تقييم الموضوع :
  • 6 أصوات - بمعدل 3.5
  • 1
  • 2
  • 3
  • 4
  • 5
Portable Executable File Unit
#1
Portable Executable File Unit
Coded by ErazerZ

Unit Version: 1.3



Functions
* AllgemeinesLoadFromFile - shop of a file.
* SaveToFile - memory of a file.
* ValidHeaders - examined whether the DOS are + NTHEADERS correct.
* ReadPeHeaders - let all sections and headers in.
* Align - Align.
* SectionToString - returns the names of a section in stringer.
* StringToSection - sets a new name of a section.
* SetAddressOfEntryPoint - sets a new entry POINT.
* set image cousin - a new image cousin sets.
* CopyMemoryToBuffer - thus one can change the memory of the loaded file.
* CopyMemoryFromBuffer - thus one can read from the memory of the loaded file.

Conversions
* RvaToFileOffset - the relative virtual address computes into the physical address over.
* FileOffsetToRva - the physical one computes into the relative virtual address over.
* VaToFileOffset - the virtual address in our memory computes into the physical address over.
* FileOffsetToVa - the physical address computes into the virtual address in our memory over.
* VaToRva - the virtual address in our memory computes into the relative virtual address.
* RvaToVa - the relative virtual address in the virtual address in our memory computes.
* RvaToSection - the number of the section supplies it in that is on the basis the relative virtual address.
* FileOffsetToSection - supply on the basis the physical address the number of the section in that it is.

Add/remove
* INSERT bytes - x adds bytes in the memory of the file.
* DELETE bytes - x deletes bytes in the memory of the file.
* FindCodeCaves - craze after so-called "code caves" (0-Bytes) in the memory of the file.

Sections
* ADD section - a new section adds. Here however examined whether still place for a new section is present, if no more again put on.
* DELETE section - a certain section from PE deletes file.
* GetCharacteristics - the Characteristics supplies to stringer of a section.
* GET code section - the number of the section supplies the code section in that is.
* GET DATA section - the number of the section supplies the DATA section in that is.
* GET resource section - supply the number of the section in that the resources section is.
* GetImportAddressTable - supplies all imported goods of a file (Zurzeit normal IAT, Delayed IAT, Bound IAT).
* GetExportsAddressTable - those of export of a file supplies.
* GetThreadLocalStorage - supplies information to TLS.
* GetResources - supplies all resources of the file (resources types, resource names).
* GetDebugDirectory - supplies information to the Debug directory.
* GetLoadConfigDirectory - to the load supplies information Config directory.
* GET entry exception directory - to entry exception directory supplies information.
* dump section - thus one can store a section on the non removable disk.
* GetHighestSectionSize - the "groesste"/letzte section supplies (thus PointerToRawData + SizeOfRawData).
* GetDataFromEOF - thus one knows the data after end of all sections is to select and buffers.
* RecalcImageSize - thus the SizeOfImage can be computed again.
* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!
* CalcChecksum - thus the check sum of PE file is computed.
* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.
* WriteImageSectionHeader - writes all image sections in the memory!

Again with it
* ADD section - RawSize added, VirtualSize removed - is computed automatically by RecalcImageSize, added lpData and dwDataLength (that is, that one can fill the new section equal with data).
* DELETE section - ImageSize is computed over RecalcImageSize, calls RecalcCheckSum at the end of the function!
* ResizeSection - thus one can increase individual sections! Note: Resources (OffsetToData) are adapted!
* GetResources - revised (RVA was wrongly computed!), new structure (size contains the Entries)
* Resources example - adapted to the new structure and dump function added!
* CalcChecksum - thus the check sum of PE file is computed.
* RecalcCheckSum - computed automatic the check sum and changes these directly in the Headern.

Examples
* IAT - To select and spend an example program around import of an application.
* EAT - To select and spend an example program around export of a DLL file.
* Resources - to pick out and spend an example program around resources of an application. One can dump also selected resources!
* sections - to pick out and spend an example program around the sections of an application.
* ExeLoader - a completely small Exe Loader that codes the code section by means of XOR. It adds a new Loader in a new section, which at run-time the code section decodes and jumps to the original entry POINT.

Links
http://www.delphipraxis.net/95095-portable-executable-file-unit.html
https://forum.tuts4you.com/topic/13436-portable-executable-file-unit/
http://www.delphibasics.info/home/delphibasicssnippets/pefileunitbyerazerz
أعضاء أعجبوا بهذه المشاركة : AT4RE , M!X0R


الردود في هذا الموضوع
Portable Executable File Unit - بواسطة AX302 - 19-10-2018, 08:34 PM

التنقل السريع :


يقوم بقرائة الموضوع: بالاضافة الى ( 1 ) ضيف كريم