ReactOS 0.4.15-dev-6680-g8c76870
pedump.c
Go to the documentation of this file.
1//
2// This program was written by Sang Cho, assistant professor at
3// the department of
4// computer science and engineering
5// chongju university
6// this program is based on the program pefile.c
7// which is written by Randy Kath(Microsoft Developmer Network Technology Group)
8// in june 12, 1993.
9// I have investigated P.E. file format as thoroughly as possible,
10// but I cannot claim that I am an expert yet, so some of its information
11// may give you wrong results.
12//
13//
14//
15// language used: djgpp
16// date of creation: September 28, 1997
17//
18// date of first release: October 15, 1997
19//
20//
21// you can contact me: e-mail address: sangcho@alpha94.chongju.ac.kr
22// hitel id: chokhas
23// phone number: (0431) 229-8491 +82-431-229-8491
24//
25//
26//
27// Copyright (C) 1997. by Sang Cho.
28//
29// Permission is granted to make and distribute verbatim copies of this
30// program provided the copyright notice and this permission notice are
31// preserved on all copies.
32//
33//
34// File: pedump.c ( I included header file into source file. )
35//
36// LICENSE
37// Sources released under GNU General Public License version 2
38// or later by Mr. Sang Cho permission.
39//
40// REVISIONS
41// 2000-04-23 (ea) Initial adaptation to GCC/MinGW/ROS.
42// 2000-08-05 (ea) Initial raw adaptation done.
43//
44
45#include <stdio.h>
46#include <stdlib.h>
47#include <stdarg.h>
48#include <string.h>
49#include <setjmp.h>
50#include <malloc.h>
51#include <ctype.h>
52
53#ifndef bcopy
54#define bcopy(s,d,z) memcpy((d),(s),(z))
55#endif
56
57typedef char CHAR;
58typedef short WCHAR;
59typedef short SHORT;
60typedef long LONG;
61typedef unsigned short USHORT;
62typedef unsigned long DWORD;
63typedef int BOOL;
64typedef unsigned char BYTE;
65typedef unsigned short WORD;
66typedef BYTE *PBYTE;
67typedef WORD *PWORD;
68typedef DWORD *PDWORD;
69typedef void *LPVOID;
70typedef int boolean;
71
72#define VOID void
73#define BOOLEAN boolean
74
75#ifndef NULL
76#define NULL 0
77#endif
78
79#define FALSE 0
80#define TRUE 1
81#define CONST const
82#define LOWORD(l) ((WORD)(l))
83#define WINAPI __stdcall
84
85//
86// Image Format
87//
88
89#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
90#define IMAGE_OS2_SIGNATURE 0x454E // NE
91#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
92#define IMAGE_VXD_SIGNATURE 0x454C // LE
93#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
94
95typedef struct _IMAGE_DOS_HEADER
96 { // DOS .EXE header
97
98 WORD e_magic; // Magic number
99
100 WORD e_cblp; // Bytes on last page of file
101
102 WORD e_cp; // Pages in file
103
104 WORD e_crlc; // Relocations
105
106 WORD e_cparhdr; // Size of header in paragraphs
107
108 WORD e_minalloc; // Minimum extra paragraphs needed
109
110 WORD e_maxalloc; // Maximum extra paragraphs needed
111
112 WORD e_ss; // Initial (relative) SS value
113
114 WORD e_sp; // Initial SP value
115
116 WORD e_csum; // Checksum
117
118 WORD e_ip; // Initial IP value
119
120 WORD e_cs; // Initial (relative) CS value
121
122 WORD e_lfarlc; // File address of relocation table
123
124 WORD e_ovno; // Overlay number
125
126 WORD e_res[4]; // Reserved words
127
128 WORD e_oemid; // OEM identifier (for e_oeminfo)
129
130 WORD e_oeminfo; // OEM information; e_oemid specific
131
132 WORD e_res2[10]; // Reserved words
133
134 LONG e_lfanew; // File address of new exe header
135
136 }
138
139//
140// File header format.
141//
142
143
144
145typedef struct _IMAGE_FILE_HEADER
146 {
154 }
156
157#define IMAGE_SIZEOF_FILE_HEADER 20
158
159#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 // Relocation info stripped from file.
160#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 // File is executable (i.e. no unresolved externel references).
161#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 // Line nunbers stripped from file.
162#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 // Local symbols stripped from file.
163#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 // Bytes of machine word are reversed.
164#define IMAGE_FILE_32BIT_MACHINE 0x0100 // 32 bit word machine.
165#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 // Debugging info stripped from file in .DBG file
166#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 // If Image is on removable media, copy and run from the swap file.
167#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 // If Image is on Net, copy and run from the swap file.
168#define IMAGE_FILE_SYSTEM 0x1000 // System File.
169#define IMAGE_FILE_DLL 0x2000 // File is a DLL.
170#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 // File should only be run on a UP machine
171#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 // Bytes of machine word are reversed.
172
173#define IMAGE_FILE_MACHINE_UNKNOWN 0
174#define IMAGE_FILE_MACHINE_I386 0x14c // Intel 386.
175#define IMAGE_FILE_MACHINE_R3000 0x162 // MIPS little-endian, 0x160 big-endian
176#define IMAGE_FILE_MACHINE_R4000 0x166 // MIPS little-endian
177#define IMAGE_FILE_MACHINE_R10000 0x168 // MIPS little-endian
178#define IMAGE_FILE_MACHINE_ALPHA 0x184 // Alpha_AXP
179#define IMAGE_FILE_MACHINE_POWERPC 0x1F0 // IBM PowerPC Little-Endian
180
181
182
183//
184// Directory format.
185//
186
187typedef struct _IMAGE_DATA_DIRECTORY
188 {
190 DWORD Size;
191
192 }
194
195#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
196
197//
198// Optional header format.
199//
200
201typedef struct _IMAGE_OPTIONAL_HEADER
202 {
203 //
204 // Standard fields.
205 //
206 WORD Magic;
215
216 //
217 // NT additional fields.
218 //
219
242
243 }
245
246
247typedef struct _IMAGE_NT_HEADERS
248 {
252
253 }
255
256
257// Directory Entries
258
259#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
260#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
261#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
262#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
263#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
264#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
265#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
266#define IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // Description String
267#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // Machine Value (MIPS GP)
268#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
269#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
270#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
271#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
272
273//
274// Section header format.
275//
276
277#define IMAGE_SIZEOF_SHORT_NAME 8
278
280 {
282 union
283 {
286 }
296
297 }
299
300#define IMAGE_SIZEOF_SECTION_HEADER 40
301
302
303//
304// Export Format
305//
306
307typedef struct _IMAGE_EXPORT_DIRECTORY
308 {
313 DWORD Name;
314 DWORD Base;
320
321 }
323
324//
325// Import Format
326//
327
329 {
332
333 }
335
336#define IMAGE_ORDINAL_FLAG 0x80000000
337#define IMAGE_ORDINAL(Ordinal) (Ordinal & 0xffff)
338
339
340//
341// Resource Format.
342//
343
344//
345// Resource directory consists of two counts, following by a variable length
346// array of directory entries. The first count is the number of entries at
347// beginning of the array that have actual names associated with each entry.
348// The entries are in ascending order, case insensitive strings. The second
349// count is the number of entries that immediately follow the named entries.
350// This second count identifies the number of entries that have 16-bit integer
351// Ids as their name. These entries are also sorted in ascending order.
352//
353// This structure allows fast lookup by either name or number, but for any
354// given resource entry only one form of lookup is supported, not both.
355// This is consistant with the syntax of the .RC file and the .RES file.
356//
357
358// Predefined resource types ... there may be some more, but I don't have
359// the information yet. .....sang cho.....
360
361#define RT_NEWRESOURCE 0x2000
362#define RT_ERROR 0x7fff
363#define RT_CURSOR 1
364#define RT_BITMAP 2
365#define RT_ICON 3
366#define RT_MENU 4
367#define RT_DIALOG 5
368#define RT_STRING 6
369#define RT_FONTDIR 7
370#define RT_FONT 8
371#define RT_ACCELERATORS 9
372#define RT_RCDATA 10
373#define RT_MESSAGETABLE 11
374#define RT_GROUP_CURSOR 12
375#define RT_GROUP_ICON 14
376#define RT_VERSION 16
377#define NEWBITMAP (RT_BITMAP|RT_NEWRESOURCE)
378#define NEWMENU (RT_MENU|RT_NEWRESOURCE)
379#define NEWDIALOG (RT_DIALOG|RT_NEWRESOURCE)
380
381
383 {
390// IMAGE_RESOURCE_DIRECTORY_ENTRY DirectoryEntries[1];
391
392 }
394
395#define IMAGE_RESOURCE_NAME_IS_STRING 0x80000000
396#define IMAGE_RESOURCE_DATA_IS_DIRECTORY 0x80000000
397
398//
399// Each directory contains the 32-bit Name of the entry and an offset,
400// relative to the beginning of the resource directory of the data associated
401// with this directory entry. If the name of the entry is an actual text
402// string instead of an integer Id, then the high order bit of the name field
403// is set to one and the low order 31-bits are an offset, relative to the
404// beginning of the resource directory of the string, which is of type
405// IMAGE_RESOURCE_DIRECTORY_STRING. Otherwise the high bit is clear and the
406// low-order 16-bits are the integer Id that identify this resource directory
407// entry. If the directory entry is yet another resource directory (i.e. a
408// subdirectory), then the high order bit of the offset field will be
409// set to indicate this. Otherwise the high bit is clear and the offset
410// field points to a resource data entry.
411//
412
414 {
417
418 }
420
421//
422// For resource directory entries that have actual string names, the Name
423// field of the directory entry points to an object of the following type.
424// All of these string objects are stored together after the last resource
425// directory entry and before the first resource data object. This minimizes
426// the impact of these variable length objects on the alignment of the fixed
427// size directory entry objects.
428//
429
431 {
434
435 }
437
438
440 {
443
444 }
446
447
448//
449// Each resource data entry describes a leaf node in the resource directory
450// tree. It contains an offset, relative to the beginning of the resource
451// directory of the data for the resource, a size field that gives the number
452// of bytes of data at that offset, a CodePage that should be used when
453// decoding code point values within the resource data. Typically for new
454// applications the code page would be the unicode code page.
455//
456
458 {
463
464 }
466
467
468// Menu Resources ... added by .....sang cho....
469
470// Menu resources are composed of a menu header followed by a sequential list
471// of menu items. There are two types of menu items: pop-ups and normal menu
472// itmes. The MENUITEM SEPARATOR is a special case of a normal menu item with
473// an empty name, zero ID, and zero flags.
474
475typedef struct _IMAGE_MENU_HEADER
476 {
477 WORD wVersion; // Currently zero
478
479 WORD cbHeaderSize; // Also zero
480
481 }
483
485 {
488
489 }
491
493 {
497
498 }
500
501#define GRAYED 0x0001 // GRAYED keyword
502#define INACTIVE 0x0002 // INACTIVE keyword
503#define BITMAP 0x0004 // BITMAP keyword
504#define OWNERDRAW 0x0100 // OWNERDRAW keyword
505#define CHECKED 0x0008 // CHECKED keyword
506#define POPUP 0x0010 // used internally
507#define MENUBARBREAK 0x0020 // MENUBARBREAK keyword
508#define MENUBREAK 0x0040 // MENUBREAK keyword
509#define ENDMENU 0x0080 // used internally
510
511
512// Dialog Box Resources .................. added by sang cho.
513
514// A dialog box is contained in a single resource and has a header and
515// a portion repeated for each control in the dialog box.
516// The item DWORD IStyle is a standard window style composed of flags found
517// in WINDOWS.H.
518// The default style for a dialog box is:
519// WS_POPUP | WS_BORDER | WS_SYSMENU
520//
521// The itme marked "Name or Ordinal" are :
522// If the first word is an 0xffff, the next two bytes contain an ordinal ID.
523// Otherwise, the first one or more WORDS contain a double-null-terminated string.
524// An empty string is represented by a single WORD zero in the first location.
525//
526// The WORD wPointSize and WCHAR szFontName entries are present if the FONT
527// statement was included for the dialog box. This can be detected by checking
528// the entry IStyle. If IStyle & DS_SETFONT ( which is 0x40), then these
529// entries will be present.
530
532 {
534 DWORD IExtendedStyle; // New for Windows NT
535
536 WORD nControls; // Number of Controls
537
542// N_OR_O MenuName; // Name or Ordinal ID
543 // N_OR_O ClassName; // Name or Ordinal ID
544 // WCHAR szCaption[];
545 // WORD wPointSize; // Only here if FONT set for dialog
546 // WCHAR szFontName[]; // This too
547 }
549
550typedef union _NAME_OR_ORDINAL
551 { // Name or Ordinal ID
552
553 struct _ORD_ID
554 {
557 }
560 }
562
563// The data for each control starts on a DWORD boundary (which may require
564// some padding from the previous control), and its format is as follows:
565
567 {
575// N_OR_O ClassId;
576 // N_OR_O Text;
577 // WORD nExtraStuff;
578 }
580
581#define BUTTON 0x80
582#define EDIT 0x81
583#define STATIC 0x82
584#define LISTBOX 0x83
585#define SCROLLBAR 0x84
586#define COMBOBOX 0x85
587
588// The various statements used in a dialog script are all mapped to these
589// classes along with certain modifying styles. The values for these styles
590// can be found in WINDOWS.H. All dialog controls have the default styles
591// of WS_CHILD and WS_VISIBLE. A list of the default styles used follows:
592//
593// Statement Default Class Default Styles
594// CONTROL None WS_CHILD|WS_VISIBLE
595// LTEXT STATIC ES_LEFT
596// RTEXT STATIC ES_RIGHT
597// CTEXT STATIC ES_CENTER
598// LISTBOX LISTBOX WS_BORDER|LBS_NOTIFY
599// CHECKBOX BUTTON BS_CHECKBOX|WS_TABSTOP
600// PUSHBUTTON BUTTON BS_PUSHBUTTON|WS_TABSTOP
601// GROUPBOX BUTTON BS_GROUPBOX
602// DEFPUSHBUTTON BUTTON BS_DFPUSHBUTTON|WS_TABSTOP
603// RADIOBUTTON BUTTON BS_RADIOBUTTON
604// AUTOCHECKBOX BUTTON BS_AUTOCHECKBOX
605// AUTO3STATE BUTTON BS_AUTO3STATE
606// AUTORADIOBUTTON BUTTON BS_AUTORADIOBUTTON
607// PUSHBOX BUTTON BS_PUSHBOX
608// STATE3 BUTTON BS_3STATE
609// EDITTEXT EDIT ES_LEFT|WS_BORDER|WS_TABSTOP
610// COMBOBOX COMBOBOX None
611// ICON STATIC SS_ICON
612// SCROLLBAR SCROLLBAR None
614
615#define WS_OVERLAPPED 0x00000000L
616#define WS_POPUP 0x80000000L
617#define WS_CHILD 0x40000000L
618#define WS_CLIPSIBLINGS 0x04000000L
619#define WS_CLIPCHILDREN 0x02000000L
620#define WS_VISIBLE 0x10000000L
621#define WS_DISABLED 0x08000000L
622#define WS_MINIMIZE 0x20000000L
623#define WS_MAXIMIZE 0x01000000L
624#define WS_CAPTION 0x00C00000L
625#define WS_BORDER 0x00800000L
626#define WS_DLGFRAME 0x00400000L
627#define WS_VSCROLL 0x00200000L
628#define WS_HSCROLL 0x00100000L
629#define WS_SYSMENU 0x00080000L
630#define WS_THICKFRAME 0x00040000L
631#define WS_MINIMIZEBOX 0x00020000L
632#define WS_MAXIMIZEBOX 0x00010000L
633#define WS_GROUP 0x00020000L
634#define WS_TABSTOP 0x00010000L
635
636// other aliases
637#define WS_OVERLAPPEDWINDOW (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX)
638#define WS_POPUPWINDOW (WS_POPUP | WS_BORDER | WS_SYSMENU)
639#define WS_CHILDWINDOW (WS_CHILD)
640#define WS_TILED WS_OVERLAPPED
641#define WS_ICONIC WS_MINIMIZE
642#define WS_SIZEBOX WS_THICKFRAME
643#define WS_TILEDWINDOW WS_OVERLAPPEDWINDOW
644
645#define WS_EX_DLGMODALFRAME 0x00000001L
646#define WS_EX_NOPARENTNOTIFY 0x00000004L
647#define WS_EX_TOPMOST 0x00000008L
648#define WS_EX_ACCEPTFILES 0x00000010L
649#define WS_EX_TRANSPARENT 0x00000020L
650
651#define BS_PUSHBUTTON 0x00000000L
652#define BS_DEFPUSHBUTTON 0x00000001L
653#define BS_CHECKBOX 0x00000002L
654#define BS_AUTOCHECKBOX 0x00000003L
655#define BS_RADIOBUTTON 0x00000004L
656#define BS_3STATE 0x00000005L
657#define BS_AUTO3STATE 0x00000006L
658#define BS_GROUPBOX 0x00000007L
659#define BS_USERBUTTON 0x00000008L
660#define BS_AUTORADIOBUTTON 0x00000009L
661#define BS_OWNERDRAW 0x0000000BL
662#define BS_LEFTTEXT 0x00000020L
663
664#define ES_LEFT 0x00000000L
665#define ES_CENTER 0x00000001L
666#define ES_RIGHT 0x00000002L
667#define ES_MULTILINE 0x00000004L
668#define ES_UPPERCASE 0x00000008L
669#define ES_LOWERCASE 0x00000010L
670#define ES_PASSWORD 0x00000020L
671#define ES_AUTOVSCROLL 0x00000040L
672#define ES_AUTOHSCROLL 0x00000080L
673#define ES_NOHIDESEL 0x00000100L
674#define ES_OEMCONVERT 0x00000400L
675#define ES_READONLY 0x00000800L
676#define ES_WANTRETURN 0x00001000L
677
678#define LBS_NOTIFY 0x0001L
679#define LBS_SORT 0x0002L
680#define LBS_NOREDRAW 0x0004L
681#define LBS_MULTIPLESEL 0x0008L
682#define LBS_OWNERDRAWFIXED 0x0010L
683#define LBS_OWNERDRAWVARIABLE 0x0020L
684#define LBS_HASSTRINGS 0x0040L
685#define LBS_USETABSTOPS 0x0080L
686#define LBS_NOINTEGRALHEIGHT 0x0100L
687#define LBS_MULTICOLUMN 0x0200L
688#define LBS_WANTKEYBOARDINPUT 0x0400L
689#define LBS_EXTENDEDSEL 0x0800L
690#define LBS_DISABLENOSCROLL 0x1000L
691
692#define SS_LEFT 0x00000000L
693#define SS_CENTER 0x00000001L
694#define SS_RIGHT 0x00000002L
695#define SS_ICON 0x00000003L
696#define SS_BLACKRECT 0x00000004L
697#define SS_GRAYRECT 0x00000005L
698#define SS_WHITERECT 0x00000006L
699#define SS_BLACKFRAME 0x00000007L
700#define SS_GRAYFRAME 0x00000008L
701#define SS_WHITEFRAME 0x00000009L
702#define SS_SIMPLE 0x0000000BL
703#define SS_LEFTNOWORDWRAP 0x0000000CL
704#define SS_BITMAP 0x0000000EL
705
706//
707// Debug Format
708//
709
710typedef struct _IMAGE_DEBUG_DIRECTORY
711 {
716 DWORD Type;
720 }
722
723#define IMAGE_DEBUG_TYPE_UNKNOWN 0
724#define IMAGE_DEBUG_TYPE_COFF 1
725#define IMAGE_DEBUG_TYPE_CODEVIEW 2
726#define IMAGE_DEBUG_TYPE_FPO 3
727#define IMAGE_DEBUG_TYPE_MISC 4
728#define IMAGE_DEBUG_TYPE_EXCEPTION 5
729#define IMAGE_DEBUG_TYPE_FIXUP 6
730#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
731#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
732
733
734typedef struct _IMAGE_DEBUG_MISC
735 {
736 DWORD DataType; // type of misc data, see defines
737
738 DWORD Length; // total length of record, rounded to four
739 // byte multiple.
740
741 BOOLEAN Unicode; // TRUE if data is unicode string
742
743 BYTE Reserved[3];
744 BYTE Data[1]; // Actual data
745
746 }
748
749
750//
751// Debugging information can be stripped from an image file and placed
752// in a separate .DBG file, whose file name part is the same as the
753// image file name part (e.g. symbols for CMD.EXE could be stripped
754// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
755// flag in the Characteristics field of the file header. The beginning of
756// the .DBG file contains the following structure which captures certain
757// information from the image file. This allows a debug to proceed even if
758// the original image file is not accessable. This header is followed by
759// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
760// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
761// the image file contain file offsets relative to the beginning of the
762// .DBG file.
763//
764// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
765// is left in the image file, but not mapped. This allows a debugger to
766// compute the name of the .DBG file, from the name of the image in the
767// IMAGE_DEBUG_MISC structure.
768//
769
770typedef struct _IMAGE_SEPARATE_DEBUG_HEADER
771 {
773 WORD Flags;
784 DWORD Reserved[2];
785 }
787
788#define IMAGE_SEPARATE_DEBUG_SIGNATURE 0x4944
789
790#define IMAGE_SEPARATE_DEBUG_FLAGS_MASK 0x8000
791#define IMAGE_SEPARATE_DEBUG_MISMATCH 0x8000 // when DBG was updated, the
792 // old checksum didn't match.
793
794
795//
796// End Image Format
797//
798
799
800#define SIZE_OF_NT_SIGNATURE sizeof (DWORD)
801#define MAXRESOURCENAME 13
802
803/* global macros to define header offsets into file */
804/* offset to PE file signature */
805#define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + \
806 ((PIMAGE_DOS_HEADER)a)->e_lfanew))
807
808/* DOS header identifies the NT PEFile signature dword
809 the PEFILE header exists just after that dword */
810#define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + \
811 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
812 SIZE_OF_NT_SIGNATURE))
813
814/* PE optional header is immediately after PEFile header */
815#define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + \
816 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
817 SIZE_OF_NT_SIGNATURE + \
818 sizeof (IMAGE_FILE_HEADER)))
819
820/* section headers are immediately after PE optional header */
821#define SECHDROFFSET(a) ((LPVOID)((BYTE *)a + \
822 ((PIMAGE_DOS_HEADER)a)->e_lfanew + \
823 SIZE_OF_NT_SIGNATURE + \
824 sizeof (IMAGE_FILE_HEADER) + \
825 sizeof (IMAGE_OPTIONAL_HEADER)))
826
827
828typedef struct tagImportDirectory
829 {
835 }
837
838
839/* global prototypes for functions in pefile.c */
840/* PE file header info */
844
845/* PE optional header info */
852
853/* PE section header info */
854//int WINAPI GetSectionNames (LPVOID, HANDLE, char **);
855int WINAPI GetSectionNames (LPVOID, char **);
857
858//
859// structur to store string tokens
860//
861typedef struct _Str_P
862 {
863 char flag; // string_flag '@' or '%' or '#'
864
865 char *pos; // starting postion of string
866
867 int length; // length of string
868
869 BOOL wasString; // if it were stringMode or not
870
871 }
873
874/* import section info */
875int WINAPI GetImportModuleNames (LPVOID, char **);
876int WINAPI GetImportFunctionNamesByModule (LPVOID, char *, char **);
877
878// import function name reporting
879int WINAPI GetStringLength (char *);
880void WINAPI GetPreviousParamString (char *, char *);
881void WINAPI TranslateParameters (char **, char **, char **);
882BOOL WINAPI StringExpands (char **, char **, char **, Str_P *);
883char * WINAPI TranslateFunctionName (char *);
884
885/* export section info */
887
888/* resource section info */
891int WINAPI MenuScan (int *, WORD **);
892int WINAPI MenuFill (char **, WORD **);
893void WINAPI StrangeMenuFill (char **, WORD **, int);
894int WINAPI GetContentsOfMenu (LPVOID, char **);
895int WINAPI PrintMenu (int, char **);
896int WINAPI PrintStrangeMenu (char **);
897int WINAPI dumpMenu (char **psz, int size);
898
899/* debug section info */
901int WINAPI RetrieveModuleName (LPVOID, char **);
904
905
906/**********************************************************************
907 * NAME
908 *
909 * DESCRIPTION
910 * Copy DOS header information to structure.
911 *
912 * ARGUMENTS
913 */
916 LPVOID lpFile,
918)
919{
920 /*
921 * DOS header represents first structure
922 * of bytes in PE image file.
923 */
924 if ((WORD) IMAGE_DOS_SIGNATURE == *(WORD *) lpFile)
925 {
926 bcopy (
927 lpFile,
928 (LPVOID) pHeader,
929 sizeof (IMAGE_DOS_HEADER)
930 );
931 return TRUE;
932 }
933 return FALSE;
934}
935
936
937
938
939/* return file signature */
942 LPVOID lpFile)
943{
944 /* dos file signature comes first */
945 if (*(USHORT *) lpFile == IMAGE_DOS_SIGNATURE)
946 {
947 /* determine location of PE File header from dos header */
948 if (LOWORD (*(DWORD *) NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE ||
950 return (DWORD) LOWORD (*(DWORD *) NTSIGNATURE (lpFile));
951
952 else if (*(DWORD *) NTSIGNATURE (lpFile) == IMAGE_NT_SIGNATURE)
953 return IMAGE_NT_SIGNATURE;
954
955 else
956 return IMAGE_DOS_SIGNATURE;
957 }
958
959 else
960 /* unknown file type */
961 return 0;
962}
963
964
965
966
967/* copy file header information to structure */
970 LPVOID lpFile,
972{
973 /* file header follows dos header */
974 if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
975 bcopy (PEFHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_FILE_HEADER));
976 else
977 return FALSE;
978
979 return TRUE;
980}
981
982
983
984
985
986/* copy optional header info to structure */
989 LPVOID lpFile,
991{
992 /* optional header follows file header and dos header */
993 if (ImageFileType (lpFile) == IMAGE_NT_SIGNATURE)
994 bcopy (OPTHDROFFSET (lpFile), (LPVOID) pHeader, sizeof (IMAGE_OPTIONAL_HEADER));
995 else
996 return FALSE;
997
998 return TRUE;
999}
1000
1001
1002
1003
1004/* function returns the entry point for an exe module lpFile must
1005 be a memory mapped file pointer to the beginning of the image file */
1008 LPVOID lpFile)
1009{
1011
1012 if (poh != NULL)
1013 return (LPVOID) (poh->AddressOfEntryPoint);
1014 else
1015 return NULL;
1016}
1017
1018
1019
1020
1021/* return the total number of sections in the module */
1022int WINAPI
1024 LPVOID lpFile)
1025{
1026 /* number os sections is indicated in file header */
1027 return ((int) ((PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile))->NumberOfSections);
1028}
1029
1030
1031
1032
1033/* retrieve entry point */
1036 LPVOID lpFile)
1037{
1039
1040 if (poh != NULL)
1041 return (LPVOID) (poh->ImageBase);
1042 else
1043 return NULL;
1044}
1045
1046
1047
1048//
1049// This function is written by sang cho
1050// .. october 5, 1997
1051//
1052/* function returns the actual address of given RVA, lpFile must
1053 be a memory mapped file pointer to the beginning of the image file */
1056 LPVOID lpFile,
1057 DWORD dwRVA)
1058{
1059// PIMAGE_OPTIONAL_HEADER poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile);
1061 int nSections = NumOfSections (lpFile);
1062 int i = 0;
1063
1064 if (dwRVA == 0)
1065 return NULL;
1066 if (dwRVA & 0x80000000)
1067 {
1068 //return (LPVOID)dwRVA;
1069 printf ("\n$$ what is going on $$");
1070 exit (0);
1071 }
1072
1073 /* locate section containing image directory */
1074 while (i++ < nSections)
1075 {
1076 if (psh->VirtualAddress <= (DWORD) dwRVA &&
1077 psh->VirtualAddress + psh->SizeOfRawData > (DWORD) dwRVA)
1078 break;
1079 psh++;
1080 }
1081
1082 if (i > nSections)
1083 return NULL;
1084
1085 /* return image import directory offset */
1086 return (LPVOID) (((int) lpFile + (int) dwRVA - psh->VirtualAddress) +
1087 (int) psh->PointerToRawData);
1088}
1089
1090
1091//
1092// This function is modified by sang cho
1093//
1094//
1095/* return offset to specified IMAGE_DIRECTORY entry */
1098 LPVOID lpFile,
1099 DWORD dwIMAGE_DIRECTORY)
1100{
1103 int nSections = NumOfSections (lpFile);
1104 int i = 0;
1105 LPVOID VAImageDir;
1106
1107 /* must be 0 thru (NumberOfRvaAndSizes-1) */
1108 if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes)
1109 return NULL;
1110
1111 /* locate specific image directory's relative virtual address */
1112 VAImageDir = (LPVOID) poh->DataDirectory[dwIMAGE_DIRECTORY].VirtualAddress;
1113
1114 if (VAImageDir == NULL)
1115 return NULL;
1116 /* locate section containing image directory */
1117 while (i++ < nSections)
1118 {
1119 if (psh->VirtualAddress <= (DWORD) VAImageDir &&
1120 psh->VirtualAddress + psh->SizeOfRawData > (DWORD) VAImageDir)
1121 break;
1122 psh++;
1123 }
1124
1125 if (i > nSections)
1126 return NULL;
1127
1128 /* return image import directory offset */
1129 return (LPVOID) (((int) lpFile + (int) VAImageDir - psh->VirtualAddress) +
1130 (int) psh->PointerToRawData);
1131}
1132
1133
1134/* function retrieve names of all the sections in the file */
1135int WINAPI
1137 LPVOID lpFile,
1138 char **pszSections)
1139{
1140 int nSections = NumOfSections (lpFile);
1141 int i, nCnt = 0;
1143 char *ps;
1144
1145
1146 if (ImageFileType (lpFile) != IMAGE_NT_SIGNATURE ||
1147 (psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) == NULL)
1148 return 0;
1149
1150 /* count the number of chars used in the section names */
1151 for (i = 0; i < nSections; i++)
1152 nCnt += strlen ((char *)psh[i].Name) + 1;
1153
1154 /* allocate space for all section names from heap */
1155 ps = *pszSections = (char *) calloc (nCnt, 1);
1156
1157
1158 for (i = 0; i < nSections; i++)
1159 {
1160 strcpy (ps, (char *)psh[i].Name);
1161 ps += strlen ((char *)psh[i].Name) + 1;
1162 }
1163
1164 return nCnt;
1165}
1166
1167
1168
1169
1170/* function gets the function header for a section identified by name */
1173 LPVOID lpFile,
1175 char *szSection)
1176{
1178 int nSections = NumOfSections (lpFile);
1179 int i;
1180
1181
1182 if ((psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile)) != NULL)
1183 {
1184 /* find the section by name */
1185 for (i = 0; i < nSections; i++)
1186 {
1187 if (!strcmp ((char *)psh->Name, szSection))
1188 {
1189 /* copy data to header */
1190 bcopy ((LPVOID) psh, (LPVOID) sh, sizeof (IMAGE_SECTION_HEADER));
1191 return TRUE;
1192 }
1193 else
1194 psh++;
1195 }
1196 }
1197 return FALSE;
1198}
1199
1200
1201
1202//
1203// This function is modified by sang cho
1204//
1205//
1206/* get import modules names separated by null terminators, return module count */
1207int WINAPI
1209 LPVOID lpFile,
1210 char **pszModules)
1211{
1214 //
1215 // sometimes there may be no section for idata or edata
1216 // instead rdata or data section may contain these sections ..
1217 // or even module names or function names are in different section.
1218 // so that's why we need to get actual address of RVAs each time.
1219 // ...................sang cho..................
1220 //
1221 // PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1222 // ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1223 // BYTE *pData = (BYTE *)pid;
1224 // DWORD *pdw = (DWORD *)pid;
1225 int nCnt = 0, nSize = 0, i;
1226 char *pModule[1024]; /* hardcoded maximum number of modules?? */
1227 char *psz;
1228
1229 if (pid == NULL)
1230 return 0;
1231
1232 // pData = (BYTE *)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1233
1234 /* extract all import modules */
1235 while (pid->dwRVAModuleName)
1236 {
1237 /* allocate temporary buffer for absolute string offsets */
1238 //pModule[nCnt] = (char *)(pData + pid->dwRVAModuleName);
1239 pModule[nCnt] = (char *) GetActualAddress (lpFile, pid->dwRVAModuleName);
1240 nSize += strlen (pModule[nCnt]) + 1;
1241
1242 /* increment to the next import directory entry */
1243 pid++;
1244 nCnt++;
1245 }
1246
1247 /* copy all strings to one chunk of memory */
1248 *pszModules = (char *) calloc (nSize, 1);
1249 psz = *pszModules;
1250 for (i = 0; i < nCnt; i++)
1251 {
1252 strcpy (psz, pModule[i]);
1253 psz += strlen (psz) + 1;
1254 }
1255 return nCnt;
1256}
1257
1258
1259//
1260// This function is rewritten by sang cho
1261//
1262//
1263/* get import module function names separated by null terminators, return function count */
1264int WINAPI
1266 LPVOID lpFile,
1267 char *pszModule,
1268 char **pszFunctions)
1269{
1272 //
1273 // sometimes there may be no section for idata or edata
1274 // instead rdata or data section may contain these sections ..
1275 // or even module names or function names are in different section.
1276 // so that's why we need to get actual address each time.
1277 // ...................sang cho..................
1278 //
1279 //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
1280 //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT);
1281 //DWORD dwBase;
1282 int nCnt = 0, nSize = 0;
1283 int nnid = 0;
1284 int mnlength, i;
1285 DWORD dwFunctionName;
1286 DWORD dwFunctionAddress;
1287 char name[128];
1288 char buff[256]; // enough for any string ??
1289
1290 char *psz;
1291 DWORD *pdw;
1292
1293 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
1294
1295 /* find module's pid */
1296 while (pid->dwRVAModuleName &&
1297 strcmp (pszModule, (char *) GetActualAddress (lpFile, pid->dwRVAModuleName)))
1298 pid++;
1299
1300 /* exit if the module is not found */
1301 if (!pid->dwRVAModuleName)
1302 return 0;
1303
1304 // I am doing this to get rid of .dll from module name
1305 strcpy (name, pszModule);
1306 mnlength = strlen (pszModule);
1307 for (i = 0; i < mnlength; i++)
1308 if (name[i] == '.')
1309 break;
1310 name[i] = 0;
1311 mnlength = i;
1312
1313 /* count number of function names and length of strings */
1314 dwFunctionName = pid->dwRVAFunctionNameList;
1315
1316 // IMAGE_IMPORT_BY_NAME OR IMAGE_THUNK_DATA
1317 // modified by Sang Cho
1318 while (dwFunctionName &&
1319 *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1320 {
1321 if ((*pdw) & 0x80000000)
1322 nSize += mnlength + 10 + 1 + 6;
1323 else
1324 nSize += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1 + 6;
1325 dwFunctionName += 4;
1326 nCnt++;
1327 }
1328
1329 /* allocate memory for function names */
1330 *pszFunctions = (char *) calloc (nSize, 1);
1331 psz = *pszFunctions;
1332
1333 //
1334 // I modified this part to store function address (4 bytes),
1335 // ord number (2 bytes),
1336 // and name strings (which was there originally)
1337 // so that's why there are 6 more bytes...... +6, or +4 and +2 etc.
1338 // these informations are used where they are needed.
1339 // ...........sang cho..................
1340 //
1341 /* copy function names to mempry pointer */
1342 dwFunctionName = pid->dwRVAFunctionNameList;
1343 dwFunctionAddress = pid->dwRVAFunctionAddressList;
1344 while (dwFunctionName &&
1345 *(pdw = (DWORD *) GetActualAddress (lpFile, dwFunctionName)))
1346 {
1347 if ((*pdw) & 0x80000000)
1348 {
1349 *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1350 psz += 4;
1351 *(short *) psz = *(short *) pdw;
1352 psz += 2;
1353 sprintf (buff, "%s:NoName%04d", name, nnid++);
1354 strcpy (psz, buff);
1355 psz += strlen (buff) + 1;
1356 }
1357 else
1358 {
1359 *(int *) psz = (int) (*(DWORD *) GetActualAddress (lpFile, dwFunctionAddress));
1360 psz += 4;
1361 *(short *) psz = (*(short *) GetActualAddress (lpFile, *pdw));
1362 psz += 2;
1363 strcpy (psz, (char *) GetActualAddress (lpFile, *pdw + 2));
1364 psz += strlen ((char *) GetActualAddress (lpFile, *pdw + 2)) + 1;
1365 }
1366 dwFunctionName += 4;
1367 dwFunctionAddress += 4;
1368 }
1369
1370 return nCnt;
1371}
1372
1373
1374
1375
1376//
1377// This function is written by sang cho
1378// October 6, 1997
1379//
1380/* get numerically expressed string length */
1381int WINAPI
1383 char *psz)
1384{
1385 if (!isdigit (*psz))
1386 return 0;
1387 if (isdigit (*(psz + 1)))
1388 return (*psz - '0') * 10 + *(psz + 1) - '0';
1389 else
1390 return *psz - '0';
1391}
1392
1393
1394
1395
1396//
1397// This function is written by sang cho
1398// October 12, 1997
1399//
1400
1401/* translate parameter part of condensed name */
1402void WINAPI
1404 char *xpin, // read-only source
1405 char *xpout) // translated result
1406 {
1407 int n = 0;
1408 char *pin, *pout;
1409
1410 pin = xpin;
1411 pout = xpout;
1412
1413 pin--;
1414 if (*pin == ',')
1415 pin--;
1416 else
1417 {
1418 printf ("\n **error PreviousParamString1 char = %c", *pin);
1419 exit (0);
1420 }
1421
1422 while (*pin)
1423 {
1424 if (*pin == '>')
1425 n++;
1426 else if (*pin == '<')
1427 n--;
1428 else if (*pin == ')')
1429 n++;
1430
1431 if (n > 0)
1432 {
1433 if (*pin == '(')
1434 n--;
1435 }
1436 else if (strchr (",(", *pin))
1437 break;
1438 pin--;
1439 }
1440
1441 //printf("\n ----- %s", pin);
1442 if (strchr (",(", *pin))
1443 {
1444 pin++;
1445 } // printf("\n %s", pin); }
1446
1447 else
1448 {
1449 printf ("\n **error PreviousParamString2");
1450 exit (0);
1451 }
1452
1453 n = xpin - pin - 1;
1454 strncpy (pout, pin, n);
1455 *(pout + n) = 0;
1456}
1457
1458
1459
1460
1461//
1462// This function is written by sang cho
1463// October 10, 1997
1464//
1465
1466/* translate parameter part of condensed name */
1467void WINAPI
1469 char **ppin, // read-only source
1470 char **ppout, // translated result
1471 char **pps) // parameter stack
1472 {
1473 int i, n;
1474 char c;
1475 char name[128];
1476 char *pin, *pout, *ps;
1477
1478 //printf(" %c ", **in);
1479 pin = *ppin;
1480 pout = *ppout;
1481 ps = *pps;
1482 c = *pin;
1483 switch (c)
1484 {
1485 // types processing
1486 case 'b':
1487 strcpy (pout, "byte");
1488 pout += 4;
1489 pin++;
1490 break;
1491 case 'c':
1492 strcpy (pout, "char");
1493 pout += 4;
1494 pin++;
1495 break;
1496 case 'd':
1497 strcpy (pout, "double");
1498 pout += 6;
1499 pin++;
1500 break;
1501 case 'f':
1502 strcpy (pout, "float");
1503 pout += 5;
1504 pin++;
1505 break;
1506 case 'g':
1507 strcpy (pout, "long double");
1508 pout += 11;
1509 pin++;
1510 break;
1511 case 'i':
1512 strcpy (pout, "int");
1513 pout += 3;
1514 pin++;
1515 break;
1516 case 'l':
1517 strcpy (pout, "long");
1518 pout += 4;
1519 pin++;
1520 break;
1521 case 's':
1522 strcpy (pout, "short");
1523 pout += 5;
1524 pin++;
1525 break;
1526 case 'v':
1527 strcpy (pout, "void");
1528 pout += 4;
1529 pin++;
1530 break;
1531 // postfix processing
1532 case 'M':
1533 case 'p':
1534 if (*(pin + 1) == 'p')
1535 {
1536 *ps++ = 'p';
1537 pin += 2;
1538 }
1539 else
1540 {
1541 *ps++ = '*';
1542 pin++;
1543 }
1544 *ppin = pin;
1545 *ppout = pout;
1546 *pps = ps;
1547 return;
1548 case 'q':
1549 *pout++ = '(';
1550 pin++;
1551 *ps++ = 'q';
1552 *ppin = pin;
1553 *ppout = pout;
1554 *pps = ps;
1555 return;
1556 case 'r':
1557 if (*(pin + 1) == 'p')
1558 {
1559 *ps++ = 'r';
1560 pin += 2;
1561 }
1562 else
1563 {
1564 *ps++ = '&';
1565 pin++;
1566 }
1567 *ppin = pin;
1568 *ppout = pout;
1569 *pps = ps;
1570 return;
1571 // repeat processing
1572 case 't':
1573 if (isdigit (*(pin + 1)))
1574 {
1575 n = *(pin + 1) - '0';
1576 pin++;
1577 pin++;
1579 strcpy (pout, name);
1580 pout += strlen (name);
1581 for (i = 1; i < n; i++)
1582 {
1583 *pout++ = ',';
1584 strcpy (pout, name);
1585 pout += strlen (name);
1586 }
1587 }
1588 else
1589 pin++;
1590 break;
1591 // prefix processing
1592 case 'u':
1593 strcpy (pout, "u");
1594 pout += 1;
1595 pin++;
1596 *ppin = pin;
1597 *ppout = pout;
1598 *pps = ps;
1599 return;
1600 case 'x':
1601 strcpy (pout, "const ");
1602 pout += 6;
1603 pin++;
1604 *ppin = pin;
1605 *ppout = pout;
1606 *pps = ps;
1607 return;
1608 case 'z':
1609 strcpy (pout, "static ");
1610 pout += 7;
1611 pin++;
1612 *ppin = pin;
1613 *ppout = pout;
1614 *pps = ps;
1615 return;
1616 default:
1617 strcpy (pout, "!1!");
1618 pout += 3;
1619 *pout++ = *pin++;
1620 *ppin = pin;
1621 *ppout = pout;
1622 *pps = ps;
1623 return;
1624 }
1625 // need to process postfix finally
1626 c = *(ps - 1);
1627 if (strchr ("tqx", c))
1628 {
1629 if (*(pin) && !strchr ("@$%", *(pin)))
1630 *pout++ = ',';
1631 *ppin = pin;
1632 *ppout = pout;
1633 *pps = ps;
1634 return;
1635 }
1636 switch (c)
1637 {
1638 case 'r':
1639 strcpy (pout, "*&");
1640 pout += 2;
1641 ps--;
1642 break;
1643 case 'p':
1644 strcpy (pout, "**");
1645 pout += 2;
1646 ps--;
1647 break;
1648 case '&':
1649 strcpy (pout, "&");
1650 pout += 1;
1651 ps--;
1652 break;
1653 case '*':
1654 strcpy (pout, "*");
1655 pout += 1;
1656 ps--;
1657 break;
1658 default:
1659 strcpy (pout, "!2!");
1660 pout += 3;
1661 ps--;
1662 break;
1663 }
1664 if (*(pin) && !strchr ("@$%", *(pin)))
1665 *pout++ = ',';
1666 *ppin = pin;
1667 *ppout = pout;
1668 *pps = ps;
1669}
1670
1671
1672//
1673// This function is written by sang cho
1674// October 11, 1997
1675//
1676
1677/* translate parameter part of condensed name */
1680 char **ppin, // read-only source
1681 char **ppout, // translated result
1682 char **pps, // parameter stack
1683 Str_P * pcstr) // currently stored string
1684 {
1685// int n;
1686 // char c;
1687 char *pin, *pout, *ps;
1688 Str_P c_str;
1689 BOOL stringMode = TRUE;
1690
1691 pin = *ppin;
1692 pout = *ppout;
1693 ps = *pps;
1694 c_str = *pcstr;
1695
1696 if (strncmp (pin, "bctr", 4) == 0)
1697 {
1698 strncpy (pout, c_str.pos, c_str.length);
1699 pout += c_str.length;
1700 pin += 4;
1701 }
1702 else if (strncmp (pin, "bdtr", 4) == 0)
1703 {
1704 *pout++ = '~';
1705 strncpy (pout, c_str.pos, c_str.length);
1706 pout += c_str.length;
1707 pin += 4;
1708 }
1709 else if (*pin == 'o')
1710 {
1711 strcpy (pout, "const ");
1712 pout += 6;
1713 pin++;
1714 stringMode = FALSE;
1715 }
1716 else if (*pin == 'q')
1717 {
1718 *pout++ = '(';
1719 pin++;
1720 *ps++ = 'q';
1721 stringMode = FALSE;
1722 }
1723 else if (*pin == 't')
1724 {
1725 //if (*(ps-1) == 't') { *pout++ = ','; pin++; } // this also got me...
1726 //else october 12 .. sang
1727 {
1728 *pout++ = '<';
1729 pin++;
1730 *ps++ = 't';
1731 }
1732 stringMode = FALSE;
1733 }
1734 else if (strncmp (pin, "xq", 2) == 0)
1735 {
1736 *pout++ = '(';
1737 pin += 2;
1738 *ps++ = 'x';
1739 *ps++ = 'q';
1740 stringMode = FALSE;
1741 }
1742 else if (strncmp (pin, "bcall", 5) == 0)
1743 {
1744 strcpy (pout, "operator ()");
1745 pout += 11;
1746 pin += 5;
1747 }
1748 else if (strncmp (pin, "bsubs", 5) == 0)
1749 {
1750 strcpy (pout, "operator []");
1751 pout += 11;
1752 pin += 5;
1753 }
1754 else if (strncmp (pin, "bnwa", 4) == 0)
1755 {
1756 strcpy (pout, "operator new[]");
1757 pout += 14;
1758 pin += 4;
1759 }
1760 else if (strncmp (pin, "bdla", 4) == 0)
1761 {
1762 strcpy (pout, "operator delete[]");
1763 pout += 17;
1764 pin += 4;
1765 }
1766 else if (strncmp (pin, "bnew", 4) == 0)
1767 {
1768 strcpy (pout, "operator new");
1769 pout += 12;
1770 pin += 4;
1771 }
1772 else if (strncmp (pin, "bdele", 5) == 0)
1773 {
1774 strcpy (pout, "operator delete");
1775 pout += 15;
1776 pin += 5;
1777 }
1778 else if (strncmp (pin, "blsh", 4) == 0)
1779 {
1780 strcpy (pout, "operator <<");
1781 pout += 11;
1782 pin += 4;
1783 }
1784 else if (strncmp (pin, "brsh", 4) == 0)
1785 {
1786 strcpy (pout, "operator >>");
1787 pout += 11;
1788 pin += 4;
1789 }
1790 else if (strncmp (pin, "binc", 4) == 0)
1791 {
1792 strcpy (pout, "operator ++");
1793 pout += 11;
1794 pin += 4;
1795 }
1796 else if (strncmp (pin, "bdec", 4) == 0)
1797 {
1798 strcpy (pout, "operator --");
1799 pout += 11;
1800 pin += 4;
1801 }
1802 else if (strncmp (pin, "badd", 4) == 0)
1803 {
1804 strcpy (pout, "operator +");
1805 pout += 10;
1806 pin += 4;
1807 }
1808 else if (strncmp (pin, "brplu", 5) == 0)
1809 {
1810 strcpy (pout, "operator +=");
1811 pout += 11;
1812 pin += 5;
1813 }
1814 else if (strncmp (pin, "bdiv", 4) == 0)
1815 {
1816 strcpy (pout, "operator /");
1817 pout += 10;
1818 pin += 4;
1819 }
1820 else if (strncmp (pin, "brdiv", 5) == 0)
1821 {
1822 strcpy (pout, "operator /=");
1823 pout += 11;
1824 pin += 5;
1825 }
1826 else if (strncmp (pin, "bmul", 4) == 0)
1827 {
1828 strcpy (pout, "operator *");
1829 pout += 10;
1830 pin += 4;
1831 }
1832 else if (strncmp (pin, "brmul", 5) == 0)
1833 {
1834 strcpy (pout, "operator *=");
1835 pout += 11;
1836 pin += 5;
1837 }
1838 else if (strncmp (pin, "basg", 4) == 0)
1839 {
1840 strcpy (pout, "operator =");
1841 pout += 10;
1842 pin += 4;
1843 }
1844 else if (strncmp (pin, "beql", 4) == 0)
1845 {
1846 strcpy (pout, "operator ==");
1847 pout += 11;
1848 pin += 4;
1849 }
1850 else if (strncmp (pin, "bneq", 4) == 0)
1851 {
1852 strcpy (pout, "operator !=");
1853 pout += 11;
1854 pin += 4;
1855 }
1856 else if (strncmp (pin, "bor", 3) == 0)
1857 {
1858 strcpy (pout, "operator |");
1859 pout += 10;
1860 pin += 3;
1861 }
1862 else if (strncmp (pin, "bror", 4) == 0)
1863 {
1864 strcpy (pout, "operator |=");
1865 pout += 11;
1866 pin += 4;
1867 }
1868 else if (strncmp (pin, "bcmp", 4) == 0)
1869 {
1870 strcpy (pout, "operator ~");
1871 pout += 10;
1872 pin += 4;
1873 }
1874 else if (strncmp (pin, "bnot", 4) == 0)
1875 {
1876 strcpy (pout, "operator !");
1877 pout += 10;
1878 pin += 4;
1879 }
1880 else if (strncmp (pin, "band", 4) == 0)
1881 {
1882 strcpy (pout, "operator &");
1883 pout += 10;
1884 pin += 4;
1885 }
1886 else if (strncmp (pin, "brand", 5) == 0)
1887 {
1888 strcpy (pout, "operator &=");
1889 pout += 11;
1890 pin += 5;
1891 }
1892 else if (strncmp (pin, "bxor", 4) == 0)
1893 {
1894 strcpy (pout, "operator ^");
1895 pout += 10;
1896 pin += 4;
1897 }
1898 else if (strncmp (pin, "brxor", 5) == 0)
1899 {
1900 strcpy (pout, "operator ^=");
1901 pout += 11;
1902 pin += 5;
1903 }
1904 else
1905 {
1906 strcpy (pout, "!$$$!");
1907 pout += 5;
1908 }
1909 *ppin = pin;
1910 *ppout = pout;
1911 *pps = ps;
1912 return stringMode;
1913} // end of '$' processing
1914
1915
1916
1917//----------------------------------------------------------------------
1918// structure to store string tokens
1919//----------------------------------------------------------------------
1920//typedef struct _Str_P {
1921// char flag; // string_flag '@' or '%' or '#'
1922// char *pos; // starting postion of string
1923// int length; // length of string
1924// BOOL wasString; // if it were stringMode or not
1925//} Str_P;
1926//----------------------------------------------------------------------
1927//
1928// I think I knocked it down finally. But who knows?
1929// october 12, 1997 ... sang
1930//
1931// well I have to rewrite whole part of TranslateFunctionName..
1932// this time I am a little bit more experienced than 5 days ago.
1933// or am i??? anyway i use stacks instead of recurcive calls
1934// and i hope this will take care of every symptoms i have experienced..
1935// october 10, 1997 .... sang
1936// It took a lot of time for me to figure out what is all about....
1937// but still some prefixes like z (static)
1938// -- or some types like b (byte) ,g (long double) ,s (short) --
1939// -- or postfix like M ( * )
1940// -- or $or ( & ) which is pretty wierd. .. added.. october 12
1941// -- also $t business is quite tricky too. (templates)
1942// there may be a lot of things undiscovered yet....
1943// I am not so sure my interpretation is correct or not
1944// If I am wrong please let me know.
1945// october 8, 1997 .... sang
1946//
1947//
1948// This function is written by sang cho
1949// October 5, 1997
1950//
1951/* translate condesed import function name */
1952char * WINAPI
1954 char *psz)
1955{
1956
1957
1958 int i, /*j,*/ n;
1959 char c = 0;
1960 char cc;
1961
1962 static char buff[512]; // result of translation
1963
1964 int is = 0;
1965 char pStack[32]; // parameter processing stack
1966
1967 Str_P sStack[32]; // String processing stack
1968
1969 Str_P tok; // String token
1970
1971 Str_P c_str; // current string
1972
1973 int iend = 0;
1974 char *endTab[8]; // end of string position check
1975
1976 char *ps;
1977 char *pin, *pout;
1978 BOOL stringMode = TRUE;
1979
1980 if (*psz != '@')
1981 return psz;
1982 pin = psz;
1983 pout = buff;
1984 ps = pStack;
1985
1986 //................................................................
1987 // serious users may need to run the following code.
1988 // so I may need to include some flag options...
1989 // If you want to know about how translation is done,
1990 // you can just revive following line and you can see it.
1991 // october 6, 1997 ... sang cho
1992 //printf ("\n................................... %s", psz); // for debugging...
1993
1994 //pa = pb = pout;
1995 pin++;
1996 tok.flag = 'A';
1997 tok.pos = pout;
1998 tok.length = 0;
1999 tok.wasString = stringMode;
2000 sStack[is++] = tok; // initialize sStack with dummy marker
2001
2002 while (*pin)
2003 {
2004 while (*pin)
2005 {
2006 c = *pin;
2007
2008 //---------------------------------------------
2009 // check for the end of number specified string
2010 //---------------------------------------------
2011
2012 if (iend > 0)
2013 {
2014 for (i = 0; i < iend; i++)
2015 if (pin == endTab[i])
2016 break;
2017 if (i < iend)
2018 {
2019 // move the end of endTab to ith position
2020 endTab[i] = endTab[iend - 1];
2021 iend--;
2022
2023 // get top of the string stack
2024 tok = sStack[is - 1];
2025
2026 // I am expecting '#' token from stack
2027 if (tok.flag != '#')
2028
2029 {
2030 printf ("\n**some serious error1** %c is = %d char = %c",
2031 tok.flag, is, *pin);
2032 exit (0);
2033 }
2034
2035 // pop '#' token I am happy now.
2036 else
2037 { //if (c)
2038 //printf("\n pop # token ... current char = %c", c);
2039 //else printf("\n pop percent token..next char = NULL");
2040
2041 is--;
2042 }
2043
2044 stringMode = tok.wasString;
2045
2046 if (!stringMode)
2047 {
2048 // need to process postfix finally
2049 cc = *(ps - 1);
2050 if (strchr ("qtx", cc))
2051 {
2052 if (!strchr ("@$%", c))
2053 *pout++ = ',';
2054 }
2055 else
2056 {
2057 switch (cc)
2058 {
2059 case 'r':
2060 strcpy (pout, "*&");
2061 pout += 2;
2062 ps--;
2063 break;
2064 case 'p':
2065 strcpy (pout, "**");
2066 pout += 2;
2067 ps--;
2068 break;
2069 case '&':
2070 strcpy (pout, "&");
2071 pout += 1;
2072 ps--;
2073 break;
2074 case '*':
2075 strcpy (pout, "*");
2076 pout += 1;
2077 ps--;
2078 break;
2079 default:
2080 strcpy (pout, "!3!");
2081 pout += 3;
2082 ps--;
2083 break;
2084 }
2085 if (!strchr ("@$%", c))
2086 *pout++ = ',';
2087 }
2088 }
2089 // string mode restored...
2090 else;
2091 }
2092 else; // do nothing..
2093
2094 }
2095
2096 //------------------------------------------------
2097 // special control symbol processing:
2098 //------------------------------------------------
2099
2100 if (strchr ("@$%", c))
2101 break;
2102
2103 //---------------------------------------------------------------
2104 // string part processing : no '$' met yet
2105 // or inside of '%' block
2106 // or inside of '#' block (numbered string)
2107 //---------------------------------------------------------------
2108
2109 else if (stringMode)
2110 *pout++ = *pin++;
2111 //else if (is > 1) *pout++ = *pin++;
2112
2113 //------------------------------------------------
2114 // parameter part processing: '$' met
2115 //------------------------------------------------
2116
2117 else // parameter processing
2118
2119 {
2120 if (!isdigit (c))
2121 TranslateParameters (&pin, &pout, &ps);
2122 else // number specified string processing
2123
2124 {
2125 n = GetStringLength (pin);
2126 if (n < 10)
2127 pin++;
2128 else
2129 pin += 2;
2130
2131 // push '#' token
2132 //if (*pin)
2133 //printf("\n push # token .. char = %c", *pin);
2134 //else printf("\n push percent token..next char = NULL");
2135 tok.flag = '#';
2136 tok.pos = pout;
2137 tok.length = 0;
2138 tok.wasString = stringMode;
2139 sStack[is++] = tok;
2140
2141 // mark end of input string
2142 endTab[iend++] = pin + n;
2143 stringMode = TRUE;
2144 }
2145 }
2146 } // end of inner while loop
2147 //
2148 // beginning of new string or end of string ( quotation mark )
2149 //
2150
2151 if (c == '%')
2152 {
2153 pin++; // anyway we have to proceed...
2154
2155 tok = sStack[is - 1]; // get top of the sStack
2156
2157 if (tok.flag == '%')
2158 {
2159 // pop '%' token and set c_str
2160 //if (*pin)
2161 //printf("\n pop percent token..next char = %c", *pin);
2162 //else printf("\n pop percent token..next char = NULL");
2163 is--;
2164 c_str = tok;
2165 c_str.length = pout - c_str.pos;
2166 if (*(ps - 1) == 't')
2167 {
2168 *pout++ = '>';
2169 ps--;
2170 stringMode = tok.wasString;
2171 }
2172 else
2173 {
2174 printf ("\n**some string error3** stack = %c", *(ps - 1));
2175 exit (0);
2176 }
2177 }
2178 else if (tok.flag == 'A' || tok.flag == '#')
2179 {
2180 // push '%' token
2181 //if (*pin)
2182 //printf("\n push percent token..next char = %c", *pin);
2183 //else printf("\n push percent token..next char = NULL");
2184 tok.flag = '%';
2185 tok.pos = pout;
2186 tok.length = 0;
2187 tok.wasString = stringMode;
2188 sStack[is++] = tok;
2189 }
2190 else
2191 {
2192 printf ("\n**some string error5**");
2193 exit (0);
2194 }
2195 }
2196 //
2197 // sometimes we need string to use as constructor name or destructor name
2198 //
2199 else if (c == '@') // get string from previous marker upto here.
2200
2201 {
2202 pin++;
2203 tok = sStack[is - 1];
2204 c_str.flag = 'S';
2205 c_str.pos = tok.pos;
2206 c_str.length = pout - tok.pos;
2207 c_str.wasString = stringMode;
2208 *pout++ = ':';
2209 *pout++ = ':';
2210 }
2211 //
2212 // we need to take care of parameter control sequence
2213 //
2214 else if (c == '$') // need to precess template or parameter part
2215
2216 {
2217 pin++;
2218 if (stringMode)
2219 stringMode = StringExpands (&pin, &pout, &ps, &c_str);
2220 else
2221 { // template parameter mode I guess "$t"
2222
2223 if (is > 1)
2224 {
2225 if (*pin == 't')
2226 pin++;
2227 else
2228 {
2229 printf ("\nMYGOODNESS1 %c", *pin);
2230 exit (0);
2231 }
2232 //ps--;
2233 //if (*ps == 't') *pout++ = '>';
2234 //else { printf("\nMYGOODNESS2"); exit(0);}
2235 *pout++ = ','; //pin++; ..this almost blowed me....
2236
2237 }
2238 // real parameter mode I guess
2239 // unexpected case is found ... humm what can I do...
2240 else
2241 {
2242 // this is newly found twist.. it really hurts.
2243 if (ps <= pStack)
2244 {
2245 if (*pin == 'q')
2246 {
2247 *ps++ = 'q';
2248 *pout++ = '(';
2249 pin++;
2250 }
2251 else
2252 {
2253 printf ("\n** I GIVEUP ***");
2254 exit (0);
2255 }
2256 continue;
2257 }
2258 ps--;
2259 while (*ps != 'q')
2260 {
2261 if (*ps == '*')
2262 *pout++ = '*';
2263 else if (*ps == '&')
2264 *pout++ = '&';
2265 else if (*ps == 'p')
2266 {
2267 *pout++ = '*';
2268 *pout++ = '*';
2269 }
2270 else if (*ps == 'r')
2271 {
2272 *pout++ = '*';
2273 *pout++ = '&';
2274 }
2275 else
2276 {
2277 printf ("\n*** SOMETHING IS WRONG1*** char= %c", *pin);
2278 exit (0);
2279 }
2280 ps--;
2281 }
2282 *pout++ = ')';
2283 ps--;
2284 while (*ps != 'q')
2285 {
2286 if (*ps == '*')
2287 *pout++ = '*';
2288 else if (*ps == '&')
2289 *pout++ = '&';
2290 else if (*ps == 'p')
2291 {
2292 *pout++ = '*';
2293 *pout++ = '*';
2294 }
2295 else if (*ps == 'r')
2296 {
2297 *pout++ = '*';
2298 *pout++ = '&';
2299 }
2300 else
2301 {
2302 printf ("\n*** SOMETHING IS WRONG2***");
2303 exit (0);
2304 }
2305 ps--;
2306 }
2307 ps++;
2308 *pout++ = ',';
2309 }
2310 }
2311 } // end of '$' processing
2312
2313 } // end of outer while loop
2314 //
2315 // need to process remaining parameter stack
2316 //
2317
2318 while (ps > pStack)
2319 {
2320 ps--;
2321 switch (*ps)
2322 {
2323 case 't':
2324 *pout++ = '>';
2325 break;
2326 case 'q':
2327 *pout++ = ')';
2328 break;
2329 case 'x':
2330 strcpy (pout, " const");
2331 pout += 6;
2332 break;
2333 case 'r':
2334 strcpy (pout, "*&");
2335 pout += 2;
2336 break;
2337 case 'p':
2338 strcpy (pout, "**");
2339 pout += 2;
2340 break;
2341 case '&':
2342 *pout++ = '&';
2343 break;
2344 case '*':
2345 *pout++ = '*';
2346 break;
2347 default:
2348 strcpy (pout, "!4!");
2349 pout += 3;
2350 *pout++ = *ps;
2351 }
2352 }
2353 *pout = 0;
2354 return buff;
2355}
2356
2357
2358
2359//
2360// This function is written by sang cho
2361//
2362//
2363/* get exported function names separated by null terminators, return count of functions */
2364int WINAPI
2366 LPVOID lpFile,
2367 char **pszFunctions)
2368{
2369 //PIMAGE_SECTION_HEADER psh;
2371 //DWORD dwBase;
2372 DWORD imageBase; //===========================
2373
2374 char *pfns[8192] =
2375 {NULL,}; // maximum number of functions
2376 //=============================
2377
2378 char buff[256]; // enough for any string ??
2379
2380 char *psz = NULL; //===============================
2381
2382 DWORD *pdwAddress;
2383 DWORD *pdw1;
2384 DWORD *pdwNames;
2385 WORD *pwOrd;
2386 int i, nCnt = 0, ntmp = 0;
2387 int enid = 0, ordBase = 1; // usally ordBase is 1....
2388
2389 int enames = 0;
2390
2391 /* get section header and pointer to data directory for .edata section */
2394
2395 if (ped == NULL)
2396 return 0;
2397
2398 //
2399 // sometimes there may be no section for idata or edata
2400 // instead rdata or data section may contain these sections ..
2401 // or even module names or function names are in different section.
2402 // so that's why we need to get actual address each time.
2403 // ...................sang cho..................
2404 //
2405 //psh = (PIMAGE_SECTION_HEADER)
2406 //ImageDirectorySection(lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
2407
2408 //if (psh == NULL) return 0;
2409
2410 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2411
2412
2413 /* determine the offset of the export function names */
2414
2415 pdwAddress = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfFunctions);
2416
2417 imageBase = (DWORD) GetImageBase (lpFile);
2418
2419 ordBase = ped->Base;
2420
2421 if (ped->NumberOfNames > 0)
2422 {
2423 pdwNames = (DWORD *)
2424 GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2425 pwOrd = (WORD *)
2427 pdw1 = pdwAddress;
2428
2429 /* figure out how much memory to allocate for all strings */
2430 for (i = 0; i < (int) ped->NumberOfNames; i++)
2431 {
2432 nCnt += strlen ((char *)
2433 GetActualAddress (lpFile, *(DWORD *) pdwNames)) + 1 + 6;
2434 pdwNames++;
2435 }
2436 // get the number of unnamed functions
2437 for (i = 0; i < (int) ped->NumberOfFunctions; i++)
2438 if (*pdw1++)
2439 ntmp++;
2440 // add memory required to show unnamed functions.
2441 if (ntmp > (int) ped->NumberOfNames)
2442 nCnt += 18 * (ntmp - (int) ped->NumberOfNames);
2443
2444 /* allocate memory for function names */
2445
2446 *pszFunctions = (char *) calloc (nCnt, 1);
2447 pdwNames = (DWORD *) GetActualAddress (lpFile, (DWORD) ped->AddressOfNames);
2448
2449 /* copy string pointer to buffer */
2450
2451 for (i = 0; i < (int) ped->NumberOfNames; i++)
2452 {
2453 pfns[(int) (*pwOrd) + ordBase] =
2454 (char *) GetActualAddress (lpFile, *(DWORD *) pdwNames);
2455 pdwNames++;
2456 pwOrd++;
2457 }
2458
2459 psz = *pszFunctions;
2460 }
2461
2462 for (i = ordBase; i < (int) ped->NumberOfFunctions + ordBase; i++)
2463 {
2464 if (*pdwAddress > 0)
2465 {
2466 *(DWORD *) psz = imageBase + *pdwAddress;
2467 psz += 4;
2468 *(WORD *) psz = (WORD) (i);
2469 psz += 2;
2470 if (pfns[i])
2471 {
2472 strcpy (psz, pfns[i]);
2473 psz += strlen (psz) + 1;
2474 }
2475 else
2476 {
2477 sprintf (buff, "ExpFn%04d()", enid++);
2478 strcpy (psz, buff);
2479 psz += 12;
2480 }
2481 enames++;
2482 }
2483 pdwAddress++;
2484 }
2485
2486 return enames;
2487
2488}
2489
2490
2491/* determine the total number of resources in the section */
2492int WINAPI
2494 LPVOID lpFile)
2495{
2496 PIMAGE_RESOURCE_DIRECTORY prdRoot, prdType;
2498 int nCnt = 0, i;
2499
2500
2501 /* get root directory of resource tree */
2504 return 0;
2505
2506 /* set pointer to first resource type entry */
2507 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2508
2509 /* loop through all resource directory entry types */
2510 for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2511 {
2512 /* locate directory or each resource type */
2513 prdType = (PIMAGE_RESOURCE_DIRECTORY) ((int) prdRoot + (int) prde->OffsetToData);
2514
2515 /* mask off most significant bit of the data offset */
2516 prdType = (PIMAGE_RESOURCE_DIRECTORY) ((DWORD) prdType ^ 0x80000000);
2517
2518 /* increment count of name'd and ID'd resources in directory */
2519 nCnt += prdType->NumberOfNamedEntries + prdType->NumberOfIdEntries;
2520
2521 /* increment to next entry */
2522 prde++;
2523 }
2524
2525 return nCnt;
2526}
2527
2528
2529
2530//
2531// This function is rewritten by sang cho
2532//
2533//
2534/* name each type of resource in the section */
2535int WINAPI
2537 LPVOID lpFile,
2538 char **pszResTypes)
2539{
2542 char *pMem;
2543 char buff[32];
2544 int nCnt, i;
2545 DWORD prdeName;
2546
2547
2548 /* get root directory of resource tree */
2551 return 0;
2552
2553 /* allocate enuff space to cover all types */
2554 nCnt = prdRoot->NumberOfIdEntries * (MAXRESOURCENAME + 1);
2555 *pszResTypes = (char *) calloc (nCnt, 1);
2556 if ((pMem = *pszResTypes) == NULL)
2557 return 0;
2558
2559 /* set pointer to first resource type entry */
2560 prde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) ((DWORD) prdRoot + sizeof (IMAGE_RESOURCE_DIRECTORY));
2561
2562 /* loop through all resource directory entry types */
2563 for (i = 0; i < prdRoot->NumberOfIdEntries; i++)
2564 {
2565 prdeName = prde->Name;
2566
2567 //if (LoadString (hDll, prde->Name, pMem, MAXRESOURCENAME))
2568 // pMem += strlen (pMem) + 1;
2569 //
2570 // modified by ...................................Sang Cho..
2571 // I can't user M/S provied funcitons here so I have to figure out
2572 // how to do above functions. But I can settle down with the following
2573 // code, which works pretty good for me.
2574 //
2575 if (prdeName == 1)
2576 {
2577 strcpy (pMem, "RT_CURSOR");
2578 pMem += 10;
2579 }
2580 else if (prdeName == 2)
2581 {
2582 strcpy (pMem, "RT_BITMAP");
2583 pMem += 10;
2584 }
2585 else if (prdeName == 3)
2586 {
2587 strcpy (pMem, "RT_ICON ");
2588 pMem += 10;
2589 }
2590 else if (prdeName == 4)
2591 {
2592 strcpy (pMem, "RT_MENU ");
2593 pMem += 10;
2594 }
2595 else if (prdeName == 5)
2596 {
2597 strcpy (pMem, "RT_DIALOG");
2598 pMem += 10;
2599 }
2600 else if (prdeName == 6)
2601 {
2602 strcpy (pMem, "RT_STRING");
2603 pMem += 10;
2604 }
2605 else if (prdeName == 7)
2606 {
2607 strcpy (pMem, "RT_FONTDIR");
2608 pMem += 11;
2609 }
2610 else if (prdeName == 8)
2611 {
2612 strcpy (pMem, "RT_FONT ");
2613 pMem += 10;
2614 }
2615 else if (prdeName == 9)
2616 {
2617 strcpy (pMem, "RT_ACCELERATORS");
2618 pMem += 16;
2619 }
2620 else if (prdeName == 10)
2621 {
2622 strcpy (pMem, "RT_RCDATA");
2623 pMem += 10;
2624 }
2625 else if (prdeName == 11)
2626 {
2627 strcpy (pMem, "RT_MESSAGETABLE");
2628 pMem += 16;
2629 }
2630 else if (prdeName == 12)
2631 {
2632 strcpy (pMem, "RT_GROUP_CURSOR");
2633 pMem += 16;
2634 }
2635 else if (prdeName == 14)
2636 {
2637 strcpy (pMem, "RT_GROUP_ICON ");
2638 pMem += 16;
2639 }
2640 else if (prdeName == 16)
2641 {
2642 strcpy (pMem, "RT_VERSION");
2643 pMem += 11;
2644 }
2645 else if (prdeName == 17)
2646 {
2647 strcpy (pMem, "RT_DLGINCLUDE ");
2648 pMem += 16;
2649 }
2650 else if (prdeName == 19)
2651 {
2652 strcpy (pMem, "RT_PLUGPLAY ");
2653 pMem += 16;
2654 }
2655 else if (prdeName == 20)
2656 {
2657 strcpy (pMem, "RT_VXD ");
2658 pMem += 10;
2659 }
2660 else if (prdeName == 21)
2661 {
2662 strcpy (pMem, "RT_ANICURSOR ");
2663 pMem += 16;
2664 }
2665 else if (prdeName == 22)
2666 {
2667 strcpy (pMem, "RT_ANIICON");
2668 pMem += 11;
2669 }
2670 else if (prdeName == 0x2002)
2671 {
2672 strcpy (pMem, "RT_NEWBITMAP");
2673 pMem += 13;
2674 }
2675 else if (prdeName == 0x2004)
2676 {
2677 strcpy (pMem, "RT_NEWMENU");
2678 pMem += 11;
2679 }
2680 else if (prdeName == 0x2005)
2681 {
2682 strcpy (pMem, "RT_NEWDIALOG");
2683 pMem += 13;
2684 }
2685 else if (prdeName == 0x7fff)
2686 {
2687 strcpy (pMem, "RT_ERROR ");
2688 pMem += 10;
2689 }
2690 else
2691 {
2692 sprintf (buff, "RT_UNKNOWN:%08lX", prdeName);
2693 strcpy (pMem, buff);
2694 pMem += 20;
2695 }
2696 prde++;
2697 }
2698
2699 return prdRoot->NumberOfIdEntries;
2700}
2701
2702
2703
2704//
2705// This function is written by sang cho
2706// October 12, 1997
2707//
2708/* copy menu information */
2709void WINAPI
2711 char **psz, // results
2712 WORD ** pMenu, // read-only
2713 int size)
2714{
2715 WORD *pwd;
2716 WORD *ptr, *pmax;
2717
2718 pwd = *pMenu;
2719 pmax = (WORD *) ((DWORD) pwd + size);
2720 ptr = (WORD *) (*psz);
2721
2722 while (pwd < pmax)
2723 {
2724 *ptr++ = *pwd++;
2725 }
2726 *psz = (char *) ptr;
2727 *pMenu = pwd;
2728}
2729
2730
2731
2732//
2733// This function is written by sang cho
2734// October 1, 1997
2735//
2736/* obtain menu information */
2737int WINAPI
2739 int *len,
2740 WORD ** pMenu)
2741{
2742 //int num = 0;
2743 //int ndetails;
2744 WORD *pwd;
2745 WORD flag, flag1;
2746 WORD id, ispopup;
2747
2748
2749 pwd = *pMenu;
2750
2751 flag = *pwd; // so difficult to correctly code this so let's try this
2752
2753 pwd++;
2754 (*len) += 2; // flag store
2755
2756 if ((flag & 0x0010) == 0)
2757 {
2758 ispopup = flag;
2759 id = *pwd;
2760 pwd++;
2761 (*len) += 2; // id store
2762
2763 }
2764 else
2765 {
2766 ispopup = flag;
2767 }
2768
2769 while (*pwd)
2770 {
2771 (*len)++;
2772 pwd++;
2773 }
2774 (*len)++; // name and null character
2775
2776 pwd++; // skip double null
2777
2778 if ((flag & 0x0010) == 0) // normal node: done
2779
2780 {
2781 *pMenu = pwd;
2782 return (int) flag;
2783 }
2784 // popup node: need to go on...
2785 while (1)
2786 {
2787 *pMenu = pwd;
2788 flag1 = (WORD) MenuScan (len, pMenu);
2789 pwd = *pMenu;
2790 if (flag1 & 0x0080)
2791 break;
2792 }
2793// fill # of details to num above
2794 //(*len) += 2;
2795 *pMenu = pwd;
2796 return flag;
2797}
2798
2799
2800//
2801// This function is written by sang cho
2802// October 2, 1997
2803//
2804/* copy menu information */
2805int WINAPI
2807 char **psz,
2808 WORD ** pMenu)
2809{
2810 //int num = 0;
2811 //int ndetails;
2812 char *ptr/*, *pTemp*/;
2813 WORD *pwd;
2814 WORD flag, flag1;
2815 WORD id/*, ispopup*/;
2816
2817 ptr = *psz;
2818 pwd = *pMenu;
2819 //flag = (*(PIMAGE_POPUP_MENU_ITEM *)pwd)->fItemFlags;
2820 flag = *pwd; // so difficult to correctly code this so let's try this
2821
2822 pwd++;
2823 if ((flag & 0x0010) == 0)
2824 {
2825 *(WORD *) ptr = flag; // flag store
2826
2827 ptr += 2;
2828 *(WORD *) ptr = id = *pwd; // id store
2829
2830 ptr += 2;
2831 pwd++;
2832 }
2833 else
2834 {
2835 *(WORD *) ptr = flag; // flag store
2836
2837 ptr += 2;
2838 }
2839
2840 while (*pwd) // name extract
2841
2842 {
2843 *ptr = *(char *) pwd;
2844 ptr++;
2845 pwd++;
2846 } //name and null character
2847
2848 *ptr = 0;
2849 ptr++;
2850 pwd++; // skip double null
2851
2852 if ((flag & 0x0010) == 0) // normal node: done
2853
2854 {
2855 *pMenu = pwd;
2856 *psz = ptr;
2857 return (int) flag;
2858 }
2859 //pTemp = ptr;
2860 //ptr += 2;
2861 // popup node: need to go on...
2862 while (1)
2863 {
2864 //num++;
2865 *pMenu = pwd;
2866 *psz = ptr;
2867 flag1 = (WORD) MenuFill (psz, pMenu);
2868 pwd = *pMenu;
2869 ptr = *psz;
2870 if (flag1 & 0x0080)
2871 break;
2872 }
2873// fill # of details to num above
2874 //*(WORD *)pTemp = (WORD)num;
2875 *pMenu = pwd;
2876 *psz = ptr;
2877 return flag;
2878}
2879
2880
2881//
2882//==============================================================================
2883// The following program is based on preorder-tree-traversal.
2884// once you understand how to traverse.....
2885// the rest is pretty straight forward.
2886// still we need to scan it first and fill it next time.
2887// and finally we can print it.
2888//
2889// This function is written by sang cho
2890// September 29, 1997
2891// revised october 2, 1997
2892// revised october 12, 1997
2893// ..............................................................................
2894// ------------------------------------------------------------------------------
2895// I use same structure - which is used in P.E. programs - for my reporting.
2896// So, my structure is as follows:
2897// # of menu name is stored else where ( in directory I suppose )
2898// supermenuname null terminated string, only ascii is considered.
2899// flag tells : node is a leaf or a internal node.
2900// popupname null terminated string
2901//
2902// flag normal menu flag (leaf node)
2903// id normal menu id
2904// name normal menu name
2905// or or
2906// flag popup menu flag (internal node)
2907// popupname popup menu name
2908//
2909// flag it may folows
2910// id normal menu id
2911// name normal menu name
2912// or or
2913// flag popup menu
2914// popupname popup menu name
2915// .........
2916// it goes on like this,
2917// but usually, it only goes a few steps,...
2918// ------------------------------------------------------------------------------
2919/* scan menu and copy menu */
2920int WINAPI
2922 LPVOID lpFile,
2923 char **pszResTypes)
2924{
2925 PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
2929 //PIMAGE_SECTION_HEADER psh = (PIMAGE_SECTION_HEADER)
2930 //ImageDirectorySection (lpFile, IMAGE_DIRECTORY_ENTRY_RESOURCE);
2931 PIMAGE_MENU_HEADER pMenuHeader;
2932 //PIMAGE_POPUP_MENU_ITEM pPopup;
2933 WORD* pPopup;
2934 //PIMAGE_NORMAL_MENU_ITEM pNormal;
2935 char buff[32];
2936 int /*nCnt = 0,*/ i, j;
2937 //int num = 0;
2938 int size;
2939 int sLength, nMenus;
2940 WORD flag;
2941 WORD *pwd;
2942 //DWORD prdeName;
2943 //DWORD dwBase; obsolete
2944 char *pMem/*, *pTemp*/;
2945 //BOOL isStrange = FALSE;
2946
2947
2948 /* get root directory of resource tree */
2951 return 0;
2952
2953 /* set pointer to first resource type entry */
2955 ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
2956
2957 for (i = 0; i < prdType->NumberOfIdEntries; i++)
2958 {
2959 if (prde->Name == RT_MENU)
2960 break;
2961 prde++;
2962 }
2963 if (prde->Name != RT_MENU)
2964 return 0;
2965
2966 prdName = (PIMAGE_RESOURCE_DIRECTORY)
2967 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2968 if (prdName == NULL)
2969 return 0;
2970
2972 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
2973
2974 // sometimes previous code tells you lots of things hidden underneath
2975 // I wish I could save all the revisions I made ... but again .... sigh.
2976 // october 12, 1997 sang
2977 //dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
2978
2979 nMenus = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
2980 sLength = 0;
2981
2982 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
2983 {
2984 pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
2985 ((DWORD) prdType + (prde->Name ^ 0x80000000));
2986 sLength += pMenuName->Length + 1;
2987
2988 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
2989 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
2990 if (prdLanguage == NULL)
2991 continue;
2992
2994 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
2995
2997 ((DWORD) prdType + prde1->OffsetToData);
2998 if (prData == NULL)
2999 continue;
3000
3001 pMenuHeader = (PIMAGE_MENU_HEADER)
3002 GetActualAddress (lpFile, prData->OffsetToData);
3003
3004 //
3005 // normally wVersion and cbHeaderSize should be zero
3006 // but if it is not then nothing is known to us...
3007 // so let's do our best ... namely guessing .... and trying ....
3008 // ... and suffering ...
3009 // it gave me many sleepless (not exactly but I like to say this) nights.
3010 //
3011
3012 // strange case
3013 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3014 {
3015 //isStrange = TRUE;
3016 pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3017 size = prData->Size;
3018 // expect to return the length needed to report.
3019 // sixteen more bytes to do something
3020 sLength += 16 + size;
3021 //StrangeMenuScan (&sLength, &pwd, size);
3022 }
3023 // normal case
3024 else
3025 {
3026 pPopup = (WORD*)
3027 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3028 while (1)
3029 {
3030 flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3031 if (flag & 0x0080)
3032 break;
3033 }
3034 }
3035 prde++;
3036 }
3037 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3038 {
3039 sLength += 12;
3040
3041 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3042 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3043 if (prdLanguage == NULL)
3044 continue;
3045
3047 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3048
3050 ((DWORD) prdType + prde1->OffsetToData);
3051 if (prData == NULL)
3052 continue;
3053
3054 pMenuHeader = (PIMAGE_MENU_HEADER)
3055 GetActualAddress (lpFile, prData->OffsetToData);
3056 // strange case
3057 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3058 {
3059 pwd = (WORD *) ((DWORD) pMenuHeader + 16);
3060 size = prData->Size;
3061 // expect to return the length needed to report.
3062 // sixteen more bytes to do something
3063 sLength += 16 + size;
3064 //StrangeMenuScan (&sLength, &pwd, size);
3065 }
3066 // normal case
3067 else
3068 {
3069 pPopup = (WORD*)
3070 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3071 while (1)
3072 {
3073 flag = (WORD) MenuScan (&sLength, (WORD **) (&pPopup));
3074 if (flag & 0x0080)
3075 break;
3076 }
3077 }
3078 prde++;
3079 }
3080 //
3081 // allocate memory for menu names
3082 //
3083 *pszResTypes = (char *) calloc (sLength, 1);
3084
3085 pMem = *pszResTypes;
3086 //
3087 // and start all over again
3088 //
3090 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3091
3092 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3093 {
3094 pMenuName = (PIMAGE_RESOURCE_DIR_STRING_U)
3095 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3096
3097
3098 for (j = 0; j < pMenuName->Length; j++)
3099 *pMem++ = (char) (pMenuName->NameString[j]);
3100 *pMem = 0;
3101 pMem++;
3102
3103
3104 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3105 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3106 if (prdLanguage == NULL)
3107 continue;
3108
3110 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3111
3113 ((DWORD) prdType + prde1->OffsetToData);
3114 if (prData == NULL)
3115 continue;
3116
3117 pMenuHeader = (PIMAGE_MENU_HEADER)
3118 GetActualAddress (lpFile, prData->OffsetToData);
3119 // strange case
3120 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3121 {
3122 pwd = (WORD *) ((DWORD) pMenuHeader);
3123 size = prData->Size;
3124 strcpy (pMem, ":::::::::::");
3125 pMem += 12;
3126 *(int *) pMem = size;
3127 pMem += 4;
3128 StrangeMenuFill (&pMem, &pwd, size);
3129 }
3130 // normal case
3131 else
3132 {
3133 pPopup = (WORD*)
3134 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3135 while (1)
3136 {
3137 flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3138 if (flag & 0x0080)
3139 break;
3140 }
3141 }
3142 prde++;
3143 }
3144 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3145 {
3146
3147 sprintf (buff, "MenuId_%04lX", (prde->Name));
3148 strcpy (pMem, buff);
3149 pMem += strlen (buff) + 1;
3150
3151 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3152 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3153 if (prdLanguage == NULL)
3154 continue;
3155
3157 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3158
3160 ((DWORD) prdType + prde1->OffsetToData);
3161 if (prData == NULL)
3162 continue;
3163
3164 pMenuHeader = (PIMAGE_MENU_HEADER)
3165 GetActualAddress (lpFile, prData->OffsetToData);
3166 // strange case
3167 if (pMenuHeader->wVersion | pMenuHeader->cbHeaderSize)
3168 {
3169 pwd = (WORD *) ((DWORD) pMenuHeader);
3170 size = prData->Size;
3171 strcpy (pMem, ":::::::::::");
3172 pMem += 12;
3173 *(int *) pMem = size;
3174 pMem += 4;
3175 StrangeMenuFill (&pMem, &pwd, size);
3176 }
3177 // normal case
3178 else
3179 {
3180 pPopup = (WORD*)
3181 ((DWORD) pMenuHeader + sizeof (IMAGE_MENU_HEADER));
3182 while (1)
3183 {
3184 flag = (WORD) MenuFill (&pMem, (WORD **) (&pPopup));
3185 if (flag & 0x0080)
3186 break;
3187 }
3188 }
3189 prde++;
3190 }
3191
3192 return nMenus;
3193}
3194
3195
3196//
3197// This function is written by sang cho
3198// October 12, 1997
3199//
3200/* print contents of menu */
3201int WINAPI
3203 char **psz)
3204{
3205
3206 //int i, j, k, l;
3207 int num;
3208 //WORD flag1, flag2;
3209 //char buff[128];
3210 char *ptr, *pmax;
3211
3212 //return dumpMenu (psz, size);
3213
3214 ptr = *psz;
3215
3216 if (strncmp (ptr, ":::::::::::", 11) != 0)
3217 {
3218 printf ("\n#### I don't know why!!!");
3219 dumpMenu (psz, 1024);
3220 exit (0);
3221 }
3222
3223 ptr += 12;
3224 num = *(int *) ptr;
3225 ptr += 4;
3226 pmax = ptr + num;
3227
3228 *psz = ptr;
3229 return dumpMenu (psz, num);
3230
3231 // I will write some code later...
3232
3233}
3234
3235
3236
3237
3238//
3239// This function is written by sang cho
3240// October 2, 1997
3241//
3242/* print contents of menu */
3243int WINAPI
3245 int indent,
3246 char **psz)
3247{
3248
3249 int /*i, */ j, k, l;
3250 WORD id /*, num */ ;
3251 WORD flag;
3252 char buff[128];
3253 char *ptr;
3254
3255
3256 ptr = *psz;
3257 //num = *(WORD *)ptr;
3258 //ptr += 2;
3259 while (1)
3260 {
3261 flag = *(WORD *) ptr;
3262 if (flag & 0x0010) // flag == popup
3263
3264 {
3265 printf ("\n\n");
3266 for (j = 0; j < indent; j++)
3267 printf (" ");
3268 ptr += 2;
3269 printf ("%s {Popup}\n", ptr);
3270 ptr += strlen (ptr) + 1;
3271 *psz = ptr;
3272 PrintMenu (indent + 5, psz);
3273 ptr = *psz;
3274 }
3275 else // ispopup == 0
3276
3277 {
3278 printf ("\n");
3279 for (j = 0; j < indent; j++)
3280 printf (" ");
3281 ptr += 2;
3282 id = *(WORD *) ptr;
3283 ptr += 2;
3284 strcpy (buff, ptr);
3285 l = strlen (ptr);
3286 ptr += l + 1;
3287 if (strchr (buff, 0x09) != NULL)
3288 {
3289 for (k = 0; k < l; k++)
3290 if (buff[k] == 0x09)
3291 break;
3292 for (j = 0; j < l - k; j++)
3293 buff[31 - j] = buff[l - j];
3294 for (j = k; j < 32 + k - l; j++)
3295 buff[j] = 32;
3296 }
3297 if (strchr (buff, 0x08) != NULL)
3298 {
3299 for (k = 0; k < l; k++)
3300 if (buff[k] == 0x08)
3301 break;
3302 for (j = 0; j < l - k; j++)
3303 buff[31 - j] = buff[l - j];
3304 for (j = k; j < 32 + k - l; j++)
3305 buff[j] = 32;
3306 }
3307 printf ("%s", buff);
3308 l = strlen (buff);
3309 for (j = l; j < 32; j++)
3310 printf (" ");
3311 printf ("[ID=%04Xh]", id);
3312 *psz = ptr;
3313 }
3314 if (flag & 0x0080)
3315 break;
3316 }
3317 return 0;
3318}
3319
3320
3321//
3322// This function is written by sang cho
3323// October 2, 1997
3324//
3325/* the format of menu is not known so I'll do my best */
3326int WINAPI
3328 char **psz,
3329 int size)
3330{
3331
3332 int i, j, k, n, l, c;
3333 char buff[32];
3334 char *ptr, *pmax;
3335
3336 ptr = *psz;
3337 pmax = ptr + size;
3338 for (i = 0; i < (size / 16) + 1; i++)
3339 {
3340 n = 0;
3341 for (j = 0; j < 16; j++)
3342 {
3343 c = (int) (*ptr);
3344 if (c < 0)
3345 c += 256;
3346 buff[j] = c;
3347 printf ("%02X", c);
3348 ptr++;
3349 if (ptr >= pmax)
3350 break;
3351 n++;
3352 if (n % 4 == 0)
3353 printf (" ");
3354 }
3355 n++;
3356 if (n % 4 == 0)
3357 printf (" ");
3358 l = j;
3359 j++;
3360 for (; j < 16; j++)
3361 {
3362 n++;
3363 if (n % 4 == 0)
3364 printf (" ");
3365 else
3366 printf (" ");
3367 }
3368 printf (" ");
3369 for (k = 0; k < l; k++)
3370 if (isprint (c = buff[k]))
3371 printf ("%c", c);
3372 else
3373 printf (".");
3374 printf ("\n");
3375 if (ptr >= pmax)
3376 break;
3377 }
3378
3379 *psz = ptr;
3380 return 0;
3381}
3382
3383
3384
3385
3386//
3387// This function is written by sang cho
3388// October 13, 1997
3389//
3390/* scan dialog box and copy dialog box */
3391int WINAPI
3393 LPVOID lpFile,
3394 char **pszResTypes)
3395{
3396 PIMAGE_RESOURCE_DIRECTORY prdType, prdName, prdLanguage;
3398 PIMAGE_RESOURCE_DIR_STRING_U pDialogName;
3400 PIMAGE_DIALOG_HEADER pDialogHeader;
3401 //PIMAGE_CONTROL_DATA pControlData;
3402 char buff[32];
3403 int /*nCnt = 0,*/ i, j;
3404 //int num = 0;
3405 int size;
3406 int sLength, nDialogs;
3407 //WORD flag;
3408 WORD *pwd;
3409 //DWORD prdeName;
3410 char *pMem/*, *pTemp*/;
3411 //BOOL isStrange = FALSE;
3412
3413
3414 /* get root directory of resource tree */
3417 return 0;
3418
3419 /* set pointer to first resource type entry */
3421 ((DWORD) prdType + sizeof (IMAGE_RESOURCE_DIRECTORY));
3422
3423 for (i = 0; i < prdType->NumberOfIdEntries; i++)
3424 {
3425 if (prde->Name == RT_DIALOG)
3426 break;
3427 prde++;
3428 }
3429 if (prde->Name != RT_DIALOG)
3430 return 0;
3431
3432 prdName = (PIMAGE_RESOURCE_DIRECTORY)
3433 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3434 if (prdName == NULL)
3435 return 0;
3436
3438 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3439
3440
3441 nDialogs = prdName->NumberOfNamedEntries + prdName->NumberOfIdEntries;
3442 sLength = 0;
3443
3444 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3445 {
3446 pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3447 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3448 sLength += pDialogName->Length + 1;
3449
3450 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3451 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3452 if (prdLanguage == NULL)
3453 continue;
3454
3456 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3457
3459 ((DWORD) prdType + prde1->OffsetToData);
3460 if (prData == NULL)
3461 continue;
3462
3463 size = prData->Size;
3464 sLength += 4 + size;
3465 prde++;
3466 }
3467 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3468 {
3469 sLength += 14;
3470
3471 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3472 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3473 if (prdLanguage == NULL)
3474 continue;
3475
3477 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3478
3480 ((DWORD) prdType + prde1->OffsetToData);
3481 if (prData == NULL)
3482 continue;
3483
3484 size = prData->Size;
3485 sLength += 4 + size;
3486 prde++;
3487 }
3488 //
3489 // allocate memory for menu names
3490 //
3491 *pszResTypes = (char *) calloc (sLength, 1);
3492
3493 pMem = *pszResTypes;
3494 //
3495 // and start all over again
3496 //
3498 ((DWORD) prdName + sizeof (IMAGE_RESOURCE_DIRECTORY));
3499
3500 for (i = 0; i < prdName->NumberOfNamedEntries; i++)
3501 {
3502 pDialogName = (PIMAGE_RESOURCE_DIR_STRING_U)
3503 ((DWORD) prdType + (prde->Name ^ 0x80000000));
3504
3505
3506 for (j = 0; j < pDialogName->Length; j++)
3507 *pMem++ = (char) (pDialogName->NameString[j]);
3508 *pMem = 0;
3509 pMem++;
3510
3511
3512 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3513 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3514 if (prdLanguage == NULL)
3515 continue;
3516
3518 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3519
3521 ((DWORD) prdType + prde1->OffsetToData);
3522 if (prData == NULL)
3523 continue;
3524
3525 pDialogHeader = (PIMAGE_DIALOG_HEADER)
3526 GetActualAddress (lpFile, prData->OffsetToData);
3527
3528
3529
3530 pwd = (WORD *) ((DWORD) pDialogHeader);
3531 size = prData->Size;
3532 *(int *) pMem = size;
3533 pMem += 4;
3534 StrangeMenuFill (&pMem, &pwd, size);
3535
3536 prde++;
3537 }
3538 for (i = 0; i < prdName->NumberOfIdEntries; i++)
3539 {
3540
3541 sprintf (buff, "DialogId_%04lX", (prde->Name));
3542 strcpy (pMem, buff);
3543 pMem += strlen (buff) + 1;
3544
3545 prdLanguage = (PIMAGE_RESOURCE_DIRECTORY)
3546 ((DWORD) prdType + (prde->OffsetToData ^ 0x80000000));
3547 if (prdLanguage == NULL)
3548 {
3549 printf ("\nprdLanguage = NULL");
3550 exit (0);
3551 }
3552
3554 ((DWORD) prdLanguage + sizeof (IMAGE_RESOURCE_DIRECTORY));
3555
3557 ((DWORD) prdType + prde1->OffsetToData);
3558 if (prData == NULL)
3559 {
3560 printf ("\nprData = NULL");
3561 exit (0);
3562 }
3563
3564 pDialogHeader = (PIMAGE_DIALOG_HEADER)
3565 GetActualAddress (lpFile, prData->OffsetToData);
3566
3567
3568 pwd = (WORD *) ((DWORD) pDialogHeader);
3569 size = prData->Size;
3570 *(int *) pMem = size;
3571 pMem += 4;
3572 StrangeMenuFill (&pMem, &pwd, size);
3573
3574 prde++;
3575 }
3576
3577 return nDialogs;
3578}
3579
3580
3581//
3582// This function is written by sang cho
3583// October 14, 1997
3584//
3585/* print contents of dialog */
3586void WINAPI
3588 char **psz)
3589{
3590 char *ptr;
3591
3592 ptr = *psz;
3593 if (*(WORD *) ptr == 0xFFFF)
3594 {
3595 ptr += 2;
3596 printf ("%04X", *(WORD *) ptr);
3597 ptr += 2;
3598 }
3599 else
3600 {
3601 printf ("%c", '"');
3602 while (*(WORD *) ptr)
3603 {
3604 printf ("%c", *ptr);
3605 ptr += 2;
3606 }
3607 ptr += 2;
3608 printf ("%c", '"');
3609 }
3610 *psz = ptr;
3611}
3612
3613
3614//
3615// This function is written by sang cho
3616// October 14, 1997
3617//
3618/* print contents of dialog */
3619void WINAPI
3621 char **psz)
3622{
3623 int i/*, j, k, l, n, c*/;
3624 int num, size;
3625 DWORD flag;
3626 WORD class;
3627 //char buff[32];
3628 char *ptr, *pmax;
3629 BOOL isStrange = FALSE;
3630
3631 ptr = *psz;
3632 size = *(int *) ptr;
3633 ptr += 4;
3634 pmax = ptr + size;
3635
3636 // IStype of Dialog Header
3637 flag = *(DWORD *) ptr;
3638 //
3639 // check if flag is right or not
3640 // it has been observed that some dialog information is strange
3641 // and extra work is needed to fix that ... so let's try something
3642 //
3643
3644 if ((flag & 0xFFFF0000) == 0xFFFF0000)
3645 {
3646 flag = *(DWORD *) (ptr + 12);
3647 num = *(short *) (ptr + 16);
3648 isStrange = TRUE;
3649 ptr += 26;
3650 }
3651 else
3652 {
3653 num = *(short *) (ptr + 8);
3654 ptr += 18;
3655 }
3656 printf (", # of Controls=%03d, Caption:%c", num, '"');
3657
3658 // Menu name
3659 if (*(WORD *) ptr == 0xFFFF)
3660 ptr += 4; // ordinal
3661
3662 else
3663 {
3664 while (*(WORD *) ptr)
3665 ptr += 2;
3666 ptr += 2;
3667 } // name
3668
3669 // Class name
3670 if (*(WORD *) ptr == 0xFFFF)
3671 ptr += 4; // ordinal
3672
3673 else
3674 {
3675 while (*(WORD *) ptr)
3676 ptr += 2;
3677 ptr += 2;
3678 } // name
3679
3680 // Caption
3681 while (*(WORD *) ptr)
3682 {
3683 printf ("%c", *ptr);
3684 ptr += 2;
3685 }
3686 ptr += 2;
3687 printf ("%c", '"');
3688
3689 // FONT present
3690 if (flag & 0x00000040)
3691 {
3692 if (isStrange)
3693 ptr += 6;
3694 else
3695 ptr += 2; // FONT size
3696
3697 while (*(WORD *) ptr)
3698 ptr += 2; // WCHARs
3699
3700 ptr += 2; // double null
3701
3702 }
3703
3704 // strange case adjust
3705 if (isStrange)
3706 ptr += 8;
3707
3708 // DWORD padding
3709 if ((ptr - *psz) % 4)
3710 ptr += 4 - ((ptr - *psz) % 4);
3711
3712 // start reporting .. finally
3713 for (i = 0; i < num; i++)
3714 {
3715 flag = *(DWORD *) ptr;
3716 if (isStrange)
3717 ptr += 14;
3718 else
3719 ptr += 16;
3720 printf ("\n Control::%03d - ID:", i + 1);
3721
3722 // Control ID
3723 printf ("%04X, Class:", *(WORD *) ptr);
3724 ptr += 2;
3725
3726 // Control Class
3727 if (*(WORD *) ptr == 0xFFFF)
3728 {
3729 ptr += 2;
3730 class = *(WORD *) ptr;
3731 ptr += 2;
3732 switch (class)
3733 {
3734 case 0x80:
3735 printf ("BUTTON ");
3736 break;
3737 case 0x81:
3738 printf ("EDIT ");
3739 break;
3740 case 0x82:
3741 printf ("STATIC ");
3742 break;
3743 case 0x83:
3744 printf ("LISTBOX ");
3745 break;
3746 case 0x84:
3747 printf ("SCROLLBAR");
3748 break;
3749 case 0x85:
3750 printf ("COMBOBOX ");
3751 break;
3752 default:
3753 printf ("%04X ", class);
3754 break;
3755 }
3756 }
3757 else
3759
3760 printf (" Text:");
3761
3762 // Text
3764
3765 // nExtraStuff
3766 ptr += 2;
3767
3768 // strange case adjust
3769 if (isStrange)
3770 ptr += 8;
3771
3772 // DWORD padding
3773 if ((ptr - *psz) % 4)
3774 ptr += 4 - ((ptr - *psz) % 4);
3775 }
3776
3777 /*
3778 ptr = *psz;
3779 printf("\n");
3780
3781 for (i=0; i<(size/16)+1; i++)
3782 {
3783 n = 0;
3784 for (j=0; j<16; j++)
3785 {
3786 c = (int)(*ptr);
3787 if (c<0) c+=256;
3788 buff[j] = c;
3789 printf ("%02X",c);
3790 ptr++;
3791 if (ptr >= pmax) break;
3792 n++;
3793 if (n%4 == 0) printf (" ");
3794 }
3795 n++; if (n%4 == 0) printf (" ");
3796 l = j;
3797 j++;
3798 for (; j<16; j++)
3799 { n++; if (n%4 == 0) printf (" "); else printf (" "); }
3800 printf (" ");
3801 for (k=0; k<l; k++)
3802 if (isprint(c=buff[k])) printf("%c", c); else printf(".");
3803 printf ("\n");
3804 if (ptr >= pmax) break;
3805 }
3806 */
3807
3808 *psz = pmax;
3809
3810}
3811
3812
3813
3814
3815
3816
3817/* function indicates whether debug info has been stripped from file */
3820 LPVOID lpFile)
3821{
3823
3824 pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
3825
3827}
3828
3829
3830
3831
3832/* retrieve the module name from the debug misc. structure */
3833int WINAPI
3835 LPVOID lpFile,
3836 char **pszModule)
3837{
3838
3840 PIMAGE_DEBUG_MISC pdm = NULL;
3841 int nCnt;
3842
3844 return 0;
3845
3846 while (pdd->SizeOfData)
3847 {
3848 if (pdd->Type == IMAGE_DEBUG_TYPE_MISC)
3849 {
3850 pdm = (PIMAGE_DEBUG_MISC) ((DWORD) pdd->PointerToRawData + (DWORD) lpFile);
3851 *pszModule = (char *) calloc ((nCnt = (strlen ((char *)pdm->Data))) + 1, 1);
3852 // may need some unicode business here...above
3853 bcopy (pdm->Data, *pszModule, nCnt);
3854
3855 break;
3856 }
3857
3858 pdd++;
3859 }
3860
3861 if (pdm != NULL)
3862 return nCnt;
3863 else
3864 return 0;
3865}
3866
3867
3868
3869
3870
3871/* determine if this is a valid debug file */
3874 LPVOID lpFile)
3875{
3877
3878 psdh = (PIMAGE_SEPARATE_DEBUG_HEADER) lpFile;
3879
3880 return (psdh->Signature == IMAGE_SEPARATE_DEBUG_SIGNATURE);
3881}
3882
3883
3884
3885
3886/* copy separate debug header structure from debug file */
3889 LPVOID lpFile,
3891{
3893
3895
3896 if (pdh->Signature == IMAGE_SEPARATE_DEBUG_SIGNATURE)
3897 {
3898 bcopy ((LPVOID) pdh, (LPVOID) psdh, sizeof (IMAGE_SEPARATE_DEBUG_HEADER));
3899 return TRUE;
3900 }
3901
3902 return FALSE;
3903}
3904
3905//
3906// I tried to immitate the output of w32dasm disassembler.
3907// which is a pretty good program.
3908// but I am disappointed with this program and I myself
3909// am writting a disassembler.
3910// This PEdump program is a byproduct of that project.
3911// so enjoy this program and I hope we will have a little more
3912// knowledge on windows programming world.
3913// .... sang cho
3914
3915#define MAXSECTIONNUMBER 16
3916#define MAXNAMESTRNUMBER 40
3917int
3919 int argc,
3920 char **argv
3921)
3922{
3923 DWORD fileType;
3924 LPVOID lpFile;
3925 FILE *my_fp;
3926 IMAGE_DOS_HEADER dosHdr;
3930 //IMAGE_SECTION_HEADER idsh;
3932 //PIMAGE_IMPORT_MODULE_DIRECTORY pid;
3933
3934 int nSections; // number of sections
3935
3936 int nResources; // number of resources
3937
3938 int nMenus; // number of menus
3939
3940 int nDialogs; // number of dialogs
3941
3942 int nImportedModules; // number of imported modules
3943
3944 int nFunctions; // number of functions in the imported module
3945
3946 int nExportedFunctions; // number of exported funcions
3947
3948 int imageBase;
3949 int entryPoint;
3950
3951 int i, j, /*k,*/ n;
3952 //int mnsize;
3953 //int nCnt;
3954 //int nSize;
3955 int fsize;
3956 char *pnstr;
3957 char *pst;
3958 char *piNameBuff; // import module name buffer
3959
3960 char *pfNameBuff; // import functions in the module name buffer
3961
3962 char *peNameBuff; // export function name buffer
3963
3964 char *pmNameBuff; // menu name buffer
3965
3966 char *pdNameBuff; // dialog name buffer
3967
3968 /*
3969 * Check user arguments.
3970 */
3971 if (2 == argc)
3972 {
3973 my_fp = fopen (argv[1], "rb");
3974 if (my_fp == NULL)
3975 {
3976 printf (
3977 "%s: can not open input file \"%s\".\n",
3978 argv[0],
3979 argv[1]
3980 );
3981 exit (0);
3982 }
3983 }
3984 else
3985 {
3986 printf (
3987 "%s - PE/COFF file dumper\n"
3988 "Copyright (c) 1993 Randy Kath (MSDN Technology Group)\n"
3989 "Copyright (c) 1997 Sang Cho (CS & Engineering - Chongju University)\n"
3990 "Copyright (c) 2000 Emanuele Aliberti (ReactOS Development Team)\n\n",
3991 argv[0]
3992 );
3993 printf (
3994 "usage: %s input_file_name\n",
3995 argv[0]
3996 );
3997 exit (0);
3998 }
3999 /*
4000 * Get input file's size.
4001 */
4002 /* argv [0], */
4003 fseek (my_fp, 0L, SEEK_END);
4004 fsize = ftell (my_fp);
4005 rewind (my_fp);
4006 /*
4007 * Buffer the file in memory.
4008 */
4009 lpFile = (void *) calloc (fsize, 1);
4010 if (lpFile == NULL)
4011 {
4012 printf (
4013 "%s: can not allocate memory.\n",
4014 argv[0]
4015 );
4016 fclose(my_fp);
4017 exit (0);
4018 }
4019 /*
4020 * --- Start of report ---
4021 */
4022 printf ("\n\nDump of file: %s\n\n", argv[1]);
4023
4024 n = fread (lpFile, fsize, 1, my_fp);
4025 fclose(my_fp);
4026
4027 if (n == -1)
4028 {
4029 printf (
4030 "%s: failed to read the file \"%s\".\n",
4031 argv[0],
4032 argv[1]
4033 );
4034 free(lpFile);
4035 exit (0);
4036 }
4037
4038 GetDosHeader (lpFile, &dosHdr);
4039
4040 if ((WORD) IMAGE_DOS_SIGNATURE == dosHdr.e_magic)
4041 {
4042 if ((dosHdr.e_lfanew > 4096)
4043 || (dosHdr.e_lfanew < 64)
4044 )
4045 {
4046 printf (
4047 "%s: This file is not in PE format; it looks like in DOS format.\n",
4048 argv[0]
4049 );
4050 free(lpFile);
4051 exit (0);
4052 }
4053 }
4054 else
4055 {
4056 printf (
4057 "%s: This doesn't look like an executable file (magic = 0x%04x).\n",
4058 argv[0],
4059 dosHdr.e_magic
4060 );
4061 free(lpFile);
4062 exit (0);
4063 }
4064
4065 fileType = ImageFileType (lpFile);
4066
4067 if (fileType != IMAGE_NT_SIGNATURE)
4068 {
4069 printf (
4070 "%s: This file is not in PE format (magic = 0x%08lx).\n",
4071 argv[0],
4072 fileType
4073 );
4074 free(lpFile);
4075 exit (0);
4076 }
4077
4078 //=====================================
4079 // now we can really start processing
4080 //=====================================
4081
4082 pfh = (PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile);
4083
4084 poh = (PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET (lpFile);
4085
4086 psh = (PIMAGE_SECTION_HEADER) SECHDROFFSET (lpFile);
4087
4088 nSections = pfh->NumberOfSections;
4089
4090 imageBase = poh->ImageBase;
4091
4092 entryPoint = poh->AddressOfEntryPoint;
4093
4094 if (psh == NULL)
4095 {
4096 free(lpFile);
4097 return 0;
4098 }
4099
4100 /* store section headers */
4101
4102 for (i = 0;
4103 i < nSections;
4104 i++
4105 )
4106 {
4107 shdr[i] = *psh++;
4108 }
4109 /*
4110 * Get Code offset and size,
4111 * Data offset and size.
4112 */
4113 for (i = 0;
4114 i < nSections;
4115 i++
4116 )
4117 {
4118 if (poh->BaseOfCode == shdr[i].VirtualAddress)
4119 {
4120 printf (
4121 "Code Offset = %08lX, Code Size = %08lX \n",
4122 shdr[i].PointerToRawData,
4123 shdr[i].SizeOfRawData
4124 );
4125 }
4126 if (((shdr[i].Characteristics) & 0xC0000040) == 0xC0000040)
4127 {
4128 printf (
4129 "Data Offset = %08lX, Data Size = %08lX \n",
4130 shdr[i].PointerToRawData,
4131 shdr[i].SizeOfRawData
4132 );
4133 break;
4134 }
4135 }
4136
4137 printf ("\n");
4138
4139 printf (
4140 "Number of Objects = %04d (dec), Imagebase = %08Xh \n",
4141 nSections,
4142 imageBase
4143 );
4144 /*
4145 * Object name alignment.
4146 */
4147 for (i = 0;
4148 i < nSections;
4149 i++
4150 )
4151 {
4152 for (j = 0;
4153 j < 7;
4154 j++
4155 )
4156 {
4157 if (shdr[i].Name[j] == 0)
4158 {
4159 shdr[i].Name[j] = 32;
4160 }
4161 }
4162 shdr[i].Name[7] = 0;
4163 }
4164 for (i = 0; i < nSections; i++)
4165 printf ("\n Object%02d: %8s RVA: %08lX Offset: %08lX Size: %08lX Flags: %08lX ",
4166 i + 1, shdr[i].Name, shdr[i].VirtualAddress, shdr[i].PointerToRawData,
4167 shdr[i].SizeOfRawData, shdr[i].Characteristics);
4168 /*
4169 * Get List of Resources.
4170 */
4171 nResources = GetListOfResourceTypes (lpFile, &pnstr);
4172 pst = pnstr;
4173 printf ("\n");
4174 printf ("\n+++++++++++++++++++ RESOURCE INFORMATION +++++++++++++++++++");
4175 printf ("\n");
4176 if (nResources == 0)
4177 printf ("\n There are no Resources in This Application.\n");
4178 else
4179 {
4180 printf ("\nNumber of Resource Types = %4d (decimal)\n", nResources);
4181 for (i = 0; i < nResources; i++)
4182 {
4183 printf ("\n Resource Type %03d: %s", i + 1, pst);
4184 pst += strlen ((char *) (pst)) + 1;
4185 }
4186 free ((void *) pnstr);
4187
4188 printf ("\n");
4189 printf ("\n+++++++++++++++++++ MENU INFORMATION +++++++++++++++++++");
4190 printf ("\n");
4191
4192 nMenus = GetContentsOfMenu (lpFile, &pmNameBuff);
4193
4194 if (nMenus == 0)
4195 {
4196 printf ("\n There are no Menus in This Application.\n");
4197 }
4198 else
4199 {
4200 pst = pmNameBuff;
4201 printf ("\nNumber of Menus = %4d (decimal)", nMenus);
4202
4203 //dumpMenu(&pst, 8096);
4204 for (i = 0; i < nMenus; i++)
4205 {
4206 // menu ID print
4207 printf ("\n\n%s", pst);
4208 pst += strlen (pst) + 1;
4209 printf ("\n-------------");
4210 if (strncmp (pst, ":::::::::::", 11) == 0)
4211 {
4212 printf ("\n");
4213 PrintStrangeMenu (&pst);
4214 }
4215 else
4216 {
4217 PrintMenu (6, &pst);
4218 }
4219 //else PrintStrangeMenu(&pst);
4220 }
4221 free ((void *) pmNameBuff);
4222 printf ("\n");
4223 }
4224
4225 printf ("\n");
4226 printf ("\n+++++++++++++++++ DIALOG INFORMATION +++++++++++++++++++");
4227 printf ("\n");
4228
4229 nDialogs = GetContentsOfDialog (lpFile, &pdNameBuff);
4230
4231 if (nDialogs == 0)
4232 {
4233 printf ("\n There are no Dialogs in This Application.\n");
4234 }
4235 else
4236 {
4237 pst = pdNameBuff;
4238 printf ("\nNumber of Dialogs = %4d (decimal)", nDialogs);
4239
4240 printf ("\n");
4241
4242 for (i = 0; i < nDialogs; i++)
4243 {
4244 // Dialog ID print
4245 printf ("\nName: %s", pst);
4246 pst += strlen (pst) + 1;
4247 PrintDialog (&pst);
4248 }
4249 free ((void *) pdNameBuff);
4250 printf ("\n");
4251 }
4252 }
4253
4254 printf ("\n+++++++++++++++++++ IMPORTED FUNCTIONS +++++++++++++++++++");
4255
4256 nImportedModules = GetImportModuleNames (lpFile, &piNameBuff);
4257 if (nImportedModules == 0)
4258 {
4259 printf ("\n There are no imported Functions in This Application.\n");
4260 }
4261 else
4262 {
4263 pnstr = piNameBuff;
4264 printf ("\nNumber of Imported Modules = %4d (decimal)\n", nImportedModules);
4265 for (i = 0; i < nImportedModules; i++)
4266 {
4267 printf ("\n Import Module %03d: %s", i + 1, pnstr);
4268 pnstr += strlen ((char *) (pnstr)) + 1;
4269 }
4270
4271 printf ("\n");
4272 printf ("\n+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++++");
4273 pnstr = piNameBuff;
4274 for (i = 0; i < nImportedModules; i++)
4275 {
4276 printf ("\n\n Import Module %03d: %s \n", i + 1, pnstr);
4277 nFunctions = GetImportFunctionNamesByModule (lpFile, pnstr, &pfNameBuff);
4278 pnstr += strlen ((char *) (pnstr)) + 1;
4279 pst = pfNameBuff;
4280 for (j = 0; j < nFunctions; j++)
4281 {
4282 printf ("\nAddr:%08X hint(%04X) Name: %s",
4283 (*(int *) pst), (*(short *) (pst + 4)),
4284 //(pst+6));
4285 TranslateFunctionName (pst + 6));
4286 pst += strlen ((char *) (pst + 6)) + 1 + 6;
4287 }
4288 free ((void *) pfNameBuff);
4289 }
4290 free ((void *) piNameBuff);
4291 }
4292
4293 printf ("\n");
4294 printf ("\n+++++++++++++++++++ EXPORTED FUNCTIONS +++++++++++++++++++");
4295
4296 nExportedFunctions = GetExportFunctionNames (lpFile, &peNameBuff);
4297 printf ("\nNumber of Exported Functions = %4d (decimal)\n", nExportedFunctions);
4298
4299 if (nExportedFunctions > 0)
4300 {
4301 pst = peNameBuff;
4302
4303 for (i = 0; i < nExportedFunctions; i++)
4304 {
4305 printf ("\nAddr:%08X Ord:%4d (%04Xh) Name: %s",
4306 (*(int *) pst), (*(WORD *) (pst + 4)), (*(WORD *) (pst + 4)),
4307 //(pst+6));
4308 TranslateFunctionName (pst + 6));
4309 pst += strlen ((char *) (pst + 6)) + 6 + 1;
4310 }
4311 free ((void *) peNameBuff);
4312 }
4313
4314 free ((void *) lpFile);
4315
4316 return 0;
4317}
4318
4319
4320/* EOF */
unsigned char BOOLEAN
static int argc
Definition: ServiceArgs.c:12
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
#define isdigit(c)
Definition: acclib.h:68
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
#define isprint(c)
Definition: acclib.h:73
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
char * strncpy(char *DstString, const char *SrcString, ACPI_SIZE Count)
Definition: utclib.c:427
char * strchr(const char *String, int ch)
Definition: utclib.c:501
void pwd(int argc, const char *argv[])
Definition: cmds.c:1401
r l[0]
Definition: byte_order.h:168
#define SEEK_END
Definition: cabinet.c:27
#define free
Definition: debug_ros.c:5
static const WCHAR indent[]
Definition: object.c:1156
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
int main()
Definition: test.c:6
static unsigned char buff[32768]
Definition: fatten.c:17
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
unsigned short WORD
Definition: ntddk_ex.h:93
#define printf
Definition: freeldr.h:94
GLsizeiptr size
Definition: glext.h:5919
GLdouble n
Definition: glext.h:7729
const GLubyte * c
Definition: glext.h:8905
GLuint GLuint num
Definition: glext.h:9618
GLenum GLsizei len
Definition: glext.h:6722
GLuint id
Definition: glext.h:5910
GLint fsize
Definition: glext.h:9408
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean flag
Definition: glfuncs.h:52
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
FxContextHeader * pHeader
Definition: handleapi.cpp:604
_CRTIMP void __cdecl rewind(_Inout_ FILE *_File)
_Check_return_opt_ _CRTIMP size_t __cdecl fread(_Out_writes_bytes_(_ElementSize *_Count) void *_DstBuf, _In_ size_t _ElementSize, _In_ size_t _Count, _Inout_ FILE *_File)
_Check_return_ _CRTIMP FILE *__cdecl fopen(_In_z_ const char *_Filename, _In_z_ const char *_Mode)
_Check_return_opt_ _CRTIMP int __cdecl fseek(_Inout_ FILE *_File, _In_ long _Offset, _In_ int _Origin)
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
_Check_return_ _CRTIMP long __cdecl ftell(_Inout_ FILE *_File)
uint32_t cc
Definition: isohybrid.c:75
#define c
Definition: ke_i.h:80
if(dx< 0)
Definition: linetemp.h:194
static PVOID ptr
Definition: dispmode.c:27
#define sprintf(buf, format,...)
Definition: sprintf.c:55
int k
Definition: mpi.c:3369
#define argv
Definition: mplay32.c:18
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES
Definition: ntimage.h:280
#define L(x)
Definition: ntvdm.h:50
static HMODULE pdh
Definition: pdh.c:30
#define LOWORD(l)
Definition: pedump.c:82
int WINAPI GetContentsOfDialog(LPVOID lpFile, char **pszResTypes)
Definition: pedump.c:3392
struct _IMAGE_RESOURCE_DIRECTORY_STRING * PIMAGE_RESOURCE_DIRECTORY_STRING
int BOOL
Definition: pedump.c:63
#define NULL
Definition: pedump.c:76
int WINAPI GetContentsOfMenu(LPVOID, char **)
Definition: pedump.c:2921
struct _IMAGE_MENU_HEADER IMAGE_MENU_HEADER
struct _IMAGE_DEBUG_MISC IMAGE_DEBUG_MISC
LPVOID WINAPI GetModuleEntryPoint(LPVOID)
Definition: pedump.c:1007
#define IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: pedump.c:259
struct _IMAGE_NT_HEADERS IMAGE_NT_HEADERS
void WINAPI PrintDialog(char **psz)
Definition: pedump.c:3620
int WINAPI GetListOfResourceTypes(LPVOID, char **)
Definition: pedump.c:2536
struct _IMAGE_DIALOG_BOX_HEADER1 IMAGE_DIALOG_HEADER
struct _IMAGE_RESOURCE_DIRECTORY * PIMAGE_RESOURCE_DIRECTORY
void WINAPI GetPreviousParamString(char *, char *)
Definition: pedump.c:1403
unsigned short WORD
Definition: pedump.c:65
#define IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pedump.c:260
LPVOID WINAPI ImageDirectorySection(LPVOID, DWORD)
int WINAPI MenuFill(char **, WORD **)
Definition: pedump.c:2806
WORD * PWORD
Definition: pedump.c:67
BOOL WINAPI IsDebugFile(LPVOID)
Definition: pedump.c:3873
int WINAPI GetStringLength(char *)
Definition: pedump.c:1382
int WINAPI dumpMenu(char **psz, int size)
Definition: pedump.c:3327
BOOL WINAPI StringExpands(char **, char **, char **, Str_P *)
Definition: pedump.c:1679
int WINAPI PrintMenu(int, char **)
Definition: pedump.c:3244
struct _IMAGE_RESOURCE_DIR_STRING_U IMAGE_RESOURCE_DIR_STRING_U
BOOL WINAPI IsDebugInfoStripped(LPVOID)
Definition: pedump.c:3819
struct _IMAGE_SEPARATE_DEBUG_HEADER * PIMAGE_SEPARATE_DEBUG_HEADER
LPVOID WINAPI GetActualAddress(LPVOID lpFile, DWORD dwRVA)
Definition: pedump.c:1055
struct _IMAGE_SECTION_HEADER * PIMAGE_SECTION_HEADER
struct _IMAGE_POPUP_MENU_ITEM IMAGE_POPUP_MENU_ITEM
short WCHAR
Definition: pedump.c:58
struct _IMAGE_RESOURCE_DATA_ENTRY * PIMAGE_RESOURCE_DATA_ENTRY
#define OPTHDROFFSET(a)
Definition: pedump.c:815
struct _IMAGE_NT_HEADERS * PIMAGE_NT_HEADERS
struct _IMAGE_OPTIONAL_HEADER IMAGE_OPTIONAL_HEADER
struct _IMAGE_DATA_DIRECTORY IMAGE_DATA_DIRECTORY
#define PEFHDROFFSET(a)
Definition: pedump.c:810
#define IMAGE_OS2_SIGNATURE_LE
Definition: pedump.c:91
int WINAPI GetImportModuleNames(LPVOID, char **)
Definition: pedump.c:1208
#define RT_MENU
Definition: pedump.c:366
struct _IMAGE_DIALOG_BOX_HEADER1 * PIMAGE_DIALOG_HEADER
struct _IMAGE_CONTROL_DATA * PIMAGE_CONTROL_DATA
struct _IMAGE_DEBUG_DIRECTORY * PIMAGE_DEBUG_DIRECTORY
LPVOID WINAPI ImageDirectoryOffset(LPVOID, DWORD)
Definition: pedump.c:1097
unsigned char BYTE
Definition: pedump.c:64
struct _IMAGE_MENU_HEADER * PIMAGE_MENU_HEADER
BOOL WINAPI GetSectionHdrByName(LPVOID, PIMAGE_SECTION_HEADER, char *)
#define IMAGE_DIRECTORY_ENTRY_DEBUG
Definition: pedump.c:265
struct tagImportDirectory * PIMAGE_IMPORT_MODULE_DIRECTORY
void WINAPI TranslateParameters(char **, char **, char **)
Definition: pedump.c:1468
struct _IMAGE_FILE_HEADER IMAGE_FILE_HEADER
BYTE * PBYTE
Definition: pedump.c:66
#define bcopy(s, d, z)
Definition: pedump.c:54
BOOL WINAPI GetPEFileHeader(LPVOID, PIMAGE_FILE_HEADER)
Definition: pedump.c:969
int boolean
Definition: pedump.c:70
struct _IMAGE_IMPORT_BY_NAME IMAGE_IMPORT_BY_NAME
struct _IMAGE_CONTROL_DATA IMAGE_CONTROL_DATA
struct _IMAGE_DEBUG_MISC * PIMAGE_DEBUG_MISC
char *WINAPI TranslateFunctionName(char *)
Definition: pedump.c:1953
struct _IMAGE_RESOURCE_DIR_STRING_U * PIMAGE_RESOURCE_DIR_STRING_U
DWORD WINAPI ImageFileType(LPVOID)
Definition: pedump.c:941
struct _IMAGE_NORMAL_MENU_ITEM IMAGE_NORMAL_MENU_ITEM
struct _IMAGE_RESOURCE_DIRECTORY_ENTRY IMAGE_RESOURCE_DIRECTORY_ENTRY
DWORD * PDWORD
Definition: pedump.c:68
#define IMAGE_FILE_DEBUG_STRIPPED
Definition: pedump.c:165
#define IMAGE_NT_SIGNATURE
Definition: pedump.c:93
union _NAME_OR_ORDINAL NAME_OR_ORDINAL
int WINAPI MenuScan(int *, WORD **)
Definition: pedump.c:2738
#define RT_DIALOG
Definition: pedump.c:367
struct _IMAGE_EXPORT_DIRECTORY * PIMAGE_EXPORT_DIRECTORY
struct _IMAGE_DEBUG_DIRECTORY IMAGE_DEBUG_DIRECTORY
#define MAXSECTIONNUMBER
Definition: pedump.c:3915
struct _IMAGE_OPTIONAL_HEADER * PIMAGE_OPTIONAL_HEADER
BOOL WINAPI GetDosHeader(LPVOID, PIMAGE_DOS_HEADER)
Definition: pedump.c:915
struct _IMAGE_DOS_HEADER IMAGE_DOS_HEADER
struct _IMAGE_POPUP_MENU_ITEM * PIMAGE_POPUP_MENU_ITEM
struct _IMAGE_RESOURCE_DIRECTORY_STRING IMAGE_RESOURCE_DIRECTORY_STRING
short SHORT
Definition: pedump.c:59
long LONG
Definition: pedump.c:60
#define WINAPI
Definition: pedump.c:83
BOOL WINAPI GetPEOptionalHeader(LPVOID, PIMAGE_OPTIONAL_HEADER)
Definition: pedump.c:988
#define IMAGE_OS2_SIGNATURE
Definition: pedump.c:90
LPVOID WINAPI GetImageBase(LPVOID)
Definition: pedump.c:1035
struct tagImportDirectory IMAGE_IMPORT_MODULE_DIRECTORY
#define TRUE
Definition: pedump.c:80
#define FALSE
Definition: pedump.c:79
struct _IMAGE_RESOURCE_DIRECTORY IMAGE_RESOURCE_DIRECTORY
int WINAPI PrintStrangeMenu(char **)
Definition: pedump.c:3202
void WINAPI PrintNameOrOrdinal(char **psz)
Definition: pedump.c:3587
#define IMAGE_DEBUG_TYPE_MISC
Definition: pedump.c:727
struct _IMAGE_DATA_DIRECTORY * PIMAGE_DATA_DIRECTORY
struct _IMAGE_EXPORT_DIRECTORY IMAGE_EXPORT_DIRECTORY
union _NAME_OR_ORDINAL * PNAME_OR_ORDINAL
void WINAPI StrangeMenuFill(char **, WORD **, int)
Definition: pedump.c:2710
int WINAPI GetExportFunctionNames(LPVOID, char **)
Definition: pedump.c:2365
int WINAPI NumOfSections(LPVOID)
Definition: pedump.c:1023
struct _IMAGE_IMPORT_BY_NAME * PIMAGE_IMPORT_BY_NAME
unsigned short USHORT
Definition: pedump.c:61
#define IMAGE_DOS_SIGNATURE
Definition: pedump.c:89
struct _IMAGE_RESOURCE_DIRECTORY_ENTRY * PIMAGE_RESOURCE_DIRECTORY_ENTRY
struct _IMAGE_SEPARATE_DEBUG_HEADER IMAGE_SEPARATE_DEBUG_HEADER
#define SECHDROFFSET(a)
Definition: pedump.c:821
struct _IMAGE_NORMAL_MENU_ITEM * PIMAGE_NORMAL_MENU_ITEM
unsigned long DWORD
Definition: pedump.c:62
struct _Str_P Str_P
struct _IMAGE_RESOURCE_DATA_ENTRY IMAGE_RESOURCE_DATA_ENTRY
#define NTSIGNATURE(a)
Definition: pedump.c:805
struct _IMAGE_DOS_HEADER * PIMAGE_DOS_HEADER
int WINAPI RetrieveModuleName(LPVOID, char **)
Definition: pedump.c:3834
char CHAR
Definition: pedump.c:57
int WINAPI GetImportFunctionNamesByModule(LPVOID, char *, char **)
Definition: pedump.c:1265
#define MAXRESOURCENAME
Definition: pedump.c:801
int WINAPI GetSectionNames(LPVOID, char **)
Definition: pedump.c:1136
#define IMAGE_SEPARATE_DEBUG_SIGNATURE
Definition: pedump.c:788
struct _IMAGE_FILE_HEADER * PIMAGE_FILE_HEADER
struct _IMAGE_SECTION_HEADER IMAGE_SECTION_HEADER
void * LPVOID
Definition: pedump.c:69
#define IMAGE_DIRECTORY_ENTRY_RESOURCE
Definition: pedump.c:261
BOOL WINAPI GetSeparateDebugHeader(LPVOID, PIMAGE_SEPARATE_DEBUG_HEADER)
Definition: pedump.c:3888
int WINAPI GetNumberOfResources(LPVOID)
Definition: pedump.c:2493
#define calloc
Definition: rosglue.h:14
#define exit(n)
Definition: config.h:202
short sh
Definition: format.c:272
CardRegion * pStack[NUM_STACKS]
Definition: spigame.cpp:21
DWORD IExtendedStyle
Definition: pedump.c:569
DWORD DataType
Definition: compat.h:170
BOOLEAN Unicode
Definition: compat.h:172
BYTE Data[1]
Definition: compat.h:174
WORD e_res2[10]
Definition: ntddk_ex.h:117
PDWORD * AddressOfFunctions
Definition: pedump.c:317
PDWORD * AddressOfNames
Definition: pedump.c:318
DWORD AddressOfNameOrdinals
Definition: compat.h:167
PWORD * AddressOfNameOrdinals
Definition: pedump.c:319
DWORD NumberOfSymbols
Definition: ntddk_ex.h:126
DWORD PointerToSymbolTable
Definition: ntddk_ex.h:125
WORD SizeOfOptionalHeader
Definition: ntddk_ex.h:127
IMAGE_FILE_HEADER FileHeader
Definition: ntddk_ex.h:183
IMAGE_OPTIONAL_HEADER OptionalHeader
Definition: pedump.c:251
WORD MinorOperatingSystemVersion
Definition: ntddk_ex.h:161
WORD MajorOperatingSystemVersion
Definition: ntddk_ex.h:160
DWORD SizeOfUninitializedData
Definition: ntddk_ex.h:148
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
Definition: ntddk_ex.h:178
WCHAR szItemText[1]
Definition: pedump.c:487
Definition: pedump.c:458
DWORD Reserved
Definition: pedump.c:462
DWORD CodePage
Definition: pedump.c:461
DWORD OffsetToData
Definition: pedump.c:459
DWORD Size
Definition: pedump.c:460
Definition: pedump.c:414
DWORD OffsetToData
Definition: pedump.c:416
DWORD Name
Definition: pedump.c:415
DWORD PointerToLinenumbers
Definition: pedump.c:292
DWORD PointerToRelocations
Definition: pedump.c:291
DWORD PointerToRawData
Definition: pedump.c:290
BYTE Name[IMAGE_SIZEOF_SHORT_NAME]
Definition: pedump.c:281
WORD NumberOfLinenumbers
Definition: pedump.c:294
union _IMAGE_SECTION_HEADER::@1539 Misc
WORD NumberOfRelocations
Definition: pedump.c:293
Definition: pedump.c:862
int length
Definition: pedump.c:867
char flag
Definition: pedump.c:863
BOOL wasString
Definition: pedump.c:869
char * pos
Definition: pedump.c:865
Definition: name.c:39
Definition: regsvr.c:104
DWORD dwRVAFunctionAddressList
Definition: pedump.c:834
DWORD dwRVAModuleName
Definition: pedump.c:833
DWORD dwRVAFunctionNameList
Definition: pedump.c:830
DWORD dwUseless1
Definition: pedump.c:831
DWORD dwUseless2
Definition: pedump.c:832
WCHAR szName[1]
Definition: pedump.c:559
struct _NAME_OR_ORDINAL::_ORD_ID ORD_ID
_Must_inspect_result_ _In_ WDFDMATRANSACTION _In_ PFN_WDF_PROGRAM_DMA _In_ WDF_DMA_DIRECTION _In_ PMDL _In_ PVOID VirtualAddress
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2074
_In_ ULONG_PTR _In_ ULONG _Out_ ULONG_PTR * pid
Definition: winddi.h:3837
_Reserved_ PVOID Reserved
Definition: winddi.h:3974
#define IMAGE_SIZEOF_SHORT_NAME
Definition: winnt_old.h:676
__wchar_t WCHAR
Definition: xmlstorage.h:180
char CHAR
Definition: xmlstorage.h:175
unsigned char BYTE
Definition: xxhash.c:193