public DetailsForm(ExeReader exeReader) : this() { exe = exeReader; // Basic info CreateBasicItem("Entry Point",exe.NTHeaders.OptionalHeader.AddressOfEntryPoint,false); CreateBasicItem("Image Base",exe.NTHeaders.OptionalHeader.ImageBase,exe.Is64Bit); CreateBasicItem("Size of Image",exe.NTHeaders.OptionalHeader.SizeOfImage,false); CreateBasicItem("Base of Code",exe.NTHeaders.OptionalHeader.BaseOfCode,false); CreateBasicItem("Base of Data",0,false); CreateBasicItem("Section Alignment",exe.NTHeaders.OptionalHeader.SectionAlignment,false); CreateBasicItem("File Alignment",exe.NTHeaders.OptionalHeader.FileAlignment,false); CreateBasicItem("Magic Number",exe.NTHeaders.OptionalHeader.Magic,false); CreateBasicItem("Sub-System",exe.NTHeaders.OptionalHeader.Subsystem,false); CreateBasicItem("Number of Sections",exe.NTHeaders.FileHeader.NumberOfSections,false); CreateBasicItem("Time/Date Stamp",exe.NTHeaders.FileHeader.TimeDateStamp,false); CreateBasicItem("Size of Headers",exe.NTHeaders.OptionalHeader.SizeOfHeaders,false); CreateBasicItem("Characteristics",exe.NTHeaders.FileHeader.Characteristics,false); CreateBasicItem("Checksum",exe.NTHeaders.OptionalHeader.CheckSum,false); CreateBasicItem("Size of Optional Header",Convert.ToUInt64(exe.Is32Bit ? OptionalHeader.Size32 : OptionalHeader.Size64),false); CreateBasicItem("Number of RVA and Sizes",exe.NTHeaders.OptionalHeader.NumberOfRvaAndSizes,false); // Directory info foreach(DataDirectory dir in exe.NTHeaders.OptionalHeader.DataDirectories) CreateDirItem(dir.DirectoryType.ToString(),dir.VirtualAddress,dir.Size); }
internal NTHeaders(ExeReader exeReader, StreamLocation streamLoc, FileHeader fileHeader, OptionalHeader optHeader) { reader = exeReader; location = streamLoc; file_header = fileHeader; opt_header = optHeader; }
private void OpenFile(string fileName) { if (exe != null) { exe.Dispose(); exe = null; } txtFile.Text = CompactPath(fileName,48); try { exe = ExeReader.FromFile(fileName); uint ep_address = exe.NTHeaders.OptionalHeader.AddressOfEntryPoint; Section section = exe.Sections.RVAToSection(ep_address); if (section == null) { txtFileOffset.Text = "00000000"; txtSection.Text = String.Empty; txtFirstBytes.Text = String.Empty; } else { uint delta = ep_address - section.TableEntry.VirtualAddress; uint section_offset = section.TableEntry.PointerToRawData; uint section_size = section.TableEntry.SizeOfRawData; uint ep_offset = section_offset + delta; txtFileOffset.Text = ep_offset.ToString("X8"); txtSection.Text = section.TableEntry.Name; txtFirstBytes.Text = GetFirstBytes(section,delta); } txtEP.Text = ep_address.ToString("X8"); txtLinker.Text = String.Format("{0}.{1}",exe.NTHeaders.OptionalHeader.MajorLinkerVersion,exe.NTHeaders.OptionalHeader.MinorLinkerVersion); txtSubSystem.Text = sub_systems[exe.NTHeaders.OptionalHeader.GetSubsystem()]; txtMachine.Text = machine_types[exe.NTHeaders.FileHeader.GetMachineType()]; txtFormat.Text = magic_types[exe.NTHeaders.OptionalHeader.GetMagic()]; btnSections.Enabled = true; btnDetails.Enabled = true; } catch { txtResults.Text = "Invalid or corrupt PE executable image."; txtEP.Text = String.Empty; txtFileOffset.Text = String.Empty; txtSection.Text = String.Empty; txtFileOffset.Text = String.Empty; txtLinker.Text = String.Empty; txtSubSystem.Text = String.Empty; txtMachine.Text = String.Empty; txtFormat.Text = String.Empty; btnSections.Enabled = false; btnDetails.Enabled = false; return; } try { string app_dir = Path.GetDirectoryName(ApplicationPath); string user_db_path = Path.Combine(app_dir,"userdb.txt"); SignatureDB sig_db; if (File.Exists(user_db_path)) { sig_db = SignatureDB.Load(user_db_path); } else { sig_db = SignatureDB.Internal; } PEiD peid = new PEiD(sig_db); ScanResult[] results = peid.ScanAll(fileName,scan_mode); if (results == null) { txtResults.Text = String.Empty; } else if (results.Length == 0) { txtResults.Text = "No matches could be found."; } else { ScanResult result = results.Last(); txtResults.Text = result.Signature.Name; } } catch { throw; } }
private void MainForm_Load(object sender, EventArgs e) { InitFileFilters(); InitEnumDicts(); Text = BASE_TITLE; scan_mode = ScanMode.Normal; exe = null; }
internal DOSHeader(ExeReader exeReader, IMAGE_DOS_HEADER dosHeader, StreamLocation streamLoc) { reader = exeReader; header = dosHeader; location = streamLoc; }
internal OptionalHeader(ExeReader exeReader, StreamLocation streamLoc) { reader = exeReader; location = streamLoc; }
internal OptionalHeader64(ExeReader exeReader, IMAGE_OPTIONAL_HEADER64 optHeader, StreamLocation streamLoc) : base(exeReader,streamLoc) { header = optHeader; List<DataDirectory> dirs = new List<DataDirectory>(); dirs.AddRange(new DataDirectory[] { new DataDirectory(DataDirectoryType.ExportTable,header.ExportTable), new DataDirectory(DataDirectoryType.ImportTable,header.ImportTable), new DataDirectory(DataDirectoryType.ResourceTable,header.ResourceTable), new DataDirectory(DataDirectoryType.ExceptionTable,header.ExceptionTable), new DataDirectory(DataDirectoryType.CertificateTable,header.CertificateTable), new DataDirectory(DataDirectoryType.BaseRelocationTable,header.BaseRelocationTable), new DataDirectory(DataDirectoryType.Debug,header.Debug), new DataDirectory(DataDirectoryType.Architecture,header.Architecture), new DataDirectory(DataDirectoryType.GlobalPtr,header.GlobalPtr), new DataDirectory(DataDirectoryType.TLSTable,header.TLSTable), new DataDirectory(DataDirectoryType.LoadConfigTable,header.LoadConfigTable), new DataDirectory(DataDirectoryType.BoundImport,header.BoundImport), new DataDirectory(DataDirectoryType.ImportAddressTable,header.IAT), new DataDirectory(DataDirectoryType.DelayImportDescriptor,header.DelayImportDescriptor), new DataDirectory(DataDirectoryType.CLRRuntimeHeader,header.CLRRuntimeHeader) }); long dir_size = 16 * DataDirectories.EntrySize; StreamLocation location = new StreamLocation((streamLoc.Offset + streamLoc.Size) - dir_size,dir_size); data_dirs = new DataDirectories(this,location,dirs.Where(dir => dir.DirectoryType != DataDirectoryType.None).ToDictionary(dir => dir.DirectoryType)); }
internal FileHeader(ExeReader exeReader, IMAGE_FILE_HEADER fileHeader, StreamLocation streamLoc) { reader = exeReader; header = fileHeader; location = streamLoc; }
internal DOSStub(ExeReader exeReader, StreamLocation streamLoc) { reader = exeReader; location = streamLoc; }