1 //
2 // This program was written by Sang Cho, assistant professor at
3 // the department of
4 // computer science and engineering
5 // chongju university
6 // this program is based on the program pefile.c
7 // which is written by Randy Kath(Microsoft Developmer Network Technology Group)
8 // in june 12, 1993.
9 // I have investigated P.E. file format as thoroughly as possible,
10 // but I cannot claim that I am an expert yet, so some of its information
11 // may give you wrong results.
12 //
13 //
14 //
15 // language used: djgpp
16 // date of creation: September 28, 1997
17 //
18 // date of first release: October 15, 1997
19 //
20 //
21 // you can contact me: e-mail address: sangcho@alpha94.chongju.ac.kr
22 // hitel id: chokhas
23 // phone number: (0431) 229-8491 +82-431-229-8491
24 //
25 //
26 //
27 // Copyright (C) 1997. by Sang Cho.
28 //
29 // Permission is granted to make and distribute verbatim copies of this
30 // program provided the copyright notice and this permission notice are
31 // preserved on all copies.
32 //
33 //
34 // File: pedump.c ( I included header file into source file. )
35 //
36 // LICENSE
37 // Sources released under GNU General Public License version 2
38 // or later by Mr. Sang Cho permission.
39 //
40 // REVISIONS
41 // 2000-04-23 (ea) Initial adaptation to GCC/MinGW/ROS.
42 // 2000-08-05 (ea) Initial raw adaptation done.
43 //
44
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <stdarg.h>
48 #include <string.h>
49 #include <setjmp.h>
50 #include <malloc.h>
51 #include <ctype.h>
52
53 #ifndef bcopy
54 #define bcopy(s,d,z) memcpy((d),(s),(z))
55 #endif
56
57 typedef char CHAR;
58 typedef short WCHAR;
59 typedef short SHORT;
60 typedef long LONG;
61 typedef unsigned short USHORT;
62 typedef unsigned long DWORD;
63 typedef int BOOL;
64 typedef unsigned char BYTE;
65 typedef unsigned short WORD;
66 typedef BYTE *PBYTE;
67 typedef WORD *PWORD;
68 typedef DWORD *PDWORD;
69 typedef void *LPVOID;
70 typedef int boolean;
71
72 #define VOID void
73 #define BOOLEAN boolean
74
75 #ifndef NULL
76 #define NULL 0
77 #endif
78
79 #define FALSE 0
80 #define TRUE 1
81 #define CONST const
82 #define LOWORD(l) ((WORD)(l))
83 #define WINAPI __stdcall
84
85 //
86 // Image Format
87 //
88
89 #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
90 #define IMAGE_OS2_SIGNATURE 0x454E // NE
91 #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
92 #define IMAGE_VXD_SIGNATURE 0x454C // LE
93 #define IMAGE_NT_SIGNATURE 0x00004550 // PE00
94
95 typedef struct _IMAGE_DOS_HEADER
96 { // DOS .EXE header
97
98 WORD e_magic; // Magic number
99
100 WORD e_cblp; // Bytes on last page of file
101
102 WORD e_cp; // Pages in file
103
104 WORD e_crlc; // Relocations
105
106 WORD e_cparhdr; // Size of header in paragraphs
107
108 WORD e_minalloc; // Minimum extra paragraphs needed
109
110 WORD e_maxalloc; // Maximum extra paragraphs needed
111
112 WORD e_ss; // Initial (relative) SS value
113
114 WORD e_sp; // Initial SP value
115
116 WORD e_csum; // Checksum
117
118 WORD e_ip; // Initial IP value
119
120 WORD e_cs; // Initial (relative) CS value
121
122 WORD e_lfarlc; // File address of relocation table
123
124 WORD e_ovno; // Overlay number
125
126 WORD e_res[4]; // Reserved words
127
128 WORD e_oemid; // OEM identifier (for e_oeminfo)
129
130 WORD e_oeminfo; // OEM information; e_oemid specific
131
132 WORD e_res2[10]; // Reserved words
133
134 LONG e_lfanew; // File address of new exe header
135
136 }
137 IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
138
139 //
140 // File header format.
141 //
142
143
144
145 typedef struct _IMAGE_FILE_HEADER
146 {
147 WORD Machine;
148 WORD NumberOfSections;
149 DWORD TimeDateStamp;
150 DWORD PointerToSymbolTable;
151 DWORD NumberOfSymbols;
152 WORD SizeOfOptionalHeader;
153 WORD Characteristics;
154 }
155 IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
156
157 #define IMAGE_SIZEOF_FILE_HEADER 20
158
159 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
160 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
161 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
162 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
163 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
164 #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
165 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
166 #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
167 #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
168 #define IMAGE_FILE_SYSTEM 0x1000 // System File.
169 #define IMAGE_FILE_DLL 0x2000 // File is a DLL.
170 #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
171 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
172
173 #define IMAGE_FILE_MACHINE_UNKNOWN 0
174 #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
175 #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
176 #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
177 #define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
178 #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
179 #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
180
181
182
183 //
184 // Directory format.
185 //
186
187 typedef struct _IMAGE_DATA_DIRECTORY
188 {
189 DWORD VirtualAddress;
190 DWORD Size;
191
192 }
193 IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
194
195 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
196
197 //
198 // Optional header format.
199 //
200
201 typedef struct _IMAGE_OPTIONAL_HEADER
202 {
203 //
204 // Standard fields.
205 //
206 WORD Magic;
207 BYTE MajorLinkerVersion;
208 BYTE MinorLinkerVersion;
209 DWORD SizeOfCode;
210 DWORD SizeOfInitializedData;
211 DWORD SizeOfUninitializedData;
212 DWORD AddressOfEntryPoint;
213 DWORD BaseOfCode;
214 DWORD BaseOfData;
215
216 //
217 // NT additional fields.
218 //
219
220 DWORD ImageBase;
221 DWORD SectionAlignment;
222 DWORD FileAlignment;
223 WORD MajorOperatingSystemVersion;
224 WORD MinorOperatingSystemVersion;
225 WORD MajorImageVersion;
226 WORD MinorImageVersion;
227 WORD MajorSubsystemVersion;
228 WORD MinorSubsystemVersion;
229 DWORD Win32VersionValue;
230 DWORD SizeOfImage;
231 DWORD SizeOfHeaders;
232 DWORD CheckSum;
233 WORD Subsystem;
234 WORD DllCharacteristics;
235 DWORD SizeOfStackReserve;
236 DWORD SizeOfStackCommit;
237 DWORD SizeOfHeapReserve;
238 DWORD SizeOfHeapCommit;
239 DWORD LoaderFlags;
240 DWORD NumberOfRvaAndSizes;
241 IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
242
243 }
244 IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
245
246
247 typedef struct _IMAGE_NT_HEADERS
248 {
249 DWORD Signature;
250 IMAGE_FILE_HEADER FileHeader;
251 IMAGE_OPTIONAL_HEADER OptionalHeader;
252
253 }
254 IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
255
256
257 // Directory Entries
258
259 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
260 #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
261 #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
262 #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
263 #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
264 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
265 #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
266 #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
267 #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
268 #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
269 #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
270 #define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
271 #define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
272
273 //
274 // Section header format.
275 //
276
277 #define IMAGE_SIZEOF_SHORT_NAME 8
278
279 typedef struct _IMAGE_SECTION_HEADER
280 {
281 BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
282 union
283 {
284 DWORD PhysicalAddress;
285 DWORD VirtualSize;
286 }
287 Misc;
288 DWORD VirtualAddress;
289 DWORD SizeOfRawData;
290 DWORD PointerToRawData;
291 DWORD PointerToRelocations;
292 DWORD PointerToLinenumbers;
293 WORD NumberOfRelocations;
294 WORD NumberOfLinenumbers;
295 DWORD Characteristics;
296
297 }
298 IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
299
300 #define IMAGE_SIZEOF_SECTION_HEADER 40
301
302
303 //
304 // Export Format
305 //
306
307 typedef struct _IMAGE_EXPORT_DIRECTORY
308 {
309 DWORD Characteristics;
310 DWORD TimeDateStamp;
311 WORD MajorVersion;
312 WORD MinorVersion;
313 DWORD Name;
314 DWORD Base;
315 DWORD NumberOfFunctions;
316 DWORD NumberOfNames;
317 PDWORD *AddressOfFunctions;
318 PDWORD *AddressOfNames;
319 PWORD *AddressOfNameOrdinals;
320
321 }
322 IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;
323
324 //
325 // Import Format
326 //
327
328 typedef struct _IMAGE_IMPORT_BY_NAME
329 {
330 WORD Hint;
331 BYTE Name[1];
332
333 }
334 IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
335
336 #define IMAGE_ORDINAL_FLAG 0x80000000
337 #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
338
339
340 //
341 // Resource Format.
342 //
343
344 //
345 // Resource directory consists of two counts, following by a variable length
346 // array of directory entries. The first count is the number of entries at
347 // beginning of the array that have actual names associated with each entry.
348 // The entries are in ascending order, case insensitive strings. The second
349 // count is the number of entries that immediately follow the named entries.
350 // This second count identifies the number of entries that have 16-bit integer
351 // Ids as their name. These entries are also sorted in ascending order.
352 //
353 // This structure allows fast lookup by either name or number, but for any
354 // given resource entry only one form of lookup is supported, not both.
355 // This is consistant with the syntax of the .RC file and the .RES file.
356 //
357
358 // Predefined resource types ... there may be some more, but I don't have
359 // the information yet. .....sang cho.....
360
361 #define RT_NEWRESOURCE 0x2000
362 #define RT_ERROR 0x7fff
363 #define RT_CURSOR 1
364 #define RT_BITMAP 2
365 #define RT_ICON 3
366 #define RT_MENU 4
367 #define RT_DIALOG 5
368 #define RT_STRING 6
369 #define RT_FONTDIR 7
370 #define RT_FONT 8
371 #define RT_ACCELERATORS 9
372 #define RT_RCDATA 10
373 #define RT_MESSAGETABLE 11
374 #define RT_GROUP_CURSOR 12
375 #define RT_GROUP_ICON 14
376 #define RT_VERSION 16
377 #define NEWBITMAP (RT_BITMAP|RT_NEWRESOURCE)
378 #define NEWMENU (RT_MENU|RT_NEWRESOURCE)
379 #define NEWDIALOG (RT_DIALOG|RT_NEWRESOURCE)
380
381
382 typedef struct _IMAGE_RESOURCE_DIRECTORY
383 {
384 DWORD Characteristics;
385 DWORD TimeDateStamp;
386 WORD MajorVersion;
387 WORD MinorVersion;
388 WORD NumberOfNamedEntries;
389 WORD NumberOfIdEntries;
390 // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[1];
391
392 }
393 IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
394
395 #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
396 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
397
398 //
399 // Each directory contains the 32-bit Name of the entry and an offset,
400 // relative to the beginning of the resource directory of the data associated
401 // with this directory entry. If the name of the entry is an actual text
402 // string instead of an integer Id, then the high order bit of the name field
403 // is set to one and the low order 31-bits are an offset, relative to the
404 // beginning of the resource directory of the string, which is of type
405 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
406 // low-order 16-bits are the integer Id that identify this resource directory
407 // entry. If the directory entry is yet another resource directory (i.e. a
408 // subdirectory), then the high order bit of the offset field will be
409 // set to indicate this. Otherwise the high bit is clear and the offset
410 // field points to a resource data entry.
411 //
412
413 typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY
414 {
415 DWORD Name;
416 DWORD OffsetToData;
417
418 }
419 IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
420
421 //
422 // For resource directory entries that have actual string names, the Name
423 // field of the directory entry points to an object of the following type.
424 // All of these string objects are stored together after the last resource
425 // directory entry and before the first resource data object. This minimizes
426 // the impact of these variable length objects on the alignment of the fixed
427 // size directory entry objects.
428 //
429
430 typedef struct _IMAGE_RESOURCE_DIRECTORY_STRING
431 {
432 WORD Length;
433 CHAR NameString[1];
434
435 }
436 IMAGE_RESOURCE_DIRECTORY_STRING, *PIMAGE_RESOURCE_DIRECTORY_STRING;
437
438
439 typedef struct _IMAGE_RESOURCE_DIR_STRING_U
440 {
441 WORD Length;
442 WCHAR NameString[1];
443
444 }
445 IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
446
447
448 //
449 // Each resource data entry describes a leaf node in the resource directory
450 // tree. It contains an offset, relative to the beginning of the resource
451 // directory of the data for the resource, a size field that gives the number
452 // of bytes of data at that offset, a CodePage that should be used when
453 // decoding code point values within the resource data. Typically for new
454 // applications the code page would be the unicode code page.
455 //
456
457 typedef struct _IMAGE_RESOURCE_DATA_ENTRY
458 {
459 DWORD OffsetToData;
460 DWORD Size;
461 DWORD CodePage;
462 DWORD Reserved;
463
464 }
465 IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
466
467
468 // Menu Resources ... added by .....sang cho....
469
470 // Menu resources are composed of a menu header followed by a sequential list
471 // of menu items. There are two types of menu items: pop-ups and normal menu
472 // itmes. The MENUITEM SEPARATOR is a special case of a normal menu item with
473 // an empty name, zero ID, and zero flags.
474
475 typedef struct _IMAGE_MENU_HEADER
476 {
477 WORD wVersion; // Currently zero
478
479 WORD cbHeaderSize; // Also zero
480
481 }
482 IMAGE_MENU_HEADER, *PIMAGE_MENU_HEADER;
483
484 typedef struct _IMAGE_POPUP_MENU_ITEM
485 {
486 WORD fItemFlags;
487 WCHAR szItemText[1];
488
489 }
490 IMAGE_POPUP_MENU_ITEM, *PIMAGE_POPUP_MENU_ITEM;
491
492 typedef struct _IMAGE_NORMAL_MENU_ITEM
493 {
494 WORD fItemFlags;
495 WORD wMenuID;
496 WCHAR szItemText[1];
497
498 }
499 IMAGE_NORMAL_MENU_ITEM, *PIMAGE_NORMAL_MENU_ITEM;
500
501 #define GRAYED 0x0001 // GRAYED keyword
502 #define INACTIVE 0x0002 // INACTIVE keyword
503 #define BITMAP 0x0004 // BITMAP keyword
504 #define OWNERDRAW 0x0100 // OWNERDRAW keyword
505 #define CHECKED 0x0008 // CHECKED keyword
506 #define POPUP 0x0010 // used internally
507 #define MENUBARBREAK 0x0020 // MENUBARBREAK keyword
508 #define MENUBREAK 0x0040 // MENUBREAK keyword
509 #define ENDMENU 0x0080 // used internally
510
511
512 // Dialog Box Resources .................. added by sang cho.
513
514 // A dialog box is contained in a single resource and has a header and
515 // a portion repeated for each control in the dialog box.
516 // The item DWORD IStyle is a standard window style composed of flags found
517 // in WINDOWS.H.
518 // The default style for a dialog box is:
519 // WS_POPUP | WS_BORDER | WS_SYSMENU
520 //
521 // The itme marked "Name or Ordinal" are :
522 // If the first word is an 0xffff, the next two bytes contain an ordinal ID.
523 // Otherwise, the first one or more WORDS contain a double-null-terminated string.
524 // An empty string is represented by a single WORD zero in the first location.
525 //
526 // The WORD wPointSize and WCHAR szFontName entries are present if the FONT
527 // statement was included for the dialog box. This can be detected by checking
528 // the entry IStyle. If IStyle & DS_SETFONT ( which is 0x40), then these
529 // entries will be present.
530
531 typedef struct _IMAGE_DIALOG_BOX_HEADER1
532 {
533 DWORD IStyle;
534 DWORD IExtendedStyle; // New for Windows NT
535
536 WORD nControls; // Number of Controls
537
538 WORD x;
539 WORD y;
540 WORD cx;
541 WORD cy;
542 // N_OR_O MenuName; // Name or Ordinal ID
543 // N_OR_O ClassName; // Name or Ordinal ID
544 // WCHAR szCaption[];
545 // WORD wPointSize; // Only here if FONT set for dialog
546 // WCHAR szFontName[]; // This too
547 }
548 IMAGE_DIALOG_HEADER, *PIMAGE_DIALOG_HEADER;
549
550 typedef union _NAME_OR_ORDINAL
551 { // Name or Ordinal ID
552
553 struct _ORD_ID
554 {
555 WORD flgId;
556 WORD Id;
557 }
558 ORD_ID;
559 WCHAR szName[1];
560 }
561 NAME_OR_ORDINAL, *PNAME_OR_ORDINAL;
562
563 // The data for each control starts on a DWORD boundary (which may require
564 // some padding from the previous control), and its format is as follows:
565
566 typedef struct _IMAGE_CONTROL_DATA
567 {
568 DWORD IStyle;
569 DWORD IExtendedStyle;
570 WORD x;
571 WORD y;
572 WORD cx;
573 WORD cy;
574 WORD wId;
575 // N_OR_O ClassId;
576 // N_OR_O Text;
577 // WORD nExtraStuff;
578 }
579 IMAGE_CONTROL_DATA, *PIMAGE_CONTROL_DATA;
580
581 #define BUTTON 0x80
582 #define EDIT 0x81
583 #define STATIC 0x82
584 #define LISTBOX 0x83
585 #define SCROLLBAR 0x84
586 #define COMBOBOX 0x85
587
588 // The various statements used in a dialog script are all mapped to these
589 // classes along with certain modifying styles. The values for these styles
590 // can be found in WINDOWS.H. All dialog controls have the default styles
591 // of WS_CHILD and WS_VISIBLE. A list of the default styles used follows:
592 //
593 // Statement Default Class Default Styles
594 // CONTROL None WS_CHILD|WS_VISIBLE
595 // LTEXT STATIC ES_LEFT
596 // RTEXT STATIC ES_RIGHT
597 // CTEXT STATIC ES_CENTER
598 // LISTBOX LISTBOX WS_BORDER|LBS_NOTIFY
599 // CHECKBOX BUTTON BS_CHECKBOX|WS_TABSTOP
600 // PUSHBUTTON BUTTON BS_PUSHBUTTON|WS_TABSTOP
601 // GROUPBOX BUTTON BS_GROUPBOX
602 // DEFPUSHBUTTON BUTTON BS_DFPUSHBUTTON|WS_TABSTOP
603 // RADIOBUTTON BUTTON BS_RADIOBUTTON
604 // AUTOCHECKBOX BUTTON BS_AUTOCHECKBOX
605 // AUTO3STATE BUTTON BS_AUTO3STATE
606 // AUTORADIOBUTTON BUTTON BS_AUTORADIOBUTTON
607 // PUSHBOX BUTTON BS_PUSHBOX
608 // STATE3 BUTTON BS_3STATE
609 // EDITTEXT EDIT ES_LEFT|WS_BORDER|WS_TABSTOP
610 // COMBOBOX COMBOBOX None
611 // ICON STATIC SS_ICON
612 // SCROLLBAR SCROLLBAR None
613 ///
614
615 #define WS_OVERLAPPED 0x00000000L
616 #define WS_POPUP 0x80000000L
617 #define WS_CHILD 0x40000000L
618 #define WS_CLIPSIBLINGS 0x04000000L
619 #define WS_CLIPCHILDREN 0x02000000L
620 #define WS_VISIBLE 0x10000000L
621 #define WS_DISABLED 0x08000000L
622 #define WS_MINIMIZE 0x20000000L
623 #define WS_MAXIMIZE 0x01000000L
624 #define WS_CAPTION 0x00C00000L
625 #define WS_BORDER 0x00800000L
626 #define WS_DLGFRAME 0x00400000L
627 #define WS_VSCROLL 0x00200000L
628 #define WS_HSCROLL 0x00100000L
629 #define WS_SYSMENU 0x00080000L
630 #define WS_THICKFRAME 0x00040000L
631 #define WS_MINIMIZEBOX 0x00020000L
632 #define WS_MAXIMIZEBOX 0x00010000L
633 #define WS_GROUP 0x00020000L
634 #define WS_TABSTOP 0x00010000L
635
636 // other aliases
637 #define WS_OVERLAPPEDWINDOW (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX)
638 #define WS_POPUPWINDOW (WS_POPUP | WS_BORDER | WS_SYSMENU)
639 #define WS_CHILDWINDOW (WS_CHILD)
640 #define WS_TILED WS_OVERLAPPED
641 #define WS_ICONIC WS_MINIMIZE
642 #define WS_SIZEBOX WS_THICKFRAME
643 #define WS_TILEDWINDOW WS_OVERLAPPEDWINDOW
644
645 #define WS_EX_DLGMODALFRAME 0x00000001L
646 #define WS_EX_NOPARENTNOTIFY 0x00000004L
647 #define WS_EX_TOPMOST 0x00000008L
648 #define WS_EX_ACCEPTFILES 0x00000010L
649 #define WS_EX_TRANSPARENT 0x00000020L
650
651 #define BS_PUSHBUTTON 0x00000000L
652 #define BS_DEFPUSHBUTTON 0x00000001L
653 #define BS_CHECKBOX 0x00000002L
654 #define BS_AUTOCHECKBOX 0x00000003L
655 #define BS_RADIOBUTTON 0x00000004L
656 #define BS_3STATE 0x00000005L
657 #define BS_AUTO3STATE 0x00000006L
658 #define BS_GROUPBOX 0x00000007L
659 #define BS_USERBUTTON 0x00000008L
660 #define BS_AUTORADIOBUTTON 0x00000009L
661 #define BS_OWNERDRAW 0x0000000BL
662 #define BS_LEFTTEXT 0x00000020L
663
664 #define ES_LEFT 0x00000000L
665 #define ES_CENTER 0x00000001L
666 #define ES_RIGHT 0x00000002L
667 #define ES_MULTILINE 0x00000004L
668 #define ES_UPPERCASE 0x00000008L
669 #define ES_LOWERCASE 0x00000010L
670 #define ES_PASSWORD 0x00000020L
671 #define ES_AUTOVSCROLL 0x00000040L
672 #define ES_AUTOHSCROLL 0x00000080L
673 #define ES_NOHIDESEL 0x00000100L
674 #define ES_OEMCONVERT 0x00000400L
675 #define ES_READONLY 0x00000800L
676 #define ES_WANTRETURN 0x00001000L
677
678 #define LBS_NOTIFY 0x0001L
679 #define LBS_SORT 0x0002L
680 #define LBS_NOREDRAW 0x0004L
681 #define LBS_MULTIPLESEL 0x0008L
682 #define LBS_OWNERDRAWFIXED 0x0010L
683 #define LBS_OWNERDRAWVARIABLE 0x0020L
684 #define LBS_HASSTRINGS 0x0040L
685 #define LBS_USETABSTOPS 0x0080L
686 #define LBS_NOINTEGRALHEIGHT 0x0100L
687 #define LBS_MULTICOLUMN 0x0200L
688 #define LBS_WANTKEYBOARDINPUT 0x0400L
689 #define LBS_EXTENDEDSEL 0x0800L
690 #define LBS_DISABLENOSCROLL 0x1000L
691
692 #define SS_LEFT 0x00000000L
693 #define SS_CENTER 0x00000001L
694 #define SS_RIGHT 0x00000002L
695 #define SS_ICON 0x00000003L
696 #define SS_BLACKRECT 0x00000004L
697 #define SS_GRAYRECT 0x00000005L
698 #define SS_WHITERECT 0x00000006L
699 #define SS_BLACKFRAME 0x00000007L
700 #define SS_GRAYFRAME 0x00000008L
701 #define SS_WHITEFRAME 0x00000009L
702 #define SS_SIMPLE 0x0000000BL
703 #define SS_LEFTNOWORDWRAP 0x0000000CL
704 #define SS_BITMAP 0x0000000EL
705
706 //
707 // Debug Format
708 //
709
710 typedef struct _IMAGE_DEBUG_DIRECTORY
711 {
712 DWORD Characteristics;
713 DWORD TimeDateStamp;
714 WORD MajorVersion;
715 WORD MinorVersion;
716 DWORD Type;
717 DWORD SizeOfData;
718 DWORD AddressOfRawData;
719 DWORD PointerToRawData;
720 }
721 IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
722
723 #define IMAGE_DEBUG_TYPE_UNKNOWN 0
724 #define IMAGE_DEBUG_TYPE_COFF 1
725 #define IMAGE_DEBUG_TYPE_CODEVIEW 2
726 #define IMAGE_DEBUG_TYPE_FPO 3
727 #define IMAGE_DEBUG_TYPE_MISC 4
728 #define IMAGE_DEBUG_TYPE_EXCEPTION 5
729 #define IMAGE_DEBUG_TYPE_FIXUP 6
730 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
731 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
732
733
734 typedef struct _IMAGE_DEBUG_MISC
735 {
736 DWORD DataType; // type of misc data, see defines
737
738 DWORD Length; // total length of record, rounded to four
739 // byte multiple.
740
741 BOOLEAN Unicode; // TRUE if data is unicode string
742
743 BYTE Reserved[3];
744 BYTE Data[1]; // Actual data
745
746 }
747 IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
748
749
750 //
751 // Debugging information can be stripped from an image file and placed
752 // in a separate .DBG file, whose file name part is the same as the
753 // image file name part (e.g. symbols for CMD.EXE could be stripped
754 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
755 // flag in the Characteristics field of the file header. The beginning of
756 // the .DBG file contains the following structure which captures certain
757 // information from the image file. This allows a debug to proceed even if
758 // the original image file is not accessable. This header is followed by
759 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
760 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
761 // the image file contain file offsets relative to the beginning of the
762 // .DBG file.
763 //
764 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
765 // is left in the image file, but not mapped. This allows a debugger to
766 // compute the name of the .DBG file, from the name of the image in the
767 // IMAGE_DEBUG_MISC structure.
768 //
769
770 typedef struct _IMAGE_SEPARATE_DEBUG_HEADER
771 {
772 WORD Signature;
773 WORD Flags;
774 WORD Machine;
775 WORD Characteristics;
776 DWORD TimeDateStamp;
777 DWORD CheckSum;
778 DWORD ImageBase;
779 DWORD SizeOfImage;
780 DWORD NumberOfSections;
781 DWORD ExportedNamesSize;
782 DWORD DebugDirectorySize;
783 DWORD SectionAlignment;
784 DWORD Reserved[2];
785 }
786 IMAGE_SEPARATE_DEBUG_HEADER, *PIMAGE_SEPARATE_DEBUG_HEADER;
787
788 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
789
790 #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
791 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
792 // old checksum didn't match.
793
794
795 //
796 // End Image Format
797 //
798
799
800 #define SIZE_OF_NT_SIGNATURE sizeof (DWORD)
801 #define MAXRESOURCENAME 13
802
803 /* global macros to define header offsets into file */
804 /* offset to PE file signature */
805 #define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + \
806 ((PIMAGE_DOS_HEADER)a)->e_lfanew))
807
808 /* DOS header identifies the NT PEFile signature dword
809 the PEFILE header exists just after that dword */
810 #define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + \
811 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
812 SIZE_OF_NT_SIGNATURE))
813
814 /* PE optional header is immediately after PEFile header */
815 #define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + \
816 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
817 SIZE_OF_NT_SIGNATURE + \
818 sizeof (IMAGE_FILE_HEADER)))
819
820 /* section headers are immediately after PE optional header */
821 #define SECHDROFFSET(a) ((LPVOID)((BYTE *)a + \
822 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
823 SIZE_OF_NT_SIGNATURE + \
824 sizeof (IMAGE_FILE_HEADER) + \
825 sizeof (IMAGE_OPTIONAL_HEADER)))
826
827
828 typedef struct tagImportDirectory
829 {
830 DWORD dwRVAFunctionNameList;
831 DWORD dwUseless1;
832 DWORD dwUseless2;
833 DWORD dwRVAModuleName;
834 DWORD dwRVAFunctionAddressList;
835 }
836 IMAGE_IMPORT_MODULE_DIRECTORY, *PIMAGE_IMPORT_MODULE_DIRECTORY;
837
838
839 /* global prototypes for functions in pefile.c */
840 /* PE file header info */
841 BOOL WINAPI GetDosHeader (LPVOID, PIMAGE_DOS_HEADER);
842 DWORD WINAPI ImageFileType (LPVOID);
843 BOOL WINAPI GetPEFileHeader (LPVOID, PIMAGE_FILE_HEADER);
844
845 /* PE optional header info */
846 BOOL WINAPI GetPEOptionalHeader (LPVOID, PIMAGE_OPTIONAL_HEADER);
847 LPVOID WINAPI GetModuleEntryPoint (LPVOID);
848 int WINAPI NumOfSections (LPVOID);
849 LPVOID WINAPI GetImageBase (LPVOID);
850 LPVOID WINAPI ImageDirectoryOffset (LPVOID, DWORD);
851 LPVOID WINAPI ImageDirectorySection (LPVOID, DWORD);
852
853 /* PE section header info */
854 //int WINAPI GetSectionNames (LPVOID, HANDLE, char **);
855 int WINAPI GetSectionNames (LPVOID, char **);
856 BOOL WINAPI GetSectionHdrByName (LPVOID, PIMAGE_SECTION_HEADER, char *);
857
858 //
859 // structur to store string tokens
860 //
861 typedef struct _Str_P
862 {
863 char flag; // string_flag '@' or '%' or '#'
864
865 char *pos; // starting postion of string
866
867 int length; // length of string
868
869 BOOL wasString; // if it were stringMode or not
870
871 }
872 Str_P;
873
874 /* import section info */
875 int WINAPI GetImportModuleNames (LPVOID, char **);
876 int WINAPI GetImportFunctionNamesByModule (LPVOID, char *, char **);
877
878 // import function name reporting
879 int WINAPI GetStringLength (char *);
880 void WINAPI GetPreviousParamString (char *, char *);
881 void WINAPI TranslateParameters (char **, char **, char **);
882 BOOL WINAPI StringExpands (char **, char **, char **, Str_P *);
883 char * WINAPI TranslateFunctionName (char *);
884
885 /* export section info */
886 int WINAPI GetExportFunctionNames (LPVOID, char **);
887
888 /* resource section info */
889 int WINAPI GetNumberOfResources (LPVOID);
890 int WINAPI GetListOfResourceTypes (LPVOID, char **);
891 int WINAPI MenuScan (int *, WORD **);
892 int WINAPI MenuFill (char **, WORD **);
893 void WINAPI StrangeMenuFill (char **, WORD **, int);
894 int WINAPI GetContentsOfMenu (LPVOID, char **);
895 int WINAPI PrintMenu (int, char **);
896 int WINAPI PrintStrangeMenu (char **);
897 int WINAPI dumpMenu (char **psz, int size);
898
899 /* debug section info */
900 BOOL WINAPI IsDebugInfoStripped (LPVOID);
901 int WINAPI RetrieveModuleName (LPVOID, char **);
902 BOOL WINAPI IsDebugFile (LPVOID);
903 BOOL WINAPI GetSeparateDebugHeader (LPVOID, PIMAGE_SEPARATE_DEBUG_HEADER);
904
905
906 /**********************************************************************
907 * NAME
908 *
909 * DESCRIPTION
910 * Copy DOS header information to structure.
911 *
912 * ARGUMENTS
913 */
914 BOOL WINAPI
GetDosHeader(LPVOID lpFile,PIMAGE_DOS_HEADER pHeader)915 GetDosHeader (
916 LPVOID lpFile,
917 PIMAGE_DOS_HEADER pHeader
918 )
919 {
920 /*
921 * DOS header represents first structure
922 * of bytes in PE image file.
923 */
924 if ((WORD) IMAGE_DOS_SIGNATURE == *(WORD *) lpFile)
925 {
926 bcopy (
927 lpFile,
928 (LPVOID) pHeader,
929 sizeof (IMAGE_DOS_HEADER)
930 );
931 return TRUE;
932 }
933 return FALSE;
934 }
935
936
937
938
939 /* return file signature */
940 DWORD WINAPI
ImageFileType(LPVOID lpFile)941 ImageFileType (
942 LPVOID lpFile)
943 {
944 /* dos file signature comes first */
945 if (*(USHORT *) lpFile == IMAGE_DOS_SIGNATURE)
946 {
947 /* determine location of PE File header from dos header */
948 if (LOWORD (*(DWORD *) NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE ||
949 LOWORD (*(DWORD *) NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE_LE)
950 return (DWORD) LOWORD (*(DWORD *) NTSIGNATURE (lpFile));
951
952 else if (*(DWORD *) NTSIGNATURE (lpFile) == IMAGE_NT_SIGNATURE)
953 return IMAGE_NT_SIGNATURE;
954
955 else
956 return IMAGE_DOS_SIGNATURE;
957 }
958
959 else
960 /* unknown file type */
961 return 0;
962 }
963
964
965
966
967 /* copy file header information to structure */
968 BOOL WINAPI
GetPEFileHeader(LPVOID lpFile,PIMAGE_FILE_HEADER pHeader)969 GetPEFileHeader (
970 LPVOID lpFile,
971 PIMAGE_FILE_HEADER pHeader)
972 {
973 /* file header follows dos header */
974 if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
975 bcopy (PEFHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_FILE_HEADER));
976 else
977 return FALSE;
978
979 return TRUE;
980 }
981
982
983
984
985
986 /* copy optional header info to structure */
987 BOOL WINAPI
GetPEOptionalHeader(LPVOID lpFile,PIMAGE_OPTIONAL_HEADER pHeader)988 GetPEOptionalHeader (
989 LPVOID lpFile,
990 PIMAGE_OPTIONAL_HEADER pHeader)
991 {
992 /* optional header follows file header and dos header */
993 if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
994 bcopy (OPTHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_OPTIONAL_HEADER));
995 else
996 return FALSE;
997
998 return TRUE;
999 }
1000
1001
1002
1003
1004 /* function returns the entry point for an exe module lpFile must
1005 be a memory mapped file pointer to the beginning of the image file */
1006 LPVOID WINAPI
GetModuleEntryPoint(LPVOID lpFile)1007 GetModuleEntryPoint (
1008 LPVOID lpFile)
1009 {
1010 PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1011
1012 if (poh != NULL)
1013 return (LPVOID) (poh->AddressOfEntryPoint);
1014 else
1015 return NULL;
1016 }
1017
1018
1019
1020
1021 /* return the total number of sections in the module */
1022 int WINAPI
NumOfSections(LPVOID lpFile)1023 NumOfSections (
1024 LPVOID lpFile)
1025 {
1026 /* number os sections is indicated in file header */
1027 return ((int) ((PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile))->NumberOfSections);
1028 }
1029
1030
1031
1032
1033 /* retrieve entry point */
1034 LPVOID WINAPI
GetImageBase(LPVOID lpFile)1035 GetImageBase (
1036 LPVOID lpFile)
1037 {
1038 PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1039
1040 if (poh != NULL)
1041 return (LPVOID) (poh->ImageBase);
1042 else
1043 return NULL;
1044 }
1045
1046
1047
1048 //
1049 // This function is written by sang cho
1050 // .. october 5, 1997
1051 //
1052 /* function returns the actual address of given RVA, lpFile must
1053 be a memory mapped file pointer to the beginning of the image file */
1054 LPVOID WINAPI
GetActualAddress(LPVOID lpFile,DWORD dwRVA)1055 GetActualAddress (
1056 LPVOID lpFile,
1057 DWORD dwRVA)
1058 {
1059 // PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile);
1060 PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
1061 int nSections = NumOfSections (lpFile);
1062 int i = 0;
1063
1064 if (dwRVA == 0)
1065 return NULL;
1066 if (dwRVA & 0x80000000)
1067 {
1068 //return (LPVOID)dwRVA;
1069 printf ("\n$$ what is going on $$");
1070 exit (0);
1071 }
1072
1073 /* locate section containing image directory */
1074 while (i++ < nSections)
1075 {
1076 if (psh->VirtualAddress <= (DWORD) dwRVA &&
1077 psh->VirtualAddress + psh->SizeOfRawData > (DWORD) dwRVA)
1078 break;
1079 psh++;
1080 }
1081
1082 if (i > nSections)
1083 return NULL;
1084
1085 /* return image import directory offset */
1086 return (LPVOID) (((int) lpFile + (int) dwRVA - psh->VirtualAddress) +
1087 (int) psh->PointerToRawData);
1088 }
1089
1090
1091 //
1092 // This function is modified by sang cho
1093 //
1094 //
1095 /* return offset to specified IMAGE_DIRECTORY entry */
1096 LPVOID WINAPI
ImageDirectoryOffset(LPVOID lpFile,DWORD dwIMAGE_DIRECTORY)1097 ImageDirectoryOffset (
1098 LPVOID lpFile,
1099 DWORD dwIMAGE_DIRECTORY)
1100 {
1101 PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1102 PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
1103 int nSections = NumOfSections (lpFile);
1104 int i = 0;
1105 LPVOID VAImageDir;
1106
1107 /* must be 0 thru (NumberOfRvaAndSizes-1) */
1108 if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes)
1109 return NULL;
1110
1111 /* locate specific image directory's relative virtual address */
1112 VAImageDir = (LPVOID) poh->DataDirectory[dwIMAGE_DIRECTORY].VirtualAddress;
1113
1114 if (VAImageDir == NULL)
1115 return NULL;
1116 /* locate section containing image directory */
1117 while (i++ < nSections)
1118 {
1119 if (psh->VirtualAddress <= (DWORD) VAImageDir &&
1120 psh->VirtualAddress + psh->SizeOfRawData > (DWORD) VAImageDir)
1121 break;
1122 psh++;
1123 }
1124
1125 if (i > nSections)
1126 return NULL;
1127
1128 /* return image import directory offset */
1129 return (LPVOID) (((int) lpFile + (int) VAImageDir - psh->VirtualAddress) +
1130 (int) psh->PointerToRawData);
1131 }
1132
1133
1134 /* function retrieve names of all the sections in the file */
1135 int WINAPI
GetSectionNames(LPVOID lpFile,char ** pszSections)1136 GetSectionNames (
1137 LPVOID lpFile,
1138 char **pszSections)
1139 {
1140 int nSections = NumOfSections (lpFile);
1141 int i, nCnt = 0;
1142 PIMAGE_SECTION_HEADER psh;
1143 char *ps;
1144
1145
1146 if (ImageFileType (lpFile) != IMAGE_NT_SIGNATURE ||
1147 (psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) == NULL)
1148 return 0;
1149
1150 /* count the number of chars used in the section names */
1151 for (i = 0; i < nSections; i++)
1152 nCnt += strlen ((char *)psh[i].Name) + 1;
1153
1154 /* allocate space for all section names from heap */
1155 ps = *pszSections = (char *) calloc (nCnt, 1);
1156
1157
1158 for (i = 0; i < nSections; i++)
1159 {
1160 strcpy (ps, (char *)psh[i].Name);
1161 ps += strlen ((char *)psh[i].Name) + 1;
1162 }
1163
1164 return nCnt;
1165 }
1166
1167
1168
1169
1170 /* function gets the function header for a section identified by name */
1171 BOOL WINAPI
GetSectionHdrByName(LPVOID lpFile,IMAGE_SECTION_HEADER * sh,char * szSection)1172 GetSectionHdrByName (
1173 LPVOID lpFile,
1174 IMAGE_SECTION_HEADER * sh,
1175 char *szSection)
1176 {
1177 PIMAGE_SECTION_HEADER psh;
1178 int nSections = NumOfSections (lpFile);
1179 int i;
1180
1181
1182 if ((psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) != NULL)
1183 {
1184 /* find the section by name */
1185 for (i = 0; i < nSections; i++)
1186 {
1187 if (!strcmp ((char *)psh->Name, szSection))
1188 {
1189 /* copy data to header */
1190 bcopy ((LPVOID) psh, (LPVOID) sh, sizeof (IMAGE_SECTION_HEADER));
1191 return TRUE;
1192 }
1193 else
1194 psh++;
1195 }
1196 }
1197 return FALSE;
1198 }
1199
1200
1201
1202 //
1203 // This function is modified by sang cho
1204 //
1205 //
1206 /* get import modules names separated by null terminators, return module count */
1207 int WINAPI
GetImportModuleNames(LPVOID lpFile,char ** pszModules)1208 GetImportModuleNames (
1209 LPVOID lpFile,
1210 char **pszModules)
1211 {
1212 PIMAGE_IMPORT_MODULE_DIRECTORY pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)
1213 ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1214 //
1215 // sometimes there may be no section for idata or edata
1216 // instead rdata or data section may contain these sections ..
1217 // or even module names or function names are in different section.
1218 // so that's why we need to get actual address of RVAs each time.
1219 // ...................sang cho..................
1220 //
1221 // PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1222 // ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1223 // BYTE *pData = (BYTE *)pid;
1224 // DWORD *pdw = (DWORD *)pid;
1225 int nCnt = 0, nSize = 0, i;
1226 char *pModule[1024]; /* hardcoded maximum number of modules?? */
1227 char *psz;
1228
1229 if (pid == NULL)
1230 return 0;
1231
1232 // pData = (BYTE *)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1233
1234 /* extract all import modules */
1235 while (pid->dwRVAModuleName)
1236 {
1237 /* allocate temporary buffer for absolute string offsets */
1238 //pModule[nCnt] = (char *)(pData + pid->dwRVAModuleName);
1239 pModule[nCnt] = (char *) GetActualAddress (lpFile, pid->dwRVAModuleName);
1240 nSize += strlen (pModule[nCnt]) + 1;
1241
1242 /* increment to the next import directory entry */
1243 pid++;
1244 nCnt++;
1245 }
1246
1247 /* copy all strings to one chunk of memory */
1248 *pszModules = (char *) calloc (nSize, 1);
1249 psz = *pszModules;
1250 for (i = 0; i < nCnt; i++)
1251 {
1252 strcpy (psz, pModule[i]);
1253 psz += strlen (psz) + 1;
1254 }
1255 return nCnt;
1256 }
1257
1258
1259 //
1260 // This function is rewritten by sang cho
1261 //
1262 //
1263 /* get import module function names separated by null terminators, return function count */
1264 int WINAPI
GetImportFunctionNamesByModule(LPVOID lpFile,char * pszModule,char ** pszFunctions)1265 GetImportFunctionNamesByModule (
1266 LPVOID lpFile,
1267 char *pszModule,
1268 char **pszFunctions)
1269 {
1270 PIMAGE_IMPORT_MODULE_DIRECTORY pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)
1271 ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1272 //
1273 // sometimes there may be no section for idata or edata
1274 // instead rdata or data section may contain these sections ..
1275 // or even module names or function names are in different section.
1276 // so that's why we need to get actual address each time.
1277 // ...................sang cho..................
1278 //
1279 //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1280 //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1281 //DWORD dwBase;
1282 int nCnt = 0, nSize = 0;
1283 int nnid = 0;
1284 int mnlength, i;
1285 DWORD dwFunctionName;
1286 DWORD dwFunctionAddress;
1287 char name[128];
1288 char buff[256]; // enough for any string ??
1289
1290 char *psz;
1291 DWORD *pdw;
1292
1293 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1294
1295 /* find module's pid */
1296 while (pid->dwRVAModuleName &&
1297 strcmp (pszModule, (char *) GetActualAddress (lpFile, pid->dwRVAModuleName)))
1298 pid++;
1299
1300 /* exit if the module is not found */
1301 if (!pid->dwRVAModuleName)
1302 return 0;
1303
1304 // I am doing this to get rid of .dll from module name
1305 strcpy (name, pszModule);
1306 mnlength = strlen (pszModule);
1307 for (i = 0; i < mnlength; i++)
1308 if (name[i] == '.')
1309 break;
1310 name[i] = 0;
1311 mnlength = i;
1312
1313 /* count number of function names and length of strings */
1314 dwFunctionName = pid->dwRVAFunctionNameList;
1315
1316 // IMAGE_IMPORT_BY_NAME OR IMAGE_THUNK_DATA
1317 // modified by Sang Cho
1318 while (dwFunctionName &&
1319 *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1320 {
1321 if ((*pdw) & 0x80000000)
1322 nSize += mnlength + 10 + 1 + 6;
1323 else
1324 nSize += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1 + 6;
1325 dwFunctionName += 4;
1326 nCnt++;
1327 }
1328
1329 /* allocate memory for function names */
1330 *pszFunctions = (char *) calloc (nSize, 1);
1331 psz = *pszFunctions;
1332
1333 //
1334 // I modified this part to store function address (4 bytes),
1335 // ord number (2 bytes),
1336 // and name strings (which was there originally)
1337 // so that's why there are 6 more bytes...... +6, or +4 and +2 etc.
1338 // these informations are used where they are needed.
1339 // ...........sang cho..................
1340 //
1341 /* copy function names to mempry pointer */
1342 dwFunctionName = pid->dwRVAFunctionNameList;
1343 dwFunctionAddress = pid->dwRVAFunctionAddressList;
1344 while (dwFunctionName &&
1345 *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1346 {
1347 if ((*pdw) & 0x80000000)
1348 {
1349 *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1350 psz += 4;
1351 *(short *) psz = *(short *) pdw;
1352 psz += 2;
1353 sprintf (buff, "%s:NoName%04d", name, nnid++);
1354 strcpy (psz, buff);
1355 psz += strlen (buff) + 1;
1356 }
1357 else
1358 {
1359 *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1360 psz += 4;
1361 *(short *) psz = (*(short *) GetActualAddress (lpFile, *pdw));
1362 psz += 2;
1363 strcpy (psz, (char *) GetActualAddress (lpFile, *pdw + 2));
1364 psz += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1;
1365 }
1366 dwFunctionName += 4;
1367 dwFunctionAddress += 4;
1368 }
1369
1370 return nCnt;
1371 }
1372
1373
1374
1375
1376 //
1377 // This function is written by sang cho
1378 // October 6, 1997
1379 //
1380 /* get numerically expressed string length */
1381 int WINAPI
GetStringLength(char * psz)1382 GetStringLength (
1383 char *psz)
1384 {
1385 if (!isdigit (*psz))
1386 return 0;
1387 if (isdigit (*(psz + 1)))
1388 return (*psz - '0') * 10 + *(psz + 1) - '0';
1389 else
1390 return *psz - '0';
1391 }
1392
1393
1394
1395
1396 //
1397 // This function is written by sang cho
1398 // October 12, 1997
1399 //
1400
1401 /* translate parameter part of condensed name */
1402 void WINAPI
GetPreviousParamString(char * xpin,char * xpout)1403 GetPreviousParamString (
1404 char *xpin, // read-only source
1405 char *xpout) // translated result
1406 {
1407 int n = 0;
1408 char *pin, *pout;
1409
1410 pin = xpin;
1411 pout = xpout;
1412
1413 pin--;
1414 if (*pin == ',')
1415 pin--;
1416 else
1417 {
1418 printf ("\n **error PreviousParamString1 char = %c", *pin);
1419 exit (0);
1420 }
1421
1422 while (*pin)
1423 {
1424 if (*pin == '>')
1425 n++;
1426 else if (*pin == '<')
1427 n--;
1428 else if (*pin == ')')
1429 n++;
1430
1431 if (n > 0)
1432 {
1433 if (*pin == '(')
1434 n--;
1435 }
1436 else if (strchr (",(", *pin))
1437 break;
1438 pin--;
1439 }
1440
1441 //printf("\n ----- %s", pin);
1442 if (strchr (",(", *pin))
1443 {
1444 pin++;
1445 } // printf("\n %s", pin); }
1446
1447 else
1448 {
1449 printf ("\n **error PreviousParamString2");
1450 exit (0);
1451 }
1452
1453 n = xpin - pin - 1;
1454 strncpy (pout, pin, n);
1455 *(pout + n) = 0;
1456 }
1457
1458
1459
1460
1461 //
1462 // This function is written by sang cho
1463 // October 10, 1997
1464 //
1465
1466 /* translate parameter part of condensed name */
1467 void WINAPI
TranslateParameters(char ** ppin,char ** ppout,char ** pps)1468 TranslateParameters (
1469 char **ppin, // read-only source
1470 char **ppout, // translated result
1471 char **pps) // parameter stack
1472 {
1473 int i, n;
1474 char c;
1475 char name[128];
1476 char *pin, *pout, *ps;
1477
1478 //printf(" %c ", **in);
1479 pin = *ppin;
1480 pout = *ppout;
1481 ps = *pps;
1482 c = *pin;
1483 switch (c)
1484 {
1485 // types processing
1486 case 'b':
1487 strcpy (pout, "byte");
1488 pout += 4;
1489 pin++;
1490 break;
1491 case 'c':
1492 strcpy (pout, "char");
1493 pout += 4;
1494 pin++;
1495 break;
1496 case 'd':
1497 strcpy (pout, "double");
1498 pout += 6;
1499 pin++;
1500 break;
1501 case 'f':
1502 strcpy (pout, "float");
1503 pout += 5;
1504 pin++;
1505 break;
1506 case 'g':
1507 strcpy (pout, "long double");
1508 pout += 11;
1509 pin++;
1510 break;
1511 case 'i':
1512 strcpy (pout, "int");
1513 pout += 3;
1514 pin++;
1515 break;
1516 case 'l':
1517 strcpy (pout, "long");
1518 pout += 4;
1519 pin++;
1520 break;
1521 case 's':
1522 strcpy (pout, "short");
1523 pout += 5;
1524 pin++;
1525 break;
1526 case 'v':
1527 strcpy (pout, "void");
1528 pout += 4;
1529 pin++;
1530 break;
1531 // postfix processing
1532 case 'M':
1533 case 'p':
1534 if (*(pin + 1) == 'p')
1535 {
1536 *ps++ = 'p';
1537 pin += 2;
1538 }
1539 else
1540 {
1541 *ps++ = '*';
1542 pin++;
1543 }
1544 *ppin = pin;
1545 *ppout = pout;
1546 *pps = ps;
1547 return;
1548 case 'q':
1549 *pout++ = '(';
1550 pin++;
1551 *ps++ = 'q';
1552 *ppin = pin;
1553 *ppout = pout;
1554 *pps = ps;
1555 return;
1556 case 'r':
1557 if (*(pin + 1) == 'p')
1558 {
1559 *ps++ = 'r';
1560 pin += 2;
1561 }
1562 else
1563 {
1564 *ps++ = '&';
1565 pin++;
1566 }
1567 *ppin = pin;
1568 *ppout = pout;
1569 *pps = ps;
1570 return;
1571 // repeat processing
1572 case 't':
1573 if (isdigit (*(pin + 1)))
1574 {
1575 n = *(pin + 1) - '0';
1576 pin++;
1577 pin++;
1578 GetPreviousParamString (pout, name);
1579 strcpy (pout, name);
1580 pout += strlen (name);
1581 for (i = 1; i < n; i++)
1582 {
1583 *pout++ = ',';
1584 strcpy (pout, name);
1585 pout += strlen (name);
1586 }
1587 }
1588 else
1589 pin++;
1590 break;
1591 // prefix processing
1592 case 'u':
1593 strcpy (pout, "u");
1594 pout += 1;
1595 pin++;
1596 *ppin = pin;
1597 *ppout = pout;
1598 *pps = ps;
1599 return;
1600 case 'x':
1601 strcpy (pout, "const ");
1602 pout += 6;
1603 pin++;
1604 *ppin = pin;
1605 *ppout = pout;
1606 *pps = ps;
1607 return;
1608 case 'z':
1609 strcpy (pout, "static ");
1610 pout += 7;
1611 pin++;
1612 *ppin = pin;
1613 *ppout = pout;
1614 *pps = ps;
1615 return;
1616 default:
1617 strcpy (pout, "!1!");
1618 pout += 3;
1619 *pout++ = *pin++;
1620 *ppin = pin;
1621 *ppout = pout;
1622 *pps = ps;
1623 return;
1624 }
1625 // need to process postfix finally
1626 c = *(ps - 1);
1627 if (strchr ("tqx", c))
1628 {
1629 if (*(pin) && !strchr ("@$%", *(pin)))
1630 *pout++ = ',';
1631 *ppin = pin;
1632 *ppout = pout;
1633 *pps = ps;
1634 return;
1635 }
1636 switch (c)
1637 {
1638 case 'r':
1639 strcpy (pout, "*&");
1640 pout += 2;
1641 ps--;
1642 break;
1643 case 'p':
1644 strcpy (pout, "**");
1645 pout += 2;
1646 ps--;
1647 break;
1648 case '&':
1649 strcpy (pout, "&");
1650 pout += 1;
1651 ps--;
1652 break;
1653 case '*':
1654 strcpy (pout, "*");
1655 pout += 1;
1656 ps--;
1657 break;
1658 default:
1659 strcpy (pout, "!2!");
1660 pout += 3;
1661 ps--;
1662 break;
1663 }
1664 if (*(pin) && !strchr ("@$%", *(pin)))
1665 *pout++ = ',';
1666 *ppin = pin;
1667 *ppout = pout;
1668 *pps = ps;
1669 }
1670
1671
1672 //
1673 // This function is written by sang cho
1674 // October 11, 1997
1675 //
1676
1677 /* translate parameter part of condensed name */
1678 BOOL WINAPI
StringExpands(char ** ppin,char ** ppout,char ** pps,Str_P * pcstr)1679 StringExpands (
1680 char **ppin, // read-only source
1681 char **ppout, // translated result
1682 char **pps, // parameter stack
1683 Str_P * pcstr) // currently stored string
1684 {
1685 // int n;
1686 // char c;
1687 char *pin, *pout, *ps;
1688 Str_P c_str;
1689 BOOL stringMode = TRUE;
1690
1691 pin = *ppin;
1692 pout = *ppout;
1693 ps = *pps;
1694 c_str = *pcstr;
1695
1696 if (strncmp (pin, "bctr", 4) == 0)
1697 {
1698 strncpy (pout, c_str.pos, c_str.length);
1699 pout += c_str.length;
1700 pin += 4;
1701 }
1702 else if (strncmp (pin, "bdtr", 4) == 0)
1703 {
1704 *pout++ = '~';
1705 strncpy (pout, c_str.pos, c_str.length);
1706 pout += c_str.length;
1707 pin += 4;
1708 }
1709 else if (*pin == 'o')
1710 {
1711 strcpy (pout, "const ");
1712 pout += 6;
1713 pin++;
1714 stringMode = FALSE;
1715 }
1716 else if (*pin == 'q')
1717 {
1718 *pout++ = '(';
1719 pin++;
1720 *ps++ = 'q';
1721 stringMode = FALSE;
1722 }
1723 else if (*pin == 't')
1724 {
1725 //if (*(ps-1) == 't') { *pout++ = ','; pin++; } // this also got me...
1726 //else october 12 .. sang
1727 {
1728 *pout++ = '<';
1729 pin++;
1730 *ps++ = 't';
1731 }
1732 stringMode = FALSE;
1733 }
1734 else if (strncmp (pin, "xq", 2) == 0)
1735 {
1736 *pout++ = '(';
1737 pin += 2;
1738 *ps++ = 'x';
1739 *ps++ = 'q';
1740 stringMode = FALSE;
1741 }
1742 else if (strncmp (pin, "bcall", 5) == 0)
1743 {
1744 strcpy (pout, "operator ()");
1745 pout += 11;
1746 pin += 5;
1747 }
1748 else if (strncmp (pin, "bsubs", 5) == 0)
1749 {
1750 strcpy (pout, "operator []");
1751 pout += 11;
1752 pin += 5;
1753 }
1754 else if (strncmp (pin, "bnwa", 4) == 0)
1755 {
1756 strcpy (pout, "operator new[]");
1757 pout += 14;
1758 pin += 4;
1759 }
1760 else if (strncmp (pin, "bdla", 4) == 0)
1761 {
1762 strcpy (pout, "operator delete[]");
1763 pout += 17;
1764 pin += 4;
1765 }
1766 else if (strncmp (pin, "bnew", 4) == 0)
1767 {
1768 strcpy (pout, "operator new");
1769 pout += 12;
1770 pin += 4;
1771 }
1772 else if (strncmp (pin, "bdele", 5) == 0)
1773 {
1774 strcpy (pout, "operator delete");
1775 pout += 15;
1776 pin += 5;
1777 }
1778 else if (strncmp (pin, "blsh", 4) == 0)
1779 {
1780 strcpy (pout, "operator <<");
1781 pout += 11;
1782 pin += 4;
1783 }
1784 else if (strncmp (pin, "brsh", 4) == 0)
1785 {
1786 strcpy (pout, "operator >>");
1787 pout += 11;
1788 pin += 4;
1789 }
1790 else if (strncmp (pin, "binc", 4) == 0)
1791 {
1792 strcpy (pout, "operator ++");
1793 pout += 11;
1794 pin += 4;
1795 }
1796 else if (strncmp (pin, "bdec", 4) == 0)
1797 {
1798 strcpy (pout, "operator --");
1799 pout += 11;
1800 pin += 4;
1801 }
1802 else if (strncmp (pin, "badd", 4) == 0)
1803 {
1804 strcpy (pout, "operator +");
1805 pout += 10;
1806 pin += 4;
1807 }
1808 else if (strncmp (pin, "brplu", 5) == 0)
1809 {
1810 strcpy (pout, "operator +=");
1811 pout += 11;
1812 pin += 5;
1813 }
1814 else if (strncmp (pin, "bdiv", 4) == 0)
1815 {
1816 strcpy (pout, "operator /");
1817 pout += 10;
1818 pin += 4;
1819 }
1820 else if (strncmp (pin, "brdiv", 5) == 0)
1821 {
1822 strcpy (pout, "operator /=");
1823 pout += 11;
1824 pin += 5;
1825 }
1826 else if (strncmp (pin, "bmul", 4) == 0)
1827 {
1828 strcpy (pout, "operator *");
1829 pout += 10;
1830 pin += 4;
1831 }
1832 else if (strncmp (pin, "brmul", 5) == 0)
1833 {
1834 strcpy (pout, "operator *=");
1835 pout += 11;
1836 pin += 5;
1837 }
1838 else if (strncmp (pin, "basg", 4) == 0)
1839 {
1840 strcpy (pout, "operator =");
1841 pout += 10;
1842 pin += 4;
1843 }
1844 else if (strncmp (pin, "beql", 4) == 0)
1845 {
1846 strcpy (pout, "operator ==");
1847 pout += 11;
1848 pin += 4;
1849 }
1850 else if (strncmp (pin, "bneq", 4) == 0)
1851 {
1852 strcpy (pout, "operator !=");
1853 pout += 11;
1854 pin += 4;
1855 }
1856 else if (strncmp (pin, "bor", 3) == 0)
1857 {
1858 strcpy (pout, "operator |");
1859 pout += 10;
1860 pin += 3;
1861 }
1862 else if (strncmp (pin, "bror", 4) == 0)
1863 {
1864 strcpy (pout, "operator |=");
1865 pout += 11;
1866 pin += 4;
1867 }
1868 else if (strncmp (pin, "bcmp", 4) == 0)
1869 {
1870 strcpy (pout, "operator ~");
1871 pout += 10;
1872 pin += 4;
1873 }
1874 else if (strncmp (pin, "bnot", 4) == 0)
1875 {
1876 strcpy (pout, "operator !");
1877 pout += 10;
1878 pin += 4;
1879 }
1880 else if (strncmp (pin, "band", 4) == 0)
1881 {
1882 strcpy (pout, "operator &");
1883 pout += 10;
1884 pin += 4;
1885 }
1886 else if (strncmp (pin, "brand", 5) == 0)
1887 {
1888 strcpy (pout, "operator &=");
1889 pout += 11;
1890 pin += 5;
1891 }
1892 else if (strncmp (pin, "bxor", 4) == 0)
1893 {
1894 strcpy (pout, "operator ^");
1895 pout += 10;
1896 pin += 4;
1897 }
1898 else if (strncmp (pin, "brxor", 5) == 0)
1899 {
1900 strcpy (pout, "operator ^=");
1901 pout += 11;
1902 pin += 5;
1903 }
1904 else
1905 {
1906 strcpy (pout, "!$$$!");
1907 pout += 5;
1908 }
1909 *ppin = pin;
1910 *ppout = pout;
1911 *pps = ps;
1912 return stringMode;
1913 } // end of '$' processing
1914
1915
1916
1917 //----------------------------------------------------------------------
1918 // structure to store string tokens
1919 //----------------------------------------------------------------------
1920 //typedef struct _Str_P {
1921 // char flag; // string_flag '@' or '%' or '#'
1922 // char *pos; // starting postion of string
1923 // int length; // length of string
1924 // BOOL wasString; // if it were stringMode or not
1925 //} Str_P;
1926 //----------------------------------------------------------------------
1927 //
1928 // I think I knocked it down finally. But who knows?
1929 // october 12, 1997 ... sang
1930 //
1931 // well I have to rewrite whole part of TranslateFunctionName..
1932 // this time I am a little bit more experienced than 5 days ago.
1933 // or am i??? anyway i use stacks instead of recurcive calls
1934 // and i hope this will take care of every symptoms i have experienced..
1935 // october 10, 1997 .... sang
1936 // It took a lot of time for me to figure out what is all about....
1937 // but still some prefixes like z (static)
1938 // -- or some types like b (byte) ,g (long double) ,s (short) --
1939 // -- or postfix like M ( * )
1940 // -- or $or ( & ) which is pretty wierd. .. added.. october 12
1941 // -- also $t business is quite tricky too. (templates)
1942 // there may be a lot of things undiscovered yet....
1943 // I am not so sure my interpretation is correct or not
1944 // If I am wrong please let me know.
1945 // october 8, 1997 .... sang
1946 //
1947 //
1948 // This function is written by sang cho
1949 // October 5, 1997
1950 //
1951 /* translate condesed import function name */
1952 char * WINAPI
TranslateFunctionName(char * psz)1953 TranslateFunctionName (
1954 char *psz)
1955 {
1956
1957
1958 int i, /*j,*/ n;
1959 char c = 0;
1960 char cc;
1961
1962 static char buff[512]; // result of translation
1963
1964 int is = 0;
1965 char pStack[32]; // parameter processing stack
1966
1967 Str_P sStack[32]; // String processing stack
1968
1969 Str_P tok; // String token
1970
1971 Str_P c_str; // current string
1972
1973 int iend = 0;
1974 char *endTab[8]; // end of string position check
1975
1976 char *ps;
1977 char *pin, *pout;
1978 BOOL stringMode = TRUE;
1979
1980 if (*psz != '@')
1981 return psz;
1982 pin = psz;
1983 pout = buff;
1984 ps = pStack;
1985
1986 //................................................................
1987 // serious users may need to run the following code.
1988 // so I may need to include some flag options...
1989 // If you want to know about how translation is done,
1990 // you can just revive following line and you can see it.
1991 // october 6, 1997 ... sang cho
1992 //printf ("\n................................... %s", psz); // for debugging...
1993
1994 //pa = pb = pout;
1995 pin++;
1996 tok.flag = 'A';
1997 tok.pos = pout;
1998 tok.length = 0;
1999 tok.wasString = stringMode;
2000 sStack[is++] = tok; // initialize sStack with dummy marker
2001
2002 while (*pin)
2003 {
2004 while (*pin)
2005 {
2006 c = *pin;
2007
2008 //---------------------------------------------
2009 // check for the end of number specified string
2010 //---------------------------------------------
2011
2012 if (iend > 0)
2013 {
2014 for (i = 0; i < iend; i++)
2015 if (pin == endTab[i])
2016 break;
2017 if (i < iend)
2018 {
2019 // move the end of endTab to ith position
2020 endTab[i] = endTab[iend - 1];
2021 iend--;
2022
2023 // get top of the string stack
2024 tok = sStack[is - 1];
2025
2026 // I am expecting '#' token from stack
2027 if (tok.flag != '#')
2028
2029 {
2030 printf ("\n**some serious error1** %c is = %d char = %c",
2031 tok.flag, is, *pin);
2032 exit (0);
2033 }
2034
2035 // pop '#' token I am happy now.
2036 else
2037 { //if (c)
2038 //printf("\n pop # token ... current char = %c", c);
2039 //else printf("\n pop percent token..next char = NULL");
2040
2041 is--;
2042 }
2043
2044 stringMode = tok.wasString;
2045
2046 if (!stringMode)
2047 {
2048 // need to process postfix finally
2049 cc = *(ps - 1);
2050 if (strchr ("qtx", cc))
2051 {
2052 if (!strchr ("@$%", c))
2053 *pout++ = ',';
2054 }
2055 else
2056 {
2057 switch (cc)
2058 {
2059 case 'r':
2060 strcpy (pout, "*&");
2061 pout += 2;
2062 ps--;
2063 break;
2064 case 'p':
2065 strcpy (pout, "**");
2066 pout += 2;
2067 ps--;
2068 break;
2069 case '&':
2070 strcpy (pout, "&");
2071 pout += 1;
2072 ps--;
2073 break;
2074 case '*':
2075 strcpy (pout, "*");
2076 pout += 1;
2077 ps--;
2078 break;
2079 default:
2080 strcpy (pout, "!3!");
2081 pout += 3;
2082 ps--;
2083 break;
2084 }
2085 if (!strchr ("@$%", c))
2086 *pout++ = ',';
2087 }
2088 }
2089 // string mode restored...
2090 else;
2091 }
2092 else; // do nothing..
2093
2094 }
2095
2096 //------------------------------------------------
2097 // special control symbol processing:
2098 //------------------------------------------------
2099
2100 if (strchr ("@$%", c))
2101 break;
2102
2103 //---------------------------------------------------------------
2104 // string part processing : no '$' met yet
2105 // or inside of '%' block
2106 // or inside of '#' block (numbered string)
2107 //---------------------------------------------------------------
2108
2109 else if (stringMode)
2110 *pout++ = *pin++;
2111 //else if (is > 1) *pout++ = *pin++;
2112
2113 //------------------------------------------------
2114 // parameter part processing: '$' met
2115 //------------------------------------------------
2116
2117 else // parameter processing
2118
2119 {
2120 if (!isdigit (c))
2121 TranslateParameters (&pin, &pout, &ps);
2122 else // number specified string processing
2123
2124 {
2125 n = GetStringLength (pin);
2126 if (n < 10)
2127 pin++;
2128 else
2129 pin += 2;
2130
2131 // push '#' token
2132 //if (*pin)
2133 //printf("\n push # token .. char = %c", *pin);
2134 //else printf("\n push percent token..next char = NULL");
2135 tok.flag = '#';
2136 tok.pos = pout;
2137 tok.length = 0;
2138 tok.wasString = stringMode;
2139 sStack[is++] = tok;
2140
2141 // mark end of input string
2142 endTab[iend++] = pin + n;
2143 stringMode = TRUE;
2144 }
2145 }
2146 } // end of inner while loop
2147 //
2148 // beginning of new string or end of string ( quotation mark )
2149 //
2150
2151 if (c == '%')
2152 {
2153 pin++; // anyway we have to proceed...
2154
2155 tok = sStack[is - 1]; // get top of the sStack
2156
2157 if (tok.flag == '%')
2158 {
2159 // pop '%' token and set c_str
2160 //if (*pin)
2161 //printf("\n pop percent token..next char = %c", *pin);
2162 //else printf("\n pop percent token..next char = NULL");
2163 is--;
2164 c_str = tok;
2165 c_str.length = pout - c_str.pos;
2166 if (*(ps - 1) == 't')
2167 {
2168 *pout++ = '>';
2169 ps--;
2170 stringMode = tok.wasString;
2171 }
2172 else
2173 {
2174 printf ("\n**some string error3** stack = %c", *(ps - 1));
2175 exit (0);
2176 }
2177 }
2178 else if (tok.flag == 'A' || tok.flag == '#')
2179 {
2180 // push '%' token
2181 //if (*pin)
2182 //printf("\n push percent token..next char = %c", *pin);
2183 //else printf("\n push percent token..next char = NULL");
2184 tok.flag = '%';
2185 tok.pos = pout;
2186 tok.length = 0;
2187 tok.wasString = stringMode;
2188 sStack[is++] = tok;
2189 }
2190 else
2191 {
2192 printf ("\n**some string error5**");
2193 exit (0);
2194 }
2195 }
2196 //
2197 // sometimes we need string to use as constructor name or destructor name
2198 //
2199 else if (c == '@') // get string from previous marker upto here.
2200
2201 {
2202 pin++;
2203 tok = sStack[is - 1];
2204 c_str.flag = 'S';
2205 c_str.pos = tok.pos;
2206 c_str.length = pout - tok.pos;
2207 c_str.wasString = stringMode;
2208 *pout++ = ':';
2209 *pout++ = ':';
2210 }
2211 //
2212 // we need to take care of parameter control sequence
2213 //
2214 else if (c == '$') // need to precess template or parameter part
2215
2216 {
2217 pin++;
2218 if (stringMode)
2219 stringMode = StringExpands (&pin, &pout, &ps, &c_str);
2220 else
2221 { // template parameter mode I guess "$t"
2222
2223 if (is > 1)
2224 {
2225 if (*pin == 't')
2226 pin++;
2227 else
2228 {
2229 printf ("\nMYGOODNESS1 %c", *pin);
2230 exit (0);
2231 }
2232 //ps--;
2233 //if (*ps == 't') *pout++ = '>';
2234 //else { printf("\nMYGOODNESS2"); exit(0);}
2235 *pout++ = ','; //pin++; ..this almost blowed me....
2236
2237 }
2238 // real parameter mode I guess
2239 // unexpected case is found ... humm what can I do...
2240 else
2241 {
2242 // this is newly found twist.. it really hurts.
2243 if (ps <= pStack)
2244 {
2245 if (*pin == 'q')
2246 {
2247 *ps++ = 'q';
2248 *pout++ = '(';
2249 pin++;
2250 }
2251 else
2252 {
2253 printf ("\n** I GIVEUP ***");
2254 exit (0);
2255 }
2256 continue;
2257 }
2258 ps--;
2259 while (*ps != 'q')
2260 {
2261 if (*ps == '*')
2262 *pout++ = '*';
2263 else if (*ps == '&')
2264 *pout++ = '&';
2265 else if (*ps == 'p')
2266 {
2267 *pout++ = '*';
2268 *pout++ = '*';
2269 }
2270 else if (*ps == 'r')
2271 {
2272 *pout++ = '*';
2273 *pout++ = '&';
2274 }
2275 else
2276 {
2277 printf ("\n*** SOMETHING IS WRONG1*** char= %c", *pin);
2278 exit (0);
2279 }
2280 ps--;
2281 }
2282 *pout++ = ')';
2283 ps--;
2284 while (*ps != 'q')
2285 {
2286 if (*ps == '*')
2287 *pout++ = '*';
2288 else if (*ps == '&')
2289 *pout++ = '&';
2290 else if (*ps == 'p')
2291 {
2292 *pout++ = '*';
2293 *pout++ = '*';
2294 }
2295 else if (*ps == 'r')
2296 {
2297 *pout++ = '*';
2298 *pout++ = '&';
2299 }
2300 else
2301 {
2302 printf ("\n*** SOMETHING IS WRONG2***");
2303 exit (0);
2304 }
2305 ps--;
2306 }
2307 ps++;
2308 *pout++ = ',';
2309 }
2310 }
2311 } // end of '$' processing
2312
2313 } // end of outer while loop
2314 //
2315 // need to process remaining parameter stack
2316 //
2317
2318 while (ps > pStack)
2319 {
2320 ps--;
2321 switch (*ps)
2322 {
2323 case 't':
2324 *pout++ = '>';
2325 break;
2326 case 'q':
2327 *pout++ = ')';
2328 break;
2329 case 'x':
2330 strcpy (pout, " const");
2331 pout += 6;
2332 break;
2333 case 'r':
2334 strcpy (pout, "*&");
2335 pout += 2;
2336 break;
2337 case 'p':
2338 strcpy (pout, "**");
2339 pout += 2;
2340 break;
2341 case '&':
2342 *pout++ = '&';
2343 break;
2344 case '*':
2345 *pout++ = '*';
2346 break;
2347 default:
2348 strcpy (pout, "!4!");
2349 pout += 3;
2350 *pout++ = *ps;
2351 }
2352 }
2353 *pout = 0;
2354 return buff;
2355 }
2356
2357
2358
2359 //
2360 // This function is written by sang cho
2361 //
2362 //
2363 /* get exported function names separated by null terminators, return count of functions */
2364 int WINAPI
GetExportFunctionNames(LPVOID lpFile,char ** pszFunctions)2365 GetExportFunctionNames (
2366 LPVOID lpFile,
2367 char **pszFunctions)
2368 {
2369 //PIMAGE_SECTION_HEADER psh;
2370 PIMAGE_EXPORT_DIRECTORY ped;
2371 //DWORD dwBase;
2372 DWORD imageBase; //===========================
2373
2374 char *pfns[8192] =
2375 {NULL,}; // maximum number of functions
2376 //=============================
2377
2378 char buff[256]; // enough for any string ??
2379
2380 char *psz = NULL; //===============================
2381
2382 DWORD *pdwAddress;
2383 DWORD *pdw1;
2384 DWORD *pdwNames;
2385 WORD *pwOrd;
2386 int i, nCnt = 0, ntmp = 0;
2387 int enid = 0, ordBase = 1; // usally ordBase is 1....
2388
2389 int enames = 0;
2390
2391 /* get section header and pointer to data directory for .edata section */
2392 ped = (PIMAGE_EXPORT_DIRECTORY)
2393 ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
2394
2395 if (ped == NULL)
2396 return 0;
2397
2398 //
2399 // sometimes there may be no section for idata or edata
2400 // instead rdata or data section may contain these sections ..
2401 // or even module names or function names are in different section.
2402 // so that's why we need to get actual address each time.
2403 // ...................sang cho..................
2404 //
2405 //psh = (PIMAGE_SECTION_HEADER)
2406 //ImageDirectorySection(lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
2407
2408 //if (psh == NULL) return 0;
2409
2410 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2411
2412
2413 /* determine the offset of the export function names */
2414
2415 pdwAddress = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfFunctions);
2416
2417 imageBase = (DWORD) GetImageBase (lpFile);
2418
2419 ordBase = ped->Base;
2420
2421 if (ped->NumberOfNames > 0)
2422 {
2423 pdwNames = (DWORD *)
2424 GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2425 pwOrd = (WORD *)
2426 GetActualAddress (lpFile, (DWORD) ped->AddressOfNameOrdinals);
2427 pdw1 = pdwAddress;
2428
2429 /* figure out how much memory to allocate for all strings */
2430 for (i = 0; i < (int) ped->NumberOfNames; i++)
2431 {
2432 nCnt += strlen ((char *)
2433 GetActualAddress (lpFile, *(DWORD *) pdwNames)) + 1 + 6;
2434 pdwNames++;
2435 }
2436 // get the number of unnamed functions
2437 for (i = 0; i < (int) ped->NumberOfFunctions; i++)
2438 if (*pdw1++)
2439 ntmp++;
2440 // add memory required to show unnamed functions.
2441 if (ntmp > (int) ped->NumberOfNames)
2442 nCnt += 18 * (ntmp - (int) ped->NumberOfNames);
2443
2444 /* allocate memory for function names */
2445
2446 *pszFunctions = (char *) calloc (nCnt, 1);
2447 pdwNames = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2448
2449 /* copy string pointer to buffer */
2450
2451 for (i = 0; i < (int) ped->NumberOfNames; i++)
2452 {
2453 pfns[(int) (*pwOrd) + ordBase] =
2454 (char *) GetActualAddress (lpFile, *(DWORD *) pdwNames);
2455 pdwNames++;
2456 pwOrd++;
2457 }
2458
2459 psz = *pszFunctions;
2460 }
2461
2462 for (i = ordBase; i < (int) ped->NumberOfFunctions + ordBase; i++)
2463 {
2464 if (*pdwAddress > 0)
2465 {
2466 *(DWORD *) psz = imageBase + *pdwAddress;
2467 psz += 4;
2468 *(WORD *) psz = (WORD) (i);
2469 psz += 2;
2470 if (pfns[i])
2471 {
2472 strcpy (psz, pfns[i]);
2473 psz += strlen (psz) + 1;
2474 }
2475 else
2476 {
2477 sprintf (buff, "ExpFn%04d()", enid++);
2478 strcpy (psz, buff);
2479 psz += 12;
2480 }
2481 enames++;
2482 }
2483 pdwAddress++;
2484 }
2485
2486 return enames;
2487
2488 }
2489
2490
2491 /* determine the total number of resources in the section */
2492 int WINAPI
GetNumberOfResources(LPVOID lpFile)2493 GetNumberOfResources (
2494 LPVOID lpFile)
2495 {
2496 PIMAGE_RESOURCE_DIRECTORY prdRoot, prdType;
2497 PIMAGE_RESOURCE_DIRECTORY_ENTRY prde;
2498 int nCnt = 0, i;
2499
2500
2501 /* get root directory of resource tree */
2502 if ((prdRoot = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2503 (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2504 return 0;
2505
2506 /* set pointer to first resource type entry */
2507 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2508
2509 /* loop through all resource directory entry types */
2510 for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2511 {
2512 /* locate directory or each resource type */
2513 prdType = (PIMAGE_RESOURCE_DIRECTORY) ((int) prdRoot + (int) prde->OffsetToData);
2514
2515 /* mask off most significant bit of the data offset */
2516 prdType = (PIMAGE_RESOURCE_DIRECTORY) ((DWORD) prdType ^ 0x80000000);
2517
2518 /* increment count of name'd and ID'd resources in directory */
2519 nCnt += prdType->NumberOfNamedEntries + prdType->NumberOfIdEntries;
2520
2521 /* increment to next entry */
2522 prde++;
2523 }
2524
2525 return nCnt;
2526 }
2527
2528
2529
2530 //
2531 // This function is rewritten by sang cho
2532 //
2533 //
2534 /* name each type of resource in the section */
2535 int WINAPI
GetListOfResourceTypes(LPVOID lpFile,char ** pszResTypes)2536 GetListOfResourceTypes (
2537 LPVOID lpFile,
2538 char **pszResTypes)
2539 {
2540 PIMAGE_RESOURCE_DIRECTORY prdRoot;
2541 PIMAGE_RESOURCE_DIRECTORY_ENTRY prde;
2542 char *pMem;
2543 char buff[32];
2544 int nCnt, i;
2545 DWORD prdeName;
2546
2547
2548 /* get root directory of resource tree */
2549 if ((prdRoot = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2550 (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2551 return 0;
2552
2553 /* allocate enuff space to cover all types */
2554 nCnt = prdRoot->NumberOfIdEntries * (MAXRESOURCENAME + 1);
2555 *pszResTypes = (char *) calloc (nCnt, 1);
2556 if ((pMem = *pszResTypes) == NULL)
2557 return 0;
2558
2559 /* set pointer to first resource type entry */
2560 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2561
2562 /* loop through all resource directory entry types */
2563 for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2564 {
2565 prdeName = prde->Name;
2566
2567 //if (LoadString (hDll, prde->Name, pMem, MAXRESOURCENAME))
2568 // pMem += strlen (pMem) + 1;
2569 //
2570 // modified by ...................................Sang Cho..
2571 // I can't user M/S provied funcitons here so I have to figure out
2572 // how to do above functions. But I can settle down with the following
2573 // code, which works pretty good for me.
2574 //
2575 if (prdeName == 1)
2576 {
2577 strcpy (pMem, "RT_CURSOR");
2578 pMem += 10;
2579 }
2580 else if (prdeName == 2)
2581 {
2582 strcpy (pMem, "RT_BITMAP");
2583 pMem += 10;
2584 }
2585 else if (prdeName == 3)
2586 {
2587 strcpy (pMem, "RT_ICON ");
2588 pMem += 10;
2589 }
2590 else if (prdeName == 4)
2591 {
2592 strcpy (pMem, "RT_MENU ");
2593 pMem += 10;
2594 }
2595 else if (prdeName == 5)
2596 {
2597 strcpy (pMem, "RT_DIALOG");
2598 pMem += 10;
2599 }
2600 else if (prdeName == 6)
2601 {
2602 strcpy (pMem, "RT_STRING");
2603 pMem += 10;
2604 }
2605 else if (prdeName == 7)
2606 {
2607 strcpy (pMem, "RT_FONTDIR");
2608 pMem += 11;
2609 }
2610 else if (prdeName == 8)
2611 {
2612 strcpy (pMem, "RT_FONT ");
2613 pMem += 10;
2614 }
2615 else if (prdeName == 9)
2616 {
2617 strcpy (pMem, "RT_ACCELERATORS");
2618 pMem += 16;
2619 }
2620 else if (prdeName == 10)
2621 {
2622 strcpy (pMem, "RT_RCDATA");
2623 pMem += 10;
2624 }
2625 else if (prdeName == 11)
2626 {
2627 strcpy (pMem, "RT_MESSAGETABLE");
2628 pMem += 16;
2629 }
2630 else if (prdeName == 12)
2631 {
2632 strcpy (pMem, "RT_GROUP_CURSOR");
2633 pMem += 16;
2634 }
2635 else if (prdeName == 14)
2636 {
2637 strcpy (pMem, "RT_GROUP_ICON ");
2638 pMem += 16;
2639 }
2640 else if (prdeName == 16)
2641 {
2642 strcpy (pMem, "RT_VERSION");
2643 pMem += 11;
2644 }
2645 else if (prdeName == 17)
2646 {
2647 strcpy (pMem, "RT_DLGINCLUDE ");
2648 pMem += 16;
2649 }
2650 else if (prdeName == 19)
2651 {
2652 strcpy (pMem, "RT_PLUGPLAY ");
2653 pMem += 16;
2654 }
2655 else if (prdeName == 20)
2656 {
2657 strcpy (pMem, "RT_VXD ");
2658 pMem += 10;
2659 }
2660 else if (prdeName == 21)
2661 {
2662 strcpy (pMem, "RT_ANICURSOR ");
2663 pMem += 16;
2664 }
2665 else if (prdeName == 22)
2666 {
2667 strcpy (pMem, "RT_ANIICON");
2668 pMem += 11;
2669 }
2670 else if (prdeName == 0x2002)
2671 {
2672 strcpy (pMem, "RT_NEWBITMAP");
2673 pMem += 13;
2674 }
2675 else if (prdeName == 0x2004)
2676 {
2677 strcpy (pMem, "RT_NEWMENU");
2678 pMem += 11;
2679 }
2680 else if (prdeName == 0x2005)
2681 {
2682 strcpy (pMem, "RT_NEWDIALOG");
2683 pMem += 13;
2684 }
2685 else if (prdeName == 0x7fff)
2686 {
2687 strcpy (pMem, "RT_ERROR ");
2688 pMem += 10;
2689 }
2690 else
2691 {
2692 sprintf (buff, "RT_UNKNOWN:%08lX", prdeName);
2693 strcpy (pMem, buff);
2694 pMem += 20;
2695 }
2696 prde++;
2697 }
2698
2699 return prdRoot->NumberOfIdEntries;
2700 }
2701
2702
2703
2704 //
2705 // This function is written by sang cho
2706 // October 12, 1997
2707 //
2708 /* copy menu information */
2709 void WINAPI
StrangeMenuFill(char ** psz,WORD ** pMenu,int size)2710 StrangeMenuFill (
2711 char **psz, // results
2712 WORD ** pMenu, // read-only
2713 int size)
2714 {
2715 WORD *pwd;
2716 WORD *ptr, *pmax;
2717
2718 pwd = *pMenu;
2719 pmax = (WORD *) ((DWORD) pwd + size);
2720 ptr = (WORD *) (*psz);
2721
2722 while (pwd < pmax)
2723 {
2724 *ptr++ = *pwd++;
2725 }
2726 *psz = (char *) ptr;
2727 *pMenu = pwd;
2728 }
2729
2730
2731
2732 //
2733 // This function is written by sang cho
2734 // October 1, 1997
2735 //
2736 /* obtain menu information */
2737 int WINAPI
MenuScan(int * len,WORD ** pMenu)2738 MenuScan (
2739 int *len,
2740 WORD ** pMenu)
2741 {
2742 //int num = 0;
2743 //int ndetails;
2744 WORD *pwd;
2745 WORD flag, flag1;
2746 WORD id, ispopup;
2747
2748
2749 pwd = *pMenu;
2750
2751 flag = *pwd; // so difficult to correctly code this so let's try this
2752
2753 pwd++;
2754 (*len) += 2; // flag store
2755
2756 if ((flag & 0x0010) == 0)
2757 {
2758 ispopup = flag;
2759 id = *pwd;
2760 pwd++;
2761 (*len) += 2; // id store
2762
2763 }
2764 else
2765 {
2766 ispopup = flag;
2767 }
2768
2769 while (*pwd)
2770 {
2771 (*len)++;
2772 pwd++;
2773 }
2774 (*len)++; // name and null character
2775
2776 pwd++; // skip double null
2777
2778 if ((flag & 0x0010) == 0) // normal node: done
2779
2780 {
2781 *pMenu = pwd;
2782 return (int) flag;
2783 }
2784 // popup node: need to go on...
2785 while (1)
2786 {
2787 *pMenu = pwd;
2788 flag1 = (WORD) MenuScan (len, pMenu);
2789 pwd = *pMenu;
2790 if (flag1 & 0x0080)
2791 break;
2792 }
2793 // fill # of details to num above
2794 //(*len) += 2;
2795 *pMenu = pwd;
2796 return flag;
2797 }
2798
2799
2800 //
2801 // This function is written by sang cho
2802 // October 2, 1997
2803 //
2804 /* copy menu information */
2805 int WINAPI
MenuFill(char ** psz,WORD ** pMenu)2806 MenuFill (
2807 char **psz,
2808 WORD ** pMenu)
2809 {
2810 //int num = 0;
2811 //int ndetails;
2812 char *ptr/*, *pTemp*/;
2813 WORD *pwd;
2814 WORD flag, flag1;
2815 WORD id/*, ispopup*/;
2816
2817 ptr = *psz;
2818 pwd = *pMenu;
2819 //flag = (*(PIMAGE_POPUP_MENU_ITEM *)pwd)->fItemFlags;
2820 flag = *pwd; // so difficult to correctly code this so let's try this
2821
2822 pwd++;
2823 if ((flag & 0x0010) == 0)
2824 {
2825 *(WORD *) ptr = flag; // flag store
2826
2827 ptr += 2;
2828 *(WORD *) ptr = id = *pwd; // id store
2829
2830 ptr += 2;
2831 pwd++;
2832 }
2833 else
2834 {
2835 *(WORD *) ptr = flag; // flag store
2836
2837 ptr += 2;
2838 }
2839
2840 while (*pwd) // name extract
2841
2842 {
2843 *ptr = *(char *) pwd;
2844 ptr++;
2845 pwd++;
2846 } //name and null character
2847
2848 *ptr = 0;
2849 ptr++;
2850 pwd++; // skip double null
2851
2852 if ((flag & 0x0010) == 0) // normal node: done
2853
2854 {
2855 *pMenu = pwd;
2856 *psz = ptr;
2857 return (int) flag;
2858 }
2859 //pTemp = ptr;
2860 //ptr += 2;
2861 // popup node: need to go on...
2862 while (1)
2863 {
2864 //num++;
2865 *pMenu = pwd;
2866 *psz = ptr;
2867 flag1 = (WORD) MenuFill (psz, pMenu);
2868 pwd = *pMenu;
2869 ptr = *psz;
2870 if (flag1 & 0x0080)
2871 break;
2872 }
2873 // fill # of details to num above
2874 //*(WORD *)pTemp = (WORD)num;
2875 *pMenu = pwd;
2876 *psz = ptr;
2877 return flag;
2878 }
2879
2880
2881 //
2882 //==============================================================================
2883 // The following program is based on preorder-tree-traversal.
2884 // once you understand how to traverse.....
2885 // the rest is pretty straight forward.
2886 // still we need to scan it first and fill it next time.
2887 // and finally we can print it.
2888 //
2889 // This function is written by sang cho
2890 // September 29, 1997
2891 // revised october 2, 1997
2892 // revised october 12, 1997
2893 // ..............................................................................
2894 // ------------------------------------------------------------------------------
2895 // I use same structure - which is used in P.E. programs - for my reporting.
2896 // So, my structure is as follows:
2897 // # of menu name is stored else where ( in directory I suppose )
2898 // supermenuname null terminated string, only ascii is considered.
2899 // flag tells : node is a leaf or a internal node.
2900 // popupname null terminated string
2901 //
2902 // flag normal menu flag (leaf node)
2903 // id normal menu id
2904 // name normal menu name
2905 // or or
2906 // flag popup menu flag (internal node)
2907 // popupname popup menu name
2908 //
2909 // flag it may folows
2910 // id normal menu id
2911 // name normal menu name
2912 // or or
2913 // flag popup menu
2914 // popupname popup menu name
2915 // .........
2916 // it goes on like this,
2917 // but usually, it only goes a few steps,...
2918 // ------------------------------------------------------------------------------
2919 /* scan menu and copy menu */
2920 int WINAPI
GetContentsOfMenu(LPVOID lpFile,char ** pszResTypes)2921 GetContentsOfMenu (
2922 LPVOID lpFile,
2923 char **pszResTypes)
2924 {
2925 PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
2926 PIMAGE_RESOURCE_DIRECTORY_ENTRY prde, prde1;
2927 PIMAGE_RESOURCE_DIR_STRING_U pMenuName;
2928 PIMAGE_RESOURCE_DATA_ENTRY prData;
2929 //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
2930 //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE);
2931 PIMAGE_MENU_HEADER pMenuHeader;
2932 //PIMAGE_POPUP_MENU_ITEM pPopup;
2933 WORD* pPopup;
2934 //PIMAGE_NORMAL_MENU_ITEM pNormal;
2935 char buff[32];
2936 int /*nCnt = 0,*/ i, j;
2937 //int num = 0;
2938 int size;
2939 int sLength, nMenus;
2940 WORD flag;
2941 WORD *pwd;
2942 //DWORD prdeName;
2943 //DWORD dwBase; obsolete
2944 char *pMem/*, *pTemp*/;
2945 //BOOL isStrange = FALSE;
2946
2947
2948 /* get root directory of resource tree */
2949 if ((prdType = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2950 (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2951 return 0;
2952
2953 /* set pointer to first resource type entry */
2954 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
2955 ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
2956
2957 for (i = 0; i < prdType->NumberOfIdEntries; i++)
2958 {
2959 if (prde->Name == RT_MENU)
2960 break;
2961 prde++;
2962 }
2963 if (prde->Name != RT_MENU)
2964 return 0;
2965
2966 prdName = (PIMAGE_RESOURCE_DIRECTORY)
2967 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2968 if (prdName == NULL)
2969 return 0;
2970
2971 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
2972 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
2973
2974 // sometimes previous code tells you lots of things hidden underneath
2975 // I wish I could save all the revisions I made ... but again .... sigh.
2976 // october 12, 1997 sang
2977 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2978
2979 nMenus = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
2980 sLength = 0;
2981
2982 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
2983 {
2984 pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
2985 ((DWORD) prdType + (prde->Name ^ 0x80000000));
2986 sLength += pMenuName->Length + 1;
2987
2988 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
2989 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2990 if (prdLanguage == NULL)
2991 continue;
2992
2993 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
2994 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
2995
2996 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
2997 ((DWORD) prdType + prde1->OffsetToData);
2998 if (prData == NULL)
2999 continue;
3000
3001 pMenuHeader = (PIMAGE_MENU_HEADER)
3002 GetActualAddress (lpFile, prData->OffsetToData);
3003
3004 //
3005 // normally wVersion and cbHeaderSize should be zero
3006 // but if it is not then nothing is known to us...
3007 // so let's do our best ... namely guessing .... and trying ....
3008 // ... and suffering ...
3009 // it gave me many sleepless (not exactly but I like to say this) nights.
3010 //
3011
3012 // strange case
3013 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3014 {
3015 //isStrange = TRUE;
3016 pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3017 size = prData->Size;
3018 // expect to return the length needed to report.
3019 // sixteen more bytes to do something
3020 sLength += 16 + size;
3021 //StrangeMenuScan (&sLength, &pwd, size);
3022 }
3023 // normal case
3024 else
3025 {
3026 pPopup = (WORD*)
3027 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3028 while (1)
3029 {
3030 flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3031 if (flag & 0x0080)
3032 break;
3033 }
3034 }
3035 prde++;
3036 }
3037 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3038 {
3039 sLength += 12;
3040
3041 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3042 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3043 if (prdLanguage == NULL)
3044 continue;
3045
3046 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3047 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3048
3049 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3050 ((DWORD) prdType + prde1->OffsetToData);
3051 if (prData == NULL)
3052 continue;
3053
3054 pMenuHeader = (PIMAGE_MENU_HEADER)
3055 GetActualAddress (lpFile, prData->OffsetToData);
3056 // strange case
3057 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3058 {
3059 pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3060 size = prData->Size;
3061 // expect to return the length needed to report.
3062 // sixteen more bytes to do something
3063 sLength += 16 + size;
3064 //StrangeMenuScan (&sLength, &pwd, size);
3065 }
3066 // normal case
3067 else
3068 {
3069 pPopup = (WORD*)
3070 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3071 while (1)
3072 {
3073 flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3074 if (flag & 0x0080)
3075 break;
3076 }
3077 }
3078 prde++;
3079 }
3080 //
3081 // allocate memory for menu names
3082 //
3083 *pszResTypes = (char *) calloc (sLength, 1);
3084
3085 pMem = *pszResTypes;
3086 //
3087 // and start all over again
3088 //
3089 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3090 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3091
3092 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3093 {
3094 pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
3095 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3096
3097
3098 for (j = 0; j < pMenuName->Length; j++)
3099 *pMem++ = (char) (pMenuName->NameString[j]);
3100 *pMem = 0;
3101 pMem++;
3102
3103
3104 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3105 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3106 if (prdLanguage == NULL)
3107 continue;
3108
3109 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3110 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3111
3112 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3113 ((DWORD) prdType + prde1->OffsetToData);
3114 if (prData == NULL)
3115 continue;
3116
3117 pMenuHeader = (PIMAGE_MENU_HEADER)
3118 GetActualAddress (lpFile, prData->OffsetToData);
3119 // strange case
3120 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3121 {
3122 pwd = (WORD *) ((DWORD) pMenuHeader);
3123 size = prData->Size;
3124 strcpy (pMem, ":::::::::::");
3125 pMem += 12;
3126 *(int *) pMem = size;
3127 pMem += 4;
3128 StrangeMenuFill (&pMem, &pwd, size);
3129 }
3130 // normal case
3131 else
3132 {
3133 pPopup = (WORD*)
3134 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3135 while (1)
3136 {
3137 flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3138 if (flag & 0x0080)
3139 break;
3140 }
3141 }
3142 prde++;
3143 }
3144 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3145 {
3146
3147 sprintf (buff, "MenuId_%04lX", (prde->Name));
3148 strcpy (pMem, buff);
3149 pMem += strlen (buff) + 1;
3150
3151 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3152 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3153 if (prdLanguage == NULL)
3154 continue;
3155
3156 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3157 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3158
3159 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3160 ((DWORD) prdType + prde1->OffsetToData);
3161 if (prData == NULL)
3162 continue;
3163
3164 pMenuHeader = (PIMAGE_MENU_HEADER)
3165 GetActualAddress (lpFile, prData->OffsetToData);
3166 // strange case
3167 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3168 {
3169 pwd = (WORD *) ((DWORD) pMenuHeader);
3170 size = prData->Size;
3171 strcpy (pMem, ":::::::::::");
3172 pMem += 12;
3173 *(int *) pMem = size;
3174 pMem += 4;
3175 StrangeMenuFill (&pMem, &pwd, size);
3176 }
3177 // normal case
3178 else
3179 {
3180 pPopup = (WORD*)
3181 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3182 while (1)
3183 {
3184 flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3185 if (flag & 0x0080)
3186 break;
3187 }
3188 }
3189 prde++;
3190 }
3191
3192 return nMenus;
3193 }
3194
3195
3196 //
3197 // This function is written by sang cho
3198 // October 12, 1997
3199 //
3200 /* print contents of menu */
3201 int WINAPI
PrintStrangeMenu(char ** psz)3202 PrintStrangeMenu (
3203 char **psz)
3204 {
3205
3206 //int i, j, k, l;
3207 int num;
3208 //WORD flag1, flag2;
3209 //char buff[128];
3210 char *ptr, *pmax;
3211
3212 //return dumpMenu (psz, size);
3213
3214 ptr = *psz;
3215
3216 if (strncmp (ptr, ":::::::::::", 11) != 0)
3217 {
3218 printf ("\n#### I don't know why!!!");
3219 dumpMenu (psz, 1024);
3220 exit (0);
3221 }
3222
3223 ptr += 12;
3224 num = *(int *) ptr;
3225 ptr += 4;
3226 pmax = ptr + num;
3227
3228 *psz = ptr;
3229 return dumpMenu (psz, num);
3230
3231 // I will write some code later...
3232
3233 }
3234
3235
3236
3237
3238 //
3239 // This function is written by sang cho
3240 // October 2, 1997
3241 //
3242 /* print contents of menu */
3243 int WINAPI
PrintMenu(int indent,char ** psz)3244 PrintMenu (
3245 int indent,
3246 char **psz)
3247 {
3248
3249 int /*i, */ j, k, l;
3250 WORD id /*, num */ ;
3251 WORD flag;
3252 char buff[128];
3253 char *ptr;
3254
3255
3256 ptr = *psz;
3257 //num = *(WORD *)ptr;
3258 //ptr += 2;
3259 while (1)
3260 {
3261 flag = *(WORD *) ptr;
3262 if (flag & 0x0010) // flag == popup
3263
3264 {
3265 printf ("\n\n");
3266 for (j = 0; j < indent; j++)
3267 printf (" ");
3268 ptr += 2;
3269 printf ("%s {Popup}\n", ptr);
3270 ptr += strlen (ptr) + 1;
3271 *psz = ptr;
3272 PrintMenu (indent + 5, psz);
3273 ptr = *psz;
3274 }
3275 else // ispopup == 0
3276
3277 {
3278 printf ("\n");
3279 for (j = 0; j < indent; j++)
3280 printf (" ");
3281 ptr += 2;
3282 id = *(WORD *) ptr;
3283 ptr += 2;
3284 strcpy (buff, ptr);
3285 l = strlen (ptr);
3286 ptr += l + 1;
3287 if (strchr (buff, 0x09) != NULL)
3288 {
3289 for (k = 0; k < l; k++)
3290 if (buff[k] == 0x09)
3291 break;
3292 for (j = 0; j < l - k; j++)
3293 buff[31 - j] = buff[l - j];
3294 for (j = k; j < 32 + k - l; j++)
3295 buff[j] = 32;
3296 }
3297 if (strchr (buff, 0x08) != NULL)
3298 {
3299 for (k = 0; k < l; k++)
3300 if (buff[k] == 0x08)
3301 break;
3302 for (j = 0; j < l - k; j++)
3303 buff[31 - j] = buff[l - j];
3304 for (j = k; j < 32 + k - l; j++)
3305 buff[j] = 32;
3306 }
3307 printf ("%s", buff);
3308 l = strlen (buff);
3309 for (j = l; j < 32; j++)
3310 printf (" ");
3311 printf ("[ID=%04Xh]", id);
3312 *psz = ptr;
3313 }
3314 if (flag & 0x0080)
3315 break;
3316 }
3317 return 0;
3318 }
3319
3320
3321 //
3322 // This function is written by sang cho
3323 // October 2, 1997
3324 //
3325 /* the format of menu is not known so I'll do my best */
3326 int WINAPI
dumpMenu(char ** psz,int size)3327 dumpMenu (
3328 char **psz,
3329 int size)
3330 {
3331
3332 int i, j, k, n, l, c;
3333 char buff[32];
3334 char *ptr, *pmax;
3335
3336 ptr = *psz;
3337 pmax = ptr + size;
3338 for (i = 0; i < (size / 16) + 1; i++)
3339 {
3340 n = 0;
3341 for (j = 0; j < 16; j++)
3342 {
3343 c = (int) (*ptr);
3344 if (c < 0)
3345 c += 256;
3346 buff[j] = c;
3347 printf ("%02X", c);
3348 ptr++;
3349 if (ptr >= pmax)
3350 break;
3351 n++;
3352 if (n % 4 == 0)
3353 printf (" ");
3354 }
3355 n++;
3356 if (n % 4 == 0)
3357 printf (" ");
3358 l = j;
3359 j++;
3360 for (; j < 16; j++)
3361 {
3362 n++;
3363 if (n % 4 == 0)
3364 printf (" ");
3365 else
3366 printf (" ");
3367 }
3368 printf (" ");
3369 for (k = 0; k < l; k++)
3370 if (isprint (c = buff[k]))
3371 printf ("%c", c);
3372 else
3373 printf (".");
3374 printf ("\n");
3375 if (ptr >= pmax)
3376 break;
3377 }
3378
3379 *psz = ptr;
3380 return 0;
3381 }
3382
3383
3384
3385
3386 //
3387 // This function is written by sang cho
3388 // October 13, 1997
3389 //
3390 /* scan dialog box and copy dialog box */
3391 int WINAPI
GetContentsOfDialog(LPVOID lpFile,char ** pszResTypes)3392 GetContentsOfDialog (
3393 LPVOID lpFile,
3394 char **pszResTypes)
3395 {
3396 PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
3397 PIMAGE_RESOURCE_DIRECTORY_ENTRY prde, prde1;
3398 PIMAGE_RESOURCE_DIR_STRING_U pDialogName;
3399 PIMAGE_RESOURCE_DATA_ENTRY prData;
3400 PIMAGE_DIALOG_HEADER pDialogHeader;
3401 //PIMAGE_CONTROL_DATA pControlData;
3402 char buff[32];
3403 int /*nCnt = 0,*/ i, j;
3404 //int num = 0;
3405 int size;
3406 int sLength, nDialogs;
3407 //WORD flag;
3408 WORD *pwd;
3409 //DWORD prdeName;
3410 char *pMem/*, *pTemp*/;
3411 //BOOL isStrange = FALSE;
3412
3413
3414 /* get root directory of resource tree */
3415 if ((prdType = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
3416 (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
3417 return 0;
3418
3419 /* set pointer to first resource type entry */
3420 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3421 ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
3422
3423 for (i = 0; i < prdType->NumberOfIdEntries; i++)
3424 {
3425 if (prde->Name == RT_DIALOG)
3426 break;
3427 prde++;
3428 }
3429 if (prde->Name != RT_DIALOG)
3430 return 0;
3431
3432 prdName = (PIMAGE_RESOURCE_DIRECTORY)
3433 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3434 if (prdName == NULL)
3435 return 0;
3436
3437 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3438 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3439
3440
3441 nDialogs = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
3442 sLength = 0;
3443
3444 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3445 {
3446 pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3447 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3448 sLength += pDialogName->Length + 1;
3449
3450 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3451 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3452 if (prdLanguage == NULL)
3453 continue;
3454
3455 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3456 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3457
3458 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3459 ((DWORD) prdType + prde1->OffsetToData);
3460 if (prData == NULL)
3461 continue;
3462
3463 size = prData->Size;
3464 sLength += 4 + size;
3465 prde++;
3466 }
3467 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3468 {
3469 sLength += 14;
3470
3471 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3472 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3473 if (prdLanguage == NULL)
3474 continue;
3475
3476 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3477 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3478
3479 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3480 ((DWORD) prdType + prde1->OffsetToData);
3481 if (prData == NULL)
3482 continue;
3483
3484 size = prData->Size;
3485 sLength += 4 + size;
3486 prde++;
3487 }
3488 //
3489 // allocate memory for menu names
3490 //
3491 *pszResTypes = (char *) calloc (sLength, 1);
3492
3493 pMem = *pszResTypes;
3494 //
3495 // and start all over again
3496 //
3497 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3498 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3499
3500 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3501 {
3502 pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3503 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3504
3505
3506 for (j = 0; j < pDialogName->Length; j++)
3507 *pMem++ = (char) (pDialogName->NameString[j]);
3508 *pMem = 0;
3509 pMem++;
3510
3511
3512 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3513 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3514 if (prdLanguage == NULL)
3515 continue;
3516
3517 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3518 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3519
3520 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3521 ((DWORD) prdType + prde1->OffsetToData);
3522 if (prData == NULL)
3523 continue;
3524
3525 pDialogHeader = (PIMAGE_DIALOG_HEADER)
3526 GetActualAddress (lpFile, prData->OffsetToData);
3527
3528
3529
3530 pwd = (WORD *) ((DWORD) pDialogHeader);
3531 size = prData->Size;
3532 *(int *) pMem = size;
3533 pMem += 4;
3534 StrangeMenuFill (&pMem, &pwd, size);
3535
3536 prde++;
3537 }
3538 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3539 {
3540
3541 sprintf (buff, "DialogId_%04lX", (prde->Name));
3542 strcpy (pMem, buff);
3543 pMem += strlen (buff) + 1;
3544
3545 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3546 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3547 if (prdLanguage == NULL)
3548 {
3549 printf ("\nprdLanguage = NULL");
3550 exit (0);
3551 }
3552
3553 prde1 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)
3554 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3555
3556 prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3557 ((DWORD) prdType + prde1->OffsetToData);
3558 if (prData == NULL)
3559 {
3560 printf ("\nprData = NULL");
3561 exit (0);
3562 }
3563
3564 pDialogHeader = (PIMAGE_DIALOG_HEADER)
3565 GetActualAddress (lpFile, prData->OffsetToData);
3566
3567
3568 pwd = (WORD *) ((DWORD) pDialogHeader);
3569 size = prData->Size;
3570 *(int *) pMem = size;
3571 pMem += 4;
3572 StrangeMenuFill (&pMem, &pwd, size);
3573
3574 prde++;
3575 }
3576
3577 return nDialogs;
3578 }
3579
3580
3581 //
3582 // This function is written by sang cho
3583 // October 14, 1997
3584 //
3585 /* print contents of dialog */
3586 void WINAPI
PrintNameOrOrdinal(char ** psz)3587 PrintNameOrOrdinal (
3588 char **psz)
3589 {
3590 char *ptr;
3591
3592 ptr = *psz;
3593 if (*(WORD *) ptr == 0xFFFF)
3594 {
3595 ptr += 2;
3596 printf ("%04X", *(WORD *) ptr);
3597 ptr += 2;
3598 }
3599 else
3600 {
3601 printf ("%c", '"');
3602 while (*(WORD *) ptr)
3603 {
3604 printf ("%c", *ptr);
3605 ptr += 2;
3606 }
3607 ptr += 2;
3608 printf ("%c", '"');
3609 }
3610 *psz = ptr;
3611 }
3612
3613
3614 //
3615 // This function is written by sang cho
3616 // October 14, 1997
3617 //
3618 /* print contents of dialog */
3619 void WINAPI
PrintDialog(char ** psz)3620 PrintDialog (
3621 char **psz)
3622 {
3623 int i/*, j, k, l, n, c*/;
3624 int num, size;
3625 DWORD flag;
3626 WORD class;
3627 //char buff[32];
3628 char *ptr, *pmax;
3629 BOOL isStrange = FALSE;
3630
3631 ptr = *psz;
3632 size = *(int *) ptr;
3633 ptr += 4;
3634 pmax = ptr + size;
3635
3636 // IStype of Dialog Header
3637 flag = *(DWORD *) ptr;
3638 //
3639 // check if flag is right or not
3640 // it has been observed that some dialog information is strange
3641 // and extra work is needed to fix that ... so let's try something
3642 //
3643
3644 if ((flag & 0xFFFF0000) == 0xFFFF0000)
3645 {
3646 flag = *(DWORD *) (ptr + 12);
3647 num = *(short *) (ptr + 16);
3648 isStrange = TRUE;
3649 ptr += 26;
3650 }
3651 else
3652 {
3653 num = *(short *) (ptr + 8);
3654 ptr += 18;
3655 }
3656 printf (", # of Controls=%03d, Caption:%c", num, '"');
3657
3658 // Menu name
3659 if (*(WORD *) ptr == 0xFFFF)
3660 ptr += 4; // ordinal
3661
3662 else
3663 {
3664 while (*(WORD *) ptr)
3665 ptr += 2;
3666 ptr += 2;
3667 } // name
3668
3669 // Class name
3670 if (*(WORD *) ptr == 0xFFFF)
3671 ptr += 4; // ordinal
3672
3673 else
3674 {
3675 while (*(WORD *) ptr)
3676 ptr += 2;
3677 ptr += 2;
3678 } // name
3679
3680 // Caption
3681 while (*(WORD *) ptr)
3682 {
3683 printf ("%c", *ptr);
3684 ptr += 2;
3685 }
3686 ptr += 2;
3687 printf ("%c", '"');
3688
3689 // FONT present
3690 if (flag & 0x00000040)
3691 {
3692 if (isStrange)
3693 ptr += 6;
3694 else
3695 ptr += 2; // FONT size
3696
3697 while (*(WORD *) ptr)
3698 ptr += 2; // WCHARs
3699
3700 ptr += 2; // double null
3701
3702 }
3703
3704 // strange case adjust
3705 if (isStrange)
3706 ptr += 8;
3707
3708 // DWORD padding
3709 if ((ptr - *psz) % 4)
3710 ptr += 4 - ((ptr - *psz) % 4);
3711
3712 // start reporting .. finally
3713 for (i = 0; i < num; i++)
3714 {
3715 flag = *(DWORD *) ptr;
3716 if (isStrange)
3717 ptr += 14;
3718 else
3719 ptr += 16;
3720 printf ("\n Control::%03d - ID:", i + 1);
3721
3722 // Control ID
3723 printf ("%04X, Class:", *(WORD *) ptr);
3724 ptr += 2;
3725
3726 // Control Class
3727 if (*(WORD *) ptr == 0xFFFF)
3728 {
3729 ptr += 2;
3730 class = *(WORD *) ptr;
3731 ptr += 2;
3732 switch (class)
3733 {
3734 case 0x80:
3735 printf ("BUTTON ");
3736 break;
3737 case 0x81:
3738 printf ("EDIT ");
3739 break;
3740 case 0x82:
3741 printf ("STATIC ");
3742 break;
3743 case 0x83:
3744 printf ("LISTBOX ");
3745 break;
3746 case 0x84:
3747 printf ("SCROLLBAR");
3748 break;
3749 case 0x85:
3750 printf ("COMBOBOX ");
3751 break;
3752 default:
3753 printf ("%04X ", class);
3754 break;
3755 }
3756 }
3757 else
3758 PrintNameOrOrdinal (&ptr);
3759
3760 printf (" Text:");
3761
3762 // Text
3763 PrintNameOrOrdinal (&ptr);
3764
3765 // nExtraStuff
3766 ptr += 2;
3767
3768 // strange case adjust
3769 if (isStrange)
3770 ptr += 8;
3771
3772 // DWORD padding
3773 if ((ptr - *psz) % 4)
3774 ptr += 4 - ((ptr - *psz) % 4);
3775 }
3776
3777 /*
3778 ptr = *psz;
3779 printf("\n");
3780
3781 for (i=0; i<(size/16)+1; i++)
3782 {
3783 n = 0;
3784 for (j=0; j<16; j++)
3785 {
3786 c = (int)(*ptr);
3787 if (c<0) c+=256;
3788 buff[j] = c;
3789 printf ("%02X",c);
3790 ptr++;
3791 if (ptr >= pmax) break;
3792 n++;
3793 if (n%4 == 0) printf (" ");
3794 }
3795 n++; if (n%4 == 0) printf (" ");
3796 l = j;
3797 j++;
3798 for (; j<16; j++)
3799 { n++; if (n%4 == 0) printf (" "); else printf (" "); }
3800 printf (" ");
3801 for (k=0; k<l; k++)
3802 if (isprint(c=buff[k])) printf("%c", c); else printf(".");
3803 printf ("\n");
3804 if (ptr >= pmax) break;
3805 }
3806 */
3807
3808 *psz = pmax;
3809
3810 }
3811
3812
3813
3814
3815
3816
3817 /* function indicates whether debug info has been stripped from file */
3818 BOOL WINAPI
IsDebugInfoStripped(LPVOID lpFile)3819 IsDebugInfoStripped (
3820 LPVOID lpFile)
3821 {
3822 PIMAGE_FILE_HEADER pfh;
3823
3824 pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
3825
3826 return (pfh->Characteristics & IMAGE_FILE_DEBUG_STRIPPED);
3827 }
3828
3829
3830
3831
3832 /* retrieve the module name from the debug misc. structure */
3833 int WINAPI
RetrieveModuleName(LPVOID lpFile,char ** pszModule)3834 RetrieveModuleName (
3835 LPVOID lpFile,
3836 char **pszModule)
3837 {
3838
3839 PIMAGE_DEBUG_DIRECTORY pdd;
3840 PIMAGE_DEBUG_MISC pdm = NULL;
3841 int nCnt;
3842
3843 if (!(pdd = (PIMAGE_DEBUG_DIRECTORY) ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_DEBUG)))
3844 return 0;
3845
3846 while (pdd->SizeOfData)
3847 {
3848 if (pdd->Type == IMAGE_DEBUG_TYPE_MISC)
3849 {
3850 pdm = (PIMAGE_DEBUG_MISC) ((DWORD) pdd->PointerToRawData + (DWORD) lpFile);
3851 *pszModule = (char *) calloc ((nCnt = (strlen ((char *)pdm->Data))) + 1, 1);
3852 // may need some unicode business here...above
3853 bcopy (pdm->Data, *pszModule, nCnt);
3854
3855 break;
3856 }
3857
3858 pdd++;
3859 }
3860
3861 if (pdm != NULL)
3862 return nCnt;
3863 else
3864 return 0;
3865 }
3866
3867
3868
3869
3870
3871 /* determine if this is a valid debug file */
3872 BOOL WINAPI
IsDebugFile(LPVOID lpFile)3873 IsDebugFile (
3874 LPVOID lpFile)
3875 {
3876 PIMAGE_SEPARATE_DEBUG_HEADER psdh;
3877
3878 psdh = (PIMAGE_SEPARATE_DEBUG_HEADER) lpFile;
3879
3880 return (psdh->Signature == IMAGE_SEPARATE_DEBUG_SIGNATURE);
3881 }
3882
3883
3884
3885
3886 /* copy separate debug header structure from debug file */
3887 BOOL WINAPI
GetSeparateDebugHeader(LPVOID lpFile,PIMAGE_SEPARATE_DEBUG_HEADER psdh)3888 GetSeparateDebugHeader (
3889 LPVOID lpFile,
3890 PIMAGE_SEPARATE_DEBUG_HEADER psdh)
3891 {
3892 PIMAGE_SEPARATE_DEBUG_HEADER pdh;
3893
3894 pdh = (PIMAGE_SEPARATE_DEBUG_HEADER) lpFile;
3895
3896 if (pdh->Signature == IMAGE_SEPARATE_DEBUG_SIGNATURE)
3897 {
3898 bcopy ((LPVOID) pdh, (LPVOID) psdh, sizeof (IMAGE_SEPARATE_DEBUG_HEADER));
3899 return TRUE;
3900 }
3901
3902 return FALSE;
3903 }
3904
3905 //
3906 // I tried to immitate the output of w32dasm disassembler.
3907 // which is a pretty good program.
3908 // but I am disappointed with this program and I myself
3909 // am writing a disassembler.
3910 // This PEdump program is a byproduct of that project.
3911 // so enjoy this program and I hope we will have a little more
3912 // knowledge on windows programming world.
3913 // .... sang cho
3914
3915 #define MAXSECTIONNUMBER 16
3916 #define MAXNAMESTRNUMBER 40
3917 int
main(int argc,char ** argv)3918 main (
3919 int argc,
3920 char **argv
3921 )
3922 {
3923 DWORD fileType;
3924 LPVOID lpFile;
3925 FILE *my_fp;
3926 IMAGE_DOS_HEADER dosHdr;
3927 PIMAGE_FILE_HEADER pfh;
3928 PIMAGE_OPTIONAL_HEADER poh;
3929 PIMAGE_SECTION_HEADER psh;
3930 //IMAGE_SECTION_HEADER idsh;
3931 IMAGE_SECTION_HEADER shdr[MAXSECTIONNUMBER];
3932 //PIMAGE_IMPORT_MODULE_DIRECTORY pid;
3933
3934 int nSections; // number of sections
3935
3936 int nResources; // number of resources
3937
3938 int nMenus; // number of menus
3939
3940 int nDialogs; // number of dialogs
3941
3942 int nImportedModules; // number of imported modules
3943
3944 int nFunctions; // number of functions in the imported module
3945
3946 int nExportedFunctions; // number of exported funcions
3947
3948 int imageBase;
3949 int entryPoint;
3950
3951 int i, j, /*k,*/ n;
3952 //int mnsize;
3953 //int nCnt;
3954 //int nSize;
3955 int fsize;
3956 char *pnstr;
3957 char *pst;
3958 char *piNameBuff; // import module name buffer
3959
3960 char *pfNameBuff; // import functions in the module name buffer
3961
3962 char *peNameBuff; // export function name buffer
3963
3964 char *pmNameBuff; // menu name buffer
3965
3966 char *pdNameBuff; // dialog name buffer
3967
3968 /*
3969 * Check user arguments.
3970 */
3971 if (2 == argc)
3972 {
3973 my_fp = fopen (argv[1], "rb");
3974 if (my_fp == NULL)
3975 {
3976 printf (
3977 "%s: can not open input file \"%s\".\n",
3978 argv[0],
3979 argv[1]
3980 );
3981 exit (0);
3982 }
3983 }
3984 else
3985 {
3986 printf (
3987 "%s - PE/COFF file dumper\n"
3988 "Copyright (c) 1993 Randy Kath (MSDN Technology Group)\n"
3989 "Copyright (c) 1997 Sang Cho (CS & Engineering - Chongju University)\n"
3990 "Copyright (c) 2000 Emanuele Aliberti (ReactOS Development Team)\n\n",
3991 argv[0]
3992 );
3993 printf (
3994 "usage: %s input_file_name\n",
3995 argv[0]
3996 );
3997 exit (0);
3998 }
3999 /*
4000 * Get input file's size.
4001 */
4002 /* argv [0], */
4003 fseek (my_fp, 0L, SEEK_END);
4004 fsize = ftell (my_fp);
4005 rewind (my_fp);
4006 /*
4007 * Buffer the file in memory.
4008 */
4009 lpFile = (void *) calloc (fsize, 1);
4010 if (lpFile == NULL)
4011 {
4012 printf (
4013 "%s: can not allocate memory.\n",
4014 argv[0]
4015 );
4016 fclose(my_fp);
4017 exit (0);
4018 }
4019 /*
4020 * --- Start of report ---
4021 */
4022 printf ("\n\nDump of file: %s\n\n", argv[1]);
4023
4024 n = fread (lpFile, fsize, 1, my_fp);
4025 fclose(my_fp);
4026
4027 if (n == -1)
4028 {
4029 printf (
4030 "%s: failed to read the file \"%s\".\n",
4031 argv[0],
4032 argv[1]
4033 );
4034 free(lpFile);
4035 exit (0);
4036 }
4037
4038 GetDosHeader (lpFile, &dosHdr);
4039
4040 if ((WORD) IMAGE_DOS_SIGNATURE == dosHdr.e_magic)
4041 {
4042 if ((dosHdr.e_lfanew > 4096)
4043 || (dosHdr.e_lfanew < 64)
4044 )
4045 {
4046 printf (
4047 "%s: This file is not in PE format; it looks like in DOS format.\n",
4048 argv[0]
4049 );
4050 free(lpFile);
4051 exit (0);
4052 }
4053 }
4054 else
4055 {
4056 printf (
4057 "%s: This doesn't look like an executable file (magic = 0x%04x).\n",
4058 argv[0],
4059 dosHdr.e_magic
4060 );
4061 free(lpFile);
4062 exit (0);
4063 }
4064
4065 fileType = ImageFileType (lpFile);
4066
4067 if (fileType != IMAGE_NT_SIGNATURE)
4068 {
4069 printf (
4070 "%s: This file is not in PE format (magic = 0x%08lx).\n",
4071 argv[0],
4072 fileType
4073 );
4074 free(lpFile);
4075 exit (0);
4076 }
4077
4078 //=====================================
4079 // now we can really start processing
4080 //=====================================
4081
4082 pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
4083
4084 poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
4085
4086 psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
4087
4088 nSections = pfh->NumberOfSections;
4089
4090 imageBase = poh->ImageBase;
4091
4092 entryPoint = poh->AddressOfEntryPoint;
4093
4094 if (psh == NULL)
4095 {
4096 free(lpFile);
4097 return 0;
4098 }
4099
4100 /* store section headers */
4101
4102 for (i = 0;
4103 i < nSections;
4104 i++
4105 )
4106 {
4107 shdr[i] = *psh++;
4108 }
4109 /*
4110 * Get Code offset and size,
4111 * Data offset and size.
4112 */
4113 for (i = 0;
4114 i < nSections;
4115 i++
4116 )
4117 {
4118 if (poh->BaseOfCode == shdr[i].VirtualAddress)
4119 {
4120 printf (
4121 "Code Offset = %08lX, Code Size = %08lX \n",
4122 shdr[i].PointerToRawData,
4123 shdr[i].SizeOfRawData
4124 );
4125 }
4126 if (((shdr[i].Characteristics) & 0xC0000040) == 0xC0000040)
4127 {
4128 printf (
4129 "Data Offset = %08lX, Data Size = %08lX \n",
4130 shdr[i].PointerToRawData,
4131 shdr[i].SizeOfRawData
4132 );
4133 break;
4134 }
4135 }
4136
4137 printf ("\n");
4138
4139 printf (
4140 "Number of Objects = %04d (dec), Imagebase = %08Xh \n",
4141 nSections,
4142 imageBase
4143 );
4144 /*
4145 * Object name alignment.
4146 */
4147 for (i = 0;
4148 i < nSections;
4149 i++
4150 )
4151 {
4152 for (j = 0;
4153 j < 7;
4154 j++
4155 )
4156 {
4157 if (shdr[i].Name[j] == 0)
4158 {
4159 shdr[i].Name[j] = 32;
4160 }
4161 }
4162 shdr[i].Name[7] = 0;
4163 }
4164 for (i = 0; i < nSections; i++)
4165 printf ("\n Object%02d: %8s RVA: %08lX Offset: %08lX Size: %08lX Flags: %08lX ",
4166 i + 1, shdr[i].Name, shdr[i].VirtualAddress, shdr[i].PointerToRawData,
4167 shdr[i].SizeOfRawData, shdr[i].Characteristics);
4168 /*
4169 * Get List of Resources.
4170 */
4171 nResources = GetListOfResourceTypes (lpFile, &pnstr);
4172 pst = pnstr;
4173 printf ("\n");
4174 printf ("\n+++++++++++++++++++ RESOURCE INFORMATION +++++++++++++++++++");
4175 printf ("\n");
4176 if (nResources == 0)
4177 printf ("\n There are no Resources in This Application.\n");
4178 else
4179 {
4180 printf ("\nNumber of Resource Types = %4d (decimal)\n", nResources);
4181 for (i = 0; i < nResources; i++)
4182 {
4183 printf ("\n Resource Type %03d: %s", i + 1, pst);
4184 pst += strlen ((char *) (pst)) + 1;
4185 }
4186 free ((void *) pnstr);
4187
4188 printf ("\n");
4189 printf ("\n+++++++++++++++++++ MENU INFORMATION +++++++++++++++++++");
4190 printf ("\n");
4191
4192 nMenus = GetContentsOfMenu (lpFile, &pmNameBuff);
4193
4194 if (nMenus == 0)
4195 {
4196 printf ("\n There are no Menus in This Application.\n");
4197 }
4198 else
4199 {
4200 pst = pmNameBuff;
4201 printf ("\nNumber of Menus = %4d (decimal)", nMenus);
4202
4203 //dumpMenu(&pst, 8096);
4204 for (i = 0; i < nMenus; i++)
4205 {
4206 // menu ID print
4207 printf ("\n\n%s", pst);
4208 pst += strlen (pst) + 1;
4209 printf ("\n-------------");
4210 if (strncmp (pst, ":::::::::::", 11) == 0)
4211 {
4212 printf ("\n");
4213 PrintStrangeMenu (&pst);
4214 }
4215 else
4216 {
4217 PrintMenu (6, &pst);
4218 }
4219 //else PrintStrangeMenu(&pst);
4220 }
4221 free ((void *) pmNameBuff);
4222 printf ("\n");
4223 }
4224
4225 printf ("\n");
4226 printf ("\n+++++++++++++++++ DIALOG INFORMATION +++++++++++++++++++");
4227 printf ("\n");
4228
4229 nDialogs = GetContentsOfDialog (lpFile, &pdNameBuff);
4230
4231 if (nDialogs == 0)
4232 {
4233 printf ("\n There are no Dialogs in This Application.\n");
4234 }
4235 else
4236 {
4237 pst = pdNameBuff;
4238 printf ("\nNumber of Dialogs = %4d (decimal)", nDialogs);
4239
4240 printf ("\n");
4241
4242 for (i = 0; i < nDialogs; i++)
4243 {
4244 // Dialog ID print
4245 printf ("\nName: %s", pst);
4246 pst += strlen (pst) + 1;
4247 PrintDialog (&pst);
4248 }
4249 free ((void *) pdNameBuff);
4250 printf ("\n");
4251 }
4252 }
4253
4254 printf ("\n+++++++++++++++++++ IMPORTED FUNCTIONS +++++++++++++++++++");
4255
4256 nImportedModules = GetImportModuleNames (lpFile, &piNameBuff);
4257 if (nImportedModules == 0)
4258 {
4259 printf ("\n There are no imported Functions in This Application.\n");
4260 }
4261 else
4262 {
4263 pnstr = piNameBuff;
4264 printf ("\nNumber of Imported Modules = %4d (decimal)\n", nImportedModules);
4265 for (i = 0; i < nImportedModules; i++)
4266 {
4267 printf ("\n Import Module %03d: %s", i + 1, pnstr);
4268 pnstr += strlen ((char *) (pnstr)) + 1;
4269 }
4270
4271 printf ("\n");
4272 printf ("\n+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++++");
4273 pnstr = piNameBuff;
4274 for (i = 0; i < nImportedModules; i++)
4275 {
4276 printf ("\n\n Import Module %03d: %s \n", i + 1, pnstr);
4277 nFunctions = GetImportFunctionNamesByModule (lpFile, pnstr, &pfNameBuff);
4278 pnstr += strlen ((char *) (pnstr)) + 1;
4279 pst = pfNameBuff;
4280 for (j = 0; j < nFunctions; j++)
4281 {
4282 printf ("\nAddr:%08X hint(%04X) Name: %s",
4283 (*(int *) pst), (*(short *) (pst + 4)),
4284 //(pst+6));
4285 TranslateFunctionName (pst + 6));
4286 pst += strlen ((char *) (pst + 6)) + 1 + 6;
4287 }
4288 free ((void *) pfNameBuff);
4289 }
4290 free ((void *) piNameBuff);
4291 }
4292
4293 printf ("\n");
4294 printf ("\n+++++++++++++++++++ EXPORTED FUNCTIONS +++++++++++++++++++");
4295
4296 nExportedFunctions = GetExportFunctionNames (lpFile, &peNameBuff);
4297 printf ("\nNumber of Exported Functions = %4d (decimal)\n", nExportedFunctions);
4298
4299 if (nExportedFunctions > 0)
4300 {
4301 pst = peNameBuff;
4302
4303 for (i = 0; i < nExportedFunctions; i++)
4304 {
4305 printf ("\nAddr:%08X Ord:%4d (%04Xh) Name: %s",
4306 (*(int *) pst), (*(WORD *) (pst + 4)), (*(WORD *) (pst + 4)),
4307 //(pst+6));
4308 TranslateFunctionName (pst + 6));
4309 pst += strlen ((char *) (pst + 6)) + 6 + 1;
4310 }
4311 free ((void *) peNameBuff);
4312 }
4313
4314 free ((void *) lpFile);
4315
4316 return 0;
4317 }
4318
4319
4320 /* EOF */
4321