ReactOS  r74223
pedump.c
Go to the documentation of this file.
1 //
2 // This program was written by Sang Cho, assistant professor at
3 // the department of
4 // computer science and engineering
5 // chongju university
6 // this program is based on the program pefile.c
7 // which is written by Randy Kath(Microsoft Developmer Network Technology Group)
8 // in june 12, 1993.
9 // I have investigated P.E. file format as thoroughly as possible,
10 // but I cannot claim that I am an expert yet, so some of its information
11 // may give you wrong results.
12 //
13 //
14 //
15 // language used: djgpp
16 // date of creation: September 28, 1997
17 //
18 // date of first release: October 15, 1997
19 //
20 //
21 // you can contact me: e-mail address: sangcho@alpha94.chongju.ac.kr
22 // hitel id: chokhas
23 // phone number: (0431) 229-8491 +82-431-229-8491
24 //
25 //
26 //
27 // Copyright (C) 1997. by Sang Cho.
28 //
29 // Permission is granted to make and distribute verbatim copies of this
30 // program provided the copyright notice and this permission notice are
31 // preserved on all copies.
32 //
33 //
34 // File: pedump.c ( I included header file into source file. )
35 //
36 // LICENSE
37 // Sources released under GNU General Public License version 2
38 // or later by Mr. Sang Cho permission.
39 //
40 // REVISIONS
41 // 2000-04-23 (ea) Initial adaptation to GCC/MinGW/ROS.
42 // 2000-08-05 (ea) Initial raw adaptation done.
43 //
44 
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <stdarg.h>
48 #include <string.h>
49 #include <setjmp.h>
50 #include <malloc.h>
51 #include <ctype.h>
52 
53 #ifndef bcopy
54 #define bcopy(s,d,z) memcpy((d),(s),(z))
55 #endif
56 
57 typedef char CHAR;
58 typedef short WCHAR;
59 typedef short SHORT;
60 typedef long LONG;
61 typedef unsigned short USHORT;
62 typedef unsigned long DWORD;
63 typedef int BOOL;
64 typedef unsigned char BYTE;
65 typedef unsigned short WORD;
66 typedef BYTE *PBYTE;
67 typedef WORD *PWORD;
68 typedef DWORD *PDWORD;
69 typedef void *LPVOID;
70 typedef int boolean;
71 
72 #define VOID void
73 #define BOOLEAN boolean
74 
75 #ifndef NULL
76 #define NULL 0
77 #endif
78 
79 #define FALSE 0
80 #define TRUE 1
81 #define CONST const
82 #define LOWORD(l) ((WORD)(l))
83 #define WINAPI __stdcall
84 
85 //
86 // Image Format
87 //
88 
89 #define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
90 #define IMAGE_OS2_SIGNATURE 0x454E // NE
91 #define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
92 #define IMAGE_VXD_SIGNATURE 0x454C // LE
93 #define IMAGE_NT_SIGNATURE 0x00004550 // PE00
94 
95 typedef struct _IMAGE_DOS_HEADER
96  { // DOS .EXE header
97 
98  WORD e_magic; // Magic number
99 
100  WORD e_cblp; // Bytes on last page of file
101 
102  WORD e_cp; // Pages in file
103 
104  WORD e_crlc; // Relocations
105 
106  WORD e_cparhdr; // Size of header in paragraphs
107 
108  WORD e_minalloc; // Minimum extra paragraphs needed
109 
110  WORD e_maxalloc; // Maximum extra paragraphs needed
111 
112  WORD e_ss; // Initial (relative) SS value
113 
114  WORD e_sp; // Initial SP value
115 
116  WORD e_csum; // Checksum
117 
118  WORD e_ip; // Initial IP value
119 
120  WORD e_cs; // Initial (relative) CS value
121 
122  WORD e_lfarlc; // File address of relocation table
123 
124  WORD e_ovno; // Overlay number
125 
126  WORD e_res[4]; // Reserved words
127 
128  WORD e_oemid; // OEM identifier (for e_oeminfo)
129 
130  WORD e_oeminfo; // OEM information; e_oemid specific
131 
132  WORD e_res2[10]; // Reserved words
133 
134  LONG e_lfanew; // File address of new exe header
135 
136  }
138 
139 //
140 // File header format.
141 //
142 
143 
144 
145 typedef struct _IMAGE_FILE_HEADER
146  {
147  WORD Machine;
154  }
156 
157 #define IMAGE_SIZEOF_FILE_HEADER 20
158 
159 #define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
160 #define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
161 #define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
162 #define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
163 #define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
164 #define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
165 #define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
166 #define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
167 #define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
168 #define IMAGE_FILE_SYSTEM 0x1000 // System File.
169 #define IMAGE_FILE_DLL 0x2000 // File is a DLL.
170 #define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
171 #define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
172 
173 #define IMAGE_FILE_MACHINE_UNKNOWN 0
174 #define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
175 #define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
176 #define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
177 #define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
178 #define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
179 #define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
180 
181 
182 
183 //
184 // Directory format.
185 //
186 
187 typedef struct _IMAGE_DATA_DIRECTORY
188  {
190  DWORD Size;
191 
192  }
194 
195 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
196 
197 //
198 // Optional header format.
199 //
200 
201 typedef struct _IMAGE_OPTIONAL_HEADER
202  {
203  //
204  // Standard fields.
205  //
206  WORD Magic;
215 
216  //
217  // NT additional fields.
218  //
219 
232  DWORD CheckSum;
233  WORD Subsystem;
242 
243  }
245 
246 
247 typedef struct _IMAGE_NT_HEADERS
248  {
252 
253  }
255 
256 
257 // Directory Entries
258 
259 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
260 #define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
261 #define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
262 #define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
263 #define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
264 #define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
265 #define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
266 #define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
267 #define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
268 #define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
269 #define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
270 #define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
271 #define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
272 
273 //
274 // Section header format.
275 //
276 
277 #define IMAGE_SIZEOF_SHORT_NAME 8
278 
279 typedef struct _IMAGE_SECTION_HEADER
280  {
282  union
283  {
286  }
287  Misc;
296 
297  }
299 
300 #define IMAGE_SIZEOF_SECTION_HEADER 40
301 
302 
303 //
304 // Export Format
305 //
306 
307 typedef struct _IMAGE_EXPORT_DIRECTORY
308  {
313  DWORD Name;
314  DWORD Base;
320 
321  }
323 
324 //
325 // Import Format
326 //
327 
328 typedef struct _IMAGE_IMPORT_BY_NAME
329  {
331  BYTE Name[1];
332 
333  }
335 
336 #define IMAGE_ORDINAL_FLAG 0x80000000
337 #define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
338 
339 
340 //
341 // Resource Format.
342 //
343 
344 //
345 // Resource directory consists of two counts, following by a variable length
346 // array of directory entries. The first count is the number of entries at
347 // beginning of the array that have actual names associated with each entry.
348 // The entries are in ascending order, case insensitive strings. The second
349 // count is the number of entries that immediately follow the named entries.
350 // This second count identifies the number of entries that have 16-bit integer
351 // Ids as their name. These entries are also sorted in ascending order.
352 //
353 // This structure allows fast lookup by either name or number, but for any
354 // given resource entry only one form of lookup is supported, not both.
355 // This is consistant with the syntax of the .RC file and the .RES file.
356 //
357 
358 // Predefined resource types ... there may be some more, but I don't have
359 // the information yet. .....sang cho.....
360 
361 #define RT_NEWRESOURCE 0x2000
362 #define RT_ERROR 0x7fff
363 #define RT_CURSOR 1
364 #define RT_BITMAP 2
365 #define RT_ICON 3
366 #define RT_MENU 4
367 #define RT_DIALOG 5
368 #define RT_STRING 6
369 #define RT_FONTDIR 7
370 #define RT_FONT 8
371 #define RT_ACCELERATORS 9
372 #define RT_RCDATA 10
373 #define RT_MESSAGETABLE 11
374 #define RT_GROUP_CURSOR 12
375 #define RT_GROUP_ICON 14
376 #define RT_VERSION 16
377 #define NEWBITMAP (RT_BITMAP|RT_NEWRESOURCE)
378 #define NEWMENU (RT_MENU|RT_NEWRESOURCE)
379 #define NEWDIALOG (RT_DIALOG|RT_NEWRESOURCE)
380 
381 
383  {
390 // IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[1];
391 
392  }
394 
395 #define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
396 #define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
397 
398 //
399 // Each directory contains the 32-bit Name of the entry and an offset,
400 // relative to the beginning of the resource directory of the data associated
401 // with this directory entry. If the name of the entry is an actual text
402 // string instead of an integer Id, then the high order bit of the name field
403 // is set to one and the low order 31-bits are an offset, relative to the
404 // beginning of the resource directory of the string, which is of type
405 // IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
406 // low-order 16-bits are the integer Id that identify this resource directory
407 // entry. If the directory entry is yet another resource directory (i.e. a
408 // subdirectory), then the high order bit of the offset field will be
409 // set to indicate this. Otherwise the high bit is clear and the offset
410 // field points to a resource data entry.
411 //
412 
414  {
417 
418  }
420 
421 //
422 // For resource directory entries that have actual string names, the Name
423 // field of the directory entry points to an object of the following type.
424 // All of these string objects are stored together after the last resource
425 // directory entry and before the first resource data object. This minimizes
426 // the impact of these variable length objects on the alignment of the fixed
427 // size directory entry objects.
428 //
429 
431  {
434 
435  }
437 
438 
440  {
443 
444  }
446 
447 
448 //
449 // Each resource data entry describes a leaf node in the resource directory
450 // tree. It contains an offset, relative to the beginning of the resource
451 // directory of the data for the resource, a size field that gives the number
452 // of bytes of data at that offset, a CodePage that should be used when
453 // decoding code point values within the resource data. Typically for new
454 // applications the code page would be the unicode code page.
455 //
456 
458  {
463 
464  }
466 
467 
468 // Menu Resources ... added by .....sang cho....
469 
470 // Menu resources are composed of a menu header followed by a sequential list
471 // of menu items. There are two types of menu items: pop-ups and normal menu
472 // itmes. The MENUITEM SEPARATOR is a special case of a normal menu item with
473 // an empty name, zero ID, and zero flags.
474 
475 typedef struct _IMAGE_MENU_HEADER
476  {
477  WORD wVersion; // Currently zero
478 
479  WORD cbHeaderSize; // Also zero
480 
481  }
483 
485  {
488 
489  }
491 
493  {
497 
498  }
500 
501 #define GRAYED 0x0001 // GRAYED keyword
502 #define INACTIVE 0x0002 // INACTIVE keyword
503 #define BITMAP 0x0004 // BITMAP keyword
504 #define OWNERDRAW 0x0100 // OWNERDRAW keyword
505 #define CHECKED 0x0008 // CHECKED keyword
506 #define POPUP 0x0010 // used internally
507 #define MENUBARBREAK 0x0020 // MENUBARBREAK keyword
508 #define MENUBREAK 0x0040 // MENUBREAK keyword
509 #define ENDMENU 0x0080 // used internally
510 
511 
512 // Dialog Box Resources .................. added by sang cho.
513 
514 // A dialog box is contained in a single resource and has a header and
515 // a portion repeated for each control in the dialog box.
516 // The item DWORD IStyle is a standard window style composed of flags found
517 // in WINDOWS.H.
518 // The default style for a dialog box is:
519 // WS_POPUP | WS_BORDER | WS_SYSMENU
520 //
521 // The itme marked "Name or Ordinal" are :
522 // If the first word is an 0xffff, the next two bytes contain an ordinal ID.
523 // Otherwise, the first one or more WORDS contain a double-null-terminated string.
524 // An empty string is represented by a single WORD zero in the first location.
525 //
526 // The WORD wPointSize and WCHAR szFontName entries are present if the FONT
527 // statement was included for the dialog box. This can be detected by checking
528 // the entry IStyle. If IStyle & DS_SETFONT ( which is 0x40), then these
529 // entries will be present.
530 
532  {
534  DWORD IExtendedStyle; // New for Windows NT
535 
536  WORD nControls; // Number of Controls
537 
542 // N_OR_O MenuName; // Name or Ordinal ID
543  // N_OR_O ClassName; // Name or Ordinal ID
544  // WCHAR szCaption[];
545  // WORD wPointSize; // Only here if FONT set for dialog
546  // WCHAR szFontName[]; // This too
547  }
549 
550 typedef union _NAME_OR_ORDINAL
551  { // Name or Ordinal ID
552 
553  struct _ORD_ID
554  {
557  }
558  ORD_ID;
560  }
562 
563 // The data for each control starts on a DWORD boundary (which may require
564 // some padding from the previous control), and its format is as follows:
565 
566 typedef struct _IMAGE_CONTROL_DATA
567  {
575 // N_OR_O ClassId;
576  // N_OR_O Text;
577  // WORD nExtraStuff;
578  }
580 
581 #define BUTTON 0x80
582 #define EDIT 0x81
583 #define STATIC 0x82
584 #define LISTBOX 0x83
585 #define SCROLLBAR 0x84
586 #define COMBOBOX 0x85
587 
588 // The various statements used in a dialog script are all mapped to these
589 // classes along with certain modifying styles. The values for these styles
590 // can be found in WINDOWS.H. All dialog controls have the default styles
591 // of WS_CHILD and WS_VISIBLE. A list of the default styles used follows:
592 //
593 // Statement Default Class Default Styles
594 // CONTROL None WS_CHILD|WS_VISIBLE
595 // LTEXT STATIC ES_LEFT
596 // RTEXT STATIC ES_RIGHT
597 // CTEXT STATIC ES_CENTER
598 // LISTBOX LISTBOX WS_BORDER|LBS_NOTIFY
599 // CHECKBOX BUTTON BS_CHECKBOX|WS_TABSTOP
600 // PUSHBUTTON BUTTON BS_PUSHBUTTON|WS_TABSTOP
601 // GROUPBOX BUTTON BS_GROUPBOX
602 // DEFPUSHBUTTON BUTTON BS_DFPUSHBUTTON|WS_TABSTOP
603 // RADIOBUTTON BUTTON BS_RADIOBUTTON
604 // AUTOCHECKBOX BUTTON BS_AUTOCHECKBOX
605 // AUTO3STATE BUTTON BS_AUTO3STATE
606 // AUTORADIOBUTTON BUTTON BS_AUTORADIOBUTTON
607 // PUSHBOX BUTTON BS_PUSHBOX
608 // STATE3 BUTTON BS_3STATE
609 // EDITTEXT EDIT ES_LEFT|WS_BORDER|WS_TABSTOP
610 // COMBOBOX COMBOBOX None
611 // ICON STATIC SS_ICON
612 // SCROLLBAR SCROLLBAR None
614 
615 #define WS_OVERLAPPED 0x00000000L
616 #define WS_POPUP 0x80000000L
617 #define WS_CHILD 0x40000000L
618 #define WS_CLIPSIBLINGS 0x04000000L
619 #define WS_CLIPCHILDREN 0x02000000L
620 #define WS_VISIBLE 0x10000000L
621 #define WS_DISABLED 0x08000000L
622 #define WS_MINIMIZE 0x20000000L
623 #define WS_MAXIMIZE 0x01000000L
624 #define WS_CAPTION 0x00C00000L
625 #define WS_BORDER 0x00800000L
626 #define WS_DLGFRAME 0x00400000L
627 #define WS_VSCROLL 0x00200000L
628 #define WS_HSCROLL 0x00100000L
629 #define WS_SYSMENU 0x00080000L
630 #define WS_THICKFRAME 0x00040000L
631 #define WS_MINIMIZEBOX 0x00020000L
632 #define WS_MAXIMIZEBOX 0x00010000L
633 #define WS_GROUP 0x00020000L
634 #define WS_TABSTOP 0x00010000L
635 
636 // other aliases
637 #define WS_OVERLAPPEDWINDOW (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX)
638 #define WS_POPUPWINDOW (WS_POPUP | WS_BORDER | WS_SYSMENU)
639 #define WS_CHILDWINDOW (WS_CHILD)
640 #define WS_TILED WS_OVERLAPPED
641 #define WS_ICONIC WS_MINIMIZE
642 #define WS_SIZEBOX WS_THICKFRAME
643 #define WS_TILEDWINDOW WS_OVERLAPPEDWINDOW
644 
645 #define WS_EX_DLGMODALFRAME 0x00000001L
646 #define WS_EX_NOPARENTNOTIFY 0x00000004L
647 #define WS_EX_TOPMOST 0x00000008L
648 #define WS_EX_ACCEPTFILES 0x00000010L
649 #define WS_EX_TRANSPARENT 0x00000020L
650 
651 #define BS_PUSHBUTTON 0x00000000L
652 #define BS_DEFPUSHBUTTON 0x00000001L
653 #define BS_CHECKBOX 0x00000002L
654 #define BS_AUTOCHECKBOX 0x00000003L
655 #define BS_RADIOBUTTON 0x00000004L
656 #define BS_3STATE 0x00000005L
657 #define BS_AUTO3STATE 0x00000006L
658 #define BS_GROUPBOX 0x00000007L
659 #define BS_USERBUTTON 0x00000008L
660 #define BS_AUTORADIOBUTTON 0x00000009L
661 #define BS_OWNERDRAW 0x0000000BL
662 #define BS_LEFTTEXT 0x00000020L
663 
664 #define ES_LEFT 0x00000000L
665 #define ES_CENTER 0x00000001L
666 #define ES_RIGHT 0x00000002L
667 #define ES_MULTILINE 0x00000004L
668 #define ES_UPPERCASE 0x00000008L
669 #define ES_LOWERCASE 0x00000010L
670 #define ES_PASSWORD 0x00000020L
671 #define ES_AUTOVSCROLL 0x00000040L
672 #define ES_AUTOHSCROLL 0x00000080L
673 #define ES_NOHIDESEL 0x00000100L
674 #define ES_OEMCONVERT 0x00000400L
675 #define ES_READONLY 0x00000800L
676 #define ES_WANTRETURN 0x00001000L
677 
678 #define LBS_NOTIFY 0x0001L
679 #define LBS_SORT 0x0002L
680 #define LBS_NOREDRAW 0x0004L
681 #define LBS_MULTIPLESEL 0x0008L
682 #define LBS_OWNERDRAWFIXED 0x0010L
683 #define LBS_OWNERDRAWVARIABLE 0x0020L
684 #define LBS_HASSTRINGS 0x0040L
685 #define LBS_USETABSTOPS 0x0080L
686 #define LBS_NOINTEGRALHEIGHT 0x0100L
687 #define LBS_MULTICOLUMN 0x0200L
688 #define LBS_WANTKEYBOARDINPUT 0x0400L
689 #define LBS_EXTENDEDSEL 0x0800L
690 #define LBS_DISABLENOSCROLL 0x1000L
691 
692 #define SS_LEFT 0x00000000L
693 #define SS_CENTER 0x00000001L
694 #define SS_RIGHT 0x00000002L
695 #define SS_ICON 0x00000003L
696 #define SS_BLACKRECT 0x00000004L
697 #define SS_GRAYRECT 0x00000005L
698 #define SS_WHITERECT 0x00000006L
699 #define SS_BLACKFRAME 0x00000007L
700 #define SS_GRAYFRAME 0x00000008L
701 #define SS_WHITEFRAME 0x00000009L
702 #define SS_SIMPLE 0x0000000BL
703 #define SS_LEFTNOWORDWRAP 0x0000000CL
704 #define SS_BITMAP 0x0000000EL
705 
706 //
707 // Debug Format
708 //
709 
710 typedef struct _IMAGE_DEBUG_DIRECTORY
711  {
716  DWORD Type;
720  }
722 
723 #define IMAGE_DEBUG_TYPE_UNKNOWN 0
724 #define IMAGE_DEBUG_TYPE_COFF 1
725 #define IMAGE_DEBUG_TYPE_CODEVIEW 2
726 #define IMAGE_DEBUG_TYPE_FPO 3
727 #define IMAGE_DEBUG_TYPE_MISC 4
728 #define IMAGE_DEBUG_TYPE_EXCEPTION 5
729 #define IMAGE_DEBUG_TYPE_FIXUP 6
730 #define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
731 #define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
732 
733 
734 typedef struct _IMAGE_DEBUG_MISC
735  {
736  DWORD DataType; // type of misc data, see defines
737 
738  DWORD Length; // total length of record, rounded to four
739  // byte multiple.
740 
741  BOOLEAN Unicode; // TRUE if data is unicode string
742 
743  BYTE Reserved[3];
744  BYTE Data[1]; // Actual data
745 
746  }
748 
749 
750 //
751 // Debugging information can be stripped from an image file and placed
752 // in a separate .DBG file, whose file name part is the same as the
753 // image file name part (e.g. symbols for CMD.EXE could be stripped
754 // and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
755 // flag in the Characteristics field of the file header. The beginning of
756 // the .DBG file contains the following structure which captures certain
757 // information from the image file. This allows a debug to proceed even if
758 // the original image file is not accessable. This header is followed by
759 // zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
760 // IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
761 // the image file contain file offsets relative to the beginning of the
762 // .DBG file.
763 //
764 // If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
765 // is left in the image file, but not mapped. This allows a debugger to
766 // compute the name of the .DBG file, from the name of the image in the
767 // IMAGE_DEBUG_MISC structure.
768 //
769 
770 typedef struct _IMAGE_SEPARATE_DEBUG_HEADER
771  {
772  WORD Signature;
773  WORD Flags;
774  WORD Machine;
777  DWORD CheckSum;
784  DWORD Reserved[2];
785  }
787 
788 #define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
789 
790 #define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
791 #define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
792  // old checksum didn't match.
793 
794 
795 //
796 // End Image Format
797 //
798 
799 
800 #define SIZE_OF_NT_SIGNATURE sizeof (DWORD)
801 #define MAXRESOURCENAME 13
802 
803 /* global macros to define header offsets into file */
804 /* offset to PE file signature */
805 #define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + \
806  ((PIMAGE_DOS_HEADER)a)->e_lfanew))
807 
808 /* DOS header identifies the NT PEFile signature dword
809  the PEFILE header exists just after that dword */
810 #define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + \
811  ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
812  SIZE_OF_NT_SIGNATURE))
813 
814 /* PE optional header is immediately after PEFile header */
815 #define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + \
816  ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
817  SIZE_OF_NT_SIGNATURE + \
818  sizeof (IMAGE_FILE_HEADER)))
819 
820 /* section headers are immediately after PE optional header */
821 #define SECHDROFFSET(a) ((LPVOID)((BYTE *)a + \
822  ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
823  SIZE_OF_NT_SIGNATURE + \
824  sizeof (IMAGE_FILE_HEADER) + \
825  sizeof (IMAGE_OPTIONAL_HEADER)))
826 
827 
828 typedef struct tagImportDirectory
829  {
835  }
837 
838 
839 /* global prototypes for functions in pefile.c */
840 /* PE file header info */
841 BOOL WINAPI GetDosHeader (LPVOID, PIMAGE_DOS_HEADER);
843 BOOL WINAPI GetPEFileHeader (LPVOID, PIMAGE_FILE_HEADER);
844 
845 /* PE optional header info */
846 BOOL WINAPI GetPEOptionalHeader (LPVOID, PIMAGE_OPTIONAL_HEADER);
852 
853 /* PE section header info */
854 //int WINAPI GetSectionNames (LPVOID, HANDLE, char **);
855 int WINAPI GetSectionNames (LPVOID, char **);
856 BOOL WINAPI GetSectionHdrByName (LPVOID, PIMAGE_SECTION_HEADER, char *);
857 
858 //
859 // structur to store string tokens
860 //
861 typedef struct _Str_P
862  {
863  char flag; // string_flag '@' or '%' or '#'
864 
865  char *pos; // starting postion of string
866 
867  int length; // length of string
868 
869  BOOL wasString; // if it were stringMode or not
870 
871  }
872 Str_P;
873 
874 /* import section info */
875 int WINAPI GetImportModuleNames (LPVOID, char **);
876 int WINAPI GetImportFunctionNamesByModule (LPVOID, char *, char **);
877 
878 // import function name reporting
879 int WINAPI GetStringLength (char *);
880 void WINAPI GetPreviousParamString (char *, char *);
881 void WINAPI TranslateParameters (char **, char **, char **);
882 BOOL WINAPI StringExpands (char **, char **, char **, Str_P *);
883 char * WINAPI TranslateFunctionName (char *);
884 
885 /* export section info */
886 int WINAPI GetExportFunctionNames (LPVOID, char **);
887 
888 /* resource section info */
890 int WINAPI GetListOfResourceTypes (LPVOID, char **);
891 int WINAPI MenuScan (int *, WORD **);
892 int WINAPI MenuFill (char **, WORD **);
893 void WINAPI StrangeMenuFill (char **, WORD **, int);
894 int WINAPI GetContentsOfMenu (LPVOID, char **);
895 int WINAPI PrintMenu (int, char **);
896 int WINAPI PrintStrangeMenu (char **);
897 int WINAPI dumpMenu (char **psz, int size);
898 
899 /* debug section info */
901 int WINAPI RetrieveModuleName (LPVOID, char **);
903 BOOL WINAPI GetSeparateDebugHeader (LPVOID, PIMAGE_SEPARATE_DEBUG_HEADER);
904 
905 
906 /**********************************************************************
907  * NAME
908  *
909  * DESCRIPTION
910  * Copy DOS header information to structure.
911  *
912  * ARGUMENTS
913  */
914 BOOL WINAPI
916  LPVOID lpFile,
917  PIMAGE_DOS_HEADER pHeader
918 )
919 {
920  /*
921  * DOS header represents first structure
922  * of bytes in PE image file.
923  */
924  if ((WORD) IMAGE_DOS_SIGNATURE == *(WORD *) lpFile)
925  {
926  bcopy (
927  lpFile,
928  (LPVOID) pHeader,
929  sizeof (IMAGE_DOS_HEADER)
930  );
931  return TRUE;
932  }
933  return FALSE;
934 }
935 
936 
937 
938 
939 /* return file signature */
942  LPVOID lpFile)
943 {
944  /* dos file signature comes first */
945  if (*(USHORT *) lpFile == IMAGE_DOS_SIGNATURE)
946  {
947  /* determine location of PE File header from dos header */
948  if (LOWORD (*(DWORD *) NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE ||
949  LOWORD (*(DWORD *) NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE_LE)
950  return (DWORD) LOWORD (*(DWORD *) NTSIGNATURE (lpFile));
951 
952  else if (*(DWORD *) NTSIGNATURE (lpFile) == IMAGE_NT_SIGNATURE)
953  return IMAGE_NT_SIGNATURE;
954 
955  else
956  return IMAGE_DOS_SIGNATURE;
957  }
958 
959  else
960  /* unknown file type */
961  return 0;
962 }
963 
964 
965 
966 
967 /* copy file header information to structure */
968 BOOL WINAPI
970  LPVOID lpFile,
971  PIMAGE_FILE_HEADER pHeader)
972 {
973  /* file header follows dos header */
974  if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
975  bcopy (PEFHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_FILE_HEADER));
976  else
977  return FALSE;
978 
979  return TRUE;
980 }
981 
982 
983 
984 
985 
986 /* copy optional header info to structure */
987 BOOL WINAPI
989  LPVOID lpFile,
990  PIMAGE_OPTIONAL_HEADER pHeader)
991 {
992  /* optional header follows file header and dos header */
993  if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
994  bcopy (OPTHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_OPTIONAL_HEADER));
995  else
996  return FALSE;
997 
998  return TRUE;
999 }
1000 
1001 
1002 
1003 
1004 /* function returns the entry point for an exe module lpFile must
1005  be a memory mapped file pointer to the beginning of the image file */
1006 LPVOID WINAPI
1008  LPVOID lpFile)
1009 {
1010  PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1011 
1012  if (poh != NULL)
1013  return (LPVOID) (poh->AddressOfEntryPoint);
1014  else
1015  return NULL;
1016 }
1017 
1018 
1019 
1020 
1021 /* return the total number of sections in the module */
1022 int WINAPI
1024  LPVOID lpFile)
1025 {
1026  /* number os sections is indicated in file header */
1027  return ((int) ((PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile))->NumberOfSections);
1028 }
1029 
1030 
1031 
1032 
1033 /* retrieve entry point */
1034 LPVOID WINAPI
1036  LPVOID lpFile)
1037 {
1038  PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1039 
1040  if (poh != NULL)
1041  return (LPVOID) (poh->ImageBase);
1042  else
1043  return NULL;
1044 }
1045 
1046 
1047 
1048 //
1049 // This function is written by sang cho
1050 // .. october 5, 1997
1051 //
1052 /* function returns the actual address of given RVA, lpFile must
1053  be a memory mapped file pointer to the beginning of the image file */
1054 LPVOID WINAPI
1056  LPVOID lpFile,
1057  DWORD dwRVA)
1058 {
1059 // PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile);
1060  PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
1061  int nSections = NumOfSections (lpFile);
1062  int i = 0;
1063 
1064  if (dwRVA == 0)
1065  return NULL;
1066  if (dwRVA & 0x80000000)
1067  {
1068  //return (LPVOID)dwRVA;
1069  printf ("\n$$ what is going on $$");
1070  exit (0);
1071  }
1072 
1073  /* locate section containing image directory */
1074  while (i++ < nSections)
1075  {
1076  if (psh->VirtualAddress <= (DWORD) dwRVA &&
1077  psh->VirtualAddress + psh->SizeOfRawData > (DWORD) dwRVA)
1078  break;
1079  psh++;
1080  }
1081 
1082  if (i > nSections)
1083  return NULL;
1084 
1085  /* return image import directory offset */
1086  return (LPVOID) (((int) lpFile + (int) dwRVA - psh->VirtualAddress) +
1087  (int) psh->PointerToRawData);
1088 }
1089 
1090 
1091 //
1092 // This function is modified by sang cho
1093 //
1094 //
1095 /* return offset to specified IMAGE_DIRECTORY entry */
1096 LPVOID WINAPI
1098  LPVOID lpFile,
1099  DWORD dwIMAGE_DIRECTORY)
1100 {
1101  PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
1102  PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
1103  int nSections = NumOfSections (lpFile);
1104  int i = 0;
1105  LPVOID VAImageDir;
1106 
1107  /* must be 0 thru (NumberOfRvaAndSizes-1) */
1108  if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes)
1109  return NULL;
1110 
1111  /* locate specific image directory's relative virtual address */
1112  VAImageDir = (LPVOID) poh->DataDirectory[dwIMAGE_DIRECTORY].VirtualAddress;
1113 
1114  if (VAImageDir == NULL)
1115  return NULL;
1116  /* locate section containing image directory */
1117  while (i++ < nSections)
1118  {
1119  if (psh->VirtualAddress <= (DWORD) VAImageDir &&
1120  psh->VirtualAddress + psh->SizeOfRawData > (DWORD) VAImageDir)
1121  break;
1122  psh++;
1123  }
1124 
1125  if (i > nSections)
1126  return NULL;
1127 
1128  /* return image import directory offset */
1129  return (LPVOID) (((int) lpFile + (int) VAImageDir - psh->VirtualAddress) +
1130  (int) psh->PointerToRawData);
1131 }
1132 
1133 
1134 /* function retrieve names of all the sections in the file */
1135 int WINAPI
1137  LPVOID lpFile,
1138  char **pszSections)
1139 {
1140  int nSections = NumOfSections (lpFile);
1141  int i, nCnt = 0;
1142  PIMAGE_SECTION_HEADER psh;
1143  char *ps;
1144 
1145 
1146  if (ImageFileType (lpFile) != IMAGE_NT_SIGNATURE ||
1147  (psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) == NULL)
1148  return 0;
1149 
1150  /* count the number of chars used in the section names */
1151  for (i = 0; i < nSections; i++)
1152  nCnt += strlen ((char *)psh[i].Name) + 1;
1153 
1154  /* allocate space for all section names from heap */
1155  ps = *pszSections = (char *) calloc (nCnt, 1);
1156 
1157 
1158  for (i = 0; i < nSections; i++)
1159  {
1160  strcpy (ps, (char *)psh[i].Name);
1161  ps += strlen ((char *)psh[i].Name) + 1;
1162  }
1163 
1164  return nCnt;
1165 }
1166 
1167 
1168 
1169 
1170 /* function gets the function header for a section identified by name */
1171 BOOL WINAPI
1173  LPVOID lpFile,
1175  char *szSection)
1176 {
1177  PIMAGE_SECTION_HEADER psh;
1178  int nSections = NumOfSections (lpFile);
1179  int i;
1180 
1181 
1182  if ((psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) != NULL)
1183  {
1184  /* find the section by name */
1185  for (i = 0; i < nSections; i++)
1186  {
1187  if (!strcmp ((char *)psh->Name, szSection))
1188  {
1189  /* copy data to header */
1190  bcopy ((LPVOID) psh, (LPVOID) sh, sizeof (IMAGE_SECTION_HEADER));
1191  return TRUE;
1192  }
1193  else
1194  psh++;
1195  }
1196  }
1197  return FALSE;
1198 }
1199 
1200 
1201 
1202 //
1203 // This function is modified by sang cho
1204 //
1205 //
1206 /* get import modules names separated by null terminators, return module count */
1207 int WINAPI
1209  LPVOID lpFile,
1210  char **pszModules)
1211 {
1212  PIMAGE_IMPORT_MODULE_DIRECTORY pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)
1214  //
1215  // sometimes there may be no section for idata or edata
1216  // instead rdata or data section may contain these sections ..
1217  // or even module names or function names are in different section.
1218  // so that's why we need to get actual address of RVAs each time.
1219  // ...................sang cho..................
1220  //
1221  // PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1222  // ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1223  // BYTE *pData = (BYTE *)pid;
1224  // DWORD *pdw = (DWORD *)pid;
1225  int nCnt = 0, nSize = 0, i;
1226  char *pModule[1024]; /* hardcoded maximum number of modules?? */
1227  char *psz;
1228 
1229  if (pid == NULL)
1230  return 0;
1231 
1232  // pData = (BYTE *)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1233 
1234  /* extract all import modules */
1235  while (pid->dwRVAModuleName)
1236  {
1237  /* allocate temporary buffer for absolute string offsets */
1238  //pModule[nCnt] = (char *)(pData + pid->dwRVAModuleName);
1239  pModule[nCnt] = (char *) GetActualAddress (lpFile, pid->dwRVAModuleName);
1240  nSize += strlen (pModule[nCnt]) + 1;
1241 
1242  /* increment to the next import directory entry */
1243  pid++;
1244  nCnt++;
1245  }
1246 
1247  /* copy all strings to one chunk of memory */
1248  *pszModules = (char *) calloc (nSize, 1);
1249  psz = *pszModules;
1250  for (i = 0; i < nCnt; i++)
1251  {
1252  strcpy (psz, pModule[i]);
1253  psz += strlen (psz) + 1;
1254  }
1255  return nCnt;
1256 }
1257 
1258 
1259 //
1260 // This function is rewritten by sang cho
1261 //
1262 //
1263 /* get import module function names separated by null terminators, return function count */
1264 int WINAPI
1266  LPVOID lpFile,
1267  char *pszModule,
1268  char **pszFunctions)
1269 {
1270  PIMAGE_IMPORT_MODULE_DIRECTORY pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)
1272  //
1273  // sometimes there may be no section for idata or edata
1274  // instead rdata or data section may contain these sections ..
1275  // or even module names or function names are in different section.
1276  // so that's why we need to get actual address each time.
1277  // ...................sang cho..................
1278  //
1279  //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1280  //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1281  //DWORD dwBase;
1282  int nCnt = 0, nSize = 0;
1283  int nnid = 0;
1284  int mnlength, i;
1285  DWORD dwFunctionName;
1286  DWORD dwFunctionAddress;
1287  char name[128];
1288  char buff[256]; // enough for any string ??
1289 
1290  char *psz;
1291  DWORD *pdw;
1292 
1293  //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1294 
1295  /* find module's pid */
1296  while (pid->dwRVAModuleName &&
1297  strcmp (pszModule, (char *) GetActualAddress (lpFile, pid->dwRVAModuleName)))
1298  pid++;
1299 
1300  /* exit if the module is not found */
1301  if (!pid->dwRVAModuleName)
1302  return 0;
1303 
1304  // I am doing this to get rid of .dll from module name
1305  strcpy (name, pszModule);
1306  mnlength = strlen (pszModule);
1307  for (i = 0; i < mnlength; i++)
1308  if (name[i] == '.')
1309  break;
1310  name[i] = 0;
1311  mnlength = i;
1312 
1313  /* count number of function names and length of strings */
1314  dwFunctionName = pid->dwRVAFunctionNameList;
1315 
1316  // IMAGE_IMPORT_BY_NAME OR IMAGE_THUNK_DATA
1317  // modified by Sang Cho
1318  while (dwFunctionName &&
1319  *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1320  {
1321  if ((*pdw) & 0x80000000)
1322  nSize += mnlength + 10 + 1 + 6;
1323  else
1324  nSize += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1 + 6;
1325  dwFunctionName += 4;
1326  nCnt++;
1327  }
1328 
1329  /* allocate memory for function names */
1330  *pszFunctions = (char *) calloc (nSize, 1);
1331  psz = *pszFunctions;
1332 
1333  //
1334  // I modified this part to store function address (4 bytes),
1335  // ord number (2 bytes),
1336  // and name strings (which was there originally)
1337  // so that's why there are 6 more bytes...... +6, or +4 and +2 etc.
1338  // these informations are used where they are needed.
1339  // ...........sang cho..................
1340  //
1341  /* copy function names to mempry pointer */
1342  dwFunctionName = pid->dwRVAFunctionNameList;
1343  dwFunctionAddress = pid->dwRVAFunctionAddressList;
1344  while (dwFunctionName &&
1345  *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1346  {
1347  if ((*pdw) & 0x80000000)
1348  {
1349  *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1350  psz += 4;
1351  *(short *) psz = *(short *) pdw;
1352  psz += 2;
1353  sprintf (buff, "%s:NoName%04d", name, nnid++);
1354  strcpy (psz, buff);
1355  psz += strlen (buff) + 1;
1356  }
1357  else
1358  {
1359  *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1360  psz += 4;
1361  *(short *) psz = (*(short *) GetActualAddress (lpFile, *pdw));
1362  psz += 2;
1363  strcpy (psz, (char *) GetActualAddress (lpFile, *pdw + 2));
1364  psz += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1;
1365  }
1366  dwFunctionName += 4;
1367  dwFunctionAddress += 4;
1368  }
1369 
1370  return nCnt;
1371 }
1372 
1373 
1374 
1375 
1376 //
1377 // This function is written by sang cho
1378 // October 6, 1997
1379 //
1380 /* get numerically expressed string length */
1381 int WINAPI
1383  char *psz)
1384 {
1385  if (!isdigit (*psz))
1386  return 0;
1387  if (isdigit (*(psz + 1)))
1388  return (*psz - '0') * 10 + *(psz + 1) - '0';
1389  else
1390  return *psz - '0';
1391 }
1392 
1393 
1394 
1395 
1396 //
1397 // This function is written by sang cho
1398 // October 12, 1997
1399 //
1400 
1401 /* translate parameter part of condensed name */
1402 void WINAPI
1404  char *xpin, // read-only source
1405  char *xpout) // translated result
1406  {
1407  int n = 0;
1408  char *pin, *pout;
1409 
1410  pin = xpin;
1411  pout = xpout;
1412 
1413  pin--;
1414  if (*pin == ',')
1415  pin--;
1416  else
1417  {
1418  printf ("\n **error PreviousParamString1 char = %c", *pin);
1419  exit (0);
1420  }
1421 
1422  while (*pin)
1423  {
1424  if (*pin == '>')
1425  n++;
1426  else if (*pin == '<')
1427  n--;
1428  else if (*pin == ')')
1429  n++;
1430 
1431  if (n > 0)
1432  {
1433  if (*pin == '(')
1434  n--;
1435  }
1436  else if (strchr (",(", *pin))
1437  break;
1438  pin--;
1439  }
1440 
1441  //printf("\n ----- %s", pin);
1442  if (strchr (",(", *pin))
1443  {
1444  pin++;
1445  } // printf("\n %s", pin); }
1446 
1447  else
1448  {
1449  printf ("\n **error PreviousParamString2");
1450  exit (0);
1451  }
1452 
1453  n = xpin - pin - 1;
1454  strncpy (pout, pin, n);
1455  *(pout + n) = 0;
1456 }
1457 
1458 
1459 
1460 
1461 //
1462 // This function is written by sang cho
1463 // October 10, 1997
1464 //
1465 
1466 /* translate parameter part of condensed name */
1467 void WINAPI
1469  char **ppin, // read-only source
1470  char **ppout, // translated result
1471  char **pps) // parameter stack
1472  {
1473  int i, n;
1474  char c;
1475  char name[128];
1476  char *pin, *pout, *ps;
1477 
1478  //printf(" %c ", **in);
1479  pin = *ppin;
1480  pout = *ppout;
1481  ps = *pps;
1482  c = *pin;
1483  switch (c)
1484  {
1485  // types processing
1486  case 'b':
1487  strcpy (pout, "byte");
1488  pout += 4;
1489  pin++;
1490  break;
1491  case 'c':
1492  strcpy (pout, "char");
1493  pout += 4;
1494  pin++;
1495  break;
1496  case 'd':
1497  strcpy (pout, "double");
1498  pout += 6;
1499  pin++;
1500  break;
1501  case 'f':
1502  strcpy (pout, "float");
1503  pout += 5;
1504  pin++;
1505  break;
1506  case 'g':
1507  strcpy (pout, "long double");
1508  pout += 11;
1509  pin++;
1510  break;
1511  case 'i':
1512  strcpy (pout, "int");
1513  pout += 3;
1514  pin++;
1515  break;
1516  case 'l':
1517  strcpy (pout, "long");
1518  pout += 4;
1519  pin++;
1520  break;
1521  case 's':
1522  strcpy (pout, "short");
1523  pout += 5;
1524  pin++;
1525  break;
1526  case 'v':
1527  strcpy (pout, "void");
1528  pout += 4;
1529  pin++;
1530  break;
1531  // postfix processing
1532  case 'M':
1533  case 'p':
1534  if (*(pin + 1) == 'p')
1535  {
1536  *ps++ = 'p';
1537  pin += 2;
1538  }
1539  else
1540  {
1541  *ps++ = '*';
1542  pin++;
1543  }
1544  *ppin = pin;
1545  *ppout = pout;
1546  *pps = ps;
1547  return;
1548  case 'q':
1549  *pout++ = '(';
1550  pin++;
1551  *ps++ = 'q';
1552  *ppin = pin;
1553  *ppout = pout;
1554  *pps = ps;
1555  return;
1556  case 'r':
1557  if (*(pin + 1) == 'p')
1558  {
1559  *ps++ = 'r';
1560  pin += 2;
1561  }
1562  else
1563  {
1564  *ps++ = '&';
1565  pin++;
1566  }
1567  *ppin = pin;
1568  *ppout = pout;
1569  *pps = ps;
1570  return;
1571  // repeat processing
1572  case 't':
1573  if (isdigit (*(pin + 1)))
1574  {
1575  n = *(pin + 1) - '0';
1576  pin++;
1577  pin++;
1578  GetPreviousParamString (pout, name);
1579  strcpy (pout, name);
1580  pout += strlen (name);
1581  for (i = 1; i < n; i++)
1582  {
1583  *pout++ = ',';
1584  strcpy (pout, name);
1585  pout += strlen (name);
1586  }
1587  }
1588  else
1589  pin++;
1590  break;
1591  // prefix processing
1592  case 'u':
1593  strcpy (pout, "u");
1594  pout += 1;
1595  pin++;
1596  *ppin = pin;
1597  *ppout = pout;
1598  *pps = ps;
1599  return;
1600  case 'x':
1601  strcpy (pout, "const ");
1602  pout += 6;
1603  pin++;
1604  *ppin = pin;
1605  *ppout = pout;
1606  *pps = ps;
1607  return;
1608  case 'z':
1609  strcpy (pout, "static ");
1610  pout += 7;
1611  pin++;
1612  *ppin = pin;
1613  *ppout = pout;
1614  *pps = ps;
1615  return;
1616  default:
1617  strcpy (pout, "!1!");
1618  pout += 3;
1619  *pout++ = *pin++;
1620  *ppin = pin;
1621  *ppout = pout;
1622  *pps = ps;
1623  return;
1624  }
1625  // need to process postfix finally
1626  c = *(ps - 1);
1627  if (strchr ("tqx", c))
1628  {
1629  if (*(pin) && !strchr ("@$%", *(pin)))
1630  *pout++ = ',';
1631  *ppin = pin;
1632  *ppout = pout;
1633  *pps = ps;
1634  return;
1635  }
1636  switch (c)
1637  {
1638  case 'r':
1639  strcpy (pout, "*&");
1640  pout += 2;
1641  ps--;
1642  break;
1643  case 'p':
1644  strcpy (pout, "**");
1645  pout += 2;
1646  ps--;
1647  break;
1648  case '&':
1649  strcpy (pout, "&");
1650  pout += 1;
1651  ps--;
1652  break;
1653  case '*':
1654  strcpy (pout, "*");
1655  pout += 1;
1656  ps--;
1657  break;
1658  default:
1659  strcpy (pout, "!2!");
1660  pout += 3;
1661  ps--;
1662  break;
1663  }
1664  if (*(pin) && !strchr ("@$%", *(pin)))
1665  *pout++ = ',';
1666  *ppin = pin;
1667  *ppout = pout;
1668  *pps = ps;
1669 }
1670 
1671 
1672 //
1673 // This function is written by sang cho
1674 // October 11, 1997
1675 //
1676 
1677 /* translate parameter part of condensed name */
1678 BOOL WINAPI
1680  char **ppin, // read-only source
1681  char **ppout, // translated result
1682  char **pps, // parameter stack
1683  Str_P * pcstr) // currently stored string
1684  {
1685 // int n;
1686  // char c;
1687  char *pin, *pout, *ps;
1688  Str_P c_str;
1689  BOOL stringMode = TRUE;
1690 
1691  pin = *ppin;
1692  pout = *ppout;
1693  ps = *pps;
1694  c_str = *pcstr;
1695 
1696  if (strncmp (pin, "bctr", 4) == 0)
1697  {
1698  strncpy (pout, c_str.pos, c_str.length);
1699  pout += c_str.length;
1700  pin += 4;
1701  }
1702  else if (strncmp (pin, "bdtr", 4) == 0)
1703  {
1704  *pout++ = '~';
1705  strncpy (pout, c_str.pos, c_str.length);
1706  pout += c_str.length;
1707  pin += 4;
1708  }
1709  else if (*pin == 'o')
1710  {
1711  strcpy (pout, "const ");
1712  pout += 6;
1713  pin++;
1714  stringMode = FALSE;
1715  }
1716  else if (*pin == 'q')
1717  {
1718  *pout++ = '(';
1719  pin++;
1720  *ps++ = 'q';
1721  stringMode = FALSE;
1722  }
1723  else if (*pin == 't')
1724  {
1725  //if (*(ps-1) == 't') { *pout++ = ','; pin++; } // this also got me...
1726  //else october 12 .. sang
1727  {
1728  *pout++ = '<';
1729  pin++;
1730  *ps++ = 't';
1731  }
1732  stringMode = FALSE;
1733  }
1734  else if (strncmp (pin, "xq", 2) == 0)
1735  {
1736  *pout++ = '(';
1737  pin += 2;
1738  *ps++ = 'x';
1739  *ps++ = 'q';
1740  stringMode = FALSE;
1741  }
1742  else if (strncmp (pin, "bcall", 5) == 0)
1743  {
1744  strcpy (pout, "operator ()");
1745  pout += 11;
1746  pin += 5;
1747  }
1748  else if (strncmp (pin, "bsubs", 5) == 0)
1749  {
1750  strcpy (pout, "operator []");
1751  pout += 11;
1752  pin += 5;
1753  }
1754  else if (strncmp (pin, "bnwa", 4) == 0)
1755  {
1756  strcpy (pout, "operator new[]");
1757  pout += 14;
1758  pin += 4;
1759  }
1760  else if (strncmp (pin, "bdla", 4) == 0)
1761  {
1762  strcpy (pout, "operator delete[]");
1763  pout += 17;
1764  pin += 4;
1765  }
1766  else if (strncmp (pin, "bnew", 4) == 0)
1767  {
1768  strcpy (pout, "operator new");
1769  pout += 12;
1770  pin += 4;
1771  }
1772  else if (strncmp (pin, "bdele", 5) == 0)
1773  {
1774  strcpy (pout, "operator delete");
1775  pout += 15;
1776  pin += 5;
1777  }
1778  else if (strncmp (pin, "blsh", 4) == 0)
1779  {
1780  strcpy (pout, "operator <<");
1781  pout += 11;
1782  pin += 4;
1783  }
1784  else if (strncmp (pin, "brsh", 4) == 0)
1785  {
1786  strcpy (pout, "operator >>");
1787  pout += 11;
1788  pin += 4;
1789  }
1790  else if (strncmp (pin, "binc", 4) == 0)
1791  {
1792  strcpy (pout, "operator ++");
1793  pout += 11;
1794  pin += 4;
1795  }
1796  else if (strncmp (pin, "bdec", 4) == 0)
1797  {
1798  strcpy (pout, "operator --");
1799  pout += 11;
1800  pin += 4;
1801  }
1802  else if (strncmp (pin, "badd", 4) == 0)
1803  {
1804  strcpy (pout, "operator +");
1805  pout += 10;
1806  pin += 4;
1807  }
1808  else if (strncmp (pin, "brplu", 5) == 0)
1809  {
1810  strcpy (pout, "operator +=");
1811  pout += 11;
1812  pin += 5;
1813  }
1814  else if (strncmp (pin, "bdiv", 4) == 0)
1815  {
1816  strcpy (pout, "operator /");
1817  pout += 10;
1818  pin += 4;
1819  }
1820  else if (strncmp (pin, "brdiv", 5) == 0)
1821  {
1822  strcpy (pout, "operator /=");
1823  pout += 11;
1824  pin += 5;
1825  }
1826  else if (strncmp (pin, "bmul", 4) == 0)
1827  {
1828  strcpy (pout, "operator *");
1829  pout += 10;
1830  pin += 4;
1831  }
1832  else if (strncmp (pin, "brmul", 5) == 0)
1833  {
1834  strcpy (pout, "operator *=");
1835  pout += 11;
1836  pin += 5;
1837  }
1838  else if (strncmp (pin, "basg", 4) == 0)
1839  {
1840  strcpy (pout, "operator =");
1841  pout += 10;
1842  pin += 4;
1843  }
1844  else if (strncmp (pin, "beql", 4) == 0)
1845  {
1846  strcpy (pout, "operator ==");
1847  pout += 11;
1848  pin += 4;
1849  }
1850  else if (strncmp (pin, "bneq", 4) == 0)
1851  {
1852  strcpy (pout, "operator !=");
1853  pout += 11;
1854  pin += 4;
1855  }
1856  else if (strncmp (pin, "bor", 3) == 0)
1857  {
1858  strcpy (pout, "operator |");
1859  pout += 10;
1860  pin += 3;
1861  }
1862  else if (strncmp (pin, "bror", 4) == 0)
1863  {
1864  strcpy (pout, "operator |=");
1865  pout += 11;
1866  pin += 4;
1867  }
1868  else if (strncmp (pin, "bcmp", 4) == 0)
1869  {
1870  strcpy (pout, "operator ~");
1871  pout += 10;
1872  pin += 4;
1873  }
1874  else if (strncmp (pin, "bnot", 4) == 0)
1875  {
1876  strcpy (pout, "operator !");
1877  pout += 10;
1878  pin += 4;
1879  }
1880  else if (strncmp (pin, "band", 4) == 0)
1881  {
1882  strcpy (pout, "operator &");
1883  pout += 10;
1884  pin += 4;
1885  }
1886  else if (strncmp (pin, "brand", 5) == 0)
1887  {
1888  strcpy (pout, "operator &=");
1889  pout += 11;
1890  pin += 5;
1891  }
1892  else if (strncmp (pin, "bxor", 4) == 0)
1893  {
1894  strcpy (pout, "operator ^");
1895  pout += 10;
1896  pin += 4;
1897  }
1898  else if (strncmp (pin, "brxor", 5) == 0)
1899  {
1900  strcpy (pout, "operator ^=");
1901  pout += 11;
1902  pin += 5;
1903  }
1904  else
1905  {
1906  strcpy (pout, "!$$$!");
1907  pout += 5;
1908  }
1909  *ppin = pin;
1910  *ppout = pout;
1911  *pps = ps;
1912  return stringMode;
1913 } // end of '$' processing
1914 
1915 
1916 
1917 //----------------------------------------------------------------------
1918 // structure to store string tokens
1919 //----------------------------------------------------------------------
1920 //typedef struct _Str_P {
1921 // char flag; // string_flag '@' or '%' or '#'
1922 // char *pos; // starting postion of string
1923 // int length; // length of string
1924 // BOOL wasString; // if it were stringMode or not
1925 //} Str_P;
1926 //----------------------------------------------------------------------
1927 //
1928 // I think I knocked it down finally. But who knows?
1929 // october 12, 1997 ... sang
1930 //
1931 // well I have to rewrite whole part of TranslateFunctionName..
1932 // this time I am a little bit more experienced than 5 days ago.
1933 // or am i??? anyway i use stacks instead of recurcive calls
1934 // and i hope this will take care of every symptoms i have experienced..
1935 // october 10, 1997 .... sang
1936 // It took a lot of time for me to figure out what is all about....
1937 // but still some prefixes like z (static)
1938 // -- or some types like b (byte) ,g (long double) ,s (short) --
1939 // -- or postfix like M ( * )
1940 // -- or $or ( & ) which is pretty wierd. .. added.. october 12
1941 // -- also $t business is quite tricky too. (templates)
1942 // there may be a lot of things undiscovered yet....
1943 // I am not so sure my interpretation is correct or not
1944 // If I am wrong please let me know.
1945 // october 8, 1997 .... sang
1946 //
1947 //
1948 // This function is written by sang cho
1949 // October 5, 1997
1950 //
1951 /* translate condesed import function name */
1952 char * WINAPI
1954  char *psz)
1955 {
1956 
1957 
1958  int i, /*j,*/ n;
1959  char c = 0;
1960  char cc;
1961 
1962  static char buff[512]; // result of translation
1963 
1964  int is = 0;
1965  char pStack[32]; // parameter processing stack
1966 
1967  Str_P sStack[32]; // String processing stack
1968 
1969  Str_P tok; // String token
1970 
1971  Str_P c_str; // current string
1972 
1973  int iend = 0;
1974  char *endTab[8]; // end of string position check
1975 
1976  char *ps;
1977  char *pin, *pout;
1978  BOOL stringMode = TRUE;
1979 
1980  if (*psz != '@')
1981  return psz;
1982  pin = psz;
1983  pout = buff;
1984  ps = pStack;
1985 
1986  //................................................................
1987  // serious users may need to run the following code.
1988  // so I may need to include some flag options...
1989  // If you want to know about how translation is done,
1990  // you can just revive following line and you can see it.
1991  // october 6, 1997 ... sang cho
1992  //printf ("\n................................... %s", psz); // for debugging...
1993 
1994  //pa = pb = pout;
1995  pin++;
1996  tok.flag = 'A';
1997  tok.pos = pout;
1998  tok.length = 0;
1999  tok.wasString = stringMode;
2000  sStack[is++] = tok; // initialize sStack with dummy marker
2001 
2002  while (*pin)
2003  {
2004  while (*pin)
2005  {
2006  c = *pin;
2007 
2008  //---------------------------------------------
2009  // check for the end of number specified string
2010  //---------------------------------------------
2011 
2012  if (iend > 0)
2013  {
2014  for (i = 0; i < iend; i++)
2015  if (pin == endTab[i])
2016  break;
2017  if (i < iend)
2018  {
2019  // move the end of endTab to ith position
2020  endTab[i] = endTab[iend - 1];
2021  iend--;
2022 
2023  // get top of the string stack
2024  tok = sStack[is - 1];
2025 
2026  // I am expecting '#' token from stack
2027  if (tok.flag != '#')
2028 
2029  {
2030  printf ("\n**some serious error1** %c is = %d char = %c",
2031  tok.flag, is, *pin);
2032  exit (0);
2033  }
2034 
2035  // pop '#' token I am happy now.
2036  else
2037  { //if (c)
2038  //printf("\n pop # token ... current char = %c", c);
2039  //else printf("\n pop percent token..next char = NULL");
2040 
2041  is--;
2042  }
2043 
2044  stringMode = tok.wasString;
2045 
2046  if (!stringMode)
2047  {
2048  // need to process postfix finally
2049  cc = *(ps - 1);
2050  if (strchr ("qtx", cc))
2051  {
2052  if (!strchr ("@$%", c))
2053  *pout++ = ',';
2054  }
2055  else
2056  {
2057  switch (cc)
2058  {
2059  case 'r':
2060  strcpy (pout, "*&");
2061  pout += 2;
2062  ps--;
2063  break;
2064  case 'p':
2065  strcpy (pout, "**");
2066  pout += 2;
2067  ps--;
2068  break;
2069  case '&':
2070  strcpy (pout, "&");
2071  pout += 1;
2072  ps--;
2073  break;
2074  case '*':
2075  strcpy (pout, "*");
2076  pout += 1;
2077  ps--;
2078  break;
2079  default:
2080  strcpy (pout, "!3!");
2081  pout += 3;
2082  ps--;
2083  break;
2084  }
2085  if (!strchr ("@$%", c))
2086  *pout++ = ',';
2087  }
2088  }
2089  // string mode restored...
2090  else;
2091  }
2092  else; // do nothing..
2093 
2094  }
2095 
2096  //------------------------------------------------
2097  // special control symbol processing:
2098  //------------------------------------------------
2099 
2100  if (strchr ("@$%", c))
2101  break;
2102 
2103  //---------------------------------------------------------------
2104  // string part processing : no '$' met yet
2105  // or inside of '%' block
2106  // or inside of '#' block (numbered string)
2107  //---------------------------------------------------------------
2108 
2109  else if (stringMode)
2110  *pout++ = *pin++;
2111  //else if (is > 1) *pout++ = *pin++;
2112 
2113  //------------------------------------------------
2114  // parameter part processing: '$' met
2115  //------------------------------------------------
2116 
2117  else // parameter processing
2118 
2119  {
2120  if (!isdigit (c))
2121  TranslateParameters (&pin, &pout, &ps);
2122  else // number specified string processing
2123 
2124  {
2125  n = GetStringLength (pin);
2126  if (n < 10)
2127  pin++;
2128  else
2129  pin += 2;
2130 
2131  // push '#' token
2132  //if (*pin)
2133  //printf("\n push # token .. char = %c", *pin);
2134  //else printf("\n push percent token..next char = NULL");
2135  tok.flag = '#';
2136  tok.pos = pout;
2137  tok.length = 0;
2138  tok.wasString = stringMode;
2139  sStack[is++] = tok;
2140 
2141  // mark end of input string
2142  endTab[iend++] = pin + n;
2143  stringMode = TRUE;
2144  }
2145  }
2146  } // end of inner while loop
2147  //
2148  // beginning of new string or end of string ( quotation mark )
2149  //
2150 
2151  if (c == '%')
2152  {
2153  pin++; // anyway we have to proceed...
2154 
2155  tok = sStack[is - 1]; // get top of the sStack
2156 
2157  if (tok.flag == '%')
2158  {
2159  // pop '%' token and set c_str
2160  //if (*pin)
2161  //printf("\n pop percent token..next char = %c", *pin);
2162  //else printf("\n pop percent token..next char = NULL");
2163  is--;
2164  c_str = tok;
2165  c_str.length = pout - c_str.pos;
2166  if (*(ps - 1) == 't')
2167  {
2168  *pout++ = '>';
2169  ps--;
2170  stringMode = tok.wasString;
2171  }
2172  else
2173  {
2174  printf ("\n**some string error3** stack = %c", *(ps - 1));
2175  exit (0);
2176  }
2177  }
2178  else if (tok.flag == 'A' || tok.flag == '#')
2179  {
2180  // push '%' token
2181  //if (*pin)
2182  //printf("\n push percent token..next char = %c", *pin);
2183  //else printf("\n push percent token..next char = NULL");
2184  tok.flag = '%';
2185  tok.pos = pout;
2186  tok.length = 0;
2187  tok.wasString = stringMode;
2188  sStack[is++] = tok;
2189  }
2190  else
2191  {
2192  printf ("\n**some string error5**");
2193  exit (0);
2194  }
2195  }
2196  //
2197  // sometimes we need string to use as constructor name or destructor name
2198  //
2199  else if (c == '@') // get string from previous marker upto here.
2200 
2201  {
2202  pin++;
2203  tok = sStack[is - 1];
2204  c_str.flag = 'S';
2205  c_str.pos = tok.pos;
2206  c_str.length = pout - tok.pos;
2207  c_str.wasString = stringMode;
2208  *pout++ = ':';
2209  *pout++ = ':';
2210  }
2211  //
2212  // we need to take care of parameter control sequence
2213  //
2214  else if (c == '$') // need to precess template or parameter part
2215 
2216  {
2217  pin++;
2218  if (stringMode)
2219  stringMode = StringExpands (&pin, &pout, &ps, &c_str);
2220  else
2221  { // template parameter mode I guess "$t"
2222 
2223  if (is > 1)
2224  {
2225  if (*pin == 't')
2226  pin++;
2227  else
2228  {
2229  printf ("\nMYGOODNESS1 %c", *pin);
2230  exit (0);
2231  }
2232  //ps--;
2233  //if (*ps == 't') *pout++ = '>';
2234  //else { printf("\nMYGOODNESS2"); exit(0);}
2235  *pout++ = ','; //pin++; ..this almost blowed me....
2236 
2237  }
2238  // real parameter mode I guess
2239  // unexpected case is found ... humm what can I do...
2240  else
2241  {
2242  // this is newly found twist.. it really hurts.
2243  if (ps <= pStack)
2244  {
2245  if (*pin == 'q')
2246  {
2247  *ps++ = 'q';
2248  *pout++ = '(';
2249  pin++;
2250  }
2251  else
2252  {
2253  printf ("\n** I GIVEUP ***");
2254  exit (0);
2255  }
2256  continue;
2257  }
2258  ps--;
2259  while (*ps != 'q')
2260  {
2261  if (*ps == '*')
2262  *pout++ = '*';
2263  else if (*ps == '&')
2264  *pout++ = '&';
2265  else if (*ps == 'p')
2266  {
2267  *pout++ = '*';
2268  *pout++ = '*';
2269  }
2270  else if (*ps == 'r')
2271  {
2272  *pout++ = '*';
2273  *pout++ = '&';
2274  }
2275  else
2276  {
2277  printf ("\n*** SOMETHING IS WRONG1*** char= %c", *pin);
2278  exit (0);
2279  }
2280  ps--;
2281  }
2282  *pout++ = ')';
2283  ps--;
2284  while (*ps != 'q')
2285  {
2286  if (*ps == '*')
2287  *pout++ = '*';
2288  else if (*ps == '&')
2289  *pout++ = '&';
2290  else if (*ps == 'p')
2291  {
2292  *pout++ = '*';
2293  *pout++ = '*';
2294  }
2295  else if (*ps == 'r')
2296  {
2297  *pout++ = '*';
2298  *pout++ = '&';
2299  }
2300  else
2301  {
2302  printf ("\n*** SOMETHING IS WRONG2***");
2303  exit (0);
2304  }
2305  ps--;
2306  }
2307  ps++;
2308  *pout++ = ',';
2309  }
2310  }
2311  } // end of '$' processing
2312 
2313  } // end of outer while loop
2314  //
2315  // need to process remaining parameter stack
2316  //
2317 
2318  while (ps > pStack)
2319  {
2320  ps--;
2321  switch (*ps)
2322  {
2323  case 't':
2324  *pout++ = '>';
2325  break;
2326  case 'q':
2327  *pout++ = ')';
2328  break;
2329  case 'x':
2330  strcpy (pout, " const");
2331  pout += 6;
2332  break;
2333  case 'r':
2334  strcpy (pout, "*&");
2335  pout += 2;
2336  break;
2337  case 'p':
2338  strcpy (pout, "**");
2339  pout += 2;
2340  break;
2341  case '&':
2342  *pout++ = '&';
2343  break;
2344  case '*':
2345  *pout++ = '*';
2346  break;
2347  default:
2348  strcpy (pout, "!4!");
2349  pout += 3;
2350  *pout++ = *ps;
2351  }
2352  }
2353  *pout = 0;
2354  return buff;
2355 }
2356 
2357 
2358 
2359 //
2360 // This function is written by sang cho
2361 //
2362 //
2363 /* get exported function names separated by null terminators, return count of functions */
2364 int WINAPI
2366  LPVOID lpFile,
2367  char **pszFunctions)
2368 {
2369  //PIMAGE_SECTION_HEADER psh;
2370  PIMAGE_EXPORT_DIRECTORY ped;
2371  //DWORD dwBase;
2372  DWORD imageBase; //===========================
2373 
2374  char *pfns[8192] =
2375  {NULL,}; // maximum number of functions
2376  //=============================
2377 
2378  char buff[256]; // enough for any string ??
2379 
2380  char *psz = NULL; //===============================
2381 
2382  DWORD *pdwAddress;
2383  DWORD *pdw1;
2384  DWORD *pdwNames;
2385  WORD *pwOrd;
2386  int i, nCnt = 0, ntmp = 0;
2387  int enid = 0, ordBase = 1; // usally ordBase is 1....
2388 
2389  int enames = 0;
2390 
2391  /* get section header and pointer to data directory for .edata section */
2392  ped = (PIMAGE_EXPORT_DIRECTORY)
2394 
2395  if (ped == NULL)
2396  return 0;
2397 
2398  //
2399  // sometimes there may be no section for idata or edata
2400  // instead rdata or data section may contain these sections ..
2401  // or even module names or function names are in different section.
2402  // so that's why we need to get actual address each time.
2403  // ...................sang cho..................
2404  //
2405  //psh = (PIMAGE_SECTION_HEADER)
2406  //ImageDirectorySection(lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
2407 
2408  //if (psh == NULL) return 0;
2409 
2410  //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2411 
2412 
2413  /* determine the offset of the export function names */
2414 
2415  pdwAddress = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfFunctions);
2416 
2417  imageBase = (DWORD) GetImageBase (lpFile);
2418 
2419  ordBase = ped->Base;
2420 
2421  if (ped->NumberOfNames > 0)
2422  {
2423  pdwNames = (DWORD *)
2424  GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2425  pwOrd = (WORD *)
2426  GetActualAddress (lpFile, (DWORD) ped->AddressOfNameOrdinals);
2427  pdw1 = pdwAddress;
2428 
2429  /* figure out how much memory to allocate for all strings */
2430  for (i = 0; i < (int) ped->NumberOfNames; i++)
2431  {
2432  nCnt += strlen ((char *)
2433  GetActualAddress (lpFile, *(DWORD *) pdwNames)) + 1 + 6;
2434  pdwNames++;
2435  }
2436  // get the number of unnamed functions
2437  for (i = 0; i < (int) ped->NumberOfFunctions; i++)
2438  if (*pdw1++)
2439  ntmp++;
2440  // add memory required to show unnamed functions.
2441  if (ntmp > (int) ped->NumberOfNames)
2442  nCnt += 18 * (ntmp - (int) ped->NumberOfNames);
2443 
2444  /* allocate memory for function names */
2445 
2446  *pszFunctions = (char *) calloc (nCnt, 1);
2447  pdwNames = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2448 
2449  /* copy string pointer to buffer */
2450 
2451  for (i = 0; i < (int) ped->NumberOfNames; i++)
2452  {
2453  pfns[(int) (*pwOrd) + ordBase] =
2454  (char *) GetActualAddress (lpFile, *(DWORD *) pdwNames);
2455  pdwNames++;
2456  pwOrd++;
2457  }
2458 
2459  psz = *pszFunctions;
2460  }
2461 
2462  for (i = ordBase; i < (int) ped->NumberOfFunctions + ordBase; i++)
2463  {
2464  if (*pdwAddress > 0)
2465  {
2466  *(DWORD *) psz = imageBase + *pdwAddress;
2467  psz += 4;
2468  *(WORD *) psz = (WORD) (i);
2469  psz += 2;
2470  if (pfns[i])
2471  {
2472  strcpy (psz, pfns[i]);
2473  psz += strlen (psz) + 1;
2474  }
2475  else
2476  {
2477  sprintf (buff, "ExpFn%04d()", enid++);
2478  strcpy (psz, buff);
2479  psz += 12;
2480  }
2481  enames++;
2482  }
2483  pdwAddress++;
2484  }
2485 
2486  return enames;
2487 
2488 }
2489 
2490 
2491 /* determine the total number of resources in the section */
2492 int WINAPI
2494  LPVOID lpFile)
2495 {
2496  PIMAGE_RESOURCE_DIRECTORY prdRoot, prdType;
2497  PIMAGE_RESOURCE_DIRECTORY_ENTRY prde;
2498  int nCnt = 0, i;
2499 
2500 
2501  /* get root directory of resource tree */
2502  if ((prdRoot = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2503  (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2504  return 0;
2505 
2506  /* set pointer to first resource type entry */
2507  prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2508 
2509  /* loop through all resource directory entry types */
2510  for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2511  {
2512  /* locate directory or each resource type */
2513  prdType = (PIMAGE_RESOURCE_DIRECTORY) ((int) prdRoot + (int) prde->OffsetToData);
2514 
2515  /* mask off most significant bit of the data offset */
2516  prdType = (PIMAGE_RESOURCE_DIRECTORY) ((DWORD) prdType ^ 0x80000000);
2517 
2518  /* increment count of name'd and ID'd resources in directory */
2519  nCnt += prdType->NumberOfNamedEntries + prdType->NumberOfIdEntries;
2520 
2521  /* increment to next entry */
2522  prde++;
2523  }
2524 
2525  return nCnt;
2526 }
2527 
2528 
2529 
2530 //
2531 // This function is rewritten by sang cho
2532 //
2533 //
2534 /* name each type of resource in the section */
2535 int WINAPI
2537  LPVOID lpFile,
2538  char **pszResTypes)
2539 {
2540  PIMAGE_RESOURCE_DIRECTORY prdRoot;
2541  PIMAGE_RESOURCE_DIRECTORY_ENTRY prde;
2542  char *pMem;
2543  char buff[32];
2544  int nCnt, i;
2545  DWORD prdeName;
2546 
2547 
2548  /* get root directory of resource tree */
2549  if ((prdRoot = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2550  (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2551  return 0;
2552 
2553  /* allocate enuff space to cover all types */
2554  nCnt = prdRoot->NumberOfIdEntries * (MAXRESOURCENAME + 1);
2555  *pszResTypes = (char *) calloc (nCnt, 1);
2556  if ((pMem = *pszResTypes) == NULL)
2557  return 0;
2558 
2559  /* set pointer to first resource type entry */
2560  prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2561 
2562  /* loop through all resource directory entry types */
2563  for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2564  {
2565  prdeName = prde->Name;
2566 
2567  //if (LoadString (hDll, prde->Name, pMem, MAXRESOURCENAME))
2568  // pMem += strlen (pMem) + 1;
2569  //
2570  // modified by ...................................Sang Cho..
2571  // I can't user M/S provied funcitons here so I have to figure out
2572  // how to do above functions. But I can settle down with the following
2573  // code, which works pretty good for me.
2574  //
2575  if (prdeName == 1)
2576  {
2577  strcpy (pMem, "RT_CURSOR");
2578  pMem += 10;
2579  }
2580  else if (prdeName == 2)
2581  {
2582  strcpy (pMem, "RT_BITMAP");
2583  pMem += 10;
2584  }
2585  else if (prdeName == 3)
2586  {
2587  strcpy (pMem, "RT_ICON ");
2588  pMem += 10;
2589  }
2590  else if (prdeName == 4)
2591  {
2592  strcpy (pMem, "RT_MENU ");
2593  pMem += 10;
2594  }
2595  else if (prdeName == 5)
2596  {
2597  strcpy (pMem, "RT_DIALOG");
2598  pMem += 10;
2599  }
2600  else if (prdeName == 6)
2601  {
2602  strcpy (pMem, "RT_STRING");
2603  pMem += 10;
2604  }
2605  else if (prdeName == 7)
2606  {
2607  strcpy (pMem, "RT_FONTDIR");
2608  pMem += 11;
2609  }
2610  else if (prdeName == 8)
2611  {
2612  strcpy (pMem, "RT_FONT ");
2613  pMem += 10;
2614  }
2615  else if (prdeName == 9)
2616  {
2617  strcpy (pMem, "RT_ACCELERATORS");
2618  pMem += 16;
2619  }
2620  else if (prdeName == 10)
2621  {
2622  strcpy (pMem, "RT_RCDATA");
2623  pMem += 10;
2624  }
2625  else if (prdeName == 11)
2626  {
2627  strcpy (pMem, "RT_MESSAGETABLE");
2628  pMem += 16;
2629  }
2630  else if (prdeName == 12)
2631  {
2632  strcpy (pMem, "RT_GROUP_CURSOR");
2633  pMem += 16;
2634  }
2635  else if (prdeName == 14)
2636  {
2637  strcpy (pMem, "RT_GROUP_ICON ");
2638  pMem += 16;
2639  }
2640  else if (prdeName == 16)
2641  {
2642  strcpy (pMem, "RT_VERSION");
2643  pMem += 11;
2644  }
2645  else if (prdeName == 17)
2646  {
2647  strcpy (pMem, "RT_DLGINCLUDE ");
2648  pMem += 16;
2649  }
2650  else if (prdeName == 19)
2651  {
2652  strcpy (pMem, "RT_PLUGPLAY ");
2653  pMem += 16;
2654  }
2655  else if (prdeName == 20)
2656  {
2657  strcpy (pMem, "RT_VXD ");
2658  pMem += 10;
2659  }
2660  else if (prdeName == 21)
2661  {
2662  strcpy (pMem, "RT_ANICURSOR ");
2663  pMem += 16;
2664  }
2665  else if (prdeName == 22)
2666  {
2667  strcpy (pMem, "RT_ANIICON");
2668  pMem += 11;
2669  }
2670  else if (prdeName == 0x2002)
2671  {
2672  strcpy (pMem, "RT_NEWBITMAP");
2673  pMem += 13;
2674  }
2675  else if (prdeName == 0x2004)
2676  {
2677  strcpy (pMem, "RT_NEWMENU");
2678  pMem += 11;
2679  }
2680  else if (prdeName == 0x2005)
2681  {
2682  strcpy (pMem, "RT_NEWDIALOG");
2683  pMem += 13;
2684  }
2685  else if (prdeName == 0x7fff)
2686  {
2687  strcpy (pMem, "RT_ERROR ");
2688  pMem += 10;
2689  }
2690  else
2691  {
2692  sprintf (buff, "RT_UNKNOWN:%08lX", prdeName);
2693  strcpy (pMem, buff);
2694  pMem += 20;
2695  }
2696  prde++;
2697  }
2698 
2699  return prdRoot->NumberOfIdEntries;
2700 }
2701 
2702 
2703 
2704 //
2705 // This function is written by sang cho
2706 // October 12, 1997
2707 //
2708 /* copy menu information */
2709 void WINAPI
2711  char **psz, // results
2712  WORD ** pMenu, // read-only
2713  int size)
2714 {
2715  WORD *pwd;
2716  WORD *ptr, *pmax;
2717 
2718  pwd = *pMenu;
2719  pmax = (WORD *) ((DWORD) pwd + size);
2720  ptr = (WORD *) (*psz);
2721 
2722  while (pwd < pmax)
2723  {
2724  *ptr++ = *pwd++;
2725  }
2726  *psz = (char *) ptr;
2727  *pMenu = pwd;
2728 }
2729 
2730 
2731 
2732 //
2733 // This function is written by sang cho
2734 // October 1, 1997
2735 //
2736 /* obtain menu information */
2737 int WINAPI
2739  int *len,
2740  WORD ** pMenu)
2741 {
2742  //int num = 0;
2743  //int ndetails;
2744  WORD *pwd;
2745  WORD flag, flag1;
2746  WORD id, ispopup;
2747 
2748 
2749  pwd = *pMenu;
2750 
2751  flag = *pwd; // so difficult to correctly code this so let's try this
2752 
2753  pwd++;
2754  (*len) += 2; // flag store
2755 
2756  if ((flag & 0x0010) == 0)
2757  {
2758  ispopup = flag;
2759  id = *pwd;
2760  pwd++;
2761  (*len) += 2; // id store
2762 
2763  }
2764  else
2765  {
2766  ispopup = flag;
2767  }
2768 
2769  while (*pwd)
2770  {
2771  (*len)++;
2772  pwd++;
2773  }
2774  (*len)++; // name and null character
2775 
2776  pwd++; // skip double null
2777 
2778  if ((flag & 0x0010) == 0) // normal node: done
2779 
2780  {
2781  *pMenu = pwd;
2782  return (int) flag;
2783  }
2784  // popup node: need to go on...
2785  while (1)
2786  {
2787  *pMenu = pwd;
2788  flag1 = (WORD) MenuScan (len, pMenu);
2789  pwd = *pMenu;
2790  if (flag1 & 0x0080)
2791  break;
2792  }
2793 // fill # of details to num above
2794  //(*len) += 2;
2795  *pMenu = pwd;
2796  return flag;
2797 }
2798 
2799 
2800 //
2801 // This function is written by sang cho
2802 // October 2, 1997
2803 //
2804 /* copy menu information */
2805 int WINAPI
2807  char **psz,
2808  WORD ** pMenu)
2809 {
2810  //int num = 0;
2811  //int ndetails;
2812  char *ptr/*, *pTemp*/;
2813  WORD *pwd;
2814  WORD flag, flag1;
2815  WORD id/*, ispopup*/;
2816 
2817  ptr = *psz;
2818  pwd = *pMenu;
2819  //flag = (*(PIMAGE_POPUP_MENU_ITEM *)pwd)->fItemFlags;
2820  flag = *pwd; // so difficult to correctly code this so let's try this
2821 
2822  pwd++;
2823  if ((flag & 0x0010) == 0)
2824  {
2825  *(WORD *) ptr = flag; // flag store
2826 
2827  ptr += 2;
2828  *(WORD *) ptr = id = *pwd; // id store
2829 
2830  ptr += 2;
2831  pwd++;
2832  }
2833  else
2834  {
2835  *(WORD *) ptr = flag; // flag store
2836 
2837  ptr += 2;
2838  }
2839 
2840  while (*pwd) // name extract
2841 
2842  {
2843  *ptr = *(char *) pwd;
2844  ptr++;
2845  pwd++;
2846  } //name and null character
2847 
2848  *ptr = 0;
2849  ptr++;
2850  pwd++; // skip double null
2851 
2852  if ((flag & 0x0010) == 0) // normal node: done
2853 
2854  {
2855  *pMenu = pwd;
2856  *psz = ptr;
2857  return (int) flag;
2858  }
2859  //pTemp = ptr;
2860  //ptr += 2;
2861  // popup node: need to go on...
2862  while (1)
2863  {
2864  //num++;
2865  *pMenu = pwd;
2866  *psz = ptr;
2867  flag1 = (WORD) MenuFill (psz, pMenu);
2868  pwd = *pMenu;
2869  ptr = *psz;
2870  if (flag1 & 0x0080)
2871  break;
2872  }
2873 // fill # of details to num above
2874  //*(WORD *)pTemp = (WORD)num;
2875  *pMenu = pwd;
2876  *psz = ptr;
2877  return flag;
2878 }
2879 
2880 
2881 //
2882 //==============================================================================
2883 // The following program is based on preorder-tree-traversal.
2884 // once you understand how to traverse.....
2885 // the rest is pretty straight forward.
2886 // still we need to scan it first and fill it next time.
2887 // and finally we can print it.
2888 //
2889 // This function is written by sang cho
2890 // September 29, 1997
2891 // revised october 2, 1997
2892 // revised october 12, 1997
2893 // ..............................................................................
2894 // ------------------------------------------------------------------------------
2895 // I use same structure - which is used in P.E. programs - for my reporting.
2896 // So, my structure is as follows:
2897 // # of menu name is stored else where ( in directory I suppose )
2898 // supermenuname null terminated string, only ascii is considered.
2899 // flag tells : node is a leaf or a internal node.
2900 // popupname null terminated string
2901 //
2902 // flag normal menu flag (leaf node)
2903 // id normal menu id
2904 // name normal menu name
2905 // or or
2906 // flag popup menu flag (internal node)
2907 // popupname popup menu name
2908 //
2909 // flag it may folows
2910 // id normal menu id
2911 // name normal menu name
2912 // or or
2913 // flag popup menu
2914 // popupname popup menu name
2915 // .........
2916 // it goes on like this,
2917 // but usually, it only goes a few steps,...
2918 // ------------------------------------------------------------------------------
2919 /* scan menu and copy menu */
2920 int WINAPI
2922  LPVOID lpFile,
2923  char **pszResTypes)
2924 {
2925  PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
2926  PIMAGE_RESOURCE_DIRECTORY_ENTRY prde, prde1;
2927  PIMAGE_RESOURCE_DIR_STRING_U pMenuName;
2928  PIMAGE_RESOURCE_DATA_ENTRY prData;
2929  //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
2930  //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE);
2931  PIMAGE_MENU_HEADER pMenuHeader;
2932  //PIMAGE_POPUP_MENU_ITEM pPopup;
2933  WORD* pPopup;
2934  //PIMAGE_NORMAL_MENU_ITEM pNormal;
2935  char buff[32];
2936  int /*nCnt = 0,*/ i, j;
2937  //int num = 0;
2938  int size;
2939  int sLength, nMenus;
2940  WORD flag;
2941  WORD *pwd;
2942  //DWORD prdeName;
2943  //DWORD dwBase; obsolete
2944  char *pMem/*, *pTemp*/;
2945  //BOOL isStrange = FALSE;
2946 
2947 
2948  /* get root directory of resource tree */
2949  if ((prdType = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
2950  (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
2951  return 0;
2952 
2953  /* set pointer to first resource type entry */
2955  ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
2956 
2957  for (i = 0; i < prdType->NumberOfIdEntries; i++)
2958  {
2959  if (prde->Name == RT_MENU)
2960  break;
2961  prde++;
2962  }
2963  if (prde->Name != RT_MENU)
2964  return 0;
2965 
2966  prdName = (PIMAGE_RESOURCE_DIRECTORY)
2967  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2968  if (prdName == NULL)
2969  return 0;
2970 
2972  ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
2973 
2974  // sometimes previous code tells you lots of things hidden underneath
2975  // I wish I could save all the revisions I made ... but again .... sigh.
2976  // october 12, 1997 sang
2977  //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2978 
2979  nMenus = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
2980  sLength = 0;
2981 
2982  for (i = 0; i < prdName->NumberOfNamedEntries; i++)
2983  {
2984  pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
2985  ((DWORD) prdType + (prde->Name ^ 0x80000000));
2986  sLength += pMenuName->Length + 1;
2987 
2988  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
2989  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2990  if (prdLanguage == NULL)
2991  continue;
2992 
2994  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
2995 
2996  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
2997  ((DWORD) prdType + prde1->OffsetToData);
2998  if (prData == NULL)
2999  continue;
3000 
3001  pMenuHeader = (PIMAGE_MENU_HEADER)
3002  GetActualAddress (lpFile, prData->OffsetToData);
3003 
3004  //
3005  // normally wVersion and cbHeaderSize should be zero
3006  // but if it is not then nothing is known to us...
3007  // so let's do our best ... namely guessing .... and trying ....
3008  // ... and suffering ...
3009  // it gave me many sleepless (not exactly but I like to say this) nights.
3010  //
3011 
3012  // strange case
3013  if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3014  {
3015  //isStrange = TRUE;
3016  pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3017  size = prData->Size;
3018  // expect to return the length needed to report.
3019  // sixteen more bytes to do something
3020  sLength += 16 + size;
3021  //StrangeMenuScan (&sLength, &pwd, size);
3022  }
3023  // normal case
3024  else
3025  {
3026  pPopup = (WORD*)
3027  ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3028  while (1)
3029  {
3030  flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3031  if (flag & 0x0080)
3032  break;
3033  }
3034  }
3035  prde++;
3036  }
3037  for (i = 0; i < prdName->NumberOfIdEntries; i++)
3038  {
3039  sLength += 12;
3040 
3041  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3042  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3043  if (prdLanguage == NULL)
3044  continue;
3045 
3047  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3048 
3049  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3050  ((DWORD) prdType + prde1->OffsetToData);
3051  if (prData == NULL)
3052  continue;
3053 
3054  pMenuHeader = (PIMAGE_MENU_HEADER)
3055  GetActualAddress (lpFile, prData->OffsetToData);
3056  // strange case
3057  if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3058  {
3059  pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3060  size = prData->Size;
3061  // expect to return the length needed to report.
3062  // sixteen more bytes to do something
3063  sLength += 16 + size;
3064  //StrangeMenuScan (&sLength, &pwd, size);
3065  }
3066  // normal case
3067  else
3068  {
3069  pPopup = (WORD*)
3070  ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3071  while (1)
3072  {
3073  flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3074  if (flag & 0x0080)
3075  break;
3076  }
3077  }
3078  prde++;
3079  }
3080  //
3081  // allocate memory for menu names
3082  //
3083  *pszResTypes = (char *) calloc (sLength, 1);
3084 
3085  pMem = *pszResTypes;
3086  //
3087  // and start all over again
3088  //
3090  ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3091 
3092  for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3093  {
3094  pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
3095  ((DWORD) prdType + (prde->Name ^ 0x80000000));
3096 
3097 
3098  for (j = 0; j < pMenuName->Length; j++)
3099  *pMem++ = (char) (pMenuName->NameString[j]);
3100  *pMem = 0;
3101  pMem++;
3102 
3103 
3104  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3105  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3106  if (prdLanguage == NULL)
3107  continue;
3108 
3110  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3111 
3112  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3113  ((DWORD) prdType + prde1->OffsetToData);
3114  if (prData == NULL)
3115  continue;
3116 
3117  pMenuHeader = (PIMAGE_MENU_HEADER)
3118  GetActualAddress (lpFile, prData->OffsetToData);
3119  // strange case
3120  if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3121  {
3122  pwd = (WORD *) ((DWORD) pMenuHeader);
3123  size = prData->Size;
3124  strcpy (pMem, ":::::::::::");
3125  pMem += 12;
3126  *(int *) pMem = size;
3127  pMem += 4;
3128  StrangeMenuFill (&pMem, &pwd, size);
3129  }
3130  // normal case
3131  else
3132  {
3133  pPopup = (WORD*)
3134  ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3135  while (1)
3136  {
3137  flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3138  if (flag & 0x0080)
3139  break;
3140  }
3141  }
3142  prde++;
3143  }
3144  for (i = 0; i < prdName->NumberOfIdEntries; i++)
3145  {
3146 
3147  sprintf (buff, "MenuId_%04lX", (prde->Name));
3148  strcpy (pMem, buff);
3149  pMem += strlen (buff) + 1;
3150 
3151  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3152  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3153  if (prdLanguage == NULL)
3154  continue;
3155 
3157  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3158 
3159  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3160  ((DWORD) prdType + prde1->OffsetToData);
3161  if (prData == NULL)
3162  continue;
3163 
3164  pMenuHeader = (PIMAGE_MENU_HEADER)
3165  GetActualAddress (lpFile, prData->OffsetToData);
3166  // strange case
3167  if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3168  {
3169  pwd = (WORD *) ((DWORD) pMenuHeader);
3170  size = prData->Size;
3171  strcpy (pMem, ":::::::::::");
3172  pMem += 12;
3173  *(int *) pMem = size;
3174  pMem += 4;
3175  StrangeMenuFill (&pMem, &pwd, size);
3176  }
3177  // normal case
3178  else
3179  {
3180  pPopup = (WORD*)
3181  ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3182  while (1)
3183  {
3184  flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3185  if (flag & 0x0080)
3186  break;
3187  }
3188  }
3189  prde++;
3190  }
3191 
3192  return nMenus;
3193 }
3194 
3195 
3196 //
3197 // This function is written by sang cho
3198 // October 12, 1997
3199 //
3200 /* print contents of menu */
3201 int WINAPI
3203  char **psz)
3204 {
3205 
3206  //int i, j, k, l;
3207  int num;
3208  //WORD flag1, flag2;
3209  //char buff[128];
3210  char *ptr, *pmax;
3211 
3212  //return dumpMenu (psz, size);
3213 
3214  ptr = *psz;
3215 
3216  if (strncmp (ptr, ":::::::::::", 11) != 0)
3217  {
3218  printf ("\n#### I don't know why!!!");
3219  dumpMenu (psz, 1024);
3220  exit (0);
3221  }
3222 
3223  ptr += 12;
3224  num = *(int *) ptr;
3225  ptr += 4;
3226  pmax = ptr + num;
3227 
3228  *psz = ptr;
3229  return dumpMenu (psz, num);
3230 
3231  // I will write some code later...
3232 
3233 }
3234 
3235 
3236 
3237 
3238 //
3239 // This function is written by sang cho
3240 // October 2, 1997
3241 //
3242 /* print contents of menu */
3243 int WINAPI
3245  int indent,
3246  char **psz)
3247 {
3248 
3249  int /*i, */ j, k, l;
3250  WORD id /*, num */ ;
3251  WORD flag;
3252  char buff[128];
3253  char *ptr;
3254 
3255 
3256  ptr = *psz;
3257  //num = *(WORD *)ptr;
3258  //ptr += 2;
3259  while (1)
3260  {
3261  flag = *(WORD *) ptr;
3262  if (flag & 0x0010) // flag == popup
3263 
3264  {
3265  printf ("\n\n");
3266  for (j = 0; j < indent; j++)
3267  printf (" ");
3268  ptr += 2;
3269  printf ("%s {Popup}\n", ptr);
3270  ptr += strlen (ptr) + 1;
3271  *psz = ptr;
3272  PrintMenu (indent + 5, psz);
3273  ptr = *psz;
3274  }
3275  else // ispopup == 0
3276 
3277  {
3278  printf ("\n");
3279  for (j = 0; j < indent; j++)
3280  printf (" ");
3281  ptr += 2;
3282  id = *(WORD *) ptr;
3283  ptr += 2;
3284  strcpy (buff, ptr);
3285  l = strlen (ptr);
3286  ptr += l + 1;
3287  if (strchr (buff, 0x09) != NULL)
3288  {
3289  for (k = 0; k < l; k++)
3290  if (buff[k] == 0x09)
3291  break;
3292  for (j = 0; j < l - k; j++)
3293  buff[31 - j] = buff[l - j];
3294  for (j = k; j < 32 + k - l; j++)
3295  buff[j] = 32;
3296  }
3297  if (strchr (buff, 0x08) != NULL)
3298  {
3299  for (k = 0; k < l; k++)
3300  if (buff[k] == 0x08)
3301  break;
3302  for (j = 0; j < l - k; j++)
3303  buff[31 - j] = buff[l - j];
3304  for (j = k; j < 32 + k - l; j++)
3305  buff[j] = 32;
3306  }
3307  printf ("%s", buff);
3308  l = strlen (buff);
3309  for (j = l; j < 32; j++)
3310  printf (" ");
3311  printf ("[ID=%04Xh]", id);
3312  *psz = ptr;
3313  }
3314  if (flag & 0x0080)
3315  break;
3316  }
3317  return 0;
3318 }
3319 
3320 
3321 //
3322 // This function is written by sang cho
3323 // October 2, 1997
3324 //
3325 /* the format of menu is not known so I'll do my best */
3326 int WINAPI
3328  char **psz,
3329  int size)
3330 {
3331 
3332  int i, j, k, n, l, c;
3333  char buff[32];
3334  char *ptr, *pmax;
3335 
3336  ptr = *psz;
3337  pmax = ptr + size;
3338  for (i = 0; i < (size / 16) + 1; i++)
3339  {
3340  n = 0;
3341  for (j = 0; j < 16; j++)
3342  {
3343  c = (int) (*ptr);
3344  if (c < 0)
3345  c += 256;
3346  buff[j] = c;
3347  printf ("%02X", c);
3348  ptr++;
3349  if (ptr >= pmax)
3350  break;
3351  n++;
3352  if (n % 4 == 0)
3353  printf (" ");
3354  }
3355  n++;
3356  if (n % 4 == 0)
3357  printf (" ");
3358  l = j;
3359  j++;
3360  for (; j < 16; j++)
3361  {
3362  n++;
3363  if (n % 4 == 0)
3364  printf (" ");
3365  else
3366  printf (" ");
3367  }
3368  printf (" ");
3369  for (k = 0; k < l; k++)
3370  if (isprint (c = buff[k]))
3371  printf ("%c", c);
3372  else
3373  printf (".");
3374  printf ("\n");
3375  if (ptr >= pmax)
3376  break;
3377  }
3378 
3379  *psz = ptr;
3380  return 0;
3381 }
3382 
3383 
3384 
3385 
3386 //
3387 // This function is written by sang cho
3388 // October 13, 1997
3389 //
3390 /* scan dialog box and copy dialog box */
3391 int WINAPI
3393  LPVOID lpFile,
3394  char **pszResTypes)
3395 {
3396  PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
3397  PIMAGE_RESOURCE_DIRECTORY_ENTRY prde, prde1;
3398  PIMAGE_RESOURCE_DIR_STRING_U pDialogName;
3399  PIMAGE_RESOURCE_DATA_ENTRY prData;
3400  PIMAGE_DIALOG_HEADER pDialogHeader;
3401  //PIMAGE_CONTROL_DATA pControlData;
3402  char buff[32];
3403  int /*nCnt = 0,*/ i, j;
3404  //int num = 0;
3405  int size;
3406  int sLength, nDialogs;
3407  //WORD flag;
3408  WORD *pwd;
3409  //DWORD prdeName;
3410  char *pMem/*, *pTemp*/;
3411  //BOOL isStrange = FALSE;
3412 
3413 
3414  /* get root directory of resource tree */
3415  if ((prdType = (PIMAGE_RESOURCE_DIRECTORY) ImageDirectoryOffset
3416  (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE)) == NULL)
3417  return 0;
3418 
3419  /* set pointer to first resource type entry */
3421  ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
3422 
3423  for (i = 0; i < prdType->NumberOfIdEntries; i++)
3424  {
3425  if (prde->Name == RT_DIALOG)
3426  break;
3427  prde++;
3428  }
3429  if (prde->Name != RT_DIALOG)
3430  return 0;
3431 
3432  prdName = (PIMAGE_RESOURCE_DIRECTORY)
3433  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3434  if (prdName == NULL)
3435  return 0;
3436 
3438  ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3439 
3440 
3441  nDialogs = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
3442  sLength = 0;
3443 
3444  for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3445  {
3446  pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3447  ((DWORD) prdType + (prde->Name ^ 0x80000000));
3448  sLength += pDialogName->Length + 1;
3449 
3450  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3451  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3452  if (prdLanguage == NULL)
3453  continue;
3454 
3456  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3457 
3458  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3459  ((DWORD) prdType + prde1->OffsetToData);
3460  if (prData == NULL)
3461  continue;
3462 
3463  size = prData->Size;
3464  sLength += 4 + size;
3465  prde++;
3466  }
3467  for (i = 0; i < prdName->NumberOfIdEntries; i++)
3468  {
3469  sLength += 14;
3470 
3471  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3472  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3473  if (prdLanguage == NULL)
3474  continue;
3475 
3477  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3478 
3479  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3480  ((DWORD) prdType + prde1->OffsetToData);
3481  if (prData == NULL)
3482  continue;
3483 
3484  size = prData->Size;
3485  sLength += 4 + size;
3486  prde++;
3487  }
3488  //
3489  // allocate memory for menu names
3490  //
3491  *pszResTypes = (char *) calloc (sLength, 1);
3492 
3493  pMem = *pszResTypes;
3494  //
3495  // and start all over again
3496  //
3498  ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3499 
3500  for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3501  {
3502  pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3503  ((DWORD) prdType + (prde->Name ^ 0x80000000));
3504 
3505 
3506  for (j = 0; j < pDialogName->Length; j++)
3507  *pMem++ = (char) (pDialogName->NameString[j]);
3508  *pMem = 0;
3509  pMem++;
3510 
3511 
3512  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3513  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3514  if (prdLanguage == NULL)
3515  continue;
3516 
3518  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3519 
3520  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3521  ((DWORD) prdType + prde1->OffsetToData);
3522  if (prData == NULL)
3523  continue;
3524 
3525  pDialogHeader = (PIMAGE_DIALOG_HEADER)
3526  GetActualAddress (lpFile, prData->OffsetToData);
3527 
3528 
3529 
3530  pwd = (WORD *) ((DWORD) pDialogHeader);
3531  size = prData->Size;
3532  *(int *) pMem = size;
3533  pMem += 4;
3534  StrangeMenuFill (&pMem, &pwd, size);
3535 
3536  prde++;
3537  }
3538  for (i = 0; i < prdName->NumberOfIdEntries; i++)
3539  {
3540 
3541  sprintf (buff, "DialogId_%04lX", (prde->Name));
3542  strcpy (pMem, buff);
3543  pMem += strlen (buff) + 1;
3544 
3545  prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3546  ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3547  if (prdLanguage == NULL)
3548  {
3549  printf ("\nprdLanguage = NULL");
3550  exit (0);
3551  }
3552 
3554  ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3555 
3556  prData = (PIMAGE_RESOURCE_DATA_ENTRY)
3557  ((DWORD) prdType + prde1->OffsetToData);
3558  if (prData == NULL)
3559  {
3560  printf ("\nprData = NULL");
3561  exit (0);
3562  }
3563 
3564  pDialogHeader = (PIMAGE_DIALOG_HEADER)
3565  GetActualAddress (lpFile, prData->OffsetToData);
3566 
3567 
3568  pwd = (WORD *) ((DWORD) pDialogHeader);
3569  size = prData->Size;
3570  *(int *) pMem = size;
3571  pMem += 4;
3572  StrangeMenuFill (&pMem, &pwd, size);
3573 
3574  prde++;
3575  }
3576 
3577  return nDialogs;
3578 }
3579 
3580 
3581 //
3582 // This function is written by sang cho
3583 // October 14, 1997
3584 //
3585 /* print contents of dialog */
3586 void WINAPI
3588  char **psz)
3589 {
3590  char *ptr;
3591 
3592  ptr = *psz;
3593  if (*(WORD *) ptr == 0xFFFF)
3594  {
3595  ptr += 2;
3596  printf ("%04X", *(WORD *) ptr);
3597  ptr += 2;
3598  }
3599  else
3600  {
3601  printf ("%c", '"');
3602  while (*(WORD *) ptr)
3603  {
3604  printf ("%c", *ptr);
3605  ptr += 2;
3606  }
3607  ptr += 2;
3608  printf ("%c", '"');
3609  }
3610  *psz = ptr;
3611 }
3612 
3613 
3614 //
3615 // This function is written by sang cho
3616 // October 14, 1997
3617 //
3618 /* print contents of dialog */
3619 void WINAPI
3621  char **psz)
3622 {
3623  int i/*, j, k, l, n, c*/;
3624  int num, size;
3625  DWORD flag;
3626  WORD class;
3627  //char buff[32];
3628  char *ptr, *pmax;
3629  BOOL isStrange = FALSE;
3630 
3631  ptr = *psz;
3632  size = *(int *) ptr;
3633  ptr += 4;
3634  pmax = ptr + size;
3635 
3636  // IStype of Dialog Header
3637  flag = *(DWORD *) ptr;
3638  //
3639  // check if flag is right or not
3640  // it has been observed that some dialog information is strange
3641  // and extra work is needed to fix that ... so let's try something
3642  //
3643 
3644  if ((flag & 0xFFFF0000) == 0xFFFF0000)
3645  {
3646  flag = *(DWORD *) (ptr + 12);
3647  num = *(short *) (ptr + 16);
3648  isStrange = TRUE;
3649  ptr += 26;
3650  }
3651  else
3652  {
3653  num = *(short *) (ptr + 8);
3654  ptr += 18;
3655  }
3656  printf (", # of Controls=%03d, Caption:%c", num, '"');
3657 
3658  // Menu name
3659  if (*(WORD *) ptr == 0xFFFF)
3660  ptr += 4; // ordinal
3661 
3662  else
3663  {
3664  while (*(WORD *) ptr)
3665  ptr += 2;
3666  ptr += 2;
3667  } // name
3668 
3669  // Class name
3670  if (*(WORD *) ptr == 0xFFFF)
3671  ptr += 4; // ordinal
3672 
3673  else
3674  {
3675  while (*(WORD *) ptr)
3676  ptr += 2;
3677  ptr += 2;
3678  } // name
3679 
3680  // Caption
3681  while (*(WORD *) ptr)
3682  {
3683  printf ("%c", *ptr);
3684  ptr += 2;
3685  }
3686  ptr += 2;
3687  printf ("%c", '"');
3688 
3689  // FONT present
3690  if (flag & 0x00000040)
3691  {
3692  if (isStrange)
3693  ptr += 6;
3694  else
3695  ptr += 2; // FONT size
3696 
3697  while (*(WORD *) ptr)
3698  ptr += 2; // WCHARs
3699 
3700  ptr += 2; // double null
3701 
3702  }
3703 
3704  // strange case adjust
3705  if (isStrange)
3706  ptr += 8;
3707 
3708  // DWORD padding
3709  if ((ptr - *psz) % 4)
3710  ptr += 4 - ((ptr - *psz) % 4);
3711 
3712  // start reporting .. finally
3713  for (i = 0; i < num; i++)
3714  {
3715  flag = *(DWORD *) ptr;
3716  if (isStrange)
3717  ptr += 14;
3718  else
3719  ptr += 16;
3720  printf ("\n Control::%03d - ID:", i + 1);
3721 
3722  // Control ID
3723  printf ("%04X, Class:", *(WORD *) ptr);
3724  ptr += 2;
3725 
3726  // Control Class
3727  if (*(WORD *) ptr == 0xFFFF)
3728  {
3729  ptr += 2;
3730  class = *(WORD *) ptr;
3731  ptr += 2;
3732  switch (class)
3733  {
3734  case 0x80:
3735  printf ("BUTTON ");
3736  break;
3737  case 0x81:
3738  printf ("EDIT ");
3739  break;
3740  case 0x82:
3741  printf ("STATIC ");
3742  break;
3743  case 0x83:
3744  printf ("LISTBOX ");
3745  break;
3746  case 0x84:
3747  printf ("SCROLLBAR");
3748  break;
3749  case 0x85:
3750  printf ("COMBOBOX ");
3751  break;
3752  default:
3753  printf ("%04X ", class);
3754  break;
3755  }
3756  }
3757  else
3758  PrintNameOrOrdinal (&ptr);
3759 
3760  printf (" Text:");
3761 
3762  // Text
3763  PrintNameOrOrdinal (&ptr);
3764 
3765  // nExtraStuff
3766  ptr += 2;
3767 
3768  // strange case adjust
3769  if (isStrange)
3770  ptr += 8;
3771 
3772  // DWORD padding
3773  if ((ptr - *psz) % 4)
3774  ptr += 4 - ((ptr - *psz) % 4);
3775  }
3776 
3777  /*
3778  ptr = *psz;
3779  printf("\n");
3780 
3781  for (i=0; i<(size/16)+1; i++)
3782  {
3783  n = 0;
3784  for (j=0; j<16; j++)
3785  {
3786  c = (int)(*ptr);
3787  if (c<0) c+=256;
3788  buff[j] = c;
3789  printf ("%02X",c);
3790  ptr++;
3791  if (ptr >= pmax) break;
3792  n++;
3793  if (n%4 == 0) printf (" ");
3794  }
3795  n++; if (n%4 == 0) printf (" ");
3796  l = j;
3797  j++;
3798  for (; j<16; j++)
3799  { n++; if (n%4 == 0) printf (" "); else printf (" "); }
3800  printf (" ");
3801  for (k=0; k<l; k++)
3802  if (isprint(c=buff[k])) printf("%c", c); else printf(".");
3803  printf ("\n");
3804  if (ptr >= pmax) break;
3805  }
3806  */
3807 
3808  *psz = pmax;
3809 
3810 }
3811 
3812 
3813 
3814 
3815 
3816 
3817 /* function indicates whether debug info has been stripped from file */
3818 BOOL WINAPI
3820  LPVOID lpFile)
3821 {
3822  PIMAGE_FILE_HEADER pfh;
3823 
3824  pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
3825 
3827 }
3828 
3829 
3830 
3831 
3832 /* retrieve the module name from the debug misc. structure */
3833 int WINAPI
3835  LPVOID lpFile,
3836  char **pszModule)
3837 {
3838 
3839  PIMAGE_DEBUG_DIRECTORY pdd;
3840  PIMAGE_DEBUG_MISC pdm = NULL;
3841  int nCnt;
3842 
3843  if (!(pdd = (PIMAGE_DEBUG_DIRECTORY) ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_DEBUG)))
3844  return 0;
3845 
3846  while (pdd->SizeOfData)
3847  {
3848  if (pdd->Type == IMAGE_DEBUG_TYPE_MISC)
3849  {
3850  pdm = (PIMAGE_DEBUG_MISC) ((DWORD) pdd->PointerToRawData + (DWORD) lpFile);
3851  *pszModule = (char *) calloc ((nCnt = (strlen ((char *)pdm->Data))) + 1, 1);
3852  // may need some unicode business here...above
3853  bcopy (pdm->Data, *pszModule, nCnt);
3854 
3855  break;
3856  }
3857 
3858  pdd++;
3859  }
3860 
3861  if (pdm != NULL)
3862  return nCnt;
3863  else
3864  return 0;
3865 }
3866 
3867 
3868 
3869 
3870 
3871 /* determine if this is a valid debug file */
3872 BOOL WINAPI
3874  LPVOID lpFile)
3875 {
3876  PIMAGE_SEPARATE_DEBUG_HEADER psdh;
3877 
3878  psdh = (PIMAGE_SEPARATE_DEBUG_HEADER) lpFile;
3879 
3880  return (psdh->Signature == IMAGE_SEPARATE_DEBUG_SIGNATURE);
3881 }
3882 
3883 
3884 
3885 
3886 /* copy separate debug header structure from debug file */
3887 BOOL WINAPI
3889  LPVOID lpFile,
3890  PIMAGE_SEPARATE_DEBUG_HEADER psdh)
3891 {
3892  PIMAGE_SEPARATE_DEBUG_HEADER pdh;
3893 
3894  pdh = (PIMAGE_SEPARATE_DEBUG_HEADER) lpFile;
3895 
3897  {
3898  bcopy ((LPVOID) pdh, (LPVOID) psdh, sizeof (IMAGE_SEPARATE_DEBUG_HEADER));
3899  return TRUE;
3900  }
3901 
3902  return FALSE;
3903 }
3904 
3905 //
3906 // I tried to immitate the output of w32dasm disassembler.
3907 // which is a pretty good program.
3908 // but I am disappointed with this program and I myself
3909 // am writting a disassembler.
3910 // This PEdump program is a byproduct of that project.
3911 // so enjoy this program and I hope we will have a little more
3912 // knowledge on windows programming world.
3913 // .... sang cho
3914 
3915 #define MAXSECTIONNUMBER 16
3916 #define MAXNAMESTRNUMBER 40
3917 int
3919  int argc,
3920  char **argv
3921 )
3922 {
3923  DWORD fileType;
3924  LPVOID lpFile;
3925  FILE *my_fp;
3926  IMAGE_DOS_HEADER dosHdr;
3927  PIMAGE_FILE_HEADER pfh;
3928  PIMAGE_OPTIONAL_HEADER poh;
3929  PIMAGE_SECTION_HEADER psh;
3930  //IMAGE_SECTION_HEADER idsh;
3932  //PIMAGE_IMPORT_MODULE_DIRECTORY pid;
3933 
3934  int nSections; // number of sections
3935 
3936  int nResources; // number of resources
3937 
3938  int nMenus; // number of menus
3939 
3940  int nDialogs; // number of dialogs
3941 
3942  int nImportedModules; // number of imported modules
3943 
3944  int nFunctions; // number of functions in the imported module
3945 
3946  int nExportedFunctions; // number of exported funcions
3947 
3948  int imageBase;
3949  int entryPoint;
3950 
3951  int i, j, /*k,*/ n;
3952  //int mnsize;
3953  //int nCnt;
3954  //int nSize;
3955  int fsize;
3956  char *pnstr;
3957  char *pst;
3958  char *piNameBuff; // import module name buffer
3959 
3960  char *pfNameBuff; // import functions in the module name buffer
3961 
3962  char *peNameBuff; // export function name buffer
3963 
3964  char *pmNameBuff; // menu name buffer
3965 
3966  char *pdNameBuff; // dialog name buffer
3967 
3968  /*
3969  * Check user arguments.
3970  */
3971  if (2 == argc)
3972  {
3973  my_fp = fopen (argv[1], "rb");
3974  if (my_fp == NULL)
3975  {
3976  printf (
3977  "%s: can not open input file \"%s\".\n",
3978  argv[0],
3979  argv[1]
3980  );
3981  exit (0);
3982  }
3983  }
3984  else
3985  {
3986  printf (
3987  "%s - PE/COFF file dumper\n"
3988  "Copyright (c) 1993 Randy Kath (MSDN Technology Group)\n"
3989  "Copyright (c) 1997 Sang Cho (CS & Engineering - Chongju University)\n"
3990  "Copyright (c) 2000 Emanuele Aliberti (ReactOS Development Team)\n\n",
3991  argv[0]
3992  );
3993  printf (
3994  "usage: %s input_file_name\n",
3995  argv[0]
3996  );
3997  exit (0);
3998  }
3999  /*
4000  * Get input file's size.
4001  */
4002  /* argv [0], */
4003  fseek (my_fp, 0L, SEEK_END);
4004  fsize = ftell (my_fp);
4005  rewind (my_fp);
4006  /*
4007  * Buffer the file in memory.
4008  */
4009  lpFile = (void *) calloc (fsize, 1);
4010  if (lpFile == NULL)
4011  {
4012  printf (
4013  "%s: can not allocate memory.\n",
4014  argv[0]
4015  );
4016  fclose(my_fp);
4017  exit (0);
4018  }
4019  /*
4020  * --- Start of report ---
4021  */
4022  printf ("\n\nDump of file: %s\n\n", argv[1]);
4023 
4024  n = fread (lpFile, fsize, 1, my_fp);
4025  fclose(my_fp);
4026 
4027  if (n == -1)
4028  {
4029  printf (
4030  "%s: failed to read the file \"%s\".\n",
4031  argv[0],
4032  argv[1]
4033  );
4034  free(lpFile);
4035  exit (0);
4036  }
4037 
4038  GetDosHeader (lpFile, &dosHdr);
4039 
4040  if ((WORD) IMAGE_DOS_SIGNATURE == dosHdr.e_magic)
4041  {
4042  if ((dosHdr.e_lfanew > 4096)
4043  || (dosHdr.e_lfanew < 64)
4044  )
4045  {
4046  printf (
4047  "%s: This file is not in PE format; it looks like in DOS format.\n",
4048  argv[0]
4049  );
4050  free(lpFile);
4051  exit (0);
4052  }
4053  }
4054  else
4055  {
4056  printf (
4057  "%s: This doesn't look like an executable file (magic = 0x%04x).\n",
4058  argv[0],
4059  dosHdr.e_magic
4060  );
4061  free(lpFile);
4062  exit (0);
4063  }
4064 
4065  fileType = ImageFileType (lpFile);
4066 
4067  if (fileType != IMAGE_NT_SIGNATURE)
4068  {
4069  printf (
4070  "%s: This file is not in PE format (magic = 0x%08lx).\n",
4071  argv[0],
4072  fileType
4073  );
4074  free(lpFile);
4075  exit (0);
4076  }
4077 
4078  //=====================================
4079  // now we can really start processing
4080  //=====================================
4081 
4082  pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
4083 
4084  poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
4085 
4086  psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
4087 
4088  nSections = pfh->NumberOfSections;
4089 
4090  imageBase = poh->ImageBase;
4091 
4092  entryPoint = poh->AddressOfEntryPoint;
4093 
4094  if (psh == NULL)
4095  {
4096  free(lpFile);
4097  return 0;
4098  }
4099 
4100  /* store section headers */
4101 
4102  for (i = 0;
4103  i < nSections;
4104  i++
4105  )
4106  {
4107  shdr[i] = *psh++;
4108  }
4109  /*
4110  * Get Code offset and size,
4111  * Data offset and size.
4112  */
4113  for (i = 0;
4114  i < nSections;
4115  i++
4116  )
4117  {
4118  if (poh->BaseOfCode == shdr[i].VirtualAddress)
4119  {
4120  printf (
4121  "Code Offset = %08lX, Code Size = %08lX \n",
4122  shdr[i].PointerToRawData,
4123  shdr[i].SizeOfRawData
4124  );
4125  }
4126  if (((shdr[i].Characteristics) & 0xC0000040) == 0xC0000040)
4127  {
4128  printf (
4129  "Data Offset = %08lX, Data Size = %08lX \n",
4130  shdr[i].PointerToRawData,
4131  shdr[i].SizeOfRawData
4132  );
4133  break;
4134  }
4135  }
4136 
4137  printf ("\n");
4138 
4139  printf (
4140  "Number of Objects = %04d (dec), Imagebase = %08Xh \n",
4141  nSections,
4142  imageBase
4143  );
4144  /*
4145  * Object name alignment.
4146  */
4147  for (i = 0;
4148  i < nSections;
4149  i++
4150  )
4151  {
4152  for (j = 0;
4153  j < 7;
4154  j++
4155  )
4156  {
4157  if (shdr[i].Name[j] == 0)
4158  {
4159  shdr[i].Name[j] = 32;
4160  }
4161  }
4162  shdr[i].Name[7] = 0;
4163  }
4164  for (i = 0; i < nSections; i++)
4165  printf ("\n Object%02d: %8s RVA: %08lX Offset: %08lX Size: %08lX Flags: %08lX ",
4166  i + 1, shdr[i].Name, shdr[i].VirtualAddress, shdr[i].PointerToRawData,
4167  shdr[i].SizeOfRawData, shdr[i].Characteristics);
4168  /*
4169  * Get List of Resources.
4170  */
4171  nResources = GetListOfResourceTypes (lpFile, &pnstr);
4172  pst = pnstr;
4173  printf ("\n");
4174  printf ("\n+++++++++++++++++++ RESOURCE INFORMATION +++++++++++++++++++");
4175  printf ("\n");
4176  if (nResources == 0)
4177  printf ("\n There are no Resources in This Application.\n");
4178  else
4179  {
4180  printf ("\nNumber of Resource Types = %4d (decimal)\n", nResources);
4181  for (i = 0; i < nResources; i++)
4182  {
4183  printf ("\n Resource Type %03d: %s", i + 1, pst);
4184  pst += strlen ((char *) (pst)) + 1;
4185  }
4186  free ((void *) pnstr);
4187 
4188  printf ("\n");
4189  printf ("\n+++++++++++++++++++ MENU INFORMATION +++++++++++++++++++");
4190  printf ("\n");
4191 
4192  nMenus = GetContentsOfMenu (lpFile, &pmNameBuff);
4193 
4194  if (nMenus == 0)
4195  {
4196  printf ("\n There are no Menus in This Application.\n");
4197  }
4198  else
4199  {
4200  pst = pmNameBuff;
4201  printf ("\nNumber of Menus = %4d (decimal)", nMenus);
4202 
4203  //dumpMenu(&pst, 8096);
4204  for (i = 0; i < nMenus; i++)
4205  {
4206  // menu ID print
4207  printf ("\n\n%s", pst);
4208  pst += strlen (pst) + 1;
4209  printf ("\n-------------");
4210  if (strncmp (pst, ":::::::::::", 11) == 0)
4211  {
4212  printf ("\n");
4213  PrintStrangeMenu (&pst);
4214  }
4215  else
4216  {
4217  PrintMenu (6, &pst);
4218  }
4219  //else PrintStrangeMenu(&pst);
4220  }
4221  free ((void *) pmNameBuff);
4222  printf ("\n");
4223  }
4224 
4225  printf ("\n");
4226  printf ("\n+++++++++++++++++ DIALOG INFORMATION +++++++++++++++++++");
4227  printf ("\n");
4228 
4229  nDialogs = GetContentsOfDialog (lpFile, &pdNameBuff);
4230 
4231  if (nDialogs == 0)
4232  {
4233  printf ("\n There are no Dialogs in This Application.\n");
4234  }
4235  else
4236  {
4237  pst = pdNameBuff;
4238  printf ("\nNumber of Dialogs = %4d (decimal)", nDialogs);
4239 
4240  printf ("\n");
4241 
4242  for (i = 0; i < nDialogs; i++)
4243  {
4244  // Dialog ID print
4245  printf ("\nName: %s", pst);
4246  pst += strlen (pst) + 1;
4247  PrintDialog (&pst);
4248  }
4249  free ((void *) pdNameBuff);
4250  printf ("\n");
4251  }
4252  }
4253 
4254  printf ("\n+++++++++++++++++++ IMPORTED FUNCTIONS +++++++++++++++++++");
4255 
4256  nImportedModules = GetImportModuleNames (lpFile, &piNameBuff);
4257  if (nImportedModules == 0)
4258  {
4259  printf ("\n There are no imported Functions in This Application.\n");
4260  }
4261  else
4262  {
4263  pnstr = piNameBuff;
4264  printf ("\nNumber of Imported Modules = %4d (decimal)\n", nImportedModules);
4265  for (i = 0; i < nImportedModules; i++)
4266  {
4267  printf ("\n Import Module %03d: %s", i + 1, pnstr);
4268  pnstr += strlen ((char *) (pnstr)) + 1;
4269  }
4270 
4271  printf ("\n");
4272  printf ("\n+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++++");
4273  pnstr = piNameBuff;
4274  for (i = 0; i < nImportedModules; i++)
4275  {
4276  printf ("\n\n Import Module %03d: %s \n", i + 1, pnstr);
4277  nFunctions = GetImportFunctionNamesByModule (lpFile, pnstr, &pfNameBuff);
4278  pnstr += strlen ((char *) (pnstr)) + 1;
4279  pst = pfNameBuff;
4280  for (j = 0; j < nFunctions; j++)
4281  {
4282  printf ("\nAddr:%08X hint(%04X) Name: %s",
4283  (*(int *) pst), (*(short *) (pst + 4)),
4284  //(pst+6));
4285  TranslateFunctionName (pst + 6));
4286  pst += strlen ((char *) (pst + 6)) + 1 + 6;
4287  }
4288  free ((void *) pfNameBuff);
4289  }
4290  free ((void *) piNameBuff);
4291  }
4292 
4293  printf ("\n");
4294  printf ("\n+++++++++++++++++++ EXPORTED FUNCTIONS +++++++++++++++++++");
4295 
4296  nExportedFunctions = GetExportFunctionNames (lpFile, &peNameBuff);
4297  printf ("\nNumber of Exported Functions = %4d (decimal)\n", nExportedFunctions);
4298 
4299  if (nExportedFunctions > 0)
4300  {
4301  pst = peNameBuff;
4302 
4303  for (i = 0; i < nExportedFunctions; i++)
4304  {
4305  printf ("\nAddr:%08X Ord:%4d (%04Xh) Name: %s",
4306  (*(int *) pst), (*(WORD *) (pst + 4)), (*(WORD *) (pst + 4)),
4307  //(pst+6));
4308  TranslateFunctionName (pst + 6));
4309  pst += strlen ((char *) (pst + 6)) + 6 + 1;
4310  }
4311  free ((void *) peNameBuff);
4312  }
4313 
4314  free ((void *) lpFile);
4315 
4316  return 0;
4317 }
4318 
4319 
4320 /* EOF */
short WCHAR
Definition: pedump.c:58
struct _IMAGE_DEBUG_DIRECTORY * PIMAGE_DEBUG_DIRECTORY
struct _IMAGE_IMPORT_BY_NAME IMAGE_IMPORT_BY_NAME
#define MAXSECTIONNUMBER
Definition: pedump.c:3915
#define TRUE
Definition: pedump.c:80
struct _IMAGE_CONTROL_DATA * PIMAGE_CONTROL_DATA
unsigned char BYTE
Definition: pedump.c:64
DWORD dwRVAModuleName
Definition: pedump.c:833
int WINAPI GetNumberOfResources(LPVOID)
Definition: pedump.c:2493
struct _IMAGE_POPUP_MENU_ITEM IMAGE_POPUP_MENU_ITEM
PDWORD * AddressOfFunctions
Definition: pedump.c:317
static int argc
Definition: ServiceArgs.c:15
_In_ ULONG_PTR _In_ ULONG _Out_ ULONG_PTR * pid
Definition: winddi.h:3835
void WINAPI PrintNameOrOrdinal(char **psz)
Definition: pedump.c:3587
int length
Definition: pedump.c:867
DWORD CodePage
Definition: pedump.c:461
struct _IMAGE_POPUP_MENU_ITEM * PIMAGE_POPUP_MENU_ITEM
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean GLenum GLenum GLint GLsizei GLenum GLsizei GLenum const GLvoid GLboolean const GLboolean GLenum const GLdouble const GLfloat const GLdouble const GLfloat GLenum GLint GLint GLint GLint GLint GLint j
Definition: glfuncs.h:98
unsigned short WORD
Definition: ntddk_ex.h:93
struct _IMAGE_SEPARATE_DEBUG_HEADER IMAGE_SEPARATE_DEBUG_HEADER
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
Definition: ntddk_ex.h:178
int WINAPI GetListOfResourceTypes(LPVOID, char **)
Definition: pedump.c:2536
void WINAPI PrintDialog(char **psz)
Definition: pedump.c:3620
static const WCHAR indent[]
Definition: object.c:1165
#define WINAPI
Definition: pedump.c:83
struct _IMAGE_RESOURCE_DIRECTORY_STRING IMAGE_RESOURCE_DIRECTORY_STRING
WORD NumberOfRelocations
Definition: pedump.c:293
#define PEFHDROFFSET(a)
Definition: pedump.c:810
int WINAPI GetExportFunctionNames(LPVOID, char **)
Definition: pedump.c:2365
#define IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: pedump.c:259
Definition: bidi.c:75
DWORD OffsetToData
Definition: pedump.c:416
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
BOOL WINAPI StringExpands(char **, char **, char **, Str_P *)
Definition: pedump.c:1679
#define IMAGE_SEPARATE_DEBUG_SIGNATURE
Definition: pedump.c:788
__wchar_t WCHAR
Definition: xmlstorage.h:180
DWORD dwRVAFunctionNameList
Definition: pedump.c:830
#define FALSE
Definition: pedump.c:79
char * strncpy(char *DstString, const char *SrcString, ACPI_SIZE Count)
Definition: utclib.c:427
struct _IMAGE_SECTION_HEADER IMAGE_SECTION_HEADER
char CHAR
Definition: xmlstorage.h:175
#define free
Definition: debug_ros.c:5
#define OPTHDROFFSET(a)
Definition: pedump.c:815
struct _IMAGE_RESOURCE_DATA_ENTRY IMAGE_RESOURCE_DATA_ENTRY
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:1946
union _IMAGE_SECTION_HEADER::@1306 Misc
BOOL WINAPI IsDebugFile(LPVOID)
Definition: pedump.c:3873
int WINAPI GetImportModuleNames(LPVOID, char **)
Definition: pedump.c:1208
struct _IMAGE_CONTROL_DATA IMAGE_CONTROL_DATA
union _NAME_OR_ORDINAL * PNAME_OR_ORDINAL
struct _IMAGE_DEBUG_MISC * PIMAGE_DEBUG_MISC
struct _IMAGE_RESOURCE_DIRECTORY_ENTRY IMAGE_RESOURCE_DIRECTORY_ENTRY
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
int boolean
Definition: pedump.c:70
struct _IMAGE_NT_HEADERS IMAGE_NT_HEADERS
WORD MinorOperatingSystemVersion
Definition: ntddk_ex.h:161
BOOL WINAPI GetPEFileHeader(LPVOID, PIMAGE_FILE_HEADER)
Definition: pedump.c:969
Definition: pedump.c:861
DWORD PointerToRawData
Definition: pedump.c:290
unsigned long DWORD
Definition: pedump.c:62
int WINAPI GetImportFunctionNamesByModule(LPVOID, char *, char **)
Definition: pedump.c:1265
void * LPVOID
Definition: pedump.c:69
char *WINAPI TranslateFunctionName(char *)
Definition: pedump.c:1953
DWORD DWORD
Definition: winlogon.h:75
static char ** argv
Definition: ServiceArgs.c:14
IMAGE_OPTIONAL_HEADER OptionalHeader
Definition: pedump.c:251
#define NTSIGNATURE(a)
Definition: pedump.c:805
DWORD AddressOfNameOrdinals
Definition: compat.h:155
WORD MajorOperatingSystemVersion
Definition: ntddk_ex.h:160
struct _IMAGE_RESOURCE_DIRECTORY * PIMAGE_RESOURCE_DIRECTORY
Definition: regsvr.c:85
char CHAR
Definition: pedump.c:57
#define IMAGE_DOS_SIGNATURE
Definition: pedump.c:89
#define sprintf(buf, format,...)
Definition: sprintf.c:55
LPVOID WINAPI ImageDirectorySection(LPVOID, DWORD)
unsigned short WORD
Definition: pedump.c:65
GLuint n
Definition: s_context.h:57
GLenum GLclampf GLint i
Definition: glfuncs.h:14
BOOL wasString
Definition: pedump.c:869
_Check_return_opt_ _CRTIMP size_t __cdecl fread(_Out_writes_bytes_(_ElementSize *_Count) void *_DstBuf, _In_ size_t _ElementSize, _In_ size_t _Count, _Inout_ FILE *_File)
#define IMAGE_DIRECTORY_ENTRY_DEBUG
Definition: pedump.c:265
void pwd(int argc, const char *argv[])
Definition: cmds.c:1401
DWORD DataType
Definition: compat.h:158
WCHAR szName[1]
Definition: pedump.c:559
long LONG
Definition: pedump.c:60
#define SECHDROFFSET(a)
Definition: pedump.c:821
DWORD WINAPI ImageFileType(LPVOID)
Definition: pedump.c:941
int main(int argc, char **argv)
Definition: pedump.c:3918
short SHORT
Definition: pedump.c:59
DWORD SizeOfUninitializedData
Definition: ntddk_ex.h:148
LPVOID WINAPI GetModuleEntryPoint(LPVOID)
Definition: pedump.c:1007
void WINAPI GetPreviousParamString(char *, char *)
Definition: pedump.c:1403
struct _IMAGE_NORMAL_MENU_ITEM IMAGE_NORMAL_MENU_ITEM
static PVOID ptr
Definition: dispmode.c:40
struct _IMAGE_RESOURCE_DIRECTORY_STRING * PIMAGE_RESOURCE_DIRECTORY_STRING
struct _IMAGE_RESOURCE_DATA_ENTRY * PIMAGE_RESOURCE_DATA_ENTRY
_Check_return_opt_ _CRTIMP int __cdecl fseek(_Inout_ FILE *_File, _In_ long _Offset, _In_ int _Origin)
struct _IMAGE_EXPORT_DIRECTORY IMAGE_EXPORT_DIRECTORY
struct _IMAGE_OPTIONAL_HEADER * PIMAGE_OPTIONAL_HEADER
Definition: pedump.c:457
WORD SizeOfOptionalHeader
Definition: ntddk_ex.h:127
struct _IMAGE_SEPARATE_DEBUG_HEADER * PIMAGE_SEPARATE_DEBUG_HEADER
#define IMAGE_FILE_DEBUG_STRIPPED
Definition: pedump.c:165
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
#define isdigit(c)
Definition: acclib.h:68
int WINAPI GetContentsOfDialog(LPVOID lpFile, char **pszResTypes)
Definition: pedump.c:3392
_CRTIMP void __cdecl rewind(_Inout_ FILE *_File)
#define RT_DIALOG
Definition: pedump.c:367
PWORD * AddressOfNameOrdinals
Definition: pedump.c:319
r l[0]
Definition: byte_order.h:167
struct tagImportDirectory * PIMAGE_IMPORT_MODULE_DIRECTORY
#define IMAGE_NT_SIGNATURE
Definition: pedump.c:93
WORD * PWORD
Definition: pedump.c:67
struct _IMAGE_RESOURCE_DIR_STRING_U * PIMAGE_RESOURCE_DIR_STRING_U
DWORD IExtendedStyle
Definition: pedump.c:569
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES
Definition: pedump.c:195
DWORD OffsetToData
Definition: pedump.c:459
unsigned char BOOLEAN
struct _IMAGE_OPTIONAL_HEADER IMAGE_OPTIONAL_HEADER
BOOL WINAPI GetSeparateDebugHeader(LPVOID, PIMAGE_SEPARATE_DEBUG_HEADER)
Definition: pedump.c:3888
int WINAPI GetStringLength(char *)
Definition: pedump.c:1382
WORD NumberOfLinenumbers
Definition: pedump.c:294
struct _IMAGE_FILE_HEADER * PIMAGE_FILE_HEADER
unsigned int BOOL
Definition: ntddk_ex.h:94
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean flag
Definition: glfuncs.h:72
DWORD NumberOfSymbols
Definition: ntddk_ex.h:126
DWORD PointerToLinenumbers
Definition: pedump.c:292
if(!(yy_init))
Definition: macro.lex.yy.c:704
char flag
Definition: pedump.c:863
#define IMAGE_DEBUG_TYPE_MISC
Definition: pedump.c:727
BOOL WINAPI GetSectionHdrByName(LPVOID, PIMAGE_SECTION_HEADER, char *)
struct _IMAGE_DOS_HEADER * PIMAGE_DOS_HEADER
struct _IMAGE_DATA_DIRECTORY * PIMAGE_DATA_DIRECTORY
const GLubyte * c
Definition: glext.h:8905
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
struct _IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DIRECTORY
struct _IMAGE_FILE_HEADER IMAGE_FILE_HEADER
GLuint GLuint num
Definition: glext.h:9618
struct _Str_P Str_P
WORD e_res2[10]
Definition: ntddk_ex.h:117
void WINAPI TranslateParameters(char **, char **, char **)
Definition: pedump.c:1468
struct _IMAGE_DATA_DIRECTORY IMAGE_DATA_DIRECTORY
#define NULL
Definition: pedump.c:76
struct _IMAGE_EXPORT_DIRECTORY * PIMAGE_EXPORT_DIRECTORY
#define exit(n)
Definition: config.h:212
#define MAXRESOURCENAME
Definition: pedump.c:801
struct _IMAGE_DOS_HEADER IMAGE_DOS_HEADER
struct _NAME_OR_ORDINAL::_ORD_ID ORD_ID
struct _IMAGE_DEBUG_DIRECTORY IMAGE_DEBUG_DIRECTORY
#define IMAGE_OS2_SIGNATURE
Definition: pedump.c:90
GLenum GLsizei len
Definition: glext.h:6722
struct _IMAGE_DEBUG_MISC IMAGE_DEBUG_MISC
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
int WINAPI RetrieveModuleName(LPVOID, char **)
Definition: pedump.c:3834
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
_In_ ULONG _In_ BOOLEAN _Must_inspect_result_ PVOID * VirtualAddress
Definition: ndis.h:3772
ULONG PVOID Reserved
Definition: ntimage.h:533
BOOL WINAPI GetDosHeader(LPVOID, PIMAGE_DOS_HEADER)
Definition: pedump.c:915
unsigned char BYTE
Definition: ntddk_ex.h:96
int WINAPI PrintStrangeMenu(char **)
Definition: pedump.c:3202
struct _IMAGE_RESOURCE_DIRECTORY_ENTRY * PIMAGE_RESOURCE_DIRECTORY_ENTRY
Definition: pedump.c:413
short sh
Definition: format.c:272
#define RT_MENU
Definition: pedump.c:366
uint32_t cc
Definition: isohybrid.c:75
WCHAR szItemText[1]
Definition: pedump.c:487
LPVOID WINAPI ImageDirectoryOffset(LPVOID, DWORD)
Definition: pedump.c:1097
struct _IMAGE_SECTION_HEADER * PIMAGE_SECTION_HEADER
int WINAPI dumpMenu(char **psz, int size)
Definition: pedump.c:3327
BOOL WINAPI GetPEOptionalHeader(LPVOID, PIMAGE_OPTIONAL_HEADER)
Definition: pedump.c:988
DWORD dwRVAFunctionAddressList
Definition: pedump.c:834
struct _IMAGE_MENU_HEADER IMAGE_MENU_HEADER
LPVOID WINAPI GetImageBase(LPVOID)
Definition: pedump.c:1035
struct tagImportDirectory IMAGE_IMPORT_MODULE_DIRECTORY
unsigned short USHORT
Definition: pedump.c:61
GLsizeiptr size
Definition: glext.h:5919
struct _IMAGE_NORMAL_MENU_ITEM * PIMAGE_NORMAL_MENU_ITEM
DWORD PointerToSymbolTable
Definition: ntddk_ex.h:125
int WINAPI NumOfSections(LPVOID)
Definition: pedump.c:1023
struct _IMAGE_RESOURCE_DIR_STRING_U IMAGE_RESOURCE_DIR_STRING_U
#define IMAGE_SIZEOF_SHORT_NAME
Definition: pedump.c:277
LPVOID WINAPI GetActualAddress(LPVOID lpFile, DWORD dwRVA)
Definition: pedump.c:1055
CardRegion * pStack[NUM_STACKS]
Definition: spigame.cpp:21
struct _IMAGE_DIALOG_BOX_HEADER1 IMAGE_DIALOG_HEADER
int WINAPI PrintMenu(int, char **)
Definition: pedump.c:3244
int WINAPI MenuScan(int *, WORD **)
Definition: pedump.c:2738
DWORD * PDWORD
Definition: pedump.c:68
BYTE Name[IMAGE_SIZEOF_SHORT_NAME]
Definition: pedump.c:281
struct _IMAGE_NT_HEADERS * PIMAGE_NT_HEADERS
struct _IMAGE_MENU_HEADER * PIMAGE_MENU_HEADER
char * strchr(const char *String, int ch)
Definition: utclib.c:501
#define isprint(c)
Definition: acclib.h:73
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
DWORD Name
Definition: pedump.c:415
int WINAPI GetContentsOfMenu(LPVOID, char **)
Definition: pedump.c:2921
Definition: name.c:23
#define calloc
Definition: rosglue.h:14
int WINAPI MenuFill(char **, WORD **)
Definition: pedump.c:2806
static HMODULE pdh
Definition: pdh.c:30
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
#define c
Definition: ke_i.h:80
_Check_return_ _CRTIMP long __cdecl ftell(_Inout_ FILE *_File)
GLenum GLuint id
Definition: glext.h:5579
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
#define SEEK_END
Definition: cabinet.c:21
void WINAPI StrangeMenuFill(char **, WORD **, int)
Definition: pedump.c:2710
union _NAME_OR_ORDINAL NAME_OR_ORDINAL
#define IMAGE_DIRECTORY_ENTRY_RESOURCE
Definition: pedump.c:261
BOOL WINAPI IsDebugInfoStripped(LPVOID)
Definition: pedump.c:3819
BYTE * PBYTE
Definition: pedump.c:66
int k
Definition: mpi.c:3369
#define LOWORD(l)
Definition: pedump.c:82
static unsigned char buff[32768]
Definition: fatten.c:17
int BOOL
Definition: pedump.c:63
BYTE Data[1]
Definition: compat.h:162
PDWORD * AddressOfNames
Definition: pedump.c:318
#define IMAGE_OS2_SIGNATURE_LE
Definition: pedump.c:91
DWORD dwUseless1
Definition: pedump.c:831
int WINAPI GetSectionNames(LPVOID, char **)
Definition: pedump.c:1136
struct _IMAGE_DIALOG_BOX_HEADER1 * PIMAGE_DIALOG_HEADER
#define bcopy(s, d, z)
Definition: pedump.c:54
DWORD PointerToRelocations
Definition: pedump.c:291
char * pos
Definition: pedump.c:865
DWORD Reserved
Definition: pedump.c:462
BOOLEAN Unicode
Definition: compat.h:160
#define printf
Definition: config.h:213
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:29
DWORD dwUseless2
Definition: pedump.c:832
DWORD Size
Definition: pedump.c:460
GLint fsize
Definition: glext.h:9408