unit pe_ref;
interface
const
id:array[1..16] of string[16]=('Cursor','Bitmap','Icon','Menu','Dialog',
'String-Table','Font-Directory','Font',
'Accelerators','RC-Data','Message-Table',
'Group-Cursor','Unkown-Res','Group-icon',
'Unkown-Res','Version-info');
dr:array[0..15] of string[16]=('Export','Import','Resource','Exception',
'Security','Base Relocation','Debug','Architecture',
'Machine Value','Thread Storage','Load Config',
'Bound Import','Import Address','Delay Import',
'COM Runtime','Reserved');
type
P_DOS_HEADER = ^DOS_HEADER;
DOS_HEADER = packed record { DOS .EXE header }
e_magic : WORD; { Magic number }
e_cblp : WORD; { Bytes on last page of file }
e_cp : WORD; { Pages in file }
e_crlc : WORD; { Relocations }
e_cparhdr : WORD; { Size of header in paragraphs }
e_minalloc : WORD; { Minimum extra paragraphs needed }
e_maxalloc : WORD; { Maximum extra paragraphs needed }
e_ss : WORD; { Initial (relative) SS value }
e_sp : WORD; { Initial SP value }
e_csum : WORD; { Checksum }
e_ip : WORD; { Initial IP value }
e_cs : WORD; { Initial (relative) CS value }
e_lfarlc : WORD; { File address of relocation table }
e_ovno : WORD; { Overlay number }
e_res : packed array [0..3] of WORD; { Reserved words }
e_oemid : WORD; { OEM identifier (for e_oeminfo) }
e_oeminfo : WORD; { OEM information; e_oemid specific }
e_res2 : packed array [0..9] of WORD; { Reserved words }
e_lfanew : Cardinal; { File address of new exe header }
end;
P_FILE_HEADER = ^FILo_HEADER;
FILo_HEADER = packed record
Machine : WORD;
NumberOfSections : WORD;
TimeDateStamp : Cardinal;
PointerToSymbolTable : Cardinal;
NumberOfSymbols : Cardinal;
SizeOfOptionalHeader : WORD;
Characteristics : WORD;
end;
P_DATA_DIRECTORY = ^DATA_DIRECTORY;
DATA_DIRECTORY = packed record
VirtualAddress : Cardinal;
Size : Cardinal;
end;
P_OP_HEADER = ^OPTIO_HEADER;
OPTIO_HEADER = packed record
Magic : WORD;
MajorLinkerVersion : Byte;
MinorLinkerVersion : Byte;
SizeOfCode : Cardinal;
SizeOfInitializedData : Cardinal;
SizeOfUninitializedData : Cardinal;
AddressOfEntryPoint : Cardinal;
BaseOfCode : Cardinal;
BaseOfData : Cardinal;
ImageBase : Cardinal;
SectionAlignment : Cardinal;
FileAlignment : Cardinal;
MajorOperatingSystemVersion : WORD;
MinorOperatingSystemVersion : WORD;
MajorImageVersion : WORD;
MinorImageVersion : WORD;
MajorSubsystemVersion : WORD;
MinorSubsystemVersion : WORD;
Reserved : Cardinal;
SizeOfImage : Cardinal;
SizeOfHeaders : Cardinal;
CheckSum : Cardinal;
Subsystem : WORD;
DllCharacteristics : WORD;
SizeOfStackReserve : Cardinal;
SizeOfStackCommit : Cardinal;
SizeOfHeapReserve : Cardinal;
SizeOfHeapCommit : Cardinal;
LoaderFlags : Cardinal;
Numberofdirectories : Cardinal;
Data_Directory : packed array [0..15] of DATA_DIRECTORY;
end;
TMisc = packed record
case Integer of
0: (PhysicalAddress: Cardinal);
1: (VirtualSize: Cardinal);
end;
P_SECTo_HEADER = ^SECTION_HEADER;
SECTION_HEADER = packed record
Name : packed array [0..7] of Char;
Misc : TMisc; //or VirtualSize (union);
VirtualAddress : Cardinal;
SizeOfRawData : Cardinal;
PointerToRawData : Cardinal;
PointerToRelocations : Cardinal;
PointerToLinenumbers : Cardinal;
NumberOfRelocations : WORD;
NumberOfLinenumbers : WORD;
Characteristics : Cardinal;
end;
P_NT_HEADER = ^NT_HEADERS;
NT_HEADERS = packed record
Signature : Cardinal;
F_Header : FILo_HEADER;
Op_Header : OPTIO_HEADER;
end;
P_RES_DIRECTORY = ^RESOURCE_DIRECTORY;
RESOURCE_DIRECTORY = packed record
Characteristics : Cardinal;
TimeDateStamp : Cardinal;
MajorVersion : WORD;
MinorVersion : WORD;
NumberOfNamedEntries : WORD;
NumberOfIdEntries : WORD;
end;
P_RES_DIR_ENTRY = ^RES_DIR_ENTRY;
RES_DIR_ENTRY = packed record
Name: Cardinal;
OffsetToData: Cardinal;
end;
P_RES_DATA = ^RESOURCE_DATA_ENTRY;
RESOURCE_DATA_ENTRY = packed record
OffsetToData : Cardinal;
Size : Cardinal;
CodePage : Cardinal;
Reserved : Cardinal;
end;
P_STRING_U = ^TSTRING_U;
TSTRING_U = packed record
Length : WORD;
NameString : array [0..0] of WideCHAR;
end;
P_char = ^char_ascii;
char_ascii=char;
P_hint = ^T_hint; // for hint and ordinal exported functions
T_hint = word;
P_funcs = ^func_name;
func_name = Cardinal;
P_import = ^import_Directory;
import_Directory = packed record
OriginalFirstThunk : Cardinal;
TimeDateStamp : Cardinal;
ForwarderChain : Cardinal;
Name : Cardinal;
FirstThunk : Cardinal;
end;
P_export = ^export_Directory;
export_Directory = packed record
Characteristics : Cardinal;
TimeDateStamp : Cardinal;
Major_V : word;
Minor_V : word;
Name : Cardinal;
base : Cardinal;
NumberOfFunctions : cardinal;
NumberOfNames : cardinal;
AddressOfFunctions : cardinal;
AddressOfNames : cardinal;
AddressOfOrdinals : cardinal;
end;
var
res_ofs,res_rva,imp_ofs,exp_ofs,Thunk :Cardinal;
P_Dos : P_DOS_HEADER;
P_Nt : P_NT_HEADER;
P_sec : P_SECTo_HEADER;
P_Res_D : P_RES_DIRECTORY;
P_Entry,p_ee,P_ii : P_RES_DIR_ENTRY;
P_Data : P_RES_DATA;
p_exp : P_export; // try to put these in local
P_imp : P_import;
p_fs : P_funcs;
imp_ok,res_ok,exp_ok : boolean;
implementation
end.
interface
const
id:array[1..16] of string[16]=('Cursor','Bitmap','Icon','Menu','Dialog',
'String-Table','Font-Directory','Font',
'Accelerators','RC-Data','Message-Table',
'Group-Cursor','Unkown-Res','Group-icon',
'Unkown-Res','Version-info');
dr:array[0..15] of string[16]=('Export','Import','Resource','Exception',
'Security','Base Relocation','Debug','Architecture',
'Machine Value','Thread Storage','Load Config',
'Bound Import','Import Address','Delay Import',
'COM Runtime','Reserved');
type
P_DOS_HEADER = ^DOS_HEADER;
DOS_HEADER = packed record { DOS .EXE header }
e_magic : WORD; { Magic number }
e_cblp : WORD; { Bytes on last page of file }
e_cp : WORD; { Pages in file }
e_crlc : WORD; { Relocations }
e_cparhdr : WORD; { Size of header in paragraphs }
e_minalloc : WORD; { Minimum extra paragraphs needed }
e_maxalloc : WORD; { Maximum extra paragraphs needed }
e_ss : WORD; { Initial (relative) SS value }
e_sp : WORD; { Initial SP value }
e_csum : WORD; { Checksum }
e_ip : WORD; { Initial IP value }
e_cs : WORD; { Initial (relative) CS value }
e_lfarlc : WORD; { File address of relocation table }
e_ovno : WORD; { Overlay number }
e_res : packed array [0..3] of WORD; { Reserved words }
e_oemid : WORD; { OEM identifier (for e_oeminfo) }
e_oeminfo : WORD; { OEM information; e_oemid specific }
e_res2 : packed array [0..9] of WORD; { Reserved words }
e_lfanew : Cardinal; { File address of new exe header }
end;
P_FILE_HEADER = ^FILo_HEADER;
FILo_HEADER = packed record
Machine : WORD;
NumberOfSections : WORD;
TimeDateStamp : Cardinal;
PointerToSymbolTable : Cardinal;
NumberOfSymbols : Cardinal;
SizeOfOptionalHeader : WORD;
Characteristics : WORD;
end;
P_DATA_DIRECTORY = ^DATA_DIRECTORY;
DATA_DIRECTORY = packed record
VirtualAddress : Cardinal;
Size : Cardinal;
end;
P_OP_HEADER = ^OPTIO_HEADER;
OPTIO_HEADER = packed record
Magic : WORD;
MajorLinkerVersion : Byte;
MinorLinkerVersion : Byte;
SizeOfCode : Cardinal;
SizeOfInitializedData : Cardinal;
SizeOfUninitializedData : Cardinal;
AddressOfEntryPoint : Cardinal;
BaseOfCode : Cardinal;
BaseOfData : Cardinal;
ImageBase : Cardinal;
SectionAlignment : Cardinal;
FileAlignment : Cardinal;
MajorOperatingSystemVersion : WORD;
MinorOperatingSystemVersion : WORD;
MajorImageVersion : WORD;
MinorImageVersion : WORD;
MajorSubsystemVersion : WORD;
MinorSubsystemVersion : WORD;
Reserved : Cardinal;
SizeOfImage : Cardinal;
SizeOfHeaders : Cardinal;
CheckSum : Cardinal;
Subsystem : WORD;
DllCharacteristics : WORD;
SizeOfStackReserve : Cardinal;
SizeOfStackCommit : Cardinal;
SizeOfHeapReserve : Cardinal;
SizeOfHeapCommit : Cardinal;
LoaderFlags : Cardinal;
Numberofdirectories : Cardinal;
Data_Directory : packed array [0..15] of DATA_DIRECTORY;
end;
TMisc = packed record
case Integer of
0: (PhysicalAddress: Cardinal);
1: (VirtualSize: Cardinal);
end;
P_SECTo_HEADER = ^SECTION_HEADER;
SECTION_HEADER = packed record
Name : packed array [0..7] of Char;
Misc : TMisc; //or VirtualSize (union);
VirtualAddress : Cardinal;
SizeOfRawData : Cardinal;
PointerToRawData : Cardinal;
PointerToRelocations : Cardinal;
PointerToLinenumbers : Cardinal;
NumberOfRelocations : WORD;
NumberOfLinenumbers : WORD;
Characteristics : Cardinal;
end;
P_NT_HEADER = ^NT_HEADERS;
NT_HEADERS = packed record
Signature : Cardinal;
F_Header : FILo_HEADER;
Op_Header : OPTIO_HEADER;
end;
P_RES_DIRECTORY = ^RESOURCE_DIRECTORY;
RESOURCE_DIRECTORY = packed record
Characteristics : Cardinal;
TimeDateStamp : Cardinal;
MajorVersion : WORD;
MinorVersion : WORD;
NumberOfNamedEntries : WORD;
NumberOfIdEntries : WORD;
end;
P_RES_DIR_ENTRY = ^RES_DIR_ENTRY;
RES_DIR_ENTRY = packed record
Name: Cardinal;
OffsetToData: Cardinal;
end;
P_RES_DATA = ^RESOURCE_DATA_ENTRY;
RESOURCE_DATA_ENTRY = packed record
OffsetToData : Cardinal;
Size : Cardinal;
CodePage : Cardinal;
Reserved : Cardinal;
end;
P_STRING_U = ^TSTRING_U;
TSTRING_U = packed record
Length : WORD;
NameString : array [0..0] of WideCHAR;
end;
P_char = ^char_ascii;
char_ascii=char;
P_hint = ^T_hint; // for hint and ordinal exported functions
T_hint = word;
P_funcs = ^func_name;
func_name = Cardinal;
P_import = ^import_Directory;
import_Directory = packed record
OriginalFirstThunk : Cardinal;
TimeDateStamp : Cardinal;
ForwarderChain : Cardinal;
Name : Cardinal;
FirstThunk : Cardinal;
end;
P_export = ^export_Directory;
export_Directory = packed record
Characteristics : Cardinal;
TimeDateStamp : Cardinal;
Major_V : word;
Minor_V : word;
Name : Cardinal;
base : Cardinal;
NumberOfFunctions : cardinal;
NumberOfNames : cardinal;
AddressOfFunctions : cardinal;
AddressOfNames : cardinal;
AddressOfOrdinals : cardinal;
end;
var
res_ofs,res_rva,imp_ofs,exp_ofs,Thunk :Cardinal;
P_Dos : P_DOS_HEADER;
P_Nt : P_NT_HEADER;
P_sec : P_SECTo_HEADER;
P_Res_D : P_RES_DIRECTORY;
P_Entry,p_ee,P_ii : P_RES_DIR_ENTRY;
P_Data : P_RES_DATA;
p_exp : P_export; // try to put these in local
P_imp : P_import;
p_fs : P_funcs;
imp_ok,res_ok,exp_ok : boolean;
implementation
end.