📄 pedump.c
字号:
typedef struct _IMAGE_RESOURCE_DIR_STRING_U {
WORD Length;
WCHAR NameString[ 1 ];
} IMAGE_RESOURCE_DIR_STRING_U, *PIMAGE_RESOURCE_DIR_STRING_U;
//
// Each resource data entry describes a leaf node in the resource directory
// tree. It contains an offset, relative to the beginning of the resource
// directory of the data for the resource, a size field that gives the number
// of bytes of data at that offset, a CodePage that should be used when
// decoding code point values within the resource data. Typically for new
// applications the code page would be the unicode code page.
//
typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
DWORD OffsetToData;
DWORD Size;
DWORD CodePage;
DWORD Reserved;
} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
//
// BitmapInfoHeader used in DIB Header (Icons, Cursors, Group ...s)
//
typedef struct tagBITMAPINFOHEADER { /* bmih */
DWORD biSize;
LONG biWidth;
LONG biHeight;
WORD biPlanes;
WORD biBitCount;
DWORD biCompression;
DWORD biSizeImage;
LONG biXPelsPerMeter;
LONG biYPelsPerMeter;
DWORD biClrUsed;
DWORD biClrImportant;
} BITMAPINFOHEADER, *PBITMAPINFOHEADER;
typedef struct tagRGBQUAD { /* rgbq */
BYTE rgbBlue;
BYTE rgbGreen;
BYTE rgbRed;
BYTE rgbReserved;
} RGBQUAD, *PRGBQUAD;
// Icon Resources ... addes by Sang Cho
typedef struct ICONDIR {
WORD idReserved;
WORD idType;
WORD idCount;
//ICONDIRENTRY idEntries[1];
} ICONHEADER, *PICONHEADER;
struct IconDirectoryEntry {
BYTE bWidth;
BYTE bHeight;
BYTE bColorCount;
BYTE bReserved;
WORD wPlanes;
WORD wBitCount;
DWORD dwBytesInRes;
DWORD dwImageOffset;
} ICONDIRENTRY, *PICONDIRENTRY;
// Menu Resources ... added by .....sang cho....
// Menu resources are composed of a menu header followed by a sequential list
// of menu items. There are two types of menu items: pop-ups and normal menu
// itmes. The MENUITEM SEPARATOR is a special case of a normal menu item with
// an empty name, zero ID, and zero flags.
typedef struct _IMAGE_MENU_HEADER{
WORD wVersion; // Currently zero
WORD cbHeaderSize; // Also zero
} IMAGE_MENU_HEADER, *PIMAGE_MENU_HEADER;
typedef struct _IMAGE_POPUP_MENU_ITEM{
WORD fItemFlags;
WCHAR szItemText[1];
} IMAGE_POPUP_MENU_ITEM, *PIMAGE_POPUP_MENU_ITEM;
typedef struct _IMAGE_NORMAL_MENU_ITEM{
WORD fItemFlags;
WORD wMenuID;
WCHAR szItemText[1];
} IMAGE_NORMAL_MENU_ITEM, *PIMAGE_NORMAL_MENU_ITEM;
#define GRAYED 0x0001 // GRAYED keyword
#define INACTIVE 0x0002 // INACTIVE keyword
#define BITMAP 0x0004 // BITMAP keyword
#define OWNERDRAW 0x0100 // OWNERDRAW keyword
#define CHECKED 0x0008 // CHECKED keyword
#define POPUP 0x0010 // used internally
#define MENUBARBREAK 0x0020 // MENUBARBREAK keyword
#define MENUBREAK 0x0040 // MENUBREAK keyword
#define ENDMENU 0x0080 // used internally
// Dialog Box Resources .................. added by sang cho.
// A dialog box is contained in a single resource and has a header and
// a portion repeated for each control in the dialog box.
// The item DWORD IStyle is a standard window style composed of flags found
// in WINDOWS.H.
// The default style for a dialog box is:
// WS_POPUP | WS_BORDER | WS_SYSMENU
//
// The itme marked "Name or Ordinal" are :
// If the first word is an 0xffff, the next two bytes contain an ordinal ID.
// Otherwise, the first one or more WORDS contain a double-null-terminated string.
// An empty string is represented by a single WORD zero in the first location.
//
// The WORD wPointSize and WCHAR szFontName entries are present if the FONT
// statement was included for the dialog box. This can be detected by checking
// the entry IStyle. If IStyle & DS_SETFONT ( which is 0x40), then these
// entries will be present.
typedef struct _IMAGE_DIALOG_BOX_HEADER1{
DWORD IStyle;
DWORD IExtendedStyle; // New for Windows NT
WORD nControls; // Number of Controls
WORD x;
WORD y;
WORD cx;
WORD cy;
// N_OR_O MenuName; // Name or Ordinal ID
// N_OR_O ClassName; // Name or Ordinal ID
// WCHAR szCaption[];
// WORD wPointSize; // Only here if FONT set for dialog
// WCHAR szFontName[]; // This too
} IMAGE_DIALOG_HEADER, *PIMAGE_DIALOG_HEADER;
typedef union _NAME_OR_ORDINAL{ // Name or Ordinal ID
struct _ORD_ID{
WORD flgId;
WORD Id;
} ORD_ID;
WCHAR szName[1];
} NAME_OR_ORDINAL, *PNAME_OR_ORDINAL;
// The data for each control starts on a DWORD boundary (which may require
// some padding from the previous control), and its format is as follows:
typedef struct _IMAGE_CONTROL_DATA{
DWORD IStyle;
DWORD IExtendedStyle;
WORD x;
WORD y;
WORD cx;
WORD cy;
WORD wId;
// N_OR_O ClassId;
// N_OR_O Text;
// WORD nExtraStuff;
} IMAGE_CONTROL_DATA, *PIMAGE_CONTROL_DATA;
#define BUTTON 0x80
#define EDIT 0x81
#define STATIC 0x82
#define LISTBOX 0x83
#define SCROLLBAR 0x84
#define COMBOBOX 0x85
// The various statements used in a dialog script are all mapped to these
// classes along with certain modifying styles. The values for these styles
// can be found in WINDOWS.H. All dialog controls have the default styles
// of WS_CHILD and WS_VISIBLE. A list of the default styles used follows:
//
// Statement Default Class Default Styles
// CONTROL None WS_CHILD|WS_VISIBLE
// LTEXT STATIC ES_LEFT
// RTEXT STATIC ES_RIGHT
// CTEXT STATIC ES_CENTER
// LISTBOX LISTBOX WS_BORDER|LBS_NOTIFY
// CHECKBOX BUTTON BS_CHECKBOX|WS_TABSTOP
// PUSHBUTTON BUTTON BS_PUSHBUTTON|WS_TABSTOP
// GROUPBOX BUTTON BS_GROUPBOX
// DEFPUSHBUTTON BUTTON BS_DFPUSHBUTTON|WS_TABSTOP
// RADIOBUTTON BUTTON BS_RADIOBUTTON
// AUTOCHECKBOX BUTTON BS_AUTOCHECKBOX
// AUTO3STATE BUTTON BS_AUTO3STATE
// AUTORADIOBUTTON BUTTON BS_AUTORADIOBUTTON
// PUSHBOX BUTTON BS_PUSHBOX
// STATE3 BUTTON BS_3STATE
// EDITTEXT EDIT ES_LEFT|WS_BORDER|WS_TABSTOP
// COMBOBOX COMBOBOX None
// ICON STATIC SS_ICON
// SCROLLBAR SCROLLBAR None
///
#define WS_OVERLAPPED 0x00000000L
#define WS_POPUP 0x80000000L
#define WS_CHILD 0x40000000L
#define WS_CLIPSIBLINGS 0x04000000L
#define WS_CLIPCHILDREN 0x02000000L
#define WS_VISIBLE 0x10000000L
#define WS_DISABLED 0x08000000L
#define WS_MINIMIZE 0x20000000L
#define WS_MAXIMIZE 0x01000000L
#define WS_CAPTION 0x00C00000L
#define WS_BORDER 0x00800000L
#define WS_DLGFRAME 0x00400000L
#define WS_VSCROLL 0x00200000L
#define WS_HSCROLL 0x00100000L
#define WS_SYSMENU 0x00080000L
#define WS_THICKFRAME 0x00040000L
#define WS_MINIMIZEBOX 0x00020000L
#define WS_MAXIMIZEBOX 0x00010000L
#define WS_GROUP 0x00020000L
#define WS_TABSTOP 0x00010000L
// other aliases
#define WS_OVERLAPPEDWINDOW (WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME | WS_MINIMIZEBOX | WS_MAXIMIZEBOX)
#define WS_POPUPWINDOW (WS_POPUP | WS_BORDER | WS_SYSMENU)
#define WS_CHILDWINDOW (WS_CHILD)
#define WS_TILED WS_OVERLAPPED
#define WS_ICONIC WS_MINIMIZE
#define WS_SIZEBOX WS_THICKFRAME
#define WS_TILEDWINDOW WS_OVERLAPPEDWINDOW
#define WS_EX_DLGMODALFRAME 0x00000001L
#define WS_EX_NOPARENTNOTIFY 0x00000004L
#define WS_EX_TOPMOST 0x00000008L
#define WS_EX_ACCEPTFILES 0x00000010L
#define WS_EX_TRANSPARENT 0x00000020L
#define BS_PUSHBUTTON 0x00000000L
#define BS_DEFPUSHBUTTON 0x00000001L
#define BS_CHECKBOX 0x00000002L
#define BS_AUTOCHECKBOX 0x00000003L
#define BS_RADIOBUTTON 0x00000004L
#define BS_3STATE 0x00000005L
#define BS_AUTO3STATE 0x00000006L
#define BS_GROUPBOX 0x00000007L
#define BS_USERBUTTON 0x00000008L
#define BS_AUTORADIOBUTTON 0x00000009L
#define BS_OWNERDRAW 0x0000000BL
#define BS_LEFTTEXT 0x00000020L
#define ES_LEFT 0x00000000L
#define ES_CENTER 0x00000001L
#define ES_RIGHT 0x00000002L
#define ES_MULTILINE 0x00000004L
#define ES_UPPERCASE 0x00000008L
#define ES_LOWERCASE 0x00000010L
#define ES_PASSWORD 0x00000020L
#define ES_AUTOVSCROLL 0x00000040L
#define ES_AUTOHSCROLL 0x00000080L
#define ES_NOHIDESEL 0x00000100L
#define ES_OEMCONVERT 0x00000400L
#define ES_READONLY 0x00000800L
#define ES_WANTRETURN 0x00001000L
#define LBS_NOTIFY 0x0001L
#define LBS_SORT 0x0002L
#define LBS_NOREDRAW 0x0004L
#define LBS_MULTIPLESEL 0x0008L
#define LBS_OWNERDRAWFIXED 0x0010L
#define LBS_OWNERDRAWVARIABLE 0x0020L
#define LBS_HASSTRINGS 0x0040L
#define LBS_USETABSTOPS 0x0080L
#define LBS_NOINTEGRALHEIGHT 0x0100L
#define LBS_MULTICOLUMN 0x0200L
#define LBS_WANTKEYBOARDINPUT 0x0400L
#define LBS_EXTENDEDSEL 0x0800L
#define LBS_DISABLENOSCROLL 0x1000L
#define SS_LEFT 0x00000000L
#define SS_CENTER 0x00000001L
#define SS_RIGHT 0x00000002L
#define SS_ICON 0x00000003L
#define SS_BLACKRECT 0x00000004L
#define SS_GRAYRECT 0x00000005L
#define SS_WHITERECT 0x00000006L
#define SS_BLACKFRAME 0x00000007L
#define SS_GRAYFRAME 0x00000008L
#define SS_WHITEFRAME 0x00000009L
#define SS_SIMPLE 0x0000000BL
#define SS_LEFTNOWORDWRAP 0x0000000CL
#define SS_BITMAP 0x0000000EL
//
// Debug Format
//
typedef struct _IMAGE_DEBUG_DIRECTORY {
DWORD Characteristics;
DWORD TimeDateStamp;
WORD MajorVersion;
WORD MinorVersion;
DWORD Type;
DWORD SizeOfData;
DWORD AddressOfRawData;
DWORD PointerToRawData;
} IMAGE_DEBUG_DIRECTORY, *PIMAGE_DEBUG_DIRECTORY;
#define IMAGE_DEBUG_TYPE_UNKNOWN 0
#define IMAGE_DEBUG_TYPE_COFF 1
#define IMAGE_DEBUG_TYPE_CODEVIEW 2
#define IMAGE_DEBUG_TYPE_FPO 3
#define IMAGE_DEBUG_TYPE_MISC 4
#define IMAGE_DEBUG_TYPE_EXCEPTION 5
#define IMAGE_DEBUG_TYPE_FIXUP 6
#define IMAGE_DEBUG_TYPE_OMAP_TO_SRC 7
#define IMAGE_DEBUG_TYPE_OMAP_FROM_SRC 8
typedef struct _IMAGE_DEBUG_MISC {
DWORD DataType; // type of misc data, see defines
DWORD Length; // total length of record, rounded to four
// byte multiple.
BOOLEAN Unicode; // TRUE if data is unicode string
BYTE Reserved[ 3 ];
BYTE Data[ 1 ]; // Actual data
} IMAGE_DEBUG_MISC, *PIMAGE_DEBUG_MISC;
//
// Debugging information can be stripped from an image file and placed
// in a separate .DBG file, whose file name part is the same as the
// image file name part (e.g. symbols for CMD.EXE could be stripped
// and placed in CMD.DBG). This is indicated by the IMAGE_FILE_DEBUG_STRIPPED
// flag in the Characteristics field of the file header. The beginning of
// the .DBG file contains the following structure which captures certain
// information from the image file. This allows a debug to proceed even if
// the original image file is not accessable. This header is followed by
// zero of more IMAGE_SECTION_HEADER structures, followed by zero or more
// IMAGE_DEBUG_DIRECTORY structures. The latter structures and those in
// the image file contain file offsets relative to the beginning of the
// .DBG file.
//
// If symbols have been stripped from an image, the IMAGE_DEBUG_MISC structure
// is left in the image file, but not mapped. This allows a debugger to
// compute the name of the .DBG file, from the name of the image in the
// IMAGE_DEBUG_MISC structure.
//
typedef struct _IMAGE_SEPARATE_DEBUG_HEADER {
WORD Signature;
WORD Flags;
WORD Machine;
WORD Characteristics;
DWORD TimeDateStamp;
DWORD CheckSum;
DWORD ImageBase;
DWORD SizeOfImage;
DWORD NumberOfSections;
DWORD ExportedNamesSize;
DWORD DebugDirectorySize;
DWORD SectionAlignment;
DWORD Reserved[2];
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -