Vincent Parrett 750 Posted October 10, 2023 I'm looking for a library that will allow me to modifying windows PE file, modifying/adding data directories/headers/sections etc. Yes I could figure it all out myself, but time is short and I'm lazy, so I am hoping there is a library out there that will speed up the learning process - free/open source (not gpl) or commercial ok, as long as the source is available. Any suggestions? Thx. Share this post Link to post
limelect 48 Posted October 10, 2023 (edited) I hope this will bring you closer to your need https://www.swissdelphicenter.ch/en/showcode.php?id=1302 Edited October 10, 2023 by limelect Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 37 minutes ago, limelect said: I hope this will bring you closer to your need Thanks but not really - I need much more in depth than that. Share this post Link to post
dummzeuch 1505 Posted October 10, 2023 6 minutes ago, Vincent Parrett said: Thanks but not really - I need much more in depth than that. The GExperts PEInformation expert then probably won't be of much use either, even though it allows to access some more data (and it only supports 32 bit executables) But I thought I'd mention it anyway. Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 1 minute ago, dummzeuch said: The GExperts PEInformation expert then probably won't be of much use either Yeah I did have a quick look at it.. not what I need. I found plenty of code for reading the basic PE/MSDOS headers, but I need to get into the sections etc. I'm investigating adding certificates so need to enumerate sections and append some data to to the exe. So it's a lot more involved than just reading the basic info. 1 Share this post Link to post
Kas Ob. 121 Posted October 10, 2023 I wrote many of these small and target specific tools, but they are not a library, they were functions and parts to do small jobs, so my suggestion is to do it like that, once you started you will see it is easy to achieve. On side note : there is https://mitec.cz/pe.html which is only reader, but it is comprehensive and detailed and will give you the push to skip searching the net all day long looking for small pieces of information here and there. May be a request to the author of MiTeC Portable Executable Reader to build a writer/editor part should be nice, he can do it efficiently in short time. Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 Yeah I'm making progress just using the windows api's - the most annoying part is not having delphi translations for much of what I need. I did see the mitec library - as you say it doesn't do writing. After spending much of the day searching/reading, I think I will just have to bite the bullet and do it from scratch. Share this post Link to post
Uwe Raabe 2057 Posted October 10, 2023 39 minutes ago, Vincent Parrett said: the most annoying part is not having delphi translations for much of what I need. Which APIs are you looking for? Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 9 minutes ago, Uwe Raabe said: Which APIs are you looking for? ntifs.h, wintrust.h - probably others - still working out what I need. Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 Actually found some wintrust api's are in WinApi.Windows - fooled by code insight again 🙄 I really wish the windows api translations followed the original h files - a WinApi.Wintrust would make it much easier to find. 1 Share this post Link to post
Anders Melander 1784 Posted October 10, 2023 map2pdb has code to read and update the PE header and add a section. You might be able to tweak that into whatever it is you're doing. https://bitbucket.org/anders_melander/map2pdb/src/master/Source/debug.info.pdb.bind.pas Share this post Link to post
Vincent Parrett 750 Posted October 10, 2023 (edited) 6 hours ago, Anders Melander said: map2pdb has code to read and update the PE header and add a section. You might be able to tweak that into whatever it is you're doing. https://bitbucket.org/anders_melander/map2pdb/src/master/Source/debug.info.pdb.bind.pas Actually this is really useful - I've been working from some C based examples - I do actually need to add another section so this is is exactly what I need thanks. Edited October 10, 2023 by Vincent Parrett typo Share this post Link to post
PingPIng 23 Posted November 1, 2023 https://github.com/Coldzer0/Cmulator/tree/master/Core/PE Share this post Link to post
Vincent Parrett 750 Posted November 1, 2023 11 hours ago, PingPIng said: https://github.com/Coldzer0/Cmulator/tree/master/Core/PE Thanks, hadn't seen this one. Share this post Link to post
dummzeuch 1505 Posted November 2, 2023 22 hours ago, PingPIng said: https://github.com/Coldzer0/Cmulator/tree/master/Core/PE I'm unable to find the license for this library. Is it just me, or isn't it stated in the description? Share this post Link to post
DelphiUdIT 176 Posted November 2, 2023 (edited) 36 minutes ago, dummzeuch said: I'm unable to find the license for this library. Is it just me, or isn't it stated in the description? This is part of project "Cmulator" made in Pascal. This is the license: https://github.com/Coldzer0/Cmulator/blob/master/LICENSE Edited November 2, 2023 by DelphiUdIT 1 Share this post Link to post
dummzeuch 1505 Posted November 2, 2023 35 minutes ago, DelphiUdIT said: This is part of project "Cmulator" made in Pascal. This is the license: https://github.com/Coldzer0/Cmulator/blob/master/LICENSE "GNU AFFERO GENERAL PUBLIC LICENSE" According to the abstract this sounds a lot like GPL. But whatever the difference to the GPL might be. This: Quote Conditions ... Same license ... means I can't use it in any of my tools. I'm not going to change the license from MPL to anything GPL like. I was actually thinking about using this to add support for 64 bit executables to the PE Information Expert in GExperts. Share this post Link to post
Markus Kinzler 174 Posted November 2, 2023 1 hour ago, dummzeuch said: But whatever the difference to the GPL might be. This: The "normal GPL" doesn't apply if the program is installed on the Web/Cloud. This licence explicitly iclude this scenario. Share this post Link to post
DelphiUdIT 176 Posted November 2, 2023 49 minutes ago, Markus Kinzler said: The "normal GPL" doesn't apply if the program is installed on the Web/Cloud. This licence explicitly iclude this scenario. Sorry, I don't understand ... for me that license means that you cannot use the software without releasing the source (and also the source of the derived product), this is not correlated to Web / Cloud or others .... I'm missing something and I'm wrong ? Share this post Link to post
Vincent Parrett 750 Posted November 2, 2023 3 hours ago, dummzeuch said: According to the abstract this sounds a lot like GPL. Yes seems so, I saw that and decided against using it. Share this post Link to post
Markus Kinzler 174 Posted November 2, 2023 58 minutes ago, DelphiUdIT said: Sorry, I don't understand ... for me that license means that you cannot use the software without releasing the source (and also the source of the derived product), this is not correlated to Web / Cloud or others .... I'm missing something and I'm wrong ? If you use Code from an gpl-licenced product, you have to release the code of your product, too. That's the idea behind the GPL. It doesn't matter if you earn money with it or not. With the "publishing" of the program, you have to to this. If you use the programm on "your server" and let extern people use it ("Cloud") you wouldn't obliged to this, besides earning money with it. So they introduced "GNU AFFERO GENERAL PUBLIC LICENSE" to assure the same behaviour. For Software beeing downloadable there is no difference to the GPL. Share this post Link to post
dummzeuch 1505 Posted November 2, 2023 (edited) 2 hours ago, Markus Kinzler said: If you use Code from an gpl-licenced product, you have to release the code of your product, too. Actually no. With the normal GPL You only have to give the sources to those who you give the binary. You don't need to release it to the general public if you don't release the binary to the general public. If you only use it internally, you can keep your code confidential. If you give the binaries to a 3rd party, you will have to give them the source code too. That 3rd party does not release it to the general public, it will only be available to them. But: They have the right to release it and you are not allowed to restrict this right. As you correctly pointed out, the GNU Affero GPL closes a perceived loop hole that is created by internal use for a publicly available service. Edited November 2, 2023 by dummzeuch Share this post Link to post
Angus Robertson 574 Posted November 2, 2023 You could look at https://github.com/mtrojnar/osslsigncode OpenSSL based Authenticode signing for PE/MSI/Java CAB files, There must be some code in there to add the certificate to the exe, or maybe the whole tool is what you are looking for, an alternate to signcode that does not have horrible pop-ups, builds on any platform. If you can build it, I'd like to play with it. Angus Share this post Link to post
Vincent Parrett 750 Posted November 2, 2023 4 hours ago, Angus Robertson said: You could look at https://github.com/mtrojnar/osslsigncode OpenSSL based Authenticode signing for PE/MSI/Java CAB files, Yes thanks, I have seen this (and learned from it). I'm looking into building a remote signing tool - so that I can sign from multiple machines without needing the token drivers installed - right now we have to run all code signing on a single build agent that has access to the token - it's caused us a lot of work splitting out the code signing on all our build processes - which results in longer build times as we move files between agents and the server - ie agentX builds, sends artifacts back to server, server sends them to agent5 (the one that can sign), agent 5 signs them and sends them back to the server, which then sends them to agentX to continue the build process (pacakging and deployment etc). All very unsatisfactory. I haven't been able to work on it for a few weeks as other more urgent tasks popped up (like replacing confluence) but hope to get back to it soon. Share this post Link to post
PingPIng 23 Posted November 2, 2023 (edited) 14 hours ago, dummzeuch said: "GNU AFFERO GENERAL PUBLIC LICENSE" According to the abstract this sounds a lot like GPL. But whatever the difference to the GPL might be. This: ... means I can't use it in any of my tools. I'm not going to change the license from MPL to anything GPL like. I was actually thinking about using this to add support for 64 bit executables to the PE Information Expert in GExperts. original source: https://github.com/vdisasm/pe-image-for-delphi license https://github.com/vdisasm/pe-image-for-delphi/blob/master/LICENSE ........!!!!......!!!! Edited November 2, 2023 by PingPIng 1 2 Share this post Link to post