Jump to content
Vincent Parrett

Library for modifying windows PE files?

By Vincent Parrett, in General Help

Recommended Posts

Vincent Parrett    657

Vincent Parrett
Posted

I'm looking for a library that will allow me to modifying windows PE file, modifying/adding data directories/headers/sections etc.

 

Yes I could figure it all out myself, but time is short and I'm lazy, so I am hoping there is a library out there that will speed up the learning process - free/open source (not gpl) or commercial ok, as long as the source is available. 

 

Any suggestions? Thx.

 

 

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted
37 minutes ago, limelect said:

I hope this will bring you closer to your need

Thanks but not really - I need much more in depth than that.

Share this post

Link to post

dummzeuch    1392

dummzeuch
Posted
6 minutes ago, Vincent Parrett said:

Thanks but not really - I need much more in depth than that.

The GExperts PEInformation expert then probably won't be of much use either, even though it allows to access some more data (and it only supports 32 bit executables)

But I thought I'd mention it anyway.

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted
1 minute ago, dummzeuch said:

The GExperts PEInformation expert then probably won't be of much use either

Yeah I did have a quick look at it.. not what I need. I found plenty of code for reading the basic PE/MSDOS headers, but I need to get into the sections etc. I'm investigating adding certificates so need to enumerate sections and append some data to to the exe. So it's a lot more involved than just reading the basic info.

  • Like 1

Share this post

Link to post

Kas Ob.    91

Kas Ob.
Posted

I wrote many of these small and target specific tools, but they are not a library, they were functions and parts to do small jobs, so my suggestion is to do it like that, once you started you will see it is easy to achieve.

 

On side note : there is https://mitec.cz/pe.html which is only reader, but it is comprehensive and detailed and will give you the push to skip searching the net all day long looking for small pieces of information here and there.

May be a request to the author of MiTeC Portable Executable Reader to build a writer/editor part should be nice, he can do it efficiently in short time.

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted

Yeah I'm making progress just using the windows api's - the most annoying part is not having delphi translations for much of what I need. 

 

I did see the mitec library - as you say it doesn't do writing.  After spending much of the day searching/reading, I think I will just have to bite the bullet and do it from scratch. 

 

 

Share this post

Link to post

Uwe Raabe    1890

Uwe Raabe
Posted
39 minutes ago, Vincent Parrett said:

the most annoying part is not having delphi translations for much of what I need. 

Which APIs are you looking for?

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted
9 minutes ago, Uwe Raabe said:

Which APIs are you looking for?

ntifs.h, wintrust.h - probably others - still working out what I need.
 

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted

Actually found some wintrust api's are in WinApi.Windows - fooled by code insight again 🙄 

I really wish the windows api translations followed the original h files - a WinApi.Wintrust would make it much easier to find. 

 

  • Like 1

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted (edited)
6 hours ago, Anders Melander said:

map2pdb has code to read and update the PE header and add a section. You might be able to tweak that into whatever it is you're doing.

https://bitbucket.org/anders_melander/map2pdb/src/master/Source/debug.info.pdb.bind.pas

Actually this is really useful - I've been working from some C based examples - I do actually need to add another section so this is is exactly what I need thanks. 

Edited by Vincent Parrett
typo

Share this post

Link to post

dummzeuch    1392

dummzeuch
Posted
35 minutes ago, DelphiUdIT said:

This is part of project "Cmulator" made in Pascal. This is the license: https://github.com/Coldzer0/Cmulator/blob/master/LICENSE

"GNU AFFERO GENERAL PUBLIC LICENSE"

According to the abstract this sounds a lot like GPL.

But whatever the difference to the GPL might be. This:

Quote

Conditions

  • ...
  • Same license

 

... means I can't use it in any of my tools. I'm not going to change the license from MPL to anything GPL like.

I was actually thinking about using this to add support for 64 bit executables to the PE Information Expert in GExperts.

Share this post

Link to post

DelphiUdIT    132

DelphiUdIT
Posted
49 minutes ago, Markus Kinzler said:

The "normal GPL" doesn't apply if the program is installed on the Web/Cloud.

This licence explicitly iclude this scenario.

Sorry, I don't understand ... for me that license means that you cannot use the software without releasing the source (and also the source of the derived product), this is not correlated to Web / Cloud or others ....

I'm missing something and I'm wrong ?

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted
3 hours ago, dummzeuch said:

According to the abstract this sounds a lot like GPL.

Yes seems so, I saw that and decided against using it.

Share this post

Link to post

Markus Kinzler    162

Markus Kinzler
Posted
58 minutes ago, DelphiUdIT said:

Sorry, I don't understand ... for me that license means that you cannot use the software without releasing the source (and also the source of the derived product), this is not correlated to Web / Cloud or others ....

I'm missing something and I'm wrong ?

If you use Code from an gpl-licenced product, you have to release the code of your product, too. That's the idea behind the GPL.

It doesn't matter if you earn money with it or not. With the "publishing" of the program, you have to to this. If you use the programm on "your server" and let extern people use it ("Cloud") you wouldn't obliged to this, besides earning money with it.

So they introduced "GNU AFFERO GENERAL PUBLIC LICENSE" to assure the same behaviour. For Software beeing downloadable there is no difference to the GPL.

Share this post

Link to post

dummzeuch    1392

dummzeuch
Posted (edited)
2 hours ago, Markus Kinzler said:

If you use Code from an gpl-licenced product, you have to release the code of your product, too.

Actually no. With the normal GPL You only have to give the sources to those who you give the binary. You don't need to release it to the general public if you don't release the binary to the general public.

  1. If you only use it internally, you can keep your code confidential.
  2. If you give the binaries to a 3rd party, you will have to give them the source code too.
    1. That 3rd party does not release it to the general public, it will only be available to them.
    2. But: They have the right to release it and you are not allowed to restrict this right.

As you correctly pointed out, the GNU Affero GPL closes a perceived loop hole that is created by internal use for a publicly available service.

Edited by dummzeuch

Share this post

Link to post

Angus Robertson    526

Angus Robertson
Posted

You could look at https://github.com/mtrojnar/osslsigncode OpenSSL based Authenticode signing for PE/MSI/Java CAB files, 

 

There must be some code in there to add the certificate to the exe, or maybe the whole tool is what you are looking for, an alternate to signcode that does not have horrible pop-ups, builds on any platform.

 

If you can build it, I'd like to play with it.

 

Angus

 

Share this post

Link to post

Vincent Parrett    657

Vincent Parrett
Posted
4 hours ago, Angus Robertson said:

You could look at https://github.com/mtrojnar/osslsigncode OpenSSL based Authenticode signing for PE/MSI/Java CAB files, 

Yes thanks, I have seen this (and learned from it). 

 

I'm looking into building a remote signing tool - so that I can sign from multiple machines without needing the token drivers installed - right now we have to run all code signing on a single build agent that has access to the token - it's caused us a lot of work splitting out the code signing on all our build processes - which results in longer build times as we move files  between agents and the server - ie agentX  builds, sends artifacts back to server, server sends them to agent5 (the one that can sign), agent 5 signs them and sends them back to the server, which then sends them to agentX to continue the build process (pacakging and deployment etc). All very unsatisfactory. 

 

I haven't been able to work on it for a few weeks as other more urgent tasks popped up (like replacing confluence) but hope to get back to it soon.

Share this post

Link to post

PingPIng    23

PingPIng
Posted (edited)
14 hours ago, dummzeuch said:

"GNU AFFERO GENERAL PUBLIC LICENSE"

According to the abstract this sounds a lot like GPL.

But whatever the difference to the GPL might be. This:

... means I can't use it in any of my tools. I'm not going to change the license from MPL to anything GPL like.

I was actually thinking about using this to add support for 64 bit executables to the PE Information Expert in GExperts.

original source:
https://github.com/vdisasm/pe-image-for-delphi

license

https://github.com/vdisasm/pe-image-for-delphi/blob/master/LICENSE

........!!!!......!!!!

Edited by PingPIng
  • Like 1
  • Thanks 2

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing General Help
×