Solved

list dll dependency in listbox1, list dll module in listbox2

Posted on 2010-09-20
57
411 Views
Last Modified: 2012-05-10
i have a code that gets dll dependencies BUT it includes the dll modules and other unknown characters,  if you have a code that list the dep and mod in list1 and list2, please, kindly load it up.

And other problem with that code? it produces some access violation in other .dll, I hope someone could look at the code and fix it.
unit Unit1;



interface



uses

  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,

  StdCtrls;



const

  IMAGE_DOS_SIGNATURE    = $5A4D;       { MZ }

  IMAGE_OS2_SIGNATURE    = $454E;       { NE }

  IMAGE_OS2_SIGNATURE_LE = $454C;       { LE }

  IMAGE_VXD_SIGNATURE    = $454C;       { LE }

  IMAGE_NT_SIGNATURE     = $00004550;   { PE00 }



  IMAGE_SIZEOF_SHORT_NAME            = 8;

  IMAGE_SIZEOF_SECTION_HEADER        = 40;

  IMAGE_NUMBEROF_DIRECTORY_ENTRIES   = 16;

  IMAGE_RESOURCE_NAME_IS_STRING      = $80000000;

  IMAGE_RESOURCE_DATA_IS_DIRECTORY   = $80000000;

  IMAGE_OFFSET_STRIP_HIGH            = $7FFFFFFF;

  DIRECTORY_ENTRY_EXPORT             = 0;   // Export Directory

  IMAGE_DIRECTORY_ENTRY_IMPORT       = 1;   // Import Directory

  IMAGE_DIRECTORY_ENTRY_RESOURCE     = 2;   // Resource Directory

  IMAGE_DIRECTORY_ENTRY_EXCEPTION    = 3;   // Exception Directory

  IMAGE_DIRECTORY_ENTRY_SECURITY     = 4;   // Security Directory

  IMAGE_DIRECTORY_ENTRY_BASERELOC    = 5;   // Base Relocation Table

  IMAGE_DIRECTORY_ENTRY_DEBUG        = 6;   // Debug Directory

  IMAGE_DIRECTORY_ENTRY_COPYRIGHT    = 7;   // Description String

  IMAGE_DIRECTORY_ENTRY_GLOBALPTR    = 8;   // Machine Value (MIPS GP)

  IMAGE_DIRECTORY_ENTRY_TLS          = 9;   // TLS Directory

  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG  = 10;   // Load Configuration Directory

  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11;   // Bound Import Directory in headers

  IMAGE_DIRECTORY_ENTRY_IAT          = 12;



type

plist_entry = ^LIST_ENTRY;

LIST_ENTRY = record

  Flink:pLIST_ENTRY;

  Blink:pLIST_ENTRY;

end;



type IMAGE_EXPORT_DIRECTORY= packed record

Characteristics:DWORD;

TimeDateStamp:DWORD;

MajorVersion:WORD;

MinorVersion:WORD;

Name:DWORD;

Base:DWORD;

NumberOfFunctions:DWORD;

NumberOfNames:DWORD;

pAddressOfFunctions:PDWORD;

pAddressOfNames:PDWORD;

pAddressOfNameOrdinals:PWORD;

end;

PIMAGE_EXPORT_DIRECTORY= ^IMAGE_EXPORT_DIRECTORY;



type FPO_DATA =packed record

ulOffStart: DWORD;             // offset 1st byte of function code

cbProcSize:DWORD ;             // # bytes in function

cdwLocals:DWORD;              // # bytes in locals/4

cdwParams:WORD ;              // # bytes in params/4

cbProlog:WORD;           // # bytes in prolog

cbRegs:WORD;           // # regs saved

fHasSEH:WORD;           // TRUE if SEH in func

fUseBP:WORD;           // TRUE if EBP has been allocated

reserved:WORD;           // reserved for future use

cbFrame:WORD;           // frame type

end;

PFPO_DATA=^FPO_DATA;



type

IMAGE_FUNCTION_ENTRY=packed record

  StartingAddress:dword;

  EndingAddress:dword;

  EndOfPrologue:dword;

end;

PIMAGE_FUNCTION_ENTRY=^IMAGE_FUNCTION_ENTRY;



type

  PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;

  IMAGE_DOS_HEADER = packed record      { DOS .EXE header }

    e_magic         : WORD;             { Magic number }

    e_cblp          : WORD;             { Bytes on last page of file }

    e_cp            : WORD;             { Pages in file }

    e_crlc          : WORD;             { Relocations }

    e_cparhdr       : WORD;             { Size of header in paragraphs }

    e_minalloc      : WORD;             { Minimum extra paragraphs needed }

    e_maxalloc      : WORD;             { Maximum extra paragraphs needed }

    e_ss            : WORD;             { Initial (relative) SS value }

    e_sp            : WORD;             { Initial SP value }

    e_csum          : WORD;             { Checksum }

    e_ip            : WORD;             { Initial IP value }

    e_cs            : WORD;             { Initial (relative) CS value }

    e_lfarlc        : WORD;             { File address of relocation table }

    e_ovno          : WORD;             { Overlay number }

    e_res           : packed array [0..3] of WORD; { Reserved words }

    e_oemid         : WORD;             { OEM identifier (for e_oeminfo) }

    e_oeminfo       : WORD;             { OEM information; e_oemid specific }

    e_res2          : packed array [0..9] of WORD; { Reserved words }

    e_lfanew        : Longint;          { File address of new exe header }

  end;



  PIMAGE_FILE_HEADER = ^IMAGE_FILE_HEADER;

  IMAGE_FILE_HEADER = packed record

    Machine              : WORD;

    NumberOfSections     : WORD;

    TimeDateStamp        : DWORD;

    PointerToSymbolTable : DWORD;

    NumberOfSymbols      : DWORD;

    SizeOfOptionalHeader : WORD;

    Characteristics      : WORD;

  end;



  PIMAGE_DATA_DIRECTORY = ^IMAGE_DATA_DIRECTORY;

  IMAGE_DATA_DIRECTORY = packed record

    VirtualAddress  : DWORD;

    Size            : DWORD;

  end;



  PIMAGE_OPTIONAL_HEADER = ^IMAGE_OPTIONAL_HEADER;

  IMAGE_OPTIONAL_HEADER = packed record

   { Standard fields. }

    Magic           : WORD;

    MajorLinkerVersion : Byte;

    MinorLinkerVersion : Byte;

    SizeOfCode      : DWORD;

    SizeOfInitializedData : DWORD;

    SizeOfUninitializedData : DWORD;

    AddressOfEntryPoint : DWORD;

    BaseOfCode      : DWORD;

    BaseOfData      : DWORD;

   { NT additional fields. }

    ImageBase       : DWORD;

    SectionAlignment : DWORD;

    FileAlignment   : DWORD;

    MajorOperatingSystemVersion : WORD;

    MinorOperatingSystemVersion : WORD;

    MajorImageVersion : WORD;

    MinorImageVersion : WORD;

    MajorSubsystemVersion : WORD;

    MinorSubsystemVersion : WORD;

    Reserved1       : DWORD;

    SizeOfImage     : DWORD;

    SizeOfHeaders   : DWORD;

    CheckSum        : DWORD;

    Subsystem       : WORD;

    DllCharacteristics : WORD;

    SizeOfStackReserve : DWORD;

    SizeOfStackCommit : DWORD;

    SizeOfHeapReserve : DWORD;

    SizeOfHeapCommit : DWORD;

    LoaderFlags     : DWORD;

    NumberOfRvaAndSizes : DWORD;

    DataDirectory   : packed array [0..IMAGE_NUMBEROF_DIRECTORY_ENTRIES-1] of IMAGE_DATA_DIRECTORY;

  end;



  PIMAGE_SECTION_HEADER = ^IMAGE_SECTION_HEADER;

  IMAGE_SECTION_HEADER = packed record

    Name            : packed array [0..IMAGE_SIZEOF_SHORT_NAME-1] of Char;

    PhysicalAddress : DWORD; // or VirtualSize (union);

    VirtualAddress  : DWORD;

    SizeOfRawData   : DWORD;

    PointerToRawData : DWORD;

    PointerToRelocations : DWORD;

    PointerToLinenumbers : DWORD;

    NumberOfRelocations : WORD;

    NumberOfLinenumbers : WORD;

    Characteristics : DWORD;

  end;



  PIMAGE_NT_HEADERS = ^IMAGE_NT_HEADERS;

  IMAGE_NT_HEADERS = packed record

    Signature       : DWORD;

    FileHeader      : IMAGE_FILE_HEADER;

    OptionalHeader  : IMAGE_OPTIONAL_HEADER;

  end;



  PIMAGE_RESOURCE_DIRECTORY = ^IMAGE_RESOURCE_DIRECTORY;

  IMAGE_RESOURCE_DIRECTORY = packed record

    Characteristics : DWORD;

    TimeDateStamp   : DWORD;

    MajorVersion    : WORD;

    MinorVersion    : WORD;

    NumberOfNamedEntries : WORD;

    NumberOfIdEntries : WORD;

  end;



  PIMAGE_RESOURCE_DIRECTORY_ENTRY = ^IMAGE_RESOURCE_DIRECTORY_ENTRY;

  IMAGE_RESOURCE_DIRECTORY_ENTRY = packed record

    Name: DWORD;        // Or ID: Word (Union)

    OffsetToData: DWORD;

  end;



  PIMAGE_RESOURCE_DATA_ENTRY = ^IMAGE_RESOURCE_DATA_ENTRY;

  IMAGE_RESOURCE_DATA_ENTRY = packed record

    OffsetToData    : DWORD;

    Size            : DWORD;

    CodePage        : DWORD;

    Reserved        : DWORD;

  end;



  PIMAGE_RESOURCE_DIR_STRING_U = ^IMAGE_RESOURCE_DIR_STRING_U;

  IMAGE_RESOURCE_DIR_STRING_U = packed record

    Length          : WORD;

    NameString      : array [0..0] of WCHAR;

  end;



type LOADED_IMAGE = record

  ModuleName:pchar;

  hFile:thandle;

  MappedAddress:pchar;

  FileHeader:PIMAGE_NT_HEADERS;

  LastRvaSection:PIMAGE_SECTION_HEADER;

  NumberOfSections:integer;

  Sections:PIMAGE_SECTION_HEADER ;

  Characteristics:integer;

  fSystemImage:boolean;

  fDOSImage:boolean;

  Links:LIST_ENTRY;

  SizeOfImage:integer;

end;

PLOADED_IMAGE= ^LOADED_IMAGE;



type IMAGE_LOAD_CONFIG_DIRECTORY = packed record

    Characteristics:DWORD;

    TimeDateStamp:DWORD;

    MajorVersion:WORD;

    MinorVersion:WORD;

    GlobalFlagsClear:DWORD;

    GlobalFlagsSet:DWORD;

    CriticalSectionDefaultTimeout:DWORD;

    DeCommitFreeBlockThreshold:DWORD;

    DeCommitTotalFreeThreshold:DWORD;

    LockPrefixTable:Pointer;

    MaximumAllocationSize:DWORD;

    VirtualMemoryThreshold:DWORD;

    ProcessHeapFlags:DWORD;

    ProcessAffinityMask:DWORD;

    Reserved: array[0..2] of DWORD;

  end;

PIMAGE_LOAD_CONFIG_DIRECTORY=^IMAGE_LOAD_CONFIG_DIRECTORY;



type IMAGE_IMPORT_BY_NAME = packed record

  Hint:WORD;

  Name:DWORD;

end;

PIMAGE_IMPORT_BY_NAME=^IMAGE_IMPORT_BY_NAME;



type IMAGE_THUNK_DATA =packed record

  ForwarderString:PBYTE;

  Func:PDWORD;

  Ordinal:DWORD;

  AddressOfData:PIMAGE_IMPORT_BY_NAME;

end;

PIMAGE_THUNK_DATA=^IMAGE_THUNK_DATA;



type IMAGE_IMPORT_DESCRIPTOR= packed record

  Characteristics:DWORD;

  TimeDateStamp:DWORD;

  ForwarderChain:DWORD;

  Name:DWORD;

  FirstThunk:DWORD;

end;

PIMAGE_IMPORT_DESCRIPTOR = ^IMAGE_IMPORT_DESCRIPTOR;





type

  TForm1 = class(TForm)

    Button1: TButton;

    Memo1: TMemo;

    OpenDialog1: TOpenDialog;

    procedure Button1Click(Sender: TObject);

  private

    { Private declarations }

  public

    procedure ProcessFile;

  end;



var

  Form1: TForm1;

  h1,hmap:integer;

  bptr:pointer;

  gptr:pbyte;

  ntsign:plongword;

  doshd:PIMAGE_DOS_HEADER;

  pehd:PIMAGE_FILE_HEADER;

  peoptn:PIMAGE_OPTIONAL_HEADER;

  sectionheads:array of PIMAGE_SECTION_HEADER;

  offsetmem:longword;

  idataphysicaladress:pbyte;

  idata:PIMAGE_IMPORT_DESCRIPTOR;

  modulename,functionname:pchar;

  dptr:plongword;

  ord:word;

  pexpdir:PIMAGE_EXPORT_DIRECTORY;

  pexpnames:pdword;

  expfname:pchar;

implementation



{$R *.DFM}



procedure TForm1.Button1Click(Sender: TObject);

begin

memo1.Lines.Clear;

processfile;

end;



procedure TForm1.ProcessFile;

var

i,j:integer;

begin

if opendialog1.Execute=false  then

  exit

else

  h1:=fileopen(opendialog1.FileName,fmShareDenyNone or fmOpenRead);

hmap:=CreateFileMapping(h1,nil,PAGE_READONLY,0,0,nil);

doshd:=PIMAGE_DOS_HEADER(mapviewoffile(hmap,FILE_MAP_READ,0,0,0));

bptr:=doshd;

memo1.Lines.Clear;

memo1.lines.add('DOS Header');

memo1.Lines.Add(' -e_magic='+inttostr(doshd.e_magic));

memo1.Lines.Add(' -e_cblp='+inttostr(doshd.e_cblp));

memo1.Lines.Add(' -e_cp='+inttostr(doshd.e_cp));

memo1.Lines.Add(' -e_crlc='+inttostr(doshd.e_crlc));

memo1.Lines.Add(' -e_cparhdr='+inttostr(doshd.e_cparhdr));

memo1.Lines.Add(' -e_minalloc='+inttostr(doshd.e_minalloc));

memo1.Lines.Add(' -e_maxalloc='+inttostr(doshd.e_maxalloc));

memo1.Lines.Add(' -e_ss='+inttostr(doshd.e_ss));

memo1.Lines.Add(' -e_sp='+inttostr(doshd.e_sp));

memo1.Lines.Add(' -e_csum='+inttostr(doshd.e_csum));

memo1.Lines.Add(' -e_ip='+inttostr(doshd.e_ip));

memo1.Lines.Add(' -e_cs='+inttostr(doshd.e_cs));

memo1.Lines.Add(' -e_lfarlc='+inttostr(doshd.e_lfarlc));

memo1.Lines.Add(' -e_ovno='+inttostr(doshd.e_ovno));

memo1.Lines.Add(' -e_oemid='+inttostr(doshd.e_oemid));

memo1.Lines.Add(' -e_oeminfo='+inttostr(doshd.e_oeminfo));

memo1.Lines.Add(' -e_lfanew='+inttostr(doshd.e_lfanew));

gptr:=bptr;

inc(gptr,doshd.e_lfanew);

ntsign:=plongword(gptr);

if (ntsign^=IMAGE_NT_SIGNATURE) then

  begin

   memo1.Lines.Add('NT Signature<'+inttostr(IMAGE_NT_SIGNATURE)+'>='+inttostr(ntsign^));

   memo1.Lines.Add('Windows Executable');

   memo1.lines.add('------------------------------------------');

   gptr:=bptr;

   inc(gptr,doshd.e_lfanew+4);

   pehd:=PIMAGE_FILE_HEADER(gptr);

   memo1.lines.add('PE Header');

   memo1.Lines.Add(' -Machine='+inttostr(pehd.Machine));

   memo1.Lines.Add(' -Number of Sections='+inttostr(pehd.NumberOfSections));

   memo1.Lines.Add(' -TimeDateStamp='+IntToStr(pehd.TimeDateStamp));

   memo1.Lines.Add(' -PointerToSymbolTable='+IntToStr(pehd.PointerToSymbolTable));

   memo1.Lines.Add(' -Number of Symbols='+IntToStr(pehd.NumberOfSymbols));

   memo1.Lines.Add(' -SizeOfOptionalHeader='+IntToStr(pehd.SizeOfOptionalHeader));

   memo1.Lines.Add(' -Characteristics='+IntToStr(pehd.Characteristics));

   memo1.lines.add('------------------------------------------');

   gptr:=pbyte(pehd);

   inc(gptr,sizeof(IMAGE_FILE_HEADER));

   peoptn:=PIMAGE_OPTIONAL_HEADER(gptr);

   memo1.lines.add('PE Optional Header');

   memo1.Lines.Add(' -Magic='+inttostr(peoptn.Magic));

   memo1.Lines.Add(' -MajorLinkerVersion='+inttostr(peoptn.MajorLinkerVersion));

   memo1.Lines.Add(' -MinorLinkerVersion='+inttostr(peoptn.MinorLinkerVersion));

   memo1.Lines.Add(' -SizeOfCode='+inttostr(peoptn.SizeOfCode));

   memo1.Lines.Add(' -SizeOfInitializedData='+inttostr(peoptn.SizeOfInitializedData));

   memo1.Lines.Add(' -SizeOfUninitializedData='+inttostr(peoptn.SizeOfUninitializedData));

   memo1.Lines.Add(' -AddressOfEntryPoint='+inttostr(peoptn.AddressOfEntryPoint));

   memo1.Lines.Add(' -BaseOfCode='+inttostr(peoptn.BaseOfCode));

   memo1.Lines.Add(' -BaseOfData='+inttostr(peoptn.BaseOfData));

   memo1.Lines.Add(' -ImageBase='+inttostr(peoptn.ImageBase));

   memo1.Lines.Add(' -SectionAlignment='+inttostr(peoptn.SectionAlignment));

   memo1.Lines.Add(' -FileAlignment='+inttostr(peoptn.FileAlignment));

   memo1.Lines.Add(' -MajorOperatingSystemVersion='+inttostr(peoptn.MajorOperatingSystemVersion));

   memo1.Lines.Add(' -MinorOperatingSystemVersion='+inttostr(peoptn.MinorOperatingSystemVersion));

   memo1.Lines.Add(' -MajorImageVersion='+inttostr(peoptn.MajorImageVersion));

   memo1.Lines.Add(' -MinorImageVersion='+inttostr(peoptn.MinorImageVersion));

   memo1.Lines.Add(' -MajorSubsystemVersion='+inttostr(peoptn.MajorSubsystemVersion));

   memo1.Lines.Add(' -MinorSubsystemVersion ='+inttostr(peoptn.MinorSubsystemVersion ));

   memo1.Lines.Add(' -Reserved1 ='+inttostr(peoptn.Reserved1));

   memo1.Lines.Add(' -SizeOfImage ='+inttostr(peoptn.SizeOfImage));

   memo1.Lines.Add(' -SizeOfHeaders ='+inttostr(peoptn.SizeOfHeaders));

   memo1.Lines.Add(' -CheckSum ='+inttostr(peoptn.CheckSum));

   memo1.Lines.Add(' -SubSystem ='+inttostr(peoptn.Subsystem));

   memo1.Lines.Add(' -DllCharacteristics ='+inttostr(peoptn.DllCharacteristics));

   memo1.Lines.Add(' -SizeOfStackReserve ='+inttostr(peoptn.SizeOfStackReserve));

   memo1.Lines.Add(' -SizeOfStackCommit ='+inttostr(peoptn.SizeOfStackCommit));

   memo1.Lines.Add(' -SizeOfHeapReserve ='+inttostr(peoptn.SizeOfHeapReserve));

   memo1.Lines.Add(' -SizeOfHeapCommit ='+inttostr(peoptn.SizeOfHeapCommit));

   memo1.Lines.Add(' -LoaderFlags ='+inttostr(peoptn.LoaderFlags));

   memo1.Lines.Add(' -NumberOfRvaAndSizes ='+inttostr(peoptn.NumberOfRvaAndSizes));

   memo1.lines.add('------------------------------------------');

   setlength(sectionheads,pehd.NumberOfSections);

   for i:=0 to pehd.NumberOfSections -1 do

    begin

     gptr:=pbyte(peoptn);

     inc(gptr,sizeof(IMAGE_OPTIONAL_HEADER)+i*sizeof(IMAGE_SECTION_HEADER));

     sectionheads[i]:=PIMAGE_SECTION_HEADER(gptr);

    end;

   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size=0 then

    begin

     memo1.lines.add('No Export Table Present');

     memo1.lines.add('------------------------------------------');

    end

   else

    begin

     memo1.lines.add('Export Table Present');

     for i:=pehd.NumberOfSections-1 downto 0 do

      begin

       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress>=sectionheads[i].VirtualAddress then

        begin

         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress;

         break;

        end;

      end;

     gptr:=bptr;

     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);

     pexpdir:=PIMAGE_EXPORT_DIRECTORY(gptr);

     pexpnames:=pdword(longint(bptr)+integer(PIMAGE_EXPORT_DIRECTORY(gptr).pAddressOfNames));

     for i:=0 to pexpdir.NumberOfNames-1 do

      begin

       expfname:=pchar(integer(bptr)+integer(pexpnames^));

       memo1.lines.add(' -'+expfname);

       inc(pexpnames);

      end;

     memo1.lines.add('------------------------------------------');

    end;

   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size=0 then

    memo1.lines.add('No Import Table Present')

   else

    begin

     memo1.lines.add('Import Table Present');

     for i:=pehd.NumberOfSections-1 downto 0 do

      begin

       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress>=sectionheads[i].VirtualAddress then

        begin

         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress;

         break;

        end;

      end;

     gptr:=bptr;

     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);

     idataphysicaladress:=gptr;

     i:=0;

     j:=0;

     while true do

      begin

       gptr:=idataphysicaladress;

       inc(gptr,i*sizeof(IMAGE_IMPORT_DESCRIPTOR));

       idata :=PIMAGE_IMPORT_DESCRIPTOR(gptr);

       if idata.Name = 0 then

        break;

       gptr:=bptr;

       inc(gptr,offsetmem+idata.Name);

       modulename:=pchar(gptr);



       memo1.Lines.Add('Module Name:             '+ modulename);

       while true do

        begin

         if (idata.FirstThunk + j*4)= 0 then

          break;

         gptr:=bptr;

         inc(gptr,offsetmem+idata.FirstThunk +j*4);

         dptr:=plongword(gptr);

         gptr:=bptr;

         inc(gptr,offsetmem+dptr^);

         if isbadcodeptr(gptr) then

          break;

         ord:=pword(gptr)^;

         inc(gptr,2);

         functionname:=pchar(gptr);

         if isbadcodeptr(functionname) then

          break;

         if functionname=nil then

         break;

         memo1.Lines.Add('  -Ord:'+inttohex(ord,3)+' Function Name:    ' + functionname);

         inc(j);

        end;

       inc(i);

      end;

    end;

  end;

UnmapViewOfFile(bptr);

closehandle(hmap);

fileclose(h1);

end;



end.

Open in new window

0
Comment
Question by:systan
  • 31
  • 26
57 Comments
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33726510
for 5000 pts  :)
 
0
 
LVL 14

Author Comment

by:systan
ID: 33727021
Why would I do that?
I've given the code,  if experts wants to answer? he will just filter the;
dll depedency in listbox1 and imported modules in listbox2

see the image i mean;;


dlldep2.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33727998
Many tool already do this; are we 'reinventing the wheel' here?
(GExperts for one;Delphi add-on)
I compiled and got the exception and see the problem.
Do you have documention that shows the relationships each data structure has to one another?
0
 
LVL 14

Author Comment

by:systan
ID: 33728428
Many tool already do this; are we 'reinventing the wheel' here?
I just want to code it

>>I compiled and got the exception and see the problem.
ok, nice, please show it

>>Do you have documention that shows the relationships each data structure has to one another?
actually i dont have, but as far as i undertand the given code can perform what i want.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33728489
>> but as far as i undertand the given code can perform what i want.
not without Exception though; *something* was lost in the translation.
Do you have the original code.?
0
 
LVL 14

Author Comment

by:systan
ID: 33728787
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33729350
the owesome link is really awesome;
since he's done all the work and it's free to use why don't you take advantage of the work he's done, that's why he is giving it away???
Turns your program into a few lines;
 
implementation
uses u_c_pe;
{$R *.DFM}

procedure TForm1.Button1Click(Sender: TObject);
begin
     memo1.Lines.Clear;
     processfile;
end;

procedure TForm1.ProcessFile;
var   cpe : c_pe;
begin
    if opendialog1.Execute=false  then
     exit
    else
    begin
        cpe := c_pe.Create(opendialog1.FileName,Memo1.Lines);
        cpe.analyze_nt_header;
        cpe.analyze_imported_dlls(memo2.lines);
    end;
end;
END.

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33731333
briangochnauer;
I downloaded the zip file,
put it in the folder
delete the .res
open .dpr with delphi and delphi created the .res
removed the  Application.MainFormOnTaskbar := True;, because of delphi7
change the path of unit7.pas
run the application
pointed it to a dll
then
error saying "integer overflow"
I removed the checked mark on compiler runtime errors range checking, io checking, overflow checking
and
the error is the same.

then I added all the .pas in the project
errors on tdirectory listbox and tfilelistbox, i ignored it,
then
run the program, errors still the same.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33733632
You don't need to delete the .res file.
I loaded it into Delphi 5 in a VMWare machine; deleted the MainformOnTaskbar line and it compiled fine.
Using the attached file it worked fine too.
Try the attached file and see if works with your compilation.

DelphiBand.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33734231
briangochnauer;
why are you sending me a .dll?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734297
Got the wrong unit7.pas in there, somehow.
Try these files;

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734322
The DLL I sent earlier was for you to read in against your compiled version of the exe to see if it would 'parse' the *that* dll properly. Not all DLL's have all data structures.
0
 
LVL 14

Author Comment

by:systan
ID: 33734622
briangochnauer;
same error,
the earlier exeexplorer.zip youve send was not good, many .pas but it only uses 1, the unit7.pas
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734653
Now I'm getting the integer overflow, but I didn't originally. I'll check into it.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734688
The others are automatically included through the uses statement starting with
implementation
uses u_c_pe;
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734756
Works beautifully under Delphi 5.  probably string issues; working on it.
What version of Delphi are you using?
 
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33734779
Heres' the D5 compiled exe.

Project11.exe
0
 
LVL 14

Author Comment

by:systan
ID: 33734829
yes, I see that, but it doesn't seem to solve the problem, integer always overflow.
0
 
LVL 14

Author Comment

by:systan
ID: 33735241
I download the project11.exe, test it and found good, yes it find dll dependency, but wheres the modules?
anyway I could not start the code because I dont know where did the integeroverflow comes from.
error saying "integer overflow"
I removed the checked mark on compiler runtime errors range checking, io checking, overflow checking
and
the error is the same.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33735316
Read carefully.. like I said before...
I'm working on it.   BE PATIENT.
 What verson of the Delphi compiler are you using?
0
 
LVL 14

Author Comment

by:systan
ID: 33735448
removed the  Application.MainFormOnTaskbar := True;, because of delphi7
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33735683
Try these files
ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33740261
no errors now during run time, but ill be patient to wait about the dll module used by the refering dll
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33743048
I don't understand "the dll module used by the refering dll".
The code allows the interogation of the DLL and EXE imports.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33743340
Reviewing your jpg you uploaded I think you mean to say;
"DLL functions used by imported DLL"
more clearly;
DLL imports (dependencies) in listbox1 and imported functions for selected DLL (listbox1) in listbox2
Modules = DLL making "DLL module" redundant

 

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33743647
error on that
if Assigned(cpe) then FreeAndNil(c_pe);?
0
 
LVL 14

Author Comment

by:systan
ID: 33743661
 //if Assigned(cpe) then FreeAndNil(c_pe);
I removed it, then run the program, pick some dlls, it says access violation.
0
 
LVL 14

Author Comment

by:systan
ID: 33743704
if Assigned(cpe) then FreeAndNil(cpe);
its ok now with that

but access violation when I click one of the dll listted in listbox2
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Author Comment

by:systan
ID: 33744796
Actually I found the problem, it does not accept dlls

 procedure c_pe.analyze_imported_functions(p_dll_name: String; p_c_strings: tStrings;
        p_borland: String);
begin
...
...
 if not m_is_file_exe
          then begin
              display_pe('only for .EXE file');
              exit;
            end;


any idea to solve this?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33744856
It that because what you're clicking on is 'no imports' in Listbox1?
 

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33744908
"Actually I found the problem, it does not accept dlls"
Not true; I've already used this program to view EXE and DLLs, works fine.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33745149
udpate to show interally loaded DLLs (running exe)

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33745764
briangochnauer;
I test your .exe and it runs accepting .dlls, but if i compile my own .exe, it errors, no problem about that, i'll fix that some time.

the problem is when i click listbox1? it displays to the memo1 even the event is assigned to listbox2
cpe.analyze_imported_functions(ListBox1.Items[listbox1.ItemIndex],      listbox2.items,   '');
AND no functions displayed, instead it displays back the dlls.

Since we are having hardtime to debug some changes with Felix John COLIBRI code,
lets by pass it, put it away and pause.
I hope it's Ok for you.

Instead I have original code debugged and produces good result, but not excellent because the last dll picked-up is not displaying the functions, but the others are.

Here's the new code, please test the new code why the last dll is not showing functions.
I have also attact your form that I strech to see no functions listed around.

unit Unit1;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, structures, StdCtrls;

type 
  TForm1 = class(TForm) 
    Button1: TButton; 
    OpenDialog1: TOpenDialog;
    ListBox1: TListBox;
    ListBox2: TListBox;
    procedure Button1Click(Sender: TObject);
    procedure ListBox1Click(Sender: TObject);
  private 
    { Private declarations } 
  public 
    procedure ProcessFile; 
  end; 

var 
  Form1: TForm1; 
  h1,hmap:longint; 
  bptr:pointer; 
  gptr:pbyte; 
  ntsign:plongword; 
  doshd:PIMAGE_DOS_HEADER; 
  pehd:PIMAGE_FILE_HEADER; 
  peoptn:PIMAGE_OPTIONAL_HEADER; 
  sectionheads:array of PIMAGE_SECTION_HEADER; 
  offsetmem:longword; 
  idataphysicaladress:pbyte; 
  idata:PIMAGE_IMPORT_DESCRIPTOR; 
  modulename,functionname:pchar; 
  dptr:plongword; 
  ord:word; 
  pexpdir:PIMAGE_EXPORT_DIRECTORY; 
  pexpnames:pdword; 
  expfname:pchar;

  tst:TStringList;

implementation 

{$R *.DFM} 

procedure TForm1.Button1Click(Sender: TObject); 
begin
tst:=TStringList.Create;
listbox1.Clear;
listbox2.Clear;
processfile;
end; 

procedure TForm1.ProcessFile; 
var 
i,j:longint; 
begin

if opendialog1.Execute=false  then 
  exit
else 
h1:=fileopen(opendialog1.FileName,fmShareDenyNone or fmOpenRead);

hmap:=CreateFileMapping(h1,nil,PAGE_READONLY,0,0,nil); 
doshd:=PIMAGE_DOS_HEADER(mapviewoffile(hmap,FILE_MAP_READ,0,0,0));
bptr:=doshd;
gptr:=bptr;
inc(gptr,doshd.e_lfanew);
ntsign:=plongword(gptr);

if (ntsign^=IMAGE_NT_SIGNATURE) then
  begin

   gptr:=bptr;
   inc(gptr,doshd.e_lfanew+4);
   pehd:=PIMAGE_FILE_HEADER(gptr);

   gptr:=pbyte(pehd);
   inc(gptr,sizeof(IMAGE_FILE_HEADER));
   peoptn:=PIMAGE_OPTIONAL_HEADER(gptr);

   setlength(sectionheads,pehd.NumberOfSections);
   for i:=0 to pehd.NumberOfSections -1 do
    begin
     gptr:=pbyte(peoptn);
     inc(gptr,sizeof(IMAGE_OPTIONAL_HEADER)+i*sizeof(IMAGE_SECTION_HEADER));
     sectionheads[i]:=PIMAGE_SECTION_HEADER(gptr);
    end;

   if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size=0 then 
    exit
   else
    begin 

     for i:=pehd.NumberOfSections-1 downto 0 do 
      begin 
       if peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress>=sectionheads[i].VirtualAddress then
        begin 
         offsetmem:=sectionheads[i].PointerToRawData-sectionheads[i].VirtualAddress; 
         break; 
        end; 
      end;

     gptr:=bptr; 
     inc(gptr,offsetmem+peoptn.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); 
     idataphysicaladress:=gptr;
     i:=0;
     j:=0;

     while true do
      begin
       gptr:=idataphysicaladress;
       inc(gptr,i*sizeof(IMAGE_IMPORT_DESCRIPTOR));
       idata :=PIMAGE_IMPORT_DESCRIPTOR(gptr);
       if idata.Name = 0 then break;
       gptr:=bptr;
       inc(gptr,offsetmem+idata.Name);
       modulename:=pchar(gptr);

       if listbox1.Items.IndexOf(modulename)<0 then
       listbox1.Items.Add(modulename);


       while true do
        begin
         if (idata.FirstThunk + j*4)= 0 then break;
         gptr:=bptr;
         inc(gptr,offsetmem+idata.FirstThunk +j*4);
         dptr:=plongword(gptr);
         gptr:=bptr;
         inc(gptr,offsetmem+dptr^);
         if isbadcodeptr(gptr) then break;
         ord:=pword(gptr)^;
         inc(gptr,2);
         functionname:=pchar(gptr);
         if isbadcodeptr(functionname) then break;
         if functionname=nil then break;

         tst.Add(modulename+'='+functionname);

         inc(j); 
        end;


       inc(i);
      end;


    end; 
  end;

UnmapViewOfFile(bptr); 
closehandle(hmap); 
fileclose(h1); 
end; 

procedure TForm1.ListBox1Click(Sender: TObject);
var i:integer;
st, lt:string;
begin
listbox2.clear;
lt := listbox1.Items[listbox1.itemindex];
for i:= 0 to tst.Count-1 do
begin
if pos(lt, tst[i])> 0 then
begin
st:=copy(tst[i], length(lt)+2,255);
listbox2.Items.Add(st);
end;
end;
end;




end.

Open in new window

linkcomp.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746056
Memo1 is just a 'log' window it is probably not very useful except to see what the code is doing interally. You could hide the Memo1
I'm not having a hard time with COLIBRI 's code.
No offence intended here;  but your code is a mess.
One big long procedure, no structure, no error checking.
I looked though COLIBRI 's code and there is a spot where he calculates the offset needed by using a 32-bit integer and letting it over-flow (CF) which is normally an error but is necessary in this instance. I could not figure out how/why .
Now you want to try and RE-Implement that in your code....
Iv'e been programming in Pascal since late 1987 and Delphi since version 1, I'm not interested in understanding that much about EXE formats when somebody has already done the work.
You're so close to being done using COLIBRI's and you want to start over?
I suggest you read COLIBRI's website ****Very Carefully and thourghly ****

ExeExplorer.zip
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746200
"the event is assigned to listbox2"
the event is supposed to be assigned to listbox1, not listbox2
0
 
LVL 14

Author Comment

by:systan
ID: 33746293
briangochnauer;
Thank you for the effort, but the result is always negative.
Heres the output of the code, I attached it in an image.
I don't know how you test it.

I think this conversation is to long.
I decided not to use colibres code.
Why?
So many codes, crumbled, rambled, and most of all,  youve send different errors from colibres codes,
and the new attached file? codes are long but where only getting small.

Since I am the asker, please kindly support what I want;
Please continue to see my code in id: #33745764

Original code debugged and produces good result,  but not excellent because the last dll picked-up is not displaying the functions, but the others are.

I am just a newbie for a long time, sorry for that.
linkcomp.JPG
0
 
LVL 5

Accepted Solution

by:
briangochnauer earned 500 total points
ID: 33746413
Guess you have an environment issue; cause it works fine for me (see image) when I compile and run it. Learn how to use the integrated debugger to fix your own program.
I guess I just wasted 3 days trying to help you. for nothing.

Clip127.jpg
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746508
Maybe you're running Win7 64-bit.
That is a problem, if you're trying to parse 32 and 64 bit DLLs.
The code I sent was for 32 bit.
0
 
LVL 14

Author Comment

by:systan
ID: 33746911
>>Maybe you're running Win7 64-bit.
No, Im not.
Im also running 32bit windows

As I see your image shown they are not the same, there must be wrong with the code your sending.

How could it be that there different.
linkcomp.JPG
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33746992
What mine is outputing is the list of functions imported when I clicked on Listbox1 (successfully).
Try the exe attached using the DLL attached and see what results you have.

Project11.exe
DelphiBand.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33747224
I got it running shows fine ONLY in your DelphiBand.dll,   other dlls I have?  its not working.  Now the problem is not on my side, its in your side?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747233
send a DLL that doesn't work.
0
 
LVL 14

Author Comment

by:systan
ID: 33747288
ok, actually all the dlls I have doesn't work on your project11, but in yours, it work pretty much.
hide.dll
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747344
Nice. maybe your whole system is infected. Blocked by my firewall.
Virus was detected in the content (virus_detected)
Content contained "Mal/Behav-136" virus

The virus was blocked and was not downloaded to your system. Details Virus: Mal/Behav-136; File: hide.dll; Sub File: No file name available; Vendor: Sophos, Plc.; Engine error code: 0x20040203; Engine version: 3.12.1; Pattern version: 4.58G.2031302.1346887699; Pattern date: 2010/09/23 16:23:00
0
 
LVL 14

Author Comment

by:systan
ID: 33747435
I'm using malwarebytes, bitdepender and no signs of virus.   Sophos? then its not a virus, I made that hide.dll, just a test with zWopenFile function uner ntdll.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747626
Sophos (british company); a very well know virus scanner, been around for many years.
Try something you didn't create.
0
 
LVL 14

Author Comment

by:systan
ID: 33747738
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747778
That one loads but there is not imports or exports; does it get an error?
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33747877
Do you have one you didn't create but gets an error;
 when you either
1. click on listbox1
2. loading/opening
USING the Project11.exe I sent you?
0
 
LVL 14

Author Comment

by:systan
ID: 33747917
Ok, that one last, has imported modules
GrFinger.dll
0
 
LVL 14

Author Comment

by:systan
ID: 33747955
>>
Do you have one you didn't create but gets an error; YES ALL, including my created dll
when you either

1. click on listbox1
2. loading/opening

USING the Project11.exe I sent you? YES
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33749001
Update 6 Rewrite;
ExeExplorer.zip
Project11.exe
0
 
LVL 14

Author Closing Comment

by:systan
ID: 33751881
briangochnauer;
You have now known that the dlls I've sent to you are not infected with a virus.

ExeExplorer.zip remains the same error.  "Access Violation"
The New Project11.exe has different form and is Ok getting every dlls,  and I don't know where did you get that code  and you ddn't attach it,  while you keep sending your old code along with the code from colibres site.

Anyway, I have solved my own code problem;
Errors that produces unsatisfied result,  and not excellent because the last dll picked-up is not displaying the functions, but the others are.

Now?  my small function code works excellent getting the right dll dependency and functions imported.
Even you called it "code is a mess."

Thanks for the effort, I don't really know wheres the big problem of the code your sending.  One thing I'm sure that the code your sending is complicated,  large code large problem.

I will accept your comments as a help, even though did not really get the exact codes that will run fine.

The important subject why closing this post because I already did answer my own code with a small clear function.


Thanks for the time
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33752906
The last ExeExplorer.zip contains *ALL* the files necessary to compile the project.
>>I don't know where did you get that code  and you ddn't attach it,
I tossed out ALL of COLIBRI's code and replaced it with GX_PEInfo.
This *very much* simplified the code needed.
If my Project11.exe works on every DLL; and you can't compile the source I gave you to work the same; then it is your compiler environment that is the problem.

Good luck with your new code. I'll try to avoid unproductive answers in the future.
 
0
 
LVL 14

Author Comment

by:systan
ID: 33754158
your New project11.exe has a different form that works,   the latest zip youve send along with the code and form design is different from your new project11.exe.    You keep sending old code but the code from your latest project11.exe that works was not really there for test.

anyway we dont really know wheres the big problem, i know its not from my compiler and if not from yours too.


Thank you for the time spending replys
I'm just a newbied spending time with different codes, please understand.
Without the error codes youve send I'll not react to make my own code that works now.

Thank you for that.
0
 
LVL 5

Expert Comment

by:briangochnauer
ID: 33754701
Sorry about that zip issue;
I've posted the correct incase others following or find it useful.

ExeExplorer.zip
0
 
LVL 14

Author Comment

by:systan
ID: 33755441
Thanks, its all working now, do you really have to step a long conversation before you give the right one, your a trill.
See you at some other post.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now