December 03, 2020, 08:21:41 PM

Author Topic: [bmx] Read Win32 executable data section names by BlitzSupport [ 1+ years ago ]  (Read 635 times)

Offline BlitzBot

  • Jr. Member
  • **
  • Posts: 1
Title : Read Win32 executable data section names
Author : BlitzSupport
Posted : 1+ years ago

Description : This code was adapted from PureBasic code by PB forum member 'thefool', and simply lists the data sections to be found in a Windows executable file.

I did this purely as an exercise in response to <a href="../Community/postsf6ac-2.html?topic=88162" target="_blank">this query[/url].


Code :
Code: BlitzMax
  1. ' -----------------------------------------------------------------------------
  2. ' Adapted from PureBasic code by thefool:
  3. ' -----------------------------------------------------------------------------
  4. ' www.purebasic.fr/english/viewtopic.php?f=5&t=23080
  5. ' -----------------------------------------------------------------------------
  6.  
  7. SuperStrict
  8.  
  9. ' -----------------------------------------------------------------------------
  10. ' *** CHANGE TO A WIN32 EXECUTABLE ON YOUR SYSTEM!
  11. ' -----------------------------------------------------------------------------
  12.  
  13. Local executable:String = "C:BlitzMaxMaxIDE.exe"
  14.  
  15. ' -----------------------------------------------------------------------------
  16. ' Constants and structures defined at bottom of code!
  17. ' -----------------------------------------------------------------------------
  18.  
  19. Local exe:TStream = ReadFile (executable)
  20.  
  21. If exe = Null Then RuntimeError "Fail! Change executable path..."
  22.  
  23. Local exesize:Int = StreamSize (exe)
  24. Local bank:TBank = CreateBank (exesize)
  25.  
  26. Local bankstream:TStream = CreateBankStream (bank)
  27. CopyStream exe, bankstream
  28. CloseStream bankstream
  29. CloseFile exe
  30.        
  31. Local bankptr:Byte Ptr = LockBank (bank)
  32.  
  33. Local dosheader:IMAGE_DOS_HEADER = New IMAGE_DOS_HEADER
  34. MemCopy dosheader, bankptr, SizeOf (IMAGE_DOS_HEADER)
  35.  
  36. Print ""
  37. Print "Reading structures from " + executable
  38.  
  39. Print ""
  40. Print "Miscellaneous information:"
  41. Print ""
  42.  
  43. Print "Magic number for Windows executables: " + ShowBytes (dosheader, 2) +  " (should be MZ)"
  44.  
  45. Local ntheader:IMAGE_NT_HEADERS = New IMAGE_NT_HEADERS
  46. MemCopy ntheader, bankptr + Int (dosheader.e_lfanew), SizeOf (IMAGE_NT_HEADERS)
  47.  
  48. If Right (Hex (ntheader.Signature), 4) = "4550"
  49.         Print "Got NT signature"
  50. Else
  51.         Print "File has no NT signature"
  52. EndIf
  53.  
  54. Select ntheader.Machine
  55.         Case IMAGE_FILE_MACHINE_I386
  56.                 Print "Built for x86"
  57.         Case IMAGE_FILE_MACHINE_IA64
  58.                 Print "Built for Intel IPF"
  59.         Case IMAGE_FILE_MACHINE_AMD64
  60.                 Print "Built for x64"
  61. End Select
  62.  
  63. Print ""
  64. Print "Sections:"
  65. Print ""
  66.  
  67. For Local loop:Int = 0 Until ntheader.NumberOfSections
  68.         Print ShowBytes (bankptr + Int (dosheader.e_lfanew) + SizeOf (IMAGE_NT_HEADERS) + SizeOf (IMAGE_SECTION_HEADER) * loop, 8)
  69. Next
  70.  
  71. UnlockBank bank
  72.  
  73. End
  74.  
  75. ' -----------------------------------------------------------------------------
  76. ' Helper...
  77. ' -----------------------------------------------------------------------------
  78.  
  79. Function ShowBytes:String (mem:Byte Ptr, size:Long)
  80.        
  81.         Local b:Long
  82.  
  83.         Local bytes:String
  84.         Local output:String
  85.        
  86.         For b = 0 Until size
  87.                 bytes = bytes + Chr (mem [b])
  88.         Next
  89.  
  90.         Return "[" + bytes + "]"
  91.                
  92. End Function
  93.  
  94. ' -----------------------------------------------------------------------------
  95. ' Constants...
  96. ' -----------------------------------------------------------------------------
  97.  
  98. Const IMAGE_SIZEOF_SHORT_NAME:Int = 8
  99. Const IMAGE_NUMBEROF_DIRECTORY_ENTRIES:Int = 16
  100.  
  101. Const IMAGE_FILE_MACHINE_I386:Int = $014c       ' x86
  102. Const IMAGE_FILE_MACHINE_IA64:Int = $0200       ' Intel IPF
  103. Const IMAGE_FILE_MACHINE_AMD64:Int = $8664      ' x64
  104.  
  105. ' -----------------------------------------------------------------------------
  106. ' Structures -- lots of hacking and padding to make Blitz-friendly!
  107. ' -----------------------------------------------------------------------------
  108.  
  109. ' Not all are used, as references to other structures within are defined directly to make Blitz happy...
  110.  
  111. Type IMAGE_DOS_HEADER
  112.  
  113.         Field e_magic:Short                     ' Magic number ($5A4D / "MZ")
  114.         Field e_cblp:Short                      ' Bytes on last page of file
  115.         Field e_cp:Short                                ' Pages in file
  116.         Field e_crlc:Short                      ' Relocations
  117.         Field e_cparhdr:Short                   ' Size of header in paragraphs
  118.         Field e_minalloc:Short                  ' Minimum extra paragraphs needed
  119.         Field e_maxalloc:Short                  ' Maximum extra paragraphs needed
  120.         Field e_ss:Short                                ' Initial (relative) SS value
  121.         Field e_sp:Short                                ' Initial SP value
  122.         Field e_csum:Short                      ' Checksum
  123.         Field e_ip:Short                                ' Initial IP value
  124.         Field e_cs:Short                                ' Initial (relative) CS value
  125.         Field e_lfarlc:Short                    ' File address of relocation table
  126.         Field e_ovno:Short                      ' Overlay number
  127.         Field e_res:Short                               ' Reserved words
  128.        
  129.         ' Hack!
  130.        
  131.         Field e_res_pad1:Short
  132.         Field e_res_pad2:Int
  133.        
  134.         Field e_oemid:Short                     ' OEM identifier (For e_oeminfo)
  135.         Field e_oeminfo:Short                   ' OEM information; e_oemid specific
  136.         Field e_res2:Short                      ' Reserved words
  137.        
  138.         ' Hack!
  139.        
  140.         Field e_res2_pad1:Short         ' Reserved words
  141.         Field e_res2_pad2:Int                   ' Reserved words
  142.         Field e_res2_pad3:Int                   ' Reserved words
  143.         Field e_res2_pad4:Int                   ' Reserved words
  144.         Field e_res2_pad5:Int                   ' Reserved words
  145.        
  146.         Field e_lfanew:Int                      ' File address of new exe header
  147.        
  148. End Type
  149.  
  150. Type IMAGE_SECTION_HEADER
  151.  
  152.         Field Name:Byte ' [IMAGE_SIZEOF_SHORT_NAME]
  153.        
  154.         ' Hack!
  155.  
  156.         Field Name1:Byte
  157.         Field Name2:Byte
  158.         Field Name3:Byte
  159.         Field Name4:Byte
  160.         Field Name5:Byte
  161.         Field Name6:Byte
  162.         Field Name7:Byte
  163.        
  164.         Field PhysicalAddress:Int ' Union with VirtualSize:Int
  165.         Field VirtualAddress:Int
  166.         Field SizeOfRawData:Int
  167.         Field PointerToRawData:Int
  168.         Field PointerToRelocations:Int
  169.         Field PointerToLinenumbers:Int
  170.         Field NumberOfRelocations:Short
  171.         Field NumberOfLinenumbers:Short
  172.         Field Characteristics:Int
  173.        
  174. End Type
  175.  
  176. Type IMAGE_NT_HEADERS
  177.  
  178.         Field Signature:Int
  179.  
  180. '       Field FileHeader:IMAGE_FILE_HEADER
  181.  
  182.         Field Machine:Short
  183.         Field NumberOfSections:Short
  184.         Field TimeDateStamp:Int
  185.         Field PointerToSymbolTable:Int
  186.         Field NumberOfSymbols:Int
  187.         Field SizeOfOptionalHeader:Short
  188.         Field Characteristics:Short
  189.  
  190.         ' Hack!
  191.  
  192. '       Field OptionalHeader:IMAGE_OPTIONAL_HEADER
  193.  
  194.         Field Magic:Short
  195.         Field MajorLinkerVersion:Byte
  196.         Field MinorLinkerVersion:Byte
  197.         Field SizeOfCode:Int
  198.         Field SizeOfInitializedData:Int
  199.         Field SizeOfUninitializedData:Int
  200.         Field AddressOfEntryPoint:Int
  201.         Field BaseOfCode:Int
  202.         Field BaseOfData:Int
  203.         Field ImageBase:Int
  204.         Field SectionAlignment:Int
  205.         Field FileAlignment:Int
  206.         Field MajorOperatingSystemVersion:Short
  207.         Field MinorOperatingSystemVersion:Short
  208.         Field MajorImageVersion:Short
  209.         Field MinorImageVersion:Short
  210.         Field MajorSubsystemVersion:Short
  211.         Field MinorSubsystemVersion:Short
  212.         Field Win32VersionValue:Int
  213.         Field SizeOfImage:Int
  214.         Field SizeOfHeaders:Int
  215.         Field CheckSum:Int
  216.         Field Subsystem:Short
  217.         Field DllCharacteristics:Short
  218.         Field SizeOfStackReserve:Int
  219.         Field SizeOfStackCommit:Int
  220.         Field SizeOfHeapReserve:Int
  221.         Field SizeOfHeapCommit:Int
  222.         Field LoaderFlags:Int
  223.         Field NumberOfRvaAndSizes:Int
  224.        
  225.         ' Hack!
  226.        
  227. '       Field DataDirectory:IMAGE_DATA_DIRECTORY ' [IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
  228.  
  229.         Field VirtualAddress1:Int
  230.         Field Size1:Int
  231.        
  232.         Field VirtualAddress2:Int
  233.         Field Size2:Int
  234.        
  235.         Field VirtualAddress3:Int
  236.         Field Size3:Int
  237.        
  238.         Field VirtualAddress4:Int
  239.         Field Size4:Int
  240.        
  241.         Field VirtualAddress5:Int
  242.         Field Size5:Int
  243.        
  244.         Field VirtualAddress6:Int
  245.         Field Size6:Int
  246.        
  247.         Field VirtualAddress7:Int
  248.         Field Size7:Int
  249.        
  250.         Field VirtualAddress8:Int
  251.         Field Size8:Int
  252.        
  253.         Field VirtualAddress9:Int
  254.         Field Size9:Int
  255.        
  256.         Field VirtualAddress10:Int
  257.         Field Size10:Int
  258.        
  259.         Field VirtualAddress11:Int
  260.         Field Size11:Int
  261.        
  262.         Field VirtualAddress12:Int
  263.         Field Size12:Int
  264.        
  265.         Field VirtualAddress13:Int
  266.         Field Size13:Int
  267.        
  268.         Field VirtualAddress14:Int
  269.         Field Size14:Int
  270.        
  271.         Field VirtualAddress15:Int
  272.         Field Size15:Int
  273.        
  274.         Field VirtualAddress16:Int
  275.         Field Size16:Int
  276.  
  277. End Type
  278.  
  279. Type IMAGE_DATA_DIRECTORY
  280.         Field VirtualAddress:Int
  281.         Field Size:Int
  282. End Type
  283.  
  284. Type IMAGE_OPTIONAL_HEADER
  285.  
  286.         Field Magic:Short
  287.         Field MajorLinkerVersion:Byte
  288.         Field MinorLinkerVersion:Byte
  289.         Field SizeOfCode:Int
  290.         Field SizeOfInitializedData:Int
  291.         Field SizeOfUninitializedData:Int
  292.         Field AddressOfEntryPoint:Int
  293.         Field BaseOfCode:Int
  294.         Field BaseOfData:Int
  295.         Field ImageBase:Int
  296.         Field SectionAlignment:Int
  297.         Field FileAlignment:Int
  298.         Field MajorOperatingSystemVersion:Short
  299.         Field MinorOperatingSystemVersion:Short
  300.         Field MajorImageVersion:Short
  301.         Field MinorImageVersion:Short
  302.         Field MajorSubsystemVersion:Short
  303.         Field MinorSubsystemVersion:Short
  304.         Field Win32VersionValue:Int
  305.         Field SizeOfImage:Int
  306.         Field SizeOfHeaders:Int
  307.         Field CheckSum:Int
  308.         Field Subsystem:Short
  309.         Field DllCharacteristics:Short
  310.         Field SizeOfStackReserve:Int
  311.         Field SizeOfStackCommit:Int
  312.         Field SizeOfHeapReserve:Int
  313.         Field SizeOfHeapCommit:Int
  314.         Field LoaderFlags:Int
  315.         Field NumberOfRvaAndSizes:Int
  316.        
  317.         ' Hack!
  318.        
  319. '       Field DataDirectory:IMAGE_DATA_DIRECTORY ' [IMAGE_NUMBEROF_DIRECTORY_ENTRIES]
  320.  
  321.         Field VirtualAddress1:Int
  322.         Field Size1:Int
  323.        
  324.         Field VirtualAddress2:Int
  325.         Field Size2:Int
  326.        
  327.         Field VirtualAddress3:Int
  328.         Field Size3:Int
  329.        
  330.         Field VirtualAddress4:Int
  331.         Field Size4:Int
  332.        
  333.         Field VirtualAddress5:Int
  334.         Field Size5:Int
  335.        
  336.         Field VirtualAddress6:Int
  337.         Field Size6:Int
  338.        
  339.         Field VirtualAddress7:Int
  340.         Field Size7:Int
  341.        
  342.         Field VirtualAddress8:Int
  343.         Field Size8:Int
  344.        
  345.         Field VirtualAddress9:Int
  346.         Field Size9:Int
  347.        
  348.         Field VirtualAddress10:Int
  349.         Field Size10:Int
  350.        
  351.         Field VirtualAddress11:Int
  352.         Field Size11:Int
  353.        
  354.         Field VirtualAddress12:Int
  355.         Field Size12:Int
  356.        
  357.         Field VirtualAddress13:Int
  358.         Field Size13:Int
  359.        
  360.         Field VirtualAddress14:Int
  361.         Field Size14:Int
  362.        
  363.         Field VirtualAddress15:Int
  364.         Field Size15:Int
  365.        
  366.         Field VirtualAddress16:Int
  367.         Field Size16:Int
  368.  
  369. End Type
  370.  
  371. Type IMAGE_FILE_HEADER
  372.         Field Machine:Short
  373.         Field NumberOfSections:Short
  374.         Field TimeDateStamp:Int
  375.         Field PointerToSymbolTable:Int
  376.         Field NumberOfSymbols:Int
  377.         Field SizeOfOptionalHeader:Short
  378.         Field Characteristics:Short
  379. End Type


Comments : none...

 

SimplePortal 2.3.6 © 2008-2014, SimplePortal