API tools faq
paste
Advertisement
alien_fx_fiend

PE-Explorer GUI (StatusBar ProgressBar) *FINAL RELEASE 2.7*

alien_fx_fiend
Nov 27th, 2024
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 56.80 KB | Source Code | 0 0
raw download clone embed print report
  1. ==++ Here's the full source code for (file 1/1) "main.cpp":: ++==
  2. #define STRICT
  3. #define WIN32_LEAN_AND_MEAN
  4. #include <Windows.h>
  5. #include <winternl.h>
  6. #include <CommCtrl.h>
  7. #include <commdlg.h>
  8. #include <string>
  9. #include <strsafe.h>
  10. #include <sstream>
  11. #include <iomanip>
  12. #include <stdio.h>
  13. #include <vector>
  14. //#include "helpers.h"
  15. #include "resource.h"
  16. #pragma comment(lib, "comctl32.lib")
  17.  
  18. namespace PEHelpers {
  19.    std::wstring GetImageCharacteristics(DWORD characteristics) {
  20.        if (characteristics & IMAGE_FILE_DLL) return L"(DLL)";
  21.        if (characteristics & IMAGE_FILE_SYSTEM) return L"(DRIVER)";
  22.        if (characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) return L"(EXE)";
  23.        return L"(UNKNOWN)";
  24.    }
  25.  
  26.    std::wstring GetSubsystem(WORD subsystem) {
  27.        switch (subsystem) {
  28.        case IMAGE_SUBSYSTEM_NATIVE: return L"(NATIVE/DRIVER)";
  29.        case IMAGE_SUBSYSTEM_WINDOWS_GUI: return L"(GUI)";
  30.        case IMAGE_SUBSYSTEM_WINDOWS_CUI: return L"(CONSOLE)";
  31.        default: return L"(UNKNOWN)";
  32.        }
  33.    }
  34.  
  35.    std::wstring GetDataDirectoryName(int DirectoryNumber) {
  36.        switch (DirectoryNumber) {
  37.        case 0: return L"Export Table";
  38.        case 1: return L"Import Table";
  39.        case 2: return L"Resource Table";
  40.        case 3: return L"Exception Entry";
  41.        case 4: return L"Security Entry";
  42.        case 5: return L"Relocation Table";
  43.        case 6: return L"Debug Entry";
  44.        case 7: return L"Copyright Entry";
  45.        case 8: return L"Global PTR Entry";
  46.        case 9: return L"TLS Entry";
  47.        case 10: return L"Configuration Entry";
  48.        case 11: return L"Bound Import Entry";
  49.        case 12: return L"IAT";
  50.        case 13: return L"Delay Import Descriptor";
  51.        case 14: return L"COM Descriptor";
  52.        default: return L"Unknown";
  53.        }
  54.    }
  55.  
  56.    std::wstring GetSectionProtection(DWORD characteristics) {
  57.        std::wstring protection = L"(";
  58.        bool needsSeparator = false;
  59.  
  60.        if (characteristics & IMAGE_SCN_MEM_EXECUTE) {
  61.            protection += L"EXECUTE";
  62.            needsSeparator = true;
  63.        }
  64.  
  65.        if (characteristics & IMAGE_SCN_MEM_READ) {
  66.            if (needsSeparator) protection += L" | ";
  67.            protection += L"READ";
  68.            needsSeparator = true;
  69.        }
  70.  
  71.        if (characteristics & IMAGE_SCN_MEM_WRITE) {
  72.            if (needsSeparator) protection += L" | ";
  73.            protection += L"WRITE";
  74.        }
  75.  
  76.        protection += L")";
  77.        return protection;
  78.    }
  79.  
  80.    PIMAGE_SECTION_HEADER GetExportSection(const PIMAGE_SECTION_HEADER pImageSectionHeader,
  81.        const int NumberOfSections,
  82.        const DWORD_PTR dExportAddress) {
  83.        for (int i = 0; i < NumberOfSections; ++i) {
  84.            const auto pCurrentSectionHeader =
  85.                (PIMAGE_SECTION_HEADER)((DWORD_PTR)pImageSectionHeader + i * sizeof(IMAGE_SECTION_HEADER));
  86.  
  87.            if (dExportAddress >= pCurrentSectionHeader->VirtualAddress &&
  88.                dExportAddress < pCurrentSectionHeader->VirtualAddress + pCurrentSectionHeader->Misc.VirtualSize)
  89.                return pCurrentSectionHeader;
  90.        }
  91.        return nullptr;
  92.    }
  93. }
  94.  
  95. using namespace std;
  96.  
  97. // At the top of your file, change the window class name to wide string
  98. #define WINDOW_CLASS_NAME L"PEAnalyzerWindow"
  99. //const wchar_t* const WINDOW_CLASS_NAME = L"PEAnalyzerWindow";
  100.  
  101. // Use ANSI versions explicitly
  102. //#undef CreateWindow
  103. //#undef CreateWindowEx
  104. //#define CreateWindow  CreateWindowW
  105. //#define CreateWindowEx CreateWindowExW
  106.  
  107. // Helper function to replace printf with GUI output
  108. #define OUTPUT(format, ...) AppendToOutput(L##format, ##__VA_ARGS__)
  109. //#define OUTPUT(format, ...) AppendToOutput(format, ##__VA_ARGS__)
  110. //#define printf(format, ...) AppendToOutput(format, ##__VA_ARGS__)
  111.  
  112. // Window dimensions
  113. #define WINDOW_WIDTH    1024
  114. #define WINDOW_HEIGHT   768
  115. #define EDIT_MARGIN    10
  116.  
  117. // Global variables
  118. HWND g_hMainWindow = NULL;
  119. HWND g_hEditControl = NULL;
  120. HFONT g_hFont = NULL;
  121. std::wstringstream g_OutputText;
  122. WCHAR filePathW[MAX_PATH];
  123. std::vector<wchar_t> g_OutputBuffer;
  124. std::wstring tempBuffer; // Declare tempBuffer globally
  125. HWND g_hStatusBar = NULL;
  126.  
  127. // Function declarations
  128. LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
  129. LRESULT CALLBACK EditSubclassProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uIdSubclass, DWORD_PTR dwRefData);
  130. void CreateMainWindow(HINSTANCE hInstance);
  131. void InitializeControls(HWND hwnd);
  132. void AddMenus(HWND hwnd);
  133. void OpenFileDialog(HWND hwnd);
  134. //void AnalyzePEFile(const WCHAR* filePathW);
  135. void AnalyzePEFile(const wchar_t* filePathW);
  136. HANDLE GetFileContent(const wchar_t* lpFilePath);
  137. /*void GetDataDirectories(PIMAGE_DATA_DIRECTORY pImageDataDirectory);
  138. PIMAGE_SECTION_HEADER GetSections(const PIMAGE_SECTION_HEADER pImageSectionHeader,
  139.    int NumberOfSections, DWORD dImportAddress);
  140. void GetImports32(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor,
  141.    DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection);
  142. void GetImports64(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor,
  143.    DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection);*/
  144. void AppendToOutput(const wchar_t* format, ...);
  145. void UpdateEditControl();
  146.  
  147. // Main window class name
  148. //const char* const WINDOW_CLASS_NAME = "PEAnalyzerWindow";
  149.  
  150. int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) {
  151.    INITCOMMONCONTROLSEX icc = { sizeof(INITCOMMONCONTROLSEX), ICC_WIN95_CLASSES };
  152.    InitCommonControlsEx(&icc);
  153.  
  154.    CreateMainWindow(hInstance);
  155.    if (!g_hMainWindow) return -1;
  156.  
  157.    ShowWindow(g_hMainWindow, nCmdShow);
  158.    UpdateWindow(g_hMainWindow);
  159.  
  160.    MSG msg = {};
  161.    while (GetMessage(&msg, NULL, 0, 0)) {
  162.        TranslateMessage(&msg);
  163.        DispatchMessage(&msg);
  164.    }
  165.  
  166.    if (g_hFont) DeleteObject(g_hFont);
  167.    return (int)msg.wParam;
  168. }
  169.  
  170. void CreateMainWindow(HINSTANCE hInstance) {
  171.    WNDCLASSEXW wc = { sizeof(WNDCLASSEXW), 0, WindowProc, 0, 0, hInstance,
  172.        LoadIcon(hInstance, MAKEINTRESOURCE(IDI_ICON1)),
  173.        LoadCursor(NULL, IDC_ARROW),
  174.        (HBRUSH)(COLOR_WINDOW + 1),
  175.        NULL, WINDOW_CLASS_NAME,
  176.        LoadIcon(hInstance, MAKEINTRESOURCE(IDI_ICON1)) };
  177.    RegisterClassExW(&wc);
  178.  
  179.    // Get screen dimensions
  180.    int screenWidth = GetSystemMetrics(SM_CXSCREEN);
  181.    int screenHeight = GetSystemMetrics(SM_CYSCREEN);
  182.  
  183.    // Calculate center position
  184.    int windowX = (screenWidth - WINDOW_WIDTH) / 2;
  185.    int windowY = (screenHeight - WINDOW_HEIGHT) / 2;
  186.  
  187.    // Remove WS_MAXIMIZEBOX and WS_THICKFRAME from the window style
  188.    DWORD style = (WS_OVERLAPPEDWINDOW & ~WS_MAXIMIZEBOX) & ~WS_THICKFRAME;
  189.    //WS_OVERLAPPEDWINDOW ~~> style
  190.    g_hMainWindow = CreateWindowExW(0, WINDOW_CLASS_NAME, L"PE File Analyzer",
  191.        style, windowX, windowY, WINDOW_WIDTH, WINDOW_HEIGHT,
  192.        nullptr, nullptr, hInstance, nullptr);
  193. }
  194.  
  195. void InitializeControls(HWND hwnd) {
  196.    // Create Status Bar
  197.    g_hStatusBar = CreateWindowEx(0, STATUSCLASSNAME, NULL,
  198.        WS_CHILD | WS_VISIBLE | SBARS_SIZEGRIP,
  199.        0, 0, 0, 0, hwnd, NULL,
  200.        (HINSTANCE)GetWindowLongPtr(hwnd, GWLP_HINSTANCE), NULL);
  201.  
  202.    // Get status bar height
  203.    RECT rcStatus;
  204.    GetWindowRect(g_hStatusBar, &rcStatus);
  205.    int statusHeight = rcStatus.bottom - rcStatus.top;
  206.  
  207.    // Create Edit Control with adjusted height
  208.    RECT rcClient;
  209.    GetClientRect(hwnd, &rcClient);
  210.    g_hEditControl = CreateWindowExW(WS_EX_CLIENTEDGE, L"EDIT", L"",
  211.        WS_CHILD | WS_VISIBLE | WS_VSCROLL | WS_HSCROLL |
  212.        ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL,
  213.        EDIT_MARGIN, EDIT_MARGIN,
  214.        rcClient.right - (2 * EDIT_MARGIN),
  215.        rcClient.bottom - statusHeight - (2 * EDIT_MARGIN),
  216.        hwnd, nullptr,
  217.        (HINSTANCE)GetWindowLongPtr(hwnd, GWLP_HINSTANCE), nullptr);
  218.  
  219.    g_hFont = CreateFont(-14, 0, 0, 0, FW_NORMAL, FALSE, FALSE, 0,
  220.        ANSI_CHARSET, OUT_DEFAULT_PRECIS, CLIP_DEFAULT_PRECIS,
  221.        DEFAULT_QUALITY, DEFAULT_PITCH | FF_MODERN, L"Consolas");
  222.  
  223.    if (g_hFont)
  224.        SendMessage(g_hEditControl, WM_SETFONT, (WPARAM)g_hFont, TRUE);
  225.  
  226.    // Add this line to subclass the Edit control
  227.    SetWindowSubclass(g_hEditControl, EditSubclassProc, 0, 0);
  228. }
  229.  
  230. void AddMenus(HWND hwnd) {
  231.    HMENU hMenuBar = CreateMenu();
  232.    HMENU hFileMenu = CreateMenu();
  233.    AppendMenu(hMenuBar, MF_POPUP, (UINT_PTR)hFileMenu, L"&File");
  234.    AppendMenu(hFileMenu, MF_STRING, 1, L"&Open");
  235.    AppendMenu(hFileMenu, MF_STRING, 2, L"E&xit");
  236.    SetMenu(hwnd, hMenuBar);
  237. }
  238.  
  239. LRESULT CALLBACK EditSubclassProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uIdSubclass, DWORD_PTR dwRefData) {
  240.    if (uMsg == WM_KEYDOWN) {
  241.        switch (wParam) {
  242.        case VK_F1:    // F1 key
  243.            SendMessage(GetParent(hwnd), WM_KEYDOWN, VK_F1, 0);
  244.            return 0;
  245.        case VK_ESCAPE: // Escape key
  246.            SendMessage(GetParent(hwnd), WM_KEYDOWN, VK_ESCAPE, 0);
  247.            return 0;
  248.        }
  249.    }
  250.    return DefSubclassProc(hwnd, uMsg, wParam, lParam);
  251. }
  252.  
  253. LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
  254.    switch (uMsg) {
  255.    case WM_CREATE: InitializeControls(hwnd); AddMenus(hwnd); return 0;
  256.    case WM_SIZE:
  257.    {
  258.        RECT rcClient;
  259.        GetClientRect(hwnd, &rcClient);
  260.  
  261.        // Resize status bar (it will auto-adjust its height)
  262.        SendMessage(g_hStatusBar, WM_SIZE, 0, 0);
  263.  
  264.        // Get status bar height
  265.        RECT rcStatus;
  266.        GetWindowRect(g_hStatusBar, &rcStatus);
  267.        int statusHeight = rcStatus.bottom - rcStatus.top;
  268.  
  269.        // Resize edit control
  270.        SetWindowPos(g_hEditControl, NULL,
  271.            EDIT_MARGIN,
  272.            EDIT_MARGIN,
  273.            rcClient.right - (2 * EDIT_MARGIN),
  274.            rcClient.bottom - statusHeight - (2 * EDIT_MARGIN),
  275.            SWP_NOZORDER);
  276.    }
  277.    return 0;
  278.    case WM_KEYDOWN:
  279.        switch (wParam) {
  280.        case VK_F1:
  281.            MessageBoxW(hwnd,
  282.                L"PE Header Parser 2.3 GUI-based Programmed in C++ Win32 API (1173 lines of code) by Entisoft Software(c) Evans Thorpemorton",
  283.                L"About",
  284.                MB_OK | MB_ICONINFORMATION);
  285.            return 0;
  286.  
  287.        case VK_ESCAPE:
  288.            PostQuitMessage(0);
  289.            return 0;
  290.        }
  291.        break;
  292.    case WM_COMMAND: if (LOWORD(wParam) == 1) OpenFileDialog(hwnd); if (LOWORD(wParam) == 2) PostQuitMessage(0); return 0;
  293.    case WM_DESTROY:
  294.        if (g_hStatusBar) DestroyWindow(g_hStatusBar);
  295.        PostQuitMessage(0);
  296.        return 0;
  297.    }
  298.    return DefWindowProc(hwnd, uMsg, wParam, lParam);
  299. }
  300.  
  301. void SetStatusText(const wchar_t* text) {
  302.    SendMessage(g_hStatusBar, SB_SETTEXT, 0, (LPARAM)text);
  303. }
  304.  
  305. void ShowProgress(int percentage) {
  306.    wchar_t status[256];
  307.    swprintf_s(status, L"Analyzing... %d%%", percentage);
  308.    SetStatusText(status);
  309. }
  310.  
  311. void OpenFileDialog(HWND hwnd) {
  312.    WCHAR fileName[MAX_PATH] = L"";
  313.    OPENFILENAMEW ofn = { sizeof(OPENFILENAMEW), hwnd, NULL, L"Executable Files (*.exe;*.dll)\0*.exe;*.dll\0All Files (*.*)\0*.*\0", NULL, 0, 1, fileName, MAX_PATH, NULL, 0, NULL, NULL, OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY, 0, 0, L"exe", NULL, NULL, NULL };
  314.    if (GetOpenFileNameW(&ofn)) {
  315.        SetWindowTextW(g_hEditControl, L"");
  316.        g_OutputText.str(L"");
  317.        g_OutputText.clear();
  318.        AnalyzePEFile(ofn.lpstrFile);
  319.        UpdateEditControl();
  320.    }
  321. }
  322.  
  323. class FileMapper {
  324. private:
  325.    HANDLE hFile = INVALID_HANDLE_VALUE;
  326.    HANDLE hMapping = nullptr;
  327.    LPVOID lpView = nullptr;
  328.  
  329. public:
  330.    ~FileMapper() {
  331.        if (lpView) UnmapViewOfFile(lpView);
  332.        if (hMapping) CloseHandle(hMapping);
  333.        if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
  334.    }
  335.  
  336.    bool Initialize(const wchar_t* path) {
  337.        hFile = CreateFileW(path, GENERIC_READ, FILE_SHARE_READ, nullptr,
  338.            OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr);
  339.        if (hFile == INVALID_HANDLE_VALUE) return false;
  340.  
  341.        hMapping = CreateFileMappingW(hFile, nullptr, PAGE_READONLY, 0, 0, nullptr);
  342.        if (!hMapping) return false;
  343.  
  344.        lpView = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
  345.        return lpView != nullptr;
  346.    }
  347.  
  348.    LPVOID GetView() const { return lpView; }
  349. };
  350.  
  351. // Modified AppendToOutput to handle newlines properly:
  352. void AppendToOutput(const wchar_t* format, ...) {
  353.    std::vector<wchar_t> buffer(1024);
  354.    va_list args;
  355.    va_start(args, format);
  356.  
  357.    while (true) {
  358.        int result = _vsnwprintf(buffer.data(), buffer.size(), format, args);
  359.        if (result >= 0) break;
  360.        buffer.resize(buffer.size() * 2);
  361.    }
  362.    va_end(args);
  363.  
  364.    // Convert \n to \r\n
  365.    std::wstring output = buffer.data();
  366.    size_t pos = 0;
  367.    while ((pos = output.find(L'\n', pos)) != std::wstring::npos) {
  368.        if (pos == 0 || output[pos - 1] != L'\r') {
  369.            output.insert(pos, L"\r");
  370.            pos += 2;
  371.        }
  372.        else {
  373.            pos++;
  374.        }
  375.    }
  376.  
  377.    g_OutputText << output;
  378.    UpdateEditControl();
  379. }
  380.  
  381. /*
  382. void AppendToOutput(const wchar_t* format, ...) {
  383.    wchar_t buffer[16384]; // Ensure sufficient buffer size
  384.    va_list args;
  385.    va_start(args, format);
  386.    StringCchVPrintfW(buffer, ARRAYSIZE(buffer), format, args);
  387.    va_end(args);
  388.  
  389.    tempBuffer += buffer;
  390.  
  391.    // Update Edit Control periodically to improve performance
  392.    if (tempBuffer.size() > 8000) {
  393.        g_OutputText << tempBuffer;
  394.        tempBuffer.clear();
  395.  
  396.        SetWindowTextW(g_hEditControl, g_OutputText.str().c_str());
  397.        SendMessage(g_hEditControl, EM_SETSEL, -1, -1);
  398.        SendMessage(g_hEditControl, EM_SCROLLCARET, 0, 0);
  399.    }
  400. }
  401.  
  402.  
  403. // Final update to flush any remaining content
  404. void FlushOutput() {
  405.    if (!tempBuffer.empty()) {
  406.        g_OutputText << tempBuffer;
  407.        tempBuffer.clear();
  408.  
  409.        SetWindowTextW(g_hEditControl, g_OutputText.str().c_str());
  410.        SendMessage(g_hEditControl, EM_SETSEL, -1, -1);
  411.        SendMessage(g_hEditControl, EM_SCROLLCARET, 0, 0);
  412.    }
  413. }
  414. */
  415.  
  416.  
  417. /*
  418. //use below ^^ ALWAYS
  419. void AppendToOutput(const wchar_t* format, ...) {
  420.    va_list args;
  421.    va_start(args, format);
  422.  
  423.    // Use a vector as a dynamically resizable buffer
  424.    std::vector<wchar_t> buffer(16384); // Start with an initial size
  425.    int result = -1;
  426.  
  427.    while (true) {
  428.        // Attempt to format the string
  429.        result = _vsnwprintf(buffer.data(), buffer.size(), format, args);
  430.  
  431.        if (result >= 0 && static_cast<size_t>(result) < buffer.size()) {
  432.            // Successfully formatted within the current buffer size
  433.            break;
  434.        }
  435.  
  436.        // Resize the buffer and try again
  437.        buffer.resize(buffer.size() * 2);
  438.    }
  439.    va_end(args);
  440.  
  441.    // Convert `\n` to `\r\n` for proper display in the EditBox
  442.    std::wstring formattedOutput(buffer.data());
  443.    size_t pos = 0;
  444.    while ((pos = formattedOutput.find(L'\n', pos)) != std::wstring::npos) {
  445.        formattedOutput.replace(pos, 1, L"\r\n");
  446.        pos += 2; // Move past the replacement
  447.    }
  448.  
  449.    // Append to the global output buffer
  450.    g_OutputText << formattedOutput;
  451.  
  452.    // Update the EditBox periodically to prevent overloading
  453.    if (g_OutputText.str().size() > 8000) {
  454.        SetWindowTextW(g_hEditControl, g_OutputText.str().c_str());
  455.        SendMessage(g_hEditControl, EM_SETSEL, -1, -1);
  456.        SendMessage(g_hEditControl, EM_SCROLLCARET, 0, 0);
  457.    }
  458. }
  459. //use above ^^ ALWAYS
  460. */
  461.  
  462. //currentlatest
  463. /*void AppendToOutput(const wchar_t* format, ...) {
  464.    wchar_t buffer[4096];
  465.    va_list args;
  466.    va_start(args, format);
  467.    StringCchVPrintfW(buffer, ARRAYSIZE(buffer), format, args);
  468.    va_end(args);
  469.    g_OutputText << buffer;
  470.    SetWindowTextW(g_hEditControl, g_OutputText.str().c_str());
  471.    SendMessage(g_hEditControl, EM_SETSEL, -1, -1);
  472.    SendMessage(g_hEditControl, EM_SCROLLCARET, 0, 0);
  473. }
  474. */
  475.  
  476. //use-below-basic-failsafe-working vv
  477. //basic test function
  478. /*void AnalyzePEFile(const wchar_t* filePathW) {
  479.    OUTPUT("[+] Analyzing file: %s\n", filePathW);
  480.    LPVOID lpFileContent = GetFileContent(filePathW);
  481.    if (!lpFileContent) { OUTPUT("[-] Could not read file.\n"); return; }
  482.    PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)lpFileContent;
  483.    if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { OUTPUT("[-] Invalid DOS signature.\n"); HeapFree(GetProcessHeap(), 0, lpFileContent); return; }
  484.    PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)((DWORD_PTR)lpFileContent + dosHeader->e_lfanew);
  485.    if (ntHeaders->Signature != IMAGE_NT_SIGNATURE) { OUTPUT("[-] Invalid NT signature.\n"); HeapFree(GetProcessHeap(), 0, lpFileContent); return; }
  486.    OUTPUT("[+] PE file analyzed successfully.\n");
  487.    HeapFree(GetProcessHeap(), 0, lpFileContent);
  488.    UpdateEditControl();
  489. }*/
  490. //use-above-basic-failsafe-working vv
  491.  
  492. //use vectors for unlimited size growth of buffer, use an alternative to editbox, check for fast loops overloading, in its primitive form it works properly! try w/o getimports3264 datadirectories getsections
  493.  
  494. void AnalyzePEFile(const wchar_t* filePathW) {
  495.    OUTPUT("[+] Starting PE Analysis for: %s\n\n", filePathW);
  496.  
  497.    FileMapper mapper;
  498.    if (!mapper.Initialize(filePathW)) {
  499.        SetStatusText(L"Failed to open file!");
  500.        OUTPUT("[-] Failed to open file! Error: %d\r\n", GetLastError());
  501.        return;
  502.    }
  503.  
  504.    ShowProgress(20);  // After initial file opening
  505.  
  506.    
  507.    // Open and read file
  508.    HANDLE hFile = CreateFileW(filePathW, GENERIC_READ, FILE_SHARE_READ, nullptr,
  509.        OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr);
  510.    if (hFile == INVALID_HANDLE_VALUE) {
  511.        OUTPUT("[-] Failed to open file! Error: %d\n", GetLastError());
  512.        return;
  513.    }
  514.  
  515.    DWORD fileSize = GetFileSize(hFile, nullptr);
  516.    if (fileSize == INVALID_FILE_SIZE) {
  517.        CloseHandle(hFile);
  518.        OUTPUT("[-] Failed to get file size! Error: %d\n", GetLastError());
  519.        return;
  520.    }
  521.  
  522.    HANDLE hFileMapping = CreateFileMappingW(hFile, nullptr, PAGE_READONLY, 0, 0, nullptr);
  523.    if (!hFileMapping) {
  524.        CloseHandle(hFile);
  525.        OUTPUT("[-] Failed to create file mapping! Error: %d\n", GetLastError());
  526.        return;
  527.    }
  528.  
  529.    LPVOID lpFileContent = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
  530.    if (!lpFileContent) {
  531.        CloseHandle(hFileMapping);
  532.        CloseHandle(hFile);
  533.        OUTPUT("[-] Failed to map view of file! Error: %d\n", GetLastError());
  534.        return;
  535.    }
  536.  
  537.    const auto pImageDosHeader = static_cast<PIMAGE_DOS_HEADER>(mapper.GetView());
  538.    if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
  539.        OUTPUT("[-] Invalid DOS signature!\r\n");
  540.        return;
  541.    }
  542.  
  543.    ShowProgress(40);
  544.  
  545.    const auto pImageNtHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>(
  546.        static_cast<BYTE*>(mapper.GetView()) + pImageDosHeader->e_lfanew);
  547.    if (pImageNtHeaders->Signature != IMAGE_NT_SIGNATURE) {
  548.        OUTPUT("[-] Invalid NT signature!\r\n");
  549.        return;
  550.    }
  551.  
  552.    ShowProgress(60);
  553.  
  554.    // Print File Header Information
  555.    OUTPUT("[+] PE FILE HEADER\n");
  556.    OUTPUT("\tMachine: 0x%X\n", pImageNtHeaders->FileHeader.Machine);
  557.    OUTPUT("\tNumberOfSections: 0x%X\n", pImageNtHeaders->FileHeader.NumberOfSections);
  558.    OUTPUT("\tTimeDateStamp: 0x%X\n", pImageNtHeaders->FileHeader.TimeDateStamp);
  559.    OUTPUT("\tPointerToSymbolTable: 0x%X\r\n",
  560.        static_cast<DWORD>(pImageNtHeaders->FileHeader.PointerToSymbolTable));
  561.    OUTPUT("\tNumberOfSymbols: 0x%X\r\n",
  562.        static_cast<DWORD>(pImageNtHeaders->FileHeader.NumberOfSymbols));
  563.    OUTPUT("\tSizeOfOptionalHeader: 0x%X\r\n",
  564.        static_cast<DWORD>(pImageNtHeaders->FileHeader.SizeOfOptionalHeader));
  565.    OUTPUT("\tCharacteristics: 0x%X %s\n\n",
  566.        pImageNtHeaders->FileHeader.Characteristics,
  567.        PEHelpers::GetImageCharacteristics(pImageNtHeaders->FileHeader.Characteristics).c_str());
  568.  
  569.    // Print Optional Header Information
  570.    OUTPUT("[+] PE OPTIONAL HEADER\n");
  571.    OUTPUT("\tMagic: 0x%X\n", pImageNtHeaders->OptionalHeader.Magic);
  572.    OUTPUT("\tAddressOfEntryPoint: 0x%X\n", pImageNtHeaders->OptionalHeader.AddressOfEntryPoint);
  573.    OUTPUT("\tImageBase: 0x%llX\n", (ULONGLONG)pImageNtHeaders->OptionalHeader.ImageBase);
  574.    OUTPUT("\tSectionAlignment: 0x%X\n", pImageNtHeaders->OptionalHeader.SectionAlignment);
  575.    OUTPUT("\tFileAlignment: 0x%X\n", pImageNtHeaders->OptionalHeader.FileAlignment);
  576.    
  577.    // Added missing Optional Header fields
  578.    OUTPUT("\tMajorOperatingSystemVersion: 0x%X\r\n",
  579.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MajorOperatingSystemVersion));
  580.    OUTPUT("\tMinorOperatingSystemVersion: 0x%X\r\n",
  581.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MinorOperatingSystemVersion));
  582.    OUTPUT("\tMajorImageVersion: 0x%X\r\n",
  583.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MajorImageVersion));
  584.    OUTPUT("\tMinorImageVersion: 0x%X\r\n",
  585.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MinorImageVersion));
  586.    OUTPUT("\tMajorSubsystemVersion: 0x%X\r\n",
  587.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MajorSubsystemVersion));
  588.    OUTPUT("\tMinorSubsystemVersion: 0x%X\r\n",
  589.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.MinorSubsystemVersion));
  590.    OUTPUT("\tWin32VersionValue: 0x%X\r\n",
  591.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.Win32VersionValue));
  592.    OUTPUT("\tSizeOfImage: 0x%X\r\n",
  593.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.SizeOfImage));
  594.    OUTPUT("\tSizeOfHeaders: 0x%X\r\n",
  595.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.SizeOfHeaders));
  596.    OUTPUT("\tCheckSum: 0x%X\r\n",
  597.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.CheckSum));
  598.    OUTPUT("\tSubsystem: 0x%X %s\r\n",
  599.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.Subsystem),
  600.        PEHelpers::GetSubsystem(pImageNtHeaders->OptionalHeader.Subsystem).c_str());
  601.    OUTPUT("\tDllCharacteristics: 0x%X\r\n",
  602.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.DllCharacteristics));
  603.    OUTPUT("\tSizeOfStackReserve: 0x%llX\r\n",
  604.        static_cast<ULONGLONG>(pImageNtHeaders->OptionalHeader.SizeOfStackReserve));
  605.    OUTPUT("\tSizeOfStackCommit: 0x%llX\r\n",
  606.        static_cast<ULONGLONG>(pImageNtHeaders->OptionalHeader.SizeOfStackCommit));
  607.    OUTPUT("\tSizeOfHeapReserve: 0x%llX\r\n",
  608.        static_cast<ULONGLONG>(pImageNtHeaders->OptionalHeader.SizeOfHeapReserve));
  609.    OUTPUT("\tSizeOfHeapCommit: 0x%llX\r\n",
  610.        static_cast<ULONGLONG>(pImageNtHeaders->OptionalHeader.SizeOfHeapCommit));
  611.    OUTPUT("\tLoaderFlags: 0x%X\r\n",
  612.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.LoaderFlags));
  613.    OUTPUT("\tNumberOfRvaAndSizes: 0x%X\r\n\r\n",
  614.        static_cast<DWORD>(pImageNtHeaders->OptionalHeader.NumberOfRvaAndSizes));
  615.    
  616.    OUTPUT("\tSubsystem: 0x%X %s\n\n",
  617.        pImageNtHeaders->OptionalHeader.Subsystem,
  618.        PEHelpers::GetSubsystem(pImageNtHeaders->OptionalHeader.Subsystem).c_str());
  619.  
  620.    // Print Data Directories
  621.    OUTPUT("[+] PE DATA DIRECTORIES\n");
  622.    for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++) {
  623.        const auto& dir = pImageNtHeaders->OptionalHeader.DataDirectory[i];
  624.        if (dir.VirtualAddress != 0) {
  625.            OUTPUT("\t%s:\n", PEHelpers::GetDataDirectoryName(i).c_str());
  626.            OUTPUT("\t\tVirtualAddress: 0x%X\n", dir.VirtualAddress);
  627.            OUTPUT("\t\tSize: 0x%X\n", dir.Size);
  628.        }
  629.    }
  630.  
  631.    // Analyze Sections
  632.    OUTPUT("\n[+] PE IMAGE SECTIONS\r\n");
  633.    auto pSection = IMAGE_FIRST_SECTION(pImageNtHeaders);
  634.    for (WORD i = 0; i < pImageNtHeaders->FileHeader.NumberOfSections; i++, pSection++) {
  635.        // Create a null-terminated string from the section name
  636.        char sectionName[IMAGE_SIZEOF_SHORT_NAME + 1] = {};
  637.        memcpy(sectionName, pSection->Name, IMAGE_SIZEOF_SHORT_NAME);
  638.  
  639.        // Remove any non-printable characters
  640.        for (int j = 0; j < IMAGE_SIZEOF_SHORT_NAME; j++) {
  641.            if (!isprint(static_cast<unsigned char>(sectionName[j]))) {
  642.                sectionName[j] = '\0';
  643.            }
  644.        }
  645.  
  646.        // Convert to wide string
  647.        wchar_t wideSectionName[IMAGE_SIZEOF_SHORT_NAME + 1] = {};
  648.        MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED,
  649.            sectionName, -1,
  650.            wideSectionName, IMAGE_SIZEOF_SHORT_NAME + 1);
  651.  
  652.        OUTPUT("\tSECTION : %s\r\n", wideSectionName);
  653.        OUTPUT("\t\tMisc (PhysicalAddress) : 0x%X\r\n", pSection->Misc.PhysicalAddress);
  654.        OUTPUT("\t\tMisc (VirtualSize) : 0x%X\r\n", pSection->Misc.VirtualSize);
  655.        OUTPUT("\t\tVirtualAddress : 0x%X\r\n", pSection->VirtualAddress);
  656.        OUTPUT("\t\tSizeOfRawData : 0x%X\r\n", pSection->SizeOfRawData);
  657.        OUTPUT("\t\tPointerToRawData : 0x%X\r\n", pSection->PointerToRawData);
  658.        OUTPUT("\t\tPointerToRelocations : 0x%X\r\n", pSection->PointerToRelocations);
  659.        OUTPUT("\t\tPointerToLinenumbers : 0x%X\r\n", pSection->PointerToLinenumbers);
  660.        OUTPUT("\t\tNumberOfRelocations : 0x%X\r\n", pSection->NumberOfRelocations);
  661.        OUTPUT("\t\tNumberOfLinenumbers : 0x%X\r\n", pSection->NumberOfLinenumbers);
  662.        OUTPUT("\t\tCharacteristics : 0x%X %s\r\n\r\n",
  663.            pSection->Characteristics,
  664.            PEHelpers::GetSectionProtection(pSection->Characteristics).c_str());
  665.    }
  666.  
  667.    ShowProgress(80);
  668.  
  669.    // Analyze Imports
  670.    const auto& importDir = pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
  671.    if (importDir.VirtualAddress && importDir.Size) {
  672.        OUTPUT("\n[+] IMPORTED DLLS AND FUNCTIONS\r\n");
  673.  
  674.        // Find the section containing imports
  675.        auto pSection = IMAGE_FIRST_SECTION(pImageNtHeaders);
  676.        PIMAGE_SECTION_HEADER pImportSection = nullptr;
  677.  
  678.        // Find the import section
  679.        for (WORD i = 0; i < pImageNtHeaders->FileHeader.NumberOfSections; i++, pSection++) {
  680.            if (importDir.VirtualAddress >= pSection->VirtualAddress &&
  681.                importDir.VirtualAddress < (pSection->VirtualAddress + pSection->Misc.VirtualSize)) {
  682.                pImportSection = pSection;
  683.                break;
  684.            }
  685.        }
  686.  
  687.        if (!pImportSection) {
  688.            OUTPUT("[-] Could not find import section\r\n");
  689.            return;
  690.        }
  691.  
  692.        // Get the import descriptor
  693.        auto pImportDesc = reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>(
  694.            (BYTE*)lpFileContent +
  695.            pImportSection->PointerToRawData +
  696.            (importDir.VirtualAddress - pImportSection->VirtualAddress));
  697.  
  698.        // Process all DLLs
  699.        while (pImportDesc && pImportDesc->Name != 0) {
  700.            // Get DLL name
  701.            const char* dllName = reinterpret_cast<const char*>(
  702.                (BYTE*)lpFileContent +
  703.                pImportSection->PointerToRawData +
  704.                (pImportDesc->Name - pImportSection->VirtualAddress));
  705.  
  706.            if (!IsBadReadPtr(dllName, 1)) {
  707.                std::vector<wchar_t> wideDllName(MAX_PATH);
  708.                MultiByteToWideChar(CP_ACP, 0, dllName, -1,
  709.                    wideDllName.data(), MAX_PATH);
  710.  
  711.                // Print DLL information
  712.                OUTPUT("\n\tDLL NAME : %s\r\n", wideDllName.data());
  713.                OUTPUT("\tCharacteristics : 0x%X\r\n", pImportDesc->Characteristics);
  714.                OUTPUT("\tOriginalFirstThunk : 0x%X\r\n", pImportDesc->OriginalFirstThunk);
  715.                OUTPUT("\tTimeDateStamp : 0x%X\r\n", pImportDesc->TimeDateStamp);
  716.                OUTPUT("\tForwarderChain : 0x%X\r\n", pImportDesc->ForwarderChain);
  717.                OUTPUT("\tFirstThunk : 0x%X\r\n", pImportDesc->FirstThunk);
  718.  
  719.                OUTPUT("\n\tImported Functions :\r\n\r\n");
  720.  
  721.                // Process functions using OriginalFirstThunk
  722.                if (pImportDesc->OriginalFirstThunk) {
  723.                    auto pThunk = reinterpret_cast<PIMAGE_THUNK_DATA>(
  724.                        (BYTE*)lpFileContent +
  725.                        pImportSection->PointerToRawData +
  726.                        (pImportDesc->OriginalFirstThunk - pImportSection->VirtualAddress));
  727.  
  728.                    // Process all functions for this DLL
  729.                    while (pThunk && pThunk->u1.AddressOfData) {
  730.                        if (!(pThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)) {
  731.                            auto pImportByName = reinterpret_cast<PIMAGE_IMPORT_BY_NAME>(
  732.                                (BYTE*)lpFileContent +
  733.                                pImportSection->PointerToRawData +
  734.                                (pThunk->u1.AddressOfData - pImportSection->VirtualAddress));
  735.  
  736.                            if (!IsBadReadPtr(pImportByName, sizeof(IMAGE_IMPORT_BY_NAME))) {
  737.                                std::vector<wchar_t> wideFuncName(MAX_PATH);
  738.                                MultiByteToWideChar(CP_ACP, 0,
  739.                                    reinterpret_cast<const char*>(pImportByName->Name),
  740.                                    -1, wideFuncName.data(), MAX_PATH);
  741.  
  742.                                OUTPUT("\t\t%s\r\n", wideFuncName.data());
  743.                            }
  744.                        }
  745.                        pThunk++;
  746.                    }
  747.                }
  748.            }
  749.            pImportDesc++;
  750.        }
  751.    }
  752.  
  753.    ShowProgress(90);
  754.  
  755.    // In your AnalyzePEFile function, add this code after the imports section (before the cleanup label):
  756.  
  757.    // Handle Exports
  758.    const auto& exportDir = pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
  759.    if (exportDir.VirtualAddress && exportDir.Size) {
  760.        OUTPUT("\n[+] EXPORTED FUNCTIONS\n");
  761.  
  762.        auto pSection = IMAGE_FIRST_SECTION(pImageNtHeaders);
  763.        PIMAGE_SECTION_HEADER pExportSection = PEHelpers::GetExportSection(
  764.            pSection,
  765.            pImageNtHeaders->FileHeader.NumberOfSections,
  766.            exportDir.VirtualAddress
  767.        );
  768.  
  769.        if (!pExportSection) {
  770.            OUTPUT("[-] Could not find export section\n");
  771.        }
  772.        else {
  773.            auto pExportDir = reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>(
  774.                (BYTE*)lpFileContent +
  775.                pExportSection->PointerToRawData +
  776.                (exportDir.VirtualAddress - pExportSection->VirtualAddress));
  777.  
  778.            const DWORD_PTR dRawOffset = reinterpret_cast<DWORD_PTR>(lpFileContent) +
  779.                pExportSection->PointerToRawData;
  780.  
  781.            OUTPUT("\tNumber of Functions: %d\n", pExportDir->NumberOfFunctions);
  782.            OUTPUT("\tNumber of Names: %d\n", pExportDir->NumberOfNames);
  783.            OUTPUT("\tBase: %d\n", pExportDir->Base);
  784.  
  785.            // Fix for DLL name display
  786.            const char* dllName = reinterpret_cast<const char*>(
  787.                (BYTE*)lpFileContent +
  788.                pExportSection->PointerToRawData +
  789.                (pExportDir->Name - pExportSection->VirtualAddress));
  790.  
  791.            std::vector<wchar_t> wideDllName(MAX_PATH);
  792.            MultiByteToWideChar(CP_ACP, 0, dllName, -1,
  793.                wideDllName.data(), MAX_PATH);
  794.            OUTPUT("\tName: %s\n\n", wideDllName.data());
  795.  
  796.            const auto pArrayOfFunctionsNames = reinterpret_cast<DWORD*>(
  797.                dRawOffset + (pExportDir->AddressOfNames - pExportSection->VirtualAddress));
  798.  
  799.            OUTPUT("\tExported Functions:\n\n");
  800.            for (DWORD i = 0; i < pExportDir->NumberOfNames; ++i) {
  801.                const char* functionName = reinterpret_cast<const char*>(
  802.                    dRawOffset + (pArrayOfFunctionsNames[i] - pExportSection->VirtualAddress));
  803.  
  804.                std::vector<wchar_t> wideFuncName(MAX_PATH);
  805.                MultiByteToWideChar(CP_ACP, 0, functionName, -1,
  806.                    wideFuncName.data(), MAX_PATH);
  807.  
  808.                OUTPUT("\t\t%s\n", wideFuncName.data());
  809.            }
  810.        }
  811.    }
  812.  
  813.    ShowProgress(100);
  814.  
  815.    SetStatusText(L"Analysis complete");
  816.  
  817. cleanup:
  818.    if (lpFileContent) {
  819.        UnmapViewOfFile(lpFileContent);
  820.    }
  821.    if (hFileMapping) {
  822.        CloseHandle(hFileMapping);
  823.    }
  824.    if (hFile) {
  825.        CloseHandle(hFile);
  826.    }
  827.  
  828.    UpdateEditControl();
  829. }
  830.  
  831. /*
  832. //use below vv ALWAYS
  833. void AnalyzePEFile(const wchar_t* filePathW) {
  834.    OUTPUT("[+] Starting PE Analysis for: %s\n\n", filePathW);
  835.  
  836.    LPVOID lpFileContent = GetFileContent(filePathW);
  837.    if (!lpFileContent) {
  838.        OUTPUT("[-] Failed to read file content!\n");
  839.        return;
  840.    }
  841.  
  842.    const auto pImageDosHeader = static_cast<PIMAGE_DOS_HEADER>(lpFileContent);
  843.    if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
  844.        OUTPUT("[-] Invalid DOS signature!\n");
  845.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  846.        return;
  847.    }
  848.  
  849.    const auto pImageNtHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>((DWORD_PTR)lpFileContent + pImageDosHeader->e_lfanew);
  850.    if (pImageNtHeaders->Signature != IMAGE_NT_SIGNATURE) {
  851.        OUTPUT("[-] Invalid NT signature!\n");
  852.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  853.        return;
  854.    }
  855.  
  856.    //UpdateEditControl(); //added just now remove line!
  857.  
  858.    OUTPUT("[+] PE FILE HEADER\n");
  859.    OUTPUT("\tMachine : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.Machine);
  860.    OUTPUT("\tNumberOfSections : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.NumberOfSections);
  861.    OUTPUT("\tTimeDateStamp : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.TimeDateStamp);
  862.    OUTPUT("\tPointerToSymbolTable : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.PointerToSymbolTable);
  863.    OUTPUT("\tNumberOfSymbols : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.NumberOfSymbols);
  864.    OUTPUT("\tSizeOfOptionalHeader : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.SizeOfOptionalHeader);
  865.    OUTPUT("\tCharacteristics : 0x%X %s\n\n", (uintptr_t)pImageNtHeaders->FileHeader.Characteristics, GetImageCharacteristics(pImageNtHeaders->FileHeader.Characteristics));
  866.  
  867.    OUTPUT("[+] PE OPTIONAL HEADER\n");
  868.    OUTPUT("\tMagic : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.Magic);
  869.    OUTPUT("\tAddressOfEntryPoint : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.AddressOfEntryPoint);
  870.    OUTPUT("\tImageBase : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.ImageBase);
  871.    OUTPUT("\tSectionAlignment : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SectionAlignment);
  872.    OUTPUT("\tFileAlignment : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.FileAlignment);
  873.    OUTPUT("\tMajorOperatingSystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorOperatingSystemVersion);
  874.    OUTPUT("\tMinorOperatingSystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorOperatingSystemVersion);
  875.    OUTPUT("\tMajorImageVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorImageVersion);
  876.    OUTPUT("\tMinorImageVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorImageVersion);
  877.    OUTPUT("\tMajorSubsystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorSubsystemVersion);
  878.    OUTPUT("\tMinorSubsystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorSubsystemVersion);
  879.    OUTPUT("\tWin32VersionValue : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.Win32VersionValue);
  880.    OUTPUT("\tSizeOfImage : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfImage);
  881.    OUTPUT("\tSizeOfHeaders : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeaders);
  882.    OUTPUT("\tCheckSum : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.CheckSum);
  883.    OUTPUT("\tSubsystem : 0x%X %s\n", (uintptr_t)pImageNtHeaders->OptionalHeader.Subsystem, GetSubsystem(pImageNtHeaders->OptionalHeader.Subsystem));
  884.    OUTPUT("\tDllCharacteristics : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.DllCharacteristics);
  885.    OUTPUT("\tSizeOfStackReserve : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfStackReserve);
  886.    OUTPUT("\tSizeOfStackCommit : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfStackCommit);
  887.    OUTPUT("\tSizeOfHeapReserve : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeapReserve);
  888.    OUTPUT("\tSizeOfHeapCommit : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeapCommit);
  889.    OUTPUT("\tLoaderFlags : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.LoaderFlags);
  890.    OUTPUT("\tNumberOfRvaAndSizes : 0x%X\n\n", (uintptr_t)pImageNtHeaders->OptionalHeader.NumberOfRvaAndSizes);
  891.  
  892.    //UpdateEditControl(); //added just now remove line!
  893.  
  894.    GetDataDirectories(&pImageNtHeaders->OptionalHeader.DataDirectory[0]);
  895.  
  896.    const auto pImageSectionHeader = reinterpret_cast<PIMAGE_SECTION_HEADER>((DWORD_PTR)pImageNtHeaders + sizeof(IMAGE_NT_HEADERS));
  897.    const auto pImageImportSection = GetSections(pImageSectionHeader, pImageNtHeaders->FileHeader.NumberOfSections, pImageNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress);
  898.  
  899.    if (!pImageImportSection) {
  900.        OUTPUT("[-] Error: Could not find import section!\n");
  901.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  902.        return;
  903.    }
  904.  
  905.    const auto pImageImportDescriptor = reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>((DWORD_PTR)lpFileContent + pImageImportSection->PointerToRawData);
  906.    if (pImageNtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) {
  907.        GetImports32(pImageImportDescriptor, (DWORD)lpFileContent + pImageImportSection->PointerToRawData, pImageImportSection);
  908.    }
  909.    else if (pImageNtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64) {
  910.        GetImports64(pImageImportDescriptor, (DWORD)lpFileContent + pImageImportSection->PointerToRawData, pImageImportSection);
  911.    }
  912.    else {
  913.        OUTPUT("[-] Unsupported architecture!\n");
  914.    }
  915.  
  916.    HeapFree(GetProcessHeap(), 0, lpFileContent);
  917.    UpdateEditControl();
  918. }
  919.  
  920. void GetDataDirectories(PIMAGE_DATA_DIRECTORY pImageDataDirectory) {
  921.    OUTPUT("[+] PE DATA DIRECTORIES\n");
  922.    for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; ++i, ++pImageDataDirectory) {
  923.        if (pImageDataDirectory->VirtualAddress == 0) continue;
  924.        OUTPUT("\tDataDirectory (%s) VirtualAddress : 0x%X\n", GetDataDirectoryName(i), (uintptr_t)pImageDataDirectory->VirtualAddress);
  925.        OUTPUT("\tDataDirectory (%s) Size : 0x%X\n\n", GetDataDirectoryName(i), (uintptr_t)pImageDataDirectory->Size);
  926.    }
  927. }
  928.  
  929. PIMAGE_SECTION_HEADER GetSections(const PIMAGE_SECTION_HEADER pImageSectionHeader, int NumberOfSections, DWORD dImportAddress) {
  930.    PIMAGE_SECTION_HEADER pImageImportHeader = nullptr;
  931.    OUTPUT("\n[+] PE IMAGE SECTIONS\n");
  932.    for (int i = 0; i < NumberOfSections; ++i) {
  933.        const auto pCurrentSectionHeader = reinterpret_cast<PIMAGE_SECTION_HEADER>((DWORD_PTR)pImageSectionHeader + i * sizeof(IMAGE_SECTION_HEADER));
  934.        OUTPUT("\n\tSECTION : %s\n", (wchar_t*)pCurrentSectionHeader->Name);
  935.        OUTPUT("\t\tMisc (PhysicalAddress) : 0x%X\n", (uintptr_t)pCurrentSectionHeader->Misc.PhysicalAddress);
  936.        OUTPUT("\t\tMisc (VirtualSize) : 0x%X\n", (uintptr_t)pCurrentSectionHeader->Misc.VirtualSize);
  937.        OUTPUT("\t\tVirtualAddress : 0x%X\n", (uintptr_t)pCurrentSectionHeader->VirtualAddress);
  938.        OUTPUT("\t\tSizeOfRawData : 0x%X\n", (uintptr_t)pCurrentSectionHeader->SizeOfRawData);
  939.        OUTPUT("\t\tPointerToRawData : 0x%X\n", (uintptr_t)pCurrentSectionHeader->PointerToRawData);
  940.        OUTPUT("\t\tCharacteristics : 0x%X %s\n", (uintptr_t)pCurrentSectionHeader->Characteristics, GetSectionProtection(pCurrentSectionHeader->Characteristics));
  941.  
  942.        if (dImportAddress >= pCurrentSectionHeader->VirtualAddress && dImportAddress < pCurrentSectionHeader->VirtualAddress + pCurrentSectionHeader->Misc.VirtualSize) {
  943.            pImageImportHeader = pCurrentSectionHeader;
  944.        }
  945.    }
  946.    return pImageImportHeader;
  947. }
  948.  
  949. void GetImports32(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor, DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection) {
  950.    OUTPUT("\n[+] IMPORTED DLL\n");
  951.    while (pImageImportDescriptor->Name != 0) {
  952.        OUTPUT("\n\tDLL NAME : %s\n", (wchar_t*)(dRawOffset + (pImageImportDescriptor->Name - pImageImportSection->VirtualAddress)));
  953.        if (pImageImportDescriptor->OriginalFirstThunk == 0) {
  954.            ++pImageImportDescriptor;
  955.            continue;
  956.        }
  957.        auto pOriginalFirstThunk = reinterpret_cast<PIMAGE_THUNK_DATA32>(dRawOffset + (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress));
  958.        while (pOriginalFirstThunk->u1.AddressOfData != 0) {
  959.            const auto pImageImportByName = reinterpret_cast<PIMAGE_IMPORT_BY_NAME>(dRawOffset + (pOriginalFirstThunk->u1.AddressOfData - pImageImportSection->VirtualAddress));
  960.            if (pImageImportByName) {
  961.                OUTPUT("\t\tFunction: %s\n", (char*)pImageImportByName->Name);
  962.            }
  963.            pOriginalFirstThunk++;
  964.        }
  965.        pImageImportDescriptor++;
  966.    }
  967. }
  968.  
  969. void GetImports64(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor, DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection) {
  970.    OUTPUT("\n[+] IMPORTED DLL\n");
  971.    while (pImageImportDescriptor->Name != 0) {
  972.        OUTPUT("\n\tDLL NAME : %s\n", (wchar_t*)(dRawOffset + (pImageImportDescriptor->Name - pImageImportSection->VirtualAddress)));
  973.        if (pImageImportDescriptor->OriginalFirstThunk == 0) {
  974.            ++pImageImportDescriptor;
  975.            continue;
  976.        }
  977.        auto pOriginalFirstThunk = reinterpret_cast<PIMAGE_THUNK_DATA64>(dRawOffset + (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress));
  978.        while (pOriginalFirstThunk->u1.AddressOfData != 0) {
  979.            const auto pImageImportByName = reinterpret_cast<PIMAGE_IMPORT_BY_NAME>(dRawOffset + (pOriginalFirstThunk->u1.AddressOfData - pImageImportSection->VirtualAddress));
  980.            if (pImageImportByName) {
  981.                OUTPUT("\t\tFunction: %s\n", (char*)pImageImportByName->Name);
  982.            }
  983.            pOriginalFirstThunk++;
  984.        }
  985.        pImageImportDescriptor++;
  986.    }
  987. }
  988. //use above ^^ ALWAYS
  989. */
  990.  
  991.  
  992. /*
  993. // older-orig-deprecated vv
  994. // Main PE Analysis function
  995. void AnalyzePEFile(const wchar_t* filePathW)
  996. {
  997.    //WCHAR filePathW[MAX_PATH];
  998.    //MultiByteToWideChar(CP_ACP, 0, filePathA, -1, filePathW, MAX_PATH);
  999.    OUTPUT("[+] Starting PE Analysis for: %s\n\n", filePathW);
  1000.    //AppendToOutput(L"[+] Starting PE Analysis for: %ls\n\n", filePathW);
  1001.  
  1002.    // Get file content
  1003.    LPVOID lpFileContent = GetFileContent(filePathW);
  1004.    if (!lpFileContent)
  1005.    {
  1006.        OUTPUT("[-] Failed to read file content!\n");
  1007.        return;
  1008.    }
  1009.  
  1010.    // Get DOS header
  1011.    const auto pImageDosHeader = static_cast<PIMAGE_DOS_HEADER>(lpFileContent);
  1012.    if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
  1013.    {
  1014.        OUTPUT("[-] Invalid DOS signature!\n");
  1015.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  1016.        return;
  1017.    }
  1018.  
  1019.    // Get NT headers
  1020.    const auto pImageNtHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>((DWORD_PTR)lpFileContent + pImageDosHeader->e_lfanew);
  1021.    if (pImageNtHeaders->Signature != IMAGE_NT_SIGNATURE)
  1022.    {
  1023.        OUTPUT("[-] Invalid NT signature!\n");
  1024.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  1025.        return;
  1026.    }
  1027.  
  1028.    // Display File Header information
  1029.    OUTPUT("[+] PE FILE HEADER\n");
  1030.    OUTPUT("\tMachine : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.Machine);
  1031.    OUTPUT("\tNumberOfSections : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.NumberOfSections);
  1032.    OUTPUT("\tTimeDateStamp : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.TimeDateStamp);
  1033.    OUTPUT("\tPointerToSymbolTable : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.PointerToSymbolTable);
  1034.    OUTPUT("\tNumberOfSymbols : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.NumberOfSymbols);
  1035.    OUTPUT("\tSizeOfOptionalHeader : 0x%X\n", (uintptr_t)pImageNtHeaders->FileHeader.SizeOfOptionalHeader);
  1036.    OUTPUT("\tCharacteristics : 0x%X %s\n\n",
  1037.        (uintptr_t)pImageNtHeaders->FileHeader.Characteristics,
  1038.        GetImageCharacteristics(pImageNtHeaders->FileHeader.Characteristics));
  1039.  
  1040.    // Display Optional Header information
  1041.    OUTPUT("[+] PE OPTIONAL HEADER\n");
  1042.    OUTPUT("\tMagic : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.Magic);
  1043.    OUTPUT("\tAddressOfEntryPoint : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.AddressOfEntryPoint);
  1044.    OUTPUT("\tImageBase : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.ImageBase);
  1045.    OUTPUT("\tSectionAlignment : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SectionAlignment);
  1046.    OUTPUT("\tFileAlignment : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.FileAlignment);
  1047.    OUTPUT("\tMajorOperatingSystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorOperatingSystemVersion);
  1048.    OUTPUT("\tMinorOperatingSystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorOperatingSystemVersion);
  1049.    OUTPUT("\tMajorImageVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorImageVersion);
  1050.    OUTPUT("\tMinorImageVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorImageVersion);
  1051.    OUTPUT("\tMajorSubsystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MajorSubsystemVersion);
  1052.    OUTPUT("\tMinorSubsystemVersion : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.MinorSubsystemVersion);
  1053.    OUTPUT("\tWin32VersionValue : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.Win32VersionValue);
  1054.    OUTPUT("\tSizeOfImage : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfImage);
  1055.    OUTPUT("\tSizeOfHeaders : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeaders);
  1056.    OUTPUT("\tCheckSum : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.CheckSum);
  1057.    OUTPUT("\tSubsystem : 0x%X %s\n",
  1058.        (uintptr_t)pImageNtHeaders->OptionalHeader.Subsystem,
  1059.        GetSubsystem(pImageNtHeaders->OptionalHeader.Subsystem));
  1060.    OUTPUT("\tDllCharacteristics : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.DllCharacteristics);
  1061.    OUTPUT("\tSizeOfStackReserve : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfStackReserve);
  1062.    OUTPUT("\tSizeOfStackCommit : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfStackCommit);
  1063.    OUTPUT("\tSizeOfHeapReserve : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeapReserve);
  1064.    OUTPUT("\tSizeOfHeapCommit : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.SizeOfHeapCommit);
  1065.    OUTPUT("\tLoaderFlags : 0x%X\n", (uintptr_t)pImageNtHeaders->OptionalHeader.LoaderFlags);
  1066.    OUTPUT("\tNumberOfRvaAndSizes : 0x%X\n\n", (uintptr_t)pImageNtHeaders->OptionalHeader.NumberOfRvaAndSizes);
  1067.  
  1068.    // Get Data Directories
  1069.    GetDataDirectories(&pImageNtHeaders->OptionalHeader.DataDirectory[0]);
  1070.  
  1071.    // Get the import section
  1072.    const auto pImageSectionHeader = reinterpret_cast<PIMAGE_SECTION_HEADER>(
  1073.        (DWORD_PTR)pImageNtHeaders + sizeof(IMAGE_NT_HEADERS));
  1074.  
  1075.    const auto pImageImportSection = GetSections(
  1076.        pImageSectionHeader,
  1077.        pImageNtHeaders->FileHeader.NumberOfSections,
  1078.        pImageNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress);
  1079.  
  1080.    if (!pImageImportSection)
  1081.    {
  1082.        OUTPUT("[-] Error: Could not find import section!\n");
  1083.        HeapFree(GetProcessHeap(), 0, lpFileContent);
  1084.        return;
  1085.    }
  1086.  
  1087.    // Get imports based on architecture
  1088.    const auto pImageImportDescriptor = reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>(
  1089.        (DWORD_PTR)lpFileContent + pImageImportSection->PointerToRawData);
  1090.  
  1091.    if (pImageNtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_I386)
  1092.    {
  1093.        GetImports32(
  1094.            pImageImportDescriptor,
  1095.            (DWORD)lpFileContent + pImageImportSection->PointerToRawData,
  1096.            pImageImportSection);
  1097.    }
  1098.    else if (pImageNtHeaders->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
  1099.    {
  1100.        GetImports64(
  1101.            pImageImportDescriptor,
  1102.            (DWORD)lpFileContent + pImageImportSection->PointerToRawData,
  1103.            pImageImportSection);
  1104.    }
  1105.    else
  1106.    {
  1107.        OUTPUT("[-] Unsupported architecture!\n");
  1108.    }
  1109.  
  1110.    // Cleanup
  1111.    HeapFree(GetProcessHeap(), 0, lpFileContent);
  1112.  
  1113.    // Update the GUI with the analysis results
  1114.    UpdateEditControl();
  1115. }
  1116.  
  1117. void GetDataDirectories(PIMAGE_DATA_DIRECTORY pImageDataDirectory)
  1118. {
  1119.    OUTPUT("[+] PE DATA DIRECTORIES\n");
  1120.    for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; ++i, ++pImageDataDirectory)
  1121.    {
  1122.        if (pImageDataDirectory->VirtualAddress == 0)
  1123.            continue;
  1124.  
  1125.        OUTPUT("\tDataDirectory (%s) VirtualAddress : 0x%X\n",
  1126.            GetDataDirectoryName(i),
  1127.            (uintptr_t)pImageDataDirectory->VirtualAddress);
  1128.        OUTPUT("\tDataDirectory (%s) Size : 0x%X\n\n",
  1129.            GetDataDirectoryName(i),
  1130.            (uintptr_t)pImageDataDirectory->Size);
  1131.    }
  1132. }
  1133.  
  1134. PIMAGE_SECTION_HEADER GetSections(const PIMAGE_SECTION_HEADER pImageSectionHeader,
  1135.    int NumberOfSections, DWORD dImportAddress)
  1136. {
  1137.    PIMAGE_SECTION_HEADER pImageImportHeader = nullptr;
  1138.  
  1139.    OUTPUT("\n[+] PE IMAGE SECTIONS\n");
  1140.  
  1141.    for (int i = 0; i < NumberOfSections; ++i)
  1142.    {
  1143.        const auto pCurrentSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD_PTR)pImageSectionHeader +
  1144.            i * sizeof(IMAGE_SECTION_HEADER));
  1145.  
  1146.        OUTPUT("\n\tSECTION : %s\n", (wchar_t*)pCurrentSectionHeader->Name);
  1147.        OUTPUT("\t\tMisc (PhysicalAddress) : 0x%X\n",
  1148.            (uintptr_t)pCurrentSectionHeader->Misc.PhysicalAddress);
  1149.        OUTPUT("\t\tMisc (VirtualSize) : 0x%X\n",
  1150.            (uintptr_t)pCurrentSectionHeader->Misc.VirtualSize);
  1151.        OUTPUT("\t\tVirtualAddress : 0x%X\n",
  1152.            (uintptr_t)pCurrentSectionHeader->VirtualAddress);
  1153.        OUTPUT("\t\tSizeOfRawData : 0x%X\n",
  1154.            (uintptr_t)pCurrentSectionHeader->SizeOfRawData);
  1155.        OUTPUT("\t\tPointerToRawData : 0x%X\n",
  1156.            (uintptr_t)pCurrentSectionHeader->PointerToRawData);
  1157.        OUTPUT("\t\tPointerToRelocations : 0x%X\n",
  1158.            (uintptr_t)pCurrentSectionHeader->PointerToRelocations);
  1159.        OUTPUT("\t\tPointerToLinenumbers : 0x%X\n",
  1160.            (uintptr_t)pCurrentSectionHeader->PointerToLinenumbers);
  1161.        OUTPUT("\t\tNumberOfRelocations : 0x%X\n",
  1162.            (uintptr_t)pCurrentSectionHeader->NumberOfRelocations);
  1163.        OUTPUT("\t\tNumberOfLinenumbers : 0x%X\n",
  1164.            (uintptr_t)pCurrentSectionHeader->NumberOfLinenumbers);
  1165.        OUTPUT("\t\tCharacteristics : 0x%X %s\n",
  1166.            (uintptr_t)pCurrentSectionHeader->Characteristics,
  1167.            GetSectionProtection(pCurrentSectionHeader->Characteristics));
  1168.  
  1169.        if (dImportAddress >= pCurrentSectionHeader->VirtualAddress &&
  1170.            dImportAddress < pCurrentSectionHeader->VirtualAddress +
  1171.            pCurrentSectionHeader->Misc.VirtualSize)
  1172.        {
  1173.            pImageImportHeader = pCurrentSectionHeader;
  1174.        }
  1175.    }
  1176.  
  1177.    return pImageImportHeader;
  1178. }
  1179. void GetImports32(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor,
  1180.    DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection)
  1181. {
  1182.    OUTPUT("\n[+] IMPORTED DLL\n");
  1183.  
  1184.    while (pImageImportDescriptor->Name != 0)
  1185.    {
  1186.        OUTPUT("\n\tDLL NAME : %s\n",
  1187.            (wchar_t*)(dRawOffset + (pImageImportDescriptor->Name - pImageImportSection->VirtualAddress)));
  1188.        OUTPUT("\tCharacteristics : 0x%X\n",
  1189.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->Characteristics - pImageImportSection->VirtualAddress)));
  1190.        OUTPUT("\tOriginalFirstThunk : 0x%X\n",
  1191.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress)));
  1192.        OUTPUT("\tTimeDateStamp : 0x%X\n",
  1193.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->TimeDateStamp - pImageImportSection->VirtualAddress)));
  1194.        OUTPUT("\tForwarderChain : 0x%X\n",
  1195.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->ForwarderChain - pImageImportSection->VirtualAddress)));
  1196.        OUTPUT("\tFirstThunk : 0x%X\n",
  1197.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->FirstThunk - pImageImportSection->VirtualAddress)));
  1198.  
  1199.        if (pImageImportDescriptor->OriginalFirstThunk == 0)
  1200.        {
  1201.            ++pImageImportDescriptor;
  1202.            continue;
  1203.        }
  1204.  
  1205.        auto pOriginalFirstThrunk = (PIMAGE_THUNK_DATA32)(dRawOffset +
  1206.            (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress));
  1207.  
  1208.        OUTPUT("\n\tImported Functions : \n\n");
  1209.  
  1210.        while (pOriginalFirstThrunk->u1.AddressOfData != 0)
  1211.        {
  1212.            if (pOriginalFirstThrunk->u1.AddressOfData >= IMAGE_ORDINAL_FLAG32)
  1213.            {
  1214.                ++pOriginalFirstThrunk;
  1215.                continue;
  1216.            }
  1217.  
  1218.            const auto pImageImportByName = (PIMAGE_IMPORT_BY_NAME)(dRawOffset +
  1219.                (pOriginalFirstThrunk->u1.AddressOfData - pImageImportSection->VirtualAddress));
  1220.  
  1221.            if (pImageImportByName == nullptr)
  1222.            {
  1223.                ++pOriginalFirstThrunk;
  1224.                continue;
  1225.            }
  1226.  
  1227.            if (pOriginalFirstThrunk->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
  1228.            {
  1229.                OUTPUT("\t\t0x%X (Ordinal) : %s\n",
  1230.                    (uintptr_t)pOriginalFirstThrunk->u1.AddressOfData,
  1231.                    (wchar_t*)((DWORD_PTR)dRawOffset + (pImageImportByName->Name - pImageImportSection->VirtualAddress)));
  1232.            }
  1233.            else
  1234.            {
  1235.                OUTPUT("\t\t%s\n",
  1236.                    (wchar_t*)((DWORD_PTR)dRawOffset + (pImageImportByName->Name - pImageImportSection->VirtualAddress)));
  1237.            }
  1238.  
  1239.            ++pOriginalFirstThrunk;
  1240.        }
  1241.  
  1242.        ++pImageImportDescriptor;
  1243.    }
  1244. }
  1245.  
  1246. void GetImports64(PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor,
  1247.    DWORD dRawOffset, const PIMAGE_SECTION_HEADER pImageImportSection)
  1248. {
  1249.    OUTPUT("\n[+] IMPORTED DLL\n");
  1250.  
  1251.    while (pImageImportDescriptor->Name != 0)
  1252.    {
  1253.        OUTPUT("\n\tDLL NAME : %s\n",
  1254.            (wchar_t*)(dRawOffset + (pImageImportDescriptor->Name - pImageImportSection->VirtualAddress)));
  1255.        OUTPUT("\tCharacteristics : 0x%X\n",
  1256.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->Characteristics - pImageImportSection->VirtualAddress)));
  1257.        OUTPUT("\tOriginalFirstThunk : 0x%X\n",
  1258.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress)));
  1259.        OUTPUT("\tTimeDateStamp : 0x%X\n",
  1260.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->TimeDateStamp - pImageImportSection->VirtualAddress)));
  1261.        OUTPUT("\tForwarderChain : 0x%X\n",
  1262.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->ForwarderChain - pImageImportSection->VirtualAddress)));
  1263.        OUTPUT("\tFirstThunk : 0x%X\n",
  1264.            (uintptr_t)(dRawOffset + (pImageImportDescriptor->FirstThunk - pImageImportSection->VirtualAddress)));
  1265.  
  1266.        if (pImageImportDescriptor->OriginalFirstThunk == 0)
  1267.        {
  1268.            ++pImageImportDescriptor;
  1269.            continue;
  1270.        }
  1271.  
  1272.        auto pOriginalFirstThrunk = (PIMAGE_THUNK_DATA64)(dRawOffset +
  1273.            (pImageImportDescriptor->OriginalFirstThunk - pImageImportSection->VirtualAddress));
  1274.  
  1275.        OUTPUT("\n\tImported Functions : \n\n");
  1276.  
  1277.        while (pOriginalFirstThrunk->u1.AddressOfData != 0)
  1278.        {
  1279.            if (pOriginalFirstThrunk->u1.AddressOfData >= IMAGE_ORDINAL_FLAG64)
  1280.            {
  1281.                ++pOriginalFirstThrunk;
  1282.                continue;
  1283.            }
  1284.  
  1285.            const auto pImageImportByName = (PIMAGE_IMPORT_BY_NAME)((DWORD_PTR)dRawOffset +
  1286.                (pOriginalFirstThrunk->u1.AddressOfData - pImageImportSection->VirtualAddress));
  1287.  
  1288.            if (pImageImportByName == nullptr)
  1289.            {
  1290.                ++pOriginalFirstThrunk;
  1291.                continue;
  1292.            }
  1293.  
  1294.            if (pOriginalFirstThrunk->u1.Ordinal & IMAGE_ORDINAL_FLAG64)
  1295.            {
  1296.                OUTPUT("\t\t0x%llX (Ordinal) : %s\n",
  1297.                    pOriginalFirstThrunk->u1.AddressOfData,
  1298.                    (wchar_t*)((DWORD_PTR)dRawOffset + (pImageImportByName->Name - pImageImportSection->VirtualAddress)));
  1299.            }
  1300.            else
  1301.            {
  1302.                OUTPUT("\t\t%s\n",
  1303.                    (wchar_t*)((DWORD_PTR)dRawOffset + (pImageImportByName->Name - pImageImportSection->VirtualAddress)));
  1304.            }
  1305.  
  1306.            ++pOriginalFirstThrunk;
  1307.        }
  1308.  
  1309.        ++pImageImportDescriptor;
  1310.    }
  1311. }
  1312. // older-orig-deprecated ^^
  1313. */
  1314.  
  1315. //filePathW
  1316. //lpFilePath
  1317. HANDLE GetFileContent(const wchar_t* lpFilePath) {
  1318.    HANDLE hFile = CreateFileW(lpFilePath, GENERIC_READ, 0, nullptr, OPEN_EXISTING, 0, nullptr);
  1319.    if (hFile == INVALID_HANDLE_VALUE) return nullptr;
  1320.    DWORD fileSize = GetFileSize(hFile, nullptr);
  1321.    auto lpFileContent = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, fileSize);
  1322.    DWORD bytesRead;
  1323.    ReadFile(hFile, lpFileContent, fileSize, &bytesRead, nullptr);
  1324.    CloseHandle(hFile);
  1325.    return lpFileContent;
  1326. }
  1327.  
  1328. void UpdateEditControl() {
  1329.    SetWindowTextW(g_hEditControl, g_OutputText.str().c_str());
  1330.    SendMessage(g_hEditControl, EM_SETSEL, -1, -1);
  1331.    SendMessage(g_hEditControl, EM_SCROLLCARET, 0, 0);
  1332. }
Tags: #inclues-feedback-info
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!