Esempio n. 1
 * getPEHeader - get the header of the .EXE
static int getPEHeader( HANDLE handle, pe_header *peh )
    WORD                data;
    WORD                sig;
    DWORD               nh_offset;

    if( !seekRead( handle, 0x00, &data, sizeof( data ) ) ) {
        return( FALSE );
    if( data != DOS_SIGNATURE ) {
        return( FALSE );

    if( !seekRead( handle, 0x18, &data, sizeof( data ) ) ) {
        return( FALSE );

    if( !seekRead( handle, 0x3c, &nh_offset, sizeof( unsigned_32 ) ) ) {
        return( FALSE );

    if( !seekRead( handle, nh_offset, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    if( sig != PE_SIGNATURE ) {
        return( FALSE );

    if( !seekRead( handle, nh_offset, peh, sizeof( pe_header ) ) ) {
        return( FALSE );
    return( TRUE );

} /* getPEHeader */
Esempio n. 2
 * GetModuleName - get the name of a module from its Export directory table
char *GetModuleName( HANDLE fhdl ) {

    pe_header           header;
    pe_object           obj;
    pe_export_directory expdir;
    DWORD               lenread;
    DWORD               export_rva;
    DWORD               i;
    char                buf[_MAX_PATH];
    char                *ret;

    if( !getEXEHeader( fhdl, &header ) ) return( NULL );
    export_rva = header.table[ PE_TBL_EXPORT ].rva;
    for( i=0; i < header.num_objects; i++ ) {
        if( !ReadFile( fhdl, &obj, sizeof( obj ), &lenread, NULL )
            || lenread != sizeof( obj ) ) {
            return( NULL );
        if( export_rva >= obj.rva && export_rva < obj.rva + obj.physical_size ) {
    if( i == header.num_objects ) return( NULL );
    if( !seekRead( fhdl, obj.physical_offset + export_rva - obj.rva , &expdir, sizeof( expdir ) ) ) {
        return( NULL );
    if( !seekRead( fhdl, obj.physical_offset + expdir.name_rva - obj.rva,
                   buf, _MAX_PATH ) ) {
        return( NULL );
    ret = MemAlloc( strlen( buf ) + 1 );
    strcpy( ret, buf );
    return( ret );
Esempio n. 3
 * getEXEHeader - verify that this is a PE executable and read the header
static BOOL getEXEHeader( HANDLE fhdl, pe_header *hdr ) {

    WORD        sig;
    DWORD       nh_offset;

    if( !seekRead( fhdl, 0x00, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    if( sig != EXE_MZ ) {
        return( FALSE );

    if( !seekRead( fhdl, 0x3c, &nh_offset, sizeof( DWORD ) ) ) {
        return( FALSE );

    if( !seekRead( fhdl, nh_offset, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    if( sig == EXE_PE ) {
        if( !seekRead( fhdl, nh_offset, hdr, sizeof( pe_header ) ) ) {
            return( FALSE );
        return( TRUE );
    return( FALSE );
Esempio n. 4
bool File::skipMark(void)
	if(mReadPosition == 0)
		// Skip UTF-8 BOM
		char buf[3];
		if(readData(buf, 3) == 3)
			if(uint8_t(buf[0]) == 0xEF
				&& uint8_t(buf[1]) == 0xBB
				&& uint8_t(buf[2]) == 0xBF)
				return true;


	return false;
Esempio n. 5
Resource::Reader::Reader(Resource *resource, const String &secret, bool nocheck) :
		if(!nocheck && mResource->salt().empty())
			throw Exception("Expected encrypted resource");
		Sha256().pbkdf2_hmac(secret, mResource->salt(), mKey, 32, 100000); 
	else {
		if(!nocheck && !mResource->salt().empty())
			throw Exception("Expected non-encrypted resource");
	seekRead(0);	// Initialize positions