 |
eXeL@B —› Софт, инструменты —› PE Relocation Builder by ghandi |
| Посл.ответ | Сообщение |
|
|
Создано: 20 мая 2012 14:12 · Личное сообщение · #1 I've been playing a little with C++ Builder lately and something i made was a relocation builder, it is still in development stages so this isn't even a beta it is more of a tester to see whether or not it is of any use and worth continuing with. The idea is simple enough: 1. Take a PE (x86 only at the moment) file and present a list of sections to scan, there is an option to scan all sections. 2. Scan designated sections for dwords which reference into the image, ie: above ImageBase but below ImageBase + SizeOfImage. 3. Fill treeview with details and allow user to peruse references to delete bogus entries, present hex and disasm of results and allow offsetting to check if it is a valid code reference. 4. Copy file into memory, allocate more for new relocation records and add a section header. Adjust PE header and insert records. It is up to the end user to ensure that the relocation records being built are for valid references and not bogus values that coincide with the range values, maybe there are heuristic ways of determining these things automatically but that is for a future possiblility only. The time consuming part would be to go through all hits and identify the bogus ones, because i have not done this i cannot verify whether or not the files created are valid... I did remove the relocation directory from dbghelp.dll and then rebuilt it, the dll loaded but the relocation directory was significantly larger than the one present in the unaltered file which says to me that i would have to cull out bogus entries before it would be valid... If anybody is bored enough or curious, feel free to test it and comment but if you do, make sure you verify every relocation you save before saying it saves invalid entries please. BeaEngine.dll is used for disassembling and before anybody says about loading 2 instances of the same library, that is not the point of the exercise and will not help with building relocations for a .exe file. Note: Relocation information tree view retains contents, but is cleared on new file loading or closing of form.   | Сообщение посчитали полезным: daFix, huckfuck, MasterSoft, vnekrilov, _ruzmaz_, deepred, plutos |
|
|
Создано: 06 января 2013 02:40 · Личное сообщение · #2 file is deleted, reupload please. thanks. |
|
|
Создано: 06 января 2013 02:43 · Личное сообщение · #3 cxj98 _http://forum.tuts4you.com/topic/29060-relocation-builder/ |
|
|
Создано: 06 января 2013 02:49 · Личное сообщение · #4 Again : _http://rghost.net/42768283 |
|
|
Создано: 06 января 2013 03:04 · Поправил: Модератор · Личное сообщение · #5 cxj98 What you want me to say? _http://bbs.pediy.com/showthread.php?t=151215&highlight=PE+Relocation+Builder 2012-05-26, 17:04:46 От модератора: Use EDIT button! |
|
eXeL@B —› Софт, инструменты —› PE Relocation Builder by ghandi |
Для печати