico" 5 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * text eol=crlf 2 | *.exe binary 3 | *.dll binary 4 | *.zip binary 5 | *.obj binary 6 | *.res binary 7 | *.lib binary 8 | *.dlg binary 9 | *.mnu binary 10 | *.ttf binary 11 | *.ico binary 12 | *.bmp binary 13 | *.png binary 14 | *.jpg binary 15 | *.tpl linguist-language=Text 16 | *.inc linguist-language=Assembly -------------------------------------------------------------------------------- /Res/Dll2DefVer.rc: -------------------------------------------------------------------------------- 1 | #define VERINF1 1 2 | VERINF1 VERSIONINFO 3 | FILEVERSION 1,0,0,0 4 | PRODUCTVERSION 1,0,0,0 5 | FILEOS 0x00000004 6 | FILETYPE 0x00000001 7 | BEGIN 8 | BLOCK "StringFileInfo" 9 | BEGIN 10 | BLOCK "040904B0" 11 | BEGIN 12 | VALUE "CompanyName", "fearless\0" 13 | VALUE "FileVersion", "1.0.0.0\0" 14 | VALUE "FileDescription", "Dll2Def\0" 15 | VALUE "InternalName", "Dll2Def\0" 16 | VALUE "LegalCopyright", "fearless\0" 17 | VALUE "LegalTrademarks", "fearless\0" 18 | VALUE "OriginalFilename", "Dll2Def\0" 19 | VALUE "ProductName", "Dll2Def\0" 20 | VALUE "ProductVersion", "1.0.0.0\0" 21 | END 22 | END 23 | BLOCK "VarFileInfo" 24 | BEGIN 25 | VALUE "Translation", 0x0409, 0x04B0 26 | END 27 | END 28 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dll2Def 2 | 3 | Command line tool to create an export defintion file from a dynamic link library 4 | 5 | **Usage** 6 | 7 | ``` 8 | Dll2Def [ /? | -? ] 9 | Dll2Def [] 10 | Dll2Def [] 11 | Dll2Def [] 12 | ``` 13 | 14 | **Switches**: 15 | 16 | - `/?` | `-?` - Displays help. 17 | 18 | **Parameters**: 19 | 20 | - `infilename` - name of a valid dll file to process. Supports the use of wildcards `*` and `?` for batch operations. 21 | - `outfilename` - (optional) is name of the definition file to create. Defaults to the `infilename` with `.def` extension. **Note:** cannot use wildcards if specifying `outfilename`. 22 | - `infilespec` - is the use of wildcards (`*.dll`) to process. 23 | - `outfolder` - (optional) is the folder to output `.def` files to. 24 | - `infolder` - (optional) is the folder to process. (assumes `*.*`) 25 | 26 | ## Building 27 | 28 | Dll2Def makes use of the [Console](https://github.com/mrfearless/libraries/tree/master/Console) x86 library, which can be located in the [libraries](https://github.com/mrfearless/libraries) repository. -------------------------------------------------------------------------------- /Dll2Def.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 30 | Dll2Def 31 | 32 | 33 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /Dll2Def.rap: -------------------------------------------------------------------------------- 1 | [Project] 2 | Assembler=masm 3 | Type=Console App 4 | Description=Dll2Def 5 | Backup=$P\Bak\ 6 | Group=1 7 | GroupExpand=1 8 | Res.rc=1 9 | Ver.rc=1 10 | [Files] 11 | 1=Dll2Def.asm 12 | 2=Dll2Def.inc 13 | 3=Dll2Def.rc 14 | 4=PELite.asm 15 | 5=PELite.inc 16 | [MakeFiles] 17 | 0=Dll2Def.rap 18 | 1=Dll2Def.rc 19 | 2=Dll2Def.asm 20 | 3=Dll2Def.obj 21 | 4=Dll2Def.res 22 | 5=Dll2Def.exe 23 | 6=Dll2Def.def 24 | 7=Dll2Def.dll 25 | 8=Dll2Def.txt 26 | 9=Dll2Def.lib 27 | 10=Dll2Def.mak 28 | 11=Dll2Def.hla 29 | 12=Dll2Def.com 30 | 13=Dll2Def.ocx 31 | 14=Dll2Def.idl 32 | 15=Dll2Def.tlb 33 | 16=Dll2Def.sys 34 | 17=Dll2Def.dp32 35 | 18=Dll2Def.pdb 36 | 19=Dll2Def.dp64 37 | [MakeDef] 38 | Menu=1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0 39 | 1=4,O,$B\RC.EXE /v,1 40 | 2=3,O,$B\ML.EXE /c /coff /Cp /nologo /I"$I",2 41 | 3=5,O,$B\LINK.EXE /SUBSYSTEM:CONSOLE /RELEASE /VERSION:4.0 /LIBPATH:"$L" /OUT:"$5",3,4 42 | 4=0,0,,5 43 | 5=rsrc.obj,O,$B\CVTRES.EXE,rsrc.res 44 | 6=*.obj,O,$B\ML.EXE /c /coff /Cp /nologo /I"$I",*.asm 45 | 7=0,0,"$E\x32dbg.exe",5 46 | 11=4,O,$B\RC.EXE /v,1 47 | 12=3,O,$B\ML.EXE /c /coff /Cp /Zi /Zd /nologo /I"$I",2 48 | 13=5,O,$B\LINK.EXE /SUBSYSTEM:CONSOLE /DEBUG /DEBUGTYPE:CV /PDB:"$18" /VERSION:4.0 /LIBPATH:"$L" /OUT:"$5",3,4 49 | 14=0,0,,5 50 | 15=rsrc.obj,O,$B\CVTRES.EXE,rsrc.res 51 | 16=*.obj,O,$B\ML.EXE /c /coff /Cp /Zi /Zd /nologo /I"$I",*.asm 52 | 17=0,0,"$E\x32dbg.exe",5 53 | [Resource] 54 | 1=,1,8,Dll2Def.xml 55 | 2=,100,2,gears.ico 56 | 3=,101,2,Cmd.ico 57 | [StringTable] 58 | [Accel] 59 | [VerInf] 60 | Nme=VERINF1 61 | ID=1 62 | FV=1.0.0.0 63 | PV=1.0.0.0 64 | VerOS=0x00000004 65 | VerFT=0x00000001 66 | VerLNG=0x00000409 67 | VerCHS=0x000004B0 68 | ProductVersion=1.0.0.0 69 | ProductName=Dll2Def 70 | OriginalFilename=Dll2Def 71 | LegalTrademarks=fearless 72 | LegalCopyright=fearless 73 | InternalName=Dll2Def 74 | FileDescription=Dll2Def 75 | FileVersion=1.0.0.0 76 | CompanyName=fearless 77 | [Group] 78 | Group=Assembly,Resources,Misc 79 | 1=1 80 | 2=1 81 | 3=2 82 | 4=1 83 | 5=1 84 | [AutoLoad] 85 | AutoLoad=2,4,5,1 86 | [RADebugBP] 87 | 5= 88 | 4= 89 | 2= 90 | 1= 91 | [Find] 92 | 1="mainCRTStartup" 93 | 2="CMDLINE_FILEIN_NOT_EXIST" 94 | 3=";-------------------------------------------------------------------------------------" 95 | 4=";--------------------------------------------------------------------------------" 96 | 5=";----------------------------------------------------------------------------" 97 | 6=";-----------------------------------------------------------------------------------------" 98 | 7="IMAGE_FILE_DLL" 99 | [VersionControl] 100 | Settings=1279 101 | Milestones=129 102 | MilestoneEvery=10 103 | MilestoneEveryCurrent=0 104 | MilestoneOnBuild=0.0.0.0 105 | MilestoneOnTime=2 106 | MilestoneOnDate=0 107 | MilestoneOnDateWhen=1 108 | MilestoneOnDateStatus=0 109 | MilestoneOnDateDate=11 110 | MilestoneOnDateTimeYear=2019 111 | MilestoneOnDateTimeMonth=8 112 | MilestoneOnDateTimeDate=5 113 | MilestoneOnDateTimeHour=9 114 | MilestoneOnDateTimeMin=22 115 | MilestoneOnDateTimeSec=21 116 | MilestoneOnDateTimeStatus=0 117 | BackupLocation=M:\radasm\Masm\Projects\VCBackups\ 118 | CompressionLevel=0 119 | DefaultComment=Project $N, $Z, Backup Created On $D At $T. 120 | ExcludeExt1=\ 121 | ExcludeExt2=\ 122 | ExcludeExt3=\ 123 | ExcludeExt4=\ 124 | FileVerLength=4 125 | FileVer2Range=0 126 | FileVer3Range=0 127 | FileVer4Range=0 128 | ProductVerLength=4 129 | ProductVer2Range=0 130 | ProductVer3Range=0 131 | ProductVer4Range=0 132 | [PTimer] 133 | PTimer=28506608 134 | [Collapse] 135 | 1=1778130976,44040193 136 | 2= 137 | 5=5630 138 | 4=86017089,690226176,4227072,32 139 | [Size] 140 | 1=0,0,0,0,27748 141 | 2=0,0,0,0,6361 142 | 5=0,0,0,0,1961 143 | 4=0,0,0,0,25822 144 | [GroupExpand] 145 | GroupExpand=1,0,1,0 146 | [BookMark] 147 | 0= 148 | 1= 149 | 2= 150 | 3= 151 | 4= 152 | 5= 153 | 6= 154 | 7= 155 | 8= 156 | 9= 157 | [BreakPoint] 158 | 0= 159 | -------------------------------------------------------------------------------- /Dll2Def.inc: -------------------------------------------------------------------------------- 1 | ;============================================================================== 2 | ; 3 | ; Dll2Def 4 | ; 5 | ;============================================================================== 6 | include windows.inc 7 | include user32.inc 8 | include kernel32.inc 9 | include shell32.inc 10 | include masm32.inc 11 | includelib user32.lib 12 | includelib kernel32.lib 13 | includelib shell32.lib 14 | includelib masm32.lib 15 | 16 | include Console.inc 17 | includelib Console.lib 18 | 19 | 20 | ;------------------------------------------------------------------------------ 21 | ; Dll2Def Prototypes 22 | ;------------------------------------------------------------------------------ 23 | Dll2DefMain PROTO 24 | Dll2DefRegisterSwitches PROTO 25 | Dll2DefRegisterCommands PROTO 26 | Dll2DefProcessCmdLine PROTO 27 | 28 | Dll2DefConInfo PROTO :DWORD 29 | Dll2DefConErr PROTO :DWORD 30 | 31 | Dll2Def_FilenameIn PROTO 32 | Dll2Def_FileSpecIn PROTO 33 | Dll2Def_FilenameIn_FilenameOut PROTO 34 | Dll2Def_FolderIn PROTO 35 | Dll2Def_FolderIn_FolderOut PROTO 36 | Dll2Def_FileSpecIn_FolderOut PROTO 37 | 38 | Dll2DefProcess PROTO :DWORD,:DWORD,:DWORD,:DWORD 39 | Dll2DefProcessBatch PROTO :DWORD 40 | 41 | JustFname PROTO :DWORD,:DWORD 42 | IFNDEF GetCommandLineA 43 | GetCommandLineA PROTO 44 | GetCommandLine EQU 45 | ENDIF 46 | 47 | 48 | .CONST 49 | ;------------------------------------------------------------------------------ 50 | ; Dll2Def Constants 51 | ;------------------------------------------------------------------------------ 52 | ICO_MAIN EQU 100 53 | ICO_CMD EQU 101 54 | 55 | ; Dll2DefConInfo dwMsgType: 56 | CON_OUT_INFO EQU 0 ; Header information 57 | CON_OUT_ABOUT EQU 1 ; About information 58 | CON_OUT_USAGE EQU 2 ; Usage information: switches/commands and params 59 | CON_OUT_HELP EQU 3 ; Help information 60 | 61 | ; Constants for Dll2DefProcessCmdLine 62 | ; return values and for Dll2DefConErr 63 | ; dwErrorType: 64 | 65 | ERROR_ZERO_EXPORTS EQU -14 66 | ERROR_ALLOC_MEMORY EQU -13 ; GlobalAlloc failed for some reason 67 | ERROR_CREATING_FILEOUT EQU -12 ; Couldnt create temporary output file 68 | ERROR_OPENING_FILEIN EQU -11 ; Couldnt open input filename 69 | ERROR_FILEIN_IS_EMPTY EQU -10 ; 0 byte file 70 | CMDLINE_COMMAND_WITHOUT_FILEIN EQU -9 ; User forgot to supply a filename or filespec or folder with command 71 | CMDLINE_SWITCH_WITHOUT_FILEIN EQU -8 ; User forgot to supply a filename or filespec or folder with command 72 | CMDLINE_FOLDER_NOT_SUPPORTED EQU -6 ; A folder (assumes \*.* filespec) provided whilst supplying output filename 73 | CMDLINE_FILESPEC_NOT_SUPPORTED EQU -5 ; Using *.* etc wildcards whilst supplying output filename 74 | CMDLINE_FILEIN_NOT_EXIST EQU -4 ; Filename or filepath provided does not exist 75 | CMDLINE_ERROR EQU -3 ; General error reading parameters 76 | CMDLINE_UNKNOWN_COMMAND EQU -2 ; User provided a command that wasnt recognised 77 | CMDLINE_UNKNOWN_SWITCH EQU -1 ; User provided a / or - switch that wasnt recognised 78 | CMDLINE_NOTHING EQU 0 ; 79 | CMDLINE_HELP EQU 1 ; User specified /? -? --? as a parameter 80 | CMDLINE_FILEIN EQU 2 ; A single filename was specified 81 | CMDLINE_FILEIN_FILESPEC EQU 3 ; A filespec (*.*, *.txt) was specified 82 | CMDLINE_FILEIN_FILEOUT EQU 4 ; A filename for input and a filename for output was specified 83 | CMDLINE_FOLDER_FILESPEC EQU 5 ; A folder was specified (assumes \*.* filespec) 84 | CMDLINE_FILEIN_FILESPEC_FOLDEROUT EQU 6 ; A filespec (*.*, *.txt) was specified AND a folder for output 85 | CMDLINE_FOLDER_FILESPEC_FOLDEROUT EQU 7 ; A folder was specified (assumes \*.* filespec) AND a folder for output 86 | 87 | ; Dll2Def Switch IDs: /? -? --? /f -f 88 | SWITCH_HELP EQU 0 ; /? help switch 89 | SWITCH_HELP_UNIX EQU 1 ; -? help switch 90 | SWITCH_HELP_UNIX2 EQU 2 ; --? help switch 91 | 92 | 93 | .DATA 94 | ;------------------------------------------------------------------------------ 95 | ; Dll2Def Initialized Data 96 | ;------------------------------------------------------------------------------ 97 | AppName DB 'Dll2Def',0 98 | TitleName DB 'Dll2Def Tool v1.0.0.0',0 99 | szConTitle DB MAX_PATH DUP (0) 100 | CmdLineParameters DB 512 DUP (0) 101 | CmdLineParameter DB 256 DUP (0) 102 | ErrParameter DB 256 DUP (0) 103 | TotalCmdLineParameters DD 0 104 | 105 | ; Help 106 | szDll2DefConName DB "Dll2Def",0 107 | szDll2DefConInfoStart DB 13,10,"[",0 108 | szDll2DefConInfoFinish DB "] v1.00 - Create an export definition file from a Dll - 2019 fearless",13,10,13,10,0 109 | 110 | szDll2DefConInfo DB 13,10,"[Dll2Def] v1.00 - Create an export definition file from a Dll - 2019 fearless",13,10,13,10,0 111 | 112 | szDll2DefConAbout DB "About:",13,10 113 | DB "========",13,10 114 | DB "Dll2Def is a console program which needs to be ran from a command prompt.",13,10 115 | DB "For detailed help on the Dll2Def options, specify Dll2Def /? at the prompt.",13,10 116 | DB 13,10,13,10 117 | DB 13,10,0 118 | 119 | szDll2DefConHelp DB 13,10 120 | DB " Switches:",13,10 121 | DB 13,10 122 | DB " /? | -? Displays this help.",13,10 123 | DB 13,10 124 | DB 13,10 125 | DB " Parameters:",13,10 126 | DB 13,10 127 | DB " name of a valid dll file to process.",13,10 128 | DB " Supports the use of wildcards * and ? for batch operations.",13,10 129 | DB 13,10 130 | DB " (optional) is name of the definition file",13,10 131 | DB " to create. Defaults to the with .def extension.",13,10 132 | DB " Note: cannot use wildcards if specifying .",13,10 133 | DB 13,10 134 | DB " is the use of wildcards (*.dll) to process.",13,10 135 | DB 13,10 136 | DB " (optional) is the folder to output .def files to.",13,10 137 | DB 13,10 138 | DB " (optional) is the folder to process. (Assumes *.*)",13,10 139 | DB 13,10 140 | DB 13,10 141 | DB 13,10,0 142 | 143 | szDll2DefConHelpUsage DB " Usage: Dll2Def [ /? | -? ]",13,10 144 | DB " Dll2Def []",13,10 145 | DB " Dll2Def []",13,10 146 | DB " Dll2Def []",13,10 147 | DB 13,10,0 148 | 149 | 150 | szSuccessExport DB "Exported ",0 151 | ExportedFunctionCount DD 0 152 | szExportedFunctionCount DB 16 DUP (0) 153 | szSuccessFunctions DB " functions.",0 154 | szInFileSpec DB "[=] Filespec: ",0 155 | szInFile DB "[<] ",0 156 | szOutFile DB "[>] ",0 157 | szInfo DB "[i] ",0 158 | szDll2DefConBatchNoFiles DB 13,10,"[ ] Finished: no files where processed for current operation.",13,10,0 159 | szDll2DefConBatchSuccess DB 13,10,"[=] Finished: operation on all files successfull.",13,10,0 160 | szDll2DefConBatchFail DB 13,10,"[x] Finished: operation on all files failed!",13,10,0 161 | szDll2DefConBatchPartial DB 13,10,"[i] Finished: operation on some files failed.",13,10,0 162 | 163 | ; Error message 164 | szError DB "[!] Error: ",0 165 | szErrorUnknownSwitch DB " invalid switch specified.",0 166 | szErrorUnknownCommand DB " invalid command specified.",0 167 | szErrorCommandWithoutFile DB " command specified but no filename or filespec provided.",0 168 | szErrorFileSpecNotSupported DB " wildcard filespec not supported for input file(s) when also specifying output filename as well.",0 169 | szErrorFilenameNotExist DB " filename/filepath does not exist.",0 170 | szErrorOther DB "unknown error occured whilst parsing parameters and switches.",0 171 | szErrorFolderNotSupported DB " folder (assumes *.*) not supported for input file(s) when also specifying output filename as well.",0 172 | szErrorFileZeroBytes DB " file 0 bytes, skipping.",0 173 | szErrorOpeningInFile DB " failed to open input file, or not a valid exe/dll file.",0 174 | szErrorCreatingOutFile DB " failed to create .def file.",0 175 | szErrorAllocMemory DB "failed to allocate memory for operation.",0 176 | szErrorZeroExports DB "zero exports in PE file.",0 177 | 178 | ; Punctuation 179 | szComma DB ',',0 180 | szSpace DB ' ',0 181 | szColon DB ':',0 182 | szLeftBracket DB '{',0 183 | szRightBracket DB '}',0 184 | szBackslash DB '\',0 185 | szLeftSquareBracket DB '[',0 186 | szRightSquareBracket DB ']',0 187 | szQuote DB '"',0 188 | szSingleQuote DB "'",0 189 | szDash DB '-',0 190 | szForwardslash DB '/',0 191 | szWildCardStar DB '*',0 192 | szWildCardQuestion DB '?',0 193 | szLF DB 10,0 194 | szCRLF DB 13,10,0 195 | szFolderAllFiles DB '\*.*',0 196 | 197 | SwitchHelp DB '/?',0 198 | SwitchHelpAlt DB '-?',0 199 | SwitchHelpAlt2 DB '--?',0 200 | 201 | g_OptionUseFilename DD TRUE 202 | g_OptionRemoveUnderscore DD FALSE 203 | _g_OutputFolder DD FALSE 204 | 205 | 206 | 207 | 208 | ; Filename Buffers 209 | szDll2DefFilename DB MAX_PATH DUP (0) 210 | szDll2DefInFilename DB MAX_PATH DUP (0) 211 | szDll2DefOutFilename DB MAX_PATH DUP (0) 212 | szDll2DefOutFolder DB MAX_PATH DUP (0) 213 | 214 | .DATA? 215 | ;------------------------------------------------------------------------------ 216 | ; Dll2Def Uninitialized Data 217 | ;------------------------------------------------------------------------------ 218 | hFileIn DD ? 219 | hMemMapIn DD ? 220 | hMemMapInPtr DD ? 221 | hFileOut DD ? 222 | hMemMapOut DD ? 223 | hMemMapOutPtr DD ? 224 | qwFileSize DQ ? 225 | dwFileSize DD ? 226 | dwFileSizeHigh DD ? 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | -------------------------------------------------------------------------------- /PELite.inc: -------------------------------------------------------------------------------- 1 | ;============================================================================== 2 | ; 3 | ; PE LIBRARY - Special Lite Version For Dll2Def 4 | ; 5 | ;============================================================================== 6 | 7 | ;------------------------------------------------------------------------------ 8 | ; PE Prototypes 9 | ;------------------------------------------------------------------------------ 10 | PE_OpenFile PROTO :DWORD,:DWORD,:DWORD ; lpszPEFilename, bReadOnly, lpdwPEHandle. Returns in eax a handle used in other functions: hPE 11 | PE_CloseFile PROTO :DWORD ; hPE returned from PE_OpenFile. 12 | PE_Analyze PROTO :DWORD,:DWORD ; pPEInMemory, lpdwPEHandle. Returns in eax a handle used in other functions: hPE 13 | 14 | ; Export Functions 15 | PE_ExportDirectoryTable PROTO :DWORD ; hPE 16 | PE_ExportNamePointerTable PROTO :DWORD ; hPE 17 | PE_ExportNameCount PROTO :DWORD ; hPE 18 | PE_ExportDLLName PROTO :DWORD ; hPE 19 | PE_ExportFunctionNames PROTO :DWORD,:DWORD ; hPE, lpdwFunctionsList 20 | PE_ExportFunctionNameToDef PROTO :DWORD,:DWORD,:DWORD,:DWORD ; hPE, lpszDefFilename, bUseFilename, bRemoveUnderscore 21 | 22 | PE_DLL PROTO :DWORD ; hPE 23 | PE_PE64 PROTO :DWORD ; hPE 24 | 25 | ; Helper Functions: 26 | PE_RVAToOffset PROTO :DWORD,:DWORD ; hPE, dwRVA 27 | PE_FileName PROTO :DWORD ; hPE 28 | PE_FileNameOnly PROTO :DWORD,:DWORD ; hPE, lpszFileNameOnly 29 | 30 | 31 | 32 | ;------------------------------------------------------------------------------ 33 | ; Structures for internal use 34 | ;------------------------------------------------------------------------------ 35 | IFNDEF PEINFO 36 | PEINFO STRUCT 37 | PEOpenMode DD 0 38 | PEHandle DD 0 39 | PEFilename DB MAX_PATH DUP (0) 40 | PEFilesize DD 0 41 | PEVersion DD 0 42 | PE64 DD 0 43 | PEDLL DD 0 44 | PEDOSHeader DD 0 45 | PENTHeader DD 0 46 | PEFileHeader DD 0 47 | PEOptionalHeader DD 0 48 | PESectionTable DD 0 49 | PESectionCount DD 0 50 | PEOptionalHeaderSize DD 0 51 | PEImageBase DD 0 52 | PE64ImageBase DQ 0 53 | PENumberOfRvaAndSizes DD 0 54 | PEDataDirectories DD 0 55 | PEExportCount DD 0 56 | PEExportDirectoryTable DD 0 57 | PEExportAddressTable DD 0 58 | PEExportNamePointerTable DD 0 59 | PEExportOrdinalTable DD 0 60 | PEExportNameTable DD 0 61 | PEMemMapPtr DD 0 62 | PEMemMapHandle DD 0 63 | PEFileHandle DD 0 64 | PEINFO ENDS 65 | ENDIF 66 | 67 | 68 | ;------------------------------------------------------------------------------ 69 | ; PE Structures 70 | ;------------------------------------------------------------------------------ 71 | IFNDEF IMAGE_DATA_DIRECTORY 72 | IMAGE_DATA_DIRECTORY STRUCT 73 | VirtualAddress DWORD ? 74 | isize DWORD ? 75 | IMAGE_DATA_DIRECTORY ENDS 76 | ENDIF 77 | 78 | IFNDEF IMAGE_SECTION_HEADER 79 | IMAGE_SECTION_HEADER STRUCT 80 | Name1 DB IMAGE_SIZEOF_SHORT_NAME dup(?) 81 | union Misc 82 | PhysicalAddress DWORD ? 83 | VirtualSize DWORD ? 84 | ends 85 | VirtualAddress DWORD ? 86 | SizeOfRawData DWORD ? 87 | PointerToRawData DWORD ? 88 | PointerToRelocations DWORD ? 89 | PointerToLinenumbers DWORD ? 90 | NumberOfRelocations WORD ? 91 | NumberOfLinenumbers WORD ? 92 | Characteristics DWORD ? 93 | IMAGE_SECTION_HEADER ENDS 94 | ENDIF 95 | 96 | IFNDEF IMAGE_OPTIONAL_HEADER32 97 | IMAGE_OPTIONAL_HEADER32 STRUCT 98 | Magic WORD ? 99 | MajorLinkerVersion BYTE ? 100 | MinorLinkerVersion BYTE ? 101 | SizeOfCode DWORD ? 102 | SizeOfInitializedData DWORD ? 103 | SizeOfUninitializedData DWORD ? 104 | AddressOfEntryPoint DWORD ? 105 | BaseOfCode DWORD ? 106 | BaseOfData DWORD ? 107 | ImageBase DWORD ? 108 | SectionAlignment DWORD ? 109 | FileAlignment DWORD ? 110 | MajorOperatingSystemVersion WORD ? 111 | MinorOperatingSystemVersion WORD ? 112 | MajorImageVersion WORD ? 113 | MinorImageVersion WORD ? 114 | MajorSubsystemVersion WORD ? 115 | MinorSubsystemVersion WORD ? 116 | Win32VersionValue DWORD ? 117 | SizeOfImage DWORD ? 118 | SizeOfHeaders DWORD ? 119 | CheckSum DWORD ? 120 | Subsystem WORD ? 121 | DllCharacteristics WORD ? 122 | SizeOfStackReserve DWORD ? 123 | SizeOfStackCommit DWORD ? 124 | SizeOfHeapReserve DWORD ? 125 | SizeOfHeapCommit DWORD ? 126 | LoaderFlags DWORD ? 127 | NumberOfRvaAndSizes DWORD ? 128 | DataDirectory IMAGE_DATA_DIRECTORY IMAGE_NUMBEROF_DIRECTORY_ENTRIES dup(<>) 129 | IMAGE_OPTIONAL_HEADER32 ENDS 130 | ENDIF 131 | 132 | IFNDEF IMAGE_OPTIONAL_HEADER64 133 | IMAGE_OPTIONAL_HEADER64 STRUCT 134 | Magic WORD ? 135 | MajorLinkerVersion BYTE ? 136 | MinorLinkerVersion BYTE ? 137 | SizeOfCode DWORD ? 138 | SizeOfInitializedData DWORD ? 139 | SizeOfUninitializedData DWORD ? 140 | AddressOfEntryPoint DWORD ? 141 | BaseOfCode DWORD ? 142 | ImageBase QWORD ? 143 | SectionAlignment DWORD ? 144 | FileAlignment DWORD ? 145 | MajorOperatingSystemVersion WORD ? 146 | MinorOperatingSystemVersion WORD ? 147 | MajorImageVersion WORD ? 148 | MinorImageVersion WORD ? 149 | MajorSubsystemVersion WORD ? 150 | MinorSubsystemVersion WORD ? 151 | Win32VersionValue DWORD ? 152 | SizeOfImage DWORD ? 153 | SizeOfHeaders DWORD ? 154 | CheckSum DWORD ? 155 | Subsystem WORD ? 156 | DllCharacteristics WORD ? 157 | SizeOfStackReserve QWORD ? 158 | SizeOfStackCommit QWORD ? 159 | SizeOfHeapReserve QWORD ? 160 | SizeOfHeapCommit QWORD ? 161 | LoaderFlags DWORD ? 162 | NumberOfRvaAndSizes DWORD ? 163 | DataDirectory IMAGE_DATA_DIRECTORY IMAGE_NUMBEROF_DIRECTORY_ENTRIES dup(<>) 164 | IMAGE_OPTIONAL_HEADER64 ENDS 165 | ENDIF 166 | 167 | IMAGE_OPTIONAL_HEADER equ 168 | 169 | IFNDEF IMAGE_FILE_HEADER 170 | IMAGE_FILE_HEADER STRUCT 171 | Machine WORD ? 172 | NumberOfSections WORD ? 173 | TimeDateStamp DWORD ? 174 | PointerToSymbolTable DWORD ? 175 | NumberOfSymbols DWORD ? 176 | SizeOfOptionalHeader WORD ? 177 | Characteristics WORD ? 178 | IMAGE_FILE_HEADER ENDS 179 | ENDIF 180 | 181 | IFNDEF IMAGE_NT_HEADERS 182 | IMAGE_NT_HEADERS STRUCT 183 | Signature DWORD ? 184 | FileHeader IMAGE_FILE_HEADER <> 185 | OptionalHeader IMAGE_OPTIONAL_HEADER32 <> 186 | IMAGE_NT_HEADERS ENDS 187 | ENDIF 188 | 189 | IFNDEF IMAGE_NT_HEADERS32 190 | IMAGE_NT_HEADERS32 STRUCT 191 | Signature DWORD ? 192 | FileHeader IMAGE_FILE_HEADER <> 193 | OptionalHeader IMAGE_OPTIONAL_HEADER32 <> 194 | IMAGE_NT_HEADERS32 ENDS 195 | ENDIF 196 | 197 | IFNDEF IMAGE_NT_HEADERS64 198 | IMAGE_NT_HEADERS64 STRUCT 199 | Signature DWORD ? 200 | FileHeader IMAGE_FILE_HEADER <> 201 | OptionalHeader IMAGE_OPTIONAL_HEADER64 <> 202 | IMAGE_NT_HEADERS64 ENDS 203 | ENDIF 204 | 205 | IFNDEF IMAGE_EXPORT_DIRECTORY 206 | IMAGE_EXPORT_DIRECTORY STRUCT 207 | Characteristics DWORD ? 208 | TimeDateStamp DWORD ? 209 | MajorVersion WORD ? 210 | MinorVersion WORD ? 211 | nName DWORD ? 212 | nBase DWORD ? 213 | NumberOfFunctions DWORD ? 214 | NumberOfNames DWORD ? 215 | AddressOfFunctions DWORD ? 216 | AddressOfNames DWORD ? 217 | AddressOfNameOrdinals DWORD ? 218 | IMAGE_EXPORT_DIRECTORY ENDS 219 | ENDIF 220 | 221 | IFNDEF IMAGE_DOS_HEADER 222 | IMAGE_DOS_HEADER STRUCT 223 | e_magic WORD ? 224 | e_cblp WORD ? 225 | e_cp WORD ? 226 | e_crlc WORD ? 227 | e_cparhdr WORD ? 228 | e_minalloc WORD ? 229 | e_maxalloc WORD ? 230 | e_ss WORD ? 231 | e_sp WORD ? 232 | e_csum WORD ? 233 | e_ip WORD ? 234 | e_cs WORD ? 235 | e_lfarlc WORD ? 236 | e_ovno WORD ? 237 | e_res WORD 4 dup(?) 238 | e_oemid WORD ? 239 | e_oeminfo WORD ? 240 | e_res2 WORD 10 dup(?) 241 | e_lfanew DWORD ? 242 | IMAGE_DOS_HEADER ENDS 243 | ENDIF 244 | 245 | .CONST 246 | ;------------------------------------------------------------------------------ 247 | ; PE Constants 248 | ;------------------------------------------------------------------------------ 249 | PE_ALIGN TEXTEQU 250 | PE_INVALID EQU 0 251 | PE_ARCH_32 EQU 1 252 | PE_ARCH_64 EQU 2 253 | PE32 EQU PE_ARCH_32 254 | PE64 EQU PE_ARCH_64 255 | 256 | ; PE Error Enums: 257 | PE_ERROR_SECTION_MOVE EQU -14 ; Failed to move section 258 | PE_ERROR_SECTION_INS EQU -13 ; Failed to add and insert section to PE file 259 | PE_ERROR_SECTION_DEL EQU -12 ; Failed to delete section to PE file 260 | PE_ERROR_SECTION_ADD EQU -11 ; Failed to add section to PE file 261 | PE_ERROR_ANALYZE_NULL EQU -10 ; PE memory address is 0 or size is 0 262 | PE_ERROR_ANALYZE_INVALID EQU -9 ; Invalid magic no or signature 263 | PE_ERROR_ANALYZE_ALLOC EQU -8 ; Could not allocate memory for initial analysis 264 | PE_ERROR_OPEN_VIEW EQU -7 ; Could not map a view of PE file 265 | PE_ERROR_OPEN_MAP EQU -6 ; Could not map PE file 266 | PE_ERROR_OPEN_SIZE_HIGH EQU -5 ; File size too large to be a valid PE file 267 | PE_ERROR_OPEN_SIZE_LOW EQU -4 ; File size too low to be a valid PE file 268 | PE_ERROR_OPEN_FILE EQU -3 ; Error opening PE file 269 | PE_ERROR_OPEN_INVALID EQU -2 ; Not a valid PE file 270 | PE_ERROR_NO_HANDLE EQU -1 ; No variable provided to store hPE in or hPE is null 271 | PE_ERROR_SUCCESS EQU 0 ; Success 272 | 273 | ; Signatures: 274 | MZ_SIGNATURE EQU 5A4Dh ; ZM - 'MZ' 275 | PE_SIGNATURE EQU 4550h ; EP - 'PE' 276 | NE_SIGNATURE EQU 4E50h ; EN - 'NE' 277 | 278 | ; PE Magic Number: 279 | IMAGE_NT_OPTIONAL_HDR32_MAGIC EQU 010Bh ; The file is an executable image. 280 | IMAGE_NT_OPTIONAL_HDR64_MAGIC EQU 020Bh ; The file is an executable image. 281 | IMAGE_ROM_OPTIONAL_HDR_MAGIC EQU 0107h ; The file is a ROM image. 282 | 283 | ; Optional Header Structure Sizes: 284 | SIZEOF_STANDARD_FIELDS_PE32 EQU 28d 285 | SIZEOF_STANDARD_FIELDS_PE64 EQU 24d 286 | SIZEOF_WINDOWS_FIELDS_PE32 EQU 68d 287 | SIZEOF_WINDOWS_FIELDS_PE64 EQU 88d 288 | 289 | 290 | ;------------------------------------------------------------------------------ 291 | ; MS-COFF defines: 292 | ;------------------------------------------------------------------------------ 293 | ; Characteristics: 294 | IMAGE_FILE_DLL EQU 2000h ; The image file is a dynamic-link library (DLL). Such files are considered executable files for almost all purposes, although they cannot be directly run. 295 | 296 | ; Data Directory Indexes: 297 | IMAGE_DIRECTORY_ENTRY_EXPORT EQU 0 ; Export directory 298 | IMAGE_NUMBEROF_DIRECTORY_ENTRIES EQU 16 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | -------------------------------------------------------------------------------- /Dll2Def.asm: -------------------------------------------------------------------------------- 1 | ;============================================================================== 2 | ; 3 | ; Dll2Def 4 | ; 5 | ;============================================================================== 6 | .686 7 | .MMX 8 | .XMM 9 | .model flat,stdcall 10 | option casemap:none 11 | include \masm32\macros\macros.asm 12 | 13 | ;DEBUG32 EQU 1 14 | ;IFDEF DEBUG32 15 | ; PRESERVEXMMREGS equ 1 16 | ; Includelib M:\Masm32\lib\Debug32.lib 17 | ; DBG32LIB equ 1 18 | ; DEBUGEXE textequ <'M:\Masm32\DbgWin.exe'> 19 | ; Include M:\Masm32\include\debug32.inc 20 | ;ENDIF 21 | 22 | 23 | Include Dll2Def.inc 24 | Include PELite.asm 25 | 26 | .CODE 27 | 28 | 29 | ;------------------------------------------------------------------------------ 30 | ; Entry 31 | ;------------------------------------------------------------------------------ 32 | Main PROC 33 | Invoke ConsoleStarted 34 | .IF eax == TRUE ; Started From Console 35 | 36 | Invoke ConsoleAttach 37 | Invoke ConsoleGetTitle, Addr szConTitle, SIZEOF szConTitle 38 | Invoke ConsoleSetTitle, Addr TitleName 39 | Invoke Dll2DefConInfo, CON_OUT_INFO 40 | ; Start main console processing 41 | Invoke Dll2DefMain 42 | ; Exit main console processing 43 | Invoke ConsoleSetTitle, Addr szConTitle 44 | Invoke ConsoleShowCursor 45 | Invoke ConsoleFree 46 | 47 | .ELSE ; Started From Explorer 48 | 49 | Invoke ConsoleAttach 50 | Invoke ConsoleSetIcon, ICO_MAIN 51 | Invoke ConsoleSetTitle, Addr TitleName 52 | Invoke Dll2DefConInfo, CON_OUT_INFO 53 | Invoke Dll2DefConInfo, CON_OUT_ABOUT 54 | Invoke ConsolePause, CON_PAUSE_ANY_KEY_EXIT 55 | Invoke ConsoleSetIcon, ICO_CMD 56 | Invoke ConsoleFree 57 | 58 | .ENDIF 59 | 60 | Invoke ExitProcess,0 61 | ret 62 | Main ENDP 63 | 64 | ;------------------------------------------------------------------------------ 65 | ; Dll2DefMain 66 | ;------------------------------------------------------------------------------ 67 | Dll2DefMain PROC 68 | 69 | Invoke Dll2DefRegisterSwitches 70 | Invoke Dll2DefRegisterCommands 71 | Invoke Dll2DefProcessCmdLine 72 | 73 | ;-------------------------------------------------------------------------- 74 | ; HELP: /? help switch or no switch 75 | ;-------------------------------------------------------------------------- 76 | .IF eax == CMDLINE_NOTHING || eax == CMDLINE_HELP ; no switch provided or /? 77 | 78 | Invoke Dll2DefConInfo, CON_OUT_HELP 79 | 80 | ;-------------------------------------------------------------------------- 81 | ; CMDLINE_FILEIN 82 | ;-------------------------------------------------------------------------- 83 | .ELSEIF eax == CMDLINE_FILEIN 84 | Invoke Dll2Def_FilenameIn 85 | 86 | ;-------------------------------------------------------------------------- 87 | ; CMDLINE_FILEIN_FILESPEC 88 | ;-------------------------------------------------------------------------- 89 | .ELSEIF eax == CMDLINE_FILEIN_FILESPEC 90 | Invoke Dll2Def_FileSpecIn 91 | 92 | ;-------------------------------------------------------------------------- 93 | ; CMDLINE_FILEIN_FILEOUT 94 | ;-------------------------------------------------------------------------- 95 | .ELSEIF eax == CMDLINE_FILEIN_FILEOUT 96 | Invoke Dll2Def_FilenameIn_FilenameOut 97 | 98 | ;-------------------------------------------------------------------------- 99 | ; CMDLINE_FOLDER_FILESPEC 100 | ;-------------------------------------------------------------------------- 101 | .ELSEIF eax == CMDLINE_FOLDER_FILESPEC 102 | Invoke Dll2Def_FolderIn 103 | 104 | ;-------------------------------------------------------------------------- 105 | ; CMDLINE_FILEIN_FILESPEC_FOLDEROUT 106 | ;-------------------------------------------------------------------------- 107 | .ELSEIF eax == CMDLINE_FILEIN_FILESPEC_FOLDEROUT 108 | Invoke Dll2Def_FileSpecIn_FolderOut 109 | 110 | ;-------------------------------------------------------------------------- 111 | ; CMDLINE_FOLDER_FILESPEC_FOLDEROUT 112 | ;-------------------------------------------------------------------------- 113 | .ELSEIF eax == CMDLINE_FOLDER_FILESPEC_FOLDEROUT 114 | Invoke Dll2Def_FolderIn_FolderOut 115 | 116 | ;-------------------------------------------------------------------------- 117 | ; ERROR 118 | ;-------------------------------------------------------------------------- 119 | .ELSE 120 | 121 | Invoke Dll2DefConErr, eax 122 | 123 | .ENDIF 124 | 125 | ret 126 | Dll2DefMain ENDP 127 | 128 | ;------------------------------------------------------------------------------ 129 | ; Process command line information 130 | ;------------------------------------------------------------------------------ 131 | Dll2DefProcessCmdLine PROC 132 | LOCAL dwLenCmdLineParameter:DWORD 133 | LOCAL bFileIn:DWORD 134 | LOCAL bCommand:DWORD 135 | 136 | Invoke GetCommandLine 137 | Invoke ConsoleParseCmdLine, Addr CmdLineParameters 138 | mov TotalCmdLineParameters, eax ; will be at least 1 as param 0 is name of exe 139 | 140 | .IF TotalCmdLineParameters == 1 ; nothing extra specified 141 | mov eax, CMDLINE_NOTHING 142 | ret 143 | .ENDIF 144 | 145 | Invoke ConsoleCmdLineParam, Addr CmdLineParameters, 1, TotalCmdLineParameters, Addr CmdLineParameter 146 | .IF sdword ptr eax > 0 147 | mov dwLenCmdLineParameter, eax 148 | .ELSE 149 | mov eax, CMDLINE_ERROR 150 | ret 151 | .ENDIF 152 | 153 | ;-------------------------------------------------------------------------- 154 | ; Dll2Def [switch|command] 155 | ; Dll2Def FILENAMEIN 156 | ; Dll2Def FILESPECIN 157 | ; Dll2Def FOLDERIN 158 | ;-------------------------------------------------------------------------- 159 | .IF TotalCmdLineParameters == 2 160 | 161 | Invoke ConsoleCmdLineParamType, Addr CmdLineParameters, 1, TotalCmdLineParameters 162 | .IF eax == CMDLINE_PARAM_TYPE_ERROR 163 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_ERROR' 164 | mov eax, CMDLINE_ERROR 165 | ret 166 | 167 | .ELSEIF eax == CMDLINE_PARAM_TYPE_UNKNOWN 168 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_UNKNOWN' 169 | 170 | .ELSEIF eax == CMDLINE_PARAM_TYPE_SWITCH 171 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_SWITCH' 172 | Invoke ConsoleSwitchID, Addr CmdLineParameter, FALSE 173 | .IF eax == SWITCH_HELP || eax == SWITCH_HELP_UNIX || eax == SWITCH_HELP_UNIX2 174 | mov eax, CMDLINE_HELP 175 | ret 176 | ; User specified an unknown switch (one that isn't registered) : /x -x 177 | .ELSE 178 | mov eax, CMDLINE_UNKNOWN_SWITCH 179 | ret 180 | .ENDIF 181 | 182 | .ELSEIF eax == CMDLINE_PARAM_TYPE_COMMAND 183 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_COMMAND' 184 | Invoke ConsoleCommandID, Addr CmdLineParameter, FALSE 185 | ;PrintDec eax 186 | .IF eax == -1 187 | mov eax, CMDLINE_UNKNOWN_COMMAND 188 | ret 189 | .ELSE 190 | mov eax, CMDLINE_UNKNOWN_COMMAND 191 | ret 192 | .ENDIF 193 | 194 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILESPEC 195 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_FILESPEC' 196 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 197 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 198 | mov eax, CMDLINE_FILEIN_FILESPEC 199 | ret 200 | 201 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILENAME 202 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_FILENAME' 203 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 204 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 205 | Invoke exist, Addr szDll2DefInFilename 206 | .IF eax == TRUE ; does exist 207 | mov eax, CMDLINE_FILEIN 208 | ret 209 | .ELSE 210 | mov eax, CMDLINE_FILEIN_NOT_EXIST 211 | ret 212 | .ENDIF 213 | 214 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FOLDER 215 | ;PrintText 'ConsoleCmdLineParamType CMDLINE_PARAM_TYPE_FOLDER' 216 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 217 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 218 | Invoke exist, Addr szDll2DefInFilename 219 | .IF eax == TRUE ; does exist 220 | ; assume filespec of *.* in folder provided 221 | Invoke lstrcat, Addr szDll2DefInFilename, Addr szFolderAllFiles 222 | mov eax, CMDLINE_FOLDER_FILESPEC 223 | ret 224 | .ELSE 225 | mov eax, CMDLINE_FILEIN_NOT_EXIST 226 | ret 227 | .ENDIF 228 | .ENDIF 229 | .ENDIF 230 | 231 | ;-------------------------------------------------------------------------- 232 | ; Dll2Def FILENAMEIN FILENAMEOUT 233 | ; Dll2Def FILESPECIN FOLDEROUT 234 | ; Dll2Def FOLDERIN FOLDEROUT 235 | ; Dll2Def [switch|command] FILENAMEIN 236 | ; Dll2Def [switch|command] FILESPECIN 237 | ; Dll2Def [switch|command] FOLDERIN 238 | ; Dll2Def [switch|command] [switch|command] 239 | ; Dll2Def FILENAMEIN [switch|command] 240 | ; Dll2Def FILESPECIN [switch|command] 241 | ; Dll2Def FOLDERIN [switch|command] 242 | ;-------------------------------------------------------------------------- 243 | mov bFileIn, FALSE 244 | 245 | 246 | .IF TotalCmdLineParameters == 3 247 | Invoke ConsoleCmdLineParamType, Addr CmdLineParameters, 1, TotalCmdLineParameters 248 | .IF eax == CMDLINE_PARAM_TYPE_ERROR 249 | mov eax, CMDLINE_ERROR 250 | ret 251 | 252 | .ELSEIF eax == CMDLINE_PARAM_TYPE_UNKNOWN 253 | 254 | .ELSEIF eax == CMDLINE_PARAM_TYPE_SWITCH 255 | Invoke ConsoleSwitchID, Addr CmdLineParameter, FALSE 256 | .IF eax == SWITCH_HELP || eax == SWITCH_HELP_UNIX || eax == SWITCH_HELP_UNIX2 257 | mov eax, CMDLINE_HELP 258 | ret 259 | .ELSE 260 | mov eax, CMDLINE_UNKNOWN_SWITCH 261 | ret 262 | .ENDIF 263 | 264 | .ELSEIF eax == CMDLINE_PARAM_TYPE_COMMAND 265 | Invoke ConsoleCommandID, Addr CmdLineParameter, FALSE 266 | .IF eax == -1 267 | mov eax, CMDLINE_UNKNOWN_COMMAND 268 | ret 269 | .ELSE 270 | mov eax, CMDLINE_UNKNOWN_COMMAND 271 | ret 272 | .ENDIF 273 | 274 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILESPEC 275 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 276 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 277 | 278 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILENAME 279 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 280 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 281 | Invoke exist, Addr szDll2DefInFilename 282 | .IF eax == TRUE ; does exist 283 | ;mov bFileIn, TRUE 284 | ;mov eax, CMDLINE_FILEIN 285 | ;ret 286 | .ELSE 287 | mov eax, CMDLINE_FILEIN_NOT_EXIST 288 | ret 289 | .ENDIF 290 | 291 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FOLDER 292 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 293 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 294 | Invoke exist, Addr szDll2DefInFilename 295 | .IF eax == TRUE ; does exist 296 | ; assume filespec of *.* in folder provided 297 | Invoke lstrcat, Addr szDll2DefInFilename, Addr szFolderAllFiles 298 | .ELSE 299 | mov eax, CMDLINE_FILEIN_NOT_EXIST 300 | ret 301 | .ENDIF 302 | 303 | .ENDIF 304 | 305 | ; Get 2nd param 306 | Invoke ConsoleCmdLineParam, Addr CmdLineParameters, 2, TotalCmdLineParameters, Addr CmdLineParameter 307 | .IF sdword ptr eax > 0 308 | mov dwLenCmdLineParameter, eax 309 | .ELSE 310 | mov eax, CMDLINE_ERROR 311 | ret 312 | .ENDIF 313 | 314 | Invoke ConsoleCmdLineParamType, Addr CmdLineParameters, 2, TotalCmdLineParameters 315 | .IF eax == CMDLINE_PARAM_TYPE_ERROR 316 | mov eax, CMDLINE_ERROR 317 | ret 318 | 319 | .ELSEIF eax == CMDLINE_PARAM_TYPE_UNKNOWN 320 | 321 | .ELSEIF eax == CMDLINE_PARAM_TYPE_SWITCH 322 | Invoke ConsoleSwitchID, Addr CmdLineParameter, FALSE 323 | .IF eax == SWITCH_HELP || eax == SWITCH_HELP_UNIX || eax == SWITCH_HELP_UNIX2 324 | mov eax, CMDLINE_HELP 325 | ret 326 | .ELSE 327 | mov eax, CMDLINE_UNKNOWN_SWITCH 328 | ret 329 | .ENDIF 330 | 331 | .ELSEIF eax == CMDLINE_PARAM_TYPE_COMMAND ; user specified filename/filespec/folder first then command? 332 | Invoke ConsoleCommandID, Addr CmdLineParameter, FALSE 333 | .IF eax == -1 334 | mov eax, CMDLINE_UNKNOWN_COMMAND 335 | ret 336 | .ELSE 337 | mov eax, CMDLINE_UNKNOWN_COMMAND 338 | ret 339 | .ENDIF 340 | 341 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILESPEC 342 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefInFilename, MAX_PATH 343 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefInFilename 344 | mov eax, CMDLINE_FILESPEC_NOT_SUPPORTED 345 | ret 346 | 347 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILENAME 348 | ;Invoke szCopy, Addr CmdLineParameter, Addr szDll2DefOutFilename 349 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefOutFilename, MAX_PATH 350 | Invoke ConsoleCmdLineParamType, Addr CmdLineParameters, 1, TotalCmdLineParameters 351 | .IF eax == CMDLINE_PARAM_TYPE_FILENAME 352 | mov eax, CMDLINE_FILEIN_FILEOUT 353 | ret 354 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILESPEC 355 | mov eax, CMDLINE_FILESPEC_NOT_SUPPORTED 356 | ret 357 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FOLDER 358 | mov eax, CMDLINE_FOLDER_NOT_SUPPORTED 359 | ret 360 | .ELSE 361 | mov eax, CMDLINE_ERROR 362 | ret 363 | .ENDIF 364 | 365 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FOLDER 366 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefOutFilename, MAX_PATH 367 | Invoke ConsoleCmdLineParamType, Addr CmdLineParameters, 1, TotalCmdLineParameters 368 | .IF eax == CMDLINE_PARAM_TYPE_FILENAME 369 | ; output filein to a specific folder 370 | Invoke JustFname, Addr szDll2DefInFilename, Addr szDll2DefFilename 371 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT("\") 372 | Invoke lstrcat, Addr szDll2DefOutFilename, Addr szDll2DefFilename 373 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT(".def") 374 | mov eax, CMDLINE_FILEIN_FILEOUT 375 | ret 376 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FILESPEC 377 | mov _g_OutputFolder, TRUE 378 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefOutFolder, MAX_PATH 379 | mov eax, CMDLINE_FILEIN_FILESPEC_FOLDEROUT 380 | ret 381 | .ELSEIF eax == CMDLINE_PARAM_TYPE_FOLDER 382 | mov _g_OutputFolder, TRUE 383 | Invoke ExpandEnvironmentStrings, Addr CmdLineParameter, Addr szDll2DefOutFolder, MAX_PATH 384 | mov eax, CMDLINE_FOLDER_FILESPEC_FOLDEROUT 385 | ret 386 | .ELSE 387 | mov eax, CMDLINE_ERROR 388 | ret 389 | .ENDIF 390 | 391 | .ENDIF 392 | 393 | .ENDIF 394 | 395 | mov eax, CMDLINE_ERROR 396 | 397 | ret 398 | Dll2DefProcessCmdLine ENDP 399 | 400 | ;------------------------------------------------------------------------------ 401 | ; Register switches for use on command line 402 | ;------------------------------------------------------------------------------ 403 | Dll2DefRegisterSwitches PROC 404 | Invoke ConsoleSwitchRegister, Addr SwitchHelp, SWITCH_HELP 405 | Invoke ConsoleSwitchRegister, Addr SwitchHelpAlt, SWITCH_HELP_UNIX 406 | Invoke ConsoleSwitchRegister, Addr SwitchHelpAlt2, SWITCH_HELP_UNIX2 407 | ret 408 | Dll2DefRegisterSwitches ENDP 409 | 410 | ;------------------------------------------------------------------------------ 411 | ; Register commands for use on command line 412 | ;------------------------------------------------------------------------------ 413 | Dll2DefRegisterCommands PROC 414 | ret 415 | Dll2DefRegisterCommands ENDP 416 | 417 | ;------------------------------------------------------------------------------ 418 | ; Prints out console information 419 | ;------------------------------------------------------------------------------ 420 | Dll2DefConInfo PROC dwMsgType:DWORD 421 | mov eax, dwMsgType 422 | .IF eax == CON_OUT_INFO 423 | 424 | Invoke ConsoleStdOut, Addr szDll2DefConInfoStart 425 | Invoke ConsoleStdOutColor, Addr szDll2DefConName, FOREGROUND_INTENSE_WHITE 426 | Invoke ConsoleStdOut, Addr szDll2DefConInfoFinish 427 | 428 | ;Invoke ConsoleStdOut, Addr szDll2DefConInfo 429 | .ELSEIF eax == CON_OUT_ABOUT 430 | Invoke ConsoleStdOut, Addr szDll2DefConAbout 431 | .ELSEIF eax == CON_OUT_USAGE 432 | Invoke ConsoleStdOut, Addr szDll2DefConHelpUsage 433 | .ELSEIF eax == CON_OUT_HELP 434 | ;Invoke ConsoleStdOut, Addr szDll2DefConHelp 435 | Invoke ConsoleStdOutColor, Addr szDll2DefConHelpUsage, FOREGROUND_INTENSE_WHITE 436 | Invoke ConsoleStdOut, Addr szDll2DefConHelp 437 | 438 | .ENDIF 439 | ret 440 | Dll2DefConInfo ENDP 441 | 442 | ;------------------------------------------------------------------------------ 443 | ; Prints out error information to console 444 | ;------------------------------------------------------------------------------ 445 | Dll2DefConErr PROC dwErrorType:DWORD 446 | mov eax, dwErrorType 447 | .IF eax == CMDLINE_UNKNOWN_SWITCH || eax == CMDLINE_UNKNOWN_COMMAND || eax == CMDLINE_COMMAND_WITHOUT_FILEIN 448 | Invoke ConsoleStdOut, Addr szError 449 | Invoke ConsoleStdOut, Addr szSingleQuote 450 | Invoke ConsoleStdOut, Addr CmdLineParameter 451 | Invoke ConsoleStdOut, Addr szSingleQuote 452 | mov eax, dwErrorType 453 | .IF eax == CMDLINE_UNKNOWN_SWITCH 454 | Invoke ConsoleStdOut, Addr szErrorUnknownSwitch 455 | .ELSEIF eax == CMDLINE_UNKNOWN_COMMAND 456 | Invoke ConsoleStdOut, Addr szErrorUnknownCommand 457 | .ELSEIF eax == CMDLINE_COMMAND_WITHOUT_FILEIN 458 | Invoke ConsoleStdOut, Addr szErrorCommandWithoutFile 459 | .ENDIF 460 | Invoke ConsoleStdOut, Addr szCRLF 461 | Invoke ConsoleStdOut, Addr szCRLF 462 | Invoke Dll2DefConInfo, CON_OUT_USAGE 463 | 464 | .ELSEIF eax == CMDLINE_FILEIN_NOT_EXIST 465 | Invoke ConsoleStdOut, Addr szError 466 | Invoke ConsoleStdOut, Addr szSingleQuote 467 | Invoke ConsoleStdOut, Addr szDll2DefInFilename 468 | Invoke ConsoleStdOut, Addr szSingleQuote 469 | Invoke ConsoleStdOut, Addr szErrorFilenameNotExist 470 | Invoke ConsoleStdOut, Addr szCRLF 471 | Invoke ConsoleStdOut, Addr szCRLF 472 | 473 | .ELSEIF eax == CMDLINE_ERROR 474 | Invoke ConsoleStdOut, Addr szError 475 | Invoke ConsoleStdOut, Addr szErrorOther 476 | Invoke ConsoleStdOut, Addr szCRLF 477 | Invoke ConsoleStdOut, Addr szCRLF 478 | 479 | .ELSEIF eax == ERROR_FILEIN_IS_EMPTY 480 | Invoke ConsoleStdOut, Addr szError 481 | Invoke ConsoleStdOut, Addr szSingleQuote 482 | Invoke ConsoleStdOut, Addr szDll2DefInFilename 483 | Invoke ConsoleStdOut, Addr szSingleQuote 484 | Invoke ConsoleStdOut, Addr szErrorFileZeroBytes 485 | Invoke ConsoleStdOut, Addr szCRLF 486 | Invoke ConsoleStdOut, Addr szCRLF 487 | 488 | .ELSEIF eax == ERROR_OPENING_FILEIN 489 | Invoke ConsoleStdOut, Addr szError 490 | Invoke ConsoleStdOut, Addr szSingleQuote 491 | Invoke ConsoleStdOut, Addr szDll2DefInFilename 492 | Invoke ConsoleStdOut, Addr szSingleQuote 493 | Invoke ConsoleStdOut, Addr szErrorOpeningInFile 494 | Invoke ConsoleStdOut, Addr szCRLF 495 | Invoke ConsoleStdOut, Addr szCRLF 496 | 497 | .ELSEIF eax == ERROR_CREATING_FILEOUT 498 | Invoke ConsoleStdOut, Addr szError 499 | Invoke ConsoleStdOut, Addr szSingleQuote 500 | Invoke ConsoleStdOut, Addr szDll2DefOutFilename 501 | Invoke ConsoleStdOut, Addr szSingleQuote 502 | Invoke ConsoleStdOut, Addr szErrorCreatingOutFile 503 | Invoke ConsoleStdOut, Addr szCRLF 504 | Invoke ConsoleStdOut, Addr szCRLF 505 | 506 | .ELSEIF eax == ERROR_ALLOC_MEMORY 507 | Invoke ConsoleStdOut, Addr szError 508 | Invoke ConsoleStdOut, Addr szErrorAllocMemory 509 | Invoke ConsoleStdOut, Addr szCRLF 510 | Invoke ConsoleStdOut, Addr szCRLF 511 | 512 | .ELSEIF eax == ERROR_ZERO_EXPORTS 513 | Invoke ConsoleStdOut, Addr szError 514 | Invoke ConsoleStdOut, Addr szErrorZeroExports 515 | Invoke ConsoleStdOut, Addr szCRLF 516 | Invoke ConsoleStdOut, Addr szCRLF 517 | .ENDIF 518 | ret 519 | Dll2DefConErr ENDP 520 | 521 | ;------------------------------------------------------------------------------ 522 | ; Process dllfilename 523 | ;------------------------------------------------------------------------------ 524 | Dll2Def_FilenameIn PROC 525 | Invoke Dll2DefProcess, Addr szDll2DefInFilename, NULL, g_OptionUseFilename, g_OptionRemoveUnderscore 526 | ret 527 | Dll2Def_FilenameIn ENDP 528 | 529 | ;------------------------------------------------------------------------------ 530 | ; Process dllfilename deffilename 531 | ;------------------------------------------------------------------------------ 532 | Dll2Def_FilenameIn_FilenameOut PROC 533 | Invoke Dll2DefProcess, Addr szDll2DefInFilename, Addr szDll2DefOutFilename, g_OptionUseFilename, g_OptionRemoveUnderscore 534 | ret 535 | Dll2Def_FilenameIn_FilenameOut ENDP 536 | 537 | ;------------------------------------------------------------------------------ 538 | ; Process *.*, *.dll etc 539 | ;------------------------------------------------------------------------------ 540 | Dll2Def_FileSpecIn PROC 541 | Invoke Dll2DefProcessBatch, Addr szDll2DefInFilename 542 | ret 543 | Dll2Def_FileSpecIn ENDP 544 | 545 | ;------------------------------------------------------------------------------ 546 | ; Process folder - assumes \*.* 547 | ;------------------------------------------------------------------------------ 548 | Dll2Def_FolderIn PROC 549 | Invoke Dll2DefProcessBatch, Addr szDll2DefInFilename 550 | ret 551 | Dll2Def_FolderIn ENDP 552 | 553 | ;------------------------------------------------------------------------------ 554 | ; Process folder - assumes \*.* to output folder 555 | ;------------------------------------------------------------------------------ 556 | Dll2Def_FolderIn_FolderOut PROC 557 | Invoke Dll2DefProcessBatch, Addr szDll2DefInFilename 558 | ret 559 | Dll2Def_FolderIn_FolderOut ENDP 560 | 561 | ;------------------------------------------------------------------------------ 562 | ; Process *.*, *.dll etc to output folder 563 | ;------------------------------------------------------------------------------ 564 | Dll2Def_FileSpecIn_FolderOut PROC 565 | Invoke Dll2DefProcessBatch, Addr szDll2DefInFilename 566 | ret 567 | Dll2Def_FileSpecIn_FolderOut ENDP 568 | 569 | ;------------------------------------------------------------------------------ 570 | ; Create Def file from Dll file 571 | ;------------------------------------------------------------------------------ 572 | Dll2DefProcess PROC lpszDllFilename:DWORD, lpszDefFilename:DWORD, bUseFilename:DWORD, bRemoveUnderscore:DWORD 573 | LOCAL hPE:DWORD 574 | 575 | Invoke ConsoleStdOut, Addr szInFile 576 | Invoke ConsoleStdOut, lpszDllFilename 577 | Invoke ConsoleStdOut, Addr szCRLF 578 | 579 | Invoke PE_OpenFile, lpszDllFilename, TRUE, Addr hPE 580 | .IF eax == FALSE 581 | ; error not a pe file 582 | Invoke Dll2DefConErr, ERROR_OPENING_FILEIN 583 | xor eax, eax 584 | ret 585 | .ENDIF 586 | 587 | Invoke PE_ExportNameCount, hPE 588 | .IF eax == 0 589 | ; error - no functions to export 590 | Invoke ConsoleStdOut, Addr szInfo 591 | Invoke ConsoleStdOut, Addr szErrorZeroExports 592 | Invoke ConsoleStdOut, Addr szCRLF 593 | xor eax, eax 594 | ret 595 | .ENDIF 596 | mov ExportedFunctionCount, eax 597 | 598 | .IF lpszDefFilename == NULL 599 | Invoke GetCurrentDirectory, MAX_PATH, Addr szDll2DefOutFilename 600 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT("\") 601 | Invoke JustFname, Addr szDll2DefInFilename, Addr szDll2DefFilename 602 | Invoke lstrcat, Addr szDll2DefOutFilename, Addr szDll2DefFilename 603 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT(".def") 604 | Invoke ConsoleStdOut, Addr szOutFile 605 | Invoke ConsoleStdOut, Addr szDll2DefOutFilename 606 | Invoke ConsoleStdOut, Addr szCRLF 607 | ; Output def file 608 | Invoke PE_ExportFunctionNameToDef, hPE, Addr szDll2DefOutFilename, bUseFilename, bRemoveUnderscore ; defaults to creating .\filename.def 609 | .ELSE 610 | Invoke ConsoleStdOut, Addr szOutFile 611 | Invoke ConsoleStdOut, lpszDefFilename 612 | Invoke ConsoleStdOut, Addr szCRLF 613 | ; Output def file 614 | Invoke PE_ExportFunctionNameToDef, hPE, lpszDefFilename, bUseFilename, bRemoveUnderscore ; defaults to creating .\filename.def 615 | .ENDIF 616 | .IF eax == FALSE 617 | Invoke PE_CloseFile, hPE 618 | Invoke Dll2DefConErr, ERROR_CREATING_FILEOUT 619 | xor eax, eax 620 | ret 621 | .ENDIF 622 | 623 | Invoke PE_CloseFile, hPE 624 | 625 | ; tell user that we have processed file 626 | Invoke ConsoleStdOut, Addr szInfo 627 | Invoke ConsoleStdOut, Addr szSuccessExport 628 | Invoke dwtoa, ExportedFunctionCount, Addr szExportedFunctionCount 629 | Invoke ConsoleStdOut, Addr szExportedFunctionCount 630 | Invoke ConsoleStdOut, Addr szSuccessFunctions 631 | Invoke ConsoleStdOut, Addr szCRLF 632 | 633 | mov eax, TRUE 634 | ret 635 | Dll2DefProcess ENDP 636 | 637 | ;------------------------------------------------------------------------------ 638 | ; Create Def file from Dll file - batch processing 639 | ;------------------------------------------------------------------------------ 640 | Dll2DefProcessBatch PROC USES EBX FileSpec:DWORD 641 | LOCAL WFD:WIN32_FIND_DATA 642 | LOCAL hFind:DWORD 643 | LOCAL bContinueFind:DWORD 644 | LOCAL nFileCount:DWORD 645 | LOCAL nFileFailCount:DWORD 646 | 647 | ; get first file 648 | Invoke FindFirstFile, FileSpec, Addr WFD 649 | .IF eax == INVALID_HANDLE_VALUE 650 | Invoke GetLastError 651 | ;PrintDec eax 652 | mov eax, FALSE 653 | ret 654 | .ENDIF 655 | mov hFind, eax 656 | mov bContinueFind, TRUE 657 | 658 | lea ebx, WFD.cFileName 659 | .IF byte ptr [ebx] == '.' && byte ptr [ebx+1] == 0 ;entry == "." 660 | ;"." entry found means NOT ROOT directory and next entry MUST BE ".." 661 | ;so...eat the ".." entry up :) 662 | Invoke FindNextFile, hFind, Addr WFD 663 | ;make the scan point to the first valid file/directory (if any) :) 664 | Invoke FindNextFile, hFind, Addr WFD 665 | mov bContinueFind, eax 666 | .ENDIF 667 | 668 | mov nFileCount, 0 669 | mov nFileFailCount, 0 670 | 671 | ; start loop 672 | .WHILE bContinueFind == TRUE 673 | mov eax, WFD.dwFileAttributes 674 | and eax, FILE_ATTRIBUTE_DIRECTORY 675 | .IF eax != FILE_ATTRIBUTE_DIRECTORY 676 | 677 | Invoke szCopy, Addr WFD.cFileName, Addr szDll2DefInFilename 678 | 679 | .IF _g_OutputFolder == TRUE 680 | Invoke lstrcpy, Addr szDll2DefOutFilename, Addr szDll2DefOutFolder 681 | .ELSE 682 | Invoke GetCurrentDirectory, MAX_PATH, Addr szDll2DefOutFilename 683 | .ENDIF 684 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT("\") 685 | Invoke JustFname, Addr szDll2DefInFilename, Addr szDll2DefFilename 686 | Invoke lstrcat, Addr szDll2DefOutFilename, Addr szDll2DefFilename 687 | Invoke lstrcat, Addr szDll2DefOutFilename, CTEXT(".def") 688 | 689 | Invoke Dll2DefProcess, Addr szDll2DefInFilename, Addr szDll2DefOutFilename, g_OptionUseFilename, g_OptionRemoveUnderscore 690 | .IF eax == TRUE 691 | inc nFileCount 692 | .ELSE 693 | inc nFileFailCount 694 | .ENDIF 695 | .ENDIF 696 | 697 | Invoke FindNextFile, hFind, Addr WFD 698 | mov bContinueFind, eax 699 | .ENDW 700 | Invoke FindClose, hFind 701 | 702 | mov eax, nFileCount 703 | mov ebx, nFileFailCount 704 | .IF eax == 0 && ebx == 0 ; no files processed 705 | Invoke ConsoleStdOut, Addr szDll2DefConBatchNoFiles 706 | .ELSEIF eax == 0 && ebx != 0 ; errors occured 707 | Invoke ConsoleStdOut, Addr szDll2DefConBatchFail 708 | .ELSEIF eax != 0 && ebx != 0 ; partial success and errors 709 | Invoke ConsoleStdOut, Addr szDll2DefConBatchPartial 710 | .ELSEIF eax != 0 && ebx == 0 ; success 711 | Invoke ConsoleStdOut, Addr szDll2DefConBatchSuccess 712 | .ENDIF 713 | 714 | ret 715 | Dll2DefProcessBatch ENDP 716 | 717 | ;************************************************************************** 718 | ; Strip path name to just filename Without extention 719 | ;************************************************************************** 720 | JustFname PROC USES ESI EDI szFilePathName:DWORD, szFileName:DWORD 721 | LOCAL LenFilePathName:DWORD 722 | LOCAL nPosition:DWORD 723 | 724 | Invoke szLen, szFilePathName 725 | mov LenFilePathName, eax 726 | mov nPosition, eax 727 | 728 | .IF LenFilePathName == 0 729 | mov edi, szFileName 730 | mov byte ptr [edi], 0 731 | mov eax, FALSE 732 | ret 733 | .ENDIF 734 | 735 | mov esi, szFilePathName 736 | add esi, eax 737 | 738 | mov eax, nPosition 739 | .WHILE eax != 0 740 | movzx eax, byte ptr [esi] 741 | .IF al == '\' || al == ':' || al == '/' 742 | inc esi 743 | .BREAK 744 | .ENDIF 745 | dec esi 746 | dec nPosition 747 | mov eax, nPosition 748 | .ENDW 749 | mov edi, szFileName 750 | mov eax, nPosition 751 | .WHILE eax != LenFilePathName 752 | movzx eax, byte ptr [esi] 753 | .IF al == '.' ; stop here 754 | .BREAK 755 | .ENDIF 756 | mov byte ptr [edi], al 757 | inc edi 758 | inc esi 759 | inc nPosition 760 | mov eax, nPosition 761 | .ENDW 762 | mov byte ptr [edi], 0h 763 | mov eax, TRUE 764 | ret 765 | JustFname ENDP 766 | 767 | END Main 768 | 769 | 770 | 771 | 772 | 773 | 774 | 775 | -------------------------------------------------------------------------------- /PELite.asm: -------------------------------------------------------------------------------- 1 | ;============================================================================== 2 | ; 3 | ; PE LIBRARY - Special Lite Version For Dll2Def 4 | ; 5 | ;============================================================================== 6 | .686 7 | .MMX 8 | .XMM 9 | .model flat,stdcall 10 | option casemap:none 11 | include \masm32\macros\macros.asm 12 | 13 | ;DEBUG32 EQU 1 14 | ;IFDEF DEBUG32 15 | ; PRESERVEXMMREGS equ 1 16 | ; includelib M:\Masm32\lib\Debug32.lib 17 | ; DBG32LIB equ 1 18 | ; DEBUGEXE textequ <'M:\Masm32\DbgWin.exe'> 19 | ; include M:\Masm32\include\debug32.inc 20 | ;ENDIF 21 | 22 | include windows.inc 23 | 24 | include user32.inc 25 | includelib user32.lib 26 | 27 | include kernel32.inc 28 | includelib kernel32.lib 29 | 30 | include PELite.inc 31 | 32 | ;------------------------------------------------------------------------------ 33 | ; Prototypes for internal use 34 | ;------------------------------------------------------------------------------ 35 | PESignature PROTO :DWORD 36 | PEJustFname PROTO :DWORD, :DWORD 37 | 38 | PEDwordToAscii PROTO :DWORD, :DWORD 39 | PE_SetError PROTO :DWORD, :DWORD 40 | 41 | PUBLIC PELIB_ErrorNo 42 | 43 | 44 | 45 | .CONST 46 | 47 | 48 | 49 | .DATA 50 | PELIB_ErrorNo DD PE_ERROR_NO_HANDLE ; Global to store error no 51 | DEFLIBRARY DB 'LIBRARY ',0 52 | dwLenDEFLIBRARY DD ($-DEFLIBRARY)-1 53 | DEFEXPORTS DB 'EXPORTS',13,10,0 54 | dwLenDEFEXPORTS DD ($-DEFEXPORTS)-1 55 | DEFINDENT DB ' ',0 56 | dwLenDEFINDENT DD ($-DEFINDENT)-1 57 | DEFCRLF DB 13,10,0 58 | dwLenDEFCRLF DD ($-DEFCRLF)-1 59 | 60 | .CODE 61 | PE_ALIGN 62 | ;------------------------------------------------------------------------------ 63 | ; PE_OpenFile - Opens a PE file (exe/dll/ocx/cpl etc) 64 | ; Returns: TRUE or FALSE. If TRUE a PE handle (hPE) is stored in the variable 65 | ; pointed to by lpdwPEHandle. If FALSE, use PE_GetError to get further info. 66 | ; 67 | ; Note: Calls PE_Analyze to process the PE file. Use PE_CloseFile when finished 68 | ;------------------------------------------------------------------------------ 69 | PE_OpenFile PROC USES EBX lpszPEFilename:DWORD, bReadOnly:DWORD, lpdwPEHandle:DWORD 70 | LOCAL hPE:DWORD 71 | LOCAL hPEFile:DWORD 72 | LOCAL PEMemMapHandle:DWORD 73 | LOCAL PEMemMapPtr:DWORD 74 | LOCAL PEFilesize:DWORD 75 | LOCAL PEVersion:DWORD 76 | 77 | IFDEF DEBUG32 78 | PrintText 'PE_OpenFile' 79 | ENDIF 80 | 81 | .IF lpdwPEHandle == NULL 82 | Invoke PE_SetError, NULL, PE_ERROR_NO_HANDLE 83 | xor eax, eax 84 | ret 85 | .ENDIF 86 | 87 | .IF lpszPEFilename == NULL 88 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_FILE 89 | mov ebx, lpdwPEHandle 90 | mov eax, 0 91 | mov [ebx], eax 92 | xor eax, eax 93 | ret 94 | .ENDIF 95 | 96 | ;-------------------------------------------------------------------------- 97 | ; Open file for read only or read/write access 98 | ;-------------------------------------------------------------------------- 99 | .IF bReadOnly == TRUE 100 | Invoke CreateFile, lpszPEFilename, GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL 101 | .ELSE 102 | Invoke CreateFile, lpszPEFilename, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL 103 | .ENDIF 104 | .IF eax == INVALID_HANDLE_VALUE 105 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_FILE 106 | mov ebx, lpdwPEHandle 107 | mov eax, 0 108 | mov [ebx], eax 109 | xor eax, eax 110 | ret 111 | .ENDIF 112 | mov hPEFile, eax ; store file handle 113 | 114 | ;-------------------------------------------------------------------------- 115 | ; Get file size and verify its not too low or too high in size 116 | ;-------------------------------------------------------------------------- 117 | Invoke GetFileSize, hPEFile, NULL 118 | .IF eax < 268d ; https://www.bigmessowires.com/2015/10/08/a-handmade-executable-file/ 119 | ; http://archive.is/w01DO#selection-265.0-265.44 120 | Invoke CloseHandle, hPEFile 121 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_SIZE_LOW 122 | mov ebx, lpdwPEHandle 123 | mov eax, 0 124 | mov [ebx], eax 125 | xor eax, eax 126 | ret 127 | .ELSEIF eax > 1FFFFFFFh ; 536,870,911 536MB+ - rare to be this size or larger 128 | Invoke CloseHandle, hPEFile 129 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_SIZE_HIGH 130 | mov ebx, lpdwPEHandle 131 | mov eax, 0 132 | mov [ebx], eax 133 | xor eax, eax 134 | ret 135 | .ENDIF 136 | mov PEFilesize, eax ; file size 137 | 138 | ;-------------------------------------------------------------------------- 139 | ; Create file mapping of entire file 140 | ;-------------------------------------------------------------------------- 141 | .IF bReadOnly == TRUE 142 | Invoke CreateFileMapping, hPEFile, NULL, PAGE_READONLY, 0, 0, NULL ; Create memory mapped file 143 | .ELSE 144 | Invoke CreateFileMapping, hPEFile, NULL, PAGE_READWRITE, 0, 0, NULL ; Create memory mapped file 145 | .ENDIF 146 | .IF eax == NULL 147 | Invoke CloseHandle, hPEFile 148 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_MAP 149 | mov ebx, lpdwPEHandle 150 | mov eax, 0 151 | mov [ebx], eax 152 | xor eax, eax 153 | ret 154 | .ENDIF 155 | mov PEMemMapHandle, eax ; store mapping handle 156 | 157 | ;-------------------------------------------------------------------------- 158 | ; Create view of file 159 | ;-------------------------------------------------------------------------- 160 | .IF bReadOnly == TRUE 161 | Invoke MapViewOfFileEx, PEMemMapHandle, FILE_MAP_READ, 0, 0, 0, NULL 162 | .ELSE 163 | Invoke MapViewOfFileEx, PEMemMapHandle, FILE_MAP_ALL_ACCESS, 0, 0, 0, NULL 164 | .ENDIF 165 | .IF eax == NULL 166 | Invoke CloseHandle, PEMemMapHandle 167 | Invoke CloseHandle, hPEFile 168 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_VIEW 169 | mov ebx, lpdwPEHandle 170 | mov eax, 0 171 | mov [ebx], eax 172 | xor eax, eax 173 | ret 174 | .ENDIF 175 | mov PEMemMapPtr, eax ; store map view pointer 176 | 177 | ;-------------------------------------------------------------------------- 178 | ; Check PE file signature - to make sure MZ and PE sigs are located 179 | ;-------------------------------------------------------------------------- 180 | Invoke PESignature, PEMemMapPtr 181 | .IF eax == PE_INVALID 182 | ;---------------------------------------------------------------------- 183 | ; Invalid PE file, so close all handles and return error 184 | ;---------------------------------------------------------------------- 185 | Invoke UnmapViewOfFile, PEMemMapPtr 186 | Invoke CloseHandle, PEMemMapHandle 187 | Invoke CloseHandle, hPEFile 188 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_INVALID 189 | mov ebx, lpdwPEHandle 190 | mov eax, 0 191 | mov [ebx], eax 192 | xor eax, eax 193 | ret 194 | .ELSE ; eax == PE_ARCH_32 || eax == PE_ARCH_64 195 | ;---------------------------------------------------------------------- 196 | ; PE file is valid. So we process PE file and get pointers and other 197 | ; information and store in a 'handle' (hPE) that we return. 198 | ; Handle is a pointer to a PEINFO struct that stores PE file info. 199 | ;---------------------------------------------------------------------- 200 | Invoke PE_Analyze, PEMemMapPtr, lpdwPEHandle 201 | .IF eax == FALSE 202 | ;------------------------------------------------------------------ 203 | ; Error processing PE file, so close all handles and return error 204 | ;------------------------------------------------------------------ 205 | Invoke UnmapViewOfFile, PEMemMapPtr 206 | Invoke CloseHandle, PEMemMapHandle 207 | Invoke CloseHandle, hPEFile 208 | xor eax, eax 209 | ret 210 | .ENDIF 211 | .ENDIF 212 | 213 | ;-------------------------------------------------------------------------- 214 | ; Success in processing PE file. Store additional information like file and 215 | ; map handles and filesize in our PEINFO struct (hPE) if we reach here. 216 | ;-------------------------------------------------------------------------- 217 | .IF lpdwPEHandle == NULL 218 | Invoke UnmapViewOfFile, PEMemMapPtr 219 | Invoke CloseHandle, PEMemMapHandle 220 | Invoke CloseHandle, hPEFile 221 | Invoke PE_SetError, NULL, PE_ERROR_OPEN_INVALID 222 | mov ebx, lpdwPEHandle 223 | mov eax, 0 224 | mov [ebx], eax 225 | xor eax, eax 226 | ret 227 | .ENDIF 228 | 229 | mov ebx, lpdwPEHandle 230 | mov eax, [ebx] 231 | mov hPE, eax 232 | mov ebx, hPE 233 | mov eax, lpdwPEHandle 234 | mov [ebx].PEINFO.PEHandle, eax 235 | mov eax, bReadOnly 236 | mov [ebx].PEINFO.PEOpenMode, eax 237 | mov eax, PEMemMapHandle 238 | mov [ebx].PEINFO.PEMemMapHandle, eax 239 | mov eax, hPEFile 240 | mov [ebx].PEINFO.PEFileHandle, eax 241 | mov eax, PEFilesize 242 | mov [ebx].PEINFO.PEFilesize, eax 243 | .IF lpszPEFilename != NULL 244 | lea eax, [ebx].PEINFO.PEFilename 245 | Invoke lstrcpyn, eax, lpszPEFilename, MAX_PATH 246 | .ENDIF 247 | Invoke PE_SetError, NULL, PE_ERROR_SUCCESS 248 | 249 | mov ebx, lpdwPEHandle 250 | mov eax, hPE 251 | mov [ebx], eax 252 | 253 | ;mov eax, hPE ; Return handle for our user to store and use in other functions 254 | mov eax, TRUE 255 | ret 256 | PE_OpenFile ENDP 257 | 258 | PE_ALIGN 259 | ;------------------------------------------------------------------------------ 260 | ; PE_CloseFile - Close PE File 261 | ; Returns: None 262 | ;------------------------------------------------------------------------------ 263 | PE_CloseFile PROC USES EBX hPE:DWORD 264 | 265 | IFDEF DEBUG32 266 | PrintText 'PE_CloseFile' 267 | ENDIF 268 | 269 | .IF hPE == NULL 270 | xor eax, eax 271 | ret 272 | .ENDIF 273 | 274 | mov ebx, hPE 275 | mov ebx, [ebx].PEINFO.PEHandle 276 | .IF ebx != 0 277 | mov eax, 0 ; null out hPE handle if it exists 278 | mov [ebx], eax 279 | .ENDIF 280 | 281 | mov ebx, hPE 282 | mov eax, [ebx].PEINFO.PEMemMapPtr 283 | .IF eax != NULL 284 | Invoke UnmapViewOfFile, eax 285 | .ENDIF 286 | 287 | mov ebx, hPE 288 | mov eax, [ebx].PEINFO.PEMemMapHandle 289 | .IF eax != NULL 290 | Invoke CloseHandle, eax 291 | .ENDIF 292 | 293 | mov ebx, hPE 294 | mov eax, [ebx].PEINFO.PEFileHandle 295 | .IF eax != NULL 296 | Invoke CloseHandle, eax 297 | .ENDIF 298 | 299 | mov eax, hPE 300 | .IF eax != NULL 301 | Invoke GlobalFree, eax 302 | .ENDIF 303 | 304 | Invoke PE_SetError, NULL, PE_ERROR_SUCCESS 305 | 306 | xor eax, eax 307 | ret 308 | PE_CloseFile ENDP 309 | 310 | PE_ALIGN 311 | ;------------------------------------------------------------------------------ 312 | ; PE_Analyze - Process memory mapped PE file 313 | ; Returns: TRUE or FALSE. If TRUE a PE handle (hPE) is stored in the variable 314 | ; pointed to by lpdwPEHandle. If FALSE, use PE_GetError to get further info. 315 | ; 316 | ; Can be used directly on memory region where PE is already loaded/mapped 317 | ; 318 | ; PE_Analyze is also called by PE_OpenFile. 319 | ; Note: Use PE_Finish when finished with PE file if using PE_Analyze directly. 320 | ;------------------------------------------------------------------------------ 321 | PE_Analyze PROC USES EBX EDX pPEInMemory:DWORD, lpdwPEHandle:DWORD 322 | LOCAL hPE:DWORD 323 | LOCAL PEMemMapPtr:DWORD 324 | LOCAL pFileHeader:DWORD 325 | LOCAL pOptionalHeader:DWORD 326 | LOCAL pDataDirectories:DWORD 327 | LOCAL pSectionTable:DWORD 328 | LOCAL pImportDirectoryTable:DWORD 329 | LOCAL pCurrentSection:DWORD 330 | LOCAL dwNumberOfSections:DWORD 331 | LOCAL dwSizeOfOptionalHeader:DWORD 332 | LOCAL dwNumberOfRvaAndSizes:DWORD 333 | LOCAL dwCurrentSection:DWORD 334 | LOCAL bPE64:DWORD 335 | LOCAL dwRVA:DWORD 336 | LOCAL dwOffset:DWORD 337 | 338 | IFDEF DEBUG32 339 | PrintText 'PE_Analyze' 340 | ENDIF 341 | 342 | .IF lpdwPEHandle == NULL 343 | Invoke PE_SetError, NULL, PE_ERROR_NO_HANDLE 344 | xor eax, eax 345 | ret 346 | .ENDIF 347 | 348 | .IF pPEInMemory == NULL 349 | Invoke PE_SetError, NULL, PE_ERROR_ANALYZE_NULL 350 | mov ebx, lpdwPEHandle 351 | mov eax, 0 352 | mov [ebx], eax 353 | xor eax, eax 354 | ret 355 | .ENDIF 356 | 357 | mov eax, pPEInMemory 358 | mov PEMemMapPtr, eax 359 | 360 | ;-------------------------------------------------------------------------- 361 | ; Alloc mem for our PE Handle (PEINFO) 362 | ;-------------------------------------------------------------------------- 363 | Invoke GlobalAlloc, GMEM_FIXED or GMEM_ZEROINIT, SIZEOF PEINFO 364 | .IF eax == NULL 365 | Invoke PE_SetError, NULL, PE_ERROR_ANALYZE_ALLOC 366 | mov ebx, lpdwPEHandle 367 | mov eax, 0 368 | mov [ebx], eax 369 | xor eax, eax 370 | ret 371 | .ENDIF 372 | mov hPE, eax 373 | 374 | mov edx, hPE 375 | mov eax, PEMemMapPtr 376 | mov [edx].PEINFO.PEMemMapPtr, eax 377 | mov [edx].PEINFO.PEDOSHeader, eax 378 | 379 | ; Process PE in memory 380 | mov eax, PEMemMapPtr 381 | mov ebx, eax ; ebx points to IMAGE_DOS_HEADER in memory 382 | .IF [ebx].IMAGE_DOS_HEADER.e_lfanew == 0 383 | Invoke PE_SetError, hPE, PE_ERROR_ANALYZE_INVALID 384 | .IF hPE != NULL 385 | Invoke GlobalFree, hPE 386 | .ENDIF 387 | mov ebx, lpdwPEHandle 388 | mov eax, 0 389 | mov [ebx], eax 390 | xor eax, eax 391 | ret 392 | .ENDIF 393 | 394 | ;-------------------------------------------------------------------------- 395 | ; Get headers: NT, File, Optional & other useful fields 396 | ;-------------------------------------------------------------------------- 397 | ; ebx points to IMAGE_DOS_HEADER in memory 398 | add eax, [ebx].IMAGE_DOS_HEADER.e_lfanew 399 | mov [edx].PEINFO.PENTHeader, eax 400 | mov ebx, eax ; ebx points to IMAGE_NT_HEADERS 401 | lea eax, [ebx].IMAGE_NT_HEADERS.FileHeader 402 | mov [edx].PEINFO.PEFileHeader, eax 403 | mov pFileHeader, eax 404 | lea eax, [ebx].IMAGE_NT_HEADERS.OptionalHeader 405 | mov [edx].PEINFO.PEOptionalHeader, eax 406 | mov pOptionalHeader, eax 407 | mov ebx, pFileHeader ; ebx points to IMAGE_FILE_HEADER 408 | movzx eax, word ptr [ebx].IMAGE_FILE_HEADER.NumberOfSections 409 | mov [edx].PEINFO.PESectionCount, eax 410 | mov dwNumberOfSections, eax 411 | movzx eax, word ptr [ebx].IMAGE_FILE_HEADER.SizeOfOptionalHeader 412 | mov [edx].PEINFO.PEOptionalHeaderSize, eax 413 | mov dwSizeOfOptionalHeader, eax 414 | movzx eax, word ptr [ebx].IMAGE_FILE_HEADER.Characteristics 415 | and eax, IMAGE_FILE_DLL 416 | .IF eax == IMAGE_FILE_DLL 417 | mov [edx].PEINFO.PEDLL, TRUE 418 | .ELSE 419 | mov [edx].PEINFO.PEDLL, FALSE 420 | .ENDIF 421 | 422 | .IF dwSizeOfOptionalHeader == 0 423 | mov pOptionalHeader, 0 424 | mov pDataDirectories, 0 425 | mov dwNumberOfRvaAndSizes, 0 426 | mov bPE64, FALSE 427 | .ELSE 428 | ;---------------------------------------------------------------------- 429 | ; Get PE32/PE32+ magic number 430 | ;---------------------------------------------------------------------- 431 | mov ebx, pOptionalHeader; ebx points to IMAGE_OPTIONAL_HEADER 432 | movzx eax, word ptr [ebx] 433 | .IF eax == IMAGE_NT_OPTIONAL_HDR32_MAGIC ; PE32 434 | mov ebx, hPE 435 | mov [edx].PEINFO.PE64, FALSE 436 | mov bPE64, FALSE 437 | .ELSEIF eax == IMAGE_NT_OPTIONAL_HDR64_MAGIC ; PE32+ (PE64) 438 | mov ebx, hPE 439 | mov [edx].PEINFO.PE64, TRUE 440 | mov bPE64, TRUE 441 | .ELSE ; ROM or something else 442 | Invoke PE_SetError, hPE, PE_ERROR_ANALYZE_INVALID 443 | .IF hPE != NULL 444 | Invoke GlobalFree, hPE 445 | .ENDIF 446 | mov ebx, lpdwPEHandle 447 | mov eax, 0 448 | mov [ebx], eax 449 | xor eax, eax 450 | ret 451 | .ENDIF 452 | 453 | mov eax, dwSizeOfOptionalHeader 454 | .IF eax == 28 || eax == 24 455 | ;------------------------------------------------------------------ 456 | ; Standard fields in IMAGE_OPTIONAL_HEADER 457 | ;------------------------------------------------------------------ 458 | mov pDataDirectories, 0 459 | mov dwNumberOfRvaAndSizes, 0 460 | .ELSEIF eax == 68 || eax == 88 ; Windows specific fields in IMAGE_OPTIONAL_HEADER 461 | ;------------------------------------------------------------------ 462 | ; Windows specific fields in IMAGE_OPTIONAL_HEADER 463 | ; Get ImageBase, Subsystem, DllCharacteristics 464 | ;------------------------------------------------------------------ 465 | mov pDataDirectories, 0 466 | mov dwNumberOfRvaAndSizes, 0 467 | mov ebx, pOptionalHeader ; ebx points to IMAGE_OPTIONAL_HEADER 468 | .IF bPE64 == TRUE ; ebx points to IMAGE_OPTIONAL_HEADER64 469 | mov eax, dword ptr [ebx].IMAGE_OPTIONAL_HEADER64.ImageBase 470 | mov dword ptr [edx].PEINFO.PE64ImageBase, eax 471 | mov eax, dword ptr [ebx+4].IMAGE_OPTIONAL_HEADER64.ImageBase 472 | mov dword ptr [edx+4].PEINFO.PE64ImageBase, eax 473 | mov [edx].PEINFO.PEImageBase, 0 474 | .ELSE ; ebx points to IMAGE_OPTIONAL_HEADER32 475 | mov eax, [ebx].IMAGE_OPTIONAL_HEADER32.ImageBase 476 | mov [edx].PEINFO.PEImageBase, eax 477 | .ENDIF 478 | .ELSE 479 | ;------------------------------------------------------------------ 480 | ; Data Directories in IMAGE_OPTIONAL_HEADER 481 | ;------------------------------------------------------------------ 482 | mov ebx, pOptionalHeader ; ebx points to IMAGE_OPTIONAL_HEADER 483 | .IF bPE64 == TRUE ; ebx points to IMAGE_OPTIONAL_HEADER64 484 | mov eax, dword ptr [ebx].IMAGE_OPTIONAL_HEADER64.ImageBase 485 | mov dword ptr [edx].PEINFO.PE64ImageBase, eax 486 | mov eax, dword ptr [ebx+4].IMAGE_OPTIONAL_HEADER64.ImageBase 487 | mov dword ptr [edx+4].PEINFO.PE64ImageBase, eax 488 | mov [edx].PEINFO.PEImageBase, 0 489 | mov eax, [ebx].IMAGE_OPTIONAL_HEADER64.NumberOfRvaAndSizes 490 | mov [edx].PEINFO.PENumberOfRvaAndSizes, eax 491 | mov dwNumberOfRvaAndSizes, eax 492 | mov ebx, pOptionalHeader 493 | add ebx, SIZEOF_STANDARD_FIELDS_PE64 494 | add ebx, SIZEOF_WINDOWS_FIELDS_PE64 495 | mov pDataDirectories, ebx 496 | .ELSE ; ebx points to IMAGE_OPTIONAL_HEADER32 497 | mov eax, [ebx].IMAGE_OPTIONAL_HEADER32.ImageBase 498 | mov [edx].PEINFO.PEImageBase, eax 499 | mov eax, [ebx].IMAGE_OPTIONAL_HEADER32.NumberOfRvaAndSizes 500 | mov [edx].PEINFO.PENumberOfRvaAndSizes, eax 501 | mov dwNumberOfRvaAndSizes, eax 502 | mov ebx, pOptionalHeader 503 | add ebx, SIZEOF_STANDARD_FIELDS_PE32 504 | add ebx, SIZEOF_WINDOWS_FIELDS_PE32 505 | mov pDataDirectories, ebx 506 | .ENDIF 507 | .ENDIF 508 | .ENDIF 509 | 510 | ;-------------------------------------------------------------------------- 511 | ; Get pointer to SectionTable 512 | ;-------------------------------------------------------------------------- 513 | mov eax, pFileHeader 514 | add eax, SIZEOF IMAGE_FILE_HEADER 515 | add eax, dwSizeOfOptionalHeader 516 | mov [edx].PEINFO.PESectionTable, eax 517 | mov pSectionTable, eax 518 | mov pCurrentSection, eax 519 | 520 | mov dwCurrentSection, 0 521 | mov eax, 0 522 | .WHILE eax < dwNumberOfSections 523 | mov ebx, pCurrentSection 524 | ; do stuff with sections 525 | ; PointerToRawData to get section data 526 | add pCurrentSection, SIZEOF IMAGE_SECTION_HEADER 527 | inc dwCurrentSection 528 | mov eax, dwCurrentSection 529 | .ENDW 530 | 531 | ;-------------------------------------------------------------------------- 532 | ; Get Data Directories 533 | ;-------------------------------------------------------------------------- 534 | IFDEF DEBUG32 535 | mov eax, dwNumberOfRvaAndSizes 536 | mov ebx, SIZEOF IMAGE_DATA_DIRECTORY 537 | mul ebx 538 | DbgDump pDataDirectories, eax 539 | ENDIF 540 | 541 | mov pImportDirectoryTable, 0 542 | 543 | .IF pDataDirectories != 0 544 | mov edx, hPE 545 | .IF dwNumberOfRvaAndSizes > 0 ; Export Table 546 | mov ebx, pDataDirectories 547 | mov eax, [ebx].IMAGE_DATA_DIRECTORY.VirtualAddress 548 | .IF eax != 0 549 | Invoke PE_RVAToOffset, hPE, eax 550 | add eax, PEMemMapPtr 551 | mov [edx].PEINFO.PEExportDirectoryTable, eax 552 | .ENDIF 553 | .ENDIF 554 | .ENDIF 555 | 556 | IFDEF DEBUG32 557 | mov eax, dwNumberOfSections 558 | mov ebx, SIZEOF IMAGE_SECTION_HEADER 559 | mul ebx 560 | DbgDump pSectionTable, eax 561 | ENDIF 562 | 563 | ;-------------------------------------------------------------------------- 564 | ; Update PEINFO handle information 565 | ;-------------------------------------------------------------------------- 566 | mov edx, hPE 567 | mov eax, lpdwPEHandle 568 | mov [edx].PEINFO.PEHandle, eax 569 | 570 | mov ebx, lpdwPEHandle 571 | mov eax, hPE 572 | mov [ebx], eax 573 | 574 | mov eax, TRUE 575 | ret 576 | PE_Analyze ENDP 577 | 578 | 579 | 580 | ;############################################################################## 581 | ; E X P O R T S E C T I O N F U N C T I O N S 582 | ;############################################################################## 583 | 584 | PE_ALIGN 585 | ;------------------------------------------------------------------------------ 586 | ; PE_ExportDirectoryTable - Get pointer to ExportDirectoryTable 587 | ; Returns: pointer to ExportDirectoryTable or NULL 588 | ;------------------------------------------------------------------------------ 589 | PE_ExportDirectoryTable PROC USES EBX hPE:DWORD 590 | .IF hPE == NULL 591 | xor eax, eax 592 | ret 593 | .ENDIF 594 | mov ebx, hPE 595 | mov eax, [ebx].PEINFO.PEExportDirectoryTable 596 | ret 597 | PE_ExportDirectoryTable ENDP 598 | 599 | PE_ALIGN 600 | ;------------------------------------------------------------------------------ 601 | ; PE_ExportNamePointerTable 602 | ;------------------------------------------------------------------------------ 603 | PE_ExportNamePointerTable PROC USES EBX hPE:DWORD 604 | LOCAL PEMemMapPtr:DWORD 605 | LOCAL pExportDirectoryTable:DWORD 606 | 607 | .IF hPE == NULL 608 | xor eax, eax 609 | ret 610 | .ENDIF 611 | mov ebx, hPE 612 | mov eax, [ebx].PEINFO.PEMemMapPtr 613 | mov PEMemMapPtr, eax 614 | 615 | Invoke PE_ExportDirectoryTable, hPE 616 | .IF eax == 0 617 | ret 618 | .ENDIF 619 | mov ebx, eax ; ebx is pExportDirectoryTable 620 | 621 | mov eax, [ebx].IMAGE_EXPORT_DIRECTORY.AddressOfNames 622 | Invoke PE_RVAToOffset, hPE, eax 623 | add eax, PEMemMapPtr 624 | ; eax has pointer to Export Name Pointer Table RVA 625 | ret 626 | PE_ExportNamePointerTable ENDP 627 | 628 | PE_ALIGN 629 | ;------------------------------------------------------------------------------ 630 | ; PE_ExportNameCount - Get count of names in the ExportDirectoryTable 631 | ; Returns: count of names or 0 632 | ;------------------------------------------------------------------------------ 633 | PE_ExportNameCount PROC USES EBX hPE:DWORD 634 | .IF hPE == NULL 635 | xor eax, eax 636 | ret 637 | .ENDIF 638 | 639 | Invoke PE_ExportDirectoryTable, hPE 640 | .IF eax == 0 641 | ret 642 | .ENDIF 643 | mov ebx, eax 644 | mov eax, [ebx].IMAGE_EXPORT_DIRECTORY.NumberOfNames 645 | ret 646 | PE_ExportNameCount ENDP 647 | 648 | PE_ALIGN 649 | ;------------------------------------------------------------------------------ 650 | ; PE_ExportDLLName - Get DLL name for exports 651 | ; Returns: address of zero terminated DLL name string, or NULL 652 | ;------------------------------------------------------------------------------ 653 | PE_ExportDLLName PROC USES EBX hPE:DWORD 654 | LOCAL PEMemMapPtr:DWORD 655 | 656 | .IF hPE == NULL 657 | xor eax, eax 658 | ret 659 | .ENDIF 660 | mov ebx, hPE 661 | mov eax, [ebx].PEINFO.PEMemMapPtr 662 | mov PEMemMapPtr, eax 663 | 664 | Invoke PE_ExportDirectoryTable, hPE 665 | .IF eax == 0 666 | ret 667 | .ENDIF 668 | mov ebx, eax ; ebx is pExportDirectoryTable 669 | 670 | mov eax, [ebx].IMAGE_EXPORT_DIRECTORY.nName 671 | Invoke PE_RVAToOffset, hPE, eax 672 | add eax, PEMemMapPtr 673 | ; eax has pointer to DLL name 674 | ret 675 | PE_ExportDLLName ENDP 676 | 677 | PE_ALIGN 678 | ;------------------------------------------------------------------------------ 679 | ; PE_ExportFunctionNames - Get function names exported in the DLL 680 | ; Returns: count of functions in lpdwFunctionsList array or 0. 681 | ; On succesful return lpdwFunctionsList points to a DWORD array containing 682 | ; pointers to the function names. Use GlobalFree on this array once finished. 683 | ;------------------------------------------------------------------------------ 684 | PE_ExportFunctionNames PROC USES EBX hPE:DWORD, lpdwFunctionsList:DWORD 685 | LOCAL PEMemMapPtr:DWORD 686 | LOCAL dwExportCount:DWORD 687 | LOCAL pExportNamePointerTable:DWORD 688 | LOCAL pExportNamePointerTableEntry:DWORD 689 | LOCAL dwHintNameTableRVA:DWORD 690 | LOCAL pNameList:DWORD 691 | LOCAL pNameListNextFunction:DWORD 692 | LOCAL dwNameListSize:DWORD 693 | LOCAL nExport:DWORD 694 | 695 | .IF hPE == NULL 696 | xor eax, eax 697 | ret 698 | .ENDIF 699 | 700 | .IF lpdwFunctionsList == 0 701 | xor eax, eax 702 | ret 703 | .ENDIF 704 | 705 | mov ebx, hPE 706 | mov eax, [ebx].PEINFO.PEMemMapPtr 707 | mov PEMemMapPtr, eax 708 | 709 | Invoke PE_ExportNameCount, hPE 710 | .IF eax == NULL 711 | ret 712 | .ENDIF 713 | mov dwExportCount, eax 714 | 715 | Invoke PE_ExportNamePointerTable, hPE 716 | .IF eax == NULL 717 | ret 718 | .ENDIF 719 | mov pExportNamePointerTable, eax 720 | mov pExportNamePointerTableEntry, eax 721 | 722 | ; calc max name list string size 723 | mov eax, dwExportCount 724 | inc eax 725 | mov ebx, SIZEOF DWORD 726 | mul ebx 727 | mov dwNameListSize, eax 728 | 729 | Invoke GlobalAlloc, GMEM_FIXED or GMEM_ZEROINIT, dwNameListSize 730 | .IF eax == NULL 731 | ret 732 | .ENDIF 733 | mov pNameList, eax 734 | mov pNameListNextFunction, eax 735 | 736 | mov ebx, pExportNamePointerTableEntry 737 | mov nExport, 0 738 | mov eax, 0 739 | .WHILE eax < dwExportCount 740 | mov eax, [ebx] ; get rva pointer to function string 741 | Invoke PE_RVAToOffset, hPE, eax 742 | .IF eax == 0 743 | ret 744 | .ENDIF 745 | add eax, PEMemMapPtr ; eax is pointer to function string 746 | mov ebx, pNameListNextFunction 747 | mov [ebx], eax ; store pointer to function string in our array 748 | 749 | add pNameListNextFunction, SIZEOF DWORD 750 | add pExportNamePointerTableEntry, SIZEOF DWORD ; pointers are always 32bits 751 | 752 | mov ebx, pExportNamePointerTableEntry 753 | inc nExport 754 | mov eax, nExport 755 | .ENDW 756 | 757 | mov ebx, lpdwFunctionsList 758 | mov eax, pNameList 759 | mov [ebx], eax 760 | 761 | mov eax, dwExportCount 762 | ret 763 | PE_ExportFunctionNames ENDP 764 | 765 | PE_ALIGN 766 | ;------------------------------------------------------------------------------ 767 | ; PE_ExportFunctionNameToDef - Creates a .DEF file from export functions 768 | ;------------------------------------------------------------------------------ 769 | PE_ExportFunctionNameToDef PROC USES EBX hPE:DWORD, lpszDefFilename:DWORD, bUseFilename:DWORD, bRemoveUnderscore:DWORD 770 | LOCAL pExportFunctionNamesList:DWORD 771 | LOCAL pExportName:DWORD 772 | LOCAL nExportName:DWORD 773 | LOCAL dwExportNameCount:DWORD 774 | LOCAL lpszExportName:DWORD 775 | LOCAL lpszExportDllName:DWORD 776 | LOCAL hDefFile:DWORD 777 | LOCAL dwNumberOfBytesToWrite:DWORD 778 | LOCAL dwNumberOfBytesWritten:DWORD 779 | LOCAL szDefFilename[MAX_PATH]:BYTE 780 | 781 | .IF hPE == NULL 782 | xor eax, eax 783 | ret 784 | .ENDIF 785 | 786 | .IF lpszDefFilename == NULL 787 | ; create def file based on export name (usually a .dll) 788 | lea ebx, szDefFilename 789 | mov byte ptr [ebx], '.' 790 | mov byte ptr [ebx+1], '\' 791 | .IF bUseFilename == TRUE 792 | Invoke PE_FileNameOnly, hPE, Addr szDefFilename+2 793 | Invoke lstrcat, Addr szDefFilename, CTEXT(".def") 794 | .ELSE 795 | Invoke PE_ExportDLLName, hPE 796 | Invoke lstrcpyn, Addr szDefFilename+2, eax, MAX_PATH 797 | Invoke lstrlen, Addr szDefFilename 798 | lea ebx, szDefFilename 799 | add ebx, eax 800 | sub ebx, 4 801 | mov eax, [ebx] 802 | .IF eax == 'LLD.' || eax == 'lld.' || eax == 'EXE.' || eax == 'exe.' 803 | mov byte ptr [ebx+1], 'd' 804 | mov byte ptr [ebx+2], 'e' 805 | mov byte ptr [ebx+3], 'f' 806 | mov byte ptr [ebx+4], 0 807 | .ELSE 808 | xor eax, eax 809 | ret 810 | .ENDIF 811 | .ENDIF 812 | .ENDIF 813 | 814 | Invoke PE_ExportNameCount, hPE 815 | .IF eax == 0 816 | ret 817 | .ENDIF 818 | mov dwExportNameCount, eax 819 | 820 | Invoke PE_ExportFunctionNames, hPE, Addr pExportFunctionNamesList 821 | .IF eax == 0 822 | ret 823 | .ENDIF 824 | 825 | mov eax, pExportFunctionNamesList 826 | mov pExportName, eax 827 | 828 | ; Create DEF file 829 | .IF lpszDefFilename == NULL 830 | Invoke CreateFile, Addr szDefFilename, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL 831 | .ELSE 832 | Invoke CreateFile, lpszDefFilename, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL 833 | .ENDIF 834 | .IF eax == INVALID_HANDLE_VALUE 835 | xor eax, eax 836 | ret 837 | .ENDIF 838 | mov hDefFile, eax 839 | 840 | ; Write out LIBRARY and EXPORTS to DEF file 841 | Invoke WriteFile, hDefFile, Addr DEFLIBRARY, dwLenDEFLIBRARY, Addr dwNumberOfBytesWritten, NULL 842 | 843 | .IF bUseFilename == TRUE 844 | Invoke PE_FileNameOnly, hPE, Addr szDefFilename ; reuse szDefFilename buffer 845 | Invoke lstrlen, Addr szDefFilename 846 | mov dwNumberOfBytesToWrite, eax 847 | Invoke WriteFile, hDefFile, Addr szDefFilename, dwNumberOfBytesToWrite, Addr dwNumberOfBytesWritten, NULL 848 | .ELSE 849 | Invoke PE_ExportDLLName, hPE 850 | mov lpszExportDllName, eax 851 | Invoke lstrlen, lpszExportDllName 852 | mov dwNumberOfBytesToWrite, eax 853 | Invoke WriteFile, hDefFile, lpszExportDllName, dwNumberOfBytesToWrite, Addr dwNumberOfBytesWritten, NULL 854 | .ENDIF 855 | Invoke WriteFile, hDefFile, Addr DEFCRLF, dwLenDEFCRLF, Addr dwNumberOfBytesWritten, NULL 856 | Invoke WriteFile, hDefFile, Addr DEFEXPORTS, dwLenDEFEXPORTS, Addr dwNumberOfBytesWritten, NULL 857 | 858 | mov nExportName, 0 859 | mov eax, 0 860 | .WHILE eax < dwExportNameCount 861 | mov ebx, pExportName 862 | mov eax, [ebx] 863 | mov lpszExportName, eax 864 | 865 | .IF bRemoveUnderscore == TRUE 866 | mov ebx, lpszExportName 867 | movzx eax, byte ptr [ebx] 868 | .IF al == '_' 869 | inc lpszExportName 870 | .ENDIF 871 | .ENDIF 872 | 873 | ; Write out function name to DEF file 874 | Invoke WriteFile, hDefFile, Addr DEFINDENT, dwLenDEFINDENT, Addr dwNumberOfBytesWritten, NULL 875 | Invoke lstrlen, lpszExportName 876 | mov dwNumberOfBytesToWrite, eax 877 | Invoke WriteFile, hDefFile, lpszExportName, dwNumberOfBytesToWrite, Addr dwNumberOfBytesWritten, NULL 878 | Invoke WriteFile, hDefFile, Addr DEFCRLF, dwLenDEFCRLF, Addr dwNumberOfBytesWritten, NULL 879 | 880 | add pExportName, SIZEOF DWORD 881 | inc nExportName 882 | mov eax, nExportName 883 | .ENDW 884 | 885 | ; Close DEF File 886 | Invoke CloseHandle, hDefFile 887 | 888 | mov eax, TRUE 889 | ret 890 | PE_ExportFunctionNameToDef ENDP 891 | 892 | 893 | 894 | ;############################################################################## 895 | ; I N F O F U N C T I O N S 896 | ;############################################################################## 897 | 898 | PE_ALIGN 899 | ;------------------------------------------------------------------------------ 900 | ; PE_DLL - returns TRUE if DLL or FALSE otherwise 901 | ;------------------------------------------------------------------------------ 902 | PE_DLL PROC USES EBX hPE:DWORD 903 | .IF hPE == NULL 904 | xor eax, eax 905 | ret 906 | .ENDIF 907 | mov ebx, hPE 908 | mov eax, [ebx].PEINFO.PEDLL 909 | ret 910 | PE_DLL ENDP 911 | 912 | PE_ALIGN 913 | ;------------------------------------------------------------------------------ 914 | ; PE_PE64 - returns TRUE if PE32+ (PE64) or FALSE if PE32 915 | ;------------------------------------------------------------------------------ 916 | PE_PE64 PROC USES EBX hPE:DWORD 917 | .IF hPE == NULL 918 | xor eax, eax 919 | ret 920 | .ENDIF 921 | mov ebx, hPE 922 | mov eax, [ebx].PEINFO.PE64 923 | ret 924 | PE_PE64 ENDP 925 | 926 | 927 | ;############################################################################## 928 | ; E R R O R F U N C T I O N S 929 | ;############################################################################## 930 | 931 | PE_ALIGN 932 | ;------------------------------------------------------------------------------ 933 | ; PE_SetError 934 | ;------------------------------------------------------------------------------ 935 | PE_SetError PROC USES EBX hPE:DWORD, dwError:DWORD 936 | .IF hPE != NULL && dwError != PE_ERROR_SUCCESS 937 | mov ebx, hPE 938 | mov ebx, [ebx].PEINFO.PEHandle 939 | .IF ebx != 0 940 | mov eax, 0 ; null out hPE handle if it exists 941 | mov [ebx], eax 942 | .ENDIF 943 | .ENDIF 944 | mov eax, dwError 945 | mov PELIB_ErrorNo, eax 946 | ret 947 | PE_SetError ENDP 948 | 949 | 950 | ;############################################################################## 951 | ; H E L P E R F U N C T I O N S 952 | ;############################################################################## 953 | 954 | PE_ALIGN 955 | ;------------------------------------------------------------------------------ 956 | ; PE_RVAToOffset - convert Relative Virtual Address (RVA) to file offset 957 | ;------------------------------------------------------------------------------ 958 | PE_RVAToOffset PROC USES EBX EDX hPE:DWORD, dwRVA:DWORD 959 | LOCAL nTotalSections:DWORD 960 | LOCAL nCurrentSection:DWORD 961 | LOCAL pCurrentSection:DWORD 962 | LOCAL dwSectionSize:DWORD 963 | LOCAL dwVirtualAddress:DWORD 964 | LOCAL dwPointerToRawData:DWORD 965 | 966 | .IF hPE == NULL 967 | xor eax, eax 968 | ret 969 | .ENDIF 970 | 971 | mov ebx, hPE 972 | mov eax, [ebx].PEINFO.PESectionCount 973 | mov nTotalSections, eax 974 | mov eax, [ebx].PEINFO.PESectionTable 975 | mov pCurrentSection, eax 976 | 977 | mov ebx, pCurrentSection 978 | mov edx, dwRVA 979 | mov eax, 0 980 | mov nCurrentSection, 0 981 | .WHILE eax < nTotalSections 982 | mov eax, [ebx].IMAGE_SECTION_HEADER.Misc.VirtualSize 983 | .IF eax == 0 984 | mov eax, [ebx].IMAGE_SECTION_HEADER.SizeOfRawData 985 | .ENDIF 986 | mov dwSectionSize, eax 987 | 988 | mov eax, [ebx].IMAGE_SECTION_HEADER.VirtualAddress 989 | .IF eax <= edx 990 | mov dwVirtualAddress, eax 991 | add eax, dwSectionSize 992 | .IF eax > edx 993 | mov eax, [ebx].IMAGE_SECTION_HEADER.PointerToRawData 994 | mov dwPointerToRawData, eax 995 | 996 | mov ebx, dwVirtualAddress 997 | mov eax, edx 998 | sub eax, ebx 999 | mov edx, eax 1000 | mov ebx, dwPointerToRawData 1001 | mov eax, edx 1002 | add eax, ebx 1003 | ret 1004 | .ENDIF 1005 | .ENDIF 1006 | 1007 | add pCurrentSection, SIZEOF IMAGE_SECTION_HEADER 1008 | mov ebx, pCurrentSection 1009 | inc nCurrentSection 1010 | mov eax, nCurrentSection 1011 | .ENDW 1012 | 1013 | mov eax, dwRVA 1014 | ret 1015 | PE_RVAToOffset ENDP 1016 | 1017 | 1018 | 1019 | PE_ALIGN 1020 | ;------------------------------------------------------------------------------ 1021 | ; PE_FileName - returns in eax pointer to zero terminated string contained filename that is open or NULL if not opened 1022 | ;------------------------------------------------------------------------------ 1023 | PE_FileName PROC USES EBX hPE:DWORD 1024 | LOCAL PEFilename:DWORD 1025 | .IF hPE == NULL 1026 | mov eax, NULL 1027 | ret 1028 | .ENDIF 1029 | mov ebx, hPE 1030 | lea eax, [ebx].PEINFO.PEFilename 1031 | mov PEFilename, eax 1032 | Invoke lstrlen, PEFilename 1033 | .IF eax == 0 1034 | mov eax, NULL 1035 | .ELSE 1036 | mov eax, PEFilename 1037 | .ENDIF 1038 | ret 1039 | PE_FileName endp 1040 | 1041 | PE_ALIGN 1042 | ;------------------------------------------------------------------------------ 1043 | ; PE_FileNameOnly - returns in eax true or false if it managed to pass to the buffer pointed at lpszFileNameOnly, the stripped filename without extension 1044 | ;------------------------------------------------------------------------------ 1045 | PE_FileNameOnly PROC hPE:DWORD, lpszFileNameOnly:DWORD 1046 | Invoke PE_FileName, hPE 1047 | .IF eax == NULL 1048 | mov eax, FALSE 1049 | ret 1050 | .ENDIF 1051 | Invoke PEJustFname, eax, lpszFileNameOnly 1052 | mov eax, TRUE 1053 | ret 1054 | PE_FileNameOnly endp 1055 | 1056 | 1057 | 1058 | 1059 | ;############################################################################## 1060 | ; I N T E R N A L F U N C T I O N S 1061 | ;############################################################################## 1062 | 1063 | PE_ALIGN 1064 | ;------------------------------------------------------------------------------ 1065 | ; Checks the PE signatures to determine if they are valid 1066 | ;------------------------------------------------------------------------------ 1067 | PESignature PROC USES EBX pPEInMemory:DWORD 1068 | mov ebx, pPEInMemory 1069 | movzx eax, word ptr [ebx].IMAGE_DOS_HEADER.e_magic 1070 | .IF ax == MZ_SIGNATURE 1071 | add ebx, [ebx].IMAGE_DOS_HEADER.e_lfanew 1072 | ; ebx is pointer to IMAGE_NT_HEADERS now 1073 | mov eax, [ebx].IMAGE_NT_HEADERS.Signature 1074 | .IF ax == PE_SIGNATURE 1075 | movzx eax, word ptr [ebx].IMAGE_NT_HEADERS.OptionalHeader.Magic 1076 | .IF ax == IMAGE_NT_OPTIONAL_HDR32_MAGIC 1077 | mov eax, PE_ARCH_32 1078 | ret 1079 | .ELSEIF ax == IMAGE_NT_OPTIONAL_HDR64_MAGIC 1080 | mov eax, PE_ARCH_64 1081 | ret 1082 | .ENDIF 1083 | .ENDIF 1084 | .ENDIF 1085 | mov eax, PE_INVALID 1086 | ret 1087 | PESignature ENDP 1088 | 1089 | PE_ALIGN 1090 | ;------------------------------------------------------------------------------ 1091 | ; Strip path name to just filename Without extention 1092 | ;------------------------------------------------------------------------------ 1093 | PEJustFname PROC szFilePathName:DWORD, szFileName:DWORD 1094 | LOCAL LenFilePathName:DWORD 1095 | LOCAL nPosition:DWORD 1096 | 1097 | Invoke lstrlen, szFilePathName 1098 | mov LenFilePathName, eax 1099 | mov nPosition, eax 1100 | 1101 | .IF LenFilePathName == 0 1102 | mov byte ptr [edi], 0 1103 | ret 1104 | .ENDIF 1105 | 1106 | mov esi, szFilePathName 1107 | add esi, eax 1108 | 1109 | mov eax, nPosition 1110 | .WHILE eax != 0 1111 | movzx eax, byte ptr [esi] 1112 | .IF al == '\' || al == ':' || al == '/' 1113 | inc esi 1114 | .BREAK 1115 | .ENDIF 1116 | dec esi 1117 | dec nPosition 1118 | mov eax, nPosition 1119 | .ENDW 1120 | mov edi, szFileName 1121 | mov eax, nPosition 1122 | .WHILE eax != LenFilePathName 1123 | movzx eax, byte ptr [esi] 1124 | .IF al == '.' ; stop here 1125 | .BREAK 1126 | .ENDIF 1127 | mov byte ptr [edi], al 1128 | inc edi 1129 | inc esi 1130 | inc nPosition 1131 | mov eax, nPosition 1132 | .ENDW 1133 | mov byte ptr [edi], 0h 1134 | ret 1135 | PEJustFname ENDP 1136 | 1137 | ;------------------------------------------------------------------------------ 1138 | ; PEDwordToAscii - Paul Dixon's utoa_ex function. unsigned dword to ascii. 1139 | ; Returns: Buffer pointed to by lpszAsciiString will contain ascii string 1140 | ;------------------------------------------------------------------------------ 1141 | OPTION PROLOGUE:NONE 1142 | OPTION EPILOGUE:NONE 1143 | PEDwordToAscii PROC dwValue:DWORD, lpszAsciiString:DWORD 1144 | mov eax, [esp+4] ; uvar : unsigned variable to convert 1145 | mov ecx, [esp+8] ; pbuffer : pointer to result buffer 1146 | 1147 | push esi 1148 | push edi 1149 | 1150 | jmp udword 1151 | 1152 | align 4 1153 | chartab: 1154 | dd "00","10","20","30","40","50","60","70","80","90" 1155 | dd "01","11","21","31","41","51","61","71","81","91" 1156 | dd "02","12","22","32","42","52","62","72","82","92" 1157 | dd "03","13","23","33","43","53","63","73","83","93" 1158 | dd "04","14","24","34","44","54","64","74","84","94" 1159 | dd "05","15","25","35","45","55","65","75","85","95" 1160 | dd "06","16","26","36","46","56","66","76","86","96" 1161 | dd "07","17","27","37","47","57","67","77","87","97" 1162 | dd "08","18","28","38","48","58","68","78","88","98" 1163 | dd "09","19","29","39","49","59","69","79","89","99" 1164 | 1165 | udword: 1166 | mov esi, ecx ; get pointer to answer 1167 | mov edi, eax ; save a copy of the number 1168 | 1169 | mov edx, 0D1B71759h ; =2^45\10000 13 bit extra shift 1170 | mul edx ; gives 6 high digits in edx 1171 | 1172 | mov eax, 68DB9h ; =2^32\10000+1 1173 | 1174 | shr edx, 13 ; correct for multiplier offset used to give better accuracy 1175 | jz short skiphighdigits ; if zero then don't need to process the top 6 digits 1176 | 1177 | mov ecx, edx ; get a copy of high digits 1178 | imul ecx, 10000 ; scale up high digits 1179 | sub edi, ecx ; subtract high digits from original. EDI now = lower 4 digits 1180 | 1181 | mul edx ; get first 2 digits in edx 1182 | mov ecx, 100 ; load ready for later 1183 | 1184 | jnc short next1 ; if zero, supress them by ignoring 1185 | cmp edx, 9 ; 1 digit or 2? 1186 | ja ZeroSupressed ; 2 digits, just continue with pairs of digits to the end 1187 | 1188 | mov edx, chartab[edx*4] ; look up 2 digits 1189 | mov [esi], dh ; but only write the 1 we need, supress the leading zero 1190 | inc esi ; update pointer by 1 1191 | jmp ZS1 ; continue with pairs of digits to the end 1192 | 1193 | align 16 1194 | next1: 1195 | mul ecx ; get next 2 digits 1196 | jnc short next2 ; if zero, supress them by ignoring 1197 | cmp edx, 9 ; 1 digit or 2? 1198 | ja ZS1a ; 2 digits, just continue with pairs of digits to the end 1199 | 1200 | mov edx, chartab[edx*4] ; look up 2 digits 1201 | mov [esi], dh ; but only write the 1 we need, supress the leading zero 1202 | add esi, 1 ; update pointer by 1 1203 | jmp ZS2 ; continue with pairs of digits to the end 1204 | 1205 | align 16 1206 | next2: 1207 | mul ecx ; get next 2 digits 1208 | jnc short next3 ; if zero, supress them by ignoring 1209 | cmp edx, 9 ; 1 digit or 2? 1210 | ja ZS2a ; 2 digits, just continue with pairs of digits to the end 1211 | 1212 | mov edx, chartab[edx*4] ; look up 2 digits 1213 | mov [esi], dh ; but only write the 1 we need, supress the leading zero 1214 | add esi, 1 ; update pointer by 1 1215 | jmp ZS3 ; continue with pairs of digits to the end 1216 | 1217 | align 16 1218 | next3: 1219 | 1220 | skiphighdigits: 1221 | mov eax, edi ; get lower 4 digits 1222 | mov ecx, 100 1223 | 1224 | mov edx, 28F5C29h ; 2^32\100 +1 1225 | mul edx 1226 | jnc short next4 ; if zero, supress them by ignoring 1227 | cmp edx, 9 ; 1 digit or 2? 1228 | ja short ZS3a ; 2 digits, just continue with pairs of digits to the end 1229 | 1230 | mov edx, chartab[edx*4] ; look up 2 digits 1231 | mov [esi], dh ; but only write the 1 we need, supress the leading zero 1232 | inc esi ; update pointer by 1 1233 | jmp short ZS4 ; continue with pairs of digits to the end 1234 | 1235 | align 16 1236 | next4: 1237 | mul ecx ; this is the last pair so don; t supress a single zero 1238 | cmp edx, 9 ; 1 digit or 2? 1239 | ja short ZS4a ; 2 digits, just continue with pairs of digits to the end 1240 | 1241 | mov edx, chartab[edx*4] ; look up 2 digits 1242 | mov [esi], dh ; but only write the 1 we need, supress the leading zero 1243 | mov byte ptr [esi+1], 0 ; zero terminate string 1244 | 1245 | pop edi 1246 | pop esi 1247 | ret 8 1248 | 1249 | align 16 1250 | ZeroSupressed: 1251 | mov edx, chartab[edx*4] ; look up 2 digits 1252 | mov [esi], dx 1253 | add esi, 2 ; write them to answer 1254 | 1255 | ZS1: 1256 | mul ecx ; get next 2 digits 1257 | ZS1a: 1258 | mov edx, chartab[edx*4] ; look up 2 digits 1259 | mov [esi], dx ; write them to answer 1260 | add esi, 2 1261 | 1262 | ZS2: 1263 | mul ecx ; get next 2 digits 1264 | ZS2a: 1265 | mov edx, chartab[edx*4] ; look up 2 digits 1266 | mov [esi], dx ; write them to answer 1267 | add esi, 2 1268 | 1269 | ZS3: 1270 | mov eax, edi ; get lower 4 digits 1271 | mov edx, 28F5C29h ; 2^32\100 +1 1272 | mul edx ; edx= top pair 1273 | ZS3a: 1274 | mov edx, chartab[edx*4] ; look up 2 digits 1275 | mov [esi], dx ; write to answer 1276 | add esi, 2 ; update pointer 1277 | 1278 | ZS4: 1279 | mul ecx ; get final 2 digits 1280 | ZS4a: 1281 | mov edx, chartab[edx*4] ; look them up 1282 | mov [esi], dx ; write to answer 1283 | 1284 | mov byte ptr [esi+2], 0 ; zero terminate string 1285 | 1286 | sdwordend: 1287 | 1288 | pop edi 1289 | pop esi 1290 | ret 8 1291 | PEDwordToAscii ENDP 1292 | OPTION PROLOGUE:PrologueDef 1293 | OPTION EPILOGUE:EpilogueDef 1294 | 1295 | 1296 | 1297 | 1298 | 1299 | 1300 | 1301 | 1302 | 1303 | 1304 | 1305 | 1306 | 1307 | 1308 | 1309 | 1310 | 1311 | 1312 | 1313 | 1314 | 1315 | 1316 | 1317 | 1318 | --------------------------------------------------------------------------------