Solved

list dll dependency in listbox1, list dll module in listbox2

Posted on 2010-09-20
57
427 Views
Last Modified: 2012-05-10
i have a code that gets dll dependencies BUT it includes the dll modules and other unknown characters,  if you have a code that list the dep and mod in list1 and list2, please, kindly load it up.

And other problem with that code? it produces some access violation in other .dll, I hope someone could look at the code and fix it.
unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls;

const
  IMAGE_DOS_SIGNATURE    = $5A4D;       { MZ }
  IMAGE_OS2_SIGNATURE    = $454E;       { NE }
  IMAGE_OS2_SIGNATURE_LE = $454C;       { LE }
  IMAGE_VXD_SIGNATURE    = $454C;       { LE }
  IMAGE_NT_SIGNATURE     = $00004550;   { PE00 }

  IMAGE_SIZEOF_SHORT_NAME            = 8;
  IMAGE_SIZEOF_SECTION_HEADER        = 40;
  IMAGE_NUMBEROF_DIRECTORY_ENTRIES   = 16;
  IMAGE_RESOURCE_NAME_IS_STRING      = $80000000;
  IMAGE_RESOURCE_DATA_IS_DIRECTORY   = $80000000;
  IMAGE_OFFSET_STRIP_HIGH            = $7FFFFFFF;
  DIRECTORY_ENTRY_EXPORT             = 0;   // Export Directory
  IMAGE_DIRECTORY_ENTRY_IMPORT       = 1;   // Import Directory
  IMAGE_DIRECTORY_ENTRY_RESOURCE     = 2;   // Resource Directory
  IMAGE_DIRECTORY_ENTRY_EXCEPTION    = 3;   // Exception Directory
  IMAGE_DIRECTORY_ENTRY_SECURITY     = 4;   // Security Directory
  IMAGE_DIRECTORY_ENTRY_BASERELOC    = 5;   // Base Relocation Table
  IMAGE_DIRECTORY_ENTRY_DEBUG        = 6;   // Debug Directory
  IMAGE_DIRECTORY_ENTRY_COPYRIGHT    = 7;   // Description String
  IMAGE_DIRECTORY_ENTRY_GLOBALPTR    = 8;   // Machine Value (MIPS GP)
  IMAGE_DIRECTORY_ENTRY_TLS          = 9;   // TLS Directory
  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG  = 10;   // Load Configuration Directory
  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11;   // Bound Import Directory in headers
  IMAGE_DIRECTORY_ENTRY_IAT          = 12;

type
plist_entry = ^LIST_ENTRY;
LIST_ENTRY = record
  Flink:pLIST_ENTRY;
  Blink:pLIST_ENTRY;
end;

type IMAGE_EXPORT_DIRECTORY= packed record
Characteristics:DWORD;
TimeDateStamp:DWORD;
MajorVersion:WORD;
MinorVersion:WORD;
Name:DWORD;
Base:DWORD;
NumberOfFunctions:DWORD;
NumberOfNames:DWORD;
pAddressOfFunctions:PDWORD;
pAddressOfNames:PDWORD;
pAddressOfNameOrdinals:PWORD;
end;
PIMAGE_EXPORT_DIRECTORY= ^IMAGE_EXPORT_DIRECTORY;

type FPO_DATA =packed record
ulOffStart: DWORD;             // offset 1st byte of function code
cbProcSize:DWORD ;             // # bytes in function
cdwLocals:DWORD;              // # bytes in locals/4
cdwParams:WORD ;              // # bytes in params/4
cbProlog:WORD;           // # bytes in prolog
cbRegs:WORD;           // # regs saved
fHasSEH:WORD;           // TRUE if SEH in func
fUseBP:WORD;           // TRUE if EBP has been allocated
reserved:WORD;           // reserved for future use
cbFrame:WORD;           // frame type
end;
PFPO_DATA=^FPO_DATA;

type
IMAGE_FUNCTION_ENTRY=packed record
  StartingAddress:dword;
  EndingAddress:dword;
  EndOfPrologue:dword;
end;
PIMAGE_FUNCTION_ENTRY=^IMAGE_FUNCTION_ENTRY;

type
  PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
  IMAGE_DOS_HEADER = packed record      { DOS .EXE header }
    e_magic         : WORD;             { Magic number }
    e_cblp          : WORD;             { Bytes on last page of file }
    e_cp            : WORD;             { Pages in file }
    e_crlc          : WORD;             { Relocations }
    e_cparhdr       : WORD;             { Size of header in paragraphs }
    e_minalloc      : WORD;             { Minimum extra paragraphs needed }
    e_maxalloc      : WORD;             { Maximum extra paragraphs needed }
    e_ss            : WORD;             { Initial (relative) SS value }
    e_sp            : WORD;             { Initial SP value }
    e_csum          : WORD;             { Checksum }
    e_ip            : WORD;             { Initial IP value }
    e_cs            : WORD;             { Initial (relative) CS value }
    e_lfarlc        : WORD;             { File address of relocation table }
    e_ovno          : WORD;             { Overlay number }
    e_res           : packed array [0..3] of WORD; { Reserved words }
    e_oemid         : WORD;             { OEM identifier (for e_oeminfo) }
    e_oeminfo       : WORD;             { OEM information; e_oemid specific }
    e_res2          : packed array [0..9] of WORD; { Reserved words }
    e_lfanew        : Longint;          { File address of new exe header }
  end;

  PIMAGE_FILE_HEADER = ^IMAGE_FILE_HEADER;
  IMAGE_FILE_HEADER = packed record
    Machine              : WORD;
    NumberOfSections     : WORD;
    TimeDateStamp        : DWORD;
    PointerToSymbolTable : DWORD;
    NumberOfSymbols      : DWORD;
    SizeOfOptionalHeader : WORD;
    Characteristics      : WORD;
  end;

  PIMAGE_DATA_DIRECTORY = ^IMAGE_DATA_DIRECTORY;
  IMAGE_DATA_DIRECTORY = packed record
    VirtualAddress  : DWORD;
    Size            : DWORD;
  end;

  PIMAGE_OPTIONAL_HEADER = ^IMAGE_OPTIONAL_HEADER;
  IMAGE_OPTIONAL_HEADER = packed record
   { Standard fields. }
    Magic           : WORD;
    MajorLinkerVersion : Byte;
    MinorLinkerVersion : Byte;
    SizeOfCode      : DWORD;
    SizeOfInitializedData : DWORD;
    SizeOfUninitializedData : DWORD;
    AddressOfEntryPoint : DWORD;
    BaseOfCode      : DWORD;
    BaseOfData      : DWORD;
   { NT additional fields. }
    ImageBase       : DWORD;
    SectionAlignment : DWORD;
    FileAlignment   : DWORD;
    MajorOperatingSystemVersion : WORD;
    MinorOperatingSystemVersion : WORD;
    MajorImageVersion : WORD;
    MinorImageVersion : WORD;
    MajorSubsystemVersion : WORD;
    MinorSubsystemVersion : WORD;
    Reserved1       : DWORD;
    SizeOfImage     : DWORD;
    SizeOfHeaders   : DWORD;
    CheckSum        : DWORD;
    Subsystem       : WORD;
    DllCharacteristics : WORD;
    SizeOfStackReserve : DWORD;
    SizeOfStackCommit : DWORD;
    SizeOfHeapReserve : DWORD;
    SizeOfHeapCommit : DWORD;
    LoaderFlags     : DWORD;
    NumberOfRvaAndSizes : DWORD;
    DataDirectory   : packed array [0..IMAGE_NUMBEROF_DIRECTORY_ENTRIES-1] of IMAGE_DATA_DIRECTORY;
  end;

  PIMAGE_SECTION_HEADER = ^IMAGE_SECTION_HEADER;
  IMAGE_SECTION_HEADER = packed record
    Name            : packed array [0..IMAGE_SIZEOF_SHORT_NAME-1] of Char;
    PhysicalAddress : DWORD; // or VirtualSize (union);
    VirtualAddress  : DWORD;
    SizeOfRawData   : DWORD;
    PointerToRawData : DWORD;
    PointerToRelocations : DWORD;
    PointerToLinenumbers : DWORD;
    NumberOfRelocations : WORD;
    NumberOfLinenumbers : WORD;
    Characteristics : DWORD;
  end;

  PIMAGE_NT_HEADERS = ^IMAGE_NT_HEADERS;
  IMAGE_NT_HEADERS = packed record
    Signature       : DWORD;
    FileHeader      : IMAGE_FILE_HEADER;
    OptionalHeader  : IMAGE_OPTIONAL_HEADER;
  end;

  PIMAGE_RESOURCE_DIRECTORY = ^IMAGE_RESOURCE_DIRECTORY;
  IMAGE_RESOURCE_DIRECTORY = packed record
    Characteristics : DWORD;
    TimeDateStamp   : DWORD;
    MajorVersion    : WORD;
    MinorVersion    : WORD;
    NumberOfNamedEntries : WORD;
    NumberOfIdEntries : WORD;
  end;

  PIMAGE_RESOURCE_DIRECTORY_ENTRY = ^IMAGE_RESOURCE_DIRECTORY_ENTRY;
  IMAGE_RESOURCE_DIRECTORY_ENTRY = packed record
    Name: DWORD;        // Or ID: Word (Union)
    OffsetToData: DWORD;
  end;

  PIMAGE_RESOURCE_DATA_ENTRY = ^IMAGE_RESOURCE_DATA_ENTRY;
  IMAGE_RESOURCE_DATA_ENTRY = packed record
    OffsetToData    : DWORD;
    Size            : DWORD;
    CodePage        : DWORD;
    Reserved        : DWORD;
  end;

  PIMAGE_RESOURCE_DIR_STRING_U = ^IMAGE_RESOURCE_DIR_STRING_U;
  IMAGE_RESOURCE_DIR_STRING_U = packed record
    Length          : WORD;
    NameString      : array [0..0] of WCHAR;
  end;

type LOADED_IMAGE = record
  ModuleName:pchar;
  hFile:thandle;
  MappedAddress:pchar;
  FileHeader:PIMAGE_NT_HEADERS;
  LastRvaSection:PIMAGE_SECTION_HEADER;
  NumberOfSections:integer;
  Sections:PIMAGE_SECTION_HEADER ;
  Characteristics:integer;
  fSystemImage:boolean;
  fDOSImage:boolean;
  Links:LIST_ENTRY;
  SizeOfImage:integer;
end;
PLOADED_IMAGE= ^LOADED_IMAGE;

type IMAGE_LOAD_CONFIG_DIRECTORY = packed record
    Characteristics:DWORD;
    TimeDateStamp:DWORD;
    MajorVersion:WORD;
    MinorVersion:WORD;
    GlobalFlagsClear:DWORD;
    GlobalFlagsSet:DWORD;
    CriticalSectionDefaultTimeout:DWORD;
    DeCommitFreeBlockThreshold:DWORD;
    DeCommitTotalFreeThreshold:DWORD;
    LockPrefixTable:Pointer;
    MaximumAllocationSize:DWORD;
    VirtualMemoryThreshold:DWORD;
    ProcessHeapFlags:DWORD;
    ProcessAffinityMask:DWORD;
    Reserved: array[0..2] of DWORD;
  end;
PIMAGE_LOAD_CONFIG_DIRECTORY=^IMAGE_LOAD_CONFIG_DIRECTORY;

type IMAGE_IMPORT_BY_NAME = packed record
  Hint:WORD;
  Name:DWORD;
end;
PIMAGE_IMPORT_BY_NAME=^IMAGE_IMPORT_BY_NAME;

type IMAGE_THUNK_DATA =packed record
  ForwarderString:PBYTE;
  Func:PDWORD;
  Ordinal:DWORD;
  AddressOfData:PIMAGE_IMPORT_BY_NAME;
end;
PIMAGE_THUNK_DATA=^IMAGE_THUNK_DATA;

type IMAGE_IMPORT_DESCRIPTOR= packed record
  Characteristics:DWORD;
  TimeDateStamp:DWORD;
  ForwarderChain:DWORD;
  Name:DWORD;
  FirstThunk:DWORD;
end;
PIMAGE_IMPORT_DESCRIPTOR = ^IMAGE_IMPORT_DESCRIPTOR;


type
  TForm1 = class(TForm)
    Button1: TButton;
    Memo1: TMemo;
    OpenDialog1: TOpenDialog;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    procedure ProcessFile;
  end;

var
  Form1: TForm1;
  h1,hmap:integer;
  bptr:pointer;
  gptr:pbyte;
  ntsign:plongword;
  doshd:PIMAGE_DOS_HEADER;
  pehd:PIMAGE_FILE_HEADER;
  peoptn:PIMAGE_OPTIONAL_HEADER;
  sectionheads:array of PIMAGE_SECTION_HEADER;
  offsetmem:longword;
  idataphysicaladress:pbyte;
  idata:PIMAGE_IMPORT_DESCRIPTOR;
  modulename,functionname:pchar;
  dptr:plongword;
  ord:word;
  pexpdir:PIMAGE_EXPORT_DIRECTORY;
  pexpnames:pdword;
  expfname:pchar;
implementation

{$R *.DFM}

procedure TForm1.Button1Click(Sender: TObject);
begin
memo1.Lines.Clear;
processfile;
end;

procedure TForm1.ProcessFile;
var
i,j:integer;
begin
if opendialog1.Execute=false  then
  exit
else
  h1:=fileopen(opendialog1.FileName,fmShareDenyNone or fmOpenRead);
hmap:=CreateFileMapping(h1,nil,PAGE_READONLY,0,0,nil);
doshd:=PIMAGE_DOS_HEADER(mapviewoffile(hmap,FILE_MAP_READ,0,0,0));
bptr:=doshd;
memo1.Lines.Clear;
memo1.lines.add('DOS Header');
memo1.Lines.Add(' -e_magic='+inttostr(doshd.e_magic));
memo1.Lines.Add(' -e_cblp='+inttostr(doshd.e_cblp));
memo1.Lines.Add(' -e_cp='+inttostr(doshd.e_cp));
memo1.Lines.Add(' -e_crlc='+inttostr(doshd.e_crlc));
memo1.Lines.Add(' -e_cparhdr='+inttostr(doshd.e_cparhdr));
memo1.Lines.Add(' -e_minalloc='+inttostr(doshd.e_minalloc));
memo1.Lines.Add(' -e_maxalloc='+inttostr(doshd.e_maxalloc));
memo1.Lines.Add(' -e_ss='+inttostr(doshd.e_ss));
memo1.Lines.Add(' -e_sp='+inttostr(doshd.e_sp));
memo1.Lines.Add(' -e_csum='+inttostr(doshd.e_csum));
memo1.Lines.Add(' -e_ip='+inttostr(doshd.e_ip));
memo1.Lines.Add(' -e_cs='+inttostr(doshd.e_cs));
memo1.Lines.Add(' -e_lfarlc='+inttostr(doshd.e_lfarlc));
memo1.Lines.Add(' -e_ovno='+inttostr(doshd.e_ovno));
memo1.Lines.Add(' -e_oemid='+inttostr(doshd.e_oemid));
memo1.Lines.Add(' -e_oeminfo='+inttostr(doshd.e_oeminfo));
memo1.Lines.Add(' -e_lfanew='+inttostr(doshd.e_lfanew));
gptr:=bptr;
inc(gptr,doshd.e_lfanew);
ntsign:=plongword(gptr);
if (ntsign^=IMAGE_NT_SIGNATURE) then
  begin
   memo1.Lines.Add('NT Signature<'+inttostr(IMAGE_NT_SIGNATURE)+'>='+inttostr(ntsign^));
   memo1.Lines.Add('Windows Executable');
   memo1.lines.add('------------------------------------------');
   gptr:=bptr;
   inc(gptr,doshd.e_lfanew+4);
   pehd:=PIMAGE_FILE_HEADER(gptr);
   memo1.lines.add('PE Header');
   memo1.Lines.Add(' -Machine='+inttostr(pehd.Machine));
   memo1.Lines.Add(' -Number of Sections='+inttostr(pehd.NumberOfSections));
   memo1.Lines.Add(' -TimeDateStamp='+IntToStr(pehd.TimeDateStamp));
   memo1.Lines.Add(' -PointerToSymbolTable='+IntToStr(pehd.PointerToSymbolTable));
   memo1.Lines.Add(' -Number of Symbols='+IntToStr(pehd.NumberOfSymbols));
   memo1.Lines.Add(' -SizeOfOptionalHeader='+IntToStr(pehd.SizeOfOptionalHeader));
   memo1.Lines.Add(' -Characteristics='+IntToStr(pehd.Characteristics));
   memo1.lines.add('------------------------------------------');
   gptr:=pbyte(pehd);
   inc(gptr,sizeof(IMAGE_FILE_HEADER));
   peoptn:=PIMAGE_OPTIONAL_HEADER(gptr);
   memo1.lines.add('PE Optional Header');
   memo1.Lines.Add(' -Magic='+inttostr(peoptn.Magic));
   memo1.Lines.Add(' -MajorLinkerVersion='+inttostr(peoptn.MajorLinkerVersion));
   memo1.Lines.Add(' -MinorLinkerVersion='+inttostr(peoptn.MinorLinkerVersion));
   memo1.Lines.Add(' -SizeOfCode='+inttostr(peoptn.SizeOfCode));
   memo1.Lines.Add(' -SizeOfInitializedData='+inttostr(peoptn.SizeOfInitializedData));
   memo1.Lines.Add(' -SizeOfUninitializedData='+inttostr(peoptn.SizeOfUninitializedData));
   memo1.Lines.Add(' -AddressOfEntryPoint='+inttostr(peoptn.AddressOfEntryPoint));
   memo1.Lines.Add(' -BaseOfCode='+inttostr(peoptn.BaseOfCode));
   memo1.Lines.Add(' -BaseOfData='+inttostr(peoptn.BaseOfData));
   memo1.Lines.Add(' -ImageBase='+inttostr(peoptn.ImageBase));
   memo1.Lines.Add(' -SectionAlignment='+inttostr(peoptn.SectionAlignment));
   memo1.Lines.Add(' -FileAlignment='+inttostr(peoptn.FileAlignment));
   memo1.Lines.Add(' -MajorOperatingSystemVersion='+inttostr(peoptn.MajorOperatingSystemVersion));
   memo1.Lines.Add(' -MinorOperatingSystemVersion='+inttostr(peoptn.MinorOperatingSystemVersion));
   memo1.Lines.Add(' -MajorImageVersion='+inttostr(peoptn.MajorImageVersion));
   memo1.Lines.Add(' -MinorImageVersion='+inttostr(peoptn.MinorImageVersion));
   memo1.Lines.Add(' -MajorSubsystemVersion='+inttostr(peoptn.MajorSubsystemVersion));
   memo1.Lines.Add(' -MinorSubsystemVersion ='+inttostr(peoptn.MinorSubsystemVersion ));
   memo1.Lines.Add(' -Reserved1 ='+inttostr(peoptn.Reserved1));
   memo1.Lines.Add(' -SizeOfImage ='+inttostr(peoptn.SizeOfImage));
   memo1.Lines.Add(' -SizeOfHeaders ='+inttostr(peoptn.SizeOfHeaders));
   memo1.Lines.Add(' -CheckSum ='+inttostr(peoptn.CheckSum));
   memo1.Lines.Add(' -SubSystem ='+inttostr(peoptn.Subsystem));
   memo1.Lines.Add(' -DllCharacteristics ='+inttostr(peoptn.DllCharacteristics));
   memo1.Lines.Add(' -SizeOfStackReserve ='+inttostr(peoptn.SizeOfStackReserve));
   memo1.Lines.Add(' -SizeOfStackCommit ='+inttostr(peoptn.SizeOfStackCommit));
   memo1.Lines.Add(' -SizeOfHeapReserve ='+inttostr(peoptn.SizeOfHeapReserve));
   memo1.Lines.Add(' -SizeOfHeapCommit ='+inttostr(peoptn.SizeOfHeapCommit));
   memo1.Lines.Add(' -LoaderFlags ='+inttostr(peoptn.LoaderFlags));
   memo1.Lines.Add(' -NumberOfRvaAndSizes ='+inttostr(peoptn.NumberOfRvaAndSizes));
   memo1.lines.add('------------------------------------------');
   setlength(sectionheads,pehd.NumberOfSections);
   for i:=0 to pehd.NumberOfSections -1 do
    begin
     gptr:=pbyte(peoptn);
     inc(gptr,sizeof(IMAGE_OPTIONAL_HEADER)+i*sizeof(IMAGE_SECTION_HEADER));
     sectionheads[i]:=PIMAGE_SECTION_HEADER(gptr);
    end;
   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size=0 then
    begin
     memo1.lines.add('No Export Table Present');
     memo1.lines.add('------------------------------------------');
    end
   else
    begin
     memo1.lines.add('Export Table Present');
     for i:=pehd.NumberOfSections-1 downto 0 do
      begin
       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress>=sectionheads[i].VirtualAddress then
        begin
         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress;
         break;
        end;
      end;
     gptr:=bptr;
     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
     pexpdir:=PIMAGE_EXPORT_DIRECTORY(gptr);
     pexpnames:=pdword(longint(bptr)+integer(PIMAGE_EXPORT_DIRECTORY(gptr).pAddressOfNames));
     for i:=0 to pexpdir.NumberOfNames-1 do
      begin
       expfname:=pchar(integer(bptr)+integer(pexpnames^));
       memo1.lines.add(' -'+expfname);
       inc(pexpnames);
      end;
     memo1.lines.add('------------------------------------------');
    end;
   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size=0 then
    memo1.lines.add('No Import Table Present')
   else
    begin
     memo1.lines.add('Import Table Present');
     for i:=pehd.NumberOfSections-1 downto 0 do
      begin
       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress>=sectionheads[i].VirtualAddress then
        begin
         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress;
         break;
        end;
      end;
     gptr:=bptr;
     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
     idataphysicaladress:=gptr;
     i:=0;
     j:=0;
     while true do
      begin
       gptr:=idataphysicaladress;
       inc(gptr,i*sizeof(IMAGE_IMPORT_DESCRIPTOR));
       idata :=PIMAGE_IMPORT_DESCRIPTOR(gptr);
       if idata.Name = 0 then
        break;
       gptr:=bptr;
       inc(gptr,offsetmem+idata.Name);
       modulename:=pchar(gptr);

       memo1.Lines.Add('Module Name:             '+ modulename);
       while true do
        begin
         if (idata.FirstThunk + j*4)= 0 then
          break;
         gptr:=bptr;
         inc(gptr,offsetmem+idata.FirstThunk +j*4);
         dptr:=plongword(gptr);
         gptr:=bptr;
         inc(gptr,offsetmem+dptr^);
         if isbadcodeptr(gptr) then
          break;
         ord:=pword(gptr)^;
         inc(gptr,2);
         functionname:=pchar(gptr);
         if isbadcodeptr(functionname) then
          break;
         if functionname=nil then
         break;
         memo1.Lines.Add('  -Ord:'+inttohex(ord,3)+' Function Name:    ' + functionname);
         inc(j);
        end;
       inc(i);
      end;
    end;
  end;
UnmapViewOfFile(bptr);
closehandle(hmap);
fileclose(h1);
end;

end.

Open in new window

0
Comment
Question by:systan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 31
  • 26
57 Comments
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33726510
for 5000 pts  :)
 
0
 
LVL 14

Author Comment

by:systan
ID: 33727021
Why would I do that?
I've given the code,  if experts wants to answer? he will just filter the;
dll depedency in listbox1 and imported modules in listbox2

see the image i mean;;


dlldep2.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33727998
Many tool already do this; are we 'reinventing the wheel' here?
(GExperts for one;Delphi add-on)
I compiled and got the exception and see the problem.
Do you have documention that shows the relationships each data structure has to one another?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Author Comment

by:systan
ID: 33728428
Many tool already do this; are we 'reinventing the wheel' here?
I just want to code it

>>I compiled and got the exception and see the problem.
ok, nice, please show it

>>Do you have documention that shows the relationships each data structure has to one another?
actually i dont have, but as far as i undertand the given code can perform what i want.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33728489
>> but as far as i undertand the given code can perform what i want.
not without Exception though; *something* was lost in the translation.
Do you have the original code.?
0
 
LVL 14

Author Comment

by:systan
ID: 33728787
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33729350
the owesome link is really awesome;
since he's done all the work and it's free to use why don't you take advantage of the work he's done, that's why he is giving it away???
Turns your program into a few lines;
 
implementation
uses u_c_pe;
{$R *.DFM}

procedure TForm1.Button1Click(Sender: TObject);
begin
     memo1.Lines.Clear;
     processfile;
end;

procedure TForm1.ProcessFile;
var   cpe : c_pe;
begin
    if opendialog1.Execute=false  then
     exit
    else
    begin
        cpe := c_pe.Create(opendialog1.FileName,Memo1.Lines);
        cpe.analyze_nt_header;
        cpe.analyze_imported_dlls(memo2.lines);
    end;
end;
END.

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33731333
briangochnauer;
I downloaded the zip file,
put it in the folder
delete the .res
open .dpr with delphi and delphi created the .res
removed the  Application.MainFormOnTaskbar := True;, because of delphi7
change the path of unit7.pas
run the application
pointed it to a dll
then
error saying "integer overflow"
I removed the checked mark on compiler runtime errors range checking, io checking, overflow checking
and
the error is the same.

then I added all the .pas in the project
errors on tdirectory listbox and tfilelistbox, i ignored it,
then
run the program, errors still the same.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33733632
You don't need to delete the .res file.
I loaded it into Delphi 5 in a VMWare machine; deleted the MainformOnTaskbar line and it compiled fine.
Using the attached file it worked fine too.
Try the attached file and see if works with your compilation.

DelphiBand.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33734231
briangochnauer;
why are you sending me a .dll?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734297
Got the wrong unit7.pas in there, somehow.
Try these files;

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734322
The DLL I sent earlier was for you to read in against your compiled version of the exe to see if it would 'parse' the *that* dll properly. Not all DLL's have all data structures.
0
 
LVL 14

Author Comment

by:systan
ID: 33734622
briangochnauer;
same error,
the earlier exeexplorer.zip youve send was not good, many .pas but it only uses 1, the unit7.pas
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734653
Now I'm getting the integer overflow, but I didn't originally. I'll check into it.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734688
The others are automatically included through the uses statement starting with
implementation
uses u_c_pe;
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734756
Works beautifully under Delphi 5.  probably string issues; working on it.
What version of Delphi are you using?
 
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734779
Heres' the D5 compiled exe.

Project11.exe
0
 
LVL 14

Author Comment

by:systan
ID: 33734829
yes, I see that, but it doesn't seem to solve the problem, integer always overflow.
0
 
LVL 14

Author Comment

by:systan
ID: 33735241
I download the project11.exe, test it and found good, yes it find dll dependency, but wheres the modules?
anyway I could not start the code because I dont know where did the integeroverflow comes from.
error saying "integer overflow"
I removed the checked mark on compiler runtime errors range checking, io checking, overflow checking
and
the error is the same.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33735316
Read carefully.. like I said before...
I'm working on it.   BE PATIENT.
 What verson of the Delphi compiler are you using?
0
 
LVL 14

Author Comment

by:systan
ID: 33735448
removed the  Application.MainFormOnTaskbar := True;, because of delphi7
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33735683
Try these files
ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33740261
no errors now during run time, but ill be patient to wait about the dll module used by the refering dll
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33743048
I don't understand "the dll module used by the refering dll".
The code allows the interogation of the DLL and EXE imports.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33743340
Reviewing your jpg you uploaded I think you mean to say;
"DLL functions used by imported DLL"
more clearly;
DLL imports (dependencies) in listbox1 and imported functions for selected DLL (listbox1) in listbox2
Modules = DLL making "DLL module" redundant

 

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33743647
error on that
if Assigned(cpe) then FreeAndNil(c_pe);?
0
 
LVL 14

Author Comment

by:systan
ID: 33743661
 //if Assigned(cpe) then FreeAndNil(c_pe);
I removed it, then run the program, pick some dlls, it says access violation.
0
 
LVL 14

Author Comment

by:systan
ID: 33743704
if Assigned(cpe) then FreeAndNil(cpe);
its ok now with that

but access violation when I click one of the dll listted in listbox2
0
 
LVL 14

Author Comment

by:systan
ID: 33744796
Actually I found the problem, it does not accept dlls

 procedure c_pe.analyze_imported_functions(p_dll_name: String; p_c_strings: tStrings;
        p_borland: String);
begin
...
...
 if not m_is_file_exe
          then begin
              display_pe('only for .EXE file');
              exit;
            end;


any idea to solve this?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33744856
It that because what you're clicking on is 'no imports' in Listbox1?
 

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33744908
"Actually I found the problem, it does not accept dlls"
Not true; I've already used this program to view EXE and DLLs, works fine.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33745149
udpate to show interally loaded DLLs (running exe)

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33745764
briangochnauer;
I test your .exe and it runs accepting .dlls, but if i compile my own .exe, it errors, no problem about that, i'll fix that some time.

the problem is when i click listbox1? it displays to the memo1 even the event is assigned to listbox2
cpe.analyze_imported_functions(ListBox1.Items[listbox1.ItemIndex],      listbox2.items,   '');
AND no functions displayed, instead it displays back the dlls.

Since we are having hardtime to debug some changes with Felix John COLIBRI code,
lets by pass it, put it away and pause.
I hope it's Ok for you.

Instead I have original code debugged and produces good result, but not excellent because the last dll picked-up is not displaying the functions, but the others are.

Here's the new code, please test the new code why the last dll is not showing functions.
I have also attact your form that I strech to see no functions listed around.

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, structures, StdCtrls;

type 
  TForm1 = class(TForm) 
    Button1: TButton; 
    OpenDialog1: TOpenDialog;
    ListBox1: TListBox;
    ListBox2: TListBox;
    procedure Button1Click(Sender: TObject);
    procedure ListBox1Click(Sender: TObject);
  private 
    { Private declarations } 
  public 
    procedure ProcessFile; 
  end; 

var 
  Form1: TForm1; 
  h1,hmap:longint; 
  bptr:pointer; 
  gptr:pbyte; 
  ntsign:plongword; 
  doshd:PIMAGE_DOS_HEADER; 
  pehd:PIMAGE_FILE_HEADER; 
  peoptn:PIMAGE_OPTIONAL_HEADER; 
  sectionheads:array of PIMAGE_SECTION_HEADER; 
  offsetmem:longword; 
  idataphysicaladress:pbyte; 
  idata:PIMAGE_IMPORT_DESCRIPTOR; 
  modulename,functionname:pchar; 
  dptr:plongword; 
  ord:word; 
  pexpdir:PIMAGE_EXPORT_DIRECTORY; 
  pexpnames:pdword; 
  expfname:pchar;

  tst:TStringList;

implementation 

{$R *.DFM} 

procedure TForm1.Button1Click(Sender: TObject); 
begin
tst:=TStringList.Create;
listbox1.Clear;
listbox2.Clear;
processfile;
end; 

procedure TForm1.ProcessFile; 
var 
i,j:longint; 
begin

if opendialog1.Execute=false  then 
  exit
else 
h1:=fileopen(opendialog1.FileName,fmShareDenyNone or fmOpenRead);

hmap:=CreateFileMapping(h1,nil,PAGE_READONLY,0,0,nil); 
doshd:=PIMAGE_DOS_HEADER(mapviewoffile(hmap,FILE_MAP_READ,0,0,0));
bptr:=doshd;
gptr:=bptr;
inc(gptr,doshd.e_lfanew);
ntsign:=plongword(gptr);

if (ntsign^=IMAGE_NT_SIGNATURE) then
  begin

   gptr:=bptr;
   inc(gptr,doshd.e_lfanew+4);
   pehd:=PIMAGE_FILE_HEADER(gptr);

   gptr:=pbyte(pehd);
   inc(gptr,sizeof(IMAGE_FILE_HEADER));
   peoptn:=PIMAGE_OPTIONAL_HEADER(gptr);

   setlength(sectionheads,pehd.NumberOfSections);
   for i:=0 to pehd.NumberOfSections -1 do
    begin
     gptr:=pbyte(peoptn);
     inc(gptr,sizeof(IMAGE_OPTIONAL_HEADER)+i*sizeof(IMAGE_SECTION_HEADER));
     sectionheads[i]:=PIMAGE_SECTION_HEADER(gptr);
    end;

   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size=0 then 
    exit
   else
    begin 

     for i:=pehd.NumberOfSections-1 downto 0 do 
      begin 
       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress>=sectionheads[i].VirtualAddress then
        begin 
         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress; 
         break; 
        end; 
      end;

     gptr:=bptr; 
     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); 
     idataphysicaladress:=gptr;
     i:=0;
     j:=0;

     while true do
      begin
       gptr:=idataphysicaladress;
       inc(gptr,i*sizeof(IMAGE_IMPORT_DESCRIPTOR));
       idata :=PIMAGE_IMPORT_DESCRIPTOR(gptr);
       if idata.Name = 0 then break;
       gptr:=bptr;
       inc(gptr,offsetmem+idata.Name);
       modulename:=pchar(gptr);

       if listbox1.Items.IndexOf(modulename)<0 then
       listbox1.Items.Add(modulename);


       while true do
        begin
         if (idata.FirstThunk + j*4)= 0 then break;
         gptr:=bptr;
         inc(gptr,offsetmem+idata.FirstThunk +j*4);
         dptr:=plongword(gptr);
         gptr:=bptr;
         inc(gptr,offsetmem+dptr^);
         if isbadcodeptr(gptr) then break;
         ord:=pword(gptr)^;
         inc(gptr,2);
         functionname:=pchar(gptr);
         if isbadcodeptr(functionname) then break;
         if functionname=nil then break;

         tst.Add(modulename+'='+functionname);

         inc(j); 
        end;


       inc(i);
      end;


    end; 
  end;

UnmapViewOfFile(bptr); 
closehandle(hmap); 
fileclose(h1); 
end; 

procedure TForm1.ListBox1Click(Sender: TObject);
var i:integer;
st, lt:string;
begin
listbox2.clear;
lt := listbox1.Items[listbox1.itemindex];
for i:= 0 to tst.Count-1 do
begin
if pos(lt, tst[i])> 0 then
begin
st:=copy(tst[i], length(lt)+2,255);
listbox2.Items.Add(st);
end;
end;
end;




end.

Open in new window

linkcomp.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746056
Memo1 is just a 'log' window it is probably not very useful except to see what the code is doing interally. You could hide the Memo1
I'm not having a hard time with COLIBRI 's code.
No offence intended here;  but your code is a mess.
One big long procedure, no structure, no error checking.
I looked though COLIBRI 's code and there is a spot where he calculates the offset needed by using a 32-bit integer and letting it over-flow (CF) which is normally an error but is necessary in this instance. I could not figure out how/why .
Now you want to try and RE-Implement that in your code....
Iv'e been programming in Pascal since late 1987 and Delphi since version 1, I'm not interested in understanding that much about EXE formats when somebody has already done the work.
You're so close to being done using COLIBRI's and you want to start over?
I suggest you read COLIBRI's website ****Very Carefully and thourghly ****

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746200
"the event is assigned to listbox2"
the event is supposed to be assigned to listbox1, not listbox2
0
 
LVL 14

Author Comment

by:systan
ID: 33746293
briangochnauer;
Thank you for the effort, but the result is always negative.
Heres the output of the code, I attached it in an image.
I don't know how you test it.

I think this conversation is to long.
I decided not to use colibres code.
Why?
So many codes, crumbled, rambled, and most of all,  youve send different errors from colibres codes,
and the new attached file? codes are long but where only getting small.

Since I am the asker, please kindly support what I want;
Please continue to see my code in id: #33745764

Original code debugged and produces good result,  but not excellent because the last dll picked-up is not displaying the functions, but the others are.

I am just a newbie for a long time, sorry for that.
linkcomp.JPG
0
 
LVL 5

Accepted Solution

by:
briangochnauer earned 500 total points
ID: 33746413
Guess you have an environment issue; cause it works fine for me (see image) when I compile and run it. Learn how to use the integrated debugger to fix your own program.
I guess I just wasted 3 days trying to help you. for nothing.

Clip127.jpg
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746508
Maybe you're running Win7 64-bit.
That is a problem, if you're trying to parse 32 and 64 bit DLLs.
The code I sent was for 32 bit.
0
 
LVL 14

Author Comment

by:systan
ID: 33746911
>>Maybe you're running Win7 64-bit.
No, Im not.
Im also running 32bit windows

As I see your image shown they are not the same, there must be wrong with the code your sending.

How could it be that there different.
linkcomp.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746992
What mine is outputing is the list of functions imported when I clicked on Listbox1 (successfully).
Try the exe attached using the DLL attached and see what results you have.

Project11.exe
DelphiBand.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33747224
I got it running shows fine ONLY in your DelphiBand.dll,   other dlls I have?  its not working.  Now the problem is not on my side, its in your side?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747233
send a DLL that doesn't work.
0
 
LVL 14

Author Comment

by:systan
ID: 33747288
ok, actually all the dlls I have doesn't work on your project11, but in yours, it work pretty much.
hide.dll
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747344
Nice. maybe your whole system is infected. Blocked by my firewall.
Virus was detected in the content (virus_detected)
Content contained "Mal/Behav-136" virus

The virus was blocked and was not downloaded to your system. Details Virus: Mal/Behav-136; File: hide.dll; Sub File: No file name available; Vendor: Sophos, Plc.; Engine error code: 0x20040203; Engine version: 3.12.1; Pattern version: 4.58G.2031302.1346887699; Pattern date: 2010/09/23 16:23:00
0
 
LVL 14

Author Comment

by:systan
ID: 33747435
I'm using malwarebytes, bitdepender and no signs of virus.   Sophos? then its not a virus, I made that hide.dll, just a test with zWopenFile function uner ntdll.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747626
Sophos (british company); a very well know virus scanner, been around for many years.
Try something you didn't create.
0
 
LVL 14

Author Comment

by:systan
ID: 33747738
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747778
That one loads but there is not imports or exports; does it get an error?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747877
Do you have one you didn't create but gets an error;
 when you either
1. click on listbox1
2. loading/opening
USING the Project11.exe I sent you?
0
 
LVL 14

Author Comment

by:systan
ID: 33747917
Ok, that one last, has imported modules
GrFinger.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33747955
>>
Do you have one you didn't create but gets an error; YES ALL, including my created dll
when you either

1. click on listbox1
2. loading/opening

USING the Project11.exe I sent you? YES
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33749001
Update 6 Rewrite;
ExeExplorer.zip
Project11.exe
0
 
LVL 14

Author Closing Comment

by:systan
ID: 33751881
briangochnauer;
You have now known that the dlls I've sent to you are not infected with a virus.

ExeExplorer.zip remains the same error.  "Access Violation"
The New Project11.exe has different form and is Ok getting every dlls,  and I don't know where did you get that code  and you ddn't attach it,  while you keep sending your old code along with the code from colibres site.

Anyway, I have solved my own code problem;
Errors that produces unsatisfied result,  and not excellent because the last dll picked-up is not displaying the functions, but the others are.

Now?  my small function code works excellent getting the right dll dependency and functions imported.
Even you called it "code is a mess."

Thanks for the effort, I don't really know wheres the big problem of the code your sending.  One thing I'm sure that the code your sending is complicated,  large code large problem.

I will accept your comments as a help, even though did not really get the exact codes that will run fine.

The important subject why closing this post because I already did answer my own code with a small clear function.


Thanks for the time
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33752906
The last ExeExplorer.zip contains *ALL* the files necessary to compile the project.
>>I don't know where did you get that code  and you ddn't attach it,
I tossed out ALL of COLIBRI's code and replaced it with GX_PEInfo.
This *very much* simplified the code needed.
If my Project11.exe works on every DLL; and you can't compile the source I gave you to work the same; then it is your compiler environment that is the problem.

Good luck with your new code. I'll try to avoid unproductive answers in the future.
 
0
 
LVL 14

Author Comment

by:systan
ID: 33754158
your New project11.exe has a different form that works,   the latest zip youve send along with the code and form design is different from your new project11.exe.    You keep sending old code but the code from your latest project11.exe that works was not really there for test.

anyway we dont really know wheres the big problem, i know its not from my compiler and if not from yours too.


Thank you for the time spending replys
I'm just a newbied spending time with different codes, please understand.
Without the error codes youve send I'll not react to make my own code that works now.

Thank you for that.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33754701
Sorry about that zip issue;
I've posted the correct incase others following or find it useful.

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33755441
Thanks, its all working now, do you really have to step a long conversation before you give the right one, your a trill.
See you at some other post.
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month7 days, 6 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question