flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > Project : SimplePEviewer ver 0.0.64

Author
Thread Post new topic Reply to topic
dancho



Joined: 06 Mar 2011
Posts: 74
dancho 10 Oct 2014, 09:02
Hey guys,
SimplePEviewer is a program for showing the structure of win32 executable and object files , all infos and data are represent as stated in the revision 8.3 from February 6 , 2013.
Program is tested under win7(32/64) ,it is quite stable and suitable (IMHO) for the first public release.Collected data and information are compared with PEview app ( well know program , same category ) and there are no difference at all in presented infos , even SimplePEviewer open and shows some .exe that PEview chocks on.

update on 10.11.2014.
hey guys,
new version is up and ready for public realise with some extra features ,
1. parsing resource data
2. support for mscoff files
3. support for mouse wheel in the view window
4. ini file

info on mscoff support :
there are 5 formats of aux records that are supported currently by ms tools and they are :
1. function definitions
2. .bf and .ef symbols
3. weak externals
4. files
5. section definitions
simplepevierew supports them all , I had tested this on VS express 2008 ,
but also it can read object files from other compiler like Pelles C , I installed codeblock with mingw 4.7.1 and I read those files too .

info on ini file :
there are some infos written to ini file that help customizing program , nothing is written to the registry

I had tested this version thoroughly but ofc there could be some bugs left , so if you having some problems with some file please report it with some extra info ,like compiler used , debug or release version of the file etc ...

Any coments on the program are more then welcome
thx


Description: SimplePEviewer 0.0.64
Download
Filename: SimplePEviewer.zip
Filesize: 27.29 KB
Downloaded: 1152 Time(s)



Last edited by dancho on 16 Nov 2014, 08:15; edited 2 times in total
Post 10 Oct 2014, 09:02
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 10 Oct 2014, 15:38
Interesting project. Is it supposed to be open source?

It works in WINE as well with minor problems with the font. Don't know why it always choose proportional font and the columns of the hex viewer are not good. Also, it has to remember the last font chosen in order to allow customization.

BTW, isn't 65K too much for an assembly program?
Post 10 Oct 2014, 15:38
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20754
Location: In your JS exploiting you and your system
revolution 10 Oct 2014, 16:26
JohnFound wrote:
BTW, isn't 65K too much for an assembly program?
FASMW.EXE is currently ~141k. I don't understand the correlation of size to language.
Post 10 Oct 2014, 16:26
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 10 Oct 2014, 16:50
I mean the functionality of SimplePEviewer seems to be not so big for this size. Of course, I might be wrong.
Post 10 Oct 2014, 16:50
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1164
Location: Overflow
Matrix 10 Oct 2014, 17:59
revolution wrote:
JohnFound wrote:
BTW, isn't 65K too much for an assembly program?
FASMW.EXE is currently ~141k. I don't understand the correlation of size to language.


Well guys i'd like to note that your windows system is more than 10GB in size...
Post 10 Oct 2014, 17:59
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 10 Oct 2014, 19:33
Matrix wrote:
revolution wrote:
JohnFound wrote:
BTW, isn't 65K too much for an assembly program?
FASMW.EXE is currently ~141k. I don't understand the correlation of size to language.


Well guys i'd like to note that your windows system is more than 10GB in size...


I am in Linux. And I like the lightweight systems. Razz

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 10 Oct 2014, 19:33
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2893
Location: 0x77760000
typedef 11 Oct 2014, 04:28
Matrix wrote:
revolution wrote:
JohnFound wrote:
BTW, isn't 65K too much for an assembly program?
FASMW.EXE is currently ~141k. I don't understand the correlation of size to language.


Well guys i'd like to note that your windows system is more than 10GB in size...


Image

I don't know what's taking up space but I'm thinking movies and game files. lol. I find it time consuming to delete the files so I just save important files and install a fresh copy.
Post 11 Oct 2014, 04:28
View user's profile Send private message Reply with quote
Foxxy



Joined: 14 Jul 2014
Posts: 42
Location: Somewhere over the rainbow...
Foxxy 11 Oct 2014, 05:52
Can you provide the source? I built something along the lines of this, however, quite a bit later I realized that sometimes it wasn't parsing all of the imports, stopping after the first ,DLL on certain executables.
Post 11 Oct 2014, 05:52
View user's profile Send private message Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho 11 Oct 2014, 07:58
Sorry , no source atm ...
@Foxxy
Let me explain the way I did in SimplePEviewer , maybe will be helpful to you,
In optional header structure locate data directory array , find the import table and save rva and size infos ,comparing information from section headers findout in what section import directory entries reside ( you have to know in what section to put import directory tables ).
There is one table for each dll that image refers to , now in order to find total number of the import tables you just make infinite loop and stop when the last table is filled with nulls , while in loop read and save some infos from import tables ,import lookup table rva and import address table rva will show you where start rva addresses are, now to find out where exactly in the file is that address is apply simple math , ( now you will understand why is important to know in what section tables resides ) .
Just sub tablerva from sectionrva and add ptrTosectionRawData and you have start in the file of all iimports for that dll , parse that until last entry which is set to zero ( to mark the end ).
There are more thing to do , one important is to check timedatestamp to find out is the image is bound or not ( there is socall new style and old style bounding ) , next are imports by name or by ordinal , etc etc
but basicly thats that
Hope it helps Cool
Post 11 Oct 2014, 07:58
View user's profile Send private message Reply with quote
dancho



Joined: 06 Mar 2011
Posts: 74
dancho 10 Nov 2014, 09:06
New Version is up and ready ,
check first post .
Post 10 Nov 2014, 09:06
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.