xeon
/
pe-reader
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Brandon Scott 2015-06-29 23:14:32 -05:00
parent c896dfa4f8
commit a8db812aa3
7 changed files with 1594 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
App.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

58
AssemblyInfo.cs Normal file
View File

@ -0,0 +1,58 @@
using System.Reflection;
using System.Runtime.CompilerServices;
//
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
//
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
//
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Revision and Build Numbers
// by using the '*' as shown below:
[assembly: AssemblyVersion("1.0.*")]
//
// In order to sign your assembly you must specify a key to use. Refer to the
// Microsoft .NET Framework documentation for more information on assembly signing.
//
// Use the attributes below to control which key is used for signing.
//
// Notes:
// (*) If no key is specified, the assembly is not signed.
// (*) KeyName refers to a key that has been installed in the Crypto Service
// Provider (CSP) on your machine. KeyFile refers to a file which contains
// a key.
// (*) If the KeyFile and the KeyName values are both specified, the
// following processing occurs:
// (1) If the KeyName can be found in the CSP, that key is used.
// (2) If the KeyName does not exist and the KeyFile does exist, the key
// in the KeyFile is installed into the CSP and used.
// (*) In order to create a KeyFile, you can use the sn.exe (Strong Name) utility.
// When specifying the KeyFile, the location of the KeyFile should be
// relative to the project output directory which is
// %Project Directory%\obj\<configuration>. For example, if your KeyFile is
// located in the project directory, you would specify the AssemblyKeyFile
// attribute as [assembly: AssemblyKeyFile("..\\..\\mykey.snk")]
// (*) Delay Signing is an advanced option - see the Microsoft .NET Framework
// documentation for more information on this.
//
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyKeyName("")]

459
PEExplorer.cs Normal file
View File

@ -0,0 +1,459 @@
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Data;
using System.IO;
namespace PEReader
{
/// <summary>
/// Summary description for Form1.
/// </summary>
public class PEExplorer : System.Windows.Forms.Form
{
private System.Windows.Forms.ListView listView1;
private System.Windows.Forms.ColumnHeader columnHeader1;
private System.Windows.Forms.ColumnHeader columnHeader2;
private System.Windows.Forms.TabPage headersTab;
private System.Windows.Forms.TabPage directoriesTab;
private System.Windows.Forms.ListView listView2;
private System.Windows.Forms.ColumnHeader columnHeader5;
private System.Windows.Forms.ColumnHeader columnHeader6;
private System.Windows.Forms.ColumnHeader columnHeader7;
private System.Windows.Forms.ColumnHeader columnHeader3;
private System.Windows.Forms.TabControl sectionTabs;
private System.Windows.Forms.TabPage sectionHeadersTab;
private System.Windows.Forms.ListView listView3;
private System.Windows.Forms.ColumnHeader columnHeader11;
private System.Windows.Forms.ColumnHeader columnHeader13;
private System.Windows.Forms.ColumnHeader columnHeader14;
private System.Windows.Forms.MainMenu mainMenu1;
private System.Windows.Forms.MenuItem menuItem1;
private System.Windows.Forms.MenuItem menuItem2;
private System.Windows.Forms.MenuItem menuItem3;
private System.Windows.Forms.MenuItem menuItem4;
private System.Windows.Forms.MenuItem menuItem5;
private System.Windows.Forms.ColumnHeader columnHeader4;
private System.Windows.Forms.ColumnHeader columnHeader8;
private System.Windows.Forms.OpenFileDialog openFileDialog1;
private System.Windows.Forms.SaveFileDialog saveFileDialog1;
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.Container components = null;
// Create PE Reader Class
PEReader pr = new PEReader();
public PEExplorer()
{
//
// Required for Windows Form Designer support
//
InitializeComponent();
//
// TODO: Add any constructor code after InitializeComponent call
//
}
/// <summary>
/// Clean up any resources being used.
/// </summary>
protected override void Dispose( bool disposing )
{
if( disposing )
{
if (components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
System.Resources.ResourceManager resources = new System.Resources.ResourceManager(typeof(PEExplorer));
this.listView1 = new System.Windows.Forms.ListView();
this.columnHeader1 = new System.Windows.Forms.ColumnHeader();
this.columnHeader2 = new System.Windows.Forms.ColumnHeader();
this.sectionTabs = new System.Windows.Forms.TabControl();
this.headersTab = new System.Windows.Forms.TabPage();
this.directoriesTab = new System.Windows.Forms.TabPage();
this.listView2 = new System.Windows.Forms.ListView();
this.columnHeader5 = new System.Windows.Forms.ColumnHeader();
this.columnHeader6 = new System.Windows.Forms.ColumnHeader();
this.columnHeader7 = new System.Windows.Forms.ColumnHeader();
this.columnHeader3 = new System.Windows.Forms.ColumnHeader();
this.sectionHeadersTab = new System.Windows.Forms.TabPage();
this.listView3 = new System.Windows.Forms.ListView();
this.columnHeader11 = new System.Windows.Forms.ColumnHeader();
this.columnHeader13 = new System.Windows.Forms.ColumnHeader();
this.columnHeader14 = new System.Windows.Forms.ColumnHeader();
this.columnHeader4 = new System.Windows.Forms.ColumnHeader();
this.columnHeader8 = new System.Windows.Forms.ColumnHeader();
this.mainMenu1 = new System.Windows.Forms.MainMenu();
this.menuItem1 = new System.Windows.Forms.MenuItem();
this.menuItem2 = new System.Windows.Forms.MenuItem();
this.menuItem3 = new System.Windows.Forms.MenuItem();
this.menuItem4 = new System.Windows.Forms.MenuItem();
this.menuItem5 = new System.Windows.Forms.MenuItem();
this.openFileDialog1 = new System.Windows.Forms.OpenFileDialog();
this.saveFileDialog1 = new System.Windows.Forms.SaveFileDialog();
this.sectionTabs.SuspendLayout();
this.headersTab.SuspendLayout();
this.directoriesTab.SuspendLayout();
this.sectionHeadersTab.SuspendLayout();
this.SuspendLayout();
//
// listView1
//
this.listView1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.listView1.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader1,
this.columnHeader2});
this.listView1.FullRowSelect = true;
this.listView1.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
this.listView1.Location = new System.Drawing.Point(8, 8);
this.listView1.Name = "listView1";
this.listView1.Size = new System.Drawing.Size(440, 328);
this.listView1.TabIndex = 2;
this.listView1.View = System.Windows.Forms.View.Details;
//
// columnHeader1
//
this.columnHeader1.Text = "Property Name";
this.columnHeader1.Width = 229;
//
// columnHeader2
//
this.columnHeader2.Text = "Value";
this.columnHeader2.Width = 180;
//
// sectionTabs
//
this.sectionTabs.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.sectionTabs.Controls.Add(this.headersTab);
this.sectionTabs.Controls.Add(this.directoriesTab);
this.sectionTabs.Controls.Add(this.sectionHeadersTab);
this.sectionTabs.Location = new System.Drawing.Point(8, 8);
this.sectionTabs.Name = "sectionTabs";
this.sectionTabs.SelectedIndex = 0;
this.sectionTabs.Size = new System.Drawing.Size(464, 368);
this.sectionTabs.TabIndex = 3;
//
// headersTab
//
this.headersTab.Controls.Add(this.listView1);
this.headersTab.Location = new System.Drawing.Point(4, 22);
this.headersTab.Name = "headersTab";
this.headersTab.Size = new System.Drawing.Size(456, 342);
this.headersTab.TabIndex = 0;
this.headersTab.Text = "Headers";
//
// directoriesTab
//
this.directoriesTab.Controls.Add(this.listView2);
this.directoriesTab.Location = new System.Drawing.Point(4, 22);
this.directoriesTab.Name = "directoriesTab";
this.directoriesTab.Size = new System.Drawing.Size(456, 342);
this.directoriesTab.TabIndex = 1;
this.directoriesTab.Text = "Directories";
//
// listView2
//
this.listView2.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.listView2.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader5,
this.columnHeader6,
this.columnHeader7,
this.columnHeader3});
this.listView2.FullRowSelect = true;
this.listView2.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
this.listView2.Location = new System.Drawing.Point(8, 8);
this.listView2.MultiSelect = false;
this.listView2.Name = "listView2";
this.listView2.Size = new System.Drawing.Size(440, 328);
this.listView2.TabIndex = 3;
this.listView2.View = System.Windows.Forms.View.Details;
//
// columnHeader5
//
this.columnHeader5.Text = "Type";
this.columnHeader5.Width = 173;
//
// columnHeader6
//
this.columnHeader6.Text = "Virtual Address";
this.columnHeader6.Width = 89;
//
// columnHeader7
//
this.columnHeader7.Text = "Size";
this.columnHeader7.Width = 84;
//
// columnHeader3
//
this.columnHeader3.Text = "Present";
//
// sectionHeadersTab
//
this.sectionHeadersTab.Controls.Add(this.listView3);
this.sectionHeadersTab.Location = new System.Drawing.Point(4, 22);
this.sectionHeadersTab.Name = "sectionHeadersTab";
this.sectionHeadersTab.Size = new System.Drawing.Size(456, 342);
this.sectionHeadersTab.TabIndex = 2;
this.sectionHeadersTab.Text = "Section Headers";
//
// listView3
//
this.listView3.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.listView3.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.columnHeader11,
this.columnHeader13,
this.columnHeader14,
this.columnHeader4,
this.columnHeader8});
this.listView3.FullRowSelect = true;
this.listView3.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
this.listView3.Location = new System.Drawing.Point(8, 7);
this.listView3.MultiSelect = false;
this.listView3.Name = "listView3";
this.listView3.Size = new System.Drawing.Size(440, 328);
this.listView3.TabIndex = 4;
this.listView3.View = System.Windows.Forms.View.Details;
//
// columnHeader11
//
this.columnHeader11.Text = "Name";
this.columnHeader11.Width = 70;
//
// columnHeader13
//
this.columnHeader13.Text = "Virtual Address";
this.columnHeader13.Width = 88;
//
// columnHeader14
//
this.columnHeader14.Text = "Virtual Size";
this.columnHeader14.Width = 69;
//
// columnHeader4
//
this.columnHeader4.Text = "Raw Data Pointer";
this.columnHeader4.Width = 100;
//
// columnHeader8
//
this.columnHeader8.Text = "Raw Data Size";
this.columnHeader8.Width = 84;
//
// mainMenu1
//
this.mainMenu1.MenuItems.AddRange(new System.Windows.Forms.MenuItem[] {
this.menuItem1});
//
// menuItem1
//
this.menuItem1.Index = 0;
this.menuItem1.MenuItems.AddRange(new System.Windows.Forms.MenuItem[] {
this.menuItem2,
this.menuItem3,
this.menuItem4,
this.menuItem5});
this.menuItem1.Text = "File";
//
// menuItem2
//
this.menuItem2.Index = 0;
this.menuItem2.Text = "Open EXE...";
this.menuItem2.Click += new System.EventHandler(this.menuItem2_Click);
//
// menuItem3
//
this.menuItem3.Index = 1;
this.menuItem3.Text = "Close";
this.menuItem3.Click += new System.EventHandler(this.menuItem3_Click);
//
// menuItem4
//
this.menuItem4.Index = 2;
this.menuItem4.Text = "-";
//
// menuItem5
//
this.menuItem5.Index = 3;
this.menuItem5.Text = "Exit";
this.menuItem5.Click += new System.EventHandler(this.menuItem5_Click);
//
// openFileDialog1
//
this.openFileDialog1.Filter = "Executable Files|*.exe|All Files|*.*";
this.openFileDialog1.Title = "Open Executable File";
//
// PEExplorer
//
this.AutoScaleBaseSize = new System.Drawing.Size(5, 14);
this.ClientSize = new System.Drawing.Size(480, 385);
this.Controls.Add(this.sectionTabs);
this.Font = new System.Drawing.Font("Tahoma", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0)));
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Menu = this.mainMenu1;
this.Name = "PEExplorer";
this.Text = "PE Explorer Sample Application";
this.Load += new System.EventHandler(this.Form1_Load);
this.sectionTabs.ResumeLayout(false);
this.headersTab.ResumeLayout(false);
this.directoriesTab.ResumeLayout(false);
this.sectionHeadersTab.ResumeLayout(false);
this.ResumeLayout(false);
}
#endregion
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
Application.Run(new PEExplorer());
}
private void button1_Click(object sender, System.EventArgs e)
{
}
private void Form1_Load(object sender, System.EventArgs e)
{
}
private void AddHeaderInformation(string name, string value)
{
ListViewItem lvi = listView1.Items.Add(name);
lvi.SubItems.Add(value);
}
private void AddDirectoryInfo(string type, uint virtualAddress, uint size)
{
ListViewItem lvi = listView2.Items.Add(type);
lvi.SubItems.Add(string.Format("{0:X8}", virtualAddress));
lvi.SubItems.Add(string.Format("{0:X8}", size));
lvi.SubItems.Add((virtualAddress > 0 ? "Yes" : "No"));
}
private void AddSectionHeaderInfo(string name, uint physicalAddress, uint virtualAddress, uint virtualSize, uint rawDataPointer, uint rawDataSize)
{
ListViewItem lvi = listView3.Items.Add(name);
lvi.SubItems.Add(string.Format("{0:X8}", virtualAddress));
lvi.SubItems.Add(string.Format("{0:X8}", virtualSize));
lvi.SubItems.Add(string.Format("{0:X8}", rawDataPointer));
lvi.SubItems.Add(string.Format("{0:X8}", rawDataSize));
}
private void menuItem2_Click(object sender, System.EventArgs e)
{
openFileDialog1.ShowDialog();
if(openFileDialog1.FileName.Length > 0)
{
pr.LoadExecutable(openFileDialog1.FileName);
listView1.Items.Clear();
listView2.Items.Clear();
listView3.Items.Clear();
AddHeaderInformation("DOS Header Information", String.Empty);
AddHeaderInformation("Magic", pr.DOSHeader.Magic.ToString());
AddHeaderInformation("Size of Last Page", pr.DOSHeader.SizeOfLastPage.ToString());
AddHeaderInformation("Number of Pages", pr.DOSHeader.NumberOfPages.ToString());
AddHeaderInformation("Relocations", pr.DOSHeader.Relocations.ToString());
AddHeaderInformation("Size of Header", pr.DOSHeader.SizeOfHeader.ToString());
AddHeaderInformation("Minimum Extra Paragraphs", pr.DOSHeader.MinimumExtraParagraphs.ToString());
AddHeaderInformation("Maximum Extra Paragraphs", pr.DOSHeader.MaximumExtraParagraphs.ToString());
AddHeaderInformation("Initial SS Value", pr.DOSHeader.InitialSSValue.ToString());
AddHeaderInformation("Initial SP Value", pr.DOSHeader.InitialSPValue.ToString());
AddHeaderInformation("Checksum", pr.DOSHeader.Checksum.ToString());
AddHeaderInformation("Initial IP Value", pr.DOSHeader.InitialIPValue.ToString());
AddHeaderInformation("Initial CS Value", pr.DOSHeader.InitialCSValue.ToString());
AddHeaderInformation("Relocation Table Address", pr.DOSHeader.RelocationTableAddress.ToString());
AddHeaderInformation("Overlay Number", pr.DOSHeader.OverlayNumber.ToString());
AddHeaderInformation("OEM Identifier", pr.DOSHeader.OemIdentifier.ToString());
AddHeaderInformation("OEM Information", pr.DOSHeader.OemInformation.ToString());
AddHeaderInformation("PE Header Offset", pr.DOSHeader.PEHeaderAddress.ToString());
AddHeaderInformation(String.Empty, String.Empty);
AddHeaderInformation("PE Header Information", String.Empty);
AddHeaderInformation("Magic", String.Format("{0:X4}", pr.PEHeader.Magic));
AddHeaderInformation("Major Linker Version", pr.PEHeader.MajorLinkerVersion.ToString());
AddHeaderInformation("Minor Linker Version", pr.PEHeader.MinorLinkerVersion.ToString());
AddHeaderInformation("Size of Code", pr.PEHeader.SizeOfCode.ToString());
AddHeaderInformation("Size Of Initialized Data", pr.PEHeader.SizeOfInitializedData.ToString());
AddHeaderInformation("Size Of Uninitialized Data", pr.PEHeader.SizeOfUninitializedData.ToString());
AddHeaderInformation("Address Of Entry Point", pr.PEHeader.AddressOfEntryPoint.ToString());
AddHeaderInformation("Base Of Code", pr.PEHeader.BaseOfCode.ToString());
AddHeaderInformation("Base Of Data", pr.PEHeader.BaseOfData.ToString());
AddHeaderInformation("Image Base", pr.PEHeader.ImageBase.ToString());
AddHeaderInformation("Section Alignment", pr.PEHeader.SectionAlignment.ToString());
AddHeaderInformation("File Alignment", pr.PEHeader.FileAlignment.ToString());
AddHeaderInformation("Major Operating System Version", pr.PEHeader.MajorOperatingSystemVersion.ToString());
AddHeaderInformation("Minor Operating System Version", pr.PEHeader.MinorOperatingSystemVersion.ToString());
AddHeaderInformation("Major Image Version", pr.PEHeader.MajorImageVersion.ToString());
AddHeaderInformation("Minor Image Version", pr.PEHeader.MinorImageVersion.ToString());
AddHeaderInformation("Major Subsystem Version", pr.PEHeader.MajorSubsystemVersion.ToString());
AddHeaderInformation("Minor Subsystem Version", pr.PEHeader.MinorSubsystemVersion.ToString());
AddHeaderInformation("Win32 Version Value", pr.PEHeader.Win32VersionValue.ToString());
AddHeaderInformation("Size Of Image", pr.PEHeader.SizeOfImage.ToString());
AddHeaderInformation("Size Of Headers", pr.PEHeader.SizeOfHeaders.ToString());
AddHeaderInformation("CheckSum", pr.PEHeader.CheckSum.ToString());
AddHeaderInformation("Subsystem", pr.PEHeader.Subsystem.ToString());
AddHeaderInformation("DLL Characteristics", pr.PEHeader.DllCharacteristics.ToString());
AddHeaderInformation("Size Of Stack Reserve", pr.PEHeader.SizeOfStackReserve.ToString());
AddHeaderInformation("Size Of Stack Commit", pr.PEHeader.SizeOfStackCommit.ToString());
AddHeaderInformation("Size Of Heap Reserve", pr.PEHeader.SizeOfHeapReserve.ToString());
AddHeaderInformation("Size Of Heap Commit", pr.PEHeader.SizeOfHeapCommit.ToString());
AddHeaderInformation("Loader Flags", pr.PEHeader.LoaderFlags.ToString());
AddHeaderInformation("Number Of Data Directories", pr.PEHeader.NumberOfRvaAndSizes.ToString());
// Fill the directories list
for(int i = 0; i < 16; i++)
AddDirectoryInfo(pr.DataDirectories[i].Type, pr.DataDirectories[i].VirtualAddress, pr.DataDirectories[i].Size);
// Fill the directories list
for(int i = 0; i < pr.SectionHeaders.Length; i++)
AddSectionHeaderInfo( pr.SectionHeaders[i].Name, pr.SectionHeaders[i].PhysicalAddress, pr.SectionHeaders[i].VirtualAddress, pr.SectionHeaders[i].VirtualSize, pr.SectionHeaders[i].PointerToRawData, pr.SectionHeaders[i].SizeOfRawData);
//FileStream fs = new FileStream(Application.ExecutablePath.Replace("PEReader.exe", "rsrc.bin"),FileMode.Create, FileAccess.ReadWrite, FileShare.ReadWrite);
//byte[] resourceData = pr.GetSectionDataByName(".rsrc");
//fs.Write(resourceData, 0, resourceData.Length);
}
}
private void menuItem3_Click(object sender, System.EventArgs e)
{
pr.CloseExecutable();
}
private void menuItem5_Click(object sender, System.EventArgs e)
{
Application.Exit();
}
}
}

119
PEExplorer.csproj Normal file
View File

@ -0,0 +1,119 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<ProjectType>Local</ProjectType>
<ProductVersion>8.0.21022</ProductVersion>
<SchemaVersion>2.0</SchemaVersion>
<ProjectGuid>{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}</ProjectGuid>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ApplicationIcon>App.ico</ApplicationIcon>
<AssemblyKeyContainerName>
</AssemblyKeyContainerName>
<AssemblyName>PEReader</AssemblyName>
<AssemblyOriginatorKeyFile>
</AssemblyOriginatorKeyFile>
<DefaultClientScript>JScript</DefaultClientScript>
<DefaultHTMLPageLayout>Grid</DefaultHTMLPageLayout>
<DefaultTargetSchema>IE50</DefaultTargetSchema>
<DelaySign>false</DelaySign>
<OutputType>WinExe</OutputType>
<RootNamespace>PEReader</RootNamespace>
<RunPostBuildEvent>OnBuildSuccess</RunPostBuildEvent>
<StartupObject>
</StartupObject>
<FileUpgradeFlags>
</FileUpgradeFlags>
<UpgradeBackupLocation>
</UpgradeBackupLocation>
<OldToolsVersion>3.5</OldToolsVersion>
<TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<OutputPath>bin\Debug\</OutputPath>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<BaseAddress>285212672</BaseAddress>
<CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
<ConfigurationOverrideFile>
</ConfigurationOverrideFile>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<DocumentationFile>
</DocumentationFile>
<DebugSymbols>true</DebugSymbols>
<FileAlignment>4096</FileAlignment>
<NoStdLib>false</NoStdLib>
<NoWarn>
</NoWarn>
<Optimize>false</Optimize>
<RegisterForComInterop>false</RegisterForComInterop>
<RemoveIntegerChecks>false</RemoveIntegerChecks>
<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
<WarningLevel>4</WarningLevel>
<DebugType>full</DebugType>
<ErrorReport>prompt</ErrorReport>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<OutputPath>bin\Release\</OutputPath>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<BaseAddress>285212672</BaseAddress>
<CheckForOverflowUnderflow>false</CheckForOverflowUnderflow>
<ConfigurationOverrideFile>
</ConfigurationOverrideFile>
<DefineConstants>TRACE</DefineConstants>
<DocumentationFile>
</DocumentationFile>
<DebugSymbols>false</DebugSymbols>
<FileAlignment>4096</FileAlignment>
<NoStdLib>false</NoStdLib>
<NoWarn>
</NoWarn>
<Optimize>true</Optimize>
<RegisterForComInterop>false</RegisterForComInterop>
<RemoveIntegerChecks>false</RemoveIntegerChecks>
<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
<WarningLevel>4</WarningLevel>
<DebugType>none</DebugType>
<ErrorReport>prompt</ErrorReport>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<ItemGroup>
<Reference Include="System">
<Name>System</Name>
</Reference>
<Reference Include="System.Data">
<Name>System.Data</Name>
</Reference>
<Reference Include="System.Drawing">
<Name>System.Drawing</Name>
</Reference>
<Reference Include="System.Windows.Forms">
<Name>System.Windows.Forms</Name>
</Reference>
<Reference Include="System.Xml">
<Name>System.XML</Name>
</Reference>
</ItemGroup>
<ItemGroup>
<Content Include="App.ico" />
<Compile Include="AssemblyInfo.cs">
<SubType>Code</SubType>
</Compile>
<Compile Include="PEExplorer.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="PEReader.cs">
<SubType>Code</SubType>
</Compile>
<EmbeddedResource Include="PEExplorer.resx">
<DependentUpon>PEExplorer.cs</DependentUpon>
</EmbeddedResource>
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
<PropertyGroup>
<PreBuildEvent>
</PreBuildEvent>
<PostBuildEvent>
</PostBuildEvent>
</PropertyGroup>
</Project>

426
PEExplorer.resx Normal file
View File

@ -0,0 +1,426 @@
<?xml version="1.0" encoding="utf-8"?>
<root>
<!--
Microsoft ResX Schema
Version 1.3
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">1.3</resheader>
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
<data name="Name1">this is my long string</data>
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
[base64 mime encoded serialized .NET Framework object]
</data>
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
[base64 mime encoded string representing a byte array form of the .NET Framework object]
</data>
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used forserialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
: System.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xsd:element name="root" msdata:IsDataSet="true">
<xsd:complexType>
<xsd:choice maxOccurs="unbounded">
<xsd:element name="data">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
</xsd:complexType>
</xsd:element>
<xsd:element name="resheader">
<xsd:complexType>
<xsd:sequence>
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
</xsd:sequence>
<xsd:attribute name="name" type="xsd:string" use="required" />
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:complexType>
</xsd:element>
</xsd:schema>
<resheader name="resmimetype">
<value>text/microsoft-resx</value>
</resheader>
<resheader name="version">
<value>1.3</value>
</resheader>
<resheader name="reader">
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<resheader name="writer">
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<data name="listView1.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="listView1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="listView1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader2.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader2.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionTabs.SnapToGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="sectionTabs.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="sectionTabs.DrawGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="sectionTabs.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionTabs.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionTabs.GridSize" type="System.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>8, 8</value>
</data>
<data name="headersTab.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="headersTab.SnapToGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="headersTab.DrawGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="headersTab.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="headersTab.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="headersTab.GridSize" type="System.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>8, 8</value>
</data>
<data name="directoriesTab.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="directoriesTab.SnapToGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="directoriesTab.DrawGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="directoriesTab.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="directoriesTab.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="directoriesTab.GridSize" type="System.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>8, 8</value>
</data>
<data name="listView2.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="listView2.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="listView2.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader5.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader5.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader6.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader6.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader7.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader7.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader3.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader3.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionHeadersTab.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="sectionHeadersTab.SnapToGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="sectionHeadersTab.DrawGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="sectionHeadersTab.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionHeadersTab.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="sectionHeadersTab.GridSize" type="System.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>8, 8</value>
</data>
<data name="listView3.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="listView3.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="listView3.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader11.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader11.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader13.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader13.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader14.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader14.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader4.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader4.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader8.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="columnHeader8.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="mainMenu1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="mainMenu1.Location" type="System.Drawing.Point, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</data>
<data name="mainMenu1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem2.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem2.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem3.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem3.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem4.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem4.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem5.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="menuItem5.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="openFileDialog1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="openFileDialog1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="openFileDialog1.Location" type="System.Drawing.Point, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>126, 17</value>
</data>
<data name="saveFileDialog1.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="saveFileDialog1.Modifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="saveFileDialog1.Location" type="System.Drawing.Point, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>256, 17</value>
</data>
<data name="$this.Locked" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="$this.Language" type="System.Globalization.CultureInfo, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>(Default)</value>
</data>
<data name="$this.TrayLargeIcon" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="$this.Localizable" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>False</value>
</data>
<data name="$this.GridSize" type="System.Drawing.Size, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>8, 8</value>
</data>
<data name="$this.Name">
<value>PEExplorer</value>
</data>
<data name="$this.DrawGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="$this.TrayHeight" type="System.Int32, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>80</value>
</data>
<data name="$this.SnapToGrid" type="System.Boolean, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</data>
<data name="$this.DefaultModifiers" type="System.CodeDom.MemberAttributes, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>Private</value>
</data>
<data name="$this.Icon" type="System.Drawing.Icon, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
AAABAAIAEBAAAAAAAABoAwAAJgAAACAgAAAAAAAAqAwAAI4DAAAoAAAAEAAAACAAAAABABgAAAAAAEAD
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAASkpKSkpKAAAA5ubmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASkpK
SkpKSkpKAAAA5ubmqqqqenp6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASkpKSkpKSkpKAAAAqqqq
MjIyMjIyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5ubmAAAASkpKSkpKSkpKSkpK
SkpKSkpKwsLCAAAAAAAAAAAAAAAAAAAAAAAAAAAA5ubmqqqqPj4+3JIAwsLCSkpKANzcSkpKSkpKAAAA
AAAAAAAAAAAAAAAAAAAA5ubm5ubm5ubmAAAA/7hI/6oAPj4+AP7+AP7+SkpKwsLCAAAAAAAAAAAAAAAA
AAAA5ubm5ubm5ubmqqqqJiYmMjIyMjIyMjIyMjIyPj4+Pj4+AAAAAAAAAAAAAAAA5ubm5ubm5ubm5ubm
5ubmAAAAa2v/wsLCMjIyANySkpKSMjIywsLCAAAAAAAAAAAA5ubm5ubm5ubm5ubm5ubmqqqqJiYma2v/
a2v/JiYmANySAJZiJiYmAAAAAAAA5ubm5ubm5ubm5ubm5ubm5ubm5ubmAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAA5ubm5ubm5ubm5ubm5ubm5ubm5ubmqqqqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
5ubm5ubm5ubm5ubm5ubm5ubmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5ubm5ubm
5ubm5ubmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5ubmAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA+f///+D///+Af///gAf//+AD///gA///wAH//8AB//+AAP//gAD//wAB//8AP///gH///8B/
///w/////f///ygAAAAgAAAAQAAAAAEAGAAAAAAAgAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkoAAADm
5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkpKSkpKSkoAAADm5ubm5ubm5uYAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkpKSkpK
SkpKSkoAAADm5ubm5ubm5ubm5uaqqqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkpKSkpKSkpKSkpKSkpKSkoAAADm5ubm5ubm5uaqqqqSkpJ6
enoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkpK
SkpKSkpKSkpKSkpKSkoAAADm5ubm5ubm5uaqqqqSkpJ6enp6enp6enoAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKSkpKSkpKSkpKSkpKSkpKSkoAAADm5ubm5uaq
qqoyMjIyMjIyMjIyMjIyMjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAABKSkpKSkpKSkoAAADm5ubm5ubm5uYAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
qqqqqqqqqqqqqqqqqqqqqqqqqqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKSkoA
AADm5ubm5ubm5uYAAABKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkrCwsIAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5uYAAAA+Pj5KSkr/qgDc
kgDCwsLCwsJKSkpKSkoA/v4A3NySkpJKSkpKSkpubm7CwsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAADm5ubm5ubm5ubm5uaqqqoAAAA+Pj7/uEjckgDCwsLCwsI+Pj5KSkoA/v4A3NySkpJK
SkpKSkpKSkrCwsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm
5uYAAAAyMjK5egD/qgDckgDckgC5egA+Pj4AlpYA/v4A3NwA3NwAublKSkpubm7CwsIAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAyMjL/uEj/uEj/qgD/qgA+
Pj4+Pj4A/v4A/v4A/v4AublKSkpKSkrCwsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm
5ubm5ubm5ubm5ubm5ubm5uYAAAAyMjIyMjIyMjIyMjIyMjIyMjIyMjI+Pj4+Pj4+Pj4+Pj5KSkpKSkpu
bm7CwsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAm
JiYyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjI+Pj4+Pj4+Pj4+Pj7CwsIAAAAAAAAAAAAAAAAAAAAAAAAA
AADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uYAAAAmJiYmJiZra/8AAP7CwsLCwsIyMjIyMjIA
3JIAuXqSkpJKSkoyMjJubm7CwsIAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
5ubm5ubm5uaqqqoAAAAmJiZra/8AAP7CwsLCwsIyMjIyMjIA3JIAuXqSkpJKSkoyMjIyMjLCwsIAAAAA
AAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uYAAAAmJiYAAJZra/8A
AP4AAP4AALkmJiYAc0oA3JIAuXoAuXoAlmIyMjJubm7CwsIAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm
5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAmJiZra/9ra/9ra/9ra/8mJiYmJiYA3JIA3JIA3JIA
lmImJiYmJibCwsIAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
5uYAAAAmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiYmJiZubm4AAAAAAAAAAADm5ubm
5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uaqqqoAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm
5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm
5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAADm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm
5ubm5ubm5ubm5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm5ubm5ubm5ubm5uYAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAADm5ubm5uYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAD/5////wP///wB///wAP//wAB//4AAP//AAAA/8AAAH/wAAB/8AAAP/AAAD/gAAAf4AAAH8AAAA/AA
AAPgAAAB4AAAAcAAAADAAAAAgAAAAIAAAAEAAB//AAAf/4AAP//gAD//+AB///4Af///gP///+D////5
/////////////w==
</value>
</data>
</root>

19
PEExplorer.sln Normal file
View File

@ -0,0 +1,19 @@
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual Studio 2010
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PEExplorer", "PEExplorer.csproj", "{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A053AAA8-6752-4753-AC81-C8DBFE1EFA73}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

513
PEReader.cs Normal file
View File

@ -0,0 +1,513 @@
// Coded by Brandon Scott
// Version 0.01a
//
// Probely some room for improvement, this is just the first release though.
//
// A very valuable resource for the PE file structure is located
// below.
// http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile.html
//
// If you do use this for something, please give me some credit.
//
// Eventually I want to have this thing read Resource Data, and maby
// detect some of the common packers such as UPX.
using System;
using System.Runtime.InteropServices;
using System.IO;
using System.Text;
namespace PEReader
{
/// <summary>
/// Written to make reading the information from a PE (Portable Executable)
/// easier and simple.
/// </summary>
public class PEReader
{
#region Subsystem Values
public const uint IMAGE_SUBSYSTEM_UNKNOWN = 0; // Unknown subsystem.
public const uint IMAGE_SUBSYSTEM_NATIVE = 1; // Image doesn't require a subsystem.
public const uint IMAGE_SUBSYSTEM_WINDOWS_GUI = 2; // Image runs in the Windows GUI subsystem.
public const uint IMAGE_SUBSYSTEM_WINDOWS_CUI = 3; // Image runs in the Windows character subsystem.
public const uint IMAGE_SUBSYSTEM_OS2_CUI = 5; // image runs in the OS/2 character subsystem.
public const uint IMAGE_SUBSYSTEM_POSIX_CUI = 7; // image runs in the Posix character subsystem.
public const uint IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8; // image is a native Win9x driver.
public const uint IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9; // Image runs in the Windows CE subsystem.
public const uint IMAGE_SUBSYSTEM_EFI_APPLICATION = 10; //
public const uint IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER = 11; //
public const uint IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER = 12; //
public const uint IMAGE_SUBSYSTEM_EFI_ROM = 13;
public const uint IMAGE_SUBSYSTEM_XBOX = 14;
#endregion
#region DllCharacteristics Entries
public const uint IMAGE_DLLCHARACTERISTICS_NO_SEH = 0x0400; // Image does not use SEH. No SE handler may reside in this image
public const uint IMAGE_DLLCHARACTERISTICS_NO_BIND = 0x0800; // Do not bind this image.
public const uint IMAGE_DLLCHARACTERISTICS_WDM_DRIVER = 0x2000; // Driver uses WDM model
public const uint IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE = 0x8000;
#endregion
#region DOS header format
public struct IMAGE_DOS_HEADER
{
public ushort Magic;
public ushort SizeOfLastPage;
public ushort NumberOfPages;
public ushort Relocations;
public ushort SizeOfHeader;
public ushort MinimumExtraParagraphs;
public ushort MaximumExtraParagraphs;
public ushort InitialSSValue;
public ushort InitialSPValue;
public ushort Checksum;
public ushort InitialIPValue;
public ushort InitialCSValue;
public ushort RelocationTableAddress;
public ushort OverlayNumber;
//[MarshalAs(UnmanagedType.U2, SizeConst=8)]
//public ushort[] ReservedWords;
public ushort OemIdentifier;
public ushort OemInformation;
//[MarshalAs(UnmanagedType.U2, SizeConst=20)]
//public ushort[] ReservedWords2;
public uint PEHeaderAddress;
}
#endregion
#region File header format
public const int IMAGE_SIZEOF_FILE_HEADER = 20;
public struct IMAGE_FILE_HEADER
{
public ushort Machine;
public ushort NumberOfSections;
public uint TimeDateStamp;
public uint PointerToSymbolTable;
public uint NumberOfSymbols;
public ushort SizeOfOptionalHeader;
public ushort Characteristics;
}
public const ushort IMAGE_FILE_RELOCS_STRIPPED = 0x0001; // Relocation info stripped from file.
public const ushort IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002; // File is executable (i.e. no unresolved externel references).
public const ushort IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004; // Line nunbers stripped from file.
public const ushort IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008; // Local symbols stripped from file.
public const ushort IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010; // Agressively trim working set
public const ushort IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020; // App can handle >2gb addresses
public const ushort IMAGE_FILE_BYTES_REVERSED_LO = 0x0080; // Bytes of machine word are reversed.
public const ushort IMAGE_FILE_32BIT_MACHINE = 0x0100; // 32 bit word machine.
public const ushort IMAGE_FILE_DEBUG_STRIPPED = 0x0200; // Debugging info stripped from file in .DBG file
public const ushort IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400; // If Image is on removable media, copy and run from the swap file.
public const ushort IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800; // If Image is on Net, copy and run from the swap file.
public const ushort IMAGE_FILE_SYSTEM = 0x1000; // System File.
public const ushort IMAGE_FILE_DLL = 0x2000; // File is a DLL.
public const ushort IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000; // File should only be run on a UP machine
public const ushort IMAGE_FILE_BYTES_REVERSED_HI = 0x8000; // Bytes of machine word are reversed.
public const ushort IMAGE_FILE_MACHINE_UNKNOWN = 0;
public const ushort IMAGE_FILE_MACHINE_I386 = 0x014c; // Intel 386.
public const ushort IMAGE_FILE_MACHINE_R3000 = 0x0162; // MIPS little-endian, 0x160 big-endian
public const ushort IMAGE_FILE_MACHINE_R4000 = 0x0166; // MIPS little-endian
public const ushort IMAGE_FILE_MACHINE_R10000 = 0x0168; // MIPS little-endian
public const ushort IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x0169; // MIPS little-endian WCE v2
public const ushort IMAGE_FILE_MACHINE_ALPHA = 0x0184; // Alpha_AXP
public const ushort IMAGE_FILE_MACHINE_SH3 = 0x01a2; // SH3 little-endian
public const ushort IMAGE_FILE_MACHINE_SH3DSP = 0x01a3;
public const ushort IMAGE_FILE_MACHINE_SH3E = 0x01a4; // SH3E little-endian
public const ushort IMAGE_FILE_MACHINE_SH4 = 0x01a6; // SH4 little-endian
public const ushort IMAGE_FILE_MACHINE_SH5 = 0x01a8; // SH5
public const ushort IMAGE_FILE_MACHINE_ARM = 0x01c0; // ARM Little-Endian
public const ushort IMAGE_FILE_MACHINE_THUMB = 0x01c2;
public const ushort IMAGE_FILE_MACHINE_AM33 = 0x01d3;
public const ushort IMAGE_FILE_MACHINE_POWERPC = 0x01F0; // IBM PowerPC Little-Endian
public const ushort IMAGE_FILE_MACHINE_POWERPCFP = 0x01f1;
public const ushort IMAGE_FILE_MACHINE_IA64 = 0x0200; // Intel 64
public const ushort IMAGE_FILE_MACHINE_MIPS16 = 0x0266; // MIPS
public const ushort IMAGE_FILE_MACHINE_ALPHA64 = 0x0284; // ALPHA64
public const ushort IMAGE_FILE_MACHINE_MIPSFPU = 0x0366; // MIPS
public const ushort IMAGE_FILE_MACHINE_MIPSFPU16 = 0x0466; // MIPS
public const ushort IMAGE_FILE_MACHINE_AXP64 = 0x0284;
public const ushort IMAGE_FILE_MACHINE_TRICORE = 0x0520; // Infineon
public const ushort IMAGE_FILE_MACHINE_CEF = 0x0CEF;
public const ushort IMAGE_FILE_MACHINE_EBC = 0x0EBC; // EFI Byte Code
public const ushort IMAGE_FILE_MACHINE_AMD64 = 0x8664; // AMD64 (K8)
public const ushort IMAGE_FILE_MACHINE_M32R = 0x9041; // M32R little-endian
public const ushort IMAGE_FILE_MACHINE_CEE = 0xC0EE;
#endregion
#region Directory format
public const uint IMAGE_DIRECTORY_ENTRY_EXPORT = 0; // Export Directory
public const uint IMAGE_DIRECTORY_ENTRY_IMPORT = 1; // Import Directory
public const uint IMAGE_DIRECTORY_ENTRY_RESOURCE = 2; // Resource Directory
public const uint IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3; // Exception Directory
public const uint IMAGE_DIRECTORY_ENTRY_SECURITY = 4; // Security Directory
public const uint IMAGE_DIRECTORY_ENTRY_BASERELOC = 5; // Base Relocation Table
public const uint IMAGE_DIRECTORY_ENTRY_DEBUG = 6; // Debug Directory
public const uint IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7; // Copyright
public const uint IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8; // RVA of GP
public const uint IMAGE_DIRECTORY_ENTRY_TLS = 9; // TLS Directory
public const uint IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10; // Load Configuration Directory
public const uint IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11; // Bound Import Directory in headers
public const uint IMAGE_DIRECTORY_ENTRY_IAT = 12; // Import Address Table
public const uint IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13; // Delay Load Import Descriptors
public const uint IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14; // COM Runtime descriptor
public const int IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16;
public struct IMAGE_DATA_DIRECTORY
{
public string Type;
public uint VirtualAddress;
public uint Size;
}
#endregion
#region Optional header 64-bit
public struct IMAGE_OPTIONAL_HEADER64
{
public ushort Magic;
public byte MajorLinkerVersion;
public byte MinorLinkerVersion;
public uint SizeOfCode;
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint BaseOfCode;
public UInt64 ImageBase;
public uint SectionAlignment;
public uint FileAlignment;
public ushort MajorOperatingSystemVersion;
public ushort MinorOperatingSystemVersion;
public ushort MajorImageVersion;
public ushort MinorImageVersion;
public ushort MajorSubsystemVersion;
public ushort MinorSubsystemVersion;
public uint Win32VersionValue;
public uint SizeOfImage;
public uint SizeOfHeaders;
public uint CheckSum;
public ushort Subsystem;
public ushort DllCharacteristics;
public UInt64 SizeOfStackReserve;
public UInt64 SizeOfStackCommit;
public UInt64 SizeOfHeapReserve;
public UInt64 SizeOfHeapCommit;
public uint LoaderFlags;
public uint NumberOfRvaAndSizes;
public IMAGE_DATA_DIRECTORY[] DataDirectory;
}
#endregion
#region Optional header 32-bit
public struct IMAGE_OPTIONAL_HEADER32
{
public ushort Magic;
public byte MajorLinkerVersion;
public byte MinorLinkerVersion;
public uint SizeOfCode;
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint BaseOfCode;
public uint BaseOfData;
public uint ImageBase;
public uint SectionAlignment;
public uint FileAlignment;
public ushort MajorOperatingSystemVersion;
public ushort MinorOperatingSystemVersion;
public ushort MajorImageVersion;
public ushort MinorImageVersion;
public ushort MajorSubsystemVersion;
public ushort MinorSubsystemVersion;
public uint Win32VersionValue;
public uint SizeOfImage;
public uint SizeOfHeaders;
public uint CheckSum;
public ushort Subsystem;
public ushort DllCharacteristics;
public uint SizeOfStackReserve;
public uint SizeOfStackCommit;
public uint SizeOfHeapReserve;
public uint SizeOfHeapCommit;
public uint LoaderFlags;
public uint NumberOfRvaAndSizes;
public IMAGE_DATA_DIRECTORY[] DataDirectory;
}
#endregion
#region Section header format
public struct IMAGE_SECTION_HEADER
{
public string Name;
public uint PhysicalAddress;
public uint VirtualSize;
public uint VirtualAddress;
public uint SizeOfRawData;
public uint PointerToRawData;
public uint PointerToRelocations;
public uint PointerToLinenumbers;
public ushort NumberOfRelocations;
public ushort NumberOfLinenumbers;
public uint Characteristics;
}
#endregion
private FileStream inputExe;
private BinaryReader inputReader;
private IMAGE_DOS_HEADER dosHeader;
private IMAGE_FILE_HEADER fileHeader;
private IMAGE_DATA_DIRECTORY[] dataDirectory = new IMAGE_DATA_DIRECTORY[16];
private IMAGE_OPTIONAL_HEADER32 optionalHeader32;
private IMAGE_SECTION_HEADER[] sectionHeaders;
private bool isExeLoaded = false;
//private IMAGE_OPTIONAL_HEADER64 optionalHeader64;
private string[] directoryTypeStrings = new string[16] {"Export Table",
"Import Table",
"Resource Table",
"Exception Table",
"Certificate Table",
"Base Relocation Table",
"Debug Directory",
"Architecture Specific Data",
"Global Pointer Register",
"Thread Local Storage Table",
"Load Configuration Table",
"Bound Import Table",
"Import Address Table",
"Delay Load Import Descriptors",
"COM Runtime Descriptor",
"Reserved"};
public IMAGE_DOS_HEADER DOSHeader
{
get { return dosHeader; }
}
public IMAGE_FILE_HEADER FileHeader
{
get { return fileHeader; }
}
public IMAGE_OPTIONAL_HEADER32 PEHeader
{
get { return optionalHeader32; }
}
public IMAGE_DATA_DIRECTORY[] DataDirectories
{
get { return dataDirectory; }
}
public IMAGE_SECTION_HEADER[] SectionHeaders
{
get { return sectionHeaders; }
}
public bool DoesSectionExist(string sectionName)
{
for(int i = 0; i < fileHeader.NumberOfSections; i++)
if(sectionHeaders[i].Name == sectionName)
return true;
return false;
}
public byte[] GetSectionDataByName(string sectionName)
{
byte[] result;
for(int i = 0; i < fileHeader.NumberOfSections; i++)
{
if(sectionHeaders[i].Name == sectionName)
{
inputExe.Position = sectionHeaders[i].PointerToRawData;
result = inputReader.ReadBytes((int)sectionHeaders[i].SizeOfRawData);
return result;
}
}
return null;
}
public bool LoadExecutable(string fileName)
{
try
{
inputExe = new FileStream(fileName,
FileMode.Open,
FileAccess.Read,
FileShare.Read);
inputReader = new BinaryReader(inputExe);
ReadMZHeader();
if (dosHeader.PEHeaderAddress > 0)
{
inputExe.Position = dosHeader.PEHeaderAddress + 4;
ReadFileHeader();
ReadSectionHeaders();
}
isExeLoaded = true;
return true;
}
catch(Exception ex)
{
return false;
}
}
public void CloseExecutable()
{
if(isExeLoaded)
inputExe.Close();
isExeLoaded = false;
}
private bool ReadMZHeader()
{
try
{
dosHeader.Magic = inputReader.ReadUInt16();
dosHeader.SizeOfLastPage = inputReader.ReadUInt16();
dosHeader.NumberOfPages = inputReader.ReadUInt16();
dosHeader.Relocations = inputReader.ReadUInt16();
dosHeader.SizeOfHeader = inputReader.ReadUInt16();
dosHeader.MinimumExtraParagraphs = inputReader.ReadUInt16();
dosHeader.MaximumExtraParagraphs = inputReader.ReadUInt16();
dosHeader.InitialSSValue = inputReader.ReadUInt16();
dosHeader.InitialSPValue = inputReader.ReadUInt16();
dosHeader.Checksum = inputReader.ReadUInt16();
dosHeader.InitialIPValue = inputReader.ReadUInt16();
dosHeader.InitialCSValue = inputReader.ReadUInt16();
dosHeader.RelocationTableAddress = inputReader.ReadUInt16();
dosHeader.OverlayNumber = inputReader.ReadUInt16();
for(int i = 0; i < 4; i++)
inputReader.ReadUInt16();
dosHeader.OemIdentifier = inputReader.ReadUInt16();
dosHeader.OemInformation = inputReader.ReadUInt16();
for(int i = 0; i < 10; i++)
inputReader.ReadUInt16();
dosHeader.PEHeaderAddress = inputReader.ReadUInt32();
return true;
}
catch(Exception ex)
{
return false;
}
}
private bool ReadFileHeader()
{
try
{
fileHeader.Machine = inputReader.ReadUInt16();
fileHeader.NumberOfSections = inputReader.ReadUInt16();
fileHeader.TimeDateStamp = inputReader.ReadUInt32();
fileHeader.PointerToSymbolTable = inputReader.ReadUInt32();
fileHeader.NumberOfSymbols = inputReader.ReadUInt32();
fileHeader.SizeOfOptionalHeader = inputReader.ReadUInt16();
fileHeader.Characteristics = inputReader.ReadUInt16();
if(fileHeader.SizeOfOptionalHeader > 0)
{
if(ReadPEHeader())
return true;
else
return false;
}
return true;
}
catch(Exception ex)
{
return false;
}
}
private bool ReadPEHeader()
{
try
{
optionalHeader32.Magic = inputReader.ReadUInt16();
optionalHeader32.MajorLinkerVersion = inputReader.ReadByte();
optionalHeader32.MinorLinkerVersion = inputReader.ReadByte();
optionalHeader32.SizeOfCode = inputReader.ReadUInt32();
optionalHeader32.SizeOfInitializedData = inputReader.ReadUInt32();
optionalHeader32.SizeOfUninitializedData = inputReader.ReadUInt32();
optionalHeader32.AddressOfEntryPoint = inputReader.ReadUInt32();
optionalHeader32.BaseOfCode = inputReader.ReadUInt32();
optionalHeader32.BaseOfData = inputReader.ReadUInt32();
optionalHeader32.ImageBase = inputReader.ReadUInt32();
optionalHeader32.SectionAlignment = inputReader.ReadUInt32();
optionalHeader32.FileAlignment = inputReader.ReadUInt32();
optionalHeader32.MajorOperatingSystemVersion = inputReader.ReadUInt16();
optionalHeader32.MinorOperatingSystemVersion = inputReader.ReadUInt16();
optionalHeader32.MajorImageVersion = inputReader.ReadUInt16();
optionalHeader32.MinorImageVersion = inputReader.ReadUInt16();
optionalHeader32.MajorSubsystemVersion = inputReader.ReadUInt16();
optionalHeader32.MinorSubsystemVersion = inputReader.ReadUInt16();
optionalHeader32.Win32VersionValue = inputReader.ReadUInt32();
optionalHeader32.SizeOfImage = inputReader.ReadUInt32();
optionalHeader32.SizeOfHeaders = inputReader.ReadUInt32();
optionalHeader32.CheckSum = inputReader.ReadUInt32();
optionalHeader32.Subsystem = inputReader.ReadUInt16();
optionalHeader32.DllCharacteristics = inputReader.ReadUInt16();
optionalHeader32.SizeOfStackReserve = inputReader.ReadUInt32();
optionalHeader32.SizeOfStackCommit = inputReader.ReadUInt32();
optionalHeader32.SizeOfHeapReserve = inputReader.ReadUInt32();
optionalHeader32.SizeOfHeapCommit = inputReader.ReadUInt32();
optionalHeader32.LoaderFlags = inputReader.ReadUInt32();
optionalHeader32.NumberOfRvaAndSizes = inputReader.ReadUInt32();
for(int i = 0; i < dataDirectory.Length; i++)
{
dataDirectory[i].Type = directoryTypeStrings[i];
dataDirectory[i].VirtualAddress = inputReader.ReadUInt32();
dataDirectory[i].Size = inputReader.ReadUInt32();
}
return true;
}
catch(Exception ex)
{
return false;
}
}
private bool ReadSectionHeaders()
{
try
{
byte[] sectionNameBuffer;
string sectionName;
string sectionNameClean;
sectionHeaders = new IMAGE_SECTION_HEADER[fileHeader.NumberOfSections];
for(int i = 0; i < fileHeader.NumberOfSections; i++)
{
sectionNameBuffer = inputReader.ReadBytes(8);
sectionName = Encoding.ASCII.GetString(sectionNameBuffer);
sectionNameClean = sectionName.Substring(0, sectionName.IndexOf("\0"));
sectionHeaders[i].Name = sectionNameClean;
//sectionHeaders[i].PhysicalAddress = inputReader.ReadUInt32();
sectionHeaders[i].VirtualSize = inputReader.ReadUInt32();
sectionHeaders[i].VirtualAddress = inputReader.ReadUInt32();
sectionHeaders[i].SizeOfRawData = inputReader.ReadUInt32();
sectionHeaders[i].PointerToRawData = inputReader.ReadUInt32();
sectionHeaders[i].PointerToRelocations = inputReader.ReadUInt32();
sectionHeaders[i].PointerToLinenumbers = inputReader.ReadUInt32();
sectionHeaders[i].NumberOfRelocations = inputReader.ReadUInt16();
sectionHeaders[i].NumberOfLinenumbers = inputReader.ReadUInt16();
sectionHeaders[i].Characteristics = inputReader.ReadUInt32();
}
return true;
}
catch(Exception ex)
{
return false;
}
}
~PEReader()
{
if(isExeLoaded)
{
inputReader.Close();
inputExe = null;
inputReader = null;
}
}
}
}