This repository has been archived by the owner on Jun 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
peinfo.exw
122 lines (111 loc) · 4.31 KB
/
peinfo.exw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
-- Òåñòîâàÿ ïðîãðàììà äëÿ ïðîâåðêè ïðàâèëüíîñòè ðàáîòû ôóíêöèé ìîäóëÿ pe.e
include std/pretty.e
include std/search.e
include std/console.e
include pe.e
include patcher.e
-- atom fn = open("d:\\Games\\df_34_09_win\\Dwarf Fortress.exe","rb")
atom fn = open("d:\\Games\\df_34_11_win\\Dwarf Fortress Rus.exe","ub")
if fn<0 then
puts(1,"File not found.\n")
any_key()
abort(1)
end if
constant header = check_pe(fn)
seek(fn,header)
printf(1,"Signature: %s\n",{get_bytes(fn,4)})
puts(1,'\n')
printf(1,"Machine: %xh\n",get_integer16(fn))
integer NumberOfSections = get_integer16(fn)
printf(1,"NumberOfSections: %d\n",NumberOfSections)
printf(1,"TimeDateStamp: %d\n",get_integer32(fn))
printf(1,"PointerToSymbolTable: %d\n",get_integer32(fn))
printf(1,"NumberOfSymbols: %d\n",get_integer32(fn))
printf(1,"SizeOfOptionalHeader: %d\n",get_integer16(fn))
printf(1,"Characteristics: %d\n",get_integer16(fn))
puts(1,'\n')
printf(1,"Magic: %xh\n",get_integer16(fn))
printf(1,"LinkerVersion: %d %d\n",get_bytes(fn,2))
printf(1,"SizeOfCode: %xh\n",get_integer32(fn))
printf(1,"SizeOfInitializedData: %xh\n",get_integer32(fn))
printf(1,"SizeOfUninitializedData: %xh\n",get_integer32(fn))
printf(1,"AddressOfEntryPoint: %xh\n",get_integer32(fn))
printf(1,"BaseOfCode: %xh\n",get_integer32(fn))
printf(1,"BaseOfData: %xh\n",get_integer32(fn))
printf(1,"ImageBase: %xh\n",get_integer32(fn))
printf(1,"SectionAlignment: %xh\n",get_integer32(fn))
printf(1,"FileAlignment: %xh\n",get_integer32(fn))
printf(1,"OperatingSystemVersion: %d %d\n",{get_integer16(fn),get_integer16(fn)})
printf(1,"ImageVersion: %d %d\n",{get_integer16(fn),get_integer16(fn)})
printf(1,"SubsystemVersion: %d %d\n",{get_integer16(fn),get_integer16(fn)})
printf(1,"Win32VersionValue: %d %d\n",get_integer32(fn))
printf(1,"SizeOfImage: %xh\n",get_integer32(fn))
printf(1,"SizeOfHeaders: %xh\n",get_integer32(fn))
printf(1,"CheckSum: %xh\n",get_integer32(fn))
printf(1,"Subsystem: %d\n",get_integer16(fn))
printf(1,"DllCharactristics: %xh\n",get_integer16(fn))
printf(1,"SizeOfStackReserve: %xh\n",get_integer32(fn))
printf(1,"SizeOfStackCommit: %xh\n",get_integer32(fn))
printf(1,"SizeOfHeapReserve: %xh\n",get_integer32(fn))
printf(1,"SizeOfHeapCommit: %xh\n",get_integer32(fn))
printf(1,"LoaderFlags: %xh\n",get_integer32(fn))
printf(1,"NumberOfRvaAndSizes: %xh\n",get_integer32(fn))
puts(1,"Data Directory:\n")
pretty_print(1,get_data_directory(fn),{2,2,1,78,"#%08x","#%08x"})
puts(1,"\n\n")
puts(1,"Section Table:\n\n")
constant sections = get_section_table(fn)
puts(1," Name VirtualSize VirtualAddress PhisicalSize PhisicalOffset Flags\n")
for i = 1 to length(sections) do
printf(1,"%-8s %08x %08x %08x %08x %08x\n",
sections[i][1..5] & sections[i][$])
end for
constant pattern = {
#8B, #C6, -- mov eax, esi
#80, #38, #61, -- cmp byte [eax], 61h ; 'a'
#7C, #1A, -- jl short +1Ah
#83, #F9, #10, -- cmp ecx, 10h
#72, #04, -- jb short +4
#8B, #06, -- mov eax, [esi]
#EB, #02, -- jmp short +2
#8B, #C6, -- mov eax, esi
#80, #38, #7A, -- cmp byte [eax], 7Ah ; 'z'
#7F, #0A, -- jg short +0Ah
#83, #F9, #10, -- cmp ecx, 10h
#72, #02, -- jb short +2
#8B, #36, -- mov esi, [esi]
#80, #06, #E0 -- add byte [esi], 0E0h
}
constant image_base = #400000
constant blocksize = 1024
include std/io.e
/*seek(fn, sections[1][SECTION_POFFSET])
object buf
for i = 1 to floor((sections[1][SECTION_PSIZE]+blocksize-1)/blocksize) do
buf = get_bytes(fn,blocksize)
integer pos = where(fn)
if atom(buf) then
exit
end if
integer j = find(pattern[1],buf)
if j > 0 then
if j > blocksize-length(pattern) then
buf &= get_bytes(fn, length(pattern))
seek(fn,pos)
end if
while 1 do
j = match(pattern, buf, j)
if j=0 then
exit
end if
printf(1,"%x\n", image_base+sections[1][SECTION_RVA]+(i-1)*blocksize+j-1)
atom off = sections[1][SECTION_POFFSET]+(i-1)*blocksize+j-1
fpoke(fn,off+4,'à')
fpoke(fn,off+20,'ÿ')
seek(fn,pos)
j+=1
end while
end if
end for*/
close(fn)
any_key()