Stripped PE Dumper

Your KolibriOS applications go here
  • Существует версия под Windows, вот скриншот с выводом информации об одном из драйверов KolibriOS:
    Spoiler:
    SPEDump.png
    SPEDump.png (27.61 KiB)
    Viewed 6528 times
    В Windows можно сделать перенаправление

    Code: Select all

    SPEDump kernel32.dll > dump.txt
    чем я и воспользовался.
    Это вывод информации о сконвертированной в StrippedPE для теста с помощью pestrip.asm Windows библиотеки kernel32.dll:
    Spoiler:

    Code: Select all

    Simple Stripped PE Binary File Dumper Version 0.1; 2018.
    
    Dump of "kernel32.dll"
    
    File header
    -----------
      Signature             = 4503
      Characteristics       = 210E
      AddressOfEntryPoint   = B5AE
      ImageBase             = 7C800000
      SectionAlignmentLog   = C
      FileAlignmentLog      = 9
      MajorOSVersion        = 4
      MinorOSVersion        = 0
      SizeOfImage           = F6000
      SizeOfStackReserve    = 40000
      SizeOfHeapReserve     = 100000
      SizeOfHeaders         = 400
      Subsystem             = 3
      NumberOfRvaAndSizes   = 7
      NumberOfSections      = 4
    
    Section #1
    -----------
      Name                  = .text
      VirtualSize           = 81FB5
      VirtualAddress        = 1000
      SizeOfRawData         = 82000
      PointerToRawData      = 400
      Flags                 = 60000020
    
    Section #2
    -----------
      Name                  = .data
      VirtualSize           = 43A0
      VirtualAddress        = 83000
      SizeOfRawData         = 2400
      PointerToRawData      = 82400
      Flags                 = C0000040
    
    Section #3
    -----------
      Name                  = .rsrc
      VirtualSize           = 6773C
      VirtualAddress        = 88000
      SizeOfRawData         = 67800
      PointerToRawData      = 84800
      Flags                 = 40000040
    
    Section #4
    -----------
      Name                  = .reloc
      VirtualSize           = 5BDC
      VirtualAddress        = F0000
      SizeOfRawData         = 5C00
      PointerToRawData      = EC000
      Flags                 = 42000040
    
    Imports
    -------
      OriginalFirstThunk    = 806A4
      TimeDateStamp         = 0
      ForwarderChain        = 0
      Name                  = ntdll.dll
      FirstThunk            = 1000
        _wcsnicmp
        NtFsControlFile
        NtCreateFile
        RtlAllocateHeap
        RtlFreeHeap
        NtOpenFile
        NtQueryInformationFile
        NtQueryEaFile
        RtlLengthSecurityDescriptor
        NtQuerySecurityObject
        NtSetEaFile
        NtSetSecurityObject
        NtSetInformationFile
        CsrClientCallServer
        NtDeviceIoControlFile
        NtClose
        RtlInitUnicodeString
        wcscspn
        RtlUnicodeToMultiByteSize
        wcslen
        _memicmp
        memmove
        NtQueryValueKey
        NtOpenKey
        NtFlushKey
        NtSetValueKey
        NtCreateKey
        RtlNtStatusToDosError
        RtlFreeUnicodeString
        RtlDnsHostNameToComputerName
        wcsncpy
        RtlUnicodeStringToAnsiString
        RtlxUnicodeStringToAnsiSize
        NlsMbCodePageTag
        RtlAnsiStringToUnicodeString
        RtlInitAnsiString
        RtlCreateUnicodeStringFromAsciiz
        wcschr
        wcsstr
        RtlPrefixString
        _wcsicmp
        RtlGetFullPathName_U
        RtlGetCurrentDirectory_U
        NtQueryInformationProcess
        RtlUnicodeStringToOemString
        RtlReleasePebLock
        RtlEqualUnicodeString
        RtlAcquirePebLock
        RtlFreeAnsiString
        RtlSetCurrentDirectory_U
        RtlTimeToTimeFields
        NtSetSystemTime
        RtlTimeFieldsToTime
        NtQuerySystemInformation
        RtlSetTimeZoneInformation
        NtSetSystemInformation
        RtlCutoverTimeToSystemTime
        _allmul
        DbgBreakPoint
        RtlFreeSid
        RtlSetDaclSecurityDescriptor
        RtlCreateSecurityDescriptor
        RtlAddAccessAllowedAce
        RtlCreateAcl
        RtlLengthSid
        RtlAllocateAndInitializeSid
        DbgPrint
        NtOpenProcess
        CsrGetProcessId
        DbgUiDebugActiveProcess
        DbgUiConnectToDbg
        DbgUiIssueRemoteBreakin
        NtSetInformationDebugObject
        DbgUiGetThreadDebugObject
        NtQueryInformationThread
        DbgUiConvertStateChangeStructure
        DbgUiWaitStateChange
        DbgUiContinue
        DbgUiStopDebugging
        RtlDosPathNameToNtPathName_U
        RtlIsDosDeviceName_U
        RtlCreateAtomTable
        NtAddAtom
        RtlAddAtomToAtomTable
        NtFindAtom
        RtlLookupAtomInAtomTable
        NtDeleteAtom
        RtlDeleteAtomFromAtomTable
        NtQueryInformationAtom
        RtlQueryAtomInAtomTable
        RtlOemStringToUnicodeString
        RtlMultiByteToUnicodeN
        RtlUnicodeToMultiByteN
        RtlMultiByteToUnicodeSize
        RtlPrefixUnicodeString
        RtlLeaveCriticalSection
        RtlEnterCriticalSection
        NtEnumerateValueKey
        RtlIsTextUnicode
        NtReadFile
        NtAllocateVirtualMemory
        NtUnlockFile
        NtLockFile
        RtlAppendUnicodeStringToString
        RtlAppendUnicodeToString
        RtlCopyUnicodeString
        NtFreeVirtualMemory
        NtWriteFile
        RtlCreateUnicodeString
        RtlFormatCurrentUserKeyPath
        RtlGetLongestNtPathLength
        NtDuplicateObject
        NtQueryKey
        NtEnumerateKey
        NtDeleteValueKey
        RtlEqualString
        CsrFreeCaptureBuffer
        CsrCaptureMessageString
        CsrAllocateCaptureBuffer
        strncpy
        RtlCharToInteger
        RtlUpcaseUnicodeChar
        RtlUpcaseUnicodeString
        CsrAllocateMessagePointer
        NtQueryObject
        wcscmp
        RtlCompareMemory
        NtQueryDirectoryObject
        NtQuerySymbolicLinkObject
        NtOpenSymbolicLinkObject
        NtOpenDirectoryObject
        NtCreateIoCompletion
        NtSetIoCompletion
        NtRemoveIoCompletion
        NtSetInformationProcess
        NtQueryDirectoryFile
        RtlDeleteCriticalSection
        NtNotifyChangeDirectoryFile
        NtWaitForSingleObject
        RtlInitializeCriticalSection
        NtQueryVolumeInformationFile
        NtFlushBuffersFile
        RtlDeactivateActivationContextUnsafeFast
        RtlActivateActivationContextUnsafeFast
        NtCancelIoFile
        NtReadFileScatter
        NtWriteFileGather
        wcscpy
        NtOpenSection
        NtMapViewOfSection
        NtFlushVirtualMemory
        RtlFlushSecureMemoryCache
        NtUnmapViewOfSection
        NtCreateSection
        NtQueryFullAttributesFile
        swprintf
        NtQueryAttributesFile
        RtlDetermineDosPathNameType_U
        NtRaiseHardError
        NtQuerySystemEnvironmentValueEx
        RtlGUIDFromString
        NtSetSystemEnvironmentValueEx
        RtlInitString
        RtlUnlockHeap
        RtlSetUserValueHeap
        RtlFreeHandle
        RtlAllocateHandle
        RtlLockHeap
        RtlSizeHeap
        RtlGetUserInfoHeap
        RtlReAllocateHeap
        RtlIsValidHandle
        RtlCompactHeap
        RtlImageNtHeader
        NtProtectVirtualMemory
        NtQueryVirtualMemory
        NtLockVirtualMemory
        NtUnlockVirtualMemory
        NtFlushInstructionCache
        NtAllocateUserPhysicalPages
        NtFreeUserPhysicalPages
        NtMapUserPhysicalPages
        NtMapUserPhysicalPagesScatter
        NtGetWriteWatch
        NtResetWriteWatch
        NtSetInformationObject
        CsrNewThread
        CsrClientConnectToServer
        RtlCreateTagHeap
        LdrSetDllManifestProber
        RtlSetThreadPoolStartFunc
        RtlEncodePointer
        _stricmp
        wcscat
        RtlCreateHeap
        RtlDestroyHeap
        RtlExtendHeap
        RtlQueryTagHeap
        RtlUsageHeap
        RtlValidateHeap
        RtlGetProcessHeaps
        RtlWalkHeap
        RtlSetHeapInformation
        RtlQueryHeapInformation
        RtlInitializeHandleTable
        RtlExtendedLargeIntegerDivide
        NtCreateMailslotFile
        RtlFormatMessage
        RtlFindMessage
        LdrUnloadDll
        LdrUnloadAlternateResourceModule
        LdrDisableThreadCalloutsForDll
        strchr
        LdrGetDllHandle
        LdrUnlockLoaderLock
        LdrAddRefDll
        RtlComputePrivatizedDllName_U
        RtlPcToFileHeader
        LdrLockLoaderLock
        RtlGetVersion
        RtlVerifyVersionInfo
        LdrEnumerateLoadedModules
        RtlUnicodeStringToInteger
        LdrLoadAlternateResourceModule
        RtlDosApplyFileIsolationRedirection_Ustr
        LdrLoadDll
        LdrGetProcedureAddress
        LdrFindResource_U
        LdrAccessResource
        LdrFindResourceDirectory_U
        RtlImageDirectoryEntryToData
        _strcmpi
        NtSetInformationThread
        NtOpenThreadToken
        NtCreateNamedPipeFile
        RtlDefaultNpAcl
        RtlDosSearchPath_Ustr
        RtlInitUnicodeStringEx
        RtlQueryEnvironmentVariable_U
        RtlAnsiCharToUnicodeChar
        RtlIntegerToChar
        NtSetVolumeInformationFile
        RtlIsNameLegalDOS8Dot3
        NtQueryPerformanceCounter
        sprintf
        NtPowerInformation
        NtInitiatePowerAction
        NtSetThreadExecutionState
        NtRequestWakeupLatency
        NtGetDevicePowerState
        NtIsSystemResumeAutomatic
        NtRequestDeviceWakeup
        NtCancelDeviceWakeupRequest
        NtWriteVirtualMemory
        LdrShutdownProcess
        NtTerminateProcess
        RtlRaiseStatus
        RtlSetEnvironmentVariable
        RtlExpandEnvironmentStrings_U
        NtReadVirtualMemory
        RtlCompareUnicodeString
        RtlQueryRegistryValues
        NtCreateJobSet
        NtCreateJobObject
        NtIsProcessInJob
        RtlEqualSid
        RtlSubAuthoritySid
        RtlInitializeSid
        NtQueryInformationToken
        NtOpenProcessToken
        NtResumeThread
        NtAssignProcessToJobObject
        CsrCaptureMessageMultiUnicodeStringsInPlace
        NtCreateThread
        NtCreateProcessEx
        LdrQueryImageFileExecutionOptions
        RtlDestroyEnvironment
        NtQuerySection
        NtQueryInformationJobObject
        RtlGetNativeSystemInformation
        RtlxAnsiStringToUnicodeSize
        NtOpenEvent
        NtQueryEvent
        NtTerminateThread
        wcsrchr
        NlsMbOemCodePageTag
        RtlxUnicodeStringToOemSize
        NtAdjustPrivilegesToken
        RtlImpersonateSelf
        wcsncmp
        RtlDestroyProcessParameters
        RtlCreateProcessParameters
        RtlInitializeCriticalSectionAndSpinCount
        NtSetEvent
        NtClearEvent
        NtPulseEvent
        NtCreateSemaphore
        NtOpenSemaphore
        NtReleaseSemaphore
        NtCreateMutant
        NtOpenMutant
        NtReleaseMutant
        NtSignalAndWaitForSingleObject
        NtWaitForMultipleObjects
        NtDelayExecution
        NtCreateTimer
        NtOpenTimer
        NtSetTimer
        NtCancelTimer
        NtCreateEvent
        RtlCopyLuid
        strrchr
        _vsnwprintf
        RtlReleaseActivationContext
        RtlActivateActivationContextEx
        RtlQueryInformationActivationContext
        NtOpenThread
        LdrShutdownThread
        RtlFreeThreadActivationContextStack
        NtGetContextThread
        NtSetContextThread
        NtSuspendThread
        RtlRaiseException
        RtlDecodePointer
        towlower
        RtlClearBits
        RtlFindClearBitsAndSet
        RtlAreBitsSet
        NtQueueApcThread
        NtYieldExecution
        RtlRegisterWait
        RtlDeregisterWait
        RtlDeregisterWaitEx
        RtlQueueWorkItem
        RtlSetIoCompletionCallback
        RtlCreateTimerQueue
        RtlCreateTimer
        RtlUpdateTimer
        RtlDeleteTimer
        RtlDeleteTimerQueueEx
        CsrIdentifyAlertableThread
        RtlApplicationVerifierStop
        _alloca_probe
        RtlDestroyQueryDebugBuffer
        RtlQueryProcessDebugInformation
        RtlCreateQueryDebugBuffer
        RtlCreateEnvironment
        RtlFreeOemString
        strstr
        toupper
        isdigit
        atol
        tolower
        NtOpenJobObject
        NtTerminateJobObject
        NtSetInformationJobObject
        RtlAddRefActivationContext
        RtlZombifyActivationContext
        RtlActivateActivationContext
        RtlDeactivateActivationContext
        RtlGetActiveActivationContext
        DbgPrintEx
        LdrDestroyOutOfProcessImage
        LdrAccessOutOfProcessResource
        LdrFindCreateProcessManifest
        LdrCreateOutOfProcessImage
        RtlNtStatusToDosErrorNoTeb
        RtlpApplyLengthFunction
        RtlGetLengthWithoutLastFullDosOrNtPathElement
        RtlpEnsureBufferSize
        RtlMultiAppendUnicodeStringBuffer
        _snwprintf
        RtlCreateActivationContext
        RtlFindActivationContextSectionString
        RtlFindActivationContextSectionGuid
        _allshl
        RtlNtPathNameToDosPathName
        RtlUnhandledExceptionFilter
        CsrCaptureMessageBuffer
        NtQueryInstallUILanguage
        NtQueryDefaultUILanguage
        wcspbrk
        RtlOpenCurrentUser
        RtlGetDaclSecurityDescriptor
        NtCreateDirectoryObject
        _wcslwr
        _wtol
        RtlIntegerToUnicodeString
        NtQueryDefaultLocale
        _strlwr
        RtlUnwind
    
    Exports
    -------
      Characteristics       = 0
      TimeDateStamp         = 44AB9AE0
      MajorVersion          = 0
      MinorVersion          = 0
      Name                  = KERNEL32.dll
      Base                  = 1
      NumberOfFunctions     = 3B5
      NumberOfNames         = 3B5
      AddressOfFunctions    = 2644
      AddressOfNames        = 3518
      AddressOfNameOrdinals = 43EC
        ActivateActCtx
        AddAtomA
        AddAtomW
        AddConsoleAliasA
        AddConsoleAliasW
        AddLocalAlternateComputerNameA
        AddLocalAlternateComputerNameW
        AddRefActCtx
        AddVectoredExceptionHandler
        AllocConsole
        AllocateUserPhysicalPages
        AreFileApisANSI
        AssignProcessToJobObject
        AttachConsole
        BackupRead
        BackupSeek
        BackupWrite
        BaseCheckAppcompatCache
        BaseCleanupAppcompatCache
        BaseCleanupAppcompatCacheSupport
        BaseDumpAppcompatCache
        BaseFlushAppcompatCache
        BaseInitAppcompatCache
        BaseInitAppcompatCacheSupport
        BaseProcessInitPostImport
        BaseQueryModuleData
        BaseUpdateAppcompatCache
        BasepCheckWinSaferRestrictions
        Beep
        BeginUpdateResourceA
        BeginUpdateResourceW
        BindIoCompletionCallback
        BuildCommDCBA
        BuildCommDCBAndTimeoutsA
        BuildCommDCBAndTimeoutsW
        BuildCommDCBW
        CallNamedPipeA
        CallNamedPipeW
        CancelDeviceWakeupRequest
        CancelIo
        CancelTimerQueueTimer
        CancelWaitableTimer
        ChangeTimerQueueTimer
        CheckNameLegalDOS8Dot3A
        CheckNameLegalDOS8Dot3W
        CheckRemoteDebuggerPresent
        ClearCommBreak
        ClearCommError
        CloseConsoleHandle
        CloseHandle
        CloseProfileUserMapping
        CmdBatNotification
        CommConfigDialogA
        CommConfigDialogW
        CompareFileTime
        CompareStringA
        CompareStringW
        ConnectNamedPipe
        ConsoleMenuControl
        ContinueDebugEvent
        ConvertDefaultLocale
        ConvertFiberToThread
        ConvertThreadToFiber
        CopyFileA
        CopyFileExA
        CopyFileExW
        CopyFileW
        CopyLZFile
        CreateActCtxA
        CreateActCtxW
        CreateConsoleScreenBuffer
        CreateDirectoryA
        CreateDirectoryExA
        CreateDirectoryExW
        CreateDirectoryW
        CreateEventA
        CreateEventW
        CreateFiber
        CreateFiberEx
        CreateFileA
        CreateFileMappingA
        CreateFileMappingW
        CreateFileW
        CreateHardLinkA
        CreateHardLinkW
        CreateIoCompletionPort
        CreateJobObjectA
        CreateJobObjectW
        CreateJobSet
        CreateMailslotA
        CreateMailslotW
        CreateMemoryResourceNotification
        CreateMutexA
        CreateMutexW
        CreateNamedPipeA
        CreateNamedPipeW
        CreateNlsSecurityDescriptor
        CreatePipe
        CreateProcessA
        CreateProcessInternalA
        CreateProcessInternalW
        CreateProcessInternalWSecure
        CreateProcessW
        CreateRemoteThread
        CreateSemaphoreA
        CreateSemaphoreW
        CreateSocketHandle
        CreateTapePartition
        CreateThread
        CreateTimerQueue
        CreateTimerQueueTimer
        CreateToolhelp32Snapshot
        CreateVirtualBuffer
        CreateWaitableTimerA
        CreateWaitableTimerW
        DeactivateActCtx
        DebugActiveProcess
        DebugActiveProcessStop
        DebugBreak
        DebugBreakProcess
        DebugSetProcessKillOnExit
        DecodePointer
        DecodeSystemPointer
        DefineDosDeviceA
        DefineDosDeviceW
        DelayLoadFailureHook
        DeleteAtom
        DeleteCriticalSection
        DeleteFiber
        DeleteFileA
        DeleteFileW
        DeleteTimerQueue
        DeleteTimerQueueEx
        DeleteTimerQueueTimer
        DeleteVolumeMountPointA
        DeleteVolumeMountPointW
        DeviceIoControl
        DisableThreadLibraryCalls
        DisconnectNamedPipe
        DnsHostnameToComputerNameA
        DnsHostnameToComputerNameW
        DosDateTimeToFileTime
        DosPathToSessionPathA
        DosPathToSessionPathW
        DuplicateConsoleHandle
        DuplicateHandle
        EncodePointer
        EncodeSystemPointer
        EndUpdateResourceA
        EndUpdateResourceW
        EnterCriticalSection
        EnumCalendarInfoA
        EnumCalendarInfoExA
        EnumCalendarInfoExW
        EnumCalendarInfoW
        EnumDateFormatsA
        EnumDateFormatsExA
        EnumDateFormatsExW
        EnumDateFormatsW
        EnumLanguageGroupLocalesA
        EnumLanguageGroupLocalesW
        EnumResourceLanguagesA
        EnumResourceLanguagesW
        EnumResourceNamesA
        EnumResourceNamesW
        EnumResourceTypesA
        EnumResourceTypesW
        EnumSystemCodePagesA
        EnumSystemCodePagesW
        EnumSystemGeoID
        EnumSystemLanguageGroupsA
        EnumSystemLanguageGroupsW
        EnumSystemLocalesA
        EnumSystemLocalesW
        EnumTimeFormatsA
        EnumTimeFormatsW
        EnumUILanguagesA
        EnumUILanguagesW
        EnumerateLocalComputerNamesA
        EnumerateLocalComputerNamesW
        EraseTape
        EscapeCommFunction
        ExitProcess
        ExitThread
        ExitVDM
        ExpandEnvironmentStringsA
        ExpandEnvironmentStringsW
        ExpungeConsoleCommandHistoryA
        ExpungeConsoleCommandHistoryW
        ExtendVirtualBuffer
        FatalAppExitA
        FatalAppExitW
        FatalExit
        FileTimeToDosDateTime
        FileTimeToLocalFileTime
        FileTimeToSystemTime
        FillConsoleOutputAttribute
        FillConsoleOutputCharacterA
        FillConsoleOutputCharacterW
        FindActCtxSectionGuid
        FindActCtxSectionStringA
        FindActCtxSectionStringW
        FindAtomA
        FindAtomW
        FindClose
        FindCloseChangeNotification
        FindFirstChangeNotificationA
        FindFirstChangeNotificationW
        FindFirstFileA
        FindFirstFileExA
        FindFirstFileExW
        FindFirstFileW
        FindFirstVolumeA
        FindFirstVolumeMountPointA
        FindFirstVolumeMountPointW
        FindFirstVolumeW
        FindNextChangeNotification
        FindNextFileA
        FindNextFileW
        FindNextVolumeA
        FindNextVolumeMountPointA
        FindNextVolumeMountPointW
        FindNextVolumeW
        FindResourceA
        FindResourceExA
        FindResourceExW
        FindResourceW
        FindVolumeClose
        FindVolumeMountPointClose
        FlushConsoleInputBuffer
        FlushFileBuffers
        FlushInstructionCache
        FlushViewOfFile
        FoldStringA
        FoldStringW
        FormatMessageA
        FormatMessageW
        FreeConsole
        FreeEnvironmentStringsA
        FreeEnvironmentStringsW
        FreeLibrary
        FreeLibraryAndExitThread
        FreeResource
        FreeUserPhysicalPages
        FreeVirtualBuffer
        GenerateConsoleCtrlEvent
        GetACP
        GetAtomNameA
        GetAtomNameW
        GetBinaryType
        GetBinaryTypeA
        GetBinaryTypeW
        GetCPFileNameFromRegistry
        GetCPInfo
        GetCPInfoExA
        GetCPInfoExW
        GetCalendarInfoA
        GetCalendarInfoW
        GetComPlusPackageInstallStatus
        GetCommConfig
        GetCommMask
        GetCommModemStatus
        GetCommProperties
        GetCommState
        GetCommTimeouts
        GetCommandLineA
        GetCommandLineW
        GetCompressedFileSizeA
        GetCompressedFileSizeW
        GetComputerNameA
        GetComputerNameExA
        GetComputerNameExW
        GetComputerNameW
        GetConsoleAliasA
        GetConsoleAliasExesA
        GetConsoleAliasExesLengthA
        GetConsoleAliasExesLengthW
        GetConsoleAliasExesW
        GetConsoleAliasW
        GetConsoleAliasesA
        GetConsoleAliasesLengthA
        GetConsoleAliasesLengthW
        GetConsoleAliasesW
        GetConsoleCP
        GetConsoleCharType
        GetConsoleCommandHistoryA
        GetConsoleCommandHistoryLengthA
        GetConsoleCommandHistoryLengthW
        GetConsoleCommandHistoryW
        GetConsoleCursorInfo
        GetConsoleCursorMode
        GetConsoleDisplayMode
        GetConsoleFontInfo
        GetConsoleFontSize
        GetConsoleHardwareState
        GetConsoleInputExeNameA
        GetConsoleInputExeNameW
        GetConsoleInputWaitHandle
        GetConsoleKeyboardLayoutNameA
        GetConsoleKeyboardLayoutNameW
        GetConsoleMode
        GetConsoleNlsMode
        GetConsoleOutputCP
        GetConsoleProcessList
        GetConsoleScreenBufferInfo
        GetConsoleSelectionInfo
        GetConsoleTitleA
        GetConsoleTitleW
        GetConsoleWindow
        GetCurrencyFormatA
        GetCurrencyFormatW
        GetCurrentActCtx
        GetCurrentConsoleFont
        GetCurrentDirectoryA
        GetCurrentDirectoryW
        GetCurrentProcess
        GetCurrentProcessId
        GetCurrentThread
        GetCurrentThreadId
        GetDateFormatA
        GetDateFormatW
        GetDefaultCommConfigA
        GetDefaultCommConfigW
        GetDefaultSortkeySize
        GetDevicePowerState
        GetDiskFreeSpaceA
        GetDiskFreeSpaceExA
        GetDiskFreeSpaceExW
        GetDiskFreeSpaceW
        GetDllDirectoryA
        GetDllDirectoryW
        GetDriveTypeA
        GetDriveTypeW
        GetEnvironmentStrings
        GetEnvironmentStringsA
        GetEnvironmentStringsW
        GetEnvironmentVariableA
        GetEnvironmentVariableW
        GetExitCodeProcess
        GetExitCodeThread
        GetExpandedNameA
        GetExpandedNameW
        GetFileAttributesA
        GetFileAttributesExA
        GetFileAttributesExW
        GetFileAttributesW
        GetFileInformationByHandle
        GetFileSize
        GetFileSizeEx
        GetFileTime
        GetFileType
        GetFirmwareEnvironmentVariableA
        GetFirmwareEnvironmentVariableW
        GetFullPathNameA
        GetFullPathNameW
        GetGeoInfoA
        GetGeoInfoW
        GetHandleContext
        GetHandleInformation
        GetLargestConsoleWindowSize
        GetLastError
        GetLinguistLangSize
        GetLocalTime
        GetLocaleInfoA
        GetLocaleInfoW
        GetLogicalDriveStringsA
        GetLogicalDriveStringsW
        GetLogicalDrives
        GetLongPathNameA
        GetLongPathNameW
        GetMailslotInfo
        GetModuleFileNameA
        GetModuleFileNameW
        GetModuleHandleA
        GetModuleHandleExA
        GetModuleHandleExW
        GetModuleHandleW
        GetNamedPipeHandleStateA
        GetNamedPipeHandleStateW
        GetNamedPipeInfo
        GetNativeSystemInfo
        GetNextVDMCommand
        GetNlsSectionName
        GetNumaAvailableMemory
        GetNumaAvailableMemoryNode
        GetNumaHighestNodeNumber
        GetNumaNodeProcessorMask
        GetNumaProcessorMap
        GetNumaProcessorNode
        GetNumberFormatA
        GetNumberFormatW
        GetNumberOfConsoleFonts
        GetNumberOfConsoleInputEvents
        GetNumberOfConsoleMouseButtons
        GetOEMCP
        GetOverlappedResult
        GetPriorityClass
        GetPrivateProfileIntA
        GetPrivateProfileIntW
        GetPrivateProfileSectionA
        GetPrivateProfileSectionNamesA
        GetPrivateProfileSectionNamesW
        GetPrivateProfileSectionW
        GetPrivateProfileStringA
        GetPrivateProfileStringW
        GetPrivateProfileStructA
        GetPrivateProfileStructW
        GetProcAddress
        GetProcessAffinityMask
        GetProcessHandleCount
        GetProcessHeap
        GetProcessHeaps
        GetProcessId
        GetProcessIoCounters
        GetProcessPriorityBoost
        GetProcessShutdownParameters
        GetProcessTimes
        GetProcessVersion
        GetProcessWorkingSetSize
        GetProfileIntA
        GetProfileIntW
        GetProfileSectionA
        GetProfileSectionW
        GetProfileStringA
        GetProfileStringW
        GetQueuedCompletionStatus
        GetShortPathNameA
        GetShortPathNameW
        GetStartupInfoA
        GetStartupInfoW
        GetStdHandle
        GetStringTypeA
        GetStringTypeExA
        GetStringTypeExW
        GetStringTypeW
        GetSystemDefaultLCID
        GetSystemDefaultLangID
        GetSystemDefaultUILanguage
        GetSystemDirectoryA
        GetSystemDirectoryW
        GetSystemInfo
        GetSystemPowerStatus
        GetSystemRegistryQuota
        GetSystemTime
        GetSystemTimeAdjustment
        GetSystemTimeAsFileTime
        GetSystemTimes
        GetSystemWindowsDirectoryA
        GetSystemWindowsDirectoryW
        GetSystemWow64DirectoryA
        GetSystemWow64DirectoryW
        GetTapeParameters
        GetTapePosition
        GetTapeStatus
        GetTempFileNameA
        GetTempFileNameW
        GetTempPathA
        GetTempPathW
        GetThreadContext
        GetThreadIOPendingFlag
        GetThreadLocale
        GetThreadPriority
        GetThreadPriorityBoost
        GetThreadSelectorEntry
        GetThreadTimes
        GetTickCount
        GetTimeFormatA
        GetTimeFormatW
        GetTimeZoneInformation
        GetUserDefaultLCID
        GetUserDefaultLangID
        GetUserDefaultUILanguage
        GetUserGeoID
        GetVDMCurrentDirectories
        GetVersion
        GetVersionExA
        GetVersionExW
        GetVolumeInformationA
        GetVolumeInformationW
        GetVolumeNameForVolumeMountPointA
        GetVolumeNameForVolumeMountPointW
        GetVolumePathNameA
        GetVolumePathNameW
        GetVolumePathNamesForVolumeNameA
        GetVolumePathNamesForVolumeNameW
        GetWindowsDirectoryA
        GetWindowsDirectoryW
        GetWriteWatch
        GlobalAddAtomA
        GlobalAddAtomW
        GlobalAlloc
        GlobalCompact
        GlobalDeleteAtom
        GlobalFindAtomA
        GlobalFindAtomW
        GlobalFix
        GlobalFlags
        GlobalFree
        GlobalGetAtomNameA
        GlobalGetAtomNameW
        GlobalHandle
        GlobalLock
        GlobalMemoryStatus
        GlobalMemoryStatusEx
        GlobalReAlloc
        GlobalSize
        GlobalUnWire
        GlobalUnfix
        GlobalUnlock
        GlobalWire
        Heap32First
        Heap32ListFirst
        Heap32ListNext
        Heap32Next
        HeapAlloc
        HeapCompact
        HeapCreate
        HeapCreateTagsW
        HeapDestroy
        HeapExtend
        HeapFree
        HeapLock
        HeapQueryInformation
        HeapQueryTagW
        HeapReAlloc
        HeapSetInformation
        HeapSize
        HeapSummary
        HeapUnlock
        HeapUsage
        HeapValidate
        HeapWalk
        InitAtomTable
        InitializeCriticalSection
        InitializeCriticalSectionAndSpinCount
        InitializeSListHead
        InterlockedCompareExchange
        InterlockedDecrement
        InterlockedExchange
        InterlockedExchangeAdd
        InterlockedFlushSList
        InterlockedIncrement
        InterlockedPopEntrySList
        InterlockedPushEntrySList
        InvalidateConsoleDIBits
        IsBadCodePtr
        IsBadHugeReadPtr
        IsBadHugeWritePtr
        IsBadReadPtr
        IsBadStringPtrA
        IsBadStringPtrW
        IsBadWritePtr
        IsDBCSLeadByte
        IsDBCSLeadByteEx
        IsDebuggerPresent
        IsProcessInJob
        IsProcessorFeaturePresent
        IsSystemResumeAutomatic
        IsValidCodePage
        IsValidLanguageGroup
        IsValidLocale
        IsValidUILanguage
        IsWow64Process
        LCMapStringA
        LCMapStringW
        LZClose
        LZCloseFile
        LZCopy
        LZCreateFileW
        LZDone
        LZInit
        LZOpenFileA
        LZOpenFileW
        LZRead
        LZSeek
        LZStart
        LeaveCriticalSection
        LoadLibraryA
        LoadLibraryExA
        LoadLibraryExW
        LoadLibraryW
        LoadModule
        LoadResource
        LocalAlloc
        LocalCompact
        LocalFileTimeToFileTime
        LocalFlags
        LocalFree
        LocalHandle
        LocalLock
        LocalReAlloc
        LocalShrink
        LocalSize
        LocalUnlock
        LockFile
        LockFileEx
        LockResource
        MapUserPhysicalPages
        MapUserPhysicalPagesScatter
        MapViewOfFile
        MapViewOfFileEx
        Module32First
        Module32FirstW
        Module32Next
        Module32NextW
        MoveFileA
        MoveFileExA
        MoveFileExW
        MoveFileW
        MoveFileWithProgressA
        MoveFileWithProgressW
        MulDiv
        MultiByteToWideChar
        NlsConvertIntegerToString
        NlsGetCacheUpdateCount
        NlsResetProcessLocale
        NumaVirtualQueryNode
        OpenConsoleW
        OpenDataFile
        OpenEventA
        OpenEventW
        OpenFile
        OpenFileMappingA
        OpenFileMappingW
        OpenJobObjectA
        OpenJobObjectW
        OpenMutexA
        OpenMutexW
        OpenProcess
        OpenProfileUserMapping
        OpenSemaphoreA
        OpenSemaphoreW
        OpenThread
        OpenWaitableTimerA
        OpenWaitableTimerW
        OutputDebugStringA
        OutputDebugStringW
        PeekConsoleInputA
        PeekConsoleInputW
        PeekNamedPipe
        PostQueuedCompletionStatus
        PrepareTape
        PrivCopyFileExW
        PrivMoveFileIdentityW
        Process32First
        Process32FirstW
        Process32Next
        Process32NextW
        ProcessIdToSessionId
        PulseEvent
        PurgeComm
        QueryActCtxW
        QueryDepthSList
        QueryDosDeviceA
        QueryDosDeviceW
        QueryInformationJobObject
        QueryMemoryResourceNotification
        QueryPerformanceCounter
        QueryPerformanceFrequency
        QueryWin31IniFilesMappedToRegistry
        QueueUserAPC
        QueueUserWorkItem
        RaiseException
        ReadConsoleA
        ReadConsoleInputA
        ReadConsoleInputExA
        ReadConsoleInputExW
        ReadConsoleInputW
        ReadConsoleOutputA
        ReadConsoleOutputAttribute
        ReadConsoleOutputCharacterA
        ReadConsoleOutputCharacterW
        ReadConsoleOutputW
        ReadConsoleW
        ReadDirectoryChangesW
        ReadFile
        ReadFileEx
        ReadFileScatter
        ReadProcessMemory
        RegisterConsoleIME
        RegisterConsoleOS2
        RegisterConsoleVDM
        RegisterWaitForInputIdle
        RegisterWaitForSingleObject
        RegisterWaitForSingleObjectEx
        RegisterWowBaseHandlers
        RegisterWowExec
        ReleaseActCtx
        ReleaseMutex
        ReleaseSemaphore
        RemoveDirectoryA
        RemoveDirectoryW
        RemoveLocalAlternateComputerNameA
        RemoveLocalAlternateComputerNameW
        RemoveVectoredExceptionHandler
        ReplaceFile
        ReplaceFileA
        ReplaceFileW
        RequestDeviceWakeup
        RequestWakeupLatency
        ResetEvent
        ResetWriteWatch
        RestoreLastError
        ResumeThread
        RtlCaptureContext
        RtlCaptureStackBackTrace
        RtlFillMemory
        RtlMoveMemory
        RtlUnwind
        RtlZeroMemory
        ScrollConsoleScreenBufferA
        ScrollConsoleScreenBufferW
        SearchPathA
        SearchPathW
        SetCPGlobal
        SetCalendarInfoA
        SetCalendarInfoW
        SetClientTimeZoneInformation
        SetComPlusPackageInstallStatus
        SetCommBreak
        SetCommConfig
        SetCommMask
        SetCommState
        SetCommTimeouts
        SetComputerNameA
        SetComputerNameExA
        SetComputerNameExW
        SetComputerNameW
        SetConsoleActiveScreenBuffer
        SetConsoleCP
        SetConsoleCommandHistoryMode
        SetConsoleCtrlHandler
        SetConsoleCursor
        SetConsoleCursorInfo
        SetConsoleCursorMode
        SetConsoleCursorPosition
        SetConsoleDisplayMode
        SetConsoleFont
        SetConsoleHardwareState
        SetConsoleIcon
        SetConsoleInputExeNameA
        SetConsoleInputExeNameW
        SetConsoleKeyShortcuts
        SetConsoleLocalEUDC
        SetConsoleMaximumWindowSize
        SetConsoleMenuClose
        SetConsoleMode
        SetConsoleNlsMode
        SetConsoleNumberOfCommandsA
        SetConsoleNumberOfCommandsW
        SetConsoleOS2OemFormat
        SetConsoleOutputCP
        SetConsolePalette
        SetConsoleScreenBufferSize
        SetConsoleTextAttribute
        SetConsoleTitleA
        SetConsoleTitleW
        SetConsoleWindowInfo
        SetCriticalSectionSpinCount
        SetCurrentDirectoryA
        SetCurrentDirectoryW
        SetDefaultCommConfigA
        SetDefaultCommConfigW
        SetDllDirectoryA
        SetDllDirectoryW
        SetEndOfFile
        SetEnvironmentVariableA
        SetEnvironmentVariableW
        SetErrorMode
        SetEvent
        SetFileApisToANSI
        SetFileApisToOEM
        SetFileAttributesA
        SetFileAttributesW
        SetFilePointer
        SetFilePointerEx
        SetFileShortNameA
        SetFileShortNameW
        SetFileTime
        SetFileValidData
        SetFirmwareEnvironmentVariableA
        SetFirmwareEnvironmentVariableW
        SetHandleContext
        SetHandleCount
        SetHandleInformation
        SetInformationJobObject
        SetLastConsoleEventActive
        SetLastError
        SetLocalPrimaryComputerNameA
        SetLocalPrimaryComputerNameW
        SetLocalTime
        SetLocaleInfoA
        SetLocaleInfoW
        SetMailslotInfo
        SetMessageWaitingIndicator
        SetNamedPipeHandleState
        SetPriorityClass
        SetProcessAffinityMask
        SetProcessPriorityBoost
        SetProcessShutdownParameters
        SetProcessWorkingSetSize
        SetStdHandle
        SetSystemPowerState
        SetSystemTime
        SetSystemTimeAdjustment
        SetTapeParameters
        SetTapePosition
        SetTermsrvAppInstallMode
        SetThreadAffinityMask
        SetThreadContext
        SetThreadExecutionState
        SetThreadIdealProcessor
        SetThreadLocale
        SetThreadPriority
        SetThreadPriorityBoost
        SetThreadUILanguage
        SetTimeZoneInformation
        SetTimerQueueTimer
        SetUnhandledExceptionFilter
        SetUserGeoID
        SetVDMCurrentDirectories
        SetVolumeLabelA
        SetVolumeLabelW
        SetVolumeMountPointA
        SetVolumeMountPointW
        SetWaitableTimer
        SetupComm
        ShowConsoleCursor
        SignalObjectAndWait
        SizeofResource
        Sleep
        SleepEx
        SuspendThread
        SwitchToFiber
        SwitchToThread
        SystemTimeToFileTime
        SystemTimeToTzSpecificLocalTime
        TerminateJobObject
        TerminateProcess
        TerminateThread
        TermsrvAppInstallMode
        Thread32First
        Thread32Next
        TlsAlloc
        TlsFree
        TlsGetValue
        TlsSetValue
        Toolhelp32ReadProcessMemory
        TransactNamedPipe
        TransmitCommChar
        TrimVirtualBuffer
        TryEnterCriticalSection
        TzSpecificLocalTimeToSystemTime
        UTRegister
        UTUnRegister
        UnhandledExceptionFilter
        UnlockFile
        UnlockFileEx
        UnmapViewOfFile
        UnregisterConsoleIME
        UnregisterWait
        UnregisterWaitEx
        UpdateResourceA
        UpdateResourceW
        VDMConsoleOperation
        VDMOperationStarted
        ValidateLCType
        ValidateLocale
        VerLanguageNameA
        VerLanguageNameW
        VerSetConditionMask
        VerifyConsoleIoHandle
        VerifyVersionInfoA
        VerifyVersionInfoW
        VirtualAlloc
        VirtualAllocEx
        VirtualBufferExceptionHandler
        VirtualFree
        VirtualFreeEx
        VirtualLock
        VirtualProtect
        VirtualProtectEx
        VirtualQuery
        VirtualQueryEx
        VirtualUnlock
        WTSGetActiveConsoleSessionId
        WaitCommEvent
        WaitForDebugEvent
        WaitForMultipleObjects
        WaitForMultipleObjectsEx
        WaitForSingleObject
        WaitForSingleObjectEx
        WaitNamedPipeA
        WaitNamedPipeW
        WideCharToMultiByte
        WinExec
        WriteConsoleA
        WriteConsoleInputA
        WriteConsoleInputVDMA
        WriteConsoleInputVDMW
        WriteConsoleInputW
        WriteConsoleOutputA
        WriteConsoleOutputAttribute
        WriteConsoleOutputCharacterA
        WriteConsoleOutputCharacterW
        WriteConsoleOutputW
        WriteConsoleW
        WriteFile
        WriteFileEx
        WriteFileGather
        WritePrivateProfileSectionA
        WritePrivateProfileSectionW
        WritePrivateProfileStringA
        WritePrivateProfileStringW
        WritePrivateProfileStructA
        WritePrivateProfileStructW
        WriteProcessMemory
        WriteProfileSectionA
        WriteProfileSectionW
        WriteProfileStringA
        WriteProfileStringW
        WriteTapemark
        ZombifyActCtx
        _hread
        _hwrite
        _lclose
        _lcreat
        _llseek
        _lopen
        _lread
        _lwrite
        lstrcat
        lstrcatA
        lstrcatW
        lstrcmp
        lstrcmpA
        lstrcmpW
        lstrcmpi
        lstrcmpiA
        lstrcmpiW
        lstrcpy
        lstrcpyA
        lstrcpyW
        lstrcpyn
        lstrcpynA
        lstrcpynW
        lstrlen
        lstrlenA
        lstrlenW
    Получилось

    Code: Select all

    NumberOfRvaAndSizes   = 7
    В SPEDump определено вот так:

    Code: Select all

    Const
      SPE_DIRECTORY_IMPORT    = 0;
      SPE_DIRECTORY_EXPORT    = 1;
      SPE_DIRECTORY_BASERELOC = 2;
    
      SPE_MAX_DIRECTORY_ENTRIES = SPE_DIRECTORY_BASERELOC;
    
    Type
      TDataDirectory = Packed Record
        VirtualAddress: Dword;
        Size:           Dword;
      End;
    
      PDataDirectory = ^TDataDirectory;
    
      TDataDirectoryArray = Packed Array[0..SPE_MAX_DIRECTORY_ENTRIES] Of TDataDirectory;
    
      PDataDirectoryArray = ^TDataDirectoryArray;
    В const.inc тоже определено только

    Code: Select all

      SPE_DIRECTORY_IMPORT    = 0
      SPE_DIRECTORY_EXPORT    = 1
      SPE_DIRECTORY_BASERELOC = 2
    но в pestrip.asm есть константы:

    Code: Select all

      IMAGE_DIRECTORY_ENTRY_EXPORT = 0
      IMAGE_DIRECTORY_ENTRY_IMPORT = 1
      IMAGE_DIRECTORY_ENTRY_RESOURCE = 2
      IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3
      IMAGE_DIRECTORY_ENTRY_BASERELOC = 5
      IMAGE_DIRECTORY_ENTRY_TLS = 9
      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11
    их как раз 7, надо полагать, все эти интересующие данные тоже сохраняются, вероятно, в таком порядке(судя по коду):
    • IMPORT, EXPORT, BASERELOC, EXCEPTION, TLS, BOUND_IMPORT, RESOURCE
    Спецификации нет, к сожалению.
    Тем не менее, на правильность работы SPEDump это не влияет — данные всё равно выводятся верно, так как смещение вычисляется как раз с учётом NumberOfRvaAndSizes, а именно:

    Code: Select all

    StrippedSectionHeader := PStrippedSectionHeader(Dword(StrippedPEHeader) + SizeOf(TStrippedPEHeader) + NumberOfRvaAndSizes * SizeOf(TDataDirectory));
    SPEDump.7z (28.36 KiB)
    Downloaded 305 times
  • Определение есть ещё в файле: \programs\system\os\pe.inc там же есть и peloader.inc с комментариями. Думаю, что последнее тебе и нужно...
    0CodErr wrote:Спецификации нет, к сожалению.
    Спецификация - формат Portable Executable. Полезные ссылки: Как вижу ситуацию я (100% где-то ошибаюсь): хотелось реализовать хороший драйвер мыши -> появилась необходимость в поддержке формата PE -> началась реализация формата PE, использовался COFF -> реализовать поддержку PE целиком затратно плюс не было необходимости (планировалось использовать только для драйверов и не хотелось увеличивать размер, поэтому всё лишнее выпиливалось). Дальше драйвера перешли на то, что получилось и успешно работало, но это была не полная поддержка PE и её нужно было как-то обозвать. И решив, что это будет "Stripped", clevermouse сделала очень красиво с сигнатурой:

    Code: Select all

    dw      'PE' xor 'S'
  • theonlymirage wrote:Определение есть ещё в файле: \programs\system\os\pe.inc там же есть и peloader.inc с комментариями.
    Да, тут полезной информации побольше.
    Ну про Microsoft PE это я и сам знаю. В теме CoffDump http://board.kolibrios.org/viewtopic.php?f=9&t=3577 лежит в первом же сообщении pecoff.pdf — спецификация от 2017 года.
    Интересует именно спецификация Stripped PE.
    Исходный код, работающий со Stripped PE, не может считаться спецификацией — он лишь выполняет определённую задачу, не более.
    Непонятно, какие фичи поддерживаются, а какие нет.
    Возможно, существуют дополнительные фичи, с которыми существующий код не работает, но они тоже имеют значение.
    Спецификация должна быть конкретная — а то в Microsoft PE время от времени тоже вносятся изменения.

    ИМХО, один из минусов — чтобы получить Stripped PE, нужно сначала обязательно получить Microsoft PE.
    theonlymirage wrote:реализовать поддержку PE целиком затратно
    Я бы сказал реализовать поддержку вообще чего-нибудь затратно :)
    В общем, я за разработку и развитие нужных и удобных именно конкретно вот в этой ОС инструментов.

    А про поддержку, формат и загрузку библиотек уже обсуждалось, например, тут
  • У меня есть C-версия этой программы:
    spedump.kex (2.38 KiB)
    Downloaded 74 times
    Исходники:
    spedump.7z (12.17 KiB)
    Downloaded 75 times
    Демонстрационное видео: https://drive.google.com/file/d/1uE0wp ... sp=sharing

    Стоит ли мне развивать эту тему (в духе cObj: cSpe)?
  • Eсли использовать новый системный вызов <68.27>, то размер файла можно значительно сократить:
    cSpe.kex (1.5 KiB)
    Downloaded 78 times
    Исходники:
    Downloaded 75 times
    Демонстрационное видео:
    https://drive.google.com/file/d/1yvvsEC ... sp=sharing
  • Who is online

    Users browsing this forum: No registered users and 4 guests