可执行文件信息查看工具代码示例

最新推荐文章于 2023-10-02 21:02:04 发布
最新推荐文章于 2023-10-02 21:02:04 发布
阅读量4.8k 收藏 1
点赞数
分类专栏: 技术文章 源码分享 资源共享
1 描述

该ExeInfo工具可以显示有关可执行文件(*.EXE ) ,动态链接库(*.dll文件) ,(*.ocx)文件和(*.sys)
驱动程序文件的一般信息。它可以识别所有主要类型的可执行文件,包括MS -DOS文件,
可执行文件( 16位)和可移植可执行文件( 32位) 。

2 授权


该实用程序属于免费软件。您可以自由使用,修改,分发,只要你不删除原有的版权声明即可。

3 声明

该软件提供的“原样“,没有任何担保或者任何明示或暗示的保证,包括应用于任何商业的目的。
笔者将不对任何特殊,偶然,附带或间接操作导致的数据丢失或任何其他原因造成的损失负责。

4 ExeInfo工具的用法

该ExeInfo实用程序不需要任何安装过程。只是exeinfo.exe复制到任何你想要的文件夹,然后运行它。
当您运行它,单击“显示文件信息”按钮,然后选择所需的可执行文件。在选择文件时,
 ExeInfo工具将会显示关于你的可执行文件的大量信息。您还可以得到一个文件的​​信息,

从浏览器窗口拖动到ExeInfo工具窗口。


//main.h


#define START_TEXT "ExeInfo v1.01\r\n"

#define UNKNOWN_STR "Unknown"

#define MAINTEXT_BUFFER_SIZE 32000
#define LINE_BUFFER_SIZE 2048
#define ERROR_BUFFER_SIZE 2048
#define MZHEADER_SIZE 0x40
#define NEWHEADER_SIZE 0x1000

#define EXE_TYPE_UNKNOWN 0
#define EXE_TYPE_DOS 1
#define EXE_TYPE_NE 2
#define EXE_TYPE_PE 3
#define EXE_TYPE_LE 4
#define EXE_TYPE_LX 5
#define EXE_TYPE_W3 6

#define MAX_NUM_OF_SECTIONS 64

//Section Headers Info. Flags
#define SECTIONS_HEADER_INFO_PKLITE 0x1
#define SECTIONS_HEADER_INFO_WINZIP 0x2
#define SECTIONS_HEADER_INFO_WWPACK32 0x4
#define SECTIONS_HEADER_INFO_UPX 0x8

struct KEY_VALUE
{
	DWORD dwKey;
	char *szValue;
};



#define SIGNATURE_DELPHI_1 "\x04\x10\x40\x00\x03\x07\x42\x6F\x6F\x6C\x65\x61\x6E"
#define SIGNATURE_DELPHI_2 "\x04\x10\x40\x00\x0A\x06\x53\x74\x72\x69\x6E\x67\x4C"
#define SIGNATURE_DELPHI_3 "\x0A\x06\x73\x74\x72\x69\x6E\x67\x00\x00\x00"

#define SIGNATURE_VB4 "VB40032.DLL"
#define SIGNATURE_VB5 "MSVBVM50.DLL"
#define SIGNATURE_VB6 "MSVBVM60.DLL"



//main.cpp

#include <windows.h>
#include <winnt.h>
#include <stdio.h>
#include "resource.h"
#include "main.h"

//Main dialog-box handle
HWND hMainDlg;

//Icons
HICON hMainIcon32, hMainIcon16;

//The color of main edit control
COLORREF crMainEdit;

//The brush for painting the main edit control
HBRUSH hMainEditBrush = NULL;
//The font for the main edit control
HFONT hEditFont;

//Error buffer.
char szError[ERROR_BUFFER_SIZE];

char szBytesWord[] = " Bytes";

//Display error message.
void ErrorMsg(DWORD dwErr)
{
	char *lpMessageBuffer; 
	FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, dwErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpMessageBuffer, 0, NULL);
	if (strlen(lpMessageBuffer) < ERROR_BUFFER_SIZE)
		strcpy(szError, lpMessageBuffer);

	LocalFree(lpMessageBuffer); 					
}


void SetMainText(LPCSTR lpszText)
{
	SetDlgItemText(hMainDlg, IDC_EDIT_MAIN, lpszText);
}


//Display error in the main window
void ShowError(LPCSTR lpszFilename, LPCSTR szMsg)
{
	DWORD dwError = GetLastError();
	char szMessage[ERROR_BUFFER_SIZE];

	ErrorMsg(dwError);
	sprintf(szMessage, szMsg, lpszFilename, dwError, szError);
	SetMainText(szMessage);	
}


//Fill LOGFONT structure.
void FillFontStruct(LOGFONT *logfont, LPSTR name, int size, BOOL bold)
{
	logfont->lfHeight = size;
	logfont->lfWidth = 0;
	logfont->lfEscapement = 0;
	logfont->lfOrientation = 0;
	logfont->lfWeight = 400 + 300 * (bold == TRUE);
	logfont->lfItalic = FALSE;
	logfont->lfUnderline = FALSE;
	logfont->lfStrikeOut = FALSE;
	logfont->lfCharSet = DEFAULT_CHARSET;
	logfont->lfOutPrecision = OUT_DEFAULT_PRECIS;
	logfont->lfClipPrecision = CLIP_DEFAULT_PRECIS;
	logfont->lfQuality = DEFAULT_QUALITY;
	logfont->lfPitchAndFamily = DEFAULT_PITCH;
	strcpy(logfont->lfFaceName, name);
}

//Set the font for the main edit control
void SetEditFont(HWND hWnd)
{
	LOGFONT lf;

	FillFontStruct(&lf, "Fixedsys", 10, FALSE);
	hEditFont = CreateFontIndirect(&lf);
	SendMessage(hWnd, WM_SETFONT, (WPARAM)hEditFont, FALSE);
}


void StrTrim(char *source, char *dest)
{
	int nIndex = 0;

	while (source[nIndex] == ' ')
	{
		nIndex++;
	}
	strcpy(dest, &source[nIndex]);
}


void RemoveQuotes(LPSTR szCommand)
{
	int nGet = 0, nSet = 0;

	while (szCommand[nGet] != '\0')
	{
		if  (szCommand[nGet] == '\"') 
			nGet++;
		else
		{
			szCommand[nSet] = szCommand[nGet];
			nSet++;
			nGet++;
		}
	}

	szCommand[nSet] = '\0';
}


//Get the number of color bits in the current screen device.
int GetColorsBits()
{
	HDC hScreenDC = GetDC(0);
	int nColorBits = GetDeviceCaps(hScreenDC, BITSPIXEL) * GetDeviceCaps(hScreenDC, PLANES);
	ReleaseDC(NULL, hScreenDC);
	return nColorBits;
}

//Create brush for the main edit control
void PrepareEditBrush()
{
	int nColorBits = GetColorsBits();
	
	if (hMainEditBrush != NULL) DeleteObject(hMainEditBrush);
	if (nColorBits >= 16) 
	{
		crMainEdit = RGB(255, 248, 240);
		hMainEditBrush = CreateSolidBrush(crMainEdit);
	} 
	else
	{
		crMainEdit = RGB(255, 255, 255);
		hMainEditBrush = CreateSolidBrush(crMainEdit);
	} 

}


//Display 'Open File' dialog-box
BOOL OpenFileDialog(LPSTR lpFilename)
{
	OPENFILENAME of;
	char szFilter[] = "Executable Files (*.exe)\0*.exe\0Dynamic-Link Libraries (*.dll)\0*.dll\0ActiveX Controls (*.ocx)\0*.ocx\0Driver Files (*.drv;*.vxd;*.sys;*.386)\0*.drv;*.vxd;*.sys;*.386\0Font Files (*.fon)\0*.fon\0All files (*.*)\0*.*\0\0";
	char szFile[MAX_PATH] = "\0";
	char szTitle[] = "Select an executable file";
	char szExt[] = "exe";

	of.lStructSize = sizeof(of);
	of.hwndOwner = hMainDlg;
	of.lpstrFilter = szFilter;
	of.lpstrCustomFilter = NULL;
	of.nFilterIndex = 0;
	of.lpstrFile = szFile;
	of.nMaxFile = MAX_PATH;
	of.lpstrFileTitle = NULL;
	of.lpstrInitialDir = NULL;
	of.lpstrTitle = szTitle;
	of.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY | OFN_PATHMUSTEXIST;
	of.lpstrDefExt = szExt;
	if (GetOpenFileName(&of))
	{
		strcpy(lpFilename, of.lpstrFile); 
		return TRUE;
	} else return FALSE;

}

void ClearMainText()
{
	SetDlgItemText(hMainDlg, IDC_MAIN_EDIT, "");
}

//Add text to the main edit control
void AddMainText(LPCSTR lpszText)
{
	char szTemp[MAINTEXT_BUFFER_SIZE];
	
	GetDlgItemText(hMainDlg, IDC_MAIN_EDIT, szTemp, MAINTEXT_BUFFER_SIZE);
	if (strlen(szTemp) + strlen(lpszText) + 1 < MAINTEXT_BUFFER_SIZE)
	{
		strcat(szTemp, lpszText);
		SetDlgItemText(hMainDlg, IDC_MAIN_EDIT, szTemp);
	}
 }

void AddTextLine(LPCSTR lpszCaption, LPCSTR lpszValue)
{
	char szLine[LINE_BUFFER_SIZE];

	sprintf(szLine, "%-26s : %s\r\n", lpszCaption, lpszValue);
	AddMainText(szLine);
}

//Get version information
BOOL GetInfoStr(char *pBuf, LPCSTR lpszLang1, LPCSTR lpszName, LPSTR lpszInfo)
{
	UINT size;
	char *str;
	char szTemp[255];
	strcpy(szTemp, "\\StringFileInfo\\");
	strcat(szTemp, lpszLang1);
	strcat(szTemp, "\\");
	strcat(szTemp, lpszName);

	BOOL bFound = VerQueryValue((LPVOID)pBuf, szTemp, (LPVOID *)&str, &size);
	if (bFound)
	{
		strcpy(lpszInfo, str);
		return TRUE;
	} else return FALSE;
}


LPSTR KeyValueToStr(KEY_VALUE *Items, DWORD dwNumOfItems, DWORD dwFindValue, LPSTR lpszValue, LPSTR lpszDefaultValue = NULL)
{
	for (DWORD dwIndex = 0; dwIndex < dwNumOfItems; dwIndex++)
		if (Items[dwIndex].dwKey == dwFindValue)
		{
			strcpy(lpszValue, Items[dwIndex].szValue);
			return lpszValue;
		}


	if (lpszDefaultValue != NULL)
		strcpy(lpszValue, lpszDefaultValue);
	else
		lpszValue[0] = '\0';

	return lpszValue;

}

LPSTR KeyValueBitsToStr(KEY_VALUE *Items, DWORD dwNumOfItems, DWORD dwFindValue, LPSTR lpszValue)
{
	
	lpszValue[0] = '\0';

	for (DWORD dwIndex = 0; dwIndex < dwNumOfItems; dwIndex++)
		if ((Items[dwIndex].dwKey & dwFindValue) != 0)
		{
			if (lpszValue[0] != '\0')
				strcat(lpszValue, ", ");

			strcat(lpszValue, Items[dwIndex].szValue);
		}
	return lpszValue;

}


LPSTR GetFileOSName(DWORD dwFileOS, LPSTR lpszOSName)
{
	const NumOfOS = 9;
	KEY_VALUE Items[NumOfOS] = {
		{VOS_DOS, "MS-DOS"},
		{VOS_NT, "Windows NT"},
		{VOS__WINDOWS16, "16-bit Windows"},
		{VOS__WINDOWS32, "32-bit Windows"},
		{VOS_OS216, "16-bit OS/2"},
		{VOS_OS232, "32-bit OS/2"},
		{VOS__PM16, "16-bit Presentation Manager"},
		{VOS__PM32, "32-bit Presentation Manager"},
		{VOS_UNKNOWN, "Unknown"}};


	return KeyValueBitsToStr(Items, NumOfOS, dwFileOS, lpszOSName);
}

LPSTR GetFileType(DWORD dwFileType, LPSTR lpszFileType) 
{
	const NumOfTypes = 7;
	KEY_VALUE FilesTypes[NumOfTypes] = {
		{VFT_UNKNOWN, "Unknown"},
		{VFT_APP, "Application"},
		{VFT_DLL, "Dynamic-Link Library"},
		{VFT_DRV, "Device Driver"},
		{VFT_FONT, "Font"},
		{VFT_VXD, "Virtual Device"},
		{VFT_STATIC_LIB, "Static-Link Library"}};

	return KeyValueToStr(FilesTypes, NumOfTypes, dwFileType, lpszFileType);
}

LPSTR GetFileSubType(DWORD dwFileType, DWORD dwFileSubType, LPSTR lpszFileSubType)
{
	const NumOfTypes = 11;
	DWORD dwFileSubTypesIndex[NumOfTypes] = {VFT2_UNKNOWN, VFT2_DRV_COMM, VFT2_DRV_PRINTER, VFT2_DRV_KEYBOARD, 
									VFT2_DRV_LANGUAGE, VFT2_DRV_DISPLAY, VFT2_DRV_MOUSE, VFT2_DRV_NETWORK, 
									VFT2_DRV_SYSTEM, VFT2_DRV_INSTALLABLE, VFT2_DRV_SOUND};

	LPSTR szFileSubTypes[NumOfTypes] = {"Unknown", "Communications Driver", "Printer Driver", "Keyboard Driver", "Language Driver", "Display Driver", "Mouse Driver", "Network Driver", "System Driver", "Installable Driver", "Sound Driver"};
	
	strcpy(lpszFileSubType,"Unknown");
	if (dwFileType == VFT_DRV)
	{
		for (int nIndex = 0; nIndex < NumOfTypes;nIndex++)
			if (dwFileSubTypesIndex[nIndex] == dwFileSubType)
			{
				strcpy(lpszFileSubType, szFileSubTypes[nIndex]);
				break;
			}
	} else if (dwFileType == VFT_FONT)
	{
		if (dwFileSubType == VFT2_FONT_RASTER)
			strcpy(lpszFileSubType, "Raster Font");
		else if (dwFileSubType == VFT2_FONT_VECTOR)
			strcpy(lpszFileSubType, "Vector Font");
		else if (dwFileSubType == VFT2_FONT_TRUETYPE)
			strcpy(lpszFileSubType, "TrueType Font");

	}

	return lpszFileSubType;
}

LPSTR GetExeType(DWORD dwExeType, LPSTR lpszExeType)
{
	const NumOfTypes = 7;
	KEY_VALUE ExeTypes[NumOfTypes] = {
		{EXE_TYPE_UNKNOWN, "Unknown"},
		{EXE_TYPE_DOS, "MS-DOS"},
		{EXE_TYPE_NE, "New Executable (16-bit)"},
		{EXE_TYPE_PE, "Portable Executable (32-bit)"},
		{EXE_TYPE_LE, "Linear Executable (Virtual Device Driver)"},
		{EXE_TYPE_LX, "Linear Executable: OS/2 2.x "},
		{EXE_TYPE_W3, "Windows WIN386.EXE file"}};
	
	return KeyValueToStr(ExeTypes, NumOfTypes, dwExeType, lpszExeType);
}


HANDLE OpenFileForRead(LPCSTR lpszFilename)
{
	return CreateFile(lpszFilename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);	
}


LPSTR FormatDWordHex(DWORD dwValue, LPSTR lpszValue, DWORD dwMaxDigits = 4)
{
	char szTemp[50];

	_ultoa(dwValue, szTemp, 16);
	int nAdd = dwMaxDigits - strlen(szTemp);
	if (nAdd > 0)
	{
		memset(lpszValue, '0', nAdd);
		lpszValue[nAdd] = '\0';
	}
	else
		lpszValue[0] = '\0';

	strcat(lpszValue, szTemp);
	sprintf(szTemp, "0x%s", lpszValue );
	strcpy(lpszValue, szTemp);

	return lpszValue;
}

LPSTR FormatDWord(DWORD dwValue, LPSTR lpszValue, LPSTR lpszMore = NULL)
{
	char szTemp[30];
	NUMBERFMT nf;

	nf.NumDigits = 0;
	nf.LeadingZero = 0;
	nf.Grouping = 3;
	nf.lpDecimalSep = ".";
	nf.lpThousandSep = ",";
	nf.NegativeOrder = 0;

	_ultoa(dwValue, szTemp, 10);
	GetNumberFormat(LOCALE_USER_DEFAULT, 0, szTemp, &nf, lpszValue, LINE_BUFFER_SIZE);
	if (lpszMore != NULL)
		strcat(lpszValue, lpszMore);

	return lpszValue;
}

LPSTR FormatFileTime(FILETIME ft, LPSTR szDateTime)
{
	SYSTEMTIME st;
	char szTime[15];

	FileTimeToSystemTime(&ft, &st);
	GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &st, NULL, szDateTime, LINE_BUFFER_SIZE);
	GetTimeFormat(LOCALE_USER_DEFAULT, 0, &st, NULL, szTime, 15);
	strcat(szDateTime, " ");
	strcat(szDateTime, szTime);
	return szDateTime;
}

LPSTR GetCharacteristics(WORD wCharacteristics, LPSTR lpszCharacteristics)
{
	const NumOfItems = 13;
	KEY_VALUE Items[NumOfItems] = {
		{IMAGE_FILE_DLL, "The file is a dynamic-link library"},
		//{IMAGE_FILE_EXECUTABLE_IMAGE, "The file is executable"}, 
		{IMAGE_FILE_RELOCS_STRIPPED, "Relocation info stripped from file"},
		{IMAGE_FILE_LINE_NUMS_STRIPPED,"Line nunbers stripped from file"},
		{IMAGE_FILE_LOCAL_SYMS_STRIPPED, "Local symbols stripped from file"},
		{IMAGE_FILE_AGGRESIVE_WS_TRIM, "Agressively trim working set"}, 
		{IMAGE_FILE_LARGE_ADDRESS_AWARE, "The application can handle addresses larger than 2gb"},
		{IMAGE_FILE_BYTES_REVERSED_LO, "Bytes of machine word are reversed"},
		//{IMAGE_FILE_32BIT_MACHINE, "32 bit word machine"},
		{IMAGE_FILE_DEBUG_STRIPPED, "Debugging info stripped from file in .DBG file"},
		{IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, "If Image is on removable media, copy and run from the swap file"},
		{IMAGE_FILE_NET_RUN_FROM_SWAP, "If Image is on Net, copy and run from the swap file"},
		{IMAGE_FILE_SYSTEM, "System File"},
		{IMAGE_FILE_UP_SYSTEM_ONLY, "File should only be run on a UP machine"},
		{IMAGE_FILE_BYTES_REVERSED_HI, "Bytes of machine word are reversed"}};

	lpszCharacteristics[0] = '\0';

	for (DWORD dwIndex = 0; dwIndex < NumOfItems; dwIndex++)
		if ((wCharacteristics & Items[dwIndex].dwKey) != 0)
		{
			strcat(lpszCharacteristics, "\r\n * ");
			strcat(lpszCharacteristics, Items[dwIndex].szValue);
		}	

	return lpszCharacteristics;


}

LPSTR GetSubsystemName(WORD wSubsystem, LPSTR lpszSubsystemName)
{
	const NumOfSubsystems = 8;
	KEY_VALUE Subsystems[NumOfSubsystems] = {
		{IMAGE_SUBSYSTEM_UNKNOWN, "Unknown subsystem"},
		{IMAGE_SUBSYSTEM_NATIVE, "Image doesn't require a subsystem"},
		{IMAGE_SUBSYSTEM_WINDOWS_GUI, "Windows GUI"},
		{IMAGE_SUBSYSTEM_WINDOWS_CUI, "Windows character subsystem (Console Application)"},
		{IMAGE_SUBSYSTEM_OS2_CUI, "OS/2 character subsystem"},
		{IMAGE_SUBSYSTEM_POSIX_CUI, "Posix character subsystem"},
		{IMAGE_SUBSYSTEM_NATIVE_WINDOWS, "Native Win9x driver"},
		{IMAGE_SUBSYSTEM_WINDOWS_CE_GUI, "Windows CE subsystem"}};

	
	return KeyValueToStr(Subsystems, NumOfSubsystems, wSubsystem, lpszSubsystemName, UNKNOWN_STR);
}


LPSTR GetMachineName(USHORT Machine, LPSTR lpszMachineName)
{
	const NumOfMachines = 18;
	KEY_VALUE Machines[NumOfMachines] = {
		{IMAGE_FILE_MACHINE_UNKNOWN, "Unknown"},           
		{IMAGE_FILE_MACHINE_I386, "Intel 386"},
		{IMAGE_FILE_MACHINE_R3000, "MIPS little-endian, 0x160 big-endian"},
		{IMAGE_FILE_MACHINE_R4000, "MIPS little-endian"},
		{IMAGE_FILE_MACHINE_R10000,"MIPS little-endian"},
		{IMAGE_FILE_MACHINE_WCEMIPSV2, "MIPS little-endian WCE v2"},
		{IMAGE_FILE_MACHINE_ALPHA, "Alpha_AXP"}, 
		{IMAGE_FILE_MACHINE_POWERPC, "IBM PowerPC Little-Endian"},
		{IMAGE_FILE_MACHINE_SH3, "SH3 little-endian"},
		{IMAGE_FILE_MACHINE_SH3E, "SH3E little-endian"},
		{IMAGE_FILE_MACHINE_SH4, "SH4 little-endian"},
		{IMAGE_FILE_MACHINE_ARM, "ARM Little-Endian"},
		{IMAGE_FILE_MACHINE_THUMB, "?"},            
		{IMAGE_FILE_MACHINE_IA64, "Intel 64"},
		{IMAGE_FILE_MACHINE_MIPS16, "MIPS"},
		{IMAGE_FILE_MACHINE_MIPSFPU, "MIPS"},
		{IMAGE_FILE_MACHINE_MIPSFPU16, "MIPS"},
		{IMAGE_FILE_MACHINE_ALPHA64, "ALPHA64"}};
	
	

	return KeyValueToStr(Machines, NumOfMachines, Machine, lpszMachineName, UNKNOWN_STR);
}

BOOL GetDosCompress(LPCSTR lpszMZHeader, LPSTR szCompressName)
{
	if (strncmp(&lpszMZHeader[0x1e], "PKLITE", 6) == 0)
	{
		sprintf(szCompressName, "PKLITE v%d.%d", (lpszMZHeader[0x1d] & 0xf), lpszMZHeader[0x1c]);
		return TRUE;
	}

	if (strncmp(&lpszMZHeader[0x1c], "LZ", 2) == 0)
	{
		char szVer[10] = "";
		if (strncmp(&lpszMZHeader[0x1e], "09", 2) == 0)
			strcpy(szVer, "0.90");
		else if (strncmp(&lpszMZHeader[0x1e], "91", 2) == 0)
			strcpy(szVer, "0.91");

		sprintf(szCompressName, "LZEXE %s", szVer);

		return TRUE;
	}

	if (strncmp(&lpszMZHeader[0x25], "LHarc's SFX", 11) == 0)
	{
		strcpy(szCompressName, "LHarc 1.x");
		return TRUE;
	}

	if (strncmp(&lpszMZHeader[0x24], "LHa's SFX", 9) == 0 ||
		strncmp(&lpszMZHeader[0x24], "LHA's SFX", 9) == 0)
	{
		strcpy(szCompressName, "LHA 2.x");
		return TRUE;
	}
	

	return FALSE;
}


LPSTR GetNETargetOS(BYTE ExeType, LPSTR lpszOSName)
{
	const NumOfItems = 8;
	KEY_VALUE Items[NumOfItems] = {
		{0x0, "Unknown"},	
		{0x1, "OS/2"},	
		{0x2, "Windows"},	
		{0x3, "European MS-DOS 4.x"},	
		{0x4, "Windows 386"},	
		{0x5, "BOSS (Borland Operating System Services)"},	
		{0x81, "PharLap 286|DOS-Extender, OS/2"},	
		{0x82, "PharLap 286|DOS-Extender, Windows"}};
	
	return KeyValueToStr(Items, NumOfItems, ExeType, lpszOSName, UNKNOWN_STR);
}

void GetInfoFromSectionHeaders(IMAGE_SECTION_HEADER *ishs, USHORT uNumOfSections, DWORD *dwInfo1)
{
	*dwInfo1 = 0;
	for (USHORT uIndex = 0; uIndex < uNumOfSections; uIndex++)
	{
		if (strncmp((char *)ishs[uIndex].Name, ".pklstb", 7) == 0) *dwInfo1 |= SECTIONS_HEADER_INFO_PKLITE;
		if (strncmp((char *)ishs[uIndex].Name, "_winzip_", 8) == 0) *dwInfo1 |= SECTIONS_HEADER_INFO_WINZIP;
		if (strncmp((char *)ishs[uIndex].Name, ".WWP32", 6) == 0) *dwInfo1 |= SECTIONS_HEADER_INFO_WWPACK32;
		if (strncmp((char *)ishs[uIndex].Name, "UPX", 3) == 0) *dwInfo1 |= SECTIONS_HEADER_INFO_UPX;
			
	}
}


LPSTR GetSectionCharacteristics(DWORD dwCharacteristics, LPSTR lpszValue)
{
	const NumOfItems = 9;
	KEY_VALUE Items[NumOfItems] = {
		{0x00000020, "Code"},
		{0x00000040, "Initialized Data"},
		{0x00000080, "Uninitialized Data"},
		{0x04000000, "Not Cachable"},
		{0x08000000, "Not Pageable"},
		{0x10000000, "Shared"},
		{0x20000000, "Executable"},
		{0x40000000, "Readable"},
		{0x80000000, "Writable"}};
	
	return KeyValueBitsToStr(Items, NumOfItems, dwCharacteristics, lpszValue);
}


void ShowExeInfo(LPCSTR lpszFilename)
{
	DWORD dwTemp;
	UINT dwSize;
	HANDLE hFile;
	char szValue[LINE_BUFFER_SIZE], szTemp[LINE_BUFFER_SIZE];
	
	//Clear all text.
	ClearMainText();

	//Open file
	if ((hFile = OpenFileForRead(lpszFilename)) != INVALID_HANDLE_VALUE)
	{
		char szMZHeader[MZHEADER_SIZE];
		char szMewHeader[NEWHEADER_SIZE];

		DWORD dwRead, dwExeType, dwNewHeaderLoc;
		BOOL bResult;

		//Read MZ header. (MS-DOS Header)
		bResult = ReadFile(hFile, szMZHeader, MZHEADER_SIZE, &dwRead, NULL);
		if (bResult && dwRead == MZHEADER_SIZE)
		{
			AddTextLine("Filename", lpszFilename);
			if (szMZHeader[0] == 'M' && szMZHeader[1] == 'Z')
			{
				IMAGE_DOS_HEADER *idh;	
				idh = (IMAGE_DOS_HEADER *)szMZHeader;

				if (szMZHeader[0x18] != 0x40)
					dwExeType = EXE_TYPE_DOS;
				else
				{
					dwNewHeaderLoc = idh->e_lfanew;
					SetFilePointer(hFile, dwNewHeaderLoc, NULL, FILE_BEGIN);

					//Read next header. (PE, NE, or LE)
					bResult = ReadFile(hFile, szMewHeader, NEWHEADER_SIZE, &dwRead, NULL);
					if (bResult && dwRead >= 255) 
					{
						if (szMewHeader[0] == 'P' && szMewHeader[1] == 'E')
							dwExeType = EXE_TYPE_PE;
						else if (szMewHeader[0] == 'N' && szMewHeader[1] == 'E')
							dwExeType = EXE_TYPE_NE;
						else if (szMewHeader[0] == 'L' && szMewHeader[1] == 'E')
							dwExeType = EXE_TYPE_LE;
					} else
						dwExeType = EXE_TYPE_UNKNOWN;

				}

				DWORD dwFileSize = GetFileSize(hFile, NULL);
				FormatDWord(dwFileSize, szValue);
				strcat(szValue, szBytesWord);
				AddTextLine("File Size", szValue);

				FILETIME ftCreation, ftModified;
				GetFileTime(hFile, &ftCreation, NULL, &ftModified);
				AddTextLine("Created Date", FormatFileTime(ftCreation, szValue));
				AddTextLine("Modified Date", FormatFileTime(ftModified, szValue));
				AddTextLine("Executable Format", GetExeType(dwExeType, szValue));
				
				AddMainText("\r\nMS-DOS Header Information\r\n=========================\r\n");
				AddTextLine("Bytes in the last page", FormatDWord(idh->e_cblp, szValue));
				AddTextLine("Number of pages", FormatDWord(idh->e_cp, szValue));
				AddTextLine("Relocation entries", FormatDWord(idh->e_crlc, szValue));
				AddTextLine("Header size in paragraphs", FormatDWord(idh->e_cparhdr, szValue));
				AddTextLine("Initial SS (Relative)", FormatDWordHex(idh->e_ss, szValue));
				AddTextLine("Initial SP", FormatDWordHex(idh->e_sp, szValue));
				AddTextLine("Initial CS (Relative)", FormatDWordHex(idh->e_cs, szValue));
				AddTextLine("Initial IP", FormatDWordHex(idh->e_ip, szValue));
				AddTextLine("Checksum", FormatDWordHex(idh->e_csum, szValue));
				if (GetDosCompress(szMZHeader, szTemp))
				{
					sprintf(szValue, "\r\n*** The file is compressed with %s ***\r\n", szTemp);
					AddMainText(szValue);
				}

				if (dwExeType == EXE_TYPE_NE)
				{
					IMAGE_OS2_HEADER *iosh = (IMAGE_OS2_HEADER *)szMewHeader;
					AddMainText("\r\nNew Executable Header Information\r\n===================================\r\n");
					AddTextLine("Version Number", itoa(iosh->ne_ver, szValue, 10));
					AddTextLine("Revision Number", itoa(iosh->ne_rev, szValue, 10));
					AddTextLine("Entry Table Offset", FormatDWordHex(iosh->ne_enttab, szValue));
					AddTextLine("Entry Table Size", FormatDWord(iosh->ne_cbenttab, szValue, szBytesWord));
					AddTextLine("Checksum", FormatDWordHex(iosh->ne_crc, szValue, 8));
					AddTextLine("Library Module", ((iosh->ne_flags & 0x8000) ? "Yes" : "No"));
					AddTextLine("Target OS", GetNETargetOS(iosh->ne_exetyp, szValue));

					AddTextLine("Initial Heap Allocation", FormatDWord(iosh->ne_heap, szValue, szBytesWord));
					AddTextLine("Initial Stack Allocation", FormatDWord(iosh->ne_heap, szValue, szBytesWord));
					sprintf(szValue, "%.4x:%.4x", (WORD)(((DWORD)iosh->ne_csip) >> 16), (WORD)(((DWORD)iosh->ne_csip) & 0xffff));
					AddTextLine("Initial CS:IP", szValue);

					sprintf(szValue, "%.4x:%.4x", (WORD)(((DWORD)iosh->ne_sssp) >> 16), (WORD)(((DWORD)iosh->ne_sssp) & 0xffff));
					AddTextLine("Initial SS:SP", szValue);

					AddTextLine("Segment Entries", FormatDWord(iosh->ne_cseg, szValue));
					AddTextLine("Module Entries", FormatDWord(iosh->ne_cmod, szValue));
					AddTextLine("Non-Resident Name Table", FormatDWord(iosh->ne_cbnrestab, szValue, szBytesWord));
					
					AddTextLine("Segment Table Offset", FormatDWordHex(iosh->ne_segtab, szValue));
					AddTextLine("Resource Table Offset", FormatDWordHex(iosh->ne_rsrctab, szValue));
					AddTextLine("Resident Names Offset", FormatDWordHex(iosh->ne_restab, szValue));
					AddTextLine("Module Reference Offset", FormatDWordHex(iosh->ne_modtab, szValue));
					AddTextLine("Imported Names Offset", FormatDWordHex(iosh->ne_imptab, szValue));
					AddTextLine("Non-resident Names Offset", FormatDWordHex(iosh->ne_nrestab, szValue, 8));
					
					AddTextLine("Movable Entries Count", FormatDWord(iosh->ne_cmovent, szValue));
					AddTextLine("Segment Alignment", FormatDWord(iosh->ne_align, szValue));
					AddTextLine("Resource Segments Count", FormatDWord(iosh->ne_cres, szValue));

	

				}


				if (dwExeType == EXE_TYPE_PE)
				{
					IMAGE_FILE_HEADER *ifh;
	
					AddMainText("\r\nPortable Executable Header Information\r\n===================================\r\n");
					ifh = (IMAGE_FILE_HEADER *)&szMewHeader[4];
					AddTextLine("Machine", GetMachineName(ifh->Machine, szValue));
					AddTextLine("Number Of Sections", FormatDWord(ifh->NumberOfSections, szValue));
					AddTextLine("Number Of Symbols", FormatDWord(ifh->NumberOfSymbols, szValue));
					AddTextLine("Optional Header Size", FormatDWord(ifh->SizeOfOptionalHeader, szValue, szBytesWord));
					AddTextLine("Time Stamp", FormatDWordHex(ifh->TimeDateStamp, szValue));
					AddTextLine("Characteristics", GetCharacteristics(ifh->Characteristics, szValue));
					
					AddMainText("\r\nOptional Header Information\r\n===================================\r\n");
					
					IMAGE_OPTIONAL_HEADER32 *ioh = (IMAGE_OPTIONAL_HEADER32 *)&szMewHeader[24];
					sprintf(szValue, "%d.%d", ioh->MajorLinkerVersion, ioh->MinorLinkerVersion);
					AddTextLine("Linker Version", szValue);
					AddTextLine("Size Of Code", FormatDWord(ioh->SizeOfCode, szValue, szBytesWord ));
					AddTextLine("Size of initialized data", FormatDWord(ioh->SizeOfInitializedData, szValue, szBytesWord));
					AddTextLine("Size of uninitialized data", FormatDWord(ioh->SizeOfUninitializedData, szValue, szBytesWord));

					if (ifh->Machine == IMAGE_FILE_MACHINE_I386 && ifh->SizeOfOptionalHeader >= 224)
					{
						AddTextLine("Section Alignment", FormatDWord(ioh->SectionAlignment, szValue, szBytesWord));
						AddTextLine("File Alignment", FormatDWord(ioh->FileAlignment, szValue, szBytesWord));
						sprintf(szValue, "%d.%d", ioh->MajorOperatingSystemVersion, ioh->MinorOperatingSystemVersion);
						AddTextLine("OS Version", szValue);
						sprintf(szValue, "%d.%d", ioh->MajorImageVersion, ioh->MinorImageVersion);
						AddTextLine("Image Version", szValue);
						sprintf(szValue, "%d.%d", ioh->MajorSubsystemVersion, ioh->MinorSubsystemVersion);
						AddTextLine("Subsystem Version", szValue);
						AddTextLine("Size Of Image", FormatDWord(ioh->SizeOfImage, szValue, szBytesWord));
						AddTextLine("Size Of Headers", FormatDWord(ioh->SizeOfHeaders, szValue, szBytesWord));
						AddTextLine("Checksum", FormatDWordHex(ioh->CheckSum, szValue, 8));
						AddTextLine("Subsystem", GetSubsystemName(ioh->Subsystem, szValue));
						AddTextLine("Reserve Stack Size", FormatDWordHex(ioh->SizeOfStackReserve, szValue, 8));
						AddTextLine("Commit Stack Size", FormatDWordHex(ioh->SizeOfStackCommit, szValue, 8));
						AddTextLine("Reserve Heap Size", FormatDWordHex(ioh->SizeOfHeapReserve, szValue, 8));
						AddTextLine("Commit Heap Size", FormatDWordHex(ioh->SizeOfHeapCommit, szValue, 8));
						AddTextLine("Base Address", FormatDWordHex(ioh->ImageBase, szValue, 8));

					}
					AddTextLine("Entry Point", FormatDWordHex(ioh->AddressOfEntryPoint, szValue, 8));
					AddTextLine("Base Of Code", FormatDWordHex(ioh->BaseOfCode, szValue, 8));
					AddTextLine("Base Of Data", FormatDWordHex(ioh->BaseOfData, szValue, 8));

					//Section Headers
					IMAGE_SECTION_HEADER *ishs;
					DWORD dwInfo1;
					USHORT uNumOfSections = ifh->NumberOfSections;
					if (uNumOfSections > MAX_NUM_OF_SECTIONS)
						uNumOfSections  = MAX_NUM_OF_SECTIONS;

					ishs = (IMAGE_SECTION_HEADER *)&szMewHeader[24 + ifh->SizeOfOptionalHeader]; 
					
					AddMainText("\r\nSection Headers Information\r\n===================================\r\n");
					sprintf(szValue, "This file has %d sections:\r\n", ifh->NumberOfSections);
					AddMainText(szValue);
					for (USHORT uIndex = 0; uIndex < uNumOfSections; uIndex++)
					{
						if (uIndex == 0) 
							AddMainText("----------------------------------------\r\n");
						memcpy(szValue, ishs[uIndex].Name, 8);
						szValue[8] = '\0';
						AddTextLine("Section Name", szValue);
						AddTextLine("Virtual Address", FormatDWordHex(ishs[uIndex].VirtualAddress, szValue, 8));
						AddTextLine("Raw Data Size", FormatDWordHex(ishs[uIndex].SizeOfRawData, szValue, 8));
						AddTextLine("Raw Data Pointer", FormatDWordHex(ishs[uIndex].PointerToRawData, szValue, 8));
						AddTextLine("Characteristics", GetSectionCharacteristics(ishs[uIndex].Characteristics, szValue));

						AddMainText("----------------------------------------\r\n");
					}

					GetInfoFromSectionHeaders(ishs, uNumOfSections, &dwInfo1);
					if ((dwInfo1 & SECTIONS_HEADER_INFO_PKLITE) != 0)
						AddMainText("\r\n*** The file is compressed with PKLITE for Windows ***\r\n");

					if ((dwInfo1 & SECTIONS_HEADER_INFO_WINZIP) != 0)
						AddMainText("\r\n*** The file is self-extractor archive created by WinZip ***\r\n");

					if ((dwInfo1 & SECTIONS_HEADER_INFO_WWPACK32) != 0)
						AddMainText("\r\n*** The file is compressed with WWPACK32 ***\r\n");

					if ((dwInfo1 & SECTIONS_HEADER_INFO_UPX) != 0)
						AddMainText("\r\n*** The file is compressed with UPX ***\r\n");
					
					//Compilers Detection
					char *pVBSignature = (char *)&szMewHeader[24 + ifh->SizeOfOptionalHeader + 40 * uNumOfSections + 0x10];
					char *pDelphiSignature = (char *)&szMewHeader[0x400 - idh->e_lfanew]; 

					BYTE VBVer = 0;
					char szCompiler[30] = "";
					//Visual Basic Detection
					if (memcmp(pVBSignature, SIGNATURE_VB4, strlen(SIGNATURE_VB4)) == 0) VBVer = 4;
					if (memcmp(pVBSignature, SIGNATURE_VB5, strlen(SIGNATURE_VB5)) == 0) VBVer = 5;
					if (memcmp(pVBSignature, SIGNATURE_VB6, strlen(SIGNATURE_VB6)) == 0) VBVer = 6;
					if (VBVer != 0)
						sprintf(szCompiler, "Visual Basic %d.0", VBVer);
					else
						//Delphi Detection
						if	(memcmp(pDelphiSignature, SIGNATURE_DELPHI_1, 13) == 0 ||
							 memcmp(pDelphiSignature, SIGNATURE_DELPHI_2, 13) == 0 || 
							 memcmp(pDelphiSignature, SIGNATURE_DELPHI_3, 11) == 0)
								strcpy(szCompiler, "Borland Delphi");

					if (szCompiler[0] != '\0')
					{
						sprintf(szValue, "\r\n*** The file was compiled by %s ***\r\n", szCompiler);
						AddMainText(szValue);
					}
						
				}

			} else
			{
				AddMainText("\r\nUnrecognized file format.\r\n");
				return;
			}

		} else
		{
			ShowError(lpszFilename, "Cannot read from %s\r\nError %d:%s");
			return;
		}

	} else
	{
		
		ShowError(lpszFilename, "Cannot open %s\r\nError %d:%s");
		return;
	}

	AddMainText("\r\nVersion Information\r\n====================\r\n");
	dwSize = GetFileVersionInfoSize((LPTSTR)lpszFilename, &dwTemp);
	if (dwSize > 0)
	{
		char *buf = new char[dwSize];
		char *str;
		char szLang1[20];
		VS_FIXEDFILEINFO *pInfo;
		
		GetFileVersionInfo((LPTSTR)lpszFilename, 0, dwSize, buf);
		if (VerQueryValue((LPVOID)buf, "\\", (LPVOID *)&pInfo, &dwSize))
		{
			AddTextLine("Operating System", GetFileOSName(pInfo->dwFileOS, szValue));
			AddTextLine("File Type", GetFileType(pInfo->dwFileType, szValue));
			AddTextLine("File Sub-Type", GetFileSubType(pInfo->dwFileType, pInfo->dwFileSubtype , szValue));
			
			sprintf(szValue, "%d,%d,%d,%d", (pInfo->dwFileVersionMS >> 16), (pInfo->dwFileVersionMS & 65535), (pInfo->dwFileVersionLS >> 16), pInfo->dwFileVersionLS & 65535);
			AddTextLine("File Version", szValue);

			sprintf(szValue, "%d,%d,%d,%d", (pInfo->dwProductVersionMS >> 16), (pInfo->dwProductVersionMS & 65535), (pInfo->dwProductVersionLS >> 16), pInfo->dwProductVersionLS & 65535);
			AddTextLine("Product Version", szValue);

		}
		AddMainText("============================================================\r\n");
		VerQueryValue((LPVOID)buf, "\\VarFileInfo\\Translation", (LPVOID *)&str, &dwSize);
		sprintf(szLang1, "%4.4X%4.4X", *(unsigned short *)str, *(unsigned short *)(str + 2));

		if (GetInfoStr(buf, szLang1, "ProductName", szValue))
			AddTextLine("Product Name", szValue);
		if (GetInfoStr(buf, szLang1, "FileDescription", szValue))
			AddTextLine("File Description", szValue);
		if (GetInfoStr(buf, szLang1, "FileVersion", szValue))
			AddTextLine("File Version", szValue);
		if (GetInfoStr(buf, szLang1, "ProductVersion", szValue))
			AddTextLine("Product Version", szValue);
		if (GetInfoStr(buf, szLang1, "CompanyName", szValue))
			AddTextLine("Company Name", szValue);
		if (GetInfoStr(buf, szLang1, "InternalName", szValue))
			AddTextLine("Internal Name", szValue);
		if (GetInfoStr(buf, szLang1, "LegalCopyright", szValue))
			AddTextLine("Legal Copyright", szValue);
		if (GetInfoStr(buf, szLang1, "OriginalFileName", szValue))
			AddTextLine("Original FileName", szValue);


		delete []buf;
	} else
		AddMainText("Version information is not available for this file.");
}

void ExeOpen(HWND hwndDlg)
{
	char szFilename[MAX_PATH];

	//Display open file dialog-box
	if (OpenFileDialog(szFilename))
	{
		//Load the file that the user selected.
		ShowExeInfo(szFilename);
	}

}

void CopyEditToClipboard(HWND hWnd)
{
	SendMessage(hWnd, EM_SETSEL, 0, 65535L);
	SendMessage(hWnd, WM_COPY, 0 , 0);
	SendMessage(hWnd, EM_SETSEL, 0, 0);
}


BOOL CALLBACK MainDlgProc(
  HWND hwndDlg,  // handle to dialog box
  UINT uMsg,     // message
  WPARAM wParam, // first message parameter
  LPARAM lParam  // second message parameter
)
{
	WORD wNotifyCode, wID;
	char szDropFile[MAX_PATH];
	HDROP hDrop = (HDROP) wParam; 

	switch(uMsg)
	{
		case WM_INITDIALOG:
			SetDlgItemText(hwndDlg, IDC_EDIT_MAIN, START_TEXT);

			//Allows to drag files into the main dialog-box.
			DragAcceptFiles(hwndDlg, TRUE);

			//Set main font.
			SetEditFont(GetDlgItem(hwndDlg, IDC_MAIN_EDIT));
			return TRUE;
		
		case WM_CLOSE:
			PostQuitMessage(0);
			return TRUE;
		
		case WM_CTLCOLORSTATIC:
			if ((HWND)lParam == GetDlgItem(hwndDlg, IDC_EDIT_MAIN))
			{
				SetBkColor((HDC)wParam, crMainEdit);
				return (BOOL)hMainEditBrush;
			}
			return TRUE;
		
		case WM_DISPLAYCHANGE:
			//On display settings change, recreate the brush.
			PrepareEditBrush();		
			return TRUE;

		case WM_DROPFILES:
			//Load the file that the user dropped into ExeInfo.
			hDrop = (HDROP) wParam; 
			DragQueryFile(hDrop, 0, szDropFile, MAX_PATH);
			DragFinish(hDrop);
			ShowExeInfo(szDropFile);
			return TRUE;

		case WM_COMMAND:
			wNotifyCode = HIWORD(wParam); // notification code 
			wID = LOWORD(wParam);         // item, control, or accelerator identifier 
			
			if (wID == IDC_BUTTON_EXIT && wNotifyCode == BN_CLICKED)
			{
				PostQuitMessage(0);
				return TRUE;
			}
			else if (wID == IDC_BUTTON_OPEN && wNotifyCode == BN_CLICKED)
			{
				ExeOpen(hwndDlg);
				return TRUE;
			} 
			else if (wID == IDC_BUTTON_COPY && wNotifyCode == BN_CLICKED)
			{
				CopyEditToClipboard(GetDlgItem(hwndDlg, IDC_EDIT_MAIN));
				return TRUE;
			}
			return FALSE;


		default:
			return FALSE;
	}
}


void CenterWin(HWND hWnd)
{
	RECT rcWin;

	GetWindowRect(hWnd, &rcWin);
	SetWindowPos(hWnd, NULL, (GetSystemMetrics(SM_CXFULLSCREEN) - (rcWin.right - rcWin.left + 1)) / 2, 
							 (GetSystemMetrics(SM_CYFULLSCREEN) - (rcWin.bottom - rcWin.top + 1)) / 2, 
							 0, 0, SWP_NOOWNERZORDER | SWP_NOSIZE | SWP_NOZORDER);

}



int WINAPI WinMain(
	HINSTANCE  hInstance,	// handle to current instance
    HINSTANCE  hPrevInstance,	// handle to previous instance
    LPSTR  lpCmdLine,	// pointer to command line
    int  nShowCmd 	// show state of window
   )
{
	MSG msg;
	char szCommand[1024];

	//Load small and large Icons from IDI_MAIN resource
	hMainIcon32 = (HICON)LoadImage(hInstance, MAKEINTRESOURCE(IDI_MAIN), IMAGE_ICON, 32, 32, 0);
	hMainIcon16 = (HICON)LoadImage(hInstance, MAKEINTRESOURCE(IDI_MAIN), IMAGE_ICON, 16, 16, 0);
	
	//Create brush
	PrepareEditBrush();
	
	if ((hMainDlg = CreateDialog(hInstance, MAKEINTRESOURCE(IDD_MAIN), NULL, MainDlgProc)) != NULL)
	{
		//Load icons into the dialog-box.
		SendMessage(hMainDlg, WM_SETICON, ICON_SMALL, (LPARAM)hMainIcon16);
		SendMessage(hMainDlg, WM_SETICON, ICON_BIG, (LPARAM)hMainIcon32);
		
		//Center dialog-box
		CenterWin(hMainDlg);
		SetMainText(START_TEXT);
		
		//Display the dialog-box
		ShowWindow(hMainDlg, SW_SHOW);

		StrTrim(lpCmdLine, szCommand);
		if (szCommand[0] != '\0')
		{
			//Load Exe specified in command-line
			RemoveQuotes(szCommand);
			ShowExeInfo(szCommand);
		}

		//Main message loop.
		while (GetMessage(&msg, NULL, 0, 0))
		{
			if (!IsDialogMessage(hMainDlg, &msg))
			{
				TranslateMessage(&msg);
				DispatchMessage(&msg);
			}
		}

		//Free the brush and font before exit.
		DeleteObject(hMainEditBrush);
		DeleteObject(hEditFont);

	}
	
	return 0;
}




5t4rk
关注
专栏目录
ExeinfoPE-非常好用的EXE文件信息查看工具
04-05
ExeinfoPE-非常好用的EXE文件信息查看工具,是用于软件调试、反汇编和软件脱壳破解的好帮手。
PE文件修改器(EXE文件查看工具)v2.2单文件绿色版(x86/x64)
12-08
PE文件修改器(EXE文件查看工具)v2.2单文件绿色版 ============================================================ 发布时文件名:   PEshell-x86-v2.2[crc-F342E220].exe   PEshell-x64-v2.2[crc-A9F3EAEA].exe 软件介绍:   PE文件修改器(EXE文件查看工具)   WINXP,WIN7x86,WIN7x64系统下测试稳定,部分受保护文件修改失败。(仅用于学习交流)   此小工具,可修改EXE文件图标,导出EXE文件图标,EXE文件注入进程,EXE文件注入DLL,合并EXE文件。 注:   用于打造个性化EXE文件,但仅适用于修改普通32/64位可执行EXE文件。   绿色版无毒请放心使用!   这类软件杀软误报纯属正常! ============================================================
可执行文件的内容分析工具
SmartMZ Log
01-11 4319
Bill Zimmerly (bill@zimmerly.com), 自由撰稿人兼知识工程师, Author 级别: 中级 2007 年 3 月 06 日    UNIX(R) 系统中运行的程序遵守一种称为目标文件格式的精心设计。了解更多关于目标文件格式的内容,以及可以用来研究系统中目标文件的工具。   计算机编程的最新技术将一种特殊的人性与一组特殊的工具结合在一起,用以生产出对其他
查看exe代码_恶意代码分析第七章Lab-07-03实战分析笔记
weixin_39929721的博客
11-30 464
首先我们通过静态分析发现该程序的导入表中有很多文件操作类函数。又在StringView中发现了Lab07-03.dll字符串,我们推断程序有可能调用了该动态库,但却没有发现任何loadlibrary或者getprocaddress函数。所以我们的推测可能是错的,他有可能并没有加载这个动态库。其中也出现了Kernel32.dll的完整路径。但还出现了一个Kerne132.dll的完整路径,很明显,这...
快速查找项目可执行文件
wwOok
09-24 723
在运行的项目中,分为两种情况, 1.工程束中包含有product文件夹,选中对应,showInFinder -> 显示包内容,找到Unix可执行文件 2.工程束中不包含product文件夹,选中xcode配置条,File -> project Setting ,点击红色框区域,进行跳转,进入DerivedData文件夹,找到对应项目,点击进入,Build -> Products -> Debug ,找到Unix可执行文件 ...
查看exe文件源代码_那些你分不清的文件拓展名
weixin_39632293的博客
12-10 5622
文件扩展名也称为文件的后缀名,是操作系统用来标志文件类型的一种机制。A filename extension, also known as a file extension, is a mechanism used by the operating system to identify the file type.关于扩展名的误区&特性Misconceptions about E...
可执行文件罐子与示例:生成具有依赖项的可执行jar文件
02-03
"可执行文件罐子与示例:生成具有依赖项的可执行jar文件"这个主题关注的是如何利用Maven构建工具来创建一个包含所有依赖的、可以直接运行的JAR包。这样的JAR文件被称为"胖JAR"或"自包含JAR",因为它包含了运行应用...
完整版可执行文件浏览器.rar
04-02
总的来说,"完整版可执行文件浏览器.rar"提供了全面的工具,让用户能够查看和分析可执行文件的内部结构,包括代码、资源、依赖项等,对于软件开发和调试工作来说,这样的工具是非常有价值的。用户需要确保系统已安装...
WilViewer_wil文件编辑器源码示例_wil文件编辑_wil源码_wil文件编辑器_
10-02
1. **wil文件编辑器源码示例**:重申了这个工具是一个源代码公开的编辑器实例。 2. **wil文件编辑**:明确了主要功能是对.WIL文件进行编辑操作。 3. **wil源码**:指出该编辑器的实现代码可供学习和使用。 4. **wil...
vb教学辅助系统(源代码+可执行文件+论文)【VB】.zip
最新发布
06-04
此系统通常包括源代码可执行文件和相关的学术论文,为用户提供了一个全方位的学习和研究平台。 一、VB编程基础 VB是一种事件驱动的编程语言,它采用直观的图形用户界面(GUI),使得编程过程更为简单易懂。系统中...
Exeinfo PE-ver0.0.1.7 非常好用的查壳工具
10-13
查壳工具 Exeinfo PE-ver0.0.1.7 带插件,可以upack upx包 懂的下
ExeinfoPe.zip
07-28
可以查看PE文件的详细信息,是否有壳,什么语言编写的,以及其他信息
查壳工具ExEinfoPE、PEiD )
07-04
查壳工具ExEinfoPE、PEiD )可以查出目前主流壳。
ExeinfoPe 文件加壳检测
08-15
ExeinfoPe 文件加壳检测,数据库比较新
取文件版本信息模块代码.rar
03-12
Java中,`java.io.File`类提供了`lastModified()`方法获取修改时间,而更详细的版本信息可能需要通过解析特定的文件格式(如PE格式对于Windows可执行文件)来获取。 对于版本控制工具,如Git,它会自动跟踪文件的每...
exe程序怎么查看代码_程序员:无聊怎么办?那就看看这些骚气十足的代码
weixin_39700220的博客
11-05 831
小编找的这些有趣的代码能给大家涨涨姿势,解解闷!我们都知道IT这个行业技术更新换代极快,今天小编带给大家的是历史上骚气十足的代码!1、史上最变态语言Befunge这门语言由Chris Pressey在1993年创造,其代码是二维的。Befunge代码的注释不需要任何符号标明,你可以把注释写在程序的任何地方,只要运行时指针不会经过它就行了。这种语言的hello World代码这种语言计算圆周率的代码...
查看打包成exe程序的批处理并提取代码
Yang的博客
05-15 4845
今天找批处理(.bat)打包成exe的更好地工具,结果误打误撞找到了查看打包成exe程序的批处理并提取代码教程,测试后发现确实可以查看到打包成exe的批处理代码。本文就给大家分享一下该教程。 首先我们先运行一下exe程序,判断一下是否是类批处理程序,基本看窗口是不是批处理窗口即可,黑乎乎的DOS界面框基本可以确定了。 打包成exe程序的批处理脚本,通常在运行的时候会在临时目录释放bat批处理文件。我们只需要找到释放时候的对应文件即可。 下面教程开始: 1、打开CMD,输入cd %temp% 切换到临时文件
Exeinfo PE查壳工具
热门推荐
qq_45970858的博客
04-20 3万+
Exeinfo PE查壳工具 这个工具可以查看区段和EP设相当于一个查壳子的工具 简介 一种类PEiD查壳程序.它至今依然被更新.使它拥有鉴定相当多文件类别的能力.其整合丰富了PEiD的签名库. 官网下载 https://exeinfo-pe32.en.softonic.com/ 使用方法 将需要获取信息的文件拖到exeinfo pe上去 或者点击“文件”图标,进行浏览,找到那个文件. 下面以buuctf-Reverse-esayre为例子,进行举例: 将下载的easyre.exe直接拖入其中 点击扳手
exeinfo pe工具介绍和基本使用
菜鸟-宇的个人博客
10-02 4751
这个工具可以查看区段和EP设相当于一个查壳子的工具。它是一种类PEiD查壳程序,至今依然被更新,使它拥有鉴定相当多文件类别的能力,其整合丰富了PEiD的签名库。一、软件简介 Exeinfo PE是一款专业的程序查壳工具,主要用户帮助用户查看EXE DLL文件的编译器信息、是否加壳、入口点地址、输出表 输入表等等PE信息,这款查壳工具还支持提取PE文件中的相关资源,Exeinfo PE无需安装是一款不错的查壳工具
利用Makefile给可执行文件elf增加新的section,代码示意
04-24
但是,我可以向您提供一些基本的信息,帮助您了解如何使用Makefile向可执行文件elf增加新的section。 在Makefile中,可以使用gcc或ld命令来链接文件并创建可执行文件。要向可执行文件中添加新的section,您应该使用...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值