Pelles C forum

C language => Work in progress => Topic started by: TimoVJL on July 12, 2017, 09:21:37 pm

Title: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on July 12, 2017, 09:21:37 pm
Project freezed.
TLPEView only partially imitate wjr's PEView (http://wjradburn.com/software/) program that support only x86.
A lot of bugs and quite slow, but was made for x86/x64 exe/dll.

EDIT 2017-08-16: first version with primitive plugin support. a28. Binaries only.
                           Plugin name mask "TLPEPl*.dll". Save sample attached.

EDIT 2017-08-26: one useless exe check for possible a DOS exe removed. a29.
EDIT 2017-08-27: fix symbol table crash. a30.
EDIT 2017-10-13: fix DllCharacteristic. a31.

EDIT: Plugins:
Plugins must be in same folder as TLPEView.
With a good luck plugins are listed in TreeView node context menu with mouse right click.

Title: Re: TLPEView partially imitate wrj's PEView
Post by: Grincheux on July 13, 2017, 06:01:17 pm
Works fine on W7 Pro ;D

Not slow
Title: Re: TLPEView partially imitate wrj's PEView
Post by: frankie on July 14, 2017, 09:10:33 am
Nice job Timo  :)
Title: Re: TLPEView partially imitate wrj's PEView
Post by: jj2007 on July 14, 2017, 02:20:31 pm
Great work indeed!
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Grincheux on July 14, 2017, 07:05:33 pm
Quote
some fixes and without crt as Avast don't like it.

Uninstall Avast it does not detect anything! :P
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Grincheux on July 14, 2017, 07:11:37 pm
For me it is perfect, the program is very very fast. :D
Suggestions :
Display ressources as text,
Create RC file
Export code section

This program could be a good tool for preparing disassembly.

Very good work.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jj2007 on July 19, 2017, 01:38:18 am
New version tested on my library, works great. Compliments, Timo!
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on July 21, 2017, 11:35:23 am
Hi Timo,

Nice job. I am testing your tool. Thanks for your work.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: frankie on July 22, 2017, 11:42:20 pm
Good job   :D
Maybe a 64bits version of tools is redundant.
Development tools are generally just 32bits because can run on both systems while producing both outputs...  ;)
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on July 31, 2017, 07:24:33 pm
Hi Timo,

Thanks again for the great work. I will let you know if I find issues.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on August 11, 2017, 09:25:09 pm
I am thankful for Vortex, as he have pointed me a lot about of errors.
I hope this program is helpful users who want to check x64 PE files.
When basic program is stable, then it is time to think features and possible an/a add-in/plugin feature .
For x86 users PEView is a good/better option.
The public development depends on interest of users. (shall i just develop this for myself ;))
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jack on August 11, 2017, 11:19:14 pm
I too use PEviewers mainly to view the exported and imported functions in dll's but also some times I just want to know whether an exe is 32 or 64-bit
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on August 12, 2017, 10:07:22 pm
Hi Timo,

Many thanks for your nice work. You should maintain the tool for all the forum audience. I see a big potential in your application.  With TLPEView, it's easy to study the internals of MS COFF object modules : For example, one can code a MS COFF object file processor to extract the data or code section for special purposes. I will let you know about the details.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jack on August 13, 2017, 08:13:13 pm
hello TimoVJL
I use Exescope an old 32-bit utility, here's screenshot (http://i.imgur.com/DdXAeYw.jpg)
I like your programs ability to work with both 32 and 64 files, but for a naive user as myself it would be nice to have something like the above, to easily see the dependencies and the exported names.
Title: Re: TLPEView partially imitate wjr's PEView (FREEZED)
Post by: Vortex on August 17, 2017, 02:16:43 pm
Hi Jack,

Attached is a screenshot viewing the functions exported by kernel32.lib

Title: Re: TLPEView plugin TLPEPlgUDis86
Post by: TimoVJL on August 18, 2017, 08:56:45 am
New example:
TLPEPlgUDis86 plugin for TLPEView.
Using udis86 (http://udis86.sourceforge.net) or udis86 radare (https://github.com/radare/udis86)
Title: Re: TLPEView partially imitate wjr's PEView (FREEZED)
Post by: frankie on August 18, 2017, 12:56:16 pm
Very good!  ;)
Title: IMAGE_OPTIONAL_HEADER subtree
Post by: Jupiter on September 07, 2017, 02:26:48 pm
Subtree of IMAGE_OPTIONAL_HEADER doesn't react on clicks at all
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on September 07, 2017, 09:37:58 pm
Hi Jupiter,

Welcome to the forum. On my system, I can view the subtree IMAGE_OPTIONAL_HEADER. Could you please provide more information like your operation system and the file you are inspecting with TLPEView?