diff --git a/PEToolkit.sln b/PEToolkit.sln
new file mode 100644
index 0000000..db53f1b
--- /dev/null
+++ b/PEToolkit.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.23107.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PEToolkit", "PEToolkit\PEToolkit.csproj", "{DF56161F-007E-46CE-9B09-0D99C0288415}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|Any CPU = Debug|Any CPU
+ Release|Any CPU = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {DF56161F-007E-46CE-9B09-0D99C0288415}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {DF56161F-007E-46CE-9B09-0D99C0288415}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {DF56161F-007E-46CE-9B09-0D99C0288415}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {DF56161F-007E-46CE-9B09-0D99C0288415}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/PEToolkit/App.config b/PEToolkit/App.config
new file mode 100644
index 0000000..88fa402
--- /dev/null
+++ b/PEToolkit/App.config
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/PEToolkit/Controls/ArrayListViewItem.cs b/PEToolkit/Controls/ArrayListViewItem.cs
new file mode 100644
index 0000000..80de96e
--- /dev/null
+++ b/PEToolkit/Controls/ArrayListViewItem.cs
@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Controls
+{
+ public class ArrayListViewItem : ListViewItem
+ {
+ public ArrayListViewItem(string name, Array a):base(name)
+ {
+ ArrayValue = a;
+ }
+ public ArrayListViewItem(Array a) : base()
+ {
+ ArrayValue = a;
+ }
+ public Array ArrayValue { get; set; }
+ }
+}
diff --git a/PEToolkit/Controls/ProcessLIstViewItem.cs b/PEToolkit/Controls/ProcessLIstViewItem.cs
new file mode 100644
index 0000000..5e9b6e4
--- /dev/null
+++ b/PEToolkit/Controls/ProcessLIstViewItem.cs
@@ -0,0 +1,22 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Controls
+{
+ public class ProcessListViewItem : ListViewItem
+ {
+ public ProcessListViewItem(Process p) : base(p.ProcessName)
+ {
+ SelectedProcess = p;
+ SubItems.Add(p.Id.ToString());
+ SubItems.Add(p.MainWindowTitle);
+ }
+
+ public Process SelectedProcess { get; set; }
+ }
+}
diff --git a/PEToolkit/Forms/formArrayValues.Designer.cs b/PEToolkit/Forms/formArrayValues.Designer.cs
new file mode 100644
index 0000000..703a30d
--- /dev/null
+++ b/PEToolkit/Forms/formArrayValues.Designer.cs
@@ -0,0 +1,76 @@
+namespace PEViewer.Forms
+{
+ partial class formArrayValues
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.lvValues = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.SuspendLayout();
+ //
+ // lvValues
+ //
+ this.lvValues.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvValues.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1});
+ this.lvValues.FullRowSelect = true;
+ this.lvValues.GridLines = true;
+ this.lvValues.Location = new System.Drawing.Point(12, 12);
+ this.lvValues.Name = "lvValues";
+ this.lvValues.Size = new System.Drawing.Size(265, 164);
+ this.lvValues.TabIndex = 0;
+ this.lvValues.UseCompatibleStateImageBehavior = false;
+ this.lvValues.View = System.Windows.Forms.View.Details;
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Value";
+ this.columnHeader1.Width = 205;
+ //
+ // formArrayValues
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(289, 190);
+ this.Controls.Add(this.lvValues);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formArrayValues";
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+ this.Text = "-";
+ this.Load += new System.EventHandler(this.formArrayValues_Load);
+ this.ResumeLayout(false);
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.ListView lvValues;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formArrayValues.cs b/PEToolkit/Forms/formArrayValues.cs
new file mode 100644
index 0000000..244a9e8
--- /dev/null
+++ b/PEToolkit/Forms/formArrayValues.cs
@@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formArrayValues : Form
+ {
+ public formArrayValues(string name, Array val)
+ {
+ InitializeComponent();
+ this.Text = name;
+ foreach(object o in val)
+ {
+ lvValues.Items.Add(new ListViewItem(o.ToString()));
+ }
+ }
+
+ private void formArrayValues_Load(object sender, EventArgs e)
+ {
+
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formArrayValues.resx b/PEToolkit/Forms/formArrayValues.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formArrayValues.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formBuildStructure.Designer.cs b/PEToolkit/Forms/formBuildStructure.Designer.cs
new file mode 100644
index 0000000..5369374
--- /dev/null
+++ b/PEToolkit/Forms/formBuildStructure.Designer.cs
@@ -0,0 +1,64 @@
+namespace PEViewer.Forms
+{
+ partial class formBuildStructure
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.rtbStruct = new System.Windows.Forms.RichTextBox();
+ this.SuspendLayout();
+ //
+ // rtbStruct
+ //
+ this.rtbStruct.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.rtbStruct.Location = new System.Drawing.Point(12, 12);
+ this.rtbStruct.Name = "rtbStruct";
+ this.rtbStruct.ReadOnly = true;
+ this.rtbStruct.Size = new System.Drawing.Size(371, 346);
+ this.rtbStruct.TabIndex = 0;
+ this.rtbStruct.Text = "";
+ //
+ // formBuildStructure
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(395, 370);
+ this.Controls.Add(this.rtbStruct);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formBuildStructure";
+ this.Text = "Structure";
+ this.Load += new System.EventHandler(this.formBuildStructure_Load);
+ this.ResumeLayout(false);
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.RichTextBox rtbStruct;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formBuildStructure.cs b/PEToolkit/Forms/formBuildStructure.cs
new file mode 100644
index 0000000..be53d5a
--- /dev/null
+++ b/PEToolkit/Forms/formBuildStructure.cs
@@ -0,0 +1,62 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formBuildStructure : Form
+ {
+ public formBuildStructure(Type structure)
+ {
+ InitializeComponent();
+ rtbStruct.Text = "[StructLayout(LayoutKind.Sequential)]" + Environment.NewLine;
+ rtbStruct.Text += string.Format("public struct {0}", structure.Name) + Environment.NewLine;
+ rtbStruct.Text += "{" + Environment.NewLine;
+ foreach(FieldInfo f in structure.GetFields())
+ {
+ if(f.FieldType.IsArray)
+ rtbStruct.Text += string.Format(" [MarshalAs(UnmanagedType.ByValArray, SizeConst={0})]", f.GetCustomAttribute().SizeConst) + Environment.NewLine;
+ rtbStruct.Text += string.Format(" public {0} {1};", f.FieldType.Name, f.Name) + Environment.NewLine;
+ }
+ rtbStruct.Text += "}" + Environment.NewLine;
+ }
+
+ public formBuildStructure(Type structure, string[] list)
+ {
+ InitializeComponent();
+ int offset = 0;
+
+ rtbStruct.Text = "[StructLayout(LayoutKind.Explicit)]" + Environment.NewLine;
+ rtbStruct.Text += string.Format("public struct {0}", structure.Name) + Environment.NewLine;
+ rtbStruct.Text += "{" + Environment.NewLine;
+ foreach (FieldInfo f in structure.GetFields())
+ {
+ if (list.Contains(f.Name))
+ {
+
+ if (f.FieldType.IsArray)
+ rtbStruct.Text += string.Format(" [MarshalAs(UnmanagedType.ByValArray, SizeConst={0})]", f.GetCustomAttribute().SizeConst) + Environment.NewLine;
+ rtbStruct.Text += string.Format(" [FieldOffset({0})] public {1} {2};", offset, f.FieldType.Name, f.Name) + Environment.NewLine;
+ }
+ if (f.FieldType.IsArray)
+ offset += (f.GetCustomAttribute().SizeConst * Marshal.SizeOf(f.FieldType.GetElementType()));
+ else
+ offset += Marshal.SizeOf(f.FieldType);
+ }
+ rtbStruct.Text += "}" + Environment.NewLine;
+ }
+
+ private void formBuildStructure_Load(object sender, EventArgs e)
+ {
+
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formBuildStructure.resx b/PEToolkit/Forms/formBuildStructure.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formBuildStructure.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formDumpModule.Designer.cs b/PEToolkit/Forms/formDumpModule.Designer.cs
new file mode 100644
index 0000000..b751d52
--- /dev/null
+++ b/PEToolkit/Forms/formDumpModule.Designer.cs
@@ -0,0 +1,89 @@
+namespace PEViewer.Forms
+{
+ partial class formDumpModule
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.tbDumpLocation = new System.Windows.Forms.TextBox();
+ this.button1 = new System.Windows.Forms.Button();
+ this.button2 = new System.Windows.Forms.Button();
+ this.SuspendLayout();
+ //
+ // tbDumpLocation
+ //
+ this.tbDumpLocation.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.tbDumpLocation.Location = new System.Drawing.Point(12, 12);
+ this.tbDumpLocation.Name = "tbDumpLocation";
+ this.tbDumpLocation.ReadOnly = true;
+ this.tbDumpLocation.Size = new System.Drawing.Size(237, 20);
+ this.tbDumpLocation.TabIndex = 0;
+ //
+ // button1
+ //
+ this.button1.Location = new System.Drawing.Point(255, 12);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(38, 23);
+ this.button1.TabIndex = 1;
+ this.button1.Text = "...";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // button2
+ //
+ this.button2.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.button2.Location = new System.Drawing.Point(103, 38);
+ this.button2.Name = "button2";
+ this.button2.Size = new System.Drawing.Size(92, 23);
+ this.button2.TabIndex = 2;
+ this.button2.Text = "Dump";
+ this.button2.UseVisualStyleBackColor = true;
+ this.button2.Click += new System.EventHandler(this.button2_Click);
+ //
+ // formDumpModule
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(305, 66);
+ this.Controls.Add(this.button2);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.tbDumpLocation);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedToolWindow;
+ this.Name = "formDumpModule";
+ this.Text = "Dump Module";
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.TextBox tbDumpLocation;
+ private System.Windows.Forms.Button button1;
+ private System.Windows.Forms.Button button2;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formDumpModule.cs b/PEToolkit/Forms/formDumpModule.cs
new file mode 100644
index 0000000..b77f0f5
--- /dev/null
+++ b/PEToolkit/Forms/formDumpModule.cs
@@ -0,0 +1,81 @@
+using PEViewer.PE;
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.Drawing;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formDumpModule : Form
+ {
+ public formDumpModule()
+ {
+ InitializeComponent();
+ }
+
+ private void button2_Click(object sender, EventArgs e)
+ {
+ if(tbDumpLocation.Text == string.Empty)
+ {
+ MessageBox.Show("Select a dump location.");
+ return;
+ }
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ string path = string.Empty;
+ using (SaveFileDialog sfd = new SaveFileDialog())
+ {
+ sfd.Filter = "Executable|*.exe|Library|*.dll";
+ if (sfd.ShowDialog() != DialogResult.OK)
+ return;
+ path = sfd.FileName;
+ }
+
+ int pId = 0;
+ ProcessModule module = null;
+ using (formLoadProcess fProc = new formLoadProcess())
+ {
+ if (fProc.ShowDialog() != DialogResult.OK)
+ return;
+ pId = fProc.SelectedProcessID;
+ module = fProc.SelectedModule;
+ }
+
+ PEInfomation procPE = PELoader.Load(pId, module);
+
+ byte[] buffer = new byte[procPE.Overview.SizeOfImage];
+
+ IntPtr procHandle = procPE.GetHandle();
+ ReadProcessMemory(procHandle, module.BaseAddress, buffer, Convert.ToInt32(procPE.Overview.SizeOfHeaders), 0);
+
+ foreach(IMAGE_SECTION_HEADER section in procPE.Sections)
+ {
+ if (section.SizeOfRawData == 0)
+ continue;
+
+ byte[] sData = new byte[section.SizeOfRawData];
+ ReadProcessMemory(procHandle, new IntPtr(procPE.Overview.ImageBase + section.VirtualAddress), sData, sData.Length, 0);
+
+ Buffer.BlockCopy(sData, 0, buffer, Convert.ToInt32(section.PointerToRawData), sData.Length);
+ }
+
+ File.WriteAllBytes(path, buffer);
+ procPE.CloseHandle();
+ MessageBox.Show("Done");
+ }
+
+ [DllImport("kernel32.dll")]
+ private static extern bool ReadProcessMemory(IntPtr handle, IntPtr address, byte[] buffer, int blen, int w0);
+ }
+}
diff --git a/PEToolkit/Forms/formDumpModule.resx b/PEToolkit/Forms/formDumpModule.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formDumpModule.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formGenerateStructure.Designer.cs b/PEToolkit/Forms/formGenerateStructure.Designer.cs
new file mode 100644
index 0000000..6d20c63
--- /dev/null
+++ b/PEToolkit/Forms/formGenerateStructure.Designer.cs
@@ -0,0 +1,147 @@
+namespace PEViewer.Forms
+{
+ partial class formGenerateStructure
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.label1 = new System.Windows.Forms.Label();
+ this.cbStructure = new System.Windows.Forms.ComboBox();
+ this.rbComplete = new System.Windows.Forms.RadioButton();
+ this.rbCustom = new System.Windows.Forms.RadioButton();
+ this.clbStructureSelect = new System.Windows.Forms.CheckedListBox();
+ this.button1 = new System.Windows.Forms.Button();
+ this.SuspendLayout();
+ //
+ // label1
+ //
+ this.label1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.label1.AutoSize = true;
+ this.label1.Font = new System.Drawing.Font("Segoe UI", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label1.Location = new System.Drawing.Point(12, 9);
+ this.label1.Name = "label1";
+ this.label1.Size = new System.Drawing.Size(63, 17);
+ this.label1.TabIndex = 0;
+ this.label1.Text = "Structure:";
+ //
+ // cbStructure
+ //
+ this.cbStructure.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.cbStructure.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList;
+ this.cbStructure.FormattingEnabled = true;
+ this.cbStructure.Location = new System.Drawing.Point(81, 9);
+ this.cbStructure.Name = "cbStructure";
+ this.cbStructure.Size = new System.Drawing.Size(191, 21);
+ this.cbStructure.TabIndex = 1;
+ this.cbStructure.SelectedIndexChanged += new System.EventHandler(this.cbStructure_SelectedIndexChanged);
+ //
+ // rbComplete
+ //
+ this.rbComplete.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.rbComplete.AutoSize = true;
+ this.rbComplete.Checked = true;
+ this.rbComplete.Location = new System.Drawing.Point(15, 45);
+ this.rbComplete.Name = "rbComplete";
+ this.rbComplete.Size = new System.Drawing.Size(115, 17);
+ this.rbComplete.TabIndex = 2;
+ this.rbComplete.TabStop = true;
+ this.rbComplete.Text = "Complete Structure";
+ this.rbComplete.UseVisualStyleBackColor = true;
+ //
+ // rbCustom
+ //
+ this.rbCustom.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.rbCustom.AutoSize = true;
+ this.rbCustom.Location = new System.Drawing.Point(136, 45);
+ this.rbCustom.Name = "rbCustom";
+ this.rbCustom.Size = new System.Drawing.Size(106, 17);
+ this.rbCustom.TabIndex = 3;
+ this.rbCustom.Text = "Custom Structure";
+ this.rbCustom.UseVisualStyleBackColor = true;
+ this.rbCustom.CheckedChanged += new System.EventHandler(this.rbCustom_CheckedChanged);
+ //
+ // clbStructureSelect
+ //
+ this.clbStructureSelect.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.clbStructureSelect.Enabled = false;
+ this.clbStructureSelect.FormattingEnabled = true;
+ this.clbStructureSelect.Location = new System.Drawing.Point(15, 68);
+ this.clbStructureSelect.Name = "clbStructureSelect";
+ this.clbStructureSelect.Size = new System.Drawing.Size(257, 154);
+ this.clbStructureSelect.TabIndex = 4;
+ //
+ // button1
+ //
+ this.button1.Anchor = System.Windows.Forms.AnchorStyles.Bottom;
+ this.button1.Location = new System.Drawing.Point(94, 230);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(89, 24);
+ this.button1.TabIndex = 5;
+ this.button1.Text = "Generate";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // formGenerateStructure
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(284, 261);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.clbStructureSelect);
+ this.Controls.Add(this.rbCustom);
+ this.Controls.Add(this.rbComplete);
+ this.Controls.Add(this.cbStructure);
+ this.Controls.Add(this.label1);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedToolWindow;
+ this.MinimumSize = new System.Drawing.Size(300, 300);
+ this.Name = "formGenerateStructure";
+ this.Text = "Generate Structures";
+ this.Load += new System.EventHandler(this.formGenerateStructure_Load);
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.Label label1;
+ private System.Windows.Forms.ComboBox cbStructure;
+ private System.Windows.Forms.RadioButton rbComplete;
+ private System.Windows.Forms.RadioButton rbCustom;
+ private System.Windows.Forms.CheckedListBox clbStructureSelect;
+ private System.Windows.Forms.Button button1;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formGenerateStructure.cs b/PEToolkit/Forms/formGenerateStructure.cs
new file mode 100644
index 0000000..68f5d0e
--- /dev/null
+++ b/PEToolkit/Forms/formGenerateStructure.cs
@@ -0,0 +1,86 @@
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Reflection;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formGenerateStructure : Form
+ {
+ Type[] PossableStructures = null;
+ public formGenerateStructure()
+ {
+ InitializeComponent();
+
+ PossableStructures = new Type[]
+ {
+ typeof(IMAGE_DOS_HEADER),
+ typeof(IMAGE_FILE_HEADER),
+ typeof(IMAGE_OPTIONAL_HEADER32),
+ typeof(IMAGE_DATA_DIRECTORIES),
+ typeof(IMAGE_SECTION_HEADER)
+ };
+
+ foreach(Type t in PossableStructures)
+ {
+ cbStructure.Items.Add(t.Name);
+ }
+ cbStructure.SelectedIndex = 0;
+ SelectStruct(PossableStructures[0]);
+ }
+
+ void SelectStruct(Type t)
+ {
+ clbStructureSelect.Items.Clear();
+ foreach(FieldInfo f in t.GetFields())
+ {
+ clbStructureSelect.Items.Add(f.Name, false);
+ }
+ }
+
+ private void formGenerateStructure_Load(object sender, EventArgs e)
+ {
+
+ }
+
+ private void rbCustom_CheckedChanged(object sender, EventArgs e)
+ {
+ clbStructureSelect.Enabled = rbCustom.Checked;
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ if (rbComplete.Checked)
+ {
+ using (formBuildStructure fbs = new formBuildStructure(PossableStructures[cbStructure.SelectedIndex]))
+ {
+ fbs.ShowDialog();
+ }
+ }
+ else
+ {
+ string[] fields = new string[clbStructureSelect.CheckedItems.Count];
+ for(int i = 0; i < fields.Length; i++)
+ {
+ fields[i] = clbStructureSelect.CheckedItems[i].ToString();
+ }
+ using (formBuildStructure fbs = new formBuildStructure(PossableStructures[cbStructure.SelectedIndex], fields))
+ {
+ fbs.ShowDialog();
+ }
+ }
+ }
+
+ private void cbStructure_SelectedIndexChanged(object sender, EventArgs e)
+ {
+ SelectStruct(PossableStructures[cbStructure.SelectedIndex]);
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formGenerateStructure.resx b/PEToolkit/Forms/formGenerateStructure.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formGenerateStructure.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formInjectDll.Designer.cs b/PEToolkit/Forms/formInjectDll.Designer.cs
new file mode 100644
index 0000000..2baa39b
--- /dev/null
+++ b/PEToolkit/Forms/formInjectDll.Designer.cs
@@ -0,0 +1,99 @@
+namespace PEViewer.Forms
+{
+ partial class formInjectDll
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.label1 = new System.Windows.Forms.Label();
+ this.tbDllPath = new System.Windows.Forms.TextBox();
+ this.button1 = new System.Windows.Forms.Button();
+ this.button2 = new System.Windows.Forms.Button();
+ this.SuspendLayout();
+ //
+ // label1
+ //
+ this.label1.AutoSize = true;
+ this.label1.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label1.Location = new System.Drawing.Point(12, 9);
+ this.label1.Name = "label1";
+ this.label1.Size = new System.Drawing.Size(50, 13);
+ this.label1.TabIndex = 0;
+ this.label1.Text = "Dll Path:";
+ //
+ // tbDllPath
+ //
+ this.tbDllPath.Location = new System.Drawing.Point(68, 6);
+ this.tbDllPath.Name = "tbDllPath";
+ this.tbDllPath.Size = new System.Drawing.Size(163, 20);
+ this.tbDllPath.TabIndex = 1;
+ //
+ // button1
+ //
+ this.button1.Location = new System.Drawing.Point(237, 4);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(40, 23);
+ this.button1.TabIndex = 2;
+ this.button1.Text = "...";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // button2
+ //
+ this.button2.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.button2.Location = new System.Drawing.Point(108, 32);
+ this.button2.Name = "button2";
+ this.button2.Size = new System.Drawing.Size(75, 23);
+ this.button2.TabIndex = 3;
+ this.button2.Text = "Inject";
+ this.button2.UseVisualStyleBackColor = true;
+ this.button2.Click += new System.EventHandler(this.button2_Click);
+ //
+ // formInjectDll
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(289, 60);
+ this.Controls.Add(this.button2);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.tbDllPath);
+ this.Controls.Add(this.label1);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedToolWindow;
+ this.Name = "formInjectDll";
+ this.Text = "Inject Dll";
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.Label label1;
+ private System.Windows.Forms.TextBox tbDllPath;
+ private System.Windows.Forms.Button button1;
+ private System.Windows.Forms.Button button2;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formInjectDll.cs b/PEToolkit/Forms/formInjectDll.cs
new file mode 100644
index 0000000..d9c4de3
--- /dev/null
+++ b/PEToolkit/Forms/formInjectDll.cs
@@ -0,0 +1,57 @@
+using PEViewer.Memory_Tools;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.IO;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formInjectDll : Form
+ {
+ public formInjectDll()
+ {
+ InitializeComponent();
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ using (OpenFileDialog ofd = new OpenFileDialog())
+ {
+ ofd.Filter = "Dll|*.dll";
+ if(ofd.ShowDialog() == DialogResult.OK)
+ {
+ tbDllPath.Text = ofd.FileName;
+ }
+ }
+ }
+
+ private void button2_Click(object sender, EventArgs e)
+ {
+ if (tbDllPath.Text == string.Empty)
+ return;
+ if(!File.Exists(tbDllPath.Text))
+ {
+ MessageBox.Show("Invalid File");
+ return;
+ }
+
+ using (formLoadProcess proc = new formLoadProcess(false))
+ {
+ if(proc.ShowDialog() == DialogResult.OK)
+ {
+ if (DllInjector.Inject(proc.SelectedProcessID, tbDllPath.Text))
+ MessageBox.Show("Injected Successfully.");
+ else
+ MessageBox.Show("Failed to inject.");
+ this.DialogResult = DialogResult.OK;
+ }
+ }
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formInjectDll.resx b/PEToolkit/Forms/formInjectDll.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formInjectDll.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formLoadProcess.Designer.cs b/PEToolkit/Forms/formLoadProcess.Designer.cs
new file mode 100644
index 0000000..b0fdce0
--- /dev/null
+++ b/PEToolkit/Forms/formLoadProcess.Designer.cs
@@ -0,0 +1,163 @@
+namespace PEViewer.Forms
+{
+ partial class formLoadProcess
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.components = new System.ComponentModel.Container();
+ this.lvProcessList = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.cmProcess = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.refreshToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.label1 = new System.Windows.Forms.Label();
+ this.nudProcessID = new System.Windows.Forms.NumericUpDown();
+ this.button1 = new System.Windows.Forms.Button();
+ this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.cmProcess.SuspendLayout();
+ ((System.ComponentModel.ISupportInitialize)(this.nudProcessID)).BeginInit();
+ this.SuspendLayout();
+ //
+ // lvProcessList
+ //
+ this.lvProcessList.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvProcessList.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2,
+ this.columnHeader3});
+ this.lvProcessList.ContextMenuStrip = this.cmProcess;
+ this.lvProcessList.FullRowSelect = true;
+ this.lvProcessList.GridLines = true;
+ this.lvProcessList.Location = new System.Drawing.Point(12, 12);
+ this.lvProcessList.Name = "lvProcessList";
+ this.lvProcessList.Size = new System.Drawing.Size(380, 374);
+ this.lvProcessList.TabIndex = 0;
+ this.lvProcessList.UseCompatibleStateImageBehavior = false;
+ this.lvProcessList.View = System.Windows.Forms.View.Details;
+ this.lvProcessList.SelectedIndexChanged += new System.EventHandler(this.lvProcessList_SelectedIndexChanged);
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Process Name";
+ this.columnHeader1.Width = 111;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "PID";
+ this.columnHeader2.Width = 104;
+ //
+ // cmProcess
+ //
+ this.cmProcess.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.refreshToolStripMenuItem});
+ this.cmProcess.Name = "cmProcess";
+ this.cmProcess.Size = new System.Drawing.Size(114, 26);
+ //
+ // refreshToolStripMenuItem
+ //
+ this.refreshToolStripMenuItem.Name = "refreshToolStripMenuItem";
+ this.refreshToolStripMenuItem.Size = new System.Drawing.Size(113, 22);
+ this.refreshToolStripMenuItem.Text = "Refresh";
+ this.refreshToolStripMenuItem.Click += new System.EventHandler(this.refreshToolStripMenuItem_Click);
+ //
+ // label1
+ //
+ this.label1.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)));
+ this.label1.AutoSize = true;
+ this.label1.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label1.Location = new System.Drawing.Point(12, 399);
+ this.label1.Name = "label1";
+ this.label1.Size = new System.Drawing.Size(62, 13);
+ this.label1.TabIndex = 1;
+ this.label1.Text = "Process ID:";
+ //
+ // nudProcessID
+ //
+ this.nudProcessID.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.nudProcessID.Location = new System.Drawing.Point(80, 397);
+ this.nudProcessID.Maximum = new decimal(new int[] {
+ 100000000,
+ 0,
+ 0,
+ 0});
+ this.nudProcessID.Name = "nudProcessID";
+ this.nudProcessID.Size = new System.Drawing.Size(231, 20);
+ this.nudProcessID.TabIndex = 2;
+ //
+ // button1
+ //
+ this.button1.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+ this.button1.Location = new System.Drawing.Point(317, 394);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(75, 23);
+ this.button1.TabIndex = 3;
+ this.button1.Text = "OK";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // columnHeader3
+ //
+ this.columnHeader3.Text = "Window";
+ this.columnHeader3.Width = 133;
+ //
+ // formLoadProcess
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(404, 424);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.nudProcessID);
+ this.Controls.Add(this.label1);
+ this.Controls.Add(this.lvProcessList);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formLoadProcess";
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+ this.Text = "Select Process";
+ this.Load += new System.EventHandler(this.formLoadProcess_Load);
+ this.cmProcess.ResumeLayout(false);
+ ((System.ComponentModel.ISupportInitialize)(this.nudProcessID)).EndInit();
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.ListView lvProcessList;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ private System.Windows.Forms.ColumnHeader columnHeader2;
+ private System.Windows.Forms.Label label1;
+ private System.Windows.Forms.NumericUpDown nudProcessID;
+ private System.Windows.Forms.Button button1;
+ private System.Windows.Forms.ContextMenuStrip cmProcess;
+ private System.Windows.Forms.ToolStripMenuItem refreshToolStripMenuItem;
+ private System.Windows.Forms.ColumnHeader columnHeader3;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formLoadProcess.cs b/PEToolkit/Forms/formLoadProcess.cs
new file mode 100644
index 0000000..5d2ae5a
--- /dev/null
+++ b/PEToolkit/Forms/formLoadProcess.cs
@@ -0,0 +1,84 @@
+using PEViewer.Controls;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.Drawing;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formLoadProcess : Form
+ {
+ public int SelectedProcessID { get; private set; }
+ public ProcessModule SelectedModule { get; private set; }
+ public string ProcessName { get; set; }
+ public bool SelectModule { get; private set; }
+
+ public formLoadProcess()
+ {
+ InitializeComponent();
+ SelectModule = true;
+ }
+ public formLoadProcess(bool selectModule)
+ {
+ InitializeComponent();
+ SelectModule = selectModule;
+ }
+
+ private void formLoadProcess_Load(object sender, EventArgs e)
+ {
+ PopulateList();
+ }
+ void PopulateList()
+ {
+ lvProcessList.Items.Clear();
+
+ Process[] procList = Process.GetProcesses();
+ foreach(Process p in procList)
+ {
+ lvProcessList.Items.Add(new ProcessListViewItem(p));
+ }
+ }
+
+ private void refreshToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ PopulateList();
+ }
+
+ private void lvProcessList_SelectedIndexChanged(object sender, EventArgs e)
+ {
+ if(lvProcessList.SelectedItems.Count > 0)
+ {
+ ProcessListViewItem i = (ProcessListViewItem)lvProcessList.SelectedItems[0];
+ nudProcessID.Value = i.SelectedProcess.Id;
+ }
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ Process p = Process.GetProcessById((int)nudProcessID.Value);
+ SelectedProcessID = p.Id;
+ ProcessName = p.ProcessName;
+
+ if (SelectModule)
+ {
+ using (formModuleSelect mod = new formModuleSelect(p))
+ {
+ if (mod.ShowDialog() != DialogResult.OK)
+ return;
+ SelectedModule = mod.SelectedProcessModule;
+ }
+ }
+ this.DialogResult = DialogResult.OK;
+ }
+
+ [DllImport("kernel32.dll")]
+ private static extern bool IsWow64Process(IntPtr handle, ref bool is64);
+ }
+}
diff --git a/PEToolkit/Forms/formLoadProcess.resx b/PEToolkit/Forms/formLoadProcess.resx
new file mode 100644
index 0000000..6273449
--- /dev/null
+++ b/PEToolkit/Forms/formLoadProcess.resx
@@ -0,0 +1,123 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ 17, 17
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formModuleSelect.Designer.cs b/PEToolkit/Forms/formModuleSelect.Designer.cs
new file mode 100644
index 0000000..ebb8b34
--- /dev/null
+++ b/PEToolkit/Forms/formModuleSelect.Designer.cs
@@ -0,0 +1,75 @@
+namespace PEViewer.Forms
+{
+ partial class formModuleSelect
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.cbModule = new System.Windows.Forms.ComboBox();
+ this.button1 = new System.Windows.Forms.Button();
+ this.SuspendLayout();
+ //
+ // cbModule
+ //
+ this.cbModule.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList;
+ this.cbModule.FormattingEnabled = true;
+ this.cbModule.Location = new System.Drawing.Point(12, 12);
+ this.cbModule.Name = "cbModule";
+ this.cbModule.Size = new System.Drawing.Size(205, 21);
+ this.cbModule.TabIndex = 0;
+ //
+ // button1
+ //
+ this.button1.Location = new System.Drawing.Point(78, 39);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(75, 23);
+ this.button1.TabIndex = 1;
+ this.button1.Text = "OK";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // formModuleSelect
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(233, 67);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.cbModule);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedToolWindow;
+ this.Name = "formModuleSelect";
+ this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+ this.Text = "Select Module";
+ this.Load += new System.EventHandler(this.formModuleSelect_Load);
+ this.ResumeLayout(false);
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.ComboBox cbModule;
+ private System.Windows.Forms.Button button1;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formModuleSelect.cs b/PEToolkit/Forms/formModuleSelect.cs
new file mode 100644
index 0000000..440c2ee
--- /dev/null
+++ b/PEToolkit/Forms/formModuleSelect.cs
@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formModuleSelect : Form
+ {
+ public ProcessModule SelectedProcessModule { get; private set; }
+ ProcessModule[] Modules = null;
+ Process targetProcess = null;
+ public formModuleSelect(Process p)
+ {
+ targetProcess = p;
+ InitializeComponent();
+ }
+
+ private void formModuleSelect_Load(object sender, EventArgs e)
+ {
+ this.Text += string.Format(" (PID: {0})", targetProcess.Id);
+
+ try
+ {
+ ProcessModuleCollection col = targetProcess.Modules;
+ Modules = new ProcessModule[col.Count];
+ for (int i = 0; i < Modules.Length; i++)
+ {
+ Modules[i] = col[i];
+ cbModule.Items.Add(Modules[i].ModuleName);
+ }
+ if (cbModule.Items.Count > 0)
+ cbModule.SelectedIndex = 0;
+ }
+ catch
+ {
+ MessageBox.Show("32bit processes only");
+ this.DialogResult = DialogResult.Cancel;
+ }
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ SelectedProcessModule = Modules[cbModule.SelectedIndex];
+ this.DialogResult = DialogResult.OK;
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formModuleSelect.resx b/PEToolkit/Forms/formModuleSelect.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formModuleSelect.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formNativeresources.Designer.cs b/PEToolkit/Forms/formNativeresources.Designer.cs
new file mode 100644
index 0000000..d1fd2aa
--- /dev/null
+++ b/PEToolkit/Forms/formNativeresources.Designer.cs
@@ -0,0 +1,84 @@
+namespace PEViewer.Forms
+{
+ partial class formNativeresources
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.lvResources = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.SuspendLayout();
+ //
+ // lvResources
+ //
+ this.lvResources.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvResources.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2});
+ this.lvResources.FullRowSelect = true;
+ this.lvResources.GridLines = true;
+ this.lvResources.Location = new System.Drawing.Point(12, 12);
+ this.lvResources.MultiSelect = false;
+ this.lvResources.Name = "lvResources";
+ this.lvResources.Size = new System.Drawing.Size(340, 210);
+ this.lvResources.TabIndex = 0;
+ this.lvResources.UseCompatibleStateImageBehavior = false;
+ this.lvResources.View = System.Windows.Forms.View.Details;
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Name";
+ this.columnHeader1.Width = 135;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "Type";
+ this.columnHeader2.Width = 139;
+ //
+ // formNativeresources
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(364, 234);
+ this.Controls.Add(this.lvResources);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formNativeresources";
+ this.Text = "Resources";
+ this.Load += new System.EventHandler(this.formNativeresources_Load);
+ this.ResumeLayout(false);
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.ListView lvResources;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ private System.Windows.Forms.ColumnHeader columnHeader2;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formNativeresources.cs b/PEToolkit/Forms/formNativeresources.cs
new file mode 100644
index 0000000..5dd395d
--- /dev/null
+++ b/PEToolkit/Forms/formNativeresources.cs
@@ -0,0 +1,81 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.Drawing;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+
+ public partial class formNativeresources : Form
+ {
+ private delegate bool EnumResourceNameCallback(IntPtr module, string type, string name, IntPtr z);
+ private delegate bool EnumResourceTypeCallback(IntPtr module, string type, IntPtr z);
+
+ EnumResourceNameCallback ResourceNameCallback;
+ EnumResourceTypeCallback ResourceTypeCallback;
+
+ IntPtr handle = IntPtr.Zero;
+ public formNativeresources(IntPtr _handle)
+ {
+ handle = _handle;
+ InitializeComponent();
+ ResourceNameCallback = new EnumResourceNameCallback(nameCallback);
+ ResourceTypeCallback = new EnumResourceTypeCallback(typeCallback);
+
+ EnumResourceTypes(handle, ResourceTypeCallback, IntPtr.Zero);
+ /*
+ EnumResourceTypes(handle, "RT_RCDATA", "RT_STRING", "RT_VERSION",
+ "RT_ICON", "RT_GROUP_ICON", "RT_BITMAP", "RT_MESSAGETABLE",
+ "RT_MENU", "RT_MANIFEST", "RT_HTML", "RT_GROUP_CURSOR",
+ "RT_FONTDIR", "RT_FONT", "RT_DLGINCLUDE", "RT_DIALOG",
+ "RT_CURSOR", "RT_BITMAP", "RT_ANIICON", "RT_ANICURSOR", "RT_ACCELERATOR");
+ */
+ }
+
+ void EnumResourceGroups(IntPtr handle, params string[] types)
+ {
+ foreach(string s in types)
+ {
+ EnumResourceNames(handle, s, ResourceNameCallback, IntPtr.Zero);
+ }
+ }
+
+ bool typeCallback(IntPtr module, string type, IntPtr z)
+ {
+ EnumResourceNames(module, type, ResourceNameCallback, IntPtr.Zero);
+ Debug.WriteLine("Type: " + type);
+ return true;
+ }
+
+ bool nameCallback(IntPtr module, string type, string name, IntPtr z)
+ {
+ ListViewItem i = new ListViewItem(name);
+ i.SubItems.Add(type);
+ lvResources.Items.Add(i);
+ return true;
+ }
+
+ private void formNativeresources_Load(object sender, EventArgs e)
+ {
+
+ }
+
+ [DllImport("kernel32.dll")]
+ private static extern bool EnumResourceNames(IntPtr module, string rType, EnumResourceNameCallback cb, IntPtr z);
+
+ [DllImport("kernel32.dll")]
+ private static extern bool EnumResourceTypes(IntPtr module, EnumResourceTypeCallback cb, IntPtr z);
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ MessageBox.Show(new Win32Exception(Marshal.GetLastWin32Error()).Message);
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formNativeresources.resx b/PEToolkit/Forms/formNativeresources.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formNativeresources.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formRunpeCheck.Designer.cs b/PEToolkit/Forms/formRunpeCheck.Designer.cs
new file mode 100644
index 0000000..d0f35f1
--- /dev/null
+++ b/PEToolkit/Forms/formRunpeCheck.Designer.cs
@@ -0,0 +1,234 @@
+namespace PEViewer.Forms
+{
+ partial class formRunpeCheck
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.splitContainer1 = new System.Windows.Forms.SplitContainer();
+ this.label1 = new System.Windows.Forms.Label();
+ this.label2 = new System.Windows.Forms.Label();
+ this.lbProcessList = new System.Windows.Forms.ListView();
+ this.lvFileList = new System.Windows.Forms.ListView();
+ this.button1 = new System.Windows.Forms.Button();
+ this.label3 = new System.Windows.Forms.Label();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.lbRunpeStatus = new System.Windows.Forms.Label();
+ this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader6 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ ((System.ComponentModel.ISupportInitialize)(this.splitContainer1)).BeginInit();
+ this.splitContainer1.Panel1.SuspendLayout();
+ this.splitContainer1.Panel2.SuspendLayout();
+ this.splitContainer1.SuspendLayout();
+ this.SuspendLayout();
+ //
+ // splitContainer1
+ //
+ this.splitContainer1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.splitContainer1.Location = new System.Drawing.Point(12, 65);
+ this.splitContainer1.Name = "splitContainer1";
+ //
+ // splitContainer1.Panel1
+ //
+ this.splitContainer1.Panel1.Controls.Add(this.lbProcessList);
+ this.splitContainer1.Panel1.Controls.Add(this.label1);
+ //
+ // splitContainer1.Panel2
+ //
+ this.splitContainer1.Panel2.Controls.Add(this.lvFileList);
+ this.splitContainer1.Panel2.Controls.Add(this.label2);
+ this.splitContainer1.Size = new System.Drawing.Size(706, 399);
+ this.splitContainer1.SplitterDistance = 353;
+ this.splitContainer1.TabIndex = 0;
+ //
+ // label1
+ //
+ this.label1.AutoSize = true;
+ this.label1.Font = new System.Drawing.Font("Segoe UI", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label1.Location = new System.Drawing.Point(39, 13);
+ this.label1.Name = "label1";
+ this.label1.Size = new System.Drawing.Size(118, 17);
+ this.label1.TabIndex = 0;
+ this.label1.Text = "Process PE Header";
+ //
+ // label2
+ //
+ this.label2.AutoSize = true;
+ this.label2.Font = new System.Drawing.Font("Segoe UI", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label2.Location = new System.Drawing.Point(72, 13);
+ this.label2.Name = "label2";
+ this.label2.Size = new System.Drawing.Size(92, 17);
+ this.label2.TabIndex = 1;
+ this.label2.Text = "File PE Header";
+ //
+ // lbProcessList
+ //
+ this.lbProcessList.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lbProcessList.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2,
+ this.columnHeader5});
+ this.lbProcessList.FullRowSelect = true;
+ this.lbProcessList.GridLines = true;
+ this.lbProcessList.Location = new System.Drawing.Point(17, 42);
+ this.lbProcessList.Name = "lbProcessList";
+ this.lbProcessList.Size = new System.Drawing.Size(318, 346);
+ this.lbProcessList.TabIndex = 1;
+ this.lbProcessList.UseCompatibleStateImageBehavior = false;
+ this.lbProcessList.View = System.Windows.Forms.View.Details;
+ //
+ // lvFileList
+ //
+ this.lvFileList.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvFileList.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader3,
+ this.columnHeader4,
+ this.columnHeader6});
+ this.lvFileList.FullRowSelect = true;
+ this.lvFileList.GridLines = true;
+ this.lvFileList.Location = new System.Drawing.Point(18, 42);
+ this.lvFileList.Name = "lvFileList";
+ this.lvFileList.Size = new System.Drawing.Size(313, 346);
+ this.lvFileList.TabIndex = 2;
+ this.lvFileList.UseCompatibleStateImageBehavior = false;
+ this.lvFileList.View = System.Windows.Forms.View.Details;
+ //
+ // button1
+ //
+ this.button1.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.button1.Location = new System.Drawing.Point(12, 12);
+ this.button1.Name = "button1";
+ this.button1.Size = new System.Drawing.Size(706, 23);
+ this.button1.TabIndex = 1;
+ this.button1.Text = "Select Process";
+ this.button1.UseVisualStyleBackColor = true;
+ this.button1.Click += new System.EventHandler(this.button1_Click);
+ //
+ // label3
+ //
+ this.label3.AutoSize = true;
+ this.label3.Font = new System.Drawing.Font("Segoe UI", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label3.Location = new System.Drawing.Point(12, 45);
+ this.label3.Name = "label3";
+ this.label3.Size = new System.Drawing.Size(87, 17);
+ this.label3.TabIndex = 2;
+ this.label3.Text = "Runpe Status:";
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Item";
+ this.columnHeader1.Width = 102;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "Value";
+ this.columnHeader2.Width = 114;
+ //
+ // columnHeader3
+ //
+ this.columnHeader3.Text = "Item";
+ this.columnHeader3.Width = 122;
+ //
+ // columnHeader4
+ //
+ this.columnHeader4.Text = "Value";
+ this.columnHeader4.Width = 67;
+ //
+ // lbRunpeStatus
+ //
+ this.lbRunpeStatus.AutoSize = true;
+ this.lbRunpeStatus.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.lbRunpeStatus.ForeColor = System.Drawing.Color.DarkBlue;
+ this.lbRunpeStatus.Location = new System.Drawing.Point(105, 48);
+ this.lbRunpeStatus.Name = "lbRunpeStatus";
+ this.lbRunpeStatus.Size = new System.Drawing.Size(72, 13);
+ this.lbRunpeStatus.TabIndex = 3;
+ this.lbRunpeStatus.Text = "Not scanned";
+ //
+ // columnHeader5
+ //
+ this.columnHeader5.DisplayIndex = 1;
+ this.columnHeader5.Text = "Structure";
+ this.columnHeader5.Width = 97;
+ //
+ // columnHeader6
+ //
+ this.columnHeader6.DisplayIndex = 1;
+ this.columnHeader6.Text = "Structure";
+ this.columnHeader6.Width = 112;
+ //
+ // formRunpeCheck
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(730, 476);
+ this.Controls.Add(this.lbRunpeStatus);
+ this.Controls.Add(this.label3);
+ this.Controls.Add(this.button1);
+ this.Controls.Add(this.splitContainer1);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formRunpeCheck";
+ this.Text = "RunPE Check";
+ this.Load += new System.EventHandler(this.formRunpeCheck_Load);
+ this.splitContainer1.Panel1.ResumeLayout(false);
+ this.splitContainer1.Panel1.PerformLayout();
+ this.splitContainer1.Panel2.ResumeLayout(false);
+ this.splitContainer1.Panel2.PerformLayout();
+ ((System.ComponentModel.ISupportInitialize)(this.splitContainer1)).EndInit();
+ this.splitContainer1.ResumeLayout(false);
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.SplitContainer splitContainer1;
+ private System.Windows.Forms.ListView lbProcessList;
+ private System.Windows.Forms.Label label1;
+ private System.Windows.Forms.ListView lvFileList;
+ private System.Windows.Forms.Label label2;
+ private System.Windows.Forms.Button button1;
+ private System.Windows.Forms.Label label3;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ private System.Windows.Forms.ColumnHeader columnHeader2;
+ private System.Windows.Forms.ColumnHeader columnHeader3;
+ private System.Windows.Forms.ColumnHeader columnHeader4;
+ private System.Windows.Forms.Label lbRunpeStatus;
+ private System.Windows.Forms.ColumnHeader columnHeader5;
+ private System.Windows.Forms.ColumnHeader columnHeader6;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formRunpeCheck.cs b/PEToolkit/Forms/formRunpeCheck.cs
new file mode 100644
index 0000000..576d096
--- /dev/null
+++ b/PEToolkit/Forms/formRunpeCheck.cs
@@ -0,0 +1,112 @@
+using PEViewer.PE;
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Diagnostics;
+using System.Drawing;
+using System.Linq;
+using System.Reflection;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formRunpeCheck : Form
+ {
+ string WindowText = string.Empty;
+ public formRunpeCheck()
+ {
+ InitializeComponent();
+ WindowText = this.Text;
+ }
+
+ private void formRunpeCheck_Load(object sender, EventArgs e)
+ {
+
+ }
+
+ private void button1_Click(object sender, EventArgs e)
+ {
+ lbProcessList.Items.Clear();
+ lvFileList.Items.Clear();
+ ProcessModule moduleToScan = null;
+ int pid = 0;
+ using (formLoadProcess procLoadForm = new formLoadProcess())
+ {
+ if (procLoadForm.ShowDialog() != DialogResult.OK)
+ return;
+ this.Text = string.Format("{0} ({1})", WindowText, procLoadForm.ProcessName);
+ moduleToScan = procLoadForm.SelectedModule;
+ pid = procLoadForm.SelectedProcessID;
+ }
+
+ string modulePath = moduleToScan.FileName;
+ PEInfomation procPE = PELoader.Load(pid, moduleToScan);
+ PEInfomation filePE = PELoader.Load(modulePath);
+ int unmachedValues = 0;
+
+ unmachedValues += ScanType(procPE.FileHeader, filePE.FileHeader, "File Header");
+ unmachedValues += ScanType(procPE.OptionalHeader32, filePE.OptionalHeader32, "Optional Header");
+ int sectionAmmount = Math.Min(Convert.ToInt32(procPE.Overview.NumberOfSections), Convert.ToInt32(filePE.Overview.NumberOfSections));
+
+ for(int i = 0; i < sectionAmmount; i++)
+ {
+ unmachedValues += ScanType(procPE.Sections[i], filePE.Sections[i], string.Format("Section {0}", i+1));
+ }
+
+ Color tColor = Color.Green;
+ string warningText = "No RunPE Found (0 Unmached values)";
+
+ if(unmachedValues == 1)
+ {
+ tColor = Color.DarkTurquoise;
+ warningText = string.Format("Possable RunPe ({0} Unmaching values)", unmachedValues);
+ }
+
+ if (unmachedValues > 1)
+ {
+ tColor = Color.Red;
+ warningText = string.Format("Possable RunPe ({0} Unmaching values)", unmachedValues);
+ }
+
+ lbRunpeStatus.Text = warningText;
+ lbRunpeStatus.ForeColor = tColor;
+ }
+
+ int ScanType(T procPE, T filePE, string str)
+ {
+ Type scanType = typeof(T);
+
+ int TunmachedValues = 0;
+
+ foreach (FieldInfo f in scanType.GetFields())
+ {
+ object oProc = f.GetValue(procPE);
+ object oFile = f.GetValue(filePE);
+ ListViewItem pI = new ListViewItem(f.Name);
+ ListViewItem fI = new ListViewItem(f.Name);
+
+ pI.SubItems.Add(str);
+ fI.SubItems.Add(str);
+
+ pI.SubItems.Add(oProc.ToString());
+ fI.SubItems.Add(oFile.ToString());
+
+ if(oProc.ToString() != oFile.ToString())
+ {
+ pI.ForeColor = Color.Red;
+ fI.ForeColor = Color.Red;
+ TunmachedValues++;
+ }
+
+
+ lbProcessList.Items.Add(pI);
+ lvFileList.Items.Add(fI);
+ }
+ return TunmachedValues;
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formRunpeCheck.resx b/PEToolkit/Forms/formRunpeCheck.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formRunpeCheck.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/formSectionView.Designer.cs b/PEToolkit/Forms/formSectionView.Designer.cs
new file mode 100644
index 0000000..2ea3e44
--- /dev/null
+++ b/PEToolkit/Forms/formSectionView.Designer.cs
@@ -0,0 +1,107 @@
+namespace PEViewer.Forms
+{
+ partial class formSectionView
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.lvSections = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.SuspendLayout();
+ //
+ // lvSections
+ //
+ this.lvSections.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvSections.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2,
+ this.columnHeader3,
+ this.columnHeader4,
+ this.columnHeader5});
+ this.lvSections.FullRowSelect = true;
+ this.lvSections.GridLines = true;
+ this.lvSections.Location = new System.Drawing.Point(12, 12);
+ this.lvSections.Name = "lvSections";
+ this.lvSections.Size = new System.Drawing.Size(581, 120);
+ this.lvSections.TabIndex = 0;
+ this.lvSections.UseCompatibleStateImageBehavior = false;
+ this.lvSections.View = System.Windows.Forms.View.Details;
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Name";
+ this.columnHeader1.Width = 89;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "Virtual Size";
+ this.columnHeader2.Width = 108;
+ //
+ // columnHeader3
+ //
+ this.columnHeader3.Text = "Virtual Address";
+ this.columnHeader3.Width = 102;
+ //
+ // columnHeader4
+ //
+ this.columnHeader4.Text = "SizeOfRawData";
+ this.columnHeader4.Width = 133;
+ //
+ // columnHeader5
+ //
+ this.columnHeader5.Text = "PointerToRawData";
+ this.columnHeader5.Width = 109;
+ //
+ // formSectionView
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(605, 144);
+ this.Controls.Add(this.lvSections);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.Name = "formSectionView";
+ this.Text = "Sections";
+ this.Load += new System.EventHandler(this.formSectionView_Load);
+ this.ResumeLayout(false);
+
+ }
+
+ #endregion
+
+ private System.Windows.Forms.ListView lvSections;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ private System.Windows.Forms.ColumnHeader columnHeader2;
+ private System.Windows.Forms.ColumnHeader columnHeader3;
+ private System.Windows.Forms.ColumnHeader columnHeader4;
+ private System.Windows.Forms.ColumnHeader columnHeader5;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/formSectionView.cs b/PEToolkit/Forms/formSectionView.cs
new file mode 100644
index 0000000..9228e9b
--- /dev/null
+++ b/PEToolkit/Forms/formSectionView.cs
@@ -0,0 +1,39 @@
+using PEViewer.PE;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class formSectionView : Form
+ {
+ PEInfomation LoadedPE = null;
+ public formSectionView(PEInfomation info)
+ {
+ InitializeComponent();
+ LoadedPE = info;
+
+ foreach(var section in LoadedPE.Sections)
+ {
+ ListViewItem i = new ListViewItem(new string(section.Name));
+ i.SubItems.Add(string.Format("0x{0:x2}", section.VirtualSize));
+ i.SubItems.Add(string.Format("0x{0:x2}", section.VirtualAddress));
+ i.SubItems.Add(string.Format("0x{0:x2}", section.SizeOfRawData));
+ i.SubItems.Add(string.Format("0x{0:x2}", section.PointerToRawData));
+ lvSections.Items.Add(i);
+ }
+
+ }
+
+ private void formSectionView_Load(object sender, EventArgs e)
+ {
+
+ }
+ }
+}
diff --git a/PEToolkit/Forms/formSectionView.resx b/PEToolkit/Forms/formSectionView.resx
new file mode 100644
index 0000000..1af7de1
--- /dev/null
+++ b/PEToolkit/Forms/formSectionView.resx
@@ -0,0 +1,120 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Forms/mainWindow.Designer.cs b/PEToolkit/Forms/mainWindow.Designer.cs
new file mode 100644
index 0000000..e6e2dc8
--- /dev/null
+++ b/PEToolkit/Forms/mainWindow.Designer.cs
@@ -0,0 +1,394 @@
+namespace PEViewer.Forms
+{
+ partial class mainWindow
+ {
+ ///
+ /// Required designer variable.
+ ///
+ private System.ComponentModel.IContainer components = null;
+
+ ///
+ /// Clean up any resources being used.
+ ///
+ /// true if managed resources should be disposed; otherwise, false.
+ protected override void Dispose(bool disposing)
+ {
+ if (disposing && (components != null))
+ {
+ components.Dispose();
+ }
+ base.Dispose(disposing);
+ }
+
+ #region Windows Form Designer generated code
+
+ ///
+ /// Required method for Designer support - do not modify
+ /// the contents of this method with the code editor.
+ ///
+ private void InitializeComponent()
+ {
+ this.components = new System.ComponentModel.Container();
+ System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(mainWindow));
+ this.cmOpen = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.fileToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.processToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStrip1 = new System.Windows.Forms.ToolStrip();
+ this.toolStripDropDownButton1 = new System.Windows.Forms.ToolStripDropDownButton();
+ this.fileToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+ this.processToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
+ this.toolStripDropDownButton2 = new System.Windows.Forms.ToolStripDropDownButton();
+ this.overviewToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.dOSHeaderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.imageHeaderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.optionalPEHeaderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.dataDirectoriesToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.structuresToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.resourcesToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
+ this.toolStripDropDownButton4 = new System.Windows.Forms.ToolStripDropDownButton();
+ this.checkForRunPEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.injectDllToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.dumpModuleToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
+ this.toolStripDropDownButton3 = new System.Windows.Forms.ToolStripDropDownButton();
+ this.generateStructuresToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.label1 = new System.Windows.Forms.Label();
+ this.lbCurrentSection = new System.Windows.Forms.Label();
+ this.lvInfo = new System.Windows.Forms.ListView();
+ this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+ this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
+ this.cmOpen.SuspendLayout();
+ this.toolStrip1.SuspendLayout();
+ this.SuspendLayout();
+ //
+ // cmOpen
+ //
+ this.cmOpen.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.fileToolStripMenuItem,
+ this.processToolStripMenuItem});
+ this.cmOpen.Name = "cmOpen";
+ this.cmOpen.Size = new System.Drawing.Size(115, 48);
+ //
+ // fileToolStripMenuItem
+ //
+ this.fileToolStripMenuItem.Name = "fileToolStripMenuItem";
+ this.fileToolStripMenuItem.Size = new System.Drawing.Size(114, 22);
+ this.fileToolStripMenuItem.Text = "File";
+ //
+ // processToolStripMenuItem
+ //
+ this.processToolStripMenuItem.Name = "processToolStripMenuItem";
+ this.processToolStripMenuItem.Size = new System.Drawing.Size(114, 22);
+ this.processToolStripMenuItem.Text = "Process";
+ //
+ // toolStrip1
+ //
+ this.toolStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.toolStripDropDownButton1,
+ this.toolStripSeparator1,
+ this.toolStripDropDownButton2,
+ this.toolStripSeparator4,
+ this.toolStripDropDownButton4,
+ this.toolStripSeparator3,
+ this.toolStripDropDownButton3});
+ this.toolStrip1.Location = new System.Drawing.Point(0, 0);
+ this.toolStrip1.Name = "toolStrip1";
+ this.toolStrip1.Size = new System.Drawing.Size(550, 25);
+ this.toolStrip1.TabIndex = 2;
+ this.toolStrip1.Text = "toolStrip1";
+ //
+ // toolStripDropDownButton1
+ //
+ this.toolStripDropDownButton1.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
+ this.toolStripDropDownButton1.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.fileToolStripMenuItem1,
+ this.processToolStripMenuItem1});
+ this.toolStripDropDownButton1.Image = ((System.Drawing.Image)(resources.GetObject("toolStripDropDownButton1.Image")));
+ this.toolStripDropDownButton1.ImageTransparentColor = System.Drawing.Color.Magenta;
+ this.toolStripDropDownButton1.Name = "toolStripDropDownButton1";
+ this.toolStripDropDownButton1.Size = new System.Drawing.Size(49, 22);
+ this.toolStripDropDownButton1.Text = "Open";
+ //
+ // fileToolStripMenuItem1
+ //
+ this.fileToolStripMenuItem1.Name = "fileToolStripMenuItem1";
+ this.fileToolStripMenuItem1.Size = new System.Drawing.Size(114, 22);
+ this.fileToolStripMenuItem1.Text = "File";
+ this.fileToolStripMenuItem1.Click += new System.EventHandler(this.fileToolStripMenuItem1_Click);
+ //
+ // processToolStripMenuItem1
+ //
+ this.processToolStripMenuItem1.Name = "processToolStripMenuItem1";
+ this.processToolStripMenuItem1.Size = new System.Drawing.Size(114, 22);
+ this.processToolStripMenuItem1.Text = "Process";
+ this.processToolStripMenuItem1.Click += new System.EventHandler(this.processToolStripMenuItem1_Click);
+ //
+ // toolStripSeparator1
+ //
+ this.toolStripSeparator1.Name = "toolStripSeparator1";
+ this.toolStripSeparator1.Size = new System.Drawing.Size(6, 25);
+ //
+ // toolStripDropDownButton2
+ //
+ this.toolStripDropDownButton2.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
+ this.toolStripDropDownButton2.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.overviewToolStripMenuItem,
+ this.dOSHeaderToolStripMenuItem,
+ this.imageHeaderToolStripMenuItem,
+ this.optionalPEHeaderToolStripMenuItem,
+ this.dataDirectoriesToolStripMenuItem,
+ this.structuresToolStripMenuItem,
+ this.resourcesToolStripMenuItem});
+ this.toolStripDropDownButton2.Image = ((System.Drawing.Image)(resources.GetObject("toolStripDropDownButton2.Image")));
+ this.toolStripDropDownButton2.ImageTransparentColor = System.Drawing.Color.Magenta;
+ this.toolStripDropDownButton2.Name = "toolStripDropDownButton2";
+ this.toolStripDropDownButton2.Size = new System.Drawing.Size(157, 22);
+ this.toolStripDropDownButton2.Text = "Loaded Image Infomation";
+ //
+ // overviewToolStripMenuItem
+ //
+ this.overviewToolStripMenuItem.Name = "overviewToolStripMenuItem";
+ this.overviewToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.overviewToolStripMenuItem.Text = "Overview";
+ this.overviewToolStripMenuItem.Click += new System.EventHandler(this.overviewToolStripMenuItem_Click);
+ //
+ // dOSHeaderToolStripMenuItem
+ //
+ this.dOSHeaderToolStripMenuItem.Name = "dOSHeaderToolStripMenuItem";
+ this.dOSHeaderToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.dOSHeaderToolStripMenuItem.Text = "DOS Header";
+ this.dOSHeaderToolStripMenuItem.Click += new System.EventHandler(this.dOSHeaderToolStripMenuItem_Click);
+ //
+ // imageHeaderToolStripMenuItem
+ //
+ this.imageHeaderToolStripMenuItem.Name = "imageHeaderToolStripMenuItem";
+ this.imageHeaderToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.imageHeaderToolStripMenuItem.Text = "File Header";
+ this.imageHeaderToolStripMenuItem.Click += new System.EventHandler(this.imageHeaderToolStripMenuItem_Click);
+ //
+ // optionalPEHeaderToolStripMenuItem
+ //
+ this.optionalPEHeaderToolStripMenuItem.Name = "optionalPEHeaderToolStripMenuItem";
+ this.optionalPEHeaderToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.optionalPEHeaderToolStripMenuItem.Text = "Optional PE Header";
+ this.optionalPEHeaderToolStripMenuItem.Click += new System.EventHandler(this.optionalPEHeaderToolStripMenuItem_Click);
+ //
+ // dataDirectoriesToolStripMenuItem
+ //
+ this.dataDirectoriesToolStripMenuItem.Name = "dataDirectoriesToolStripMenuItem";
+ this.dataDirectoriesToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.dataDirectoriesToolStripMenuItem.Text = "Data Directories";
+ this.dataDirectoriesToolStripMenuItem.Click += new System.EventHandler(this.dataDirectoriesToolStripMenuItem_Click);
+ //
+ // structuresToolStripMenuItem
+ //
+ this.structuresToolStripMenuItem.Name = "structuresToolStripMenuItem";
+ this.structuresToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.structuresToolStripMenuItem.Text = "Structures";
+ this.structuresToolStripMenuItem.Click += new System.EventHandler(this.structuresToolStripMenuItem_Click);
+ //
+ // resourcesToolStripMenuItem
+ //
+ this.resourcesToolStripMenuItem.Name = "resourcesToolStripMenuItem";
+ this.resourcesToolStripMenuItem.Size = new System.Drawing.Size(177, 22);
+ this.resourcesToolStripMenuItem.Text = "Resources";
+ this.resourcesToolStripMenuItem.Click += new System.EventHandler(this.resourcesToolStripMenuItem_Click);
+ //
+ // toolStripSeparator4
+ //
+ this.toolStripSeparator4.Name = "toolStripSeparator4";
+ this.toolStripSeparator4.Size = new System.Drawing.Size(6, 25);
+ //
+ // toolStripDropDownButton4
+ //
+ this.toolStripDropDownButton4.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
+ this.toolStripDropDownButton4.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.checkForRunPEToolStripMenuItem,
+ this.injectDllToolStripMenuItem,
+ this.dumpModuleToolStripMenuItem});
+ this.toolStripDropDownButton4.Image = ((System.Drawing.Image)(resources.GetObject("toolStripDropDownButton4.Image")));
+ this.toolStripDropDownButton4.ImageTransparentColor = System.Drawing.Color.Magenta;
+ this.toolStripDropDownButton4.Name = "toolStripDropDownButton4";
+ this.toolStripDropDownButton4.Size = new System.Drawing.Size(60, 22);
+ this.toolStripDropDownButton4.Text = "Process";
+ //
+ // checkForRunPEToolStripMenuItem
+ //
+ this.checkForRunPEToolStripMenuItem.Name = "checkForRunPEToolStripMenuItem";
+ this.checkForRunPEToolStripMenuItem.Size = new System.Drawing.Size(223, 22);
+ this.checkForRunPEToolStripMenuItem.Text = "Check for RunPE";
+ this.checkForRunPEToolStripMenuItem.Click += new System.EventHandler(this.checkForRunPEToolStripMenuItem_Click);
+ //
+ // injectDllToolStripMenuItem
+ //
+ this.injectDllToolStripMenuItem.Name = "injectDllToolStripMenuItem";
+ this.injectDllToolStripMenuItem.Size = new System.Drawing.Size(223, 22);
+ this.injectDllToolStripMenuItem.Text = "Inject Dll";
+ this.injectDllToolStripMenuItem.Click += new System.EventHandler(this.injectDllToolStripMenuItem_Click);
+ //
+ // dumpModuleToolStripMenuItem
+ //
+ this.dumpModuleToolStripMenuItem.Name = "dumpModuleToolStripMenuItem";
+ this.dumpModuleToolStripMenuItem.Size = new System.Drawing.Size(223, 22);
+ this.dumpModuleToolStripMenuItem.Text = "Dump Module";
+ this.dumpModuleToolStripMenuItem.Click += new System.EventHandler(this.dumpModuleToolStripMenuItem_Click);
+ //
+ // toolStripSeparator3
+ //
+ this.toolStripSeparator3.Name = "toolStripSeparator3";
+ this.toolStripSeparator3.Size = new System.Drawing.Size(6, 25);
+ //
+ // toolStripDropDownButton3
+ //
+ this.toolStripDropDownButton3.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
+ this.toolStripDropDownButton3.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+ this.generateStructuresToolStripMenuItem});
+ this.toolStripDropDownButton3.Image = ((System.Drawing.Image)(resources.GetObject("toolStripDropDownButton3.Image")));
+ this.toolStripDropDownButton3.ImageTransparentColor = System.Drawing.Color.Magenta;
+ this.toolStripDropDownButton3.Name = "toolStripDropDownButton3";
+ this.toolStripDropDownButton3.Size = new System.Drawing.Size(78, 22);
+ this.toolStripDropDownButton3.Text = "Developers";
+ //
+ // generateStructuresToolStripMenuItem
+ //
+ this.generateStructuresToolStripMenuItem.Name = "generateStructuresToolStripMenuItem";
+ this.generateStructuresToolStripMenuItem.Size = new System.Drawing.Size(176, 22);
+ this.generateStructuresToolStripMenuItem.Text = "Generate structures";
+ this.generateStructuresToolStripMenuItem.Click += new System.EventHandler(this.generateStructuresToolStripMenuItem_Click);
+ //
+ // label1
+ //
+ this.label1.AutoSize = true;
+ this.label1.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.label1.Location = new System.Drawing.Point(7, 25);
+ this.label1.Name = "label1";
+ this.label1.Size = new System.Drawing.Size(90, 13);
+ this.label1.TabIndex = 3;
+ this.label1.Text = "Current Section:";
+ //
+ // lbCurrentSection
+ //
+ this.lbCurrentSection.AutoSize = true;
+ this.lbCurrentSection.Font = new System.Drawing.Font("Segoe UI", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+ this.lbCurrentSection.Location = new System.Drawing.Point(103, 25);
+ this.lbCurrentSection.Name = "lbCurrentSection";
+ this.lbCurrentSection.Size = new System.Drawing.Size(58, 13);
+ this.lbCurrentSection.TabIndex = 4;
+ this.lbCurrentSection.Text = "Unloaded";
+ //
+ // lvInfo
+ //
+ this.lvInfo.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
+ | System.Windows.Forms.AnchorStyles.Left)
+ | System.Windows.Forms.AnchorStyles.Right)));
+ this.lvInfo.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+ this.columnHeader1,
+ this.columnHeader2,
+ this.columnHeader3,
+ this.columnHeader4,
+ this.columnHeader5});
+ this.lvInfo.FullRowSelect = true;
+ this.lvInfo.GridLines = true;
+ this.lvInfo.Location = new System.Drawing.Point(10, 53);
+ this.lvInfo.MultiSelect = false;
+ this.lvInfo.Name = "lvInfo";
+ this.lvInfo.Size = new System.Drawing.Size(528, 415);
+ this.lvInfo.TabIndex = 5;
+ this.lvInfo.UseCompatibleStateImageBehavior = false;
+ this.lvInfo.View = System.Windows.Forms.View.Details;
+ this.lvInfo.MouseDoubleClick += new System.Windows.Forms.MouseEventHandler(this.lvInfo_MouseDoubleClick);
+ //
+ // columnHeader1
+ //
+ this.columnHeader1.Text = "Name";
+ this.columnHeader1.Width = 128;
+ //
+ // columnHeader2
+ //
+ this.columnHeader2.Text = "Value";
+ this.columnHeader2.Width = 83;
+ //
+ // columnHeader3
+ //
+ this.columnHeader3.Text = "Address";
+ this.columnHeader3.Width = 108;
+ //
+ // columnHeader4
+ //
+ this.columnHeader4.Text = "Size (bytes)";
+ this.columnHeader4.Width = 90;
+ //
+ // columnHeader5
+ //
+ this.columnHeader5.Text = "Type";
+ this.columnHeader5.Width = 75;
+ //
+ // contextMenuStrip1
+ //
+ this.contextMenuStrip1.Name = "contextMenuStrip1";
+ this.contextMenuStrip1.Size = new System.Drawing.Size(61, 4);
+ //
+ // mainWindow
+ //
+ this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+ this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+ this.ClientSize = new System.Drawing.Size(550, 480);
+ this.Controls.Add(this.lvInfo);
+ this.Controls.Add(this.lbCurrentSection);
+ this.Controls.Add(this.label1);
+ this.Controls.Add(this.toolStrip1);
+ this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
+ this.MinimumSize = new System.Drawing.Size(250, 300);
+ this.Name = "mainWindow";
+ this.Text = "PEToolkit - BahNahNah";
+ this.Load += new System.EventHandler(this.mainWindow_Load);
+ this.cmOpen.ResumeLayout(false);
+ this.toolStrip1.ResumeLayout(false);
+ this.toolStrip1.PerformLayout();
+ this.ResumeLayout(false);
+ this.PerformLayout();
+
+ }
+
+ #endregion
+ private System.Windows.Forms.ContextMenuStrip cmOpen;
+ private System.Windows.Forms.ToolStripMenuItem fileToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem processToolStripMenuItem;
+ private System.Windows.Forms.ToolStrip toolStrip1;
+ private System.Windows.Forms.ToolStripDropDownButton toolStripDropDownButton1;
+ private System.Windows.Forms.ToolStripMenuItem fileToolStripMenuItem1;
+ private System.Windows.Forms.ToolStripMenuItem processToolStripMenuItem1;
+ private System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
+ private System.Windows.Forms.ToolStripDropDownButton toolStripDropDownButton2;
+ private System.Windows.Forms.ToolStripMenuItem overviewToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem dOSHeaderToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem imageHeaderToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem optionalPEHeaderToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem dataDirectoriesToolStripMenuItem;
+ private System.Windows.Forms.Label label1;
+ private System.Windows.Forms.Label lbCurrentSection;
+ private System.Windows.Forms.ListView lvInfo;
+ private System.Windows.Forms.ColumnHeader columnHeader1;
+ private System.Windows.Forms.ColumnHeader columnHeader2;
+ private System.Windows.Forms.ColumnHeader columnHeader3;
+ private System.Windows.Forms.ColumnHeader columnHeader4;
+ private System.Windows.Forms.ColumnHeader columnHeader5;
+ private System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
+ private System.Windows.Forms.ToolStripMenuItem structuresToolStripMenuItem;
+ private System.Windows.Forms.ToolStripSeparator toolStripSeparator3;
+ private System.Windows.Forms.ToolStripDropDownButton toolStripDropDownButton3;
+ private System.Windows.Forms.ToolStripMenuItem generateStructuresToolStripMenuItem;
+ private System.Windows.Forms.ToolStripDropDownButton toolStripDropDownButton4;
+ private System.Windows.Forms.ToolStripMenuItem checkForRunPEToolStripMenuItem;
+ private System.Windows.Forms.ToolStripSeparator toolStripSeparator4;
+ private System.Windows.Forms.ToolStripMenuItem injectDllToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem resourcesToolStripMenuItem;
+ private System.Windows.Forms.ToolStripMenuItem dumpModuleToolStripMenuItem;
+ }
+}
\ No newline at end of file
diff --git a/PEToolkit/Forms/mainWindow.cs b/PEToolkit/Forms/mainWindow.cs
new file mode 100644
index 0000000..4b1229a
--- /dev/null
+++ b/PEToolkit/Forms/mainWindow.cs
@@ -0,0 +1,236 @@
+using PEToolkit.Memory_Tools;
+using PEViewer.Controls;
+using PEViewer.PE;
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer.Forms
+{
+ public partial class mainWindow : Form
+ {
+ PEInfomation LoadedPE = null;
+ string LoadedWindowTest = string.Empty;
+ public mainWindow()
+ {
+ InitializeComponent();
+ LoadedWindowTest = this.Text;
+ }
+
+ private void mainWindow_Load(object sender, EventArgs e)
+ {
+
+ }
+
+ void PopulateInfo(Struct sInfo, bool displayOffsets = true, bool useOffset = true)
+ {
+ lvInfo.Items.Clear();
+ this.Text = string.Format("{0} ({1})", LoadedWindowTest, LoadedPE.PESource);
+ Type t = sInfo.GetType();
+ int offset = useOffset ? Convert.ToInt32(LoadedPE.Overview.FileHeaderPointer) : 0;
+ foreach(FieldInfo f in t.GetFields())
+ {
+ ListViewItem i;
+ if (f.FieldType == typeof(char[]))
+ {
+ char[] value = (char[])f.GetValue(sInfo);
+ i = new ListViewItem(f.Name);
+ i.SubItems.Add(new string(value));
+ if (displayOffsets)
+ i.SubItems.Add(string.Format("0x{0:x2}", offset));
+ else
+ i.SubItems.Add("");
+ i.SubItems.Add(value.Length.ToString());
+ i.SubItems.Add("String");
+ offset += value.Length;
+ continue;
+ }
+ int fieldSize = 0;
+ if(f.FieldType.IsArray)
+ {
+ Array val = (Array)f.GetValue(sInfo);
+ i = new ArrayListViewItem(f.Name, val);
+ fieldSize = val.Length * Marshal.SizeOf(f.FieldType.GetElementType());
+ }
+ else
+ {
+ i = new ListViewItem(f.Name);
+ fieldSize = Marshal.SizeOf(f.FieldType);
+ }
+
+ i.SubItems.Add(string.Format("0x{0:x2}", f.GetValue(sInfo)));
+ if (displayOffsets)
+ i.SubItems.Add(string.Format("0x{0:x2}", offset));
+ else
+ i.SubItems.Add("");
+ i.SubItems.Add(fieldSize.ToString());
+ i.SubItems.Add(f.FieldType.Name);
+
+ lvInfo.Items.Add(i);
+
+ offset += fieldSize;
+ }
+ }
+
+ private void overviewToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+ lbCurrentSection.Text = "Overview";
+ PopulateInfo(LoadedPE.Overview, false);
+ }
+
+ private void fileToolStripMenuItem1_Click(object sender, EventArgs e)
+ {
+ using (OpenFileDialog ofd = new OpenFileDialog())
+ {
+ ofd.Filter = "Executable|*.exe|Library|*.dll";
+ if(ofd.ShowDialog() == DialogResult.OK)
+ {
+ LoadedPE = PELoader.Load(ofd.FileName);
+ LoadedPE.PESource = ofd.FileName;
+ lbCurrentSection.Text = "Overview";
+ PopulateInfo(LoadedPE.Overview, false);
+ }
+ }
+ }
+
+ private void dOSHeaderToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+ lbCurrentSection.Text = "DOS Header";
+ PopulateInfo(LoadedPE.DosHeader, true, false);
+ }
+
+ private void imageHeaderToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+ lbCurrentSection.Text = "File Header";
+ PopulateInfo(LoadedPE.FileHeader);
+ }
+
+ private void optionalPEHeaderToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+ lbCurrentSection.Text = "Optional PE Header";
+ PopulateInfo(LoadedPE.OptionalHeader32);
+ }
+
+ private void dataDirectoriesToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+ lbCurrentSection.Text = "Data Directories";
+ PopulateInfo(LoadedPE.DataDirectories);
+ }
+
+ private void sectionsToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+
+ }
+
+ private void lvInfo_MouseDoubleClick(object sender, MouseEventArgs e)
+ {
+ if(lvInfo.SelectedItems.Count > 0)
+ {
+ ListViewItem i = lvInfo.SelectedItems[0];
+
+ Type t = i.GetType();
+ if(t == typeof(ArrayListViewItem))
+ {
+ using (formArrayValues av = new formArrayValues(i.Text, ((ArrayListViewItem)i).ArrayValue))
+ {
+ av.ShowDialog();
+ }
+ }
+
+ }
+ }
+
+ private void structuresToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null)
+ return;
+ using (formSectionView sec = new formSectionView(LoadedPE))
+ {
+ sec.ShowDialog();
+ }
+ }
+
+ private void processToolStripMenuItem1_Click(object sender, EventArgs e)
+ {
+ using (formLoadProcess procLoadForm = new formLoadProcess())
+ {
+ if(procLoadForm.ShowDialog() == DialogResult.OK)
+ {
+ LoadedPE = PELoader.Load(procLoadForm.SelectedProcessID, procLoadForm.SelectedModule);
+ LoadedPE.PESource = string.Format("Process: {0}", procLoadForm.ProcessName);
+ lbCurrentSection.Text = "Overview";
+ PopulateInfo(LoadedPE.Overview, false);
+ }
+ }
+ }
+
+ private void toolStripButton1_Click(object sender, EventArgs e)
+ {
+
+ }
+
+ private void generateStructuresToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ using (formGenerateStructure str = new formGenerateStructure())
+ {
+ str.ShowDialog();
+ }
+ }
+
+ private void checkForRunPEToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ using (formRunpeCheck rpe = new formRunpeCheck())
+ {
+ rpe.ShowDialog();
+ }
+ }
+
+ private void injectDllToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ using (formInjectDll dll = new formInjectDll())
+ {
+ dll.ShowDialog();
+ }
+ }
+
+ private void resourcesToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ if (LoadedPE == null) return;
+
+ IntPtr handle = LoadedPE.LoadModule();
+
+ using (formNativeresources resources = new formNativeresources(handle))
+ {
+ resources.ShowDialog();
+ }
+ LoadedPE.UnloadModule();
+ }
+
+ private void dumpModuleToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ using (formDumpModule dm = new formDumpModule())
+ {
+ dm.ShowDialog();
+ }
+ }
+
+ private void clearPEHeaderAntidumpToolStripMenuItem_Click(object sender, EventArgs e)
+ {
+ AntiDump.Apply();
+ }
+ }
+}
diff --git a/PEToolkit/Forms/mainWindow.resx b/PEToolkit/Forms/mainWindow.resx
new file mode 100644
index 0000000..a586b8f
--- /dev/null
+++ b/PEToolkit/Forms/mainWindow.resx
@@ -0,0 +1,190 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ 3, 18
+
+
+ 90, 21
+
+
+
+
+ iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+ YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
+ YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
+ 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
+ bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
+ VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
+ c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
+ Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
+ mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
+ kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
+ TgDQASA1MVpwzwAAAABJRU5ErkJggg==
+
+
+
+
+ iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+ YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
+ YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
+ 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
+ bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
+ VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
+ c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
+ Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
+ mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
+ kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
+ TgDQASA1MVpwzwAAAABJRU5ErkJggg==
+
+
+
+
+ iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+ YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
+ YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
+ 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
+ bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
+ VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
+ c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
+ Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
+ mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
+ kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
+ TgDQASA1MVpwzwAAAABJRU5ErkJggg==
+
+
+
+
+ iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+ YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
+ YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
+ 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
+ bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
+ VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
+ c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
+ Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
+ mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
+ kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
+ TgDQASA1MVpwzwAAAABJRU5ErkJggg==
+
+
+
+ 195, 21
+
+
\ No newline at end of file
diff --git a/PEToolkit/Memory Tools/AntiDump.cs b/PEToolkit/Memory Tools/AntiDump.cs
new file mode 100644
index 0000000..9c04867
--- /dev/null
+++ b/PEToolkit/Memory Tools/AntiDump.cs
@@ -0,0 +1,31 @@
+using PEViewer.PE;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEToolkit.Memory_Tools
+{
+ public class AntiDump
+ {
+ public static void Apply()
+ {
+ PEInfomation info = PELoader.DisectSelf();
+ uint oldProt = 0;
+
+ VirtualProtect(info.ModuleBaseAddress, PEInfomation.SizeOfDosHeader, 0x4, out oldProt);
+ ZeroMemory(info.ModuleBaseAddress, PEInfomation.SizeOfDosHeader);
+
+ IntPtr p = new IntPtr((uint)info.ModuleBaseAddress + info.Overview.FileHeaderPointer + PEInfomation.SizeOfFileHeader);
+ VirtualProtect(p, PEInfomation.SizeOfOptionalHeader, 0x4, out oldProt);
+ ZeroMemory(p, PEInfomation.SizeOfOptionalHeader);
+ }
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern int VirtualProtect(IntPtr address, int size, uint flNewProtect, out uint old);
+ [DllImport("Kernel32.dll")]
+ private static extern void ZeroMemory(IntPtr dest, int size);
+
+ }
+}
diff --git a/PEToolkit/Memory Tools/DllInjector.cs b/PEToolkit/Memory Tools/DllInjector.cs
new file mode 100644
index 0000000..2ee56ba
--- /dev/null
+++ b/PEToolkit/Memory Tools/DllInjector.cs
@@ -0,0 +1,173 @@
+using System;
+using System.ComponentModel;
+using System.Diagnostics;
+using System.IO;
+using System.Runtime.InteropServices;
+
+namespace PEViewer.Memory_Tools
+{
+ ///
+ /// Dll Injector
+ /// Made by BahNahNah
+ /// uid=2388291
+ ///
+ public class DllInjector
+ {
+ ///
+ /// Gets the last error
+ ///
+ ///
+ public static string GetLastError()
+ {
+ return new Win32Exception(Marshal.GetLastWin32Error()).Message;
+ }
+
+ ///
+ /// Injects a dll into the target process
+ ///
+ /// Process to inject into
+ /// Path to dll
+ /// Success of injection
+ public static bool Inject(Process TargetProcess, string dll)
+ {
+ if (TargetProcess == null) throw new ArgumentNullException("TargetProcess");
+ return Inject(TargetProcess.Id, dll);
+ }
+
+ ///
+ /// Injects a dll into the target process
+ ///
+ /// Process ID of target process
+ /// Path to dll
+ /// Success of injection
+ public static bool Inject(int pID, string DllPath)
+ {
+ //Opens the target process with access to modify memory and create threads
+ IntPtr Handle = OpenProcess(0x8 | 0x2 | 0x400 | 0x10 | 0x20, false, pID);
+
+ if (Handle == IntPtr.Zero) throw new ArgumentException("Invalid process id or no permission", "pID");
+ bool success;
+ Inject(Handle, DllPath, out success, false);
+ return success;
+ }
+
+ ///
+ /// Injects a dll into the target process, waits for remote thread to exit and returns dll handle
+ ///
+ /// Process ID of target process
+ /// Path to dll
+ /// Success of dll injection
+ /// Handle of injected dll
+ public static IntPtr Inject(int pID, string DllPath, out bool success)
+ {
+ IntPtr Handle = OpenProcess(0x8 | 0x2 | 0x400 | 0x10 | 0x20, false, pID);
+
+ if (Handle == IntPtr.Zero) throw new ArgumentException("Invalid process id or no permission", "pID");
+ return Inject(Handle, DllPath, out success, true);
+ }
+
+ ///
+ /// Injects a dll into the target process
+ ///
+ /// Handle of target process
+ /// Path to dll
+ /// Success of dll injection
+ /// If true, waits for remote thread to exit then returns DllHandle
+ /// if waitForDllHandle is true, Handle of DLL in remote process is returned, else IntPtr.Zero is returned
+ public static IntPtr Inject(IntPtr Handle, string DllPath, out bool success, bool waitForDllHandle)
+ {
+ if (Handle == IntPtr.Zero) throw new ArgumentNullException("Handle");
+ if (!File.Exists(DllPath)) throw new ArgumentException("Must point to a valid file", "DllPath");
+
+ //We need the FULL path of the dll when loading it
+ string FullDllPath = Path.GetFullPath(DllPath);
+
+ //Allocate ehough memory in the target process for the full dll path plus a "null Terminator" byte
+ IntPtr vAlloc = VirtualAllocEx(Handle, 0, FullDllPath.Length + 1, 0x1000, 0x40);
+ if (vAlloc == IntPtr.Zero)
+ {
+ //If the memory was not allocated, close the process handle and exit
+ CloseHandle(Handle);
+ success = false;
+ return IntPtr.Zero;
+ }
+
+ //Write the path of the dll into the memory that was allocated
+ //This is the same thing as setting a variable, except it is setting the value in the target process
+ if (WriteProcessMemory(Handle, vAlloc, FullDllPath, FullDllPath.Length, 0) == 0)
+ {
+ //If the path was not written to the target process, close the process handle and exit
+ CloseHandle(Handle);
+ success = false;
+ return IntPtr.Zero;
+ }
+
+ //Get the address of the kernel32 library
+ IntPtr hKernel32 = GetModuleHandle("kernel32.dll");
+
+ //Get the address of LoadLibraryA from inside the kernel32 library
+ //https://msdn.microsoft.com/en-us/library/windows/desktop/ms684175(v=vs.85).aspx
+ //LoadLibraryA - ANSI string as paramiter
+ //LoadLibraryW - Unicode string as paramiter
+ //LoadLibrary - Use default (Unicode), but not avalible through GetProcAddress
+ //
+ IntPtr hLoadLibrary = GetProcAddress(hKernel32, "LoadLibraryA");
+
+ if (hLoadLibrary == IntPtr.Zero)
+ {
+ //If We could not find the address of LoadLibraryA, close the process handle and exit
+ CloseHandle(Handle);
+ success = false;
+ return IntPtr.Zero;
+ }
+
+ //Call "LoadLibraryA" with the full path of the dll as the paramiter in the target process in a new thread
+ IntPtr hThread = CreateRemoteThread(Handle, 0, 0, hLoadLibrary, vAlloc, 0, 0);
+
+ //If thread was started successfully, injection was a success
+ success = hThread != IntPtr.Zero;
+
+ IntPtr dllHandle = IntPtr.Zero;
+
+ if (waitForDllHandle && success)
+ {
+ //If injection was a success, get thread exit code
+ //In this case, it will be the return value of LoadLibrary or 259 if its still running
+ GetExitCodeThread(hThread, ref dllHandle);
+ }
+
+ //Close the process handle
+ CloseHandle(Handle);
+
+ //Return the handle of the created thread
+ return dllHandle;
+ }
+ #region " WinApi "
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern IntPtr VirtualAllocEx(IntPtr hProcess, int lpAddress, int dwSize, uint flAllocationType, uint flProtect);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern IntPtr OpenProcess(uint dwDesiredAccess, bool bInheritHandle, int dwProcessId);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern bool CloseHandle(IntPtr handle);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern int WriteProcessMemory(IntPtr handle, IntPtr address, string buffer, int blength, int readwrite);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern IntPtr GetModuleHandle(string name);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern IntPtr GetProcAddress(IntPtr mHandle, string fname);
+
+ [DllImport("kernel32.dll", SetLastError = true)]
+ private static extern IntPtr CreateRemoteThread(IntPtr pHandle, int att_0, int stacksize_0, IntPtr callingFunction, IntPtr paramiters, uint createFlags_0, int tID);
+
+ [DllImport("kernel32.dll")]
+ private static extern bool GetExitCodeThread(IntPtr handle, ref IntPtr retBuffer);
+
+ #endregion
+ }
+}
diff --git a/PEToolkit/PE/PEInfomation.cs b/PEToolkit/PE/PEInfomation.cs
new file mode 100644
index 0000000..547f1e8
--- /dev/null
+++ b/PEToolkit/PE/PEInfomation.cs
@@ -0,0 +1,113 @@
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE
+{
+ public class PEInfomation
+ {
+
+ public string PESource { get; set; }
+ public bool IsProcess { get; private set;}
+ public IntPtr ModuleBaseAddress { get { return SelectedModule.BaseAddress; } }
+
+ private int ProcessID;
+ private string FilePath;
+ IntPtr Handle = IntPtr.Zero;
+ IntPtr ModuleHandle = IntPtr.Zero;
+ private ProcessModule SelectedModule;
+
+ public IMAGE_DOS_HEADER DosHeader;
+ public IMAGE_FILE_HEADER FileHeader;
+ public IMAGE_OPTIONAL_HEADER32 OptionalHeader32;
+ public IMAGE_DATA_DIRECTORIES DataDirectories;
+ public IMAGE_SECTION_HEADER[] Sections;
+ public IMAGE_OVERVIEW Overview;
+
+ public const int SizeOfDosHeader = 0x40;
+ public const int SizeOfFileHeader = 0x18;
+ public const int SizeOfOptionalHeader = 0x60;
+ public const int SizeOfDataDirectories = 0x80;
+ public const int SizeOfSectionHeader = 0x28;
+
+ public void WriteOverview()
+ {
+ Overview.AddressOfEntrypoint = OptionalHeader32.AddressOfEntrypoint;
+ Overview.FileHeaderPointer = DosHeader.e_lfanew;
+ Overview.ImageBase = OptionalHeader32.ImageBase;
+ Overview.NumberOfSections = FileHeader.NumberOfSections;
+ Overview.SizeOfHeaders = OptionalHeader32.SizeOfHeaders;
+ Overview.SizeOfImage = OptionalHeader32.SizeOfImage;
+ }
+
+ public PEInfomation(string path)
+ {
+ FilePath = path;
+ IsProcess = false;
+ }
+
+ public PEInfomation(int pId, ProcessModule _module)
+ {
+ ProcessID = pId;
+ SelectedModule = _module;
+ IsProcess = true;
+ }
+
+ public IntPtr GetHandle()
+ {
+ if (Handle != IntPtr.Zero)
+ return Handle;
+ if (IsProcess)
+ Handle = OpenProcess(0x1F0FFF, false, ProcessID);
+ return Handle;
+ }
+
+ public IntPtr LoadModule()
+ {
+ if (ModuleHandle != IntPtr.Zero)
+ return ModuleHandle;
+
+ if(IsProcess)
+ ModuleHandle = LoadLibrary(SelectedModule.FileName);
+ else
+ ModuleHandle = LoadLibrary(FilePath);
+
+ return ModuleHandle;
+ }
+
+ public void UnloadModule()
+ {
+ if (ModuleHandle == IntPtr.Zero)
+ return;
+
+ if (FreeLibrary(ModuleHandle))
+ ModuleHandle = IntPtr.Zero;
+ }
+
+ public void CloseHandle()
+ {
+ if (Handle == IntPtr.Zero)
+ return;
+
+ if (IsProcess)
+ {
+ if (CloseHandle(Handle))
+ Handle = IntPtr.Zero;
+ }
+ }
+
+ [DllImport("kernel32.dll")]
+ private static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
+ [DllImport("kernel32.dll")]
+ private static extern bool CloseHandle(IntPtr handle);
+ [DllImport("kernel32.dll")]
+ private static extern IntPtr LoadLibrary(string path);
+ [DllImport("kernel32.dll")]
+ private static extern bool FreeLibrary(IntPtr handle);
+ }
+}
diff --git a/PEToolkit/PE/PELoader.cs b/PEToolkit/PE/PELoader.cs
new file mode 100644
index 0000000..bbc26bf
--- /dev/null
+++ b/PEToolkit/PE/PELoader.cs
@@ -0,0 +1,110 @@
+using PEViewer.PE.Structures;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE
+{
+ ///
+ /// Made by BahNahNah
+ /// uid=2388291
+ ///
+ public class PELoader
+ {
+ public static PEInfomation Load(string file)
+ {
+ if (!File.Exists(file)) throw new ArgumentException("File does not exist", "file");
+ return Load(File.ReadAllBytes(file), file);
+ }
+
+ public static PEInfomation Load(byte[] data, string path)
+ {
+ if (data == null) throw new ArgumentNullException("data");
+
+ PEInfomation info = new PEInfomation(path);
+
+ info.DosHeader = StructFromBytes(data, 0);
+ info.FileHeader = StructFromBytes(data, Convert.ToInt32(info.DosHeader.e_lfanew));
+ info.OptionalHeader32 = StructFromBytes(data, Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader));
+ info.DataDirectories = StructFromBytes(data, Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32));
+
+ info.Sections = new IMAGE_SECTION_HEADER[info.FileHeader.NumberOfSections];
+ int sectionsBase = Convert.ToInt32(info.DosHeader.e_lfanew) + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32) + Marshal.SizeOf(info.DataDirectories);
+ int sizeOfSection = Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER));
+ for (int i = 0; i < info.Sections.Length; i++)
+ {
+ int sectionLocation = sectionsBase + (sizeOfSection * i);
+ info.Sections[i] = StructFromBytes(data, sectionLocation);
+ }
+
+ info.WriteOverview();
+ return info;
+
+ }
+
+ public static PEInfomation Load(int ProcessID, ProcessModule module)
+ {
+ PEInfomation info = new PEInfomation(ProcessID, module);
+ IntPtr handle = info.GetHandle();
+ if (handle == IntPtr.Zero)
+ throw new ArgumentException("Invalid process", "ProcessID");
+
+ IntPtr baseAddress = module.BaseAddress;
+
+ info.DosHeader = StructFromMemory(handle, baseAddress);
+ IntPtr imageBase = new IntPtr(info.DosHeader.e_lfanew + (uint)baseAddress);
+
+ info.FileHeader = StructFromMemory(handle, imageBase);
+ info.OptionalHeader32 = StructFromMemory(handle, imageBase + Marshal.SizeOf(info.FileHeader));
+ info.DataDirectories = StructFromMemory(handle, imageBase + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32));
+
+ info.Sections = new IMAGE_SECTION_HEADER[info.FileHeader.NumberOfSections];
+ IntPtr sectionsBase = imageBase + Marshal.SizeOf(info.FileHeader) + Marshal.SizeOf(info.OptionalHeader32) + Marshal.SizeOf(info.DataDirectories);
+ int sizeOfSection = Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER));
+ for (int i = 0; i < info.Sections.Length; i++)
+ {
+ IntPtr sectionLocation = sectionsBase + (sizeOfSection * i);
+ info.Sections[i] = StructFromMemory(handle, sectionLocation);
+ }
+
+ info.CloseHandle();
+
+ info.WriteOverview();
+ return info;
+ }
+
+ public static PEInfomation DisectSelf()
+ {
+ Process p = Process.GetCurrentProcess();
+ return Load(p.Id, p.Modules[0]);
+ }
+
+ private static T StructFromMemory(IntPtr handle, IntPtr address)
+ {
+ int structSize = Marshal.SizeOf(typeof(T));
+ byte[] buffer = new byte[structSize];
+ ReadProcessMemory(handle, address, buffer, buffer.Length, 0);
+ return StructFromBytes(buffer, 0);
+ }
+
+ private static T StructFromBytes(byte[] data, int offset)
+ {
+ int structSize = Marshal.SizeOf(typeof(T));
+ IntPtr gAlloc = Marshal.AllocHGlobal(structSize);
+ Marshal.Copy(data, offset, gAlloc, structSize);
+ T retStruct = (T)Marshal.PtrToStructure(gAlloc, typeof(T));
+ Marshal.FreeHGlobal(gAlloc);
+ return retStruct;
+ }
+
+ [DllImport("kernel32.dll")]
+ private static extern IntPtr OpenProcess(uint access, bool inherit, int id);
+ [DllImport("kernel32.dll")]
+ private static extern bool ReadProcessMemory(IntPtr process, IntPtr baseAddress, byte[] buffer, int bufferSize, int bytesRead);
+ }
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_DATA_DIRECTORIES.cs b/PEToolkit/PE/Structures/IMAGE_DATA_DIRECTORIES.cs
new file mode 100644
index 0000000..a102866
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_DATA_DIRECTORIES.cs
@@ -0,0 +1,46 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE.Structures
+{
+ [StructLayout(LayoutKind.Sequential)]
+ public struct IMAGE_DATA_DIRECTORIES
+ {
+ public uint ExportTableRva;
+ public uint SizeOfExportTable;
+ public uint ImportTableRva;
+ public uint SizeOfImportTable;
+ public uint ResourceTableRva;
+ public uint SizeOfResourceTable;
+ public uint ExceptionTableRva;
+ public uint SizeOfExceptionTable;
+ public uint CertificateTableRva;
+ public uint SizeOfSertificateTable;
+ public uint BaseRelocationTable;
+ public uint SizeOfBaseRelocation;
+ public uint DebugRva;
+ public uint SizeOfDebug;
+ public uint ArchitechureRva;
+ public uint SizeOfArchitechure;
+ public uint GlobalPtrRva;
+ public uint SizeOfGlobalPointer;
+ public uint TLSTable;
+ public uint SizeOfTLSTable;
+ public uint LoadConfigTableRva;
+ public uint SizeOfLoadConfigTable;
+ public uint BoundImportRva;
+ public uint SizeOfBoundImport;
+ public uint ImportAddressTableRva;
+ public uint SizeOfImportAddressTable;
+ public uint DelayImportDescriptorRva;
+ public uint SizeOfDelayImportDescriptor;
+ public uint CLRRuntimeHeaderRva;
+ public uint SizeOfCLRRumtimeHeader;
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst=8)]
+ private byte[] Null;
+ }
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_DOS_HEADER.cs b/PEToolkit/PE/Structures/IMAGE_DOS_HEADER.cs
new file mode 100644
index 0000000..79655eb
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_DOS_HEADER.cs
@@ -0,0 +1,36 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE.Structures
+{
+ [StructLayout(LayoutKind.Sequential)]
+ public struct IMAGE_DOS_HEADER
+ {
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst = 2)]
+ public char[] e_magic;
+ public short e_cblp;
+ public short e_cp;
+ public short e_crlc;
+ public short e_cparhdr;
+ public short e_minalloc;
+ public short e_maxalloc;
+ public short e_ss;
+ public short e_sp;
+ public short e_csum;
+ public short e_ip;
+ public short e_cs;
+ public short e_lfarlc;
+ public short e_ovno;
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
+ public short[] e_res1;
+ public short e_oemid;
+ public short e_oeminfo;
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
+ public short[] e_res2;
+ public uint e_lfanew;
+ }
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_FILE_HEADER.cs b/PEToolkit/PE/Structures/IMAGE_FILE_HEADER.cs
new file mode 100644
index 0000000..8cdfeb4
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_FILE_HEADER.cs
@@ -0,0 +1,17 @@
+using System.Runtime.InteropServices;
+
+namespace PEViewer.PE.Structures
+{
+ [StructLayout(LayoutKind.Sequential)]
+ public struct IMAGE_FILE_HEADER
+ {
+ uint Signature;
+ public ushort Machine;
+ public ushort NumberOfSections;
+ public uint TimeDateStamp;
+ public uint PointerToSymbolTable;
+ public uint NumberOfSymbols;
+ public ushort SizeOfOptionalHeader;
+ public ushort Characteristics;
+ }
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_OPTIONAL_HEADER32.cs b/PEToolkit/PE/Structures/IMAGE_OPTIONAL_HEADER32.cs
new file mode 100644
index 0000000..15c3d34
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_OPTIONAL_HEADER32.cs
@@ -0,0 +1,50 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE.Structures
+{
+ [StructLayout(LayoutKind.Sequential)]
+ public struct IMAGE_OPTIONAL_HEADER32
+ {
+ //Standard Headers
+ public ushort Magic;
+ public byte MajorLinkedVersion;
+ public byte MinorLinkedVersion;
+ public uint SizeOfCode;
+ public uint SizeOfInitilizedData;
+ public uint SizeOfUninitilizedData;
+ public uint AddressOfEntrypoint;
+ public uint BaseOfCode;
+ public uint BaseOfData;
+
+ //Windows NT Headers
+
+ public uint ImageBase;
+ public uint SectionAllignment;
+ public uint FileAlignment;
+ public ushort MajorOperatingSystemVersion;
+ public ushort MinorOperatingSystemVersion;
+ public ushort MajorImageVersion;
+ public ushort MinorImageVersion;
+ public ushort MajorSubSystemVersion;
+ public ushort MinorSubSystemVersion;
+ public uint Win32VersionValue;
+ public uint SizeOfImage;
+ public uint SizeOfHeaders;
+ public uint Checksum;
+ public ushort Subsystem;
+ public ushort DllCharacteristics;
+ public uint SizeOfStacReserve;
+ public uint SizeOfStackCommit;
+ public uint SizeOfHeapReserve;
+ public uint SizeOfHeapCommit;
+ public uint LoaderFlags;
+ public uint NumberOfRvaAndSizes;
+ }
+
+
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_OVERVIEW.cs b/PEToolkit/PE/Structures/IMAGE_OVERVIEW.cs
new file mode 100644
index 0000000..f26473a
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_OVERVIEW.cs
@@ -0,0 +1,18 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE.Structures
+{
+ public struct IMAGE_OVERVIEW
+ {
+ public uint FileHeaderPointer;
+ public uint NumberOfSections;
+ public uint AddressOfEntrypoint;
+ public uint ImageBase;
+ public uint SizeOfImage;
+ public uint SizeOfHeaders;
+ }
+}
diff --git a/PEToolkit/PE/Structures/IMAGE_SECTION_HEADER.cs b/PEToolkit/PE/Structures/IMAGE_SECTION_HEADER.cs
new file mode 100644
index 0000000..ebc5798
--- /dev/null
+++ b/PEToolkit/PE/Structures/IMAGE_SECTION_HEADER.cs
@@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace PEViewer.PE.Structures
+{
+ [StructLayout(LayoutKind.Sequential)]
+ public struct IMAGE_SECTION_HEADER
+ {
+ [MarshalAs(UnmanagedType.ByValArray, SizeConst =8)]
+ public char[] Name;
+ public uint VirtualSize;
+ public uint VirtualAddress;
+ public uint SizeOfRawData;
+ public uint PointerToRawData;
+ public uint PointerToRelocations;
+ public uint PointerToLineNumber;
+ public ushort NumberOfRelocations;
+ public ushort NumberOfLineNumbers;
+ public uint Characteristics;
+ }
+}
diff --git a/PEToolkit/PEToolkit.csproj b/PEToolkit/PEToolkit.csproj
new file mode 100644
index 0000000..a86db3f
--- /dev/null
+++ b/PEToolkit/PEToolkit.csproj
@@ -0,0 +1,194 @@
+
+
+
+
+ Debug
+ AnyCPU
+ {DF56161F-007E-46CE-9B09-0D99C0288415}
+ WinExe
+ Properties
+ PEToolkit
+ PEToolkit
+ v4.5.2
+ 512
+ true
+
+
+ AnyCPU
+ true
+ full
+ false
+ bin\Debug\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ AnyCPU
+ pdbonly
+ true
+ bin\Release\
+ TRACE
+ prompt
+ 4
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Form
+
+
+ formArrayValues.cs
+
+
+ Form
+
+
+ formBuildStructure.cs
+
+
+ Form
+
+
+ formDumpModule.cs
+
+
+ Form
+
+
+ formGenerateStructure.cs
+
+
+ Form
+
+
+ formInjectDll.cs
+
+
+ Form
+
+
+ formLoadProcess.cs
+
+
+ Form
+
+
+ formModuleSelect.cs
+
+
+ Form
+
+
+ formNativeresources.cs
+
+
+ Form
+
+
+ formRunpeCheck.cs
+
+
+ Form
+
+
+ formSectionView.cs
+
+
+ Form
+
+
+ mainWindow.cs
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ formArrayValues.cs
+
+
+ formBuildStructure.cs
+
+
+ formDumpModule.cs
+
+
+ formGenerateStructure.cs
+
+
+ formInjectDll.cs
+
+
+ formLoadProcess.cs
+
+
+ formModuleSelect.cs
+
+
+ formNativeresources.cs
+
+
+ formRunpeCheck.cs
+
+
+ formSectionView.cs
+
+
+ mainWindow.cs
+
+
+ ResXFileCodeGenerator
+ Resources.Designer.cs
+ Designer
+
+
+ True
+ Resources.resx
+ True
+
+
+ SettingsSingleFileGenerator
+ Settings.Designer.cs
+
+
+ True
+ Settings.settings
+ True
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/PEToolkit/Program.cs b/PEToolkit/Program.cs
new file mode 100644
index 0000000..4c9c1b3
--- /dev/null
+++ b/PEToolkit/Program.cs
@@ -0,0 +1,23 @@
+using PEViewer.Forms;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace PEViewer
+{
+ static class Program
+ {
+ ///
+ /// The main entry point for the application.
+ ///
+ [STAThread]
+ static void Main()
+ {
+ Application.EnableVisualStyles();
+ Application.SetCompatibleTextRenderingDefault(false);
+ Application.Run(new mainWindow());
+ }
+ }
+}
diff --git a/PEToolkit/Properties/AssemblyInfo.cs b/PEToolkit/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..55e1f06
--- /dev/null
+++ b/PEToolkit/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("PEToolkit")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("PEViewer")]
+[assembly: AssemblyCopyright("Copyright © 2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components. If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("df56161f-007e-46ce-9b09-0d99c0288415")]
+
+// Version information for an assembly consists of the following four values:
+//
+// Major Version
+// Minor Version
+// Build Number
+// Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/PEToolkit/Properties/Resources.Designer.cs b/PEToolkit/Properties/Resources.Designer.cs
new file mode 100644
index 0000000..ab2077e
--- /dev/null
+++ b/PEToolkit/Properties/Resources.Designer.cs
@@ -0,0 +1,63 @@
+//------------------------------------------------------------------------------
+//
+// This code was generated by a tool.
+// Runtime Version:4.0.30319.42000
+//
+// Changes to this file may cause incorrect behavior and will be lost if
+// the code is regenerated.
+//
+//------------------------------------------------------------------------------
+
+namespace PEToolkit.Properties {
+ using System;
+
+
+ ///
+ /// A strongly-typed resource class, for looking up localized strings, etc.
+ ///
+ // This class was auto-generated by the StronglyTypedResourceBuilder
+ // class via a tool like ResGen or Visual Studio.
+ // To add or remove a member, edit your .ResX file then rerun ResGen
+ // with the /str option, or rebuild your VS project.
+ [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+ [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+ [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+ internal class Resources {
+
+ private static global::System.Resources.ResourceManager resourceMan;
+
+ private static global::System.Globalization.CultureInfo resourceCulture;
+
+ [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+ internal Resources() {
+ }
+
+ ///
+ /// Returns the cached ResourceManager instance used by this class.
+ ///
+ [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+ internal static global::System.Resources.ResourceManager ResourceManager {
+ get {
+ if (object.ReferenceEquals(resourceMan, null)) {
+ global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("PEToolkit.Properties.Resources", typeof(Resources).Assembly);
+ resourceMan = temp;
+ }
+ return resourceMan;
+ }
+ }
+
+ ///
+ /// Overrides the current thread's CurrentUICulture property for all
+ /// resource lookups using this strongly typed resource class.
+ ///
+ [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+ internal static global::System.Globalization.CultureInfo Culture {
+ get {
+ return resourceCulture;
+ }
+ set {
+ resourceCulture = value;
+ }
+ }
+ }
+}
diff --git a/PEToolkit/Properties/Resources.resx b/PEToolkit/Properties/Resources.resx
new file mode 100644
index 0000000..af7dbeb
--- /dev/null
+++ b/PEToolkit/Properties/Resources.resx
@@ -0,0 +1,117 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/microsoft-resx
+
+
+ 2.0
+
+
+ System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
+ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
+
+
\ No newline at end of file
diff --git a/PEToolkit/Properties/Settings.Designer.cs b/PEToolkit/Properties/Settings.Designer.cs
new file mode 100644
index 0000000..890f240
--- /dev/null
+++ b/PEToolkit/Properties/Settings.Designer.cs
@@ -0,0 +1,26 @@
+//------------------------------------------------------------------------------
+//
+// This code was generated by a tool.
+// Runtime Version:4.0.30319.42000
+//
+// Changes to this file may cause incorrect behavior and will be lost if
+// the code is regenerated.
+//
+//------------------------------------------------------------------------------
+
+namespace PEToolkit.Properties {
+
+
+ [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+ [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "14.0.0.0")]
+ internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
+
+ private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
+
+ public static Settings Default {
+ get {
+ return defaultInstance;
+ }
+ }
+ }
+}
diff --git a/PEToolkit/Properties/Settings.settings b/PEToolkit/Properties/Settings.settings
new file mode 100644
index 0000000..3964565
--- /dev/null
+++ b/PEToolkit/Properties/Settings.settings
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+