📄 modpeskeleton.bas
字号:
Attribute VB_Name = "modPeSkeleton"
Option Explicit
'Common dialog constants
Const cdlOFNReadOnly = &H1
Const cdlOFNOverwritePrompt = &H2
Const cdlOFNHideReadOnly = &H4
Const cdlOFNNoChangeDir = &H8
Const cdlOFNHelpButton = &H10
Const cdlOFNNoValidate = &H100
Const cdlOFNAllowMultiselect = &H200
Const cdlOFNExtensionDifferent = &H400
Const cdlOFNPathMustExist = &H800
Const cdlOFNFileMustExist = &H1000
Const cdlOFNCreatePrompt = &H2000
Const cdlOFNShareAware = &H4000
Const cdlOFNNoReadOnlyReturn = &H8000
Const cdlOFNNoLongNames = &H40000
Const cdlOFNExplorer = &H80000
Const cdlOFNNoDereferenceLinks = &H100000
Const cdlOFNLongNames = &H200000
Const cdlCancel = 32755
'File constants
Public Const MAXNUMBERIMAGEENTRIES = 16 'Current PE file limit for number of DataDirectory directories
Public Const DOS_SIGNATURE = 23117 '"MZ" = 0x4D5A
Public Const PE_SIGNATURE = 17744 '"PE" + 0x00 = 0x50450000
Public Const LENNAME = 8 'Length of Section Header names
Public Const MAXSECTIONS = 16 'Current PE file limit for number of SectionHeader sections
Public Const VBVERTEXT = "VB5!" 'Current compiler/linker output version
Public Const VBINTRPTRTEXT = "MSVBVM60.DLL" 'Current interpreter filename
'Application-wide variables
Global SFile As String 'Source file name
Global SFilePath As String 'Source file path
Global DFile As String 'Destination directory dummy filename
Global DDirPath As String 'Destination directory path
Global ErrorFlag As Boolean 'Generic error flag
Global InFileNumber As Integer
Global OutFileNumber As Integer
Global DecLoadOffset As Double 'App load address
'--------------------------Begin Object structures-----------------
Public Type VB_Signature 'VB info
VBVer As String * 4 'BYTE * 4 = compiler/linker version
VBIntrptr As String * 12 'BYTE * 12 = interpreter filename
End Type
'General VB6 application data
Public Type App_Data 'Application specific data for RACE
DosHeaderOffset As Integer 'DWORD = location of DOS header (offset)in app
PeHeaderOffset As Double 'DWORD = location of PE header (offset)in app
OptHeaderOffset As Double 'DWORD = location of OPT header (offset)in app
SecHeaderOffset As Double 'DWORD = location of SEC header (offset)in app
VBStartOffset As Double 'DWORD = location of VB application (offset)in app
VBVerOffsetRaw As Double 'DWORD = location of VB signature (address) in app
VBVerOffsetMasked As Double 'DWORD = location of VB signature (offset)in app
VBIntrptrOffset As Double 'DWORD = location of VB interpreter (offset)in app
ProjRscDataOffset As Double 'DWORD = location of Resource Data (offset)in app
ProjDataAppReference As Double 'DWORD = location of RACE reference (offset) in app
ProjDataModuleTable As Double 'DWORD = location of VB modules
ProjVerDataOffsetRaw As Double 'DWORD = address of Version Data Pool in exe
ProjVerDataOffsetMasked As Double 'DWORD = offset to Version Data Pool in app
AppModuleCount As Byte 'BYTE = number of VB modules in app
StartUpName As String 'Name of first referenced object (if any)
StartUpType As Double 'Signature of startup object
StartUpOffset As Double 'Address of object block start
FormTableAddress As Double 'Address of form list table
BasicTableAddress As Double 'Address of basic list table
CompileType As String 'PCODE or NCODE
VBProjectHeaderOffset As Double 'DWORD = offset in exe of Project signature
NativeCodeAddressRaw As Double 'DWORD 0x0 if PCODE, address if NCODE
NativeCodeAddressMasked As Double 'DWORD 0x0 if PCODE, offset in exe if NCODE
End Type
'General VB6 application data
Public Type VBStart_Header
PushStartOpcode As Integer 'BYTE = opcode 68 = push
PushStartAddress As Double 'DWORD = address of VB signature
CallStartOpcode As Integer 'BYTE = opcode E8 = jmp
CallStartAddress As Double 'DWORD = address of interpreter entry
End Type
'Generic DOS file data
Public Type Dos_Header 'Standard DOS header
Magic As Double 'WORD
NumBytesLastPage As Double 'WORD
NumPages As Double 'WORD
NumRelocates As Double 'WORD
NumHeaderBlks As Double 'WORD
NumMinBlks As Double 'WORD
NumMaxBlks As Double 'WORD
SSPointer As Double 'WORD
SPPointer As Double 'WORD
Checksum As Double 'WORD
IPPointer As Double 'WORD
CurrentSeg As Double 'WORD
RelocTablePointer As Double 'WORD
Overlay As Double 'WORD
ReservedW1 As Double 'WORD
ReservedW2 As Double 'WORD
ReservedW3 As Double 'WORD
ReservedW4 As Double 'WORD
OEMType As Double 'WORD
OEMData As Double 'WORD
ReservedW5 As Double 'WORD
ReservedW6 As Double 'WORD
ReservedW7 As Double 'WORD
ReservedW8 As Double 'WORD
ReservedW9 As Double 'WORD
ReservedW10 As Double 'WORD
ReservedW11 As Double 'WORD
ReservedW12 As Double 'WORD
ReservedW13 As Double 'WORD
ReservedW14 As Double 'WORD
ExeHeaderPointer As Double 'DWORD
End Type
'PE file data
Public Type PE_Header 'Standard PE header
Magic As Double 'DWORD
Machine As Double 'WORD
NumSections As Double 'WORD
TimeDate As Double 'DWORD
SymbolTablePointer As Double 'DWORD
NumSymbols As Double 'DWORD
OptionalHdrSize As Double 'WORD
Properties As Double 'WORD
End Type
'PE file data
Public Type Data_Dir 'Standard Data Directory
Name As String 'Variable
Address As Double 'DWORD
Size As Double 'DWORD
End Type
'PE file data
Public Type Opt_Header 'Standard Option Header
Magic As Double 'WORD
MajLinkerVer As Integer 'BYTE
MinLinkerVer As Integer 'BYTE
CodeSize As Double 'DWORD
InitDataSize As Double 'DWORD
UninitDataSize As Double 'DWORD
entrypoint As Double 'DWORD
CodeBase As Double 'DWORD
DataBase As Double 'DWORD
ImageBase As Double 'DWORD
SectionAlignment As Double 'DWORD
FileAlignment As Double 'DWORD
MajOSVer As Double 'WORD
MinOSVer As Double 'WORD
MajImageVer As Double 'WORD
MinImageVer As Double 'WORD
MajSSysVer As Double 'WORD
MinSSysVer As Double 'WORD
Win32Ver As Double 'DWORD
SizeImage As Double 'DWORD
SizeHeader As Double 'DWORD
Checksum As Double 'DWORD
SSystem As Double 'WORD
DLLProperties As Double 'WORD
SSizeRes As Double 'DWORD
SSizeCom As Double 'DWORD
HSizeRes As Double 'DWORD
HSizeCom As Double 'DWORD
LFlags As Double 'DWORD
NumRVA_Sizes As Double 'DWORD
DataDirectory(MAXNUMBERIMAGEENTRIES) As Data_Dir
End Type
'PE file data
Public Type Sec_Header 'Standard Section Header
SecName As String * LENNAME 'BYTE[LENNAME]
Misc As Double 'DWORD
Address As Double 'DWORD
SizeRawData As Double 'DWORD
RawDataPointer As Double 'DWORD
RelocationPointer As Double 'DWORD
LineNumPointer As Double 'DWORD
NumRelocations As Double 'WORD
NumLineNumbers As Double 'WORD
Properties As Double 'DWORD
End Type
Private Type IMAGE_IMPORT_DESCRIPTOR
lpImportByName As Long ''\\ 0 for terminating null import descriptor
TimeDateStamp As Long ''\\ 0 if not bound,
''\\ -1 if bound, and real date\time stamp
''\\ in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)
''\\ O.W. date/time stamp of DLL bound to (Old BIND)
ForwarderChain As Long ''\\ -1 if no forwarders
lpName As Long
lpFirstThunk As Long ''\\ RVA to IAT (if bound this IAT has actual addresses)
End Type
Private Type IMAGE_EXPORT_DIRECTORY
Characteristics As Long
TimeDateStamp As Long
MajorVersion As Integer
MinorVersion As Integer
lpName As Long
Base As Long
NumberOfFunctions As Long
NumberOfNames As Long
lpAddressOfFunctions As Long '\\ Three parrallel arrays...(LONG)
lpAddressOfNames As Long '\\ (LONG)
lpAddressOfNameOrdinals As Long '\\ (INTEGER)
End Type
Private Type IMAGE_DATA_DIRECTORY
VirtualAddress As Long
Size As Long
End Type
Public AppData As App_Data
Public VBStartHeader As VBStart_Header
Public VBSignature As VB_Signature
Public PEImport() As IMAGE_IMPORT_DESCRIPTOR
Public PeExport As IMAGE_EXPORT_DIRECTORY
Public DosHeader As Dos_Header
Public PEHeader As PE_Header
Public OptHeader As Opt_Header
Public SecHeader(MAXSECTIONS) As Sec_Header
Private Type IMPORT_API_LOOKUP
ApiName As String
Address As Long
End Type
Public exeIMPORT_APINAME() As IMPORT_API_LOOKUP
'Used to get correct entry point for VB5
Global mImageBaseAlign As Double
Public Function CheckHeader() As Boolean
'Assume a good file
CheckHeader = True
gDllProject = False
'************************
'All files must start with the DOS signature
'************************
'Save the DOSHeader offset (always 0x0000!)
AppData.DosHeaderOffset = 0
'Get the DOS signature, check for error
Call GetDOSSignature
If ErrorFlag = True Then
CheckHeader = False
Exit Function
End If
'*******************************
'The DOS header follows the DOS signature
'*******************************
'Get the Dos header, check for error
Call GetDOSHeader
If ErrorFlag = True Then
CheckHeader = False
Exit Function
End If
'*******************************
'The DOS header holds the PE file signature
'*******************************
'Move to the location where the PE signature should be
Seek #InFileNumber, DosHeader.ExeHeaderPointer + 1
'Get the PE signature, check error
Call GetPESignature
If ErrorFlag = True Then
CheckHeader = False
Exit Function
End If
'************************************
'The PEfile header data exists just after the PE signature
'************************************
'Save the PEHeader offset
AppData.PeHeaderOffset = Seek(InFileNumber) - 1
'Get the PEHeader
Call GetPEHeader
'************************************
'The OPTion header exists just after the PE header
'***********************************
'Save the OPTHeader offset
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -