├── PEExplorerV2
├── pch.cpp
├── PEExplorerV2.h
├── res
│ ├── copy.ico
│ ├── dll.ico
│ ├── info.ico
│ ├── open.ico
│ ├── save.ico
│ ├── zoom.ico
│ ├── close.ico
│ ├── delete.ico
│ ├── folder.ico
│ ├── headers.ico
│ ├── module.ico
│ ├── threads.ico
│ ├── assembly.ico
│ ├── close_all.ico
│ ├── component.ico
│ ├── cpu_back.ico
│ ├── file_dll.ico
│ ├── file_exe.ico
│ ├── number-1.ico
│ ├── number-2.ico
│ ├── number-4.ico
│ ├── number-8.ico
│ ├── pin_blue.ico
│ ├── resources.ico
│ ├── structure.ico
│ ├── Managed
│ │ ├── enum.ico
│ │ ├── class.ico
│ │ ├── event.ico
│ │ ├── field.ico
│ │ ├── method.ico
│ │ ├── attribute.ico
│ │ ├── delegate.ico
│ │ ├── interface.ico
│ │ ├── property.ico
│ │ ├── method-new.ico
│ │ ├── abstract_class.ico
│ │ └── method-internet.ico
│ ├── PEExplorerV2.ico
│ ├── dependencies.ico
│ ├── file_binary.ico
│ ├── file_library.ico
│ ├── folder_open.ico
│ ├── window-new.ico
│ ├── library-friend.ico
│ ├── library-import.ico
│ ├── method-export.ico
│ ├── method-friend.ico
│ ├── method-import.ico
│ ├── database-export.ico
│ └── database-import.ico
├── PEExplorerV2.rc
├── Capstone
│ ├── capstone.lib
│ ├── platform.h
│ ├── mos65xx.h
│ ├── evm.h
│ ├── xcore.h
│ └── tms320c64x.h
├── HexControl
│ ├── HexControl.lib
│ ├── HexControld.lib
│ ├── InMemoryBuffer.h
│ ├── EditCommandBase.h
│ ├── IBufferManager.h
│ ├── IHexControl.h
│ └── HexControl.h
├── ClipboardHelper.h
├── packages.config
├── View.cpp
├── SortHelper.h
├── ImageDosHeaderStruct.h
├── ImageFileHeaderStruct.h
├── SortHelper.cpp
├── ClipboardHelper.cpp
├── ImageOptionalHeaderStruct.h
├── ImportsFunctionsView.h
├── SummaryView.h
├── ResourcesView.h
├── AboutDlg.cpp
├── ExportsView.h
├── DataDirectoriesView.h
├── ImportsView.h
├── View.h
├── ManagedTypesView.h
├── SectionsView.h
├── TypeMembersView.h
├── IMainFrame.h
├── AssemblyView.h
├── StructureView.h
├── PEExplorerV2.cpp
├── ResourcesFrameView.h
├── AboutDlg.h
├── ImportsFrameView.h
├── AssemblyView.cpp
├── PEStrings.h
├── StructureView.cpp
├── HexView.h
├── ImageFileHeaderStruct.cpp
├── ImportsFrameView.cpp
├── pch.h
├── ImportsFunctionsView.cpp
├── ResourcesFrameView.cpp
├── DataDirectoriesView.cpp
├── GenericListView.h
├── ImportsView.cpp
├── ImageDosHeaderStruct.cpp
├── ResourcesView.cpp
├── ExportsView.cpp
├── HexView.cpp
├── GenericListView.cpp
├── ManagedTypesView.cpp
├── resource.h
├── SectionsView.cpp
├── VirtualListView.h
├── TypeMembersView.cpp
├── SummaryView.cpp
├── MainFrm.h
├── ImageOptionalHeaderStruct.cpp
├── PEStrings.cpp
└── PEExplorerV2.vcxproj.filters
├── PEExplorerV2.png
├── README.md
├── PEParser
├── pch.cpp
├── pch.h
├── PEParser.vcxproj.filters
├── CLRMetadataParser.h
├── PEParser.h
├── PEParser.vcxproj
└── CLRMetadataParser.cpp
├── LICENSE
├── PEExplorerV2.sln
├── .gitattributes
└── .gitignore
/PEExplorerV2/pch.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 |
--------------------------------------------------------------------------------
/PEExplorerV2/PEExplorerV2.h:
--------------------------------------------------------------------------------
1 | // PEExplorerV2.h
2 |
--------------------------------------------------------------------------------
/PEExplorerV2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2.png
--------------------------------------------------------------------------------
/PEExplorerV2/res/copy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/copy.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/dll.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/dll.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/info.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/info.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/open.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/open.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/save.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/save.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/zoom.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/zoom.ico
--------------------------------------------------------------------------------
/PEExplorerV2/PEExplorerV2.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/PEExplorerV2.rc
--------------------------------------------------------------------------------
/PEExplorerV2/res/close.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/close.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/delete.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/folder.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/folder.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/headers.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/headers.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/module.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/module.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/threads.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/assembly.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/assembly.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/close_all.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/close_all.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/component.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/component.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/cpu_back.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/cpu_back.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/file_dll.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/file_dll.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/file_exe.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/file_exe.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/number-1.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/number-1.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/number-2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/number-2.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/number-4.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/number-4.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/number-8.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/number-8.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/pin_blue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/pin_blue.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/resources.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/resources.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/structure.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/structure.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/enum.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/enum.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/PEExplorerV2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/PEExplorerV2.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/dependencies.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/dependencies.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/file_binary.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/file_binary.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/file_library.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/file_library.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/folder_open.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/folder_open.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/window-new.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/window-new.ico
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/capstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/Capstone/capstone.lib
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/class.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/class.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/event.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/event.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/field.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/field.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/method.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/method.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/library-friend.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/library-friend.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/library-import.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/library-import.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/method-export.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/method-export.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/method-friend.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/method-friend.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/method-import.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/method-import.ico
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/HexControl.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/HexControl/HexControl.lib
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/attribute.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/attribute.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/delegate.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/delegate.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/interface.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/interface.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/property.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/property.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/database-export.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/database-export.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/database-import.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/database-import.ico
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/HexControld.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/HexControl/HexControld.lib
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/method-new.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/method-new.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/abstract_class.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/abstract_class.ico
--------------------------------------------------------------------------------
/PEExplorerV2/res/Managed/method-internet.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/PEExplorerV2/HEAD/PEExplorerV2/res/Managed/method-internet.ico
--------------------------------------------------------------------------------
/PEExplorerV2/ClipboardHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct ClipboardHelper final {
4 | static bool CopyText(HWND hWnd, PCWSTR text);
5 | };
6 |
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # PEExplorerV2
2 | Portable Executable Explorer version 2
3 |
4 | 
5 |
--------------------------------------------------------------------------------
/PEExplorerV2/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/PEParser/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 |
3 | #include "pch.h"
4 |
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 |
--------------------------------------------------------------------------------
/PEExplorerV2/View.cpp:
--------------------------------------------------------------------------------
1 | // View.cpp : implementation of the CView class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #include "pch.h"
6 | #include "resource.h"
7 |
8 | #include "View.h"
9 |
10 | BOOL CView::PreTranslateMessage(MSG* pMsg) {
11 | pMsg;
12 | return FALSE;
13 | }
14 |
15 |
--------------------------------------------------------------------------------
/PEExplorerV2/SortHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct SortHelper final abstract {
4 | static bool SortStrings(const CString& s1, const CString& s2, bool ascending);
5 | static bool SortStrings(const std::string& s1, const std::string& s2, bool ascending);
6 | static bool SortBoolean(bool a, bool b, bool asc);
7 |
8 | template
9 | static bool SortNumbers(const Number& n1, const Number& n2, bool ascending) {
10 | return ascending ? n2 > n1 : n2 < n1;
11 | }
12 | };
13 |
14 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImageDosHeaderStruct.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "StructureView.h"
4 | #include "PEParser.h"
5 |
6 | class ImageDosHeaderStruct : public IStructureProvider {
7 | public:
8 | ImageDosHeaderStruct(PEParser* parser);
9 |
10 | // IStructureProvider
11 | CString GetName() const override;
12 | int GetMemberCount() const override;
13 | const MemberInfo& GetMemberInfo(int index) const override;
14 |
15 | private:
16 | void BuildMembers();
17 |
18 | private:
19 | PEParser* _parser;
20 | std::vector _members;
21 | };
22 |
23 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImageFileHeaderStruct.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "StructureView.h"
4 | #include "PEParser.h"
5 |
6 | class ImageFileHeaderStruct : public IStructureProvider {
7 | public:
8 | ImageFileHeaderStruct(PEParser* parser);
9 |
10 | // IStructureProvider
11 | CString GetName() const override;
12 | int GetMemberCount() const override;
13 | const MemberInfo& GetMemberInfo(int index) const override;
14 |
15 | private:
16 | void BuildMembers();
17 |
18 | private:
19 | PEParser* _parser;
20 | std::vector _members;
21 | };
22 |
23 |
--------------------------------------------------------------------------------
/PEExplorerV2/SortHelper.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SortHelper.h"
3 |
4 | bool SortHelper::SortStrings(const CString& s1, const CString& s2, bool ascending) {
5 | return ascending ? s2.CompareNoCase(s1) > 0 : s2.CompareNoCase(s1) < 0;
6 | }
7 |
8 | bool SortHelper::SortStrings(const std::string& s1, const std::string& s2, bool ascending) {
9 | auto compare = ::_stricmp(s2.c_str(), s1.c_str());
10 | return ascending ? compare > 0 : compare < 0;
11 | }
12 |
13 | bool SortHelper::SortBoolean(bool a, bool b, bool asc) {
14 | return asc ? b > a : a > b;
15 | }
16 |
--------------------------------------------------------------------------------
/PEExplorerV2/ClipboardHelper.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ClipboardHelper.h"
3 |
4 | bool ClipboardHelper::CopyText(HWND hWnd, PCWSTR text) {
5 | if (::OpenClipboard(hWnd)) {
6 | ::EmptyClipboard();
7 | auto size = (::wcslen(text) + 1) * sizeof(WCHAR);
8 | auto hData = ::GlobalAlloc(GMEM_MOVEABLE, size);
9 | if (hData) {
10 | auto p = ::GlobalLock(hData);
11 | if (p) {
12 | ::memcpy(p, text, size);
13 | ::GlobalUnlock(p);
14 | ::SetClipboardData(CF_UNICODETEXT, hData);
15 | }
16 | }
17 | ::CloseClipboard();
18 | if (hData)
19 | return true;
20 | }
21 | return false;
22 | }
23 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImageOptionalHeaderStruct.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "StructureView.h"
4 | #include "PEParser.h"
5 |
6 | class ImageOptionalHeaderStruct : public IStructureProvider {
7 | public:
8 | ImageOptionalHeaderStruct(PEParser* parser);
9 |
10 | // IStructureProvider
11 | CString GetName() const override;
12 | int GetMemberCount() const override;
13 | const MemberInfo& GetMemberInfo(int index) const override;
14 |
15 | private:
16 | void BuildMembers();
17 | void BuildMemberInternal32();
18 | void BuildMemberInternal64();
19 |
20 | private:
21 | PEParser* _parser;
22 | std::vector _members;
23 | };
24 |
25 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsFunctionsView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 |
6 | class ImportsFunctionsView : public IGenericListViewCallback {
7 | public:
8 | void SetSymbols(const std::vector& symbols);
9 | void Init(CListViewCtrl& lv);
10 |
11 | // IGenericListViewCallback
12 | int GetItemCount() override;
13 | CString GetItemText(int row, int col) override;
14 | bool Sort(int column, bool ascending) override;
15 | int GetIcon(int row) override;
16 |
17 | private:
18 | static bool CompareItems(const ImportedSymbol& s1, const ImportedSymbol& s2, int col, bool asc);
19 |
20 | private:
21 | std::vector _symbols;
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/PEExplorerV2/SummaryView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 |
5 | class PEParser;
6 |
7 | class SummaryView : public IGenericListViewCallback {
8 | struct Item {
9 | CString Name, Value, Details;
10 |
11 | Item(PCWSTR name, PCWSTR value, PCWSTR details = nullptr);
12 | };
13 |
14 | public:
15 | SummaryView(PEParser* parser);
16 | void Init(CListViewCtrl& lv);
17 |
18 | // IGenericListViewCallback
19 | int GetItemCount() override;
20 | CString GetItemText(int row, int col) override;
21 | bool Sort(int column, bool ascending) override;
22 | bool CanSort(int column) const override;
23 |
24 | private:
25 | PEParser* _parser;
26 | std::vector- _items;
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/InMemoryBuffer.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "IBufferManager.h"
4 |
5 | class InMemoryBuffer : public IBufferManager {
6 | public:
7 | InMemoryBuffer(uint32_t initialSize = 0);
8 |
9 | // Inherited via IBufferManager
10 | uint32_t GetData(int64_t offset, uint8_t * buffer, uint32_t count) override;
11 | bool Insert(int64_t offset, const uint8_t * data, uint32_t count) override;
12 | bool Delete(int64_t offset, size_t count) override;
13 | bool SetData(int64_t offset, const uint8_t * data, uint32_t count) override;
14 | int64_t GetSize() const override;
15 | uint8_t* GetRawData(int64_t offset) override;
16 | bool IsReadOnly() const override {
17 | return false;
18 | }
19 |
20 | private:
21 | std::vector _buffer;
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/PEExplorerV2/ResourcesView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 |
6 | struct ResourceItem {
7 | CString Type;
8 | ResourceInfo Resource;
9 | };
10 |
11 | class ResourcesView : public IGenericListViewCallback {
12 | public:
13 | ResourcesView(PEParser* parser);
14 | void Init(CListViewCtrl& lv);
15 |
16 | // IGenericListViewCallback
17 | int GetItemCount() override;
18 | CString GetItemText(int row, int col) override;
19 | bool Sort(int column, bool ascending) override;
20 |
21 | const ResourceItem& GetResource(int index) const;
22 |
23 | private:
24 | static bool CompareItems(const ResourceItem& res1, const ResourceItem& res2, int col, bool asc);
25 |
26 | PEParser* _parser;
27 | std::vector _items;
28 | };
29 |
30 |
--------------------------------------------------------------------------------
/PEParser/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h: This is a precompiled header file.
2 | // Files listed below are compiled only once, improving build performance for future builds.
3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
11 |
12 | #include
13 | #include
14 | #include
15 | #include
16 | #include
17 | #include
18 |
19 | #endif //PCH_H
20 |
--------------------------------------------------------------------------------
/PEExplorerV2/AboutDlg.cpp:
--------------------------------------------------------------------------------
1 | // aboutdlg.cpp : implementation of the CAboutDlg class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #include "pch.h"
6 | #include "resource.h"
7 |
8 | #include "aboutdlg.h"
9 |
10 | LRESULT CAboutDlg::OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/) {
11 | CenterWindow(GetParent());
12 | return TRUE;
13 | }
14 |
15 | LRESULT CAboutDlg::OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/) {
16 | EndDialog(wID);
17 | return 0;
18 | }
19 |
20 | LRESULT CAboutDlg::OnClickSyslink(int, LPNMHDR, BOOL&) {
21 | ::ShellExecute(nullptr, L"open", L"https://github.com/zodiacon/peexplorerv2", nullptr, nullptr, SW_SHOWDEFAULT);
22 | return 0;
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/EditCommandBase.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "IHexControl.h"
4 |
5 | class EditCommandBase abstract {
6 | public:
7 | EditCommandBase(const CString& name, IBufferManager* mgr, int64_t offset, int64_t size);
8 | virtual ~EditCommandBase() = default;
9 |
10 | const CString& GetName() const;
11 | int64_t GetOffset() const {
12 | return _offset;
13 | }
14 |
15 | int64_t GetSize() const {
16 | return _size;
17 | }
18 |
19 | int32_t GetSize32Bit() const {
20 | return static_cast(_size);
21 | }
22 |
23 | IBufferManager* GetBuffer() {
24 | return _mgr;
25 | }
26 |
27 | virtual bool Undo() = 0;
28 | virtual bool Execute() = 0;
29 |
30 | private:
31 | CString _name;
32 | int64_t _offset, _size;
33 | IBufferManager* _mgr;
34 | };
35 |
36 |
--------------------------------------------------------------------------------
/PEExplorerV2/ExportsView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 | #include "IMainFrame.h"
6 |
7 | class ExportsView : public IGenericListViewCallback {
8 | public:
9 | ExportsView(PEParser* parser, IMainFrame* frame);
10 |
11 | void Init(CListViewCtrl& lv);
12 |
13 | // Inherited via IGenericListViewCallback
14 | int GetItemCount() override;
15 | CString GetItemText(int row, int col) override;
16 | bool Sort(int column, bool ascending) override;
17 | int GetIcon(int row) override;
18 | void OnContextMenu(const POINT& pt, int selected) override;
19 |
20 | private:
21 | static bool CompareItems(const ExportedSymbol& e1, const ExportedSymbol& e2, int col, bool asc);
22 |
23 | private:
24 | PEParser* _parser;
25 | IMainFrame* _frame;
26 | std::vector _exports;
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/PEExplorerV2/DataDirectoriesView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 | #include "IMainFrame.h"
6 |
7 | class DataDirectoriesView : public IGenericListViewCallback {
8 | public:
9 | DataDirectoriesView(PEParser* parser, IMainFrame* frame);
10 | void Init(CListViewCtrl& lv);
11 |
12 | // IGenericListViewCallback
13 | int GetItemCount() override;
14 | CString GetItemText(int row, int col) override;
15 | bool Sort(int column, bool ascending) override;
16 | bool CanSort(int col) const override {
17 | return false;
18 | }
19 | void OnContextMenu(const POINT& pt, int index) override;
20 |
21 | private:
22 | struct DataDirectory {
23 | CString Name;
24 | int Index;
25 | DWORD Address;
26 | DWORD Size;
27 | };
28 | PEParser* _parser;
29 | DataDirectory _dirs[15];
30 | IMainFrame* _frame;
31 | };
32 |
33 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 | #include "IMainFrame.h"
6 |
7 | class ImportsView : public IGenericListViewCallback {
8 | public:
9 | ImportsView(PEParser* parser, IMainFrame* frame);
10 | void Init(CListViewCtrl& lv);
11 |
12 | // IGenericListViewCallback
13 | int GetItemCount() override;
14 | CString GetItemText(int row, int col) override;
15 | bool Sort(int column, bool ascending) override;
16 | int GetIcon(int row) override;
17 |
18 | const ImportedLibrary& GetLibrary(int selected) const;
19 | void OnContextMenu(const POINT& pt, int selected) override;
20 |
21 | private:
22 | static bool CompareItems(ImportedLibrary& lib1, ImportedLibrary& lib2, int col, bool asc);
23 |
24 | PEParser* _parser;
25 | std::vector _libraries;
26 | IMainFrame* _frame;
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/PEExplorerV2/View.h:
--------------------------------------------------------------------------------
1 | // View.h : interface of the CView class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 |
7 | class CView : public CTabViewImpl
8 | {
9 | public:
10 | DECLARE_WND_CLASS(nullptr)
11 |
12 | BOOL PreTranslateMessage(MSG* pMsg);
13 |
14 | BEGIN_MSG_MAP(CView)
15 | CHAIN_MSG_MAP(CTabViewImpl)
16 | END_MSG_MAP()
17 |
18 | // Handler prototypes (uncomment arguments if needed):
19 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
20 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
21 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
22 |
23 | LRESULT OnPaint(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
24 | };
25 |
--------------------------------------------------------------------------------
/PEExplorerV2/ManagedTypesView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 | #include "IMainFrame.h"
6 |
7 | class ManagedTypesView : public IGenericListViewCallback {
8 | public:
9 | ManagedTypesView(PEParser* parser, IMainFrame* frame);
10 | void Init(CListViewCtrl& lv);
11 |
12 | static PCWSTR GetTypeKind(ManagedTypeKind kind);
13 |
14 | // IGenericListViewCallback
15 | int GetItemCount() override;
16 | CString GetItemText(int row, int col) override;
17 | bool Sort(int column, bool ascending) override;
18 | int GetIcon(int row) override;
19 | void OnContextMenu(const POINT& pt, int selected) override;
20 |
21 | private:
22 | static bool CompareItems(const ManagedType& t1, const ManagedType& t2, int col, bool asc);
23 |
24 | private:
25 | PEParser* _parser;
26 | std::vector _types;
27 | IMainFrame* _frame;
28 | };
29 |
30 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/IBufferManager.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct IBufferManager {
4 | virtual uint32_t GetData(int64_t offset, uint8_t* buffer, uint32_t count) = 0;
5 | virtual bool Insert(int64_t offset, const uint8_t* data, uint32_t count) = 0;
6 | virtual bool Delete(int64_t offset, size_t count) = 0;
7 | virtual bool SetData(int64_t offset, const uint8_t* data, uint32_t count) = 0;
8 | virtual int64_t GetSize() const = 0;
9 | virtual uint8_t* GetRawData(int64_t offset) = 0;
10 | virtual bool IsReadOnly() const = 0;
11 | virtual ~IBufferManager() = default;
12 |
13 | static std::unique_ptr CreateInMemory(uint32_t initialSize = 0);
14 | static std::unique_ptr CreateFromProcess(DWORD pid, int64_t address, int64_t size, bool readWrite = false);
15 | static std::unique_ptr CreateFromFile(PCWSTR path, bool readWrite = false, bool inMemory = false);
16 | };
17 |
18 |
--------------------------------------------------------------------------------
/PEExplorerV2/SectionsView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 | #include "IMainFrame.h"
6 |
7 | class SectionsView : public IGenericListViewCallback {
8 | public:
9 | SectionsView(PEParser* parser, IMainFrame* frame);
10 |
11 | void Init(CListViewCtrl& lv);
12 |
13 | // IGenericListViewCallback
14 | int GetItemCount() override;
15 | CString GetItemText(int row, int col) override;
16 | bool Sort(int column, bool ascending) override;
17 | void OnContextMenu(const POINT& pt, int index) override;
18 |
19 | private:
20 | CString GetSectionCharacteristics(DWORD ch) const;
21 | static CString GetSectionName(const IMAGE_SECTION_HEADER* sec);
22 | bool CompareItems(const PIMAGE_SECTION_HEADER s1, const PIMAGE_SECTION_HEADER s2, int col, bool asc) const;
23 |
24 | private:
25 | IMainFrame* _frame;
26 | PEParser* _parser;
27 | std::unique_ptr _sections;
28 | };
29 |
30 |
--------------------------------------------------------------------------------
/PEExplorerV2/TypeMembersView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 |
6 | class TypeMembersView : public IGenericListViewCallback {
7 | public:
8 | TypeMembersView(CLRMetadataParser& parser, const ManagedType& type);
9 |
10 | static PCWSTR MemberTypeToString(ManagedMemberType type);
11 |
12 | // IGenericListViewCallback
13 | int GetItemCount() override;
14 | void Init(CListViewCtrl& lv) override;
15 | CString GetItemText(int row, int col) override;
16 | bool Sort(int column, bool ascending) override;
17 | int GetIcon(int row) override;
18 | bool CanSort(int col) const override;
19 |
20 | CString GetMoreInfo(const ManagedMember& member) const;
21 |
22 | private:
23 | bool CompareItems(const ManagedMember& m1, const ManagedMember& m2, int col, bool asc) const;
24 |
25 | private:
26 | ManagedType _type;
27 | std::vector _members;
28 | CLRMetadataParser& _parser;
29 | };
30 |
31 |
--------------------------------------------------------------------------------
/PEExplorerV2/IMainFrame.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "PEParser.h"
4 |
5 | enum class TreeNodeType : size_t {
6 | Root,
7 | Summary,
8 | Sections,
9 | Directories,
10 | Exports,
11 | Imports,
12 | Resources,
13 | DotNet,
14 | Headers,
15 | ImportAddressTable,
16 | ThreadLocalStorage,
17 | LoadConfig,
18 | Debug,
19 |
20 | ImageDosHeader = 0x100,
21 | ImageFileHeader,
22 | ImageOptionalHeader,
23 |
24 | SectionView = 0x10000,
25 |
26 | DirectoryView = 0x11000,
27 |
28 | ExportView = 0x12000,
29 |
30 | ManagedTypeMembersView = 0x13000
31 | };
32 |
33 | struct IMainFrame {
34 | virtual UINT ShowContextMenu(HMENU menu, const POINT& pt, DWORD flags = 0) = 0;
35 | virtual CTreeItem CreateHexView(TreeNodeType type, PCWSTR title, LPARAM param) = 0;
36 | virtual CTreeItem CreateAssemblyView(const ExportedSymbol& symbol) = 0;
37 | virtual bool OpenDocument(PCWSTR name, bool newWindow) = 0;
38 | virtual CTreeItem CreateTypeMembersView(const ManagedType& type) = 0;
39 | };
40 |
--------------------------------------------------------------------------------
/PEExplorerV2/AssemblyView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "Capstone/capstone.h"
4 |
5 | class CAssemblyView : public CWindowImpl {
6 | public:
7 | DECLARE_WND_CLASS_EX(nullptr, 0, NULL);
8 |
9 | CAssemblyView(cs_insn* insts, int count);
10 |
11 | BEGIN_MSG_MAP(CAssemblyView)
12 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
13 | MESSAGE_HANDLER(WM_SIZE, OnSize)
14 | MESSAGE_HANDLER(WM_ERASEBKGND, OnEraseBkgnd)
15 | MESSAGE_HANDLER(WM_CTLCOLORSTATIC, OnBackColor)
16 | END_MSG_MAP()
17 |
18 | private:
19 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
20 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
21 | LRESULT OnEraseBkgnd(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
22 | LRESULT OnBackColor(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
23 |
24 | private:
25 | CEdit m_Edit;
26 | cs_insn* m_Inst;
27 | int m_Count;
28 | };
29 |
30 |
--------------------------------------------------------------------------------
/PEExplorerV2/StructureView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "GenericListView.h"
4 | #include "PEParser.h"
5 |
6 | struct MemberInfo {
7 | CString Name;
8 | unsigned Offset;
9 | CString Type;
10 | int Size;
11 | CString Value;
12 | CString Comment;
13 |
14 | MemberInfo(PCWSTR name, unsigned offset, PCWSTR type, int size, PCWSTR value, PCWSTR comment = nullptr);
15 | };
16 |
17 | struct IStructureProvider {
18 | virtual CString GetName() const = 0;
19 | virtual int GetMemberCount() const = 0;
20 | virtual const MemberInfo& GetMemberInfo(int index) const = 0;
21 | };
22 |
23 | class StructureView : public IGenericListViewCallback {
24 | public:
25 | StructureView(PEParser* parser, IStructureProvider* provider);
26 | void Init(CListViewCtrl& lv);
27 |
28 | // IGenericListViewCallback
29 | int GetItemCount() override;
30 | CString GetItemText(int row, int col) override;
31 | bool Sort(int column, bool ascending) override;
32 | bool CanSort(int) const override {
33 | return false;
34 | }
35 |
36 | private:
37 | PEParser* _parser;
38 | std::unique_ptr _provider;
39 | };
40 |
41 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 Pavel Yosifovich
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/PEExplorerV2/PEExplorerV2.cpp:
--------------------------------------------------------------------------------
1 | // PEExplorerV2.cpp : main source file for PEExplorerV2.exe
2 | //
3 |
4 | #include "pch.h"
5 |
6 | #include "resource.h"
7 |
8 | #include "aboutdlg.h"
9 | #include "MainFrm.h"
10 |
11 | CAppModule _Module;
12 |
13 | int Run(LPTSTR /*lpstrCmdLine*/ = nullptr, int nCmdShow = SW_SHOWDEFAULT) {
14 | CMessageLoop theLoop;
15 | _Module.AddMessageLoop(&theLoop);
16 |
17 | auto frame = new CMainFrame();
18 |
19 | if (frame->CreateEx() == nullptr) {
20 | ATLTRACE(_T("Main window creation failed!\n"));
21 | return 0;
22 | }
23 |
24 | frame->ShowWindow(nCmdShow);
25 |
26 | int nRet = theLoop.Run();
27 |
28 | _Module.RemoveMessageLoop();
29 | return nRet;
30 | }
31 |
32 | int WINAPI _tWinMain(HINSTANCE hInstance, HINSTANCE /*hPrevInstance*/, LPTSTR lpstrCmdLine, int nCmdShow) {
33 | HRESULT hRes = ::CoInitialize(nullptr);
34 | ATLASSERT(SUCCEEDED(hRes));
35 |
36 | AtlInitCommonControls(ICC_COOL_CLASSES | ICC_BAR_CLASSES); // add flags to support other controls
37 |
38 | hRes = _Module.Init(nullptr, hInstance);
39 | ATLASSERT(SUCCEEDED(hRes));
40 |
41 | int nRet = Run(lpstrCmdLine, nCmdShow);
42 |
43 | _Module.Term();
44 | ::CoUninitialize();
45 |
46 | return nRet;
47 | }
48 |
--------------------------------------------------------------------------------
/PEExplorerV2/ResourcesFrameView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "ResourcesView.h"
4 | #include "HexView.h"
5 |
6 | class PEParser;
7 |
8 | class CResourcesFrameView :
9 | public CWindowImpl {
10 | public:
11 | CResourcesFrameView(PEParser* parser);
12 |
13 | enum { IDC_RES = 125, IDC_HEX };
14 |
15 | BEGIN_MSG_MAP(CResourcesFrameView)
16 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
17 | MESSAGE_HANDLER(WM_SIZE, OnSize)
18 | MESSAGE_HANDLER(WM_ERASEBKGND, OnEraseBkgnd)
19 | NOTIFY_HANDLER(IDC_RES, LVN_ITEMCHANGED, OnResourceChanged)
20 | REFLECT_NOTIFICATIONS()
21 | END_MSG_MAP()
22 |
23 | private:
24 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
25 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
26 | LRESULT OnEraseBkgnd(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
27 | LRESULT OnResourceChanged(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
28 |
29 | private:
30 | CSplitterWindow m_splitter;
31 | CGenericListView m_resView;
32 | CHexView m_hexView;
33 | int m_SelectedIndex{ -1 };
34 | ResourcesView m_resViewImpl;
35 | std::unique_ptr m_buffer;
36 | };
37 |
--------------------------------------------------------------------------------
/PEExplorerV2/AboutDlg.h:
--------------------------------------------------------------------------------
1 | // aboutdlg.h : interface of the CAboutDlg class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 |
7 | #include "Resource.h"
8 |
9 | class CAboutDlg : public CDialogImpl
10 | {
11 | public:
12 | enum { IDD = IDD_ABOUTBOX };
13 |
14 | BEGIN_MSG_MAP(CAboutDlg)
15 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
16 | COMMAND_ID_HANDLER(IDOK, OnCloseCmd)
17 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
18 | NOTIFY_CODE_HANDLER(NM_CLICK, OnClickSyslink)
19 | NOTIFY_CODE_HANDLER(NM_RETURN, OnClickSyslink)
20 | END_MSG_MAP()
21 |
22 | // Handler prototypes (uncomment arguments if needed):
23 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
24 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
25 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
26 |
27 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
28 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
29 | LRESULT OnClickSyslink(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
30 | };
31 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsFrameView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "ImportsView.h"
4 | #include "GenericListView.h"
5 | #include "ImportsFunctionsView.h"
6 |
7 | class CImportsFrameView :
8 | public CWindowImpl {
9 | public:
10 | CImportsFrameView(PEParser* parser, IMainFrame* frame);
11 |
12 | enum { IDC_LIBS = 123, IDC_IMPORTS };
13 |
14 | BEGIN_MSG_MAP(CImportsFrameView)
15 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
16 | MESSAGE_HANDLER(WM_SIZE, OnSize)
17 | MESSAGE_HANDLER(WM_ERASEBKGND, OnEraseBkgnd)
18 | NOTIFY_HANDLER(IDC_LIBS, LVN_ITEMCHANGED, OnLibraryChanged)
19 | REFLECT_NOTIFICATIONS()
20 | END_MSG_MAP()
21 |
22 | private:
23 |
24 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
25 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
26 | LRESULT OnEraseBkgnd(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
27 | LRESULT OnLibraryChanged(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
28 |
29 | private:
30 | CSplitterWindow m_splitter;
31 | CGenericListView m_libView;
32 | CGenericListView m_importsView;
33 | PEParser* m_Parser;
34 | ImportsView m_libViewImpl;
35 | ImportsFunctionsView m_importsImpl;
36 | };
37 |
38 |
--------------------------------------------------------------------------------
/PEExplorerV2/AssemblyView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "AssemblyView.h"
3 | #include "PEStrings.h"
4 |
5 | CAssemblyView::CAssemblyView(cs_insn* insts, int count) :
6 | m_Inst(insts), m_Count(count) {
7 | }
8 |
9 | LRESULT CAssemblyView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
10 | m_Edit.Create(*this, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | ES_READONLY | ES_MULTILINE | WS_VSCROLL | WS_CLIPSIBLINGS);
11 | CFont font;
12 | font.CreatePointFont(110, L"Consolas");
13 | m_Edit.SetFont(font.Detach());
14 |
15 | CString text;
16 | for (int j = 0; j < m_Count; j++) {
17 | const auto& inst = m_Inst[j];
18 | text += PEStrings::FormatInstruction(inst) + L"\r\n";
19 | if (_stricmp(inst.mnemonic, "ret") == 0 || inst.bytes[0] == 0xcc)
20 | break;
21 | }
22 | m_Edit.SetWindowText(text);
23 |
24 | return 0;
25 | }
26 |
27 | LRESULT CAssemblyView::OnSize(UINT, WPARAM, LPARAM lParam, BOOL&) {
28 | if (m_Edit) {
29 | m_Edit.MoveWindow(0, 0, GET_X_LPARAM(lParam), GET_Y_LPARAM(lParam));
30 | }
31 | return 0;
32 | }
33 |
34 | LRESULT CAssemblyView::OnEraseBkgnd(UINT, WPARAM, LPARAM, BOOL&) {
35 | return 1;
36 | }
37 |
38 | LRESULT CAssemblyView::OnBackColor(UINT, WPARAM, LPARAM, BOOL&) {
39 | return reinterpret_cast(::GetSysColorBrush(COLOR_WINDOW));
40 | }
41 |
--------------------------------------------------------------------------------
/PEExplorerV2/PEStrings.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "PEParser.h"
4 | #include
5 | #include "Capstone/capstone.h"
6 |
7 | struct PEStrings abstract final {
8 | static PCWSTR SubsystemTypeToString(SubsystemType type);
9 | static CString GetFileName(const CString& path);
10 | static CString ToDecAndHex(DWORD value, bool hexFirst = false);
11 | static CString MagicToString(OptionalHeaderMagic magic);
12 | static CString MachineTypeToString(MachineType type);
13 | static CString Sec1970ToString(DWORD secs);
14 | static CString CharacteristicsToString(ImageCharacteristics ch);
15 | static CString DllCharacteristicsToString(DllCharacteristics ch);
16 | static CString ToHex(DWORD value, bool leadingZero = false);
17 | static CString ToHex(ULONGLONG value);
18 | static CString ToMemorySize(ULONGLONG size);
19 | static PCWSTR ResourceTypeToString(WORD id);
20 | static CString FormatInstruction(const cs_insn& inst);
21 | static CString ManagedTypeAttributesToString(CorTypeAttr attr);
22 | static CString MemberAttributesToString(const ManagedMember& member);
23 | static CString MethodAttributesToString(CorMethodAttr attr);
24 | static CString FieldAttributesToString(CorFieldAttr attr);
25 | static CString PropertyAttributesToString(CorPropertyAttr attr);
26 | static CString EventAttributesToString(CorEventAttr attr);
27 | };
28 |
29 |
--------------------------------------------------------------------------------
/PEExplorerV2/StructureView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "StructureView.h"
3 | #include "PEStrings.h"
4 |
5 | StructureView::StructureView(PEParser* parser, IStructureProvider* provider)
6 | : _parser(parser), _provider(provider) {
7 | ATLASSERT(provider);
8 | }
9 |
10 | void StructureView::Init(CListViewCtrl& lv) {
11 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 150);
12 | lv.InsertColumn(1, L"Offset", LVCFMT_RIGHT, 80);
13 | lv.InsertColumn(2, L"Type", LVCFMT_LEFT, 100);
14 | lv.InsertColumn(3, L"Value", LVCFMT_RIGHT, 150);
15 | lv.InsertColumn(4, L"Comment", LVCFMT_LEFT, 200);
16 | }
17 |
18 | int StructureView::GetItemCount() {
19 | return _provider->GetMemberCount();
20 | }
21 |
22 | CString StructureView::GetItemText(int row, int col) {
23 | auto& info = _provider->GetMemberInfo(row);
24 |
25 | switch (col) {
26 | case 0: return info.Name;
27 | case 1: return PEStrings::ToDecAndHex(info.Offset);
28 | case 2: return info.Type;
29 | case 3: return info.Value;
30 | case 4: return info.Comment;
31 | }
32 | ATLASSERT(false);
33 | return L"";
34 | }
35 |
36 | bool StructureView::Sort(int column, bool ascending) {
37 | return false;
38 | }
39 |
40 | MemberInfo::MemberInfo(PCWSTR name, unsigned offset, PCWSTR type, int size, PCWSTR value, PCWSTR comment)
41 | : Name(name), Offset(offset), Type(type), Size(size), Value(value), Comment(comment) {
42 | }
43 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/IHexControl.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct IBufferManager;
4 |
5 | struct HexControlNotifyData {
6 | NMHDR hdr;
7 | POINT pt;
8 | };
9 |
10 | struct IHexControl {
11 | virtual void SetBufferManager(IBufferManager* mgr) = 0;
12 | virtual void SetReadOnly(bool readonly) = 0;
13 | virtual bool IsReadOnly() const = 0;
14 | virtual void SetAllowExtension(bool allow) = 0;
15 | virtual bool IsAllowExtension() const = 0;
16 | virtual bool CanUndo() const = 0;
17 | virtual bool CanRedo() const = 0;
18 | virtual bool Undo() = 0;
19 | virtual bool Redo() = 0;
20 | virtual void SetSize(int64_t size) = 0;
21 | virtual bool SetDataSize(int32_t size) = 0;
22 | virtual int32_t GetDataSize() const = 0;
23 | virtual bool SetBytesPerLine(int32_t bytesPerLine) = 0;
24 | virtual int32_t GetBytesPerLine() const = 0;
25 | virtual bool Copy(int64_t offset = -1, int64_t size = 0) = 0;
26 | virtual bool Paste(int64_t offset = -1) = 0;
27 | virtual bool CanCopy() const = 0;
28 | virtual bool CanPaste() const = 0;
29 | virtual bool Cut(int64_t offset = -1, int64_t size = 0) = 0;
30 | virtual bool Delete(int64_t offset = -1, int64_t size = 0) = 0;
31 | virtual bool CanCut() const = 0;
32 | virtual bool CanDelete() const = 0;
33 | virtual int64_t SetBiasOffset(int64_t offset) = 0;
34 | virtual int64_t GetBiasOffset() const = 0;
35 | virtual CString GetText(int64_t offset, int64_t size) = 0;
36 | virtual IBufferManager* GetBufferManager() const = 0;
37 | };
38 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "HexControl/IHexControl.h"
4 | #include "HexControl/HexControl.h"
5 | #include "resource.h"
6 |
7 | class CHexView : public CWindowImpl {
8 | public:
9 | DECLARE_WND_CLASS_EX(nullptr, 0, COLOR_WINDOW);
10 |
11 | CHexView(std::unique_ptr buffer, CTreeItem treeItem);
12 | CHexView() {}
13 |
14 | IHexControl& GetHexControl();
15 |
16 | enum {
17 | Id_1Byte = 1000, Id_2Byte, Id_4Byte, Id_8Byte,
18 | };
19 |
20 | BEGIN_MSG_MAP(CHexView)
21 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
22 | MESSAGE_HANDLER(WM_SIZE, OnSize)
23 | MESSAGE_HANDLER(WM_DESTROY, OnDestroy)
24 | COMMAND_RANGE_HANDLER(Id_1Byte, Id_8Byte, OnChangeDataSize)
25 | COMMAND_ID_HANDLER(ID_FILE_EXPORT, OnExport)
26 | END_MSG_MAP()
27 |
28 | private:
29 | bool DoExport(PCWSTR filename) const;
30 |
31 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
32 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
33 | LRESULT OnSize(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
34 | LRESULT OnChangeDataSize(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
35 | LRESULT OnExport(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
36 |
37 | private:
38 | CHexControl m_hex;
39 | CToolBarCtrl m_toolbar;
40 | std::unique_ptr m_buffer;
41 | CTreeItem m_treeItem;
42 | };
43 |
44 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImageFileHeaderStruct.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImageFileHeaderStruct.h"
3 | #include "PEStrings.h"
4 |
5 | ImageFileHeaderStruct::ImageFileHeaderStruct(PEParser* parser) : _parser(parser) {
6 | BuildMembers();
7 | }
8 |
9 | CString ImageFileHeaderStruct::GetName() const {
10 | return L"IMAGE_FILE_HEADER";
11 | }
12 |
13 | int ImageFileHeaderStruct::GetMemberCount() const {
14 | return static_cast(_members.size());
15 | }
16 |
17 | const MemberInfo& ImageFileHeaderStruct::GetMemberInfo(int index) const {
18 | return _members[index];
19 | }
20 |
21 | void ImageFileHeaderStruct::BuildMembers() {
22 | auto& header = _parser->GetFileHeader();
23 |
24 | _members = std::vector{
25 | MemberInfo(L"Machine", 0, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Machine)),
26 | MemberInfo(L"NumberOfSections", 2, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.NumberOfSections)),
27 | MemberInfo(L"TImeDateStamp", 4, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.TimeDateStamp, true)),
28 | MemberInfo(L"PointerToSymbolTable", 8, L"DWORD", sizeof(WORD), PEStrings::ToDecAndHex(header.PointerToSymbolTable)),
29 | MemberInfo(L"NumberOfSymbols", 12, L"DWORD", sizeof(WORD), PEStrings::ToDecAndHex(header.NumberOfSymbols)),
30 | MemberInfo(L"SizeOfOptionalHeader", 16, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.SizeOfOptionalHeader)),
31 | MemberInfo(L"Characteristics", 18, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Characteristics)),
32 | };
33 | }
34 |
--------------------------------------------------------------------------------
/PEParser/PEParser.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 |
29 |
30 | Source Files
31 |
32 |
33 | Source Files
34 |
35 |
36 | Source Files
37 |
38 |
39 |
--------------------------------------------------------------------------------
/PEExplorerV2.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.29512.175
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PEExplorerV2", "PEExplorerV2\PEExplorerV2.vcxproj", "{F24EF80E-B2C3-4F3C-A29A-9AEE62ED623B}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PEParser", "PEParser\PEParser.vcxproj", "{380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|x64 = Debug|x64
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {F24EF80E-B2C3-4F3C-A29A-9AEE62ED623B}.Debug|x64.ActiveCfg = Debug|x64
17 | {F24EF80E-B2C3-4F3C-A29A-9AEE62ED623B}.Debug|x64.Build.0 = Debug|x64
18 | {F24EF80E-B2C3-4F3C-A29A-9AEE62ED623B}.Release|x64.ActiveCfg = Release|x64
19 | {F24EF80E-B2C3-4F3C-A29A-9AEE62ED623B}.Release|x64.Build.0 = Release|x64
20 | {380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}.Debug|x64.ActiveCfg = Debug|x64
21 | {380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}.Debug|x64.Build.0 = Debug|x64
22 | {380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}.Release|x64.ActiveCfg = Release|x64
23 | {380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}.Release|x64.Build.0 = Release|x64
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {889DE055-18A2-4475-8A78-4D98383ECA49}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsFrameView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImportsFrameView.h"
3 |
4 | const DWORD ListViewDefaultStyle = WS_CHILD | WS_VISIBLE | LVS_REPORT | LVS_OWNERDATA | LVS_SHOWSELALWAYS | WS_CLIPCHILDREN | WS_CLIPSIBLINGS;
5 |
6 | CImportsFrameView::CImportsFrameView(PEParser* parser, IMainFrame* frame)
7 | : m_Parser(parser), m_libViewImpl(parser, frame), m_libView(&m_libViewImpl),
8 | m_importsView(&m_importsImpl) {
9 | }
10 |
11 | LRESULT CImportsFrameView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
12 | m_splitter.Create(m_hWnd, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS | WS_CLIPCHILDREN);
13 |
14 | m_libView.Create(m_splitter, rcDefault, nullptr, ListViewDefaultStyle | LVS_SINGLESEL, WS_EX_CLIENTEDGE, IDC_LIBS);
15 |
16 | m_importsView.Create(m_splitter, rcDefault, nullptr, ListViewDefaultStyle, WS_EX_CLIENTEDGE);
17 |
18 | m_splitter.SetSplitterPanes(m_libView, m_importsView);
19 | m_splitter.SetSplitterPosPct(33);
20 |
21 | return 0;
22 | }
23 |
24 | LRESULT CImportsFrameView::OnSize(UINT, WPARAM, LPARAM lParam, BOOL&) {
25 | m_splitter.MoveWindow(0, 0, GET_X_LPARAM(lParam), GET_Y_LPARAM(lParam));
26 |
27 | return 0;
28 | }
29 |
30 | LRESULT CImportsFrameView::OnEraseBkgnd(UINT, WPARAM, LPARAM, BOOL&) {
31 | return 1;
32 | }
33 |
34 | LRESULT CImportsFrameView::OnLibraryChanged(int, LPNMHDR, BOOL&) {
35 | int selected = m_libView.GetSelectedIndex();
36 | if (selected < 0) {
37 | m_importsImpl.SetSymbols(std::vector());
38 | }
39 | else {
40 | m_importsImpl.SetSymbols(m_libViewImpl.GetLibrary(selected).Symbols);
41 | }
42 | m_importsView.ClearSort(0);
43 | m_importsView.Refresh();
44 |
45 | return LRESULT();
46 | }
47 |
--------------------------------------------------------------------------------
/PEParser/CLRMetadataParser.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "PEParser.h"
4 | #include
5 |
6 | class CLRMetadataParser final {
7 | public:
8 | CLRMetadataParser(IMetaDataImport* md);
9 |
10 | std::vector EnumTypes() const;
11 | std::vector EnumRefTypes() const;
12 | std::vector EnumMembers(mdToken token, bool includeInherited = false) const;
13 | std::vector EnumMethods(mdToken token, bool includeInherited = false) const;
14 | std::vector EnumFields(mdToken token, bool includeInherited = false) const;
15 | std::vector EnumProperties(mdToken token, bool includeInherited = false) const;
16 | std::vector EnumEvents(mdToken token, bool includeInherited = false) const;
17 | ManagedTypeKind GetTypeKind(const ManagedType& type) const;
18 | CString GetMethodName(mdMethodDef token) const;
19 | CString GetTypeName(mdToken token) const;
20 |
21 | private:
22 | void EnumMethodsInternal(mdToken token, std::vector& members, bool includeInherited = false) const;
23 | void EnumFieldsInternal(mdToken token, std::vector& members, bool includeInherited = false) const;
24 | void EnumPropertiesInternal(mdToken token, std::vector& members, bool includeInherited = false) const;
25 | void EnumEventsInternal(mdToken token, std::vector& members, bool includeInherited = false) const;
26 |
27 | private:
28 | mutable mdToken _delegate{ 0 }, _enum{ 0 }, _struct{ 0 }, _attribute{ 0 };
29 | CComPtr _spImport;
30 | mutable std::vector _refTypes;
31 | mutable std::unordered_map _refTypesMap;
32 | };
33 |
34 |
--------------------------------------------------------------------------------
/PEExplorerV2/pch.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | // Change these values to use different versions
9 | #define WINVER 0x0601
10 | #define _WIN32_WINNT 0x0601
11 | #define _WIN32_IE 0x0700
12 | #define _RICHEDIT_VER 0x0500
13 |
14 | #include
15 | #include
16 |
17 | extern CAppModule _Module;
18 |
19 | #include
20 | #include
21 | #include
22 | #include
23 | #include
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 |
36 | #if defined _M_IX86
37 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
38 | #elif defined _M_IA64
39 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='ia64' publicKeyToken='6595b64144ccf1df' language='*'\"")
40 | #elif defined _M_X64
41 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
42 | #else
43 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
44 | #endif
45 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsFunctionsView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImportsFunctionsView.h"
3 | #include "resource.h"
4 | #include
5 | #include "SortHelper.h"
6 |
7 | void ImportsFunctionsView::SetSymbols(const std::vector& symbols) {
8 | _symbols = symbols;
9 | }
10 |
11 | void ImportsFunctionsView::Init(CListViewCtrl& lv) {
12 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 250);
13 | lv.InsertColumn(1, L"Hint", LVCFMT_RIGHT, 80);
14 | lv.InsertColumn(2, L"Undecorated Name", LVCFMT_LEFT, 300);
15 |
16 | CImageList images;
17 | images.Create(16, 16, ILC_COLOR32, 1, 0);
18 | images.AddIcon(AtlLoadIconImage(IDI_IMPORT, 0, 16, 16));
19 |
20 | lv.SetImageList(images.Detach(), LVSIL_SMALL);
21 | }
22 |
23 | int ImportsFunctionsView::GetItemCount() {
24 | return static_cast(_symbols.size());
25 | }
26 |
27 | CString ImportsFunctionsView::GetItemText(int row, int col) {
28 | auto& item = _symbols[row];
29 |
30 | switch (col) {
31 | case 0: return CString(item.Name.c_str());
32 | case 1: return std::to_wstring(item.Hint).c_str();
33 | case 2: return CString(item.UndecoratedName.c_str());
34 | }
35 | ATLASSERT(false);
36 | return L"";
37 | }
38 |
39 | bool ImportsFunctionsView::Sort(int column, bool ascending) {
40 | std::sort(_symbols.begin(), _symbols.end(), [column, ascending](auto& s1, auto& s2) {
41 | return CompareItems(s1, s2, column, ascending);
42 | });
43 | return true;
44 | }
45 |
46 | int ImportsFunctionsView::GetIcon(int row) {
47 | return 0;
48 | }
49 |
50 | bool ImportsFunctionsView::CompareItems(const ImportedSymbol& s1, const ImportedSymbol& s2, int col, bool asc) {
51 | switch (col) {
52 | case 0: return SortHelper::SortStrings(s1.Name, s2.Name, asc);
53 | case 1: return SortHelper::SortNumbers(s1.Hint, s2.Hint, asc);
54 | case 2: return SortHelper::SortStrings(s1.UndecoratedName, s2.UndecoratedName, asc);
55 | }
56 | ATLASSERT(false);
57 | return false;
58 | }
59 |
--------------------------------------------------------------------------------
/PEExplorerV2/ResourcesFrameView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ResourcesFrameView.h"
3 | #include "HexControl/InMemoryBuffer.h"
4 |
5 | #ifdef _DEBUG
6 | #pragma comment(lib, "HexControl/HexControld.lib")
7 | #else
8 | #pragma comment(lib, "HexControl/HexControl.lib")
9 | #endif
10 |
11 | CResourcesFrameView::CResourcesFrameView(PEParser* parser) : m_resViewImpl(parser), m_resView(&m_resViewImpl) {
12 | }
13 |
14 | LRESULT CResourcesFrameView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
15 | const DWORD ListViewDefaultStyle = WS_CHILD | WS_VISIBLE | LVS_REPORT | LVS_OWNERDATA | LVS_SHOWSELALWAYS | WS_CLIPCHILDREN | WS_CLIPSIBLINGS;
16 |
17 | m_splitter.Create(m_hWnd, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS | WS_CLIPCHILDREN);
18 | m_resView.Create(m_splitter, rcDefault, nullptr, ListViewDefaultStyle | LVS_SINGLESEL, 0, IDC_RES);
19 |
20 | m_hexView.Create(m_splitter, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS | WS_CLIPCHILDREN, 0, IDC_HEX);
21 | auto& hex = m_hexView.GetHexControl();
22 | hex.SetBytesPerLine(16);
23 |
24 | m_splitter.SetSplitterPanes(m_resView, m_hexView);
25 | m_splitter.SetSplitterPosPct(40);
26 |
27 | return 0;
28 | }
29 |
30 | LRESULT CResourcesFrameView::OnSize(UINT, WPARAM, LPARAM lParam, BOOL&) {
31 | m_splitter.MoveWindow(0, 0, GET_X_LPARAM(lParam), GET_Y_LPARAM(lParam));
32 | return 0;
33 | }
34 |
35 | LRESULT CResourcesFrameView::OnEraseBkgnd(UINT, WPARAM, LPARAM, BOOL&) {
36 | return 1; // no erase
37 | }
38 |
39 | LRESULT CResourcesFrameView::OnResourceChanged(int, LPNMHDR, BOOL&) {
40 | auto index = m_resView.GetSelectedIndex();
41 | if (m_SelectedIndex == index)
42 | return 0;
43 |
44 | auto& hex = m_hexView.GetHexControl();
45 | if (index < 0) {
46 | hex.SetBufferManager(nullptr);
47 | }
48 | else {
49 | auto res = m_resViewImpl.GetResource(index);
50 | m_buffer = std::make_unique();
51 | m_buffer->SetData(0, (const BYTE*)res.Resource.Address, res.Resource.Size);
52 | hex.SetBufferManager(m_buffer.get());
53 | }
54 | m_SelectedIndex = index;
55 |
56 | return 0;
57 | }
58 |
--------------------------------------------------------------------------------
/PEExplorerV2/DataDirectoriesView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "DataDirectoriesView.h"
3 | #include "PEStrings.h"
4 | #include "resource.h"
5 |
6 | DataDirectoriesView::DataDirectoriesView(PEParser* parser, IMainFrame* frame)
7 | : _parser(parser), _frame(frame) {
8 | }
9 |
10 | void DataDirectoriesView::Init(CListViewCtrl& lv) {
11 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 150);
12 | lv.InsertColumn(1, L"Index", LVCFMT_RIGHT, 80);
13 | lv.InsertColumn(2, L"Address", LVCFMT_RIGHT, 120);
14 | lv.InsertColumn(3, L"Size", LVCFMT_RIGHT, 120);
15 | }
16 |
17 | int DataDirectoriesView::GetItemCount() {
18 | if (_dirs[0].Name.IsEmpty()) {
19 | PCWSTR names[] = {
20 | L"Export", L"Import", L"Resource", L"Exception", L"Security", L"Base Relocation",
21 | L"Debug", L"Architecture", L"Global Pointer", L"Thread Local Storage (TLS)", L"Load Config",
22 | L"Bound Import", L"Import Address Table (IAT)", L"Delay Import", L"COM Descriptor (CLR)"
23 | };
24 |
25 | ATLASSERT(_countof(names) == _countof(_dirs));
26 |
27 | for (int i = 0; i < _countof(_dirs); i++) {
28 | auto& dir = _dirs[i];
29 | dir.Name = names[i];
30 | auto dd = _parser->GetDataDirectory(i);
31 | dir.Address = dd->VirtualAddress;
32 | dir.Size = dd->Size;
33 | dir.Index = i;
34 | }
35 | }
36 | return _countof(_dirs);
37 | }
38 |
39 | CString DataDirectoriesView::GetItemText(int row, int col) {
40 | auto& dir = _dirs[row];
41 | switch (col) {
42 | case 0: return dir.Name;
43 | case 1: return std::to_wstring(dir.Index).c_str();
44 | case 2: return PEStrings::ToHex(dir.Address);
45 | case 3: return PEStrings::ToDecAndHex(dir.Size);
46 | }
47 | ATLASSERT(false);
48 | return L"";
49 | }
50 |
51 | bool DataDirectoriesView::Sort(int column, bool ascending) {
52 | return false;
53 | }
54 |
55 | void DataDirectoriesView::OnContextMenu(const POINT& pt, int index) {
56 | CMenuHandle menu;
57 | menu.LoadMenuW(IDR_CONTEXT);
58 | auto cmd = _frame->ShowContextMenu(menu.GetSubMenu(0), pt, TPM_RETURNCMD);
59 | if (cmd == ID_OBJECT_VIEWDATA) {
60 | _frame->CreateHexView(TreeNodeType::DirectoryView, _dirs[index].Name, index);
61 | }
62 | }
63 |
64 |
--------------------------------------------------------------------------------
/PEExplorerV2/GenericListView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "VirtualListView.h"
4 |
5 | struct IGenericListViewCallback {
6 | virtual int GetItemCount() = 0;
7 | virtual void Init(CListViewCtrl& lv) = 0;
8 | virtual CString GetItemText(int row, int col) = 0;
9 | virtual int GetIcon(int row) {
10 | return -1;
11 | }
12 | virtual bool Sort(int column, bool ascending) = 0;
13 | virtual bool CanSort(int column) const {
14 | return true;
15 | }
16 | virtual void OnContextMenu(const POINT& pt, int selected) {}
17 | virtual void ExecuteCommand(WORD id) {}
18 | virtual bool CanExecuteCommand(WORD id) {
19 | return true;
20 | }
21 | };
22 |
23 | class CGenericListView :
24 | public CVirtualListView,
25 | public CWindowImpl {
26 | public:
27 | DECLARE_WND_SUPERCLASS(nullptr, CListViewCtrl::GetWndClassName())
28 |
29 | CGenericListView(IGenericListViewCallback* cb, bool autoDelete = false);
30 |
31 | BEGIN_MSG_MAP(CGenericListView)
32 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
33 | REFLECTED_NOTIFY_CODE_HANDLER(LVN_GETDISPINFO, OnGetDispInfo)
34 | MESSAGE_HANDLER(WM_CONTEXTMENU, OnContextMenu)
35 | MESSAGE_HANDLER(WM_DESTROY, OnDestroy)
36 | MESSAGE_HANDLER(WM_FORWARDMSG, OnForwardMsg)
37 | CHAIN_MSG_MAP_ALT(CVirtualListView, 1)
38 |
39 | ALT_MSG_MAP(1)
40 | COMMAND_ID_HANDLER(ID_EDIT_COPY, OnEditCopy)
41 | END_MSG_MAP()
42 |
43 | void DoSort(const SortInfo* si);
44 | bool IsSortable(int column) const;
45 | void Refresh();
46 |
47 | private:
48 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
49 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
50 | LRESULT OnGetDispInfo(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
51 | LRESULT OnContextMenu(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
52 | LRESULT OnForwardMsg(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
53 | LRESULT OnEditCopy(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
54 |
55 | private:
56 | IGenericListViewCallback* m_Callback;
57 | bool m_AutoDelete : 1;
58 | };
59 |
60 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImportsView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImportsView.h"
3 | #include "resource.h"
4 | #include
5 | #include "SortHelper.h"
6 | #include "resource.h"
7 |
8 | ImportsView::ImportsView(PEParser* parser, IMainFrame* frame) :
9 | _parser(parser), _frame(frame) {
10 | }
11 |
12 | void ImportsView::Init(CListViewCtrl& lv) {
13 | lv.InsertColumn(0, L"Library Name", LVCFMT_LEFT, 250);
14 | lv.InsertColumn(1, L"Count", LVCFMT_RIGHT, 80);
15 |
16 | CImageList images;
17 | images.Create(16, 16, ILC_COLOR32, 2, 0);
18 | images.AddIcon(AtlLoadIconImage(IDI_LIBRARY_IMPORT, 0, 16, 16));
19 | images.AddIcon(AtlLoadIconImage(IDI_APISET_LIB, 0, 16, 16));
20 |
21 | lv.SetImageList(images.Detach(), LVSIL_SMALL);
22 | }
23 |
24 | int ImportsView::GetItemCount() {
25 | if (_libraries.empty()) {
26 | _libraries = _parser->GetImports();
27 | }
28 | return static_cast(_libraries.size());
29 | }
30 |
31 | CString ImportsView::GetItemText(int row, int col) {
32 | auto& item = _libraries[row];
33 |
34 | switch (col) {
35 | case 0: return CString(item.Name.c_str());
36 | case 1: return std::to_wstring(item.Symbols.size()).c_str();
37 | }
38 | ATLASSERT(false);
39 | return L"";
40 | }
41 |
42 | bool ImportsView::Sort(int column, bool ascending) {
43 | std::sort(_libraries.begin(), _libraries.end(), [ascending, column](auto& lib1, auto& lib2) {
44 | return CompareItems(lib1, lib2, column, ascending);
45 | });
46 | return true;
47 | }
48 |
49 | int ImportsView::GetIcon(int row) {
50 | auto prefix = _libraries[row].Name.substr(0, 7);
51 | return prefix == "api-ms-" || prefix == "ext-ms-" ? 1 : 0;
52 | }
53 |
54 | const ImportedLibrary& ImportsView::GetLibrary(int selected) const {
55 | return _libraries[selected];
56 | }
57 |
58 | void ImportsView::OnContextMenu(const POINT& pt, int selected) {
59 | if (selected < 0)
60 | return;
61 |
62 | CMenu menu;
63 | menu.LoadMenu(IDR_CONTEXT);
64 | auto cmd = (UINT)_frame->ShowContextMenu(menu.GetSubMenu(2), pt, TPM_RETURNCMD);
65 | if (cmd == ID_IMPORTLIB_OPENINNEWWINDOW) {
66 | _frame->OpenDocument(CString(_libraries[selected].Name.c_str()), true);
67 | }
68 | }
69 |
70 | bool ImportsView::CompareItems(ImportedLibrary& lib1, ImportedLibrary& lib2, int col, bool asc) {
71 | switch (col) {
72 | case 0: return SortHelper::SortStrings(lib1.Name, lib2.Name, asc);
73 | case 1: return SortHelper::SortNumbers(lib1.Symbols.size(), lib2.Symbols.size(), asc);
74 | }
75 | ATLASSERT(false);
76 | return false;
77 | }
78 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexControl/HexControl.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "IHexControl.h"
4 | #include
5 |
6 | class CommandManager;
7 |
8 | struct Range {
9 | int64_t Offset, Size;
10 | bool IsInRange(int64_t offset) const;
11 | };
12 |
13 | class CHexControl : public CWindow, public IHexControl {
14 | public:
15 | CHexControl();
16 | ~CHexControl();
17 |
18 | enum { IDC_HEX = 0x788 };
19 |
20 | HWND Create(HWND hParent, RECT& rc = rcDefault, DWORD style = WS_CHILD | WS_VISIBLE | WS_CLIPCHILDREN | WS_CLIPSIBLINGS, DWORD exstyle = 0, UINT id = IDC_HEX);
21 |
22 | enum {
23 | HEXCN_CONTEXTMENU = 1
24 | };
25 |
26 | enum class OffsetFlags : uint8_t {
27 | None = 0,
28 | Modified = 1
29 | };
30 |
31 | // Inherited via IHexControl
32 | void SetBufferManager(IBufferManager* mgr) override;
33 | void SetReadOnly(bool readonly) override;
34 | bool IsReadOnly() const override;
35 | void SetAllowExtension(bool allow) override;
36 | bool IsAllowExtension() const override;
37 | bool CanUndo() const override;
38 | bool CanRedo() const override;
39 | bool Undo() override;
40 | bool Redo() override;
41 | void SetSize(int64_t size) override;
42 | bool SetDataSize(int32_t size) override;
43 | int32_t GetDataSize() const override;
44 | bool SetBytesPerLine(int32_t bytesPerLine) override;
45 | int32_t GetBytesPerLine() const override;
46 | void SetOffsetColor(COLORREF color = CLR_INVALID);
47 | void SetDataColor(COLORREF color = CLR_INVALID);
48 | void SetAsciiColor(COLORREF color = CLR_INVALID);
49 | void SetBackColor(COLORREF color = CLR_INVALID);
50 | bool Copy(int64_t offset = -1, int64_t size = 0);
51 | bool CanCopy() const override;
52 | bool Paste(int64_t offset = -1);
53 | bool CanPaste() const override;
54 | COLORREF GetOffsetColor() const;
55 | COLORREF GetDataColor() const;
56 | COLORREF GetAsciiColor() const;
57 | COLORREF GetBackColor() const;
58 | bool Cut(int64_t offset = -1, int64_t size = 0) override;
59 | bool Delete(int64_t offset = -1, int64_t size = 0) override;
60 | bool CanCut() const override;
61 | bool CanDelete() const override;
62 | bool IsSelected(int64_t offset) const;
63 | int64_t SetBiasOffset(int64_t offset) override;
64 | int64_t GetBiasOffset() const override;
65 | CString GetText(int64_t offset, int64_t size) override;
66 | IBufferManager* GetBufferManager() const override;
67 |
68 | private:
69 | struct Impl;
70 | std::unique_ptr _impl;
71 |
72 | };
73 |
74 | DEFINE_ENUM_FLAG_OPERATORS(CHexControl::OffsetFlags);
75 |
76 |
--------------------------------------------------------------------------------
/PEExplorerV2/ImageDosHeaderStruct.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImageDosHeaderStruct.h"
3 | #include "PEStrings.h"
4 |
5 | ImageDosHeaderStruct::ImageDosHeaderStruct(PEParser* parser) : _parser(parser) {
6 | BuildMembers();
7 | }
8 |
9 | CString ImageDosHeaderStruct::GetName() const {
10 | return L"IMAGE_DOS_HEADER";
11 | }
12 |
13 | int ImageDosHeaderStruct::GetMemberCount() const {
14 | return static_cast(_members.size());
15 | }
16 |
17 | const MemberInfo& ImageDosHeaderStruct::GetMemberInfo(int index) const {
18 | return _members[index];
19 | }
20 |
21 | void ImageDosHeaderStruct::BuildMembers() {
22 | auto& header = _parser->GetDosHeader();
23 |
24 | _members = std::vector{
25 | MemberInfo(L"e_magic", 0, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_magic), L"Magic ('MZ')"),
26 | MemberInfo(L"e_cblp", 2, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_cblp)),
27 | MemberInfo(L"e_cp", 4, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_cp)),
28 | MemberInfo(L"e_crlc", 6, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_crlc)),
29 | MemberInfo(L"e_cparhdr", 8, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_cparhdr)),
30 | MemberInfo(L"e_minalloc", 10, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_minalloc)),
31 | MemberInfo(L"e_maxalloc", 12, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_maxalloc)),
32 | MemberInfo(L"e_ss", 14, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_ss)),
33 | MemberInfo(L"e_sp", 16, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_sp)),
34 | MemberInfo(L"e_csum", 18, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_csum)),
35 | MemberInfo(L"e_ip", 20, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_ip)),
36 | MemberInfo(L"e_cs", 22, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_cs)),
37 | MemberInfo(L"e_lfarlc", 24, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_lfarlc)),
38 | MemberInfo(L"e_ovno", 26, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_ovno)),
39 | MemberInfo(L"e_res[4]", 28, L"WORD", sizeof(WORD[4]), L""),
40 | MemberInfo(L"e_oemid", 36, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_oemid)),
41 | MemberInfo(L"e_oeminfo", 38, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.e_oeminfo)),
42 | MemberInfo(L"e_res2[10]", 40, L"WORD", sizeof(WORD[10]), L""),
43 | MemberInfo(L"e_lfanew", 60, L"LONG", sizeof(LONG), PEStrings::ToDecAndHex(header.e_lfanew), L"Offset to Image file header"),
44 | };
45 | }
46 |
--------------------------------------------------------------------------------
/PEExplorerV2/ResourcesView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ResourcesView.h"
3 | #include "PEStrings.h"
4 | #include
5 | #include "SortHelper.h"
6 |
7 | ResourcesView::ResourcesView(PEParser* parser) : _parser(parser) {
8 | }
9 |
10 | void ResourcesView::Init(CListViewCtrl& lv) {
11 | lv.InsertColumn(0, L"Type", LVCFMT_LEFT, 140);
12 | lv.InsertColumn(1, L"Name", LVCFMT_LEFT, 150);
13 | lv.InsertColumn(2, L"Address", LVCFMT_RIGHT, 100);
14 | lv.InsertColumn(3, L"Size", LVCFMT_RIGHT, 130);
15 | }
16 |
17 | int ResourcesView::GetItemCount() {
18 | if (_items.empty()) {
19 | for (auto& type : _parser->EnumResources()) {
20 | for (auto& res : type.Items) {
21 | ResourceItem item;
22 | CString typeName;
23 | if (type.IsId)
24 | typeName = PEStrings::ResourceTypeToString(type.Id);
25 | item.Type = typeName.IsEmpty() ? type.Name : typeName;
26 | item.Resource = res;
27 | _items.push_back(std::move(item));
28 | }
29 | }
30 | }
31 |
32 | return static_cast(_items.size());
33 | }
34 |
35 | CString ResourcesView::GetItemText(int row, int col) {
36 | auto& res = _items[row];
37 |
38 | switch (col) {
39 | case 0: return res.Type;
40 | case 1: return res.Resource.Name;
41 | case 2: return PEStrings::ToHex(res.Resource.Rva);
42 | case 3: return PEStrings::ToDecAndHex(res.Resource.Size);
43 | }
44 | ATLASSERT(false);
45 | return L"";
46 | }
47 |
48 | bool ResourcesView::Sort(int column, bool ascending) {
49 | std::sort(_items.begin(), _items.end(), [column, ascending](const auto& res1, const auto& res2) {
50 | return CompareItems(res1, res2, column, ascending);
51 | });
52 |
53 | return true;
54 | }
55 |
56 | const ResourceItem& ResourcesView::GetResource(int index) const {
57 | return _items[index];
58 | }
59 |
60 | bool ResourcesView::CompareItems(const ResourceItem& res1, const ResourceItem& res2, int col, bool asc) {
61 | switch (col) {
62 | case 0:
63 | return SortHelper::SortStrings(res1.Type, res2.Type, asc);
64 |
65 | case 1:
66 | if (res1.Resource.IsId != res2.Resource.IsId)
67 | return SortHelper::SortBoolean(res1.Resource.IsId, res2.Resource.IsId, asc);
68 | if (res1.Resource.IsId)
69 | return SortHelper::SortNumbers(res1.Resource.Id, res2.Resource.Id, asc);
70 | return SortHelper::SortStrings(res1.Resource.Name, res2.Resource.Name, asc);
71 |
72 | case 2: return SortHelper::SortNumbers(res1.Resource.Rva, res2.Resource.Rva, asc);
73 | case 3: return SortHelper::SortNumbers(res1.Resource.Size, res2.Resource.Size, asc);
74 | }
75 |
76 | ATLASSERT(false);
77 | return false;
78 | }
79 |
--------------------------------------------------------------------------------
/PEExplorerV2/ExportsView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ExportsView.h"
3 | #include "PEStrings.h"
4 | #include
5 | #include "SortHelper.h"
6 | #include "resource.h"
7 |
8 | ExportsView::ExportsView(PEParser* parser, IMainFrame* frame)
9 | : _parser(parser), _frame(frame) {
10 | }
11 |
12 | void ExportsView::Init(CListViewCtrl& lv) {
13 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 240);
14 | lv.InsertColumn(1, L"Ordinal", LVCFMT_RIGHT, 80);
15 | lv.InsertColumn(2, L"Address", LVCFMT_LEFT, 200);
16 | lv.InsertColumn(3, L"Undecorated Name", LVCFMT_LEFT, 300);
17 |
18 | CImageList images;
19 | images.Create(16, 16, ILC_COLOR32 | ILC_COLOR, 2, 0);
20 | images.AddIcon(AtlLoadIconImage(IDI_EXPORT, 0, 16, 16));
21 | images.AddIcon(AtlLoadIconImage(IDI_FORWARD, 0, 16, 16));
22 | lv.SetImageList(images, LVSIL_SMALL);
23 | }
24 |
25 | int ExportsView::GetItemCount() {
26 | _exports = _parser->GetExports();
27 |
28 | return static_cast(_exports.size());
29 | }
30 |
31 | CString ExportsView::GetItemText(int row, int col) {
32 | auto& item = _exports[row];
33 | switch (col) {
34 | case 0:
35 | return item.Name.c_str();
36 | case 1:
37 | return item.Ordinal == 0xffff ? L"" : std::to_wstring(item.Ordinal).c_str();
38 | case 2:
39 | return item.ForwardName.empty() ? PEStrings::ToHex(item.Address, true) : CString(item.ForwardName.c_str());
40 | case 3:
41 | return item.UndecoratedName.c_str();
42 | }
43 | return L"";
44 | }
45 |
46 | bool ExportsView::Sort(int column, bool ascending) {
47 | std::sort(_exports.begin(), _exports.end(), [column, ascending](auto& e1, auto& e2) {
48 | return CompareItems(e1, e2, column, ascending);
49 | });
50 | return true;
51 | }
52 |
53 | int ExportsView::GetIcon(int row) {
54 | return _exports[row].ForwardName.empty() ? 0 : 1;
55 | }
56 |
57 | void ExportsView::OnContextMenu(const POINT& pt, int selected) {
58 | CMenuHandle menu;
59 | menu.LoadMenuW(IDR_CONTEXT);
60 | auto cmd = _frame->ShowContextMenu(menu.GetSubMenu(1), pt, TPM_RETURNCMD);
61 | if (cmd == ID_OBJECT_VIEWDATA) {
62 | _frame->CreateAssemblyView(_exports[selected]);
63 | }
64 | }
65 |
66 | bool ExportsView::CompareItems(const ExportedSymbol& e1, const ExportedSymbol& e2, int col, bool asc) {
67 | switch (col) {
68 | case 0: return SortHelper::SortStrings(e1.Name, e2.Name, asc);
69 | case 1: return SortHelper::SortNumbers(e1.Ordinal, e2.Ordinal, asc);
70 | case 2: return SortHelper::SortNumbers(e1.Address, e2.Address, asc);
71 | case 3: return SortHelper::SortStrings(e1.UndecoratedName, e2.UndecoratedName, asc);
72 | }
73 | ATLASSERT(false);
74 | return false;
75 | }
76 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/PEExplorerV2/HexView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "HexView.h"
3 | #include "resource.h"
4 | #include "HexControl/IBufferManager.h"
5 |
6 | CHexView::CHexView(std::unique_ptr buffer, CTreeItem treeItem)
7 | : m_buffer(std::move(buffer)), m_treeItem(treeItem) {
8 | }
9 |
10 | IHexControl& CHexView::GetHexControl() {
11 | return m_hex;
12 | }
13 |
14 | bool CHexView::DoExport(PCWSTR filename) const {
15 | auto hFile = ::CreateFile(filename, GENERIC_WRITE, 0, nullptr, CREATE_ALWAYS, 0, nullptr);
16 | if (hFile == INVALID_HANDLE_VALUE)
17 | return false;
18 |
19 | auto buffer = m_hex.GetBufferManager();
20 | BOOL result;
21 | DWORD written;
22 | result = ::WriteFile(hFile, buffer->GetRawData(0), (DWORD)buffer->GetSize(), &written, nullptr);
23 | ::CloseHandle(hFile);
24 | if (!result)
25 | return false;
26 |
27 | return true;
28 | }
29 |
30 | LRESULT CHexView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
31 | m_hex.Create(*this, rcDefault);
32 | m_hex.SetBufferManager(m_buffer.get());
33 | m_hex.SetReadOnly(true);
34 |
35 | m_toolbar.Create(*this, rcDefault, nullptr, ATL_SIMPLE_TOOLBAR_STYLE | WS_BORDER | TBSTYLE_FLAT, 0);
36 | CImageList tbImages;
37 | tbImages.Create(24, 24, ILC_COLOR32 | ILC_COLOR, 8, 4);
38 | m_toolbar.SetImageList(tbImages);
39 |
40 | struct {
41 | UINT id;
42 | int image;
43 | int style = BTNS_BUTTON;
44 | int state = TBSTATE_ENABLED;
45 | } buttons[] = {
46 | { Id_1Byte, IDI_NUM1, BTNS_CHECKGROUP, TBSTATE_CHECKED },
47 | { Id_2Byte, IDI_NUM2, BTNS_CHECKGROUP },
48 | { Id_4Byte, IDI_NUM4, BTNS_CHECKGROUP },
49 | { Id_8Byte, IDI_NUM8, BTNS_CHECKGROUP },
50 | { 0 },
51 | { ID_FILE_EXPORT, IDI_SAVE }
52 | };
53 | for (auto& b : buttons) {
54 | if (b.id == 0)
55 | m_toolbar.AddSeparator(0);
56 | else {
57 | int image = tbImages.AddIcon(AtlLoadIconImage(b.image, 64, 24, 24));
58 | m_toolbar.AddButton(b.id, b.style, TBSTATE_ENABLED | b.state, image, nullptr, 0);
59 | }
60 | }
61 |
62 | return 0;
63 | }
64 |
65 | LRESULT CHexView::OnDestroy(UINT, WPARAM, LPARAM, BOOL&) {
66 | if(m_treeItem)
67 | m_treeItem.Delete();
68 |
69 | return 0;
70 | }
71 |
72 | LRESULT CHexView::OnSize(UINT, WPARAM, LPARAM lParam, BOOL&) {
73 | if (m_hex) {
74 | CRect rc;
75 | m_toolbar.GetClientRect(&rc);
76 | m_toolbar.MoveWindow(0, 0, rc.Width(), rc.Height());
77 | m_hex.MoveWindow(0, rc.bottom, GET_X_LPARAM(lParam), GET_Y_LPARAM(lParam) - rc.bottom);
78 | }
79 | return 0;
80 | }
81 |
82 | LRESULT CHexView::OnChangeDataSize(WORD, WORD id, HWND, BOOL&) {
83 | int size = (1 << (id - Id_1Byte));
84 | m_hex.SetDataSize(size);
85 |
86 | return 0;
87 | }
88 |
89 | LRESULT CHexView::OnExport(WORD, WORD, HWND, BOOL&) {
90 | CSimpleFileDialog dlg(FALSE, nullptr, nullptr, OFN_EXPLORER | OFN_OVERWRITEPROMPT, L"All Files\0*.*\0", *this);
91 | if (dlg.DoModal() == IDOK) {
92 | DoExport(dlg.m_szFileName);
93 | }
94 | return 0;
95 | }
96 |
--------------------------------------------------------------------------------
/PEExplorerV2/GenericListView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "GenericListView.h"
3 | #include "ClipboardHelper.h"
4 |
5 | CGenericListView::CGenericListView(IGenericListViewCallback* cb, bool autoDelete) {
6 | ATLASSERT(cb);
7 | m_Callback = cb;
8 | m_AutoDelete = autoDelete;
9 | }
10 |
11 | void CGenericListView::DoSort(const SortInfo* si) {
12 | m_Callback->Sort(si->SortColumn, si->SortAscending);
13 | RedrawItems(GetTopIndex(), GetTopIndex() + GetCountPerPage());
14 | }
15 |
16 | bool CGenericListView::IsSortable(int column) const {
17 | return m_Callback->CanSort(column);
18 | }
19 |
20 | void CGenericListView::Refresh() {
21 | SetItemCount(m_Callback->GetItemCount());
22 | }
23 |
24 | LRESULT CGenericListView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {
25 | DefWindowProc();
26 |
27 | SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT);
28 |
29 | m_Callback->Init(*this);
30 |
31 | Refresh();
32 |
33 | return 0;
34 | }
35 |
36 | LRESULT CGenericListView::OnDestroy(UINT, WPARAM, LPARAM, BOOL&) {
37 | if (m_AutoDelete) {
38 | delete m_Callback;
39 | m_Callback = nullptr;
40 | }
41 | return DefWindowProc();
42 | }
43 |
44 | LRESULT CGenericListView::OnGetDispInfo(int, LPNMHDR hdr, BOOL&) {
45 | auto di = reinterpret_cast(hdr);
46 | auto& item = di->item;
47 | auto row = item.iItem;
48 | auto col = item.iSubItem;
49 |
50 | if (di->item.mask & LVIF_TEXT) {
51 | ::StringCchCopy(item.pszText, item.cchTextMax, m_Callback->GetItemText(row, col));
52 | }
53 | if (di->item.mask & LVIF_IMAGE) {
54 | item.iImage = m_Callback->GetIcon(row);
55 | }
56 | return 0;
57 | }
58 |
59 | LRESULT CGenericListView::OnContextMenu(UINT, WPARAM, LPARAM lParam, BOOL&) {
60 | CPoint pt = { GET_X_LPARAM(lParam), GET_Y_LPARAM(lParam) };
61 | auto selected = GetSelectedCount() == 0 ? -1 : GetNextItem(-1, LVIS_SELECTED);
62 | if (selected >= 0 && pt.x == -1) { // keyboard
63 | CRect rc;
64 | GetItemRect(selected, &rc, LVIR_LABEL);
65 | pt = rc.CenterPoint();
66 | }
67 | m_Callback->OnContextMenu(pt, selected);
68 |
69 | return 0;
70 | }
71 |
72 | LRESULT CGenericListView::OnForwardMsg(UINT, WPARAM, LPARAM lParam, BOOL& handled) {
73 | auto msg = reinterpret_cast(lParam);
74 | LRESULT result = 0;
75 | handled = ProcessWindowMessage(*this, msg->message, msg->wParam, msg->lParam, result, 1);
76 |
77 | return result;
78 | }
79 |
80 | LRESULT CGenericListView::OnEditCopy(WORD, WORD, HWND, BOOL&) {
81 | CString text;
82 | int i = -1;
83 | LVCOLUMN col;
84 | col.mask = LVCF_FMT;
85 | int max = 0;
86 | for (;; max++)
87 | if (!GetColumn(max, &col))
88 | break;
89 |
90 | while (true) {
91 | i = GetNextItem(i, LVNI_SELECTED);
92 | if (i < 0)
93 | break;
94 |
95 | for (int c = 0; c < max; c++) {
96 | CString item;
97 | if (!GetItemText(i, c, item))
98 | break;
99 | text += item + L"\t";
100 | }
101 | text += L"\n";
102 | }
103 | if (!text.IsEmpty())
104 | ClipboardHelper::CopyText(*this, text);
105 | return 0;
106 | }
107 |
108 |
--------------------------------------------------------------------------------
/PEExplorerV2/ManagedTypesView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ManagedTypesView.h"
3 | #include "CLRMetadataParser.h"
4 | #include "PEStrings.h"
5 | #include "resource.h"
6 | #include
7 | #include "SortHelper.h"
8 |
9 | ManagedTypesView::ManagedTypesView(PEParser* parser, IMainFrame* frame) : _parser(parser), _frame(frame) {
10 | }
11 |
12 | void ManagedTypesView::Init(CListViewCtrl& lv) {
13 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 350);
14 | lv.InsertColumn(1, L"Kind", LVCFMT_LEFT, 80);
15 | lv.InsertColumn(2, L"Token", LVCFMT_RIGHT, 100);
16 | lv.InsertColumn(3, L"Base Type", LVCFMT_LEFT, 200);
17 | lv.InsertColumn(4, L"Attributes", LVCFMT_RIGHT, 80);
18 | lv.InsertColumn(5, L"Details", LVCFMT_LEFT, 200);
19 |
20 | UINT icons[] = {
21 | IDI_ATTRIBUTE, IDI_CLASS, IDI_DELEGATE, IDI_ENUM, IDI_INTERFACE, IDI_STRUCT
22 | };
23 | CImageList images;
24 | images.Create(16, 16, ILC_COLOR32, 6, 5);
25 | for (auto id : icons)
26 | images.AddIcon(AtlLoadIcon(id));
27 | lv.SetImageList(images, LVSIL_SMALL);
28 | }
29 |
30 | int ManagedTypesView::GetItemCount() {
31 | if (_types.empty()) {
32 | auto mp = _parser->GetCLRParser();
33 | ATLASSERT(mp);
34 | mp->EnumRefTypes();
35 | _types = mp->EnumTypes();
36 | }
37 | return static_cast(_types.size());
38 | }
39 |
40 | CString ManagedTypesView::GetItemText(int row, int col) {
41 | auto& type = _types[row];
42 | switch (col) {
43 | case 0: return type.Name;
44 | case 1: return GetTypeKind(type.Kind);
45 | case 2: return PEStrings::ToHex((DWORD)type.Token);
46 | case 3: return type.BaseTypeName + L" (" + PEStrings::ToHex((DWORD)type.BaseTypeToken) + L")";
47 | case 4: return PEStrings::ToHex((DWORD)type.Attributes);
48 | case 5: return PEStrings::ManagedTypeAttributesToString(type.Attributes);
49 | }
50 | return L"";
51 | }
52 |
53 | bool ManagedTypesView::Sort(int column, bool ascending) {
54 | std::sort(_types.begin(), _types.end(), [column, ascending](const auto& t1, const auto& t2) {
55 | return CompareItems(t1, t2, column, ascending);
56 | });
57 | return true;
58 | }
59 |
60 | int ManagedTypesView::GetIcon(int row) {
61 | return (int)_types[row].Kind;
62 | }
63 |
64 | void ManagedTypesView::OnContextMenu(const POINT& pt, int selected) {
65 | if (selected < 0)
66 | return;
67 |
68 | CMenu menu;
69 | menu.LoadMenuW(IDR_CONTEXT);
70 | auto cmd = _frame->ShowContextMenu(menu.GetSubMenu(3), pt, TPM_RETURNCMD);
71 | switch (cmd) {
72 | case ID_TYPE_VIEWMEMBERS:
73 | _frame->CreateTypeMembersView(_types[selected]);
74 | break;
75 | }
76 | }
77 |
78 | PCWSTR ManagedTypesView::GetTypeKind(ManagedTypeKind kind) {
79 | static PCWSTR kinds[] = {
80 | L"Attribute",
81 | L"Class",
82 | L"Delegate",
83 | L"Enum",
84 | L"Interface",
85 | L"Struct",
86 | };
87 | return kinds[(int)kind];
88 | }
89 |
90 | bool ManagedTypesView::CompareItems(const ManagedType& t1, const ManagedType& t2, int col, bool asc) {
91 | switch (col) {
92 | case 0: return SortHelper::SortStrings(t1.Name, t2.Name, asc);
93 | case 1: return SortHelper::SortNumbers(t1.Kind, t2.Kind, asc);
94 | case 2: return SortHelper::SortNumbers(t1.Token, t2.Token, asc);
95 | case 3: return SortHelper::SortStrings(t1.BaseTypeName, t2.BaseTypeName, asc);
96 | case 4: case 5:
97 | return SortHelper::SortNumbers(t1.Attributes, t2.Attributes, asc);
98 | }
99 | ATLASSERT(false);
100 | return false;
101 | }
102 |
103 |
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/platform.h:
--------------------------------------------------------------------------------
1 | /* Capstone Disassembly Engine */
2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */
3 |
4 | #ifndef CAPSTONE_PLATFORM_H
5 | #define CAPSTONE_PLATFORM_H
6 |
7 | // handle C99 issue (for pre-2013 VisualStudio)
8 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64))
9 | // MSVC
10 |
11 | // stdbool.h
12 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE)
13 | // this system does not have stdbool.h
14 | #ifndef __cplusplus
15 | typedef unsigned char bool;
16 | #define false 0
17 | #define true 1
18 | #endif
19 |
20 | #else
21 | // VisualStudio 2013+ -> C99 is supported
22 | #include
23 | #endif
24 |
25 | #else
26 | // not MSVC -> C99 is supported
27 | #include
28 | #endif
29 |
30 |
31 | // handle C99 issue (for pre-2013 VisualStudio)
32 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)))
33 | // this system does not have inttypes.h
34 |
35 | #if defined(_MSC_VER) && (_MSC_VER < 1600 || defined(_KERNEL_MODE))
36 | // this system does not have stdint.h
37 | typedef signed char int8_t;
38 | typedef signed short int16_t;
39 | typedef signed int int32_t;
40 | typedef unsigned char uint8_t;
41 | typedef unsigned short uint16_t;
42 | typedef unsigned int uint32_t;
43 | typedef signed long long int64_t;
44 | typedef unsigned long long uint64_t;
45 |
46 | #define INT8_MIN (-127i8 - 1)
47 | #define INT16_MIN (-32767i16 - 1)
48 | #define INT32_MIN (-2147483647i32 - 1)
49 | #define INT64_MIN (-9223372036854775807i64 - 1)
50 | #define INT8_MAX 127i8
51 | #define INT16_MAX 32767i16
52 | #define INT32_MAX 2147483647i32
53 | #define INT64_MAX 9223372036854775807i64
54 | #define UINT8_MAX 0xffui8
55 | #define UINT16_MAX 0xffffui16
56 | #define UINT32_MAX 0xffffffffui32
57 | #define UINT64_MAX 0xffffffffffffffffui64
58 | #endif
59 |
60 | #define __PRI_8_LENGTH_MODIFIER__ "hh"
61 | #define __PRI_64_LENGTH_MODIFIER__ "ll"
62 |
63 | #define PRId8 __PRI_8_LENGTH_MODIFIER__ "d"
64 | #define PRIi8 __PRI_8_LENGTH_MODIFIER__ "i"
65 | #define PRIo8 __PRI_8_LENGTH_MODIFIER__ "o"
66 | #define PRIu8 __PRI_8_LENGTH_MODIFIER__ "u"
67 | #define PRIx8 __PRI_8_LENGTH_MODIFIER__ "x"
68 | #define PRIX8 __PRI_8_LENGTH_MODIFIER__ "X"
69 |
70 | #define PRId16 "hd"
71 | #define PRIi16 "hi"
72 | #define PRIo16 "ho"
73 | #define PRIu16 "hu"
74 | #define PRIx16 "hx"
75 | #define PRIX16 "hX"
76 |
77 | #if defined(_MSC_VER) && _MSC_VER <= 1700
78 | #define PRId32 "ld"
79 | #define PRIi32 "li"
80 | #define PRIo32 "lo"
81 | #define PRIu32 "lu"
82 | #define PRIx32 "lx"
83 | #define PRIX32 "lX"
84 | #else // OSX
85 | #define PRId32 "d"
86 | #define PRIi32 "i"
87 | #define PRIo32 "o"
88 | #define PRIu32 "u"
89 | #define PRIx32 "x"
90 | #define PRIX32 "X"
91 | #endif
92 |
93 | #if defined(_MSC_VER) && _MSC_VER <= 1700
94 | // redefine functions from inttypes.h used in cstool
95 | #define strtoull _strtoui64
96 | #endif
97 |
98 | #define PRId64 __PRI_64_LENGTH_MODIFIER__ "d"
99 | #define PRIi64 __PRI_64_LENGTH_MODIFIER__ "i"
100 | #define PRIo64 __PRI_64_LENGTH_MODIFIER__ "o"
101 | #define PRIu64 __PRI_64_LENGTH_MODIFIER__ "u"
102 | #define PRIx64 __PRI_64_LENGTH_MODIFIER__ "x"
103 | #define PRIX64 __PRI_64_LENGTH_MODIFIER__ "X"
104 |
105 | #else
106 | // this system has inttypes.h by default
107 | #include
108 | #endif
109 |
110 | #endif
111 |
--------------------------------------------------------------------------------
/PEExplorerV2/resource.h:
--------------------------------------------------------------------------------
1 | //{{NO_DEPENDENCIES}}
2 | // Microsoft Visual C++ generated include file.
3 | // Used by PEExplorerV2.rc
4 | //
5 | #define IDD_ABOUTBOX 100
6 | #define ID_FILE_EXPORT 101
7 | #define IDR_MAINFRAME 128
8 | #define IDS_COPYRIGHT 129
9 | #define IDI_CLOSE 202
10 | #define IDI_COPY 203
11 | #define IDI_EXPORTS 204
12 | #define IDI_IMPORTS 205
13 | #define IDI_SECTIONS 206
14 | #define IDI_DLL 207
15 | #define IDI_INFO 208
16 | #define IDI_EXPORT 209
17 | #define IDI_IMPORT 210
18 | #define IDI_OPEN 211
19 | #define IDI_PIN 212
20 | #define IDI_RESOURCES 213
21 | #define IDI_FOLDER_CLOSED 214
22 | #define IDI_FOLDER_OPEN 215
23 | #define IDI_DIRS 216
24 | #define IDI_FILE_DLL 217
25 | #define IDI_FILE_EXE 218
26 | #define IDI_FORWARD 219
27 | #define IDI_LIBRARY_IMPORT 220
28 | #define IDI_APISET_LIB 221
29 | #define IDR_MENU1 222
30 | #define IDR_CONTEXT 222
31 | #define IDI_NUM1 223
32 | #define IDI_NUM2 224
33 | #define IDI_NUM4 225
34 | #define IDI_NUM8 226
35 | #define IDI_SAVE 227
36 | #define IDI_ASM 228
37 | #define IDI_HEADERS 229
38 | #define IDI_STRUCT 230
39 | #define IDI_ICON1 231
40 | #define IDI_VIEW 231
41 | #define IDI_ICON2 232
42 | #define IDI_COMPONENT 232
43 | #define IDI_CLASS 233
44 | #define IDI_DELEGATE 234
45 | #define IDI_ENUM 235
46 | #define IDI_EVENT 236
47 | #define IDI_INTERFACE 237
48 | #define IDI_ATTRIBUTE 238
49 | #define IDI_NEWWINDOW 239
50 | #define IDI_CLOSEALL 240
51 | #define IDI_DELETE 241
52 | #define IDI_METHOD 242
53 | #define IDI_PROPERTY 243
54 | #define IDI_FIELD 244
55 | #define IDI_CCTOR 245
56 | #define IDI_CTOR 246
57 | #define IDC_SYSLINK1 1000
58 | #define IDC_LINK 1000
59 | #define ID_VIEW_TREEPANE 32774
60 | #define ID_OPTIONS_ALWAYSONTOP 32775
61 | #define ID_VIEW_SUMMARY 32777
62 | #define ID_VIEW_SECTIONS 32778
63 | #define ID_VIEW_DIRECTORIES 32779
64 | #define ID_VIEW_EXPORTS 32780
65 | #define ID_VIEW_IMPORTS 32781
66 | #define ID_VIEW_RESOURCES 32782
67 | #define ID_VIEW_DOTNET 32783
68 | #define ID_WINDOW_CLOSE 32784
69 | #define ID_WINDOW_CLOSEALL 32785
70 | #define ID_FILE_RECENTFILES 32786
71 | #define ID_EDIT_FILTER 32800
72 | #define ID_FILE_OPENINANEWWINDOW 32801
73 | #define ID_OBJECT_VIEWDATA 32802
74 | #define ID_WINDOW_NEWWINDOW 32803
75 | #define ID_IMPORTLIB_OPENINNEWWINDOW 32804
76 | #define ID_TYPE_VIEWMEMBERS 32805
77 |
78 | // Next default values for new objects
79 | //
80 | #ifdef APSTUDIO_INVOKED
81 | #ifndef APSTUDIO_READONLY_SYMBOLS
82 | #define _APS_NEXT_RESOURCE_VALUE 247
83 | #define _APS_NEXT_COMMAND_VALUE 32806
84 | #define _APS_NEXT_CONTROL_VALUE 1001
85 | #define _APS_NEXT_SYMED_VALUE 102
86 | #endif
87 | #endif
88 |
--------------------------------------------------------------------------------
/PEExplorerV2/SectionsView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SectionsView.h"
3 | #include "PEStrings.h"
4 | #include
5 | #include "SortHelper.h"
6 | #include "resource.h"
7 |
8 | SectionsView::SectionsView(PEParser* parser, IMainFrame* frame)
9 | : _parser(parser), _frame(frame) {
10 | _sections = std::make_unique(_parser->GetSectionCount());
11 | for (int i = 0; i < _parser->GetSectionCount(); i++)
12 | _sections[i] = const_cast(_parser->GetSectionHeader(i));
13 | }
14 |
15 | void SectionsView::Init(CListViewCtrl& lv) {
16 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 100);
17 | lv.InsertColumn(1, L"Size", LVCFMT_RIGHT, 120);
18 | lv.InsertColumn(2, L"Address", LVCFMT_RIGHT, 80);
19 | lv.InsertColumn(3, L"Ptr to Raw Data", LVCFMT_RIGHT, 100);
20 | lv.InsertColumn(4, L"Raw Data Size", LVCFMT_RIGHT, 120);
21 | lv.InsertColumn(5, L"Characteristics", LVCFMT_LEFT, 300);
22 | }
23 |
24 | int SectionsView::GetItemCount() {
25 | return _parser->GetSectionCount();
26 | }
27 |
28 | CString SectionsView::GetItemText(int row, int col) {
29 | auto& sec = _sections[row];
30 |
31 | switch (col) {
32 | case 0: return GetSectionName(sec);
33 | case 1: return PEStrings::ToMemorySize(sec->Misc.VirtualSize);
34 | case 2: return PEStrings::ToHex(sec->VirtualAddress);
35 | case 3: return PEStrings::ToHex(sec->PointerToRawData);
36 | case 4: return PEStrings::ToMemorySize(sec->SizeOfRawData);
37 | case 5: return GetSectionCharacteristics(sec->Characteristics);
38 | }
39 | return L"";
40 | }
41 |
42 | bool SectionsView::Sort(int column, bool ascending) {
43 | std::sort(_sections.get(), _sections.get() + _parser->GetSectionCount(), [this, column, ascending](auto s1, auto s2) {
44 | return CompareItems(s1, s2, column, ascending);
45 | });
46 | return true;
47 | }
48 |
49 | void SectionsView::OnContextMenu(const POINT& pt, int index) {
50 | CMenuHandle menu;
51 | menu.LoadMenuW(IDR_CONTEXT);
52 | auto cmd = _frame->ShowContextMenu(menu.GetSubMenu(0), pt, TPM_RETURNCMD);
53 | if (cmd == ID_OBJECT_VIEWDATA) {
54 | _frame->CreateHexView(TreeNodeType::SectionView, _parser->GetSectionName(index), index);
55 | }
56 | }
57 |
58 | CString SectionsView::GetSectionCharacteristics(DWORD c) const {
59 | CString result;
60 | auto ch = static_cast(c);
61 |
62 | struct {
63 | SectionFlags Flags;
64 | PCWSTR Text;
65 | } items[] = {
66 | { SectionFlags::NoPad, L"No Pad" },
67 | { SectionFlags::Code, L"Code" },
68 | { SectionFlags::Read, L"Read" },
69 | { SectionFlags::Write, L"Write" },
70 | { SectionFlags::Execute, L"Execute" },
71 | { SectionFlags::Shared, L"Shared" },
72 | { SectionFlags::InitializedData, L"Initialized Data" },
73 | { SectionFlags::UninitializedData, L"Uninitialized Data" },
74 | { SectionFlags::Remove, L"Remove" },
75 | { SectionFlags::Discardable, L"Discardable" },
76 | { SectionFlags::Info, L"Info" },
77 | { SectionFlags::Comdat, L"Comdat" },
78 | { SectionFlags::GPRel, L"GP Relative" },
79 | { SectionFlags::ExtendedReloc, L"Extended Reloc" },
80 | { SectionFlags::NotPaged, L"Not Paged" },
81 | { SectionFlags::NotCached, L"Not Cached" },
82 | };
83 |
84 | for (auto& item : items)
85 | if ((ch & item.Flags) != SectionFlags::None)
86 | result += item.Text + CString(L", ");
87 |
88 | if (!result.IsEmpty())
89 | result = result.Left(result.GetLength() - 2);
90 |
91 | result = PEStrings::ToHex(c, true) + L" (" + result + L")";
92 | return result;
93 | }
94 |
95 | CString SectionsView::GetSectionName(const IMAGE_SECTION_HEADER* sec) {
96 | if (sec->Name[7] != '\0')
97 | return CString((PCSTR)sec->Name, 8);
98 | return CString((PCSTR)sec->Name);
99 | }
100 |
101 | bool SectionsView::CompareItems(const PIMAGE_SECTION_HEADER s1, const PIMAGE_SECTION_HEADER s2, int col, bool asc) const {
102 | switch (col) {
103 | case 0: return SortHelper::SortStrings(GetSectionName(s1), GetSectionName(s2), asc);
104 | case 1: return SortHelper::SortNumbers(s1->Misc.VirtualSize, s2->Misc.VirtualSize, asc);
105 | case 2: return SortHelper::SortNumbers(s1->VirtualAddress, s2->VirtualAddress, asc);
106 | case 3: return SortHelper::SortNumbers(s1->PointerToRawData, s2->PointerToRawData, asc);
107 | case 4: return SortHelper::SortNumbers(s1->SizeOfRawData, s2->SizeOfRawData, asc);
108 | case 5: return SortHelper::SortNumbers(s1->Characteristics, s2->Characteristics, asc);
109 | }
110 |
111 | ATLASSERT(false);
112 | return false;
113 | }
114 |
115 |
--------------------------------------------------------------------------------
/PEExplorerV2/VirtualListView.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | template
4 | struct CVirtualListView {
5 | BEGIN_MSG_MAP(CVirtualListView)
6 | NOTIFY_CODE_HANDLER(LVN_COLUMNCLICK, OnColumnClick)
7 | NOTIFY_CODE_HANDLER(LVN_ODFINDITEM, OnFindItem)
8 | ALT_MSG_MAP(1)
9 | REFLECTED_NOTIFY_CODE_HANDLER(LVN_COLUMNCLICK, OnColumnClick)
10 | REFLECTED_NOTIFY_CODE_HANDLER(LVN_ODFINDITEM, OnFindItem)
11 | END_MSG_MAP()
12 |
13 | struct SortInfo {
14 | int SortColumn = -1;
15 | UINT_PTR Id;
16 | HWND hWnd;
17 | bool SortAscending;
18 | };
19 |
20 | bool ClearSort(UINT_PTR id) {
21 | auto si = FindById(id);
22 | if (si == nullptr)
23 | return false;
24 |
25 | auto header = CListViewCtrl(si->hWnd).GetHeader();
26 | HDITEM h;
27 | h.mask = HDI_FORMAT;
28 | header.GetItem(si->SortColumn, &h);
29 | h.fmt = (h.fmt & HDF_JUSTIFYMASK) | HDF_STRING;
30 | header.SetItem(si->SortColumn, &h);
31 | si->SortColumn = -1;
32 | return true;
33 | }
34 |
35 | protected:
36 | LRESULT OnFindItem(int /*idCtrl*/, LPNMHDR hdr, BOOL& /*bHandled*/) {
37 | auto fi = (NMLVFINDITEM*)hdr;
38 | auto text = fi->lvfi.psz;
39 | auto len = ::wcslen(text);
40 | auto list = static_cast(this);
41 |
42 | if (list->GetSelectedCount() == 0)
43 | return 0;
44 |
45 | int selected = list->GetNextItem(-1, LVIS_SELECTED);
46 | int start = selected + 1;
47 | int count = list->GetItemCount();
48 | for (int i = start; i < count + start; i++) {
49 | CString name;
50 | list->GetItemText(i % count, 0, name);
51 | if (::_wcsnicmp(name, text, len) == 0)
52 | return i % count;
53 | }
54 | return -1;
55 | }
56 |
57 | LRESULT OnColumnClick(int /*idCtrl*/, LPNMHDR hdr, BOOL& /*bHandled*/) {
58 | auto lv = (NMLISTVIEW*)hdr;
59 | auto col = lv->iSubItem;
60 |
61 | auto p = static_cast(this);
62 | if (!p->IsSortable(col))
63 | return 0;
64 |
65 | auto si = FindById(hdr->idFrom);
66 | if (si == nullptr) {
67 | SortInfo s;
68 | s.hWnd = hdr->hwndFrom;
69 | s.Id = hdr->idFrom;
70 | m_Controls.push_back(s);
71 | si = m_Controls.data() + m_Controls.size() - 1;
72 | }
73 |
74 | auto oldSortColumn = si->SortColumn;
75 | if (col == si->SortColumn)
76 | si->SortAscending = !si->SortAscending;
77 | else {
78 | si->SortColumn = col;
79 | si->SortAscending = true;
80 | }
81 |
82 | HDITEM h;
83 | h.mask = HDI_FORMAT;
84 | CListViewCtrl list(hdr->hwndFrom);
85 | auto header = list.GetHeader();
86 | header.GetItem(si->SortColumn, &h);
87 | h.fmt = (h.fmt & HDF_JUSTIFYMASK) | HDF_STRING | (si->SortAscending ? HDF_SORTUP : HDF_SORTDOWN);
88 | header.SetItem(si->SortColumn, &h);
89 |
90 | if (oldSortColumn >= 0 && oldSortColumn != si->SortColumn) {
91 | h.mask = HDI_FORMAT;
92 | header.GetItem(oldSortColumn, &h);
93 | h.fmt = (h.fmt & HDF_JUSTIFYMASK) | HDF_STRING;
94 | header.SetItem(oldSortColumn, &h);
95 | }
96 |
97 | static_cast(this)->DoSort(si);
98 | list.RedrawItems(list.GetTopIndex(), list.GetTopIndex() + list.GetCountPerPage());
99 |
100 | return 0;
101 | }
102 |
103 | bool IsSortable(int) const {
104 | return true;
105 | }
106 |
107 | int GetSortColumn(UINT_PTR id = 0) const {
108 | auto si = FindById(id);
109 | return si ? si->SortColumn : -1;
110 | }
111 | int IsSortAscending(UINT_PTR id) const {
112 | auto si = FindById(id);
113 | return si ? si->SortAscending : false;
114 | }
115 |
116 | SortInfo* GetSortInfo(UINT_PTR id = 0) {
117 | if (id == 0 && m_Controls.empty())
118 | return nullptr;
119 | return id == 0 ? &m_Controls[0] : FindById(id);
120 | }
121 |
122 | static bool SortStrings(const CString& s1, const CString& s2, bool ascending) {
123 | return ascending ? s2.CompareNoCase(s1) > 0 : s2.CompareNoCase(s1) < 0;
124 | }
125 |
126 | static bool SortStrings(const std::string& s1, const std::string& s2, bool ascending) {
127 | return ascending ? s2.compare(s1) > 0 : s2.compare(s1) < 0;
128 | }
129 |
130 | template
131 | static bool SortNumbers(const Number& n1, const Number& n2, bool ascending) {
132 | return ascending ? n2 > n1 : n2 < n1;
133 | }
134 |
135 | void DoSort(const SortInfo*) {}
136 |
137 | private:
138 | SortInfo* FindById(UINT_PTR id) const {
139 | if (id == 0)
140 | return m_Controls.empty() ? nullptr : &m_Controls[0];
141 | for (auto& info : m_Controls)
142 | if (info.Id == id)
143 | return &info;
144 | return nullptr;
145 | }
146 |
147 | mutable std::vector m_Controls;
148 | };
149 |
--------------------------------------------------------------------------------
/PEExplorerV2/TypeMembersView.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "TypeMembersView.h"
3 | #include "CLRMetadataParser.h"
4 | #include "PEStrings.h"
5 | #include "resource.h"
6 | #include
7 | #include "SortHelper.h"
8 |
9 | TypeMembersView::TypeMembersView(CLRMetadataParser& parser, const ManagedType& type) : _parser(parser), _type(type) {
10 | }
11 |
12 | PCWSTR TypeMembersView::MemberTypeToString(ManagedMemberType type) {
13 | switch (type) {
14 | case ManagedMemberType::Method: return L"Method";
15 | case ManagedMemberType::Field: return L"Field";
16 | case ManagedMemberType::Property: return L"Property";
17 | case ManagedMemberType::Event: return L"Event";
18 | case ManagedMemberType::Constructor: return L"Constructor";
19 | case ManagedMemberType::StaticConstructor: return L"Static Constructor";
20 | }
21 |
22 | ATLASSERT(false);
23 | return L"Unknown";
24 | }
25 |
26 | int TypeMembersView::GetItemCount() {
27 | _members = _parser.EnumMembers(_type.Token, true);
28 |
29 | return static_cast(_members.size());
30 | }
31 |
32 | void TypeMembersView::Init(CListViewCtrl& lv) {
33 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 200);
34 | lv.InsertColumn(1, L"Kind", LVCFMT_LEFT, 70);
35 | lv.InsertColumn(2, L"Token", LVCFMT_RIGHT, 80);
36 | lv.InsertColumn(3, L"Declaring Type", LVCFMT_LEFT, 200);
37 | lv.InsertColumn(4, L"Attributes", LVCFMT_RIGHT, 90);
38 | lv.InsertColumn(5, L"Attributes Details", LVCFMT_LEFT, 200);
39 | lv.InsertColumn(6, L"More Information", LVCFMT_LEFT, 250);
40 |
41 | CImageList images;
42 | images.Create(16, 16, ILC_COLOR32, 6, 0);
43 | UINT ids[] = { IDI_METHOD, IDI_PROPERTY, IDI_EVENT, IDI_FIELD, IDI_CTOR, IDI_CLASS, IDI_CCTOR };
44 | for (auto id : ids)
45 | images.AddIcon(AtlLoadIconImage(id, 0, 16, 16));
46 | lv.SetImageList(images, LVSIL_SMALL);
47 | }
48 |
49 | CString TypeMembersView::GetItemText(int row, int col) {
50 | auto& item = _members[row];
51 |
52 | switch (col) {
53 | case 0: return item.Name;
54 | case 1: return MemberTypeToString(item.Type);
55 | case 2: return PEStrings::ToHex((ULONG)item.Token);
56 | case 3: return _parser.GetTypeName(item.ClassToken);
57 | case 4: return PEStrings::ToHex(item.Attributes);
58 | case 5: return PEStrings::MemberAttributesToString(item);
59 | case 6: return GetMoreInfo(item);
60 | }
61 |
62 | ATLASSERT(false);
63 | return L"";
64 | }
65 |
66 | bool TypeMembersView::Sort(int column, bool ascending) {
67 | std::sort(_members.begin(), _members.end(), [=](auto& m1, auto& m2) {
68 | return CompareItems(m1, m2, column, ascending);
69 | });
70 |
71 | return true;
72 | }
73 |
74 | int TypeMembersView::GetIcon(int row) {
75 | return (int)_members[row].Type;
76 | }
77 |
78 | bool TypeMembersView::CanSort(int col) const {
79 | return col != 6;
80 | }
81 |
82 | CString TypeMembersView::GetMoreInfo(const ManagedMember& member) const {
83 | CString details, name;
84 |
85 | switch (member.Type) {
86 | case ManagedMemberType::Method:
87 | break;
88 |
89 | case ManagedMemberType::Property:
90 | name = _parser.GetMethodName(member.Property.Getter);
91 | if(!name.IsEmpty())
92 | details += L"Getter: " + name + L", ";
93 | name = _parser.GetMethodName(member.Property.Setter);
94 | if (!name.IsEmpty())
95 | details += L"Setter: " + name + L", ";
96 |
97 | break;
98 |
99 | case ManagedMemberType::Event:
100 | if (member.Event.AddMethod)
101 | details += L"Add: " + _parser.GetMethodName(member.Event.AddMethod) + L", ";
102 | if (member.Event.RemoveMethod)
103 | details += L"Remove: " + _parser.GetMethodName(member.Event.RemoveMethod) + L", ";
104 | if (member.Event.FireMethod)
105 | details += L"Fire: " + _parser.GetMethodName(member.Event.FireMethod) + L", ";
106 | break;
107 | }
108 |
109 | if (!details.IsEmpty())
110 | details = details.Left(details.GetLength() - 2);
111 | return details;
112 | }
113 |
114 | bool TypeMembersView::CompareItems(const ManagedMember& m1, const ManagedMember& m2, int col, bool asc) const {
115 | switch (col) {
116 | case 0: return SortHelper::SortStrings(m1.Name, m2.Name, asc);
117 | case 1: return SortHelper::SortStrings(MemberTypeToString(m1.Type), MemberTypeToString(m2.Type), asc);
118 | case 2: return SortHelper::SortNumbers(m1.Token, m2.Token, asc);
119 | case 3: return SortHelper::SortStrings(_parser.GetTypeName(m1.ClassToken), _parser.GetTypeName(m2.ClassToken), asc);
120 | case 4: case 5: return SortHelper::SortNumbers(m1.Attributes, m2.Attributes, asc);
121 | }
122 | ATLASSERT(false);
123 | return false;
124 | }
125 |
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/mos65xx.h:
--------------------------------------------------------------------------------
1 | #ifndef CAPSTONE_MOS65XX_H
2 | #define CAPSTONE_MOS65XX_H
3 |
4 | /* Capstone Disassembly Engine */
5 | /* By Sebastian Macke
6 | #include "SortHelper.h"
7 |
8 | SummaryView::SummaryView(PEParser* parser) : _parser(parser) {
9 | }
10 |
11 | void SummaryView::Init(CListViewCtrl& lv) {
12 | lv.InsertColumn(0, L"Name", LVCFMT_LEFT, 140);
13 | lv.InsertColumn(1, L"Value", LVCFMT_LEFT, 170);
14 | lv.InsertColumn(2, L"Details", LVCFMT_LEFT, 500);
15 | }
16 |
17 | int SummaryView::GetItemCount() {
18 | _items.reserve(24);
19 | auto& fh = _parser->GetFileHeader();
20 |
21 | auto objectFile = _parser->IsObjectFile();
22 | if (objectFile) {
23 | _items.push_back(Item(L"Time/Date Stamp", PEStrings::ToHex(fh.TimeDateStamp))); // , CTime(fh.TimeDateStamp).Format(L"%c")));
24 | _items.push_back(Item(L"Sections", std::to_wstring(_parser->GetSectionCount()).c_str()));
25 | _items.push_back(Item(L"Machine", PEStrings::ToDecAndHex(fh.Machine), PEStrings::MachineTypeToString((MachineType)fh.Machine)));
26 | _items.push_back(Item(L"Image Characteristics", PEStrings::ToDecAndHex(fh.Characteristics), PEStrings::CharacteristicsToString((ImageCharacteristics)fh.Characteristics)));
27 | }
28 | else {
29 | auto& oh32 = _parser->GetOptionalHeader32();
30 | auto& oh64 = _parser->GetOptionalHeader64();
31 | auto pe64 = _parser->IsPe64();
32 | auto magic = pe64 ? oh64.Magic : oh32.Magic;
33 | auto dllChar = pe64 ? oh64.DllCharacteristics : oh32.DllCharacteristics;
34 |
35 | _items.push_back(Item(L"Time/Date Stamp", PEStrings::ToHex(fh.TimeDateStamp))); // , CTime(fh.TimeDateStamp).Format(L"%c")));
36 | _items.push_back(Item(L"Subsystem", std::to_wstring((short)_parser->GetSubsystemType()).c_str(), PEStrings::SubsystemTypeToString(_parser->GetSubsystemType())));
37 | _items.push_back(Item(L"Sections", std::to_wstring(_parser->GetSectionCount()).c_str()));
38 | _items.push_back(Item(L"Magic", PEStrings::ToDecAndHex(magic), PEStrings::MagicToString((OptionalHeaderMagic)magic)));
39 | _items.push_back(Item(L"Machine", PEStrings::ToDecAndHex(fh.Machine), PEStrings::MachineTypeToString((MachineType)fh.Machine)));
40 | _items.push_back(Item(L"Image Characteristics", PEStrings::ToDecAndHex(fh.Characteristics), PEStrings::CharacteristicsToString((ImageCharacteristics)fh.Characteristics)));
41 | _items.push_back(Item(L"DLL Characteristics", PEStrings::ToDecAndHex(dllChar), PEStrings::DllCharacteristicsToString((DllCharacteristics)dllChar)));
42 | _items.push_back(Item(L"Is Managed", _parser->IsManaged() ? L"Yes" : L"No"));
43 | _items.push_back(Item(L"Image Base", PEStrings::ToHex(pe64 ? oh64.ImageBase : oh32.ImageBase)));
44 | _items.push_back(Item(L"Heap Commit", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfHeapCommit : oh32.SizeOfHeapCommit)));
45 | _items.push_back(Item(L"Heap Reserve", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfHeapReserve : oh32.SizeOfHeapReserve)));
46 | _items.push_back(Item(L"Stack Commit", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfStackCommit : oh32.SizeOfStackCommit)));
47 | _items.push_back(Item(L"Stack Reserve", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfStackReserve : oh32.SizeOfStackReserve)));
48 | _items.push_back(Item(L"Code Size", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfCode : oh32.SizeOfCode)));
49 | _items.push_back(Item(L"Entry Point", PEStrings::ToHex(pe64 ? oh64.AddressOfEntryPoint : oh32.AddressOfEntryPoint)));
50 | _items.push_back(Item(L"Image Size", PEStrings::ToMemorySize(pe64 ? oh64.SizeOfImage : oh32.SizeOfImage)));
51 | _items.push_back(Item(L"OS Version", (std::to_wstring(pe64 ? oh64.MajorOperatingSystemVersion : oh32.MajorOperatingSystemVersion) + L"." +
52 | std::to_wstring(pe64 ? oh64.MinorOperatingSystemVersion : oh32.MinorOperatingSystemVersion)).c_str()));
53 | _items.push_back(Item(L"Image Version", (std::to_wstring(pe64 ? oh64.MajorImageVersion : oh32.MajorImageVersion) + L"." +
54 | std::to_wstring(pe64 ? oh64.MinorImageVersion : oh32.MinorImageVersion)).c_str()));
55 | _items.push_back(Item(L"Linker Version", (std::to_wstring(pe64 ? oh64.MajorLinkerVersion : oh32.MajorLinkerVersion) + L"." +
56 | std::to_wstring(pe64 ? oh64.MinorLinkerVersion : oh32.MinorLinkerVersion)).c_str()));
57 | _items.push_back(Item(L"Loader Flags", PEStrings::ToDecAndHex(pe64 ? oh64.LoaderFlags : oh32.LoaderFlags)));
58 | }
59 | return static_cast(_items.size());
60 | }
61 |
62 | CString SummaryView::GetItemText(int row, int col) {
63 | switch (col) {
64 | case 0: return _items[row].Name;
65 | case 1: return _items[row].Value;
66 | case 2: return _items[row].Details;
67 | }
68 | ATLASSERT(false);
69 | return L"";
70 | }
71 |
72 | bool SummaryView::Sort(int column, bool ascending) {
73 | std::sort(_items.begin(), _items.end(), [ascending](auto& i1, auto& i2) {
74 | return SortHelper::SortStrings(i1.Name, i2.Name, ascending);
75 | });
76 | return true;
77 | }
78 |
79 | bool SummaryView::CanSort(int column) const {
80 | return column == 0;
81 | }
82 |
83 | SummaryView::Item::Item(PCWSTR name, PCWSTR value, PCWSTR details)
84 | : Name(name), Value(value), Details(details) {
85 | }
86 |
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/evm.h:
--------------------------------------------------------------------------------
1 | #ifndef CAPSTONE_EVM_H
2 | #define CAPSTONE_EVM_H
3 |
4 | /* Capstone Disassembly Engine */
5 | /* By Nguyen Anh Quynh , 2013-2018 */
6 |
7 | #ifdef __cplusplus
8 | extern "C" {
9 | #endif
10 |
11 | #include "platform.h"
12 |
13 | #ifdef _MSC_VER
14 | #pragma warning(disable:4201)
15 | #endif
16 |
17 | /// Instruction structure
18 | typedef struct cs_evm {
19 | unsigned char pop; ///< number of items popped from the stack
20 | unsigned char push; ///< number of items pushed into the stack
21 | unsigned int fee; ///< gas fee for the instruction
22 | } cs_evm;
23 |
24 | /// EVM instruction
25 | typedef enum evm_insn {
26 | EVM_INS_STOP = 0,
27 | EVM_INS_ADD = 1,
28 | EVM_INS_MUL = 2,
29 | EVM_INS_SUB = 3,
30 | EVM_INS_DIV = 4,
31 | EVM_INS_SDIV = 5,
32 | EVM_INS_MOD = 6,
33 | EVM_INS_SMOD = 7,
34 | EVM_INS_ADDMOD = 8,
35 | EVM_INS_MULMOD = 9,
36 | EVM_INS_EXP = 10,
37 | EVM_INS_SIGNEXTEND = 11,
38 | EVM_INS_LT = 16,
39 | EVM_INS_GT = 17,
40 | EVM_INS_SLT = 18,
41 | EVM_INS_SGT = 19,
42 | EVM_INS_EQ = 20,
43 | EVM_INS_ISZERO = 21,
44 | EVM_INS_AND = 22,
45 | EVM_INS_OR = 23,
46 | EVM_INS_XOR = 24,
47 | EVM_INS_NOT = 25,
48 | EVM_INS_BYTE = 26,
49 | EVM_INS_SHA3 = 32,
50 | EVM_INS_ADDRESS = 48,
51 | EVM_INS_BALANCE = 49,
52 | EVM_INS_ORIGIN = 50,
53 | EVM_INS_CALLER = 51,
54 | EVM_INS_CALLVALUE = 52,
55 | EVM_INS_CALLDATALOAD = 53,
56 | EVM_INS_CALLDATASIZE = 54,
57 | EVM_INS_CALLDATACOPY = 55,
58 | EVM_INS_CODESIZE = 56,
59 | EVM_INS_CODECOPY = 57,
60 | EVM_INS_GASPRICE = 58,
61 | EVM_INS_EXTCODESIZE = 59,
62 | EVM_INS_EXTCODECOPY = 60,
63 | EVM_INS_RETURNDATASIZE = 61,
64 | EVM_INS_RETURNDATACOPY = 62,
65 | EVM_INS_BLOCKHASH = 64,
66 | EVM_INS_COINBASE = 65,
67 | EVM_INS_TIMESTAMP = 66,
68 | EVM_INS_NUMBER = 67,
69 | EVM_INS_DIFFICULTY = 68,
70 | EVM_INS_GASLIMIT = 69,
71 | EVM_INS_POP = 80,
72 | EVM_INS_MLOAD = 81,
73 | EVM_INS_MSTORE = 82,
74 | EVM_INS_MSTORE8 = 83,
75 | EVM_INS_SLOAD = 84,
76 | EVM_INS_SSTORE = 85,
77 | EVM_INS_JUMP = 86,
78 | EVM_INS_JUMPI = 87,
79 | EVM_INS_PC = 88,
80 | EVM_INS_MSIZE = 89,
81 | EVM_INS_GAS = 90,
82 | EVM_INS_JUMPDEST = 91,
83 | EVM_INS_PUSH1 = 96,
84 | EVM_INS_PUSH2 = 97,
85 | EVM_INS_PUSH3 = 98,
86 | EVM_INS_PUSH4 = 99,
87 | EVM_INS_PUSH5 = 100,
88 | EVM_INS_PUSH6 = 101,
89 | EVM_INS_PUSH7 = 102,
90 | EVM_INS_PUSH8 = 103,
91 | EVM_INS_PUSH9 = 104,
92 | EVM_INS_PUSH10 = 105,
93 | EVM_INS_PUSH11 = 106,
94 | EVM_INS_PUSH12 = 107,
95 | EVM_INS_PUSH13 = 108,
96 | EVM_INS_PUSH14 = 109,
97 | EVM_INS_PUSH15 = 110,
98 | EVM_INS_PUSH16 = 111,
99 | EVM_INS_PUSH17 = 112,
100 | EVM_INS_PUSH18 = 113,
101 | EVM_INS_PUSH19 = 114,
102 | EVM_INS_PUSH20 = 115,
103 | EVM_INS_PUSH21 = 116,
104 | EVM_INS_PUSH22 = 117,
105 | EVM_INS_PUSH23 = 118,
106 | EVM_INS_PUSH24 = 119,
107 | EVM_INS_PUSH25 = 120,
108 | EVM_INS_PUSH26 = 121,
109 | EVM_INS_PUSH27 = 122,
110 | EVM_INS_PUSH28 = 123,
111 | EVM_INS_PUSH29 = 124,
112 | EVM_INS_PUSH30 = 125,
113 | EVM_INS_PUSH31 = 126,
114 | EVM_INS_PUSH32 = 127,
115 | EVM_INS_DUP1 = 128,
116 | EVM_INS_DUP2 = 129,
117 | EVM_INS_DUP3 = 130,
118 | EVM_INS_DUP4 = 131,
119 | EVM_INS_DUP5 = 132,
120 | EVM_INS_DUP6 = 133,
121 | EVM_INS_DUP7 = 134,
122 | EVM_INS_DUP8 = 135,
123 | EVM_INS_DUP9 = 136,
124 | EVM_INS_DUP10 = 137,
125 | EVM_INS_DUP11 = 138,
126 | EVM_INS_DUP12 = 139,
127 | EVM_INS_DUP13 = 140,
128 | EVM_INS_DUP14 = 141,
129 | EVM_INS_DUP15 = 142,
130 | EVM_INS_DUP16 = 143,
131 | EVM_INS_SWAP1 = 144,
132 | EVM_INS_SWAP2 = 145,
133 | EVM_INS_SWAP3 = 146,
134 | EVM_INS_SWAP4 = 147,
135 | EVM_INS_SWAP5 = 148,
136 | EVM_INS_SWAP6 = 149,
137 | EVM_INS_SWAP7 = 150,
138 | EVM_INS_SWAP8 = 151,
139 | EVM_INS_SWAP9 = 152,
140 | EVM_INS_SWAP10 = 153,
141 | EVM_INS_SWAP11 = 154,
142 | EVM_INS_SWAP12 = 155,
143 | EVM_INS_SWAP13 = 156,
144 | EVM_INS_SWAP14 = 157,
145 | EVM_INS_SWAP15 = 158,
146 | EVM_INS_SWAP16 = 159,
147 | EVM_INS_LOG0 = 160,
148 | EVM_INS_LOG1 = 161,
149 | EVM_INS_LOG2 = 162,
150 | EVM_INS_LOG3 = 163,
151 | EVM_INS_LOG4 = 164,
152 | EVM_INS_CREATE = 240,
153 | EVM_INS_CALL = 241,
154 | EVM_INS_CALLCODE = 242,
155 | EVM_INS_RETURN = 243,
156 | EVM_INS_DELEGATECALL = 244,
157 | EVM_INS_CALLBLACKBOX = 245,
158 | EVM_INS_STATICCALL = 250,
159 | EVM_INS_REVERT = 253,
160 | EVM_INS_SUICIDE = 255,
161 |
162 | EVM_INS_INVALID = 512,
163 | EVM_INS_ENDING, // <-- mark the end of the list of instructions
164 | } evm_insn;
165 |
166 | /// Group of EVM instructions
167 | typedef enum evm_insn_group {
168 | EVM_GRP_INVALID = 0, ///< = CS_GRP_INVALID
169 |
170 | EVM_GRP_JUMP, ///< all jump instructions
171 |
172 | EVM_GRP_MATH = 8, ///< math instructions
173 | EVM_GRP_STACK_WRITE, ///< instructions write to stack
174 | EVM_GRP_STACK_READ, ///< instructions read from stack
175 | EVM_GRP_MEM_WRITE, ///< instructions write to memory
176 | EVM_GRP_MEM_READ, ///< instructions read from memory
177 | EVM_GRP_STORE_WRITE, ///< instructions write to storage
178 | EVM_GRP_STORE_READ, ///< instructions read from storage
179 | EVM_GRP_HALT, ///< instructions halt execution
180 |
181 | EVM_GRP_ENDING, ///< <-- mark the end of the list of groups
182 | } evm_insn_group;
183 |
184 | #ifdef __cplusplus
185 | }
186 | #endif
187 |
188 | #endif
189 |
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/xcore.h:
--------------------------------------------------------------------------------
1 | #ifndef CAPSTONE_XCORE_H
2 | #define CAPSTONE_XCORE_H
3 |
4 | /* Capstone Disassembly Engine */
5 | /* By Nguyen Anh Quynh , 2014-2015 */
6 |
7 | #ifdef __cplusplus
8 | extern "C" {
9 | #endif
10 |
11 | #include "platform.h"
12 |
13 | #ifdef _MSC_VER
14 | #pragma warning(disable:4201)
15 | #endif
16 |
17 | /// Operand type for instruction's operands
18 | typedef enum xcore_op_type {
19 | XCORE_OP_INVALID = 0, ///< = CS_OP_INVALID (Uninitialized).
20 | XCORE_OP_REG, ///< = CS_OP_REG (Register operand).
21 | XCORE_OP_IMM, ///< = CS_OP_IMM (Immediate operand).
22 | XCORE_OP_MEM, ///< = CS_OP_MEM (Memory operand).
23 | } xcore_op_type;
24 |
25 | /// XCore registers
26 | typedef enum xcore_reg {
27 | XCORE_REG_INVALID = 0,
28 |
29 | XCORE_REG_CP,
30 | XCORE_REG_DP,
31 | XCORE_REG_LR,
32 | XCORE_REG_SP,
33 | XCORE_REG_R0,
34 | XCORE_REG_R1,
35 | XCORE_REG_R2,
36 | XCORE_REG_R3,
37 | XCORE_REG_R4,
38 | XCORE_REG_R5,
39 | XCORE_REG_R6,
40 | XCORE_REG_R7,
41 | XCORE_REG_R8,
42 | XCORE_REG_R9,
43 | XCORE_REG_R10,
44 | XCORE_REG_R11,
45 |
46 | // pseudo registers
47 | XCORE_REG_PC, ///< pc
48 |
49 | // internal thread registers
50 | // see The-XMOS-XS1-Architecture(X7879A).pdf
51 | XCORE_REG_SCP, ///< save pc
52 | XCORE_REG_SSR, //< save status
53 | XCORE_REG_ET, //< exception type
54 | XCORE_REG_ED, //< exception data
55 | XCORE_REG_SED, //< save exception data
56 | XCORE_REG_KEP, //< kernel entry pointer
57 | XCORE_REG_KSP, //< kernel stack pointer
58 | XCORE_REG_ID, //< thread ID
59 |
60 | XCORE_REG_ENDING, // <-- mark the end of the list of registers
61 | } xcore_reg;
62 |
63 | /// Instruction's operand referring to memory
64 | /// This is associated with XCORE_OP_MEM operand type above
65 | typedef struct xcore_op_mem {
66 | uint8_t base; ///< base register, can be safely interpreted as
67 | ///< a value of type `xcore_reg`, but it is only
68 | ///< one byte wide
69 | uint8_t index; ///< index register, same conditions apply here
70 | int32_t disp; ///< displacement/offset value
71 | int direct; ///< +1: forward, -1: backward
72 | } xcore_op_mem;
73 |
74 | /// Instruction operand
75 | typedef struct cs_xcore_op {
76 | xcore_op_type type; ///< operand type
77 | union {
78 | xcore_reg reg; ///< register value for REG operand
79 | int32_t imm; ///< immediate value for IMM operand
80 | xcore_op_mem mem; ///< base/disp value for MEM operand
81 | };
82 | } cs_xcore_op;
83 |
84 | /// Instruction structure
85 | typedef struct cs_xcore {
86 | /// Number of operands of this instruction,
87 | /// or 0 when instruction has no operand.
88 | uint8_t op_count;
89 | cs_xcore_op operands[8]; ///< operands for this instruction.
90 | } cs_xcore;
91 |
92 | /// XCore instruction
93 | typedef enum xcore_insn {
94 | XCORE_INS_INVALID = 0,
95 |
96 | XCORE_INS_ADD,
97 | XCORE_INS_ANDNOT,
98 | XCORE_INS_AND,
99 | XCORE_INS_ASHR,
100 | XCORE_INS_BAU,
101 | XCORE_INS_BITREV,
102 | XCORE_INS_BLA,
103 | XCORE_INS_BLAT,
104 | XCORE_INS_BL,
105 | XCORE_INS_BF,
106 | XCORE_INS_BT,
107 | XCORE_INS_BU,
108 | XCORE_INS_BRU,
109 | XCORE_INS_BYTEREV,
110 | XCORE_INS_CHKCT,
111 | XCORE_INS_CLRE,
112 | XCORE_INS_CLRPT,
113 | XCORE_INS_CLRSR,
114 | XCORE_INS_CLZ,
115 | XCORE_INS_CRC8,
116 | XCORE_INS_CRC32,
117 | XCORE_INS_DCALL,
118 | XCORE_INS_DENTSP,
119 | XCORE_INS_DGETREG,
120 | XCORE_INS_DIVS,
121 | XCORE_INS_DIVU,
122 | XCORE_INS_DRESTSP,
123 | XCORE_INS_DRET,
124 | XCORE_INS_ECALLF,
125 | XCORE_INS_ECALLT,
126 | XCORE_INS_EDU,
127 | XCORE_INS_EEF,
128 | XCORE_INS_EET,
129 | XCORE_INS_EEU,
130 | XCORE_INS_ENDIN,
131 | XCORE_INS_ENTSP,
132 | XCORE_INS_EQ,
133 | XCORE_INS_EXTDP,
134 | XCORE_INS_EXTSP,
135 | XCORE_INS_FREER,
136 | XCORE_INS_FREET,
137 | XCORE_INS_GETD,
138 | XCORE_INS_GET,
139 | XCORE_INS_GETN,
140 | XCORE_INS_GETR,
141 | XCORE_INS_GETSR,
142 | XCORE_INS_GETST,
143 | XCORE_INS_GETTS,
144 | XCORE_INS_INCT,
145 | XCORE_INS_INIT,
146 | XCORE_INS_INPW,
147 | XCORE_INS_INSHR,
148 | XCORE_INS_INT,
149 | XCORE_INS_IN,
150 | XCORE_INS_KCALL,
151 | XCORE_INS_KENTSP,
152 | XCORE_INS_KRESTSP,
153 | XCORE_INS_KRET,
154 | XCORE_INS_LADD,
155 | XCORE_INS_LD16S,
156 | XCORE_INS_LD8U,
157 | XCORE_INS_LDA16,
158 | XCORE_INS_LDAP,
159 | XCORE_INS_LDAW,
160 | XCORE_INS_LDC,
161 | XCORE_INS_LDW,
162 | XCORE_INS_LDIVU,
163 | XCORE_INS_LMUL,
164 | XCORE_INS_LSS,
165 | XCORE_INS_LSUB,
166 | XCORE_INS_LSU,
167 | XCORE_INS_MACCS,
168 | XCORE_INS_MACCU,
169 | XCORE_INS_MJOIN,
170 | XCORE_INS_MKMSK,
171 | XCORE_INS_MSYNC,
172 | XCORE_INS_MUL,
173 | XCORE_INS_NEG,
174 | XCORE_INS_NOT,
175 | XCORE_INS_OR,
176 | XCORE_INS_OUTCT,
177 | XCORE_INS_OUTPW,
178 | XCORE_INS_OUTSHR,
179 | XCORE_INS_OUTT,
180 | XCORE_INS_OUT,
181 | XCORE_INS_PEEK,
182 | XCORE_INS_REMS,
183 | XCORE_INS_REMU,
184 | XCORE_INS_RETSP,
185 | XCORE_INS_SETCLK,
186 | XCORE_INS_SET,
187 | XCORE_INS_SETC,
188 | XCORE_INS_SETD,
189 | XCORE_INS_SETEV,
190 | XCORE_INS_SETN,
191 | XCORE_INS_SETPSC,
192 | XCORE_INS_SETPT,
193 | XCORE_INS_SETRDY,
194 | XCORE_INS_SETSR,
195 | XCORE_INS_SETTW,
196 | XCORE_INS_SETV,
197 | XCORE_INS_SEXT,
198 | XCORE_INS_SHL,
199 | XCORE_INS_SHR,
200 | XCORE_INS_SSYNC,
201 | XCORE_INS_ST16,
202 | XCORE_INS_ST8,
203 | XCORE_INS_STW,
204 | XCORE_INS_SUB,
205 | XCORE_INS_SYNCR,
206 | XCORE_INS_TESTCT,
207 | XCORE_INS_TESTLCL,
208 | XCORE_INS_TESTWCT,
209 | XCORE_INS_TSETMR,
210 | XCORE_INS_START,
211 | XCORE_INS_WAITEF,
212 | XCORE_INS_WAITET,
213 | XCORE_INS_WAITEU,
214 | XCORE_INS_XOR,
215 | XCORE_INS_ZEXT,
216 |
217 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions
218 | } xcore_insn;
219 |
220 | /// Group of XCore instructions
221 | typedef enum xcore_insn_group {
222 | XCORE_GRP_INVALID = 0, ///< = CS_GRP_INVALID
223 |
224 | // Generic groups
225 | // all jump instructions (conditional+direct+indirect jumps)
226 | XCORE_GRP_JUMP, ///< = CS_GRP_JUMP
227 |
228 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups
229 | } xcore_insn_group;
230 |
231 | #ifdef __cplusplus
232 | }
233 | #endif
234 |
235 | #endif
236 |
--------------------------------------------------------------------------------
/PEExplorerV2/MainFrm.h:
--------------------------------------------------------------------------------
1 | // MainFrm.h : interface of the CMainFrame class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 |
7 | #include "PEParser.h"
8 | #include "resource.h"
9 | #include "IMainFrame.h"
10 |
11 | class CMainFrame :
12 | public CFrameWindowImpl,
13 | public CUpdateUI,
14 | public CMessageFilter, public CIdleHandler,
15 | public IMainFrame {
16 | public:
17 | CMainFrame();
18 |
19 | DECLARE_FRAME_WND_CLASS(nullptr, IDR_MAINFRAME)
20 |
21 | virtual BOOL PreTranslateMessage(MSG* pMsg);
22 | virtual BOOL OnIdle();
23 | void OnFinalMessage(HWND);
24 |
25 | enum { IDC_TREE = 200 };
26 |
27 | BEGIN_UPDATE_UI_MAP(CMainFrame)
28 | UPDATE_ELEMENT(ID_VIEW_TOOLBAR, UPDUI_MENUPOPUP)
29 | UPDATE_ELEMENT(ID_VIEW_STATUS_BAR, UPDUI_MENUPOPUP)
30 | UPDATE_ELEMENT(ID_VIEW_RESOURCES, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
31 | UPDATE_ELEMENT(ID_VIEW_SUMMARY, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
32 | UPDATE_ELEMENT(ID_VIEW_EXPORTS, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
33 | UPDATE_ELEMENT(ID_VIEW_IMPORTS, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
34 | UPDATE_ELEMENT(ID_VIEW_SECTIONS, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
35 | UPDATE_ELEMENT(ID_VIEW_DIRECTORIES, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
36 | UPDATE_ELEMENT(ID_VIEW_DOTNET, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
37 | UPDATE_ELEMENT(ID_OPTIONS_ALWAYSONTOP, UPDUI_MENUPOPUP)
38 | UPDATE_ELEMENT(ID_OBJECT_VIEWDATA, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
39 | UPDATE_ELEMENT(ID_WINDOW_CLOSE, UPDUI_MENUPOPUP | UPDUI_TOOLBAR)
40 | END_UPDATE_UI_MAP()
41 |
42 | BEGIN_MSG_MAP(CMainFrame)
43 | MESSAGE_HANDLER(WM_CREATE, OnCreate)
44 | MESSAGE_HANDLER(WM_DESTROY, OnDestroy)
45 | COMMAND_ID_HANDLER(ID_APP_EXIT, OnFileExit)
46 | COMMAND_ID_HANDLER(ID_FILE_OPEN, OnFileOpen)
47 | COMMAND_ID_HANDLER(ID_FILE_CLOSE, OnFileClose)
48 | COMMAND_ID_HANDLER(ID_VIEW_TOOLBAR, OnViewToolBar)
49 | COMMAND_ID_HANDLER(ID_VIEW_STATUS_BAR, OnViewStatusBar)
50 | COMMAND_ID_HANDLER(ID_APP_ABOUT, OnAppAbout)
51 | COMMAND_ID_HANDLER(ID_WINDOW_CLOSEALL, OnWindowCloseAll)
52 | COMMAND_ID_HANDLER(ID_WINDOW_CLOSE, OnWindowClose)
53 | COMMAND_ID_HANDLER(ID_OPTIONS_ALWAYSONTOP, OnAlwaysOnTop)
54 | COMMAND_ID_HANDLER(ID_FILE_OPENINANEWWINDOW, OnOpenInNewWindow)
55 | COMMAND_ID_HANDLER(ID_WINDOW_NEW, OnNewWindow)
56 | COMMAND_RANGE_HANDLER(ID_VIEW_SUMMARY, ID_VIEW_DOTNET, OnViewDataItem)
57 | COMMAND_RANGE_HANDLER(ID_WINDOW_TABFIRST, ID_WINDOW_TABLAST, OnWindowActivate)
58 | COMMAND_RANGE_HANDLER(ATL_IDS_MRU_FILE, ATL_IDS_MRU_FILE + 15, OnRecentFile)
59 | MESSAGE_HANDLER(WM_DROPFILES, OnDropFiles)
60 | NOTIFY_HANDLER(IDC_TREE, NM_DBLCLK, OnTreeItemDoubleClick)
61 | CHAIN_MSG_MAP(CUpdateUI)
62 | CHAIN_MSG_MAP(CFrameWindowImpl)
63 | REFLECT_NOTIFICATIONS()
64 | END_MSG_MAP()
65 |
66 | // Handler prototypes (uncomment arguments if needed):
67 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
68 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
69 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
70 |
71 | private:
72 | void InitTree();
73 | void UpdateUI();
74 | void CreateNewTab(TreeNodeType type);
75 | bool SwitchToTab(TreeNodeType type);
76 | bool DoFileOpen(PCWSTR path, bool newWindow = false);
77 | void AddRecentFiles(bool first = false);
78 | void AddToRecentFiles(PCWSTR file);
79 | bool SaveSettings();
80 | bool LoadSettings();
81 | CString GetFileNameToOpen();
82 |
83 | template
84 | CTreeItem InsertTreeItem(PCWSTR text, int image, int selectedImage, T data = 0, HTREEITEM hParent = TVI_ROOT, HTREEITEM hAfter = TVI_LAST);
85 |
86 | // IMainFrame
87 | UINT ShowContextMenu(HMENU menu, const POINT& pt, DWORD flags) override;
88 | CTreeItem CreateHexView(TreeNodeType type, PCWSTR title, LPARAM param) override;
89 | CTreeItem CreateAssemblyView(const ExportedSymbol& symbol) override;
90 | bool OpenDocument(PCWSTR name, bool newWindow) override;
91 | CTreeItem CreateTypeMembersView(const ManagedType& type) override;
92 |
93 | LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
94 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& bHandled);
95 | LRESULT OnFileExit(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
96 | LRESULT OnWindowClose(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
97 | LRESULT OnWindowCloseAll(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
98 | LRESULT OnViewToolBar(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
99 | LRESULT OnViewStatusBar(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
100 | LRESULT OnAppAbout(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
101 | LRESULT OnFileOpen(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
102 | LRESULT OnFileClose(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
103 | LRESULT OnTreeItemDoubleClick(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
104 | LRESULT OnViewDataItem(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
105 | LRESULT OnDropFiles(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
106 | LRESULT OnWindowActivate(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
107 | LRESULT OnRecentFile(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
108 | LRESULT OnOpenInNewWindow(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
109 | LRESULT OnAlwaysOnTop(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
110 | LRESULT OnNewWindow(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
111 |
112 | private:
113 | std::vector m_RecentFiles;
114 | CSplitterWindow m_splitter;
115 | CTreeViewCtrlEx m_tree;
116 | CTabView m_view;
117 | CCommandBarCtrl m_CmdBar;
118 | std::unique_ptr m_Parser;
119 | CString m_FileName, m_FilePath;
120 | std::unordered_map m_TreeNodes;
121 | static int m_TotalFrames;
122 |
123 | };
124 |
125 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Build results
17 | [Dd]ebug/
18 | [Dd]ebugPublic/
19 | [Rr]elease/
20 | [Rr]eleases/
21 | x64/
22 | x86/
23 | [Aa][Rr][Mm]/
24 | [Aa][Rr][Mm]64/
25 | bld/
26 | [Bb]in/
27 | [Oo]bj/
28 | [Ll]og/
29 |
30 | # Visual Studio 2015/2017 cache/options directory
31 | .vs/
32 | # Uncomment if you have tasks that create the project's static files in wwwroot
33 | #wwwroot/
34 |
35 | # Visual Studio 2017 auto generated files
36 | Generated\ Files/
37 |
38 | # MSTest test Results
39 | [Tt]est[Rr]esult*/
40 | [Bb]uild[Ll]og.*
41 |
42 | # NUNIT
43 | *.VisualState.xml
44 | TestResult.xml
45 |
46 | # Build Results of an ATL Project
47 | [Dd]ebugPS/
48 | [Rr]eleasePS/
49 | dlldata.c
50 |
51 | # Benchmark Results
52 | BenchmarkDotNet.Artifacts/
53 |
54 | # .NET Core
55 | project.lock.json
56 | project.fragment.lock.json
57 | artifacts/
58 |
59 | # StyleCop
60 | StyleCopReport.xml
61 |
62 | # Files built by Visual Studio
63 | *_i.c
64 | *_p.c
65 | *_h.h
66 | *.ilk
67 | *.meta
68 | *.obj
69 | *.iobj
70 | *.pch
71 | *.pdb
72 | *.ipdb
73 | *.pgc
74 | *.pgd
75 | *.rsp
76 | *.sbr
77 | *.tlb
78 | *.tli
79 | *.tlh
80 | *.tmp
81 | *.tmp_proj
82 | *_wpftmp.csproj
83 | *.log
84 | *.vspscc
85 | *.vssscc
86 | .builds
87 | *.pidb
88 | *.svclog
89 | *.scc
90 |
91 | # Chutzpah Test files
92 | _Chutzpah*
93 |
94 | # Visual C++ cache files
95 | ipch/
96 | *.aps
97 | *.ncb
98 | *.opendb
99 | *.opensdf
100 | *.sdf
101 | *.cachefile
102 | *.VC.db
103 | *.VC.VC.opendb
104 |
105 | # Visual Studio profiler
106 | *.psess
107 | *.vsp
108 | *.vspx
109 | *.sap
110 |
111 | # Visual Studio Trace Files
112 | *.e2e
113 |
114 | # TFS 2012 Local Workspace
115 | $tf/
116 |
117 | # Guidance Automation Toolkit
118 | *.gpState
119 |
120 | # ReSharper is a .NET coding add-in
121 | _ReSharper*/
122 | *.[Rr]e[Ss]harper
123 | *.DotSettings.user
124 |
125 | # JustCode is a .NET coding add-in
126 | .JustCode
127 |
128 | # TeamCity is a build add-in
129 | _TeamCity*
130 |
131 | # DotCover is a Code Coverage Tool
132 | *.dotCover
133 |
134 | # AxoCover is a Code Coverage Tool
135 | .axoCover/*
136 | !.axoCover/settings.json
137 |
138 | # Visual Studio code coverage results
139 | *.coverage
140 | *.coveragexml
141 |
142 | # NCrunch
143 | _NCrunch_*
144 | .*crunch*.local.xml
145 | nCrunchTemp_*
146 |
147 | # MightyMoose
148 | *.mm.*
149 | AutoTest.Net/
150 |
151 | # Web workbench (sass)
152 | .sass-cache/
153 |
154 | # Installshield output folder
155 | [Ee]xpress/
156 |
157 | # DocProject is a documentation generator add-in
158 | DocProject/buildhelp/
159 | DocProject/Help/*.HxT
160 | DocProject/Help/*.HxC
161 | DocProject/Help/*.hhc
162 | DocProject/Help/*.hhk
163 | DocProject/Help/*.hhp
164 | DocProject/Help/Html2
165 | DocProject/Help/html
166 |
167 | # Click-Once directory
168 | publish/
169 |
170 | # Publish Web Output
171 | *.[Pp]ublish.xml
172 | *.azurePubxml
173 | # Note: Comment the next line if you want to checkin your web deploy settings,
174 | # but database connection strings (with potential passwords) will be unencrypted
175 | *.pubxml
176 | *.publishproj
177 |
178 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
179 | # checkin your Azure Web App publish settings, but sensitive information contained
180 | # in these scripts will be unencrypted
181 | PublishScripts/
182 |
183 | # NuGet Packages
184 | *.nupkg
185 | # The packages folder can be ignored because of Package Restore
186 | **/[Pp]ackages/*
187 | # except build/, which is used as an MSBuild target.
188 | !**/[Pp]ackages/build/
189 | # Uncomment if necessary however generally it will be regenerated when needed
190 | #!**/[Pp]ackages/repositories.config
191 | # NuGet v3's project.json files produces more ignorable files
192 | *.nuget.props
193 | *.nuget.targets
194 |
195 | # Microsoft Azure Build Output
196 | csx/
197 | *.build.csdef
198 |
199 | # Microsoft Azure Emulator
200 | ecf/
201 | rcf/
202 |
203 | # Windows Store app package directories and files
204 | AppPackages/
205 | BundleArtifacts/
206 | Package.StoreAssociation.xml
207 | _pkginfo.txt
208 | *.appx
209 |
210 | # Visual Studio cache files
211 | # files ending in .cache can be ignored
212 | *.[Cc]ache
213 | # but keep track of directories ending in .cache
214 | !?*.[Cc]ache/
215 |
216 | # Others
217 | ClientBin/
218 | ~$*
219 | *~
220 | *.dbmdl
221 | *.dbproj.schemaview
222 | *.jfm
223 | *.pfx
224 | *.publishsettings
225 | orleans.codegen.cs
226 |
227 | # Including strong name files can present a security risk
228 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
229 | #*.snk
230 |
231 | # Since there are multiple workflows, uncomment next line to ignore bower_components
232 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
233 | #bower_components/
234 |
235 | # RIA/Silverlight projects
236 | Generated_Code/
237 |
238 | # Backup & report files from converting an old project file
239 | # to a newer Visual Studio version. Backup files are not needed,
240 | # because we have git ;-)
241 | _UpgradeReport_Files/
242 | Backup*/
243 | UpgradeLog*.XML
244 | UpgradeLog*.htm
245 | ServiceFabricBackup/
246 | *.rptproj.bak
247 |
248 | # SQL Server files
249 | *.mdf
250 | *.ldf
251 | *.ndf
252 |
253 | # Business Intelligence projects
254 | *.rdl.data
255 | *.bim.layout
256 | *.bim_*.settings
257 | *.rptproj.rsuser
258 | *- Backup*.rdl
259 |
260 | # Microsoft Fakes
261 | FakesAssemblies/
262 |
263 | # GhostDoc plugin setting file
264 | *.GhostDoc.xml
265 |
266 | # Node.js Tools for Visual Studio
267 | .ntvs_analysis.dat
268 | node_modules/
269 |
270 | # Visual Studio 6 build log
271 | *.plg
272 |
273 | # Visual Studio 6 workspace options file
274 | *.opt
275 |
276 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
277 | *.vbw
278 |
279 | # Visual Studio LightSwitch build output
280 | **/*.HTMLClient/GeneratedArtifacts
281 | **/*.DesktopClient/GeneratedArtifacts
282 | **/*.DesktopClient/ModelManifest.xml
283 | **/*.Server/GeneratedArtifacts
284 | **/*.Server/ModelManifest.xml
285 | _Pvt_Extensions
286 |
287 | # Paket dependency manager
288 | .paket/paket.exe
289 | paket-files/
290 |
291 | # FAKE - F# Make
292 | .fake/
293 |
294 | # JetBrains Rider
295 | .idea/
296 | *.sln.iml
297 |
298 | # CodeRush personal settings
299 | .cr/personal
300 |
301 | # Python Tools for Visual Studio (PTVS)
302 | __pycache__/
303 | *.pyc
304 |
305 | # Cake - Uncomment if you are using it
306 | # tools/**
307 | # !tools/packages.config
308 |
309 | # Tabs Studio
310 | *.tss
311 |
312 | # Telerik's JustMock configuration file
313 | *.jmconfig
314 |
315 | # BizTalk build output
316 | *.btp.cs
317 | *.btm.cs
318 | *.odx.cs
319 | *.xsd.cs
320 |
321 | # OpenCover UI analysis results
322 | OpenCover/
323 |
324 | # Azure Stream Analytics local run output
325 | ASALocalRun/
326 |
327 | # MSBuild Binary and Structured Log
328 | *.binlog
329 |
330 | # NVidia Nsight GPU debugger configuration file
331 | *.nvuser
332 |
333 | # MFractors (Xamarin productivity tool) working folder
334 | .mfractor/
335 |
336 | # Local History for Visual Studio
337 | .localhistory/
338 |
339 | # BeatPulse healthcheck temp database
340 | healthchecksdb
--------------------------------------------------------------------------------
/PEExplorerV2/ImageOptionalHeaderStruct.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ImageOptionalHeaderStruct.h"
3 | #include "PEStrings.h"
4 |
5 | ImageOptionalHeaderStruct::ImageOptionalHeaderStruct(PEParser* parser) : _parser(parser) {
6 | BuildMembers();
7 | }
8 |
9 | CString ImageOptionalHeaderStruct::GetName() const {
10 | return L"IMAGE_OPTIONAL_HEADER";
11 | }
12 |
13 | int ImageOptionalHeaderStruct::GetMemberCount() const {
14 | return static_cast(_members.size());
15 | }
16 |
17 | const MemberInfo& ImageOptionalHeaderStruct::GetMemberInfo(int index) const {
18 | return _members[index];
19 | }
20 |
21 | void ImageOptionalHeaderStruct::BuildMembers() {
22 | if (_parser->IsPe64())
23 | BuildMemberInternal64();
24 | else
25 | BuildMemberInternal32();
26 | }
27 |
28 | void ImageOptionalHeaderStruct::BuildMemberInternal32() {
29 | auto& header = _parser->GetOptionalHeader32();
30 |
31 | _members = std::vector{
32 | MemberInfo(L"Magic", 0, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Magic)),
33 | MemberInfo(L"MajorLinkerVersion", 2, L"BYTE", sizeof(BYTE), PEStrings::ToDecAndHex(header.MajorLinkerVersion)),
34 | MemberInfo(L"MinorLinkerVersion", 3, L"BYTE", sizeof(BYTE), PEStrings::ToDecAndHex(header.MinorLinkerVersion)),
35 | MemberInfo(L"SizeOfCode", 4, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfCode)),
36 | MemberInfo(L"SizeOfInitializedData", 8, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfInitializedData)),
37 | MemberInfo(L"SizeOfUninitializedData", 12, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfUninitializedData)),
38 | MemberInfo(L"AddressOfEntryPoint", 16, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.AddressOfEntryPoint)),
39 | MemberInfo(L"BaseOfCode", 20, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.BaseOfCode)),
40 | MemberInfo(L"ImageBase", 24, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.ImageBase)),
41 | MemberInfo(L"SectionAlignment", 28, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SectionAlignment)),
42 | MemberInfo(L"FileAlignment", 32, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.FileAlignment)),
43 | MemberInfo(L"MajorOperatingSystemVersion", 36, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorOperatingSystemVersion)),
44 | MemberInfo(L"MinorOperatingSystemVersion", 38, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorOperatingSystemVersion)),
45 | MemberInfo(L"MajorImageVersion", 40, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorImageVersion)),
46 | MemberInfo(L"MinorImageVersion", 42, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorImageVersion)),
47 | MemberInfo(L"MajorSubsystemVersion", 44, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorSubsystemVersion)),
48 | MemberInfo(L"MinorSubsystemVersion", 46, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorSubsystemVersion)),
49 | MemberInfo(L"Win32VersionValue", 48, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.Win32VersionValue)),
50 | MemberInfo(L"SizeOfImage", 52, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfImage)),
51 | MemberInfo(L"SizeOfHeaders", 56, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfHeaders)),
52 | MemberInfo(L"Checksum", 60, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.CheckSum)),
53 | MemberInfo(L"Subsystem", 64, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Subsystem)),
54 | MemberInfo(L"DllCharacteristics", 66, L"DWORD", sizeof(WORD), PEStrings::ToDecAndHex(header.DllCharacteristics)),
55 | MemberInfo(L"SizeOfStackReserve", 68, L"DWORD", sizeof(DWORD), PEStrings::ToMemorySize(header.SizeOfStackReserve)),
56 | MemberInfo(L"SizeOfStackCommit", 72, L"DWORD", sizeof(DWORD), PEStrings::ToMemorySize(header.SizeOfStackCommit)),
57 | MemberInfo(L"SizeOfHeapReserve", 76, L"DWORD", sizeof(DWORD), PEStrings::ToMemorySize(header.SizeOfHeapReserve)),
58 | MemberInfo(L"SizeOfHeapCommit", 80, L"DWORD", sizeof(DWORD), PEStrings::ToMemorySize(header.SizeOfHeapCommit)),
59 | MemberInfo(L"LoaderFlags", 84, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.LoaderFlags)),
60 | MemberInfo(L"NumberOfRvaAndSizes", 88, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.NumberOfRvaAndSizes)),
61 | };
62 | }
63 |
64 | void ImageOptionalHeaderStruct::BuildMemberInternal64() {
65 | auto& header = _parser->GetOptionalHeader64();
66 |
67 | _members = std::vector{
68 | MemberInfo(L"Magic", 0, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Magic)),
69 | MemberInfo(L"MajorLinkerVersion", 2, L"BYTE", sizeof(BYTE), PEStrings::ToDecAndHex(header.MajorLinkerVersion)),
70 | MemberInfo(L"MinorLinkerVersion", 3, L"BYTE", sizeof(BYTE), PEStrings::ToDecAndHex(header.MinorLinkerVersion)),
71 | MemberInfo(L"SizeOfCode", 4, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfCode)),
72 | MemberInfo(L"SizeOfInitializedData", 8, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfInitializedData)),
73 | MemberInfo(L"SizeOfUninitializedData", 12, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfUninitializedData)),
74 | MemberInfo(L"AddressOfEntryPoint", 16, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.AddressOfEntryPoint)),
75 | MemberInfo(L"BaseOfCode", 20, L"DWORD", sizeof(DWORD), PEStrings::ToHex(header.BaseOfCode)),
76 | MemberInfo(L"ImageBase", 24, L"ULONGLONG", sizeof(ULONGLONG), PEStrings::ToHex(header.ImageBase)),
77 | MemberInfo(L"SectionAlignment", 32, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SectionAlignment)),
78 | MemberInfo(L"FileAlignment", 36, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.FileAlignment)),
79 | MemberInfo(L"MajorOperatingSystemVersion", 40, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorOperatingSystemVersion)),
80 | MemberInfo(L"MinorOperatingSystemVersion", 42, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorOperatingSystemVersion)),
81 | MemberInfo(L"MajorImageVersion", 44, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorImageVersion)),
82 | MemberInfo(L"MinorImageVersion", 46, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorImageVersion)),
83 | MemberInfo(L"MajorSubsystemVersion", 48, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MajorSubsystemVersion)),
84 | MemberInfo(L"MinorSubsystemVersion", 50, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.MinorSubsystemVersion)),
85 | MemberInfo(L"Win32VersionValue", 52, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.Win32VersionValue)),
86 | MemberInfo(L"SizeOfImage", 56, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfImage)),
87 | MemberInfo(L"SizeOfHeaders", 60, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.SizeOfHeaders)),
88 | MemberInfo(L"Checksum", 64, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.CheckSum)),
89 | MemberInfo(L"Subsystem", 68, L"WORD", sizeof(WORD), PEStrings::ToDecAndHex(header.Subsystem)),
90 | MemberInfo(L"DllCharacteristics", 70, L"DWORD", sizeof(WORD), PEStrings::ToDecAndHex(header.DllCharacteristics)),
91 | MemberInfo(L"SizeOfStackReserve", 72, L"ULONGLONG", sizeof(ULONGLONG), PEStrings::ToMemorySize(header.SizeOfStackReserve)),
92 | MemberInfo(L"SizeOfStackCommit", 80, L"ULONGLONG", sizeof(ULONGLONG), PEStrings::ToMemorySize(header.SizeOfStackCommit)),
93 | MemberInfo(L"SizeOfHeapReserve", 88, L"ULONGLONG", sizeof(ULONGLONG), PEStrings::ToMemorySize(header.SizeOfHeapReserve)),
94 | MemberInfo(L"SizeOfHeapCommit", 96, L"ULONGLONG", sizeof(ULONGLONG), PEStrings::ToMemorySize(header.SizeOfHeapCommit)),
95 | MemberInfo(L"LoaderFlags", 104, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.LoaderFlags)),
96 | MemberInfo(L"NumberOfRvaAndSizes", 108, L"DWORD", sizeof(DWORD), PEStrings::ToDecAndHex(header.NumberOfRvaAndSizes)),
97 | };
98 | }
99 |
--------------------------------------------------------------------------------
/PEParser/PEParser.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 | #include
7 |
8 | class CLRMetadataParser;
9 |
10 | struct ExportedSymbol {
11 | std::string Name;
12 | std::string UndecoratedName;
13 | std::string ForwardName;
14 | DWORD Address;
15 | unsigned short Ordinal;
16 | int Hint;
17 | };
18 |
19 | struct ImportedSymbol {
20 | std::string Name;
21 | std::string UndecoratedName;
22 | unsigned short Hint;
23 | };
24 |
25 | struct ImportedLibrary {
26 | std::string Name;
27 | std::vector Symbols;
28 | };
29 |
30 | enum class SubsystemType : short {
31 | Unknown,
32 | Native = 1,
33 | WindowsGUI = 2,
34 | WindowsCUI = 3,
35 | PosixCUI = 7,
36 | NativeWin9x = 8,
37 | WindowsCEGUI = 9,
38 | EfiApplication = 10,
39 | EfiBootServiceDriver = 11,
40 | EfiRuntimeDriver = 12,
41 | EfiROM = 13,
42 | XBOX = 14,
43 | BootApplication = 16,
44 | XBoxCodeCatalog = 17,
45 | };
46 |
47 | enum class CfgFlags : uint32_t {
48 | CfInstrumented = 0x100,
49 | CfwInstrumented = 0x200,
50 | CfFunctionTablePresent = 0x400,
51 | SecurityCookieUnused = 0x800,
52 | ProtectDelayLoadIat = 0x1000,
53 | DelayLoadIatInItsOwnSection = 0x2000,
54 | CfExportSuppressionInfoPresent = 0x4000,
55 | CfEnableExportSuppression = 0x8000,
56 | CfLongJmpTablePresent = 0x10000,
57 | CfFunctionTableSizeMask = 0xf0000000,
58 | };
59 | DEFINE_ENUM_FLAG_OPERATORS(CfgFlags);
60 |
61 | enum class DllCharacteristics : unsigned short {
62 | None = 0,
63 | HighEntropyVA = 0x20,
64 | DynamicBase = 0x40,
65 | ForceIntegrity = 0x80,
66 | NxCompat = 0x100,
67 | NoIsolation = 0x200,
68 | NoSEH = 0x400,
69 | NoBind = 0x800,
70 | AppContainer = 0x1000,
71 | WDMDriver = 0x2000,
72 | ControlFlowGuard = 0x4000,
73 | TerminalServerAware = 0x8000
74 | };
75 | DEFINE_ENUM_FLAG_OPERATORS(DllCharacteristics);
76 |
77 | enum class ImageCharacteristics : unsigned short {
78 | None = 0,
79 | RelocsStripped = 1,
80 | ExecutableImage = 2,
81 | LineNumsStripped = 4,
82 | LocalSymbolsStripped = 8,
83 | AggressiveTrimWorkingSet = 0x10,
84 | LargeAddressAware = 0x20,
85 | LittleEndian = 0x80,
86 | Machine32Bit = 0x100,
87 | DebugInfoStripped = 0x200,
88 | RemovableRunFromSwap = 0x400,
89 | NetRunFromSwap = 0x800,
90 | SystemFile = 0x1000,
91 | DllFile = 0x2000,
92 | SingleCpuOnly = 0x4000,
93 | BigEndian = 0x8000
94 | };
95 | DEFINE_ENUM_FLAG_OPERATORS(ImageCharacteristics);
96 |
97 | enum class ImageDebugType {
98 | Unknown,
99 | Coff,
100 | CodeView,
101 | Fpo,
102 | Misc,
103 | Exception,
104 | Fixup,
105 | Borland = 9,
106 | Repro = 16
107 | };
108 |
109 | enum class ControlFlowGuardFlags {
110 | Instrumented = 0x100,
111 | WriteInstrumented = 0x200,
112 | FunctionTablePresent = 0x400,
113 | SecurityCookieUnused = 0x800,
114 | ProtectDelayLoadIAT = 0x1000,
115 | DelayLoadIATOwnSection = 0x2000,
116 | ExportSuppressInfo = 0x4000,
117 | EnableExportSuppression = 0x8000,
118 | LongJumpTablePresent = 0x10000
119 | };
120 |
121 | enum class SectionFlags : unsigned {
122 | None = 0,
123 | NoPad = 8,
124 | Code = 0x20,
125 | InitializedData = 0x40,
126 | UninitializedData = 0x80,
127 | Other = 0x100,
128 | Info = 0x200,
129 | Remove = 0x800,
130 | Comdat = 0x1000,
131 | GPRel = 0x80000,
132 | Align1Byte = 0x100000,
133 | Align2Bytes = 0x200000,
134 | ExtendedReloc = 0x1000000,
135 | Discardable = 0x2000000,
136 | NotCached = 0x4000000,
137 | NotPaged = 0x8000000,
138 | Shared = 0x10000000,
139 | Execute = 0x20000000,
140 | Read = 0x40000000,
141 | Write = 0x80000000,
142 | };
143 | DEFINE_ENUM_FLAG_OPERATORS(SectionFlags);
144 |
145 | enum class OptionalHeaderMagic : short {
146 | PE32 = 0x10b,
147 | PE32Plus = 0x20b,
148 | Rom = 0x107
149 | };
150 |
151 | enum class MachineType : unsigned short {
152 | Unknown = 0,
153 | X86 = 332,
154 | Arm = 0x1c0,
155 | Arm_NT = 0x1c4,
156 | IA64 = 512,
157 | Amd64 = 34404,
158 | Arm64 = 43620,
159 | };
160 |
161 | struct ResourceInfo {
162 | CString Name;
163 | DWORD Rva;
164 | DWORD Size;
165 | void* Address;
166 | WORD Id;
167 | bool IsId{ false };
168 | };
169 |
170 | struct ResourceType {
171 | CString Name;
172 | std::vector Items;
173 | WORD Id;
174 | bool IsId{ false };
175 | };
176 |
177 | enum class ManagedTypeKind {
178 | Attribute,
179 | Class,
180 | Delegate,
181 | Enum,
182 | Interface,
183 | Struct,
184 | Count
185 | };
186 |
187 | struct ManagedType {
188 | CString Name;
189 | CorTypeAttr Attributes;
190 | mdTypeDef Token;
191 | mdToken BaseTypeToken;
192 | CString BaseTypeName;
193 | ManagedTypeKind Kind;
194 | };
195 |
196 | struct ManagedTypeRef {
197 | CString Name;
198 | mdTypeDef Token;
199 | mdToken Scope;
200 | };
201 |
202 | enum class ManagedMemberType {
203 | Method,
204 | Property,
205 | Event,
206 | Field,
207 | Constructor,
208 | Type,
209 | StaticConstructor
210 | };
211 |
212 | struct ArchiveMemberHeader {
213 | char Name[16];
214 | char Date[12];
215 | char UserID[6];
216 | char GroupId[6];
217 | char Mode[8];
218 | char Size[10];
219 | char EndOfHeader[2];
220 | };
221 |
222 | struct ManagedMember {
223 | CString Name;
224 | mdToken Token;
225 | mdToken ClassToken;
226 | ManagedMemberType Type;
227 | DWORD Attributes;
228 | union {
229 | struct {
230 | DWORD TypeFlags;
231 | } Field;
232 | struct {
233 | DWORD ImplFlags;
234 | DWORD CodeRva;
235 | } Method;
236 | struct {
237 | mdMethodDef AddMethod, RemoveMethod, FireMethod;
238 | mdToken EventType;
239 | } Event;
240 | struct {
241 | mdToken Setter, Getter;
242 | DWORD CPlusTypeFlag;
243 | } Property;
244 | };
245 | // CString StringConst;
246 | };
247 |
248 | class PEParser final {
249 | public:
250 | explicit PEParser(const wchar_t* path);
251 | ~PEParser();
252 |
253 | bool IsValid() const;
254 | bool IsPe64() const;
255 | bool IsExecutable() const;
256 | bool IsManaged() const;
257 | bool HasExports() const;
258 | bool HasImports() const;
259 |
260 | int GetSectionCount() const;
261 | const IMAGE_SECTION_HEADER* GetSectionHeader(ULONG section) const;
262 | const IMAGE_DATA_DIRECTORY* GetDataDirectory(int index) const;
263 | const IMAGE_DOS_HEADER& GetDosHeader() const;
264 | void* GetBaseAddress() const;
265 |
266 | CString GetSectionName(ULONG section) const;
267 |
268 | std::vector GetExports() const;
269 | std::vector GetImports() const;
270 | const IMAGE_FILE_HEADER& GetFileHeader() const;
271 | std::vector EnumResources() const;
272 | bool GetImportAddressTable() const;
273 | bool IsCLRMetadataAvailable() const;
274 |
275 | std::vector GetTlsInfo() const;
276 |
277 | void* GetAddress(unsigned rva) const;
278 |
279 | SubsystemType GetSubsystemType() const;
280 |
281 | IMAGE_OPTIONAL_HEADER64& GetOptionalHeader64() const {
282 | return *_opt64;
283 | }
284 |
285 | IMAGE_OPTIONAL_HEADER32& GetOptionalHeader32() const {
286 | return *_opt32;
287 | }
288 |
289 | IMAGE_COR20_HEADER* GetCLRHeader() const;
290 | CLRMetadataParser* GetCLRParser() const;
291 | std::vector> EnumCertificates() const;
292 | const IMAGE_LOAD_CONFIG_DIRECTORY64* GetLoadConfiguration64() const;
293 | const IMAGE_LOAD_CONFIG_DIRECTORY32* GetLoadConfiguration32() const;
294 | PVOID GetDataDirectoryAddress(UINT index, PULONG size) const;
295 |
296 | bool IsImportLib() const;
297 | bool IsObjectFile() const;
298 |
299 | private:
300 | bool IsObjectPe64() const;
301 | void CheckValidity();
302 | unsigned RvaToFileOffset(unsigned rva) const;
303 |
304 | //void ParseResourceDirectoryEntry(IMAGE_RESOURCE_DIRECTORY_ENTRY* entry, void* root, const CString& parent, IResourceCallback*) const;
305 | //void ParseResourceDirectory(IMAGE_RESOURCE_DIRECTORY* dir, void* root, const CString& parent, IResourceCallback*) const;
306 |
307 | CString GetResourceName(void* data) const;
308 |
309 | PBYTE _address{ nullptr };
310 | HMODULE _module{ nullptr };
311 | HANDLE _hMemMap{ nullptr };
312 | HANDLE _hFile{ INVALID_HANDLE_VALUE };
313 | IMAGE_DOS_HEADER* _dosHeader;
314 | IMAGE_FILE_HEADER* _fileHeader;
315 | IMAGE_SECTION_HEADER* _sections;
316 | IMAGE_OPTIONAL_HEADER32* _opt32{ nullptr };
317 | IMAGE_OPTIONAL_HEADER64* _opt64{ nullptr };
318 | CComPtr _spMetadata;
319 | std::wstring _path;
320 | mutable HMODULE _resModule{ nullptr };
321 | mutable std::unique_ptr _clrParser;
322 | bool _valid = false;
323 | bool _importLib = false, _objectFile = false;
324 | };
325 |
--------------------------------------------------------------------------------
/PEParser/PEParser.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | {380BBF10-5A72-4F23-B9A2-6FE7A76E8B5F}
24 | Win32Proj
25 | PEParser
26 | 10.0
27 |
28 |
29 |
30 | StaticLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | StaticLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | StaticLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | StaticLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | true
90 | _DEBUG;_LIB;%(PreprocessorDefinitions)
91 | true
92 | pch.h
93 | MultiThreadedDebug
94 | stdcpp17
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 | Use
104 | Level3
105 | true
106 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)
107 | true
108 | pch.h
109 | stdcpp17
110 | MultiThreadedDebug
111 |
112 |
113 | Windows
114 | true
115 |
116 |
117 |
118 |
119 | Use
120 | Level3
121 | true
122 | true
123 | true
124 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)
125 | true
126 | pch.h
127 | MultiThreaded
128 | stdcpp17
129 | false
130 |
131 |
132 | Windows
133 | true
134 | true
135 | true
136 |
137 |
138 |
139 |
140 | Use
141 | Level3
142 | true
143 | true
144 | true
145 | NDEBUG;_LIB;%(PreprocessorDefinitions)
146 | true
147 | pch.h
148 | MultiThreaded
149 | stdcpp17
150 | false
151 |
152 |
153 | Windows
154 | true
155 | true
156 | true
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 | Create
168 | Create
169 | Create
170 | Create
171 |
172 |
173 |
174 |
175 |
176 |
177 |
--------------------------------------------------------------------------------
/PEExplorerV2/Capstone/tms320c64x.h:
--------------------------------------------------------------------------------
1 | /* Capstone Disassembly Engine */
2 | /* TMS320C64x Backend by Fotis Loukos 2016 */
3 |
4 | #ifndef CAPSTONE_TMS320C64X_H
5 | #define CAPSTONE_TMS320C64X_H
6 |
7 | #ifdef __cplusplus
8 | extern "C" {
9 | #endif
10 |
11 | #include
12 | #include "platform.h"
13 |
14 | #ifdef _MSC_VER
15 | #pragma warning(disable:4201)
16 | #endif
17 |
18 | typedef enum tms320c64x_op_type {
19 | TMS320C64X_OP_INVALID = 0, ///< = CS_OP_INVALID (Uninitialized).
20 | TMS320C64X_OP_REG, ///< = CS_OP_REG (Register operand).
21 | TMS320C64X_OP_IMM, ///< = CS_OP_IMM (Immediate operand).
22 | TMS320C64X_OP_MEM, ///< = CS_OP_MEM (Memory operand).
23 | TMS320C64X_OP_REGPAIR = 64, ///< Register pair for double word ops
24 | } tms320c64x_op_type;
25 |
26 | typedef enum tms320c64x_mem_disp {
27 | TMS320C64X_MEM_DISP_INVALID = 0,
28 | TMS320C64X_MEM_DISP_CONSTANT,
29 | TMS320C64X_MEM_DISP_REGISTER,
30 | } tms320c64x_mem_disp;
31 |
32 | typedef enum tms320c64x_mem_dir {
33 | TMS320C64X_MEM_DIR_INVALID = 0,
34 | TMS320C64X_MEM_DIR_FW,
35 | TMS320C64X_MEM_DIR_BW,
36 | } tms320c64x_mem_dir;
37 |
38 | typedef enum tms320c64x_mem_mod {
39 | TMS320C64X_MEM_MOD_INVALID = 0,
40 | TMS320C64X_MEM_MOD_NO,
41 | TMS320C64X_MEM_MOD_PRE,
42 | TMS320C64X_MEM_MOD_POST,
43 | } tms320c64x_mem_mod;
44 |
45 | typedef struct tms320c64x_op_mem {
46 | unsigned int base; ///< base register
47 | unsigned int disp; ///< displacement/offset value
48 | unsigned int unit; ///< unit of base and offset register
49 | unsigned int scaled; ///< offset scaled
50 | unsigned int disptype; ///< displacement type
51 | unsigned int direction; ///< direction
52 | unsigned int modify; ///< modification
53 | } tms320c64x_op_mem;
54 |
55 | typedef struct cs_tms320c64x_op {
56 | tms320c64x_op_type type; ///< operand type
57 | union {
58 | unsigned int reg; ///< register value for REG operand or first register for REGPAIR operand
59 | int32_t imm; ///< immediate value for IMM operand
60 | tms320c64x_op_mem mem; ///< base/disp value for MEM operand
61 | };
62 | } cs_tms320c64x_op;
63 |
64 | typedef struct cs_tms320c64x {
65 | uint8_t op_count;
66 | cs_tms320c64x_op operands[8]; ///< operands for this instruction.
67 | struct {
68 | unsigned int reg;
69 | unsigned int zero;
70 | } condition;
71 | struct {
72 | unsigned int unit;
73 | unsigned int side;
74 | unsigned int crosspath;
75 | } funit;
76 | unsigned int parallel;
77 | } cs_tms320c64x;
78 |
79 | typedef enum tms320c64x_reg {
80 | TMS320C64X_REG_INVALID = 0,
81 |
82 | TMS320C64X_REG_AMR,
83 | TMS320C64X_REG_CSR,
84 | TMS320C64X_REG_DIER,
85 | TMS320C64X_REG_DNUM,
86 | TMS320C64X_REG_ECR,
87 | TMS320C64X_REG_GFPGFR,
88 | TMS320C64X_REG_GPLYA,
89 | TMS320C64X_REG_GPLYB,
90 | TMS320C64X_REG_ICR,
91 | TMS320C64X_REG_IER,
92 | TMS320C64X_REG_IERR,
93 | TMS320C64X_REG_ILC,
94 | TMS320C64X_REG_IRP,
95 | TMS320C64X_REG_ISR,
96 | TMS320C64X_REG_ISTP,
97 | TMS320C64X_REG_ITSR,
98 | TMS320C64X_REG_NRP,
99 | TMS320C64X_REG_NTSR,
100 | TMS320C64X_REG_REP,
101 | TMS320C64X_REG_RILC,
102 | TMS320C64X_REG_SSR,
103 | TMS320C64X_REG_TSCH,
104 | TMS320C64X_REG_TSCL,
105 | TMS320C64X_REG_TSR,
106 | TMS320C64X_REG_A0,
107 | TMS320C64X_REG_A1,
108 | TMS320C64X_REG_A2,
109 | TMS320C64X_REG_A3,
110 | TMS320C64X_REG_A4,
111 | TMS320C64X_REG_A5,
112 | TMS320C64X_REG_A6,
113 | TMS320C64X_REG_A7,
114 | TMS320C64X_REG_A8,
115 | TMS320C64X_REG_A9,
116 | TMS320C64X_REG_A10,
117 | TMS320C64X_REG_A11,
118 | TMS320C64X_REG_A12,
119 | TMS320C64X_REG_A13,
120 | TMS320C64X_REG_A14,
121 | TMS320C64X_REG_A15,
122 | TMS320C64X_REG_A16,
123 | TMS320C64X_REG_A17,
124 | TMS320C64X_REG_A18,
125 | TMS320C64X_REG_A19,
126 | TMS320C64X_REG_A20,
127 | TMS320C64X_REG_A21,
128 | TMS320C64X_REG_A22,
129 | TMS320C64X_REG_A23,
130 | TMS320C64X_REG_A24,
131 | TMS320C64X_REG_A25,
132 | TMS320C64X_REG_A26,
133 | TMS320C64X_REG_A27,
134 | TMS320C64X_REG_A28,
135 | TMS320C64X_REG_A29,
136 | TMS320C64X_REG_A30,
137 | TMS320C64X_REG_A31,
138 | TMS320C64X_REG_B0,
139 | TMS320C64X_REG_B1,
140 | TMS320C64X_REG_B2,
141 | TMS320C64X_REG_B3,
142 | TMS320C64X_REG_B4,
143 | TMS320C64X_REG_B5,
144 | TMS320C64X_REG_B6,
145 | TMS320C64X_REG_B7,
146 | TMS320C64X_REG_B8,
147 | TMS320C64X_REG_B9,
148 | TMS320C64X_REG_B10,
149 | TMS320C64X_REG_B11,
150 | TMS320C64X_REG_B12,
151 | TMS320C64X_REG_B13,
152 | TMS320C64X_REG_B14,
153 | TMS320C64X_REG_B15,
154 | TMS320C64X_REG_B16,
155 | TMS320C64X_REG_B17,
156 | TMS320C64X_REG_B18,
157 | TMS320C64X_REG_B19,
158 | TMS320C64X_REG_B20,
159 | TMS320C64X_REG_B21,
160 | TMS320C64X_REG_B22,
161 | TMS320C64X_REG_B23,
162 | TMS320C64X_REG_B24,
163 | TMS320C64X_REG_B25,
164 | TMS320C64X_REG_B26,
165 | TMS320C64X_REG_B27,
166 | TMS320C64X_REG_B28,
167 | TMS320C64X_REG_B29,
168 | TMS320C64X_REG_B30,
169 | TMS320C64X_REG_B31,
170 | TMS320C64X_REG_PCE1,
171 |
172 | TMS320C64X_REG_ENDING, // <-- mark the end of the list of registers
173 |
174 | // Alias registers
175 | TMS320C64X_REG_EFR = TMS320C64X_REG_ECR,
176 | TMS320C64X_REG_IFR = TMS320C64X_REG_ISR,
177 | } tms320c64x_reg;
178 |
179 | typedef enum tms320c64x_insn {
180 | TMS320C64X_INS_INVALID = 0,
181 |
182 | TMS320C64X_INS_ABS,
183 | TMS320C64X_INS_ABS2,
184 | TMS320C64X_INS_ADD,
185 | TMS320C64X_INS_ADD2,
186 | TMS320C64X_INS_ADD4,
187 | TMS320C64X_INS_ADDAB,
188 | TMS320C64X_INS_ADDAD,
189 | TMS320C64X_INS_ADDAH,
190 | TMS320C64X_INS_ADDAW,
191 | TMS320C64X_INS_ADDK,
192 | TMS320C64X_INS_ADDKPC,
193 | TMS320C64X_INS_ADDU,
194 | TMS320C64X_INS_AND,
195 | TMS320C64X_INS_ANDN,
196 | TMS320C64X_INS_AVG2,
197 | TMS320C64X_INS_AVGU4,
198 | TMS320C64X_INS_B,
199 | TMS320C64X_INS_BDEC,
200 | TMS320C64X_INS_BITC4,
201 | TMS320C64X_INS_BNOP,
202 | TMS320C64X_INS_BPOS,
203 | TMS320C64X_INS_CLR,
204 | TMS320C64X_INS_CMPEQ,
205 | TMS320C64X_INS_CMPEQ2,
206 | TMS320C64X_INS_CMPEQ4,
207 | TMS320C64X_INS_CMPGT,
208 | TMS320C64X_INS_CMPGT2,
209 | TMS320C64X_INS_CMPGTU4,
210 | TMS320C64X_INS_CMPLT,
211 | TMS320C64X_INS_CMPLTU,
212 | TMS320C64X_INS_DEAL,
213 | TMS320C64X_INS_DOTP2,
214 | TMS320C64X_INS_DOTPN2,
215 | TMS320C64X_INS_DOTPNRSU2,
216 | TMS320C64X_INS_DOTPRSU2,
217 | TMS320C64X_INS_DOTPSU4,
218 | TMS320C64X_INS_DOTPU4,
219 | TMS320C64X_INS_EXT,
220 | TMS320C64X_INS_EXTU,
221 | TMS320C64X_INS_GMPGTU,
222 | TMS320C64X_INS_GMPY4,
223 | TMS320C64X_INS_LDB,
224 | TMS320C64X_INS_LDBU,
225 | TMS320C64X_INS_LDDW,
226 | TMS320C64X_INS_LDH,
227 | TMS320C64X_INS_LDHU,
228 | TMS320C64X_INS_LDNDW,
229 | TMS320C64X_INS_LDNW,
230 | TMS320C64X_INS_LDW,
231 | TMS320C64X_INS_LMBD,
232 | TMS320C64X_INS_MAX2,
233 | TMS320C64X_INS_MAXU4,
234 | TMS320C64X_INS_MIN2,
235 | TMS320C64X_INS_MINU4,
236 | TMS320C64X_INS_MPY,
237 | TMS320C64X_INS_MPY2,
238 | TMS320C64X_INS_MPYH,
239 | TMS320C64X_INS_MPYHI,
240 | TMS320C64X_INS_MPYHIR,
241 | TMS320C64X_INS_MPYHL,
242 | TMS320C64X_INS_MPYHLU,
243 | TMS320C64X_INS_MPYHSLU,
244 | TMS320C64X_INS_MPYHSU,
245 | TMS320C64X_INS_MPYHU,
246 | TMS320C64X_INS_MPYHULS,
247 | TMS320C64X_INS_MPYHUS,
248 | TMS320C64X_INS_MPYLH,
249 | TMS320C64X_INS_MPYLHU,
250 | TMS320C64X_INS_MPYLI,
251 | TMS320C64X_INS_MPYLIR,
252 | TMS320C64X_INS_MPYLSHU,
253 | TMS320C64X_INS_MPYLUHS,
254 | TMS320C64X_INS_MPYSU,
255 | TMS320C64X_INS_MPYSU4,
256 | TMS320C64X_INS_MPYU,
257 | TMS320C64X_INS_MPYU4,
258 | TMS320C64X_INS_MPYUS,
259 | TMS320C64X_INS_MVC,
260 | TMS320C64X_INS_MVD,
261 | TMS320C64X_INS_MVK,
262 | TMS320C64X_INS_MVKL,
263 | TMS320C64X_INS_MVKLH,
264 | TMS320C64X_INS_NOP,
265 | TMS320C64X_INS_NORM,
266 | TMS320C64X_INS_OR,
267 | TMS320C64X_INS_PACK2,
268 | TMS320C64X_INS_PACKH2,
269 | TMS320C64X_INS_PACKH4,
270 | TMS320C64X_INS_PACKHL2,
271 | TMS320C64X_INS_PACKL4,
272 | TMS320C64X_INS_PACKLH2,
273 | TMS320C64X_INS_ROTL,
274 | TMS320C64X_INS_SADD,
275 | TMS320C64X_INS_SADD2,
276 | TMS320C64X_INS_SADDU4,
277 | TMS320C64X_INS_SADDUS2,
278 | TMS320C64X_INS_SAT,
279 | TMS320C64X_INS_SET,
280 | TMS320C64X_INS_SHFL,
281 | TMS320C64X_INS_SHL,
282 | TMS320C64X_INS_SHLMB,
283 | TMS320C64X_INS_SHR,
284 | TMS320C64X_INS_SHR2,
285 | TMS320C64X_INS_SHRMB,
286 | TMS320C64X_INS_SHRU,
287 | TMS320C64X_INS_SHRU2,
288 | TMS320C64X_INS_SMPY,
289 | TMS320C64X_INS_SMPY2,
290 | TMS320C64X_INS_SMPYH,
291 | TMS320C64X_INS_SMPYHL,
292 | TMS320C64X_INS_SMPYLH,
293 | TMS320C64X_INS_SPACK2,
294 | TMS320C64X_INS_SPACKU4,
295 | TMS320C64X_INS_SSHL,
296 | TMS320C64X_INS_SSHVL,
297 | TMS320C64X_INS_SSHVR,
298 | TMS320C64X_INS_SSUB,
299 | TMS320C64X_INS_STB,
300 | TMS320C64X_INS_STDW,
301 | TMS320C64X_INS_STH,
302 | TMS320C64X_INS_STNDW,
303 | TMS320C64X_INS_STNW,
304 | TMS320C64X_INS_STW,
305 | TMS320C64X_INS_SUB,
306 | TMS320C64X_INS_SUB2,
307 | TMS320C64X_INS_SUB4,
308 | TMS320C64X_INS_SUBAB,
309 | TMS320C64X_INS_SUBABS4,
310 | TMS320C64X_INS_SUBAH,
311 | TMS320C64X_INS_SUBAW,
312 | TMS320C64X_INS_SUBC,
313 | TMS320C64X_INS_SUBU,
314 | TMS320C64X_INS_SWAP4,
315 | TMS320C64X_INS_UNPKHU4,
316 | TMS320C64X_INS_UNPKLU4,
317 | TMS320C64X_INS_XOR,
318 | TMS320C64X_INS_XPND2,
319 | TMS320C64X_INS_XPND4,
320 | // Aliases
321 | TMS320C64X_INS_IDLE,
322 | TMS320C64X_INS_MV,
323 | TMS320C64X_INS_NEG,
324 | TMS320C64X_INS_NOT,
325 | TMS320C64X_INS_SWAP2,
326 | TMS320C64X_INS_ZERO,
327 |
328 | TMS320C64X_INS_ENDING, // <-- mark the end of the list of instructions
329 | } tms320c64x_insn;
330 |
331 | typedef enum tms320c64x_insn_group {
332 | TMS320C64X_GRP_INVALID = 0, ///< = CS_GRP_INVALID
333 |
334 | TMS320C64X_GRP_JUMP, ///< = CS_GRP_JUMP
335 |
336 | TMS320C64X_GRP_FUNIT_D = 128,
337 | TMS320C64X_GRP_FUNIT_L,
338 | TMS320C64X_GRP_FUNIT_M,
339 | TMS320C64X_GRP_FUNIT_S,
340 | TMS320C64X_GRP_FUNIT_NO,
341 |
342 | TMS320C64X_GRP_ENDING, // <-- mark the end of the list of groups
343 | } tms320c64x_insn_group;
344 |
345 | typedef enum tms320c64x_funit {
346 | TMS320C64X_FUNIT_INVALID = 0,
347 | TMS320C64X_FUNIT_D,
348 | TMS320C64X_FUNIT_L,
349 | TMS320C64X_FUNIT_M,
350 | TMS320C64X_FUNIT_S,
351 | TMS320C64X_FUNIT_NO
352 | } tms320c64x_funit;
353 |
354 | #ifdef __cplusplus
355 | }
356 | #endif
357 |
358 | #endif
359 |
360 |
--------------------------------------------------------------------------------
/PEParser/CLRMetadataParser.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "CLRMetadataParser.h"
3 |
4 | CLRMetadataParser::CLRMetadataParser(IMetaDataImport* md) : _spImport(md) {
5 | ATLASSERT(md);
6 | }
7 |
8 | std::vector CLRMetadataParser::EnumTypes() const {
9 | std::vector types;
10 |
11 | HCORENUM hEnum = nullptr;
12 | mdTypeDef typedefs[2048];
13 | ULONG count;
14 | auto hr = _spImport->EnumTypeDefs(&hEnum, typedefs, _countof(typedefs), &count);
15 | WCHAR name[1024];
16 | ULONG len;
17 | DWORD flags;
18 | mdToken baseType;
19 | types.reserve(count);
20 | for (decltype(count) i = 0; i < count; i++) {
21 | hr = _spImport->GetTypeDefProps(typedefs[i], name, _countof(name), &len, &flags, &baseType);
22 | if (FAILED(hr))
23 | continue;
24 | ManagedType type;
25 | type.Name = name;
26 | type.Token = typedefs[i];
27 | type.Attributes = (CorTypeAttr)flags;
28 | type.BaseTypeToken = baseType;
29 |
30 | hr = _spImport->GetTypeDefProps(baseType, name, _countof(name), &len, &flags, &baseType);
31 | if (hr == S_OK)
32 | type.BaseTypeName = name;
33 | else if (auto it = _refTypesMap.find(type.BaseTypeToken); it != _refTypesMap.end())
34 | type.BaseTypeName = it->second.Name;
35 |
36 | type.Kind = GetTypeKind(type);
37 | types.emplace_back(std::move(type));
38 | }
39 | _spImport->CloseEnum(hEnum);
40 | return types;
41 | }
42 |
43 | std::vector CLRMetadataParser::EnumRefTypes() const {
44 | if (!_refTypes.empty())
45 | return _refTypes;
46 |
47 | std::vector types;
48 |
49 | HCORENUM hEnum = nullptr;
50 | mdTypeRef typedefs[2048];
51 | ULONG count;
52 | auto hr = _spImport->EnumTypeRefs(&hEnum, typedefs, _countof(typedefs), &count);
53 | WCHAR name[1024];
54 | ULONG len;
55 | types.reserve(count);
56 | _refTypesMap.reserve(count);
57 | mdToken resScope;
58 | for (decltype(count) i = 0; i < count; i++) {
59 | hr = _spImport->GetTypeRefProps(typedefs[i], &resScope, name, _countof(name), &len);
60 | if (FAILED(hr))
61 | continue;
62 | ManagedTypeRef type;
63 | type.Name = name;
64 | type.Token = typedefs[i];
65 | type.Scope = resScope;
66 | _refTypesMap.insert({ type.Token, type });
67 | types.emplace_back(std::move(type));
68 | }
69 | _spImport->CloseEnum(hEnum);
70 | _refTypes = std::move(types);
71 | return _refTypes;
72 | }
73 |
74 | std::vector CLRMetadataParser::EnumMethods(mdToken token, bool includeInherited) const {
75 | std::vector members;
76 | EnumMethodsInternal(token, members);
77 | return members;
78 | }
79 |
80 | std::vector CLRMetadataParser::EnumFields(mdToken token, bool includeInherited) const {
81 | std::vector members;
82 | EnumFieldsInternal(token, members);
83 | return members;
84 | }
85 |
86 | std::vector CLRMetadataParser::EnumProperties(mdToken token, bool includeInherited) const {
87 | std::vector members;
88 | EnumPropertiesInternal(token, members);
89 | return members;
90 | }
91 |
92 | std::vector CLRMetadataParser::EnumEvents(mdToken token, bool includeInherited) const {
93 | std::vector members;
94 | EnumEventsInternal(token, members);
95 | return members;
96 | }
97 |
98 | ManagedTypeKind CLRMetadataParser::GetTypeKind(const ManagedType& type) const {
99 | if ((_enum == 0 && type.BaseTypeName == L"System.Enum") || (_enum && type.BaseTypeToken == _enum)) {
100 | if (_enum == 0)
101 | _enum = type.BaseTypeToken;
102 | return ManagedTypeKind::Enum;
103 | }
104 | if ((_delegate == 0 && type.BaseTypeName == L"System.MulticastDelegate") || (_delegate && type.BaseTypeToken == _delegate)) {
105 | if (_delegate == 0)
106 | _delegate = type.BaseTypeToken;
107 | return ManagedTypeKind::Delegate;
108 | }
109 | if ((_struct == 0 && type.BaseTypeName == L"System.ValueType") || (_struct && type.BaseTypeToken == _struct)) {
110 | if (_struct == 0)
111 | _struct = type.BaseTypeToken;
112 | return ManagedTypeKind::Struct;
113 | }
114 | if ((_attribute == 0 && type.BaseTypeName == L"System.Attribute") || (_attribute && type.BaseTypeToken == _attribute)) {
115 | if (_attribute == 0)
116 | _attribute = type.BaseTypeToken;
117 | return ManagedTypeKind::Attribute;
118 | }
119 | return ((type.Attributes & tdClassSemanticsMask) == tdInterface) ? ManagedTypeKind::Interface : ManagedTypeKind::Class;
120 | }
121 |
122 | void CLRMetadataParser::EnumMethodsInternal(mdToken token, std::vector& members, bool includeInherited) const {
123 | HCORENUM hEnum = nullptr;
124 | mdTypeDef defs[512];
125 | ULONG count;
126 | WCHAR name[256];
127 | ULONG len;
128 | PCCOR_SIGNATURE sig;
129 | ULONG sigSize;
130 | if (S_OK == _spImport->EnumMethods(&hEnum, token, defs, _countof(defs), &count)) {
131 | members.reserve(count + members.size());
132 | for (ULONG i = 0; i < count; i++) {
133 | ManagedMember member;
134 | _spImport->GetMethodProps(defs[i], &member.ClassToken, name, _countof(name), &len, &member.Attributes, &sig, &sigSize, &member.Method.CodeRva, &member.Method.ImplFlags);
135 | member.Name = name;
136 | member.Token = defs[i];
137 | if (member.Name == COR_CTOR_METHOD_NAME_W)
138 | member.Type = ManagedMemberType::Constructor;
139 | else if (member.Name == COR_CCTOR_METHOD_NAME_W)
140 | member.Type = ManagedMemberType::StaticConstructor;
141 | else
142 | member.Type = ManagedMemberType::Method;
143 | members.emplace_back(std::move(member));
144 | }
145 | _spImport->CloseEnum(hEnum);
146 | if (includeInherited) {
147 | mdToken baseToken = 0;
148 | _spImport->GetTypeDefProps(token, nullptr, 0, nullptr, nullptr, &baseToken);
149 | if (baseToken && _refTypesMap.find(baseToken) == _refTypesMap.end())
150 | EnumMethodsInternal(baseToken, members, includeInherited);
151 | }
152 | }
153 | }
154 |
155 | void CLRMetadataParser::EnumFieldsInternal(mdToken token, std::vector& members, bool includeInherited) const {
156 | HCORENUM hEnum = nullptr;
157 | mdTypeDef defs[256];
158 | ULONG count;
159 | WCHAR name[256];
160 | ULONG len;
161 | PCCOR_SIGNATURE sig;
162 | ULONG sigSize;
163 | UVCP_CONSTANT str;
164 | ULONG strSize;
165 | if (S_OK == _spImport->EnumFields(&hEnum, token, defs, _countof(defs), &count)) {
166 | members.reserve(count + members.size());
167 | for (ULONG i = 0; i < count; i++) {
168 | ManagedMember member;
169 | _spImport->GetFieldProps(defs[i], &member.ClassToken, name, _countof(name), &len, &member.Attributes, &sig, &sigSize, &member.Field.TypeFlags, &str, &strSize);
170 | member.Name = name;
171 | member.Token = defs[i];
172 | member.Type = ManagedMemberType::Field;
173 | members.emplace_back(std::move(member));
174 | }
175 | _spImport->CloseEnum(hEnum);
176 | if (includeInherited) {
177 | mdToken baseToken = 0;
178 | _spImport->GetTypeDefProps(token, nullptr, 0, nullptr, nullptr, &baseToken);
179 | if (baseToken && _refTypesMap.find(baseToken) == _refTypesMap.end())
180 | EnumFieldsInternal(baseToken, members, includeInherited);
181 | }
182 | }
183 | }
184 |
185 | void CLRMetadataParser::EnumPropertiesInternal(mdToken token, std::vector& members, bool includeInherited) const {
186 | HCORENUM hEnum = nullptr;
187 | mdTypeDef defs[256];
188 | ULONG count;
189 | WCHAR name[256];
190 | ULONG len;
191 | PCCOR_SIGNATURE sig;
192 | ULONG sigSize;
193 | UVCP_CONSTANT str;
194 | ULONG strSize;
195 | if (S_OK == _spImport->EnumProperties(&hEnum, token, defs, _countof(defs), &count)) {
196 | members.reserve(count + members.size());
197 | mdMethodDef otherMethods[16];
198 | ULONG lenOtherMethods;
199 | for (ULONG i = 0; i < count; i++) {
200 | ManagedMember member;
201 | _spImport->GetPropertyProps(defs[i], &member.ClassToken, name, _countof(name), &len, &member.Attributes, &sig, &sigSize,
202 | &member.Property.CPlusTypeFlag, &str, &strSize,
203 | &member.Property.Setter, &member.Property.Getter, otherMethods, _countof(otherMethods), &lenOtherMethods);
204 | member.Name = name;
205 | member.Token = defs[i];
206 | member.Type = ManagedMemberType::Property;
207 | members.emplace_back(std::move(member));
208 | }
209 | _spImport->CloseEnum(hEnum);
210 | if (includeInherited) {
211 | mdToken baseToken = 0;
212 | _spImport->GetTypeDefProps(token, nullptr, 0, nullptr, nullptr, &baseToken);
213 | if (baseToken && _refTypesMap.find(baseToken) == _refTypesMap.end())
214 | EnumPropertiesInternal(baseToken, members, includeInherited);
215 | }
216 | }
217 | }
218 |
219 | void CLRMetadataParser::EnumEventsInternal(mdToken token, std::vector& members, bool includeInherited) const {
220 | HCORENUM hEnum = nullptr;
221 | mdTypeDef defs[256];
222 | ULONG count;
223 | WCHAR name[256];
224 | ULONG len;
225 | if (S_OK == _spImport->EnumEvents(&hEnum, token, defs, _countof(defs), &count)) {
226 | members.resize(members.size() + count);
227 | mdMethodDef otherMethods[8];
228 | ULONG lenOtherMethods;
229 | for (ULONG i = 0; i < count; i++) {
230 | ManagedMember member;
231 | _spImport->GetEventProps(defs[i], &member.ClassToken, name, _countof(name), &len, &member.Attributes,
232 | &member.Event.EventType, &member.Event.AddMethod, &member.Event.RemoveMethod, &member.Event.FireMethod,
233 | otherMethods, _countof(otherMethods), &lenOtherMethods);
234 | member.Name = name;
235 | member.Token = defs[i];
236 | member.Type = ManagedMemberType::Event;
237 | members.emplace_back(std::move(member));
238 | }
239 | _spImport->CloseEnum(hEnum);
240 | if (includeInherited) {
241 | mdToken baseToken = 0;
242 | _spImport->GetTypeDefProps(token, nullptr, 0, nullptr, nullptr, &baseToken);
243 | if (baseToken && _refTypesMap.find(baseToken) == _refTypesMap.end())
244 | EnumEventsInternal(baseToken, members, includeInherited);
245 | }
246 | }
247 | }
248 |
249 | std::vector CLRMetadataParser::EnumMembers(mdToken token, bool includeInherited) const {
250 | std::vector members;
251 | members.reserve(32);
252 | EnumFieldsInternal(token, members, includeInherited);
253 | EnumMethodsInternal(token, members, includeInherited);
254 | EnumPropertiesInternal(token, members, includeInherited);
255 | EnumEventsInternal(token, members, includeInherited);
256 |
257 | return members;
258 | }
259 |
260 | CString CLRMetadataParser::GetMethodName(mdMethodDef token) const {
261 | WCHAR name[256];
262 | ULONG len;
263 | _spImport->GetMethodProps(token, nullptr, name, _countof(name), &len, nullptr, nullptr, nullptr, nullptr, nullptr);
264 | return name;
265 | }
266 |
267 | CString CLRMetadataParser::GetTypeName(mdToken token) const {
268 | WCHAR name[512];
269 | DWORD len;
270 | auto hr = _spImport->GetTypeDefProps(token, name, _countof(name), &len, nullptr, nullptr);
271 | if (SUCCEEDED(hr))
272 | return name;
273 |
274 | return L"";
275 | }
276 |
--------------------------------------------------------------------------------
/PEExplorerV2/PEStrings.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "PEStrings.h"
3 |
4 | static PCWSTR memberVisiblity[] = {
5 | L"Private Scope", L"Private", L"Protected and Internal", L"Internal", L"Protected",
6 | L"Protected or Internal", L"Public"
7 | };
8 |
9 | PCWSTR PEStrings::SubsystemTypeToString(SubsystemType type) {
10 | switch (type) {
11 | case SubsystemType::Native: return L"Native";
12 | case SubsystemType::WindowsGUI: return L"Windows GUI";
13 | case SubsystemType::WindowsCUI: return L"Windows CUI";
14 | case SubsystemType::PosixCUI: return L"Posix CUI";
15 | case SubsystemType::WindowsCEGUI: return L"Windows CE GUI";
16 | case SubsystemType::EfiApplication: return L"EFI Application";
17 | case SubsystemType::EfiBootServiceDriver: return L"EFI Boot Service Driver";
18 | case SubsystemType::EfiRuntimeDriver: return L"EFI Runtime Driver";
19 | case SubsystemType::EfiROM: return L"EFI ROM";
20 | case SubsystemType::XBOX: return L"XBOX";
21 | case SubsystemType::BootApplication: return L"Boot Application";
22 | }
23 | return L"(Unknown)";
24 | }
25 |
26 | CString PEStrings::GetFileName(const CString& path) {
27 | auto dot = path.ReverseFind(L'\\');
28 | if (dot < 0)
29 | return path;
30 | return path.Mid(dot + 1);
31 | }
32 |
33 | CString PEStrings::ToDecAndHex(DWORD value, bool hexFirst) {
34 | CString text;
35 | if (hexFirst)
36 | text.Format(L"0x%X (%u)", value, value);
37 | else
38 | text.Format(L"%u (0x%X)", value, value);
39 | return text;
40 | }
41 |
42 | CString PEStrings::MagicToString(OptionalHeaderMagic magic) {
43 | switch (magic) {
44 | case OptionalHeaderMagic::PE32: return L"PE32";
45 | case OptionalHeaderMagic::PE32Plus: return L"PE32+";
46 | case OptionalHeaderMagic::Rom: return L"ROM";
47 | }
48 | return L"";
49 | }
50 |
51 | CString PEStrings::MachineTypeToString(MachineType type) {
52 | switch (type) {
53 | case MachineType::Unknown: return L"Unknown";
54 | case MachineType::X86: return L"x86";
55 | case MachineType::Arm: return L"ARM";
56 | case MachineType::Arm_NT: return L"ARM NT";
57 | case MachineType::IA64: return L"IA64";
58 | case MachineType::Amd64: return L"AMD64 (x64)";
59 | case MachineType::Arm64: return L"ARM64";
60 | }
61 | return L"";
62 | }
63 |
64 | CString PEStrings::Sec1970ToString(DWORD secs) {
65 | return CTime(secs).Format(L"%X");
66 | }
67 |
68 | CString PEStrings::CharacteristicsToString(ImageCharacteristics ic) {
69 | CString result;
70 |
71 | static const struct {
72 | ImageCharacteristics cs;
73 | PCWSTR text;
74 | } chars[] = {
75 | { ImageCharacteristics::RelocsStripped, L"Relocations Stripped" },
76 | { ImageCharacteristics::ExecutableImage, L"Executable Image" },
77 | { ImageCharacteristics::AggressiveTrimWorkingSet, L"Aggressive Trim Working Set" },
78 | { ImageCharacteristics::BigEndian, L"Big Endian" },
79 | { ImageCharacteristics::LargeAddressAware, L"Large Address Aware" },
80 | { ImageCharacteristics::DebugInfoStripped, L"Debug Info Stripped" },
81 | { ImageCharacteristics::LineNumsStripped, L"Line Numbers Stripped" },
82 | { ImageCharacteristics::DllFile, L"DLL File" },
83 | { ImageCharacteristics::LittleEndian, L"Little Endian" },
84 | { ImageCharacteristics::Machine32Bit, L"32-Bit Machine" },
85 | { ImageCharacteristics::LocalSymbolsStripped, L"Local Symbols Stripped" },
86 | { ImageCharacteristics::NetRunFromSwap, L"Net Run from Swap" },
87 | { ImageCharacteristics::RemovableRunFromSwap, L"Removable Run from Swap" },
88 | { ImageCharacteristics::SingleCpuOnly, L"Single CPU Only" },
89 | { ImageCharacteristics::SystemFile, L"System File" },
90 | };
91 |
92 | for (auto& ch : chars) {
93 | if ((ch.cs & ic) == ch.cs)
94 | result += CString(ch.text) + L", ";
95 | }
96 |
97 | if (!result.IsEmpty())
98 | result = result.Left(result.GetLength() - 2);
99 | return result;
100 | }
101 |
102 | CString PEStrings::DllCharacteristicsToString(DllCharacteristics dc) {
103 | CString result;
104 |
105 | static const struct {
106 | DllCharacteristics cs;
107 | PCWSTR text;
108 | } chars[] = {
109 | { DllCharacteristics::AppContainer, L"App Container" },
110 | { DllCharacteristics::HighEntropyVA, L"High Entropy VA" },
111 | { DllCharacteristics::DynamicBase, L"Dynamic Base" },
112 | { DllCharacteristics::ForceIntegrity, L"Force Integrity" },
113 | { DllCharacteristics::NxCompat, L"NX Compat" },
114 | { DllCharacteristics::ControlFlowGuard, L"Control Flow Guard" },
115 | { DllCharacteristics::NoBind, L"No Bind" },
116 | { DllCharacteristics::WDMDriver, L"WDM Driver" },
117 | { DllCharacteristics::NoIsolation, L"No Isolation" },
118 | { DllCharacteristics::TerminalServerAware, L"Terminal Server Aware" },
119 | { DllCharacteristics::NoSEH, L"No SEH" },
120 | };
121 |
122 | for (auto& ch : chars) {
123 | if ((ch.cs & dc) == ch.cs)
124 | result += CString(ch.text) + L", ";
125 | }
126 |
127 | if (!result.IsEmpty())
128 | result = result.Left(result.GetLength() - 2);
129 | return result;
130 |
131 | }
132 |
133 | CString PEStrings::ToHex(DWORD value, bool leadingZero) {
134 | CString result;
135 | result.Format(leadingZero ? L"0x%08X" : L"0x%X", value);
136 | return result;
137 | }
138 |
139 | CString PEStrings::ToHex(ULONGLONG value) {
140 | CString result;
141 | result.Format(L"0x%llX", value);
142 | return result;
143 | }
144 |
145 | CString PEStrings::ToMemorySize(ULONGLONG size) {
146 | CString result;
147 | result.Format(L"0x%llX", size);
148 | if (size < 1 << 14)
149 | result.Format(L"%s (%u B)", (PCWSTR)result, size);
150 | else if (size < 1 << 23)
151 | result.Format(L"%s (%u KB)", (PCWSTR)result, size >> 10);
152 | else if (size < 1LL << 33)
153 | result.Format(L"%s (%u MB)", (PCWSTR)result, size >> 20);
154 | else
155 | result.Format(L"%s (%u GB)", (PCWSTR)result, size >> 30);
156 | return result;
157 | }
158 |
159 | PCWSTR PEStrings::ResourceTypeToString(WORD id) {
160 | static PCWSTR types[] = {
161 | nullptr, L"Cursor", L"Bitmap", L"Icon", L"Menu", L"Dialog",
162 | L"String Table", L"Font Directory", L"Font",
163 | L"Accelerators", L"RC Data", L"Message Table", L"Group Cursor", nullptr,
164 | L"Group Icon", nullptr, L"Version", L"Dialog Include",
165 | nullptr, L"Plug & Play", L"VxD", L"Animated Cursor", L"Animated Icon",
166 | L"HTML", L"Manifest"
167 | };
168 | return id >= _countof(types) ? nullptr : types[id];
169 | }
170 |
171 | CString PEStrings::FormatInstruction(const cs_insn& inst) {
172 | CStringA text;
173 | text.Format("%llX %-10s %s", inst.address, inst.mnemonic, inst.op_str);
174 | return CString(text);
175 | }
176 |
177 | CString PEStrings::ManagedTypeAttributesToString(CorTypeAttr attr) {
178 | static PCWSTR visiblity[] = {
179 | L"Private", L"Public", L"Nested Public", L"Nested Private",
180 | L"Nested Family", L"Nested Internal", L"Nested Protected and Internal", L"Nested Protected Internal"
181 | };
182 |
183 | CString text = visiblity[attr & tdVisibilityMask];
184 | text += L", ";
185 |
186 | if ((attr & tdLayoutMask) == tdSequentialLayout)
187 | text += L"Sequential, ";
188 | else if ((attr & tdLayoutMask) == tdExplicitLayout)
189 | text += L"Explicit, ";
190 |
191 | if ((attr & tdClassSemanticsMask) == tdInterface)
192 | text += L"Interface, ";
193 |
194 | if(attr & tdAbstract)
195 | text += L"Abstract, ";
196 | if (attr & tdSealed)
197 | text += L"Sealed, ";
198 | if (attr & tdSpecialName)
199 | text += L"Special Name, ";
200 | if (attr & tdImport)
201 | text += L"Import, ";
202 | if (attr & tdSerializable)
203 | text += L"Serializable, ";
204 | if (attr & tdWindowsRuntime)
205 | text += L"Windows Runtime, ";
206 |
207 | return text.Left(text.GetLength() - 2);
208 | }
209 |
210 | CString PEStrings::MemberAttributesToString(const ManagedMember& member) {
211 | switch (member.Type) {
212 | case ManagedMemberType::Method:
213 | case ManagedMemberType::Constructor:
214 | case ManagedMemberType::StaticConstructor:
215 | return MethodAttributesToString((CorMethodAttr)member.Attributes);
216 | case ManagedMemberType::Field:
217 | return FieldAttributesToString((CorFieldAttr)member.Attributes);
218 | case ManagedMemberType::Property:
219 | return PropertyAttributesToString((CorPropertyAttr)member.Attributes);
220 | case ManagedMemberType::Event:
221 | return EventAttributesToString((CorEventAttr)member.Attributes);
222 | }
223 |
224 | return L"";
225 | }
226 |
227 | CString PEStrings::MethodAttributesToString(CorMethodAttr attr) {
228 | CString text = memberVisiblity[attr & mdMemberAccessMask];
229 | text += L", ";
230 |
231 | if (attr & mdStatic)
232 | text += L"Static, ";
233 | if (attr & mdFinal)
234 | text += "Final, ";
235 | if (attr & mdVirtual)
236 | text += "Virtual, ";
237 | if (attr & mdHideBySig)
238 | text += "Hide By Sig, ";
239 |
240 | if ((attr & mdVtableLayoutMask) == mdNewSlot)
241 | text += L"New Slot, ";
242 |
243 | if (attr & mdCheckAccessOnOverride)
244 | text += "Check Access on Override, ";
245 | if (attr & mdAbstract)
246 | text += "Abstract, ";
247 | if (attr & mdSpecialName)
248 | text += "Special Name, ";
249 | if (attr & mdPinvokeImpl)
250 | text += "P/Invoke, ";
251 | if (attr & mdUnmanagedExport)
252 | text += "Unmanaged Export, ";
253 |
254 | if ((attr & mdReservedMask) == mdRTSpecialName)
255 | text += L"Runtime Special Name, ";
256 | if ((attr & mdReservedMask) == mdHasSecurity)
257 | text += L"Has Security, ";
258 | if ((attr & mdReservedMask) == mdRequireSecObject)
259 | text += L"Require Secure Object, ";
260 |
261 | return text.Left(text.GetLength() - 2);
262 | }
263 |
264 | CString PEStrings::FieldAttributesToString(CorFieldAttr attr) {
265 | CString text = memberVisiblity[attr & fdFieldAccessMask];
266 | text += L", ";
267 |
268 | if (attr & fdStatic)
269 | text += L"Static, ";
270 | if (attr & fdInitOnly)
271 | text += L"Read Only, ";
272 | if (attr & fdLiteral)
273 | text += L"Literal, ";
274 | if (attr & fdNotSerialized)
275 | text += L"Not Serialized, ";
276 | if (attr & fdSpecialName)
277 | text += L"Special Name, ";
278 | if (attr & fdPinvokeImpl)
279 | text += L"P/Invoke, ";
280 |
281 | if ((attr & fdReservedMask) == fdRTSpecialName)
282 | text += L"Runtime Special Name, ";
283 | if ((attr & fdReservedMask) == fdHasFieldMarshal)
284 | text += L"Has Field Marshal, ";
285 | if ((attr & fdReservedMask) == fdHasDefault)
286 | text += L"Has Default, ";
287 | if ((attr & fdReservedMask) == fdHasFieldRVA)
288 | text += L"Has Field RVA, ";
289 |
290 | return text.Left(text.GetLength() - 2);
291 | }
292 |
293 | CString PEStrings::PropertyAttributesToString(CorPropertyAttr attr) {
294 | CString text;
295 |
296 | if (IsPrSpecialName(attr))
297 | text += L"Special Name, ";
298 | if (IsPrRTSpecialName(attr))
299 | text += L"Runtime Special Name";
300 | if (IsPrHasDefault(attr))
301 | text += L"Has Default, ";
302 |
303 | if (!text.IsEmpty())
304 | text = text.Left(text.GetLength() - 2);
305 | return text;
306 | }
307 |
308 | CString PEStrings::EventAttributesToString(CorEventAttr attr) {
309 | CString text;
310 |
311 | if (IsEvSpecialName(attr))
312 | text += L"Special Name, ";
313 | if (IsEvRTSpecialName(attr))
314 | text += L"Runtime Special Name";
315 |
316 | if (!text.IsEmpty())
317 | text = text.Left(text.GetLength() - 2);
318 | return text;
319 | }
320 |
321 |
322 |
--------------------------------------------------------------------------------
/PEExplorerV2/PEExplorerV2.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {392f464a-0fe0-449c-8345-36e74326a763}
6 | cpp;c;cxx;def;odl;idl;hpj;bat;asm
7 |
8 |
9 | {4a8cbedc-3caa-4b29-9335-14108c09e7ad}
10 | h;hpp;hxx;hm;inl;inc
11 |
12 |
13 | {94e3cc7a-2c5e-4547-8309-e522bdb63c1b}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;jpg;jpeg;jpe;manifest
15 |
16 |
17 | {1ac7030c-12c3-419e-b12e-6e65a1a97b3a}
18 |
19 |
20 | {53de5ee2-490f-4142-af7f-87292c581520}
21 |
22 |
23 | {8f0c089b-495b-4968-b122-f066cf2385ee}
24 |
25 |
26 | {68de5792-c44b-44f0-b112-2f15d3c67a03}
27 |
28 |
29 |
30 |
31 | Source Files
32 |
33 |
34 | Source Files
35 |
36 |
37 | Source Files
38 |
39 |
40 | Source Files
41 |
42 |
43 | Source Files
44 |
45 |
46 | Source Files
47 |
48 |
49 | Source Files
50 |
51 |
52 | Views
53 |
54 |
55 | Views
56 |
57 |
58 | Views
59 |
60 |
61 | Views
62 |
63 |
64 | Views
65 |
66 |
67 | Views
68 |
69 |
70 | Views
71 |
72 |
73 | Views
74 |
75 |
76 | Views
77 |
78 |
79 | Views
80 |
81 |
82 | Structures
83 |
84 |
85 | Structures
86 |
87 |
88 | Structures
89 |
90 |
91 | Source Files
92 |
93 |
94 | Views
95 |
96 |
97 | Views
98 |
99 |
100 | Views
101 |
102 |
103 | Views
104 |
105 |
106 |
107 |
108 | Header Files
109 |
110 |
111 | Header Files
112 |
113 |
114 | Header Files
115 |
116 |
117 | Header Files
118 |
119 |
120 | Header Files
121 |
122 |
123 | Header Files
124 |
125 |
126 | Header Files
127 |
128 |
129 | Header Files
130 |
131 |
132 | Views
133 |
134 |
135 | Views
136 |
137 |
138 | Views
139 |
140 |
141 | Views
142 |
143 |
144 | Views
145 |
146 |
147 | Views
148 |
149 |
150 | Views
151 |
152 |
153 | Views
154 |
155 |
156 | Views
157 |
158 |
159 | Header Files
160 |
161 |
162 | Header Files
163 |
164 |
165 | HexControl
166 |
167 |
168 | HexControl
169 |
170 |
171 | HexControl
172 |
173 |
174 | HexControl
175 |
176 |
177 | Structures
178 |
179 |
180 | Structures
181 |
182 |
183 | Structures
184 |
185 |
186 | Header Files
187 |
188 |
189 | Views
190 |
191 |
192 | Views
193 |
194 |
195 | Views
196 |
197 |
198 | Views
199 |
200 |
201 |
202 |
203 | Resource Files
204 |
205 |
206 |
207 |
208 | Resource Files\Icons
209 |
210 |
211 | Resource Files\Icons
212 |
213 |
214 | Resource Files\Icons
215 |
216 |
217 | Resource Files\Icons
218 |
219 |
220 | Resource Files\Icons
221 |
222 |
223 | Resource Files\Icons
224 |
225 |
226 | Resource Files\Icons
227 |
228 |
229 | Resource Files\Icons
230 |
231 |
232 | Resource Files\Icons
233 |
234 |
235 | Resource Files\Icons
236 |
237 |
238 | Resource Files\Icons
239 |
240 |
241 | Resource Files\Icons
242 |
243 |
244 | Resource Files\Icons
245 |
246 |
247 | Resource Files\Icons
248 |
249 |
250 | Resource Files\Icons
251 |
252 |
253 | Resource Files\Icons
254 |
255 |
256 | Resource Files\Icons
257 |
258 |
259 | Resource Files\Icons
260 |
261 |
262 | Resource Files\Icons
263 |
264 |
265 | Resource Files\Icons
266 |
267 |
268 | Resource Files\Icons
269 |
270 |
271 | Resource Files\Icons
272 |
273 |
274 | Resource Files\Icons
275 |
276 |
277 | Resource Files\Icons
278 |
279 |
280 | Resource Files\Icons
281 |
282 |
283 | Resource Files\Icons
284 |
285 |
286 | Resource Files\Icons
287 |
288 |
289 | Resource Files\Icons
290 |
291 |
292 | Resource Files\Icons
293 |
294 |
295 | Resource Files\Icons
296 |
297 |
298 | Resource Files\Icons
299 |
300 |
301 | Resource Files\Icons
302 |
303 |
304 | Resource Files\Icons
305 |
306 |
307 | Resource Files\Icons
308 |
309 |
310 | Resource Files\Icons
311 |
312 |
313 | Resource Files\Icons
314 |
315 |
316 | Resource Files\Icons
317 |
318 |
319 | Resource Files\Icons
320 |
321 |
322 | Resource Files\Icons
323 |
324 |
325 | Resource Files\Icons
326 |
327 |
328 | Resource Files\Icons
329 |
330 |
331 | Resource Files\Icons
332 |
333 |
334 | Resource Files\Icons
335 |
336 |
337 | Resource Files\Icons
338 |
339 |
340 | Resource Files\Icons
341 |
342 |
343 |
344 |
345 |
346 |
--------------------------------------------------------------------------------