Pelles C forum

C language => Work in progress => Topic started by: TimoVJL on July 12, 2017, 09:21:37 pm

Title: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on July 12, 2017, 09:21:37 pm
Project freezed.
TLPEView only partially imitate wjr's PEView (http://wjradburn.com/software/) program that support only x86.
A lot of bugs and quite slow, but was made for x86/x64 exe/dll.

EDIT 2017-08-16: first version with primitive plugin support. a28. Binaries only.
                           Plugin name mask "TLPEPl*.dll". Save sample attached.

EDIT 2017-08-26: one useless exe check for possible a DOS exe removed. a29.
EDIT 2017-08-27: fix symbol table crash. a30.
EDIT 2017-10-13: fix DllCharacteristic. a31.
EDIT 2018-02-12: fix symbol table section name a32.
EDIT 2018-05-31: show file or view offset. a33.
EDIT 2018-07-08: list debug types. a34
EDIT 2018-08-06: fix for import hints/names and empty section. a35

EDIT 2019-03-30: UNICODE a43 objs, IMAGE_FILE_MACHINE_UNKNOWN
EDIT 2019-04-13: UNICODE a44 fix export table forwards.
EDIT 2019-04-15: UNICODE a45 changes in menu handling and listview header for clipboard
EDIT 2019-06-26: UNICODE a46 export name buffer overflow

EDIT: Plugins:
Plugins must be in same folder as TLPEView.
With a good luck plugins are listed in TreeView node context menu with mouse right click.

Another site masm32 (http://masm32.com/board/index.php?topic=7435.msg81276#msg81276) for downloads.
Title: Re: TLPEView partially imitate wrj's PEView
Post by: Grincheux on July 13, 2017, 06:01:17 pm
Works fine on W7 Pro ;D

Not slow
Title: Re: TLPEView partially imitate wrj's PEView
Post by: frankie on July 14, 2017, 09:10:33 am
Nice job Timo  :)
Title: Re: TLPEView partially imitate wrj's PEView
Post by: jj2007 on July 14, 2017, 02:20:31 pm
Great work indeed!
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Grincheux on July 14, 2017, 07:05:33 pm
Quote
some fixes and without crt as Avast don't like it.

Uninstall Avast it does not detect anything! :P
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Grincheux on July 14, 2017, 07:11:37 pm
For me it is perfect, the program is very very fast. :D
Suggestions :
Display ressources as text,
Create RC file
Export code section

This program could be a good tool for preparing disassembly.

Very good work.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jj2007 on July 19, 2017, 01:38:18 am
New version tested on my library, works great. Compliments, Timo!
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on July 21, 2017, 11:35:23 am
Hi Timo,

Nice job. I am testing your tool. Thanks for your work.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: frankie on July 22, 2017, 11:42:20 pm
Good job   :D
Maybe a 64bits version of tools is redundant.
Development tools are generally just 32bits because can run on both systems while producing both outputs...  ;)
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on July 31, 2017, 07:24:33 pm
Hi Timo,

Thanks again for the great work. I will let you know if I find issues.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on August 11, 2017, 09:25:09 pm
I am thankful for Vortex, as he have pointed me a lot about of errors.
I hope this program is helpful users who want to check x64 PE files.
When basic program is stable, then it is time to think features and possible an/a add-in/plugin feature .
For x86 users PEView is a good/better option.
The public development depends on interest of users. (shall i just develop this for myself ;))
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jack on August 11, 2017, 11:19:14 pm
I too use PEviewers mainly to view the exported and imported functions in dll's but also some times I just want to know whether an exe is 32 or 64-bit
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on August 12, 2017, 10:07:22 pm
Hi Timo,

Many thanks for your nice work. You should maintain the tool for all the forum audience. I see a big potential in your application.  With TLPEView, it's easy to study the internals of MS COFF object modules : For example, one can code a MS COFF object file processor to extract the data or code section for special purposes. I will let you know about the details.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: jack on August 13, 2017, 08:13:13 pm
hello TimoVJL
I use Exescope an old 32-bit utility, here's screenshot (http://i.imgur.com/DdXAeYw.jpg)
I like your programs ability to work with both 32 and 64 files, but for a naive user as myself it would be nice to have something like the above, to easily see the dependencies and the exported names.
Title: Re: TLPEView partially imitate wjr's PEView (FREEZED)
Post by: Vortex on August 17, 2017, 02:16:43 pm
Hi Jack,

Attached is a screenshot viewing the functions exported by kernel32.lib

Title: Re: TLPEView plugins TLPEPlgUDis86 and TLPEPlgZydis
Post by: TimoVJL on August 18, 2017, 08:56:45 am
New example:
TLPEPlgUDis86 plugin for TLPEView.
Using udis86 (http://udis86.sourceforge.net) or udis86 radare (https://github.com/radare/udis86)

TLPEPlgZydis
Using Zydis 2 (https://github.com/zyantific/zydis)
Title: Re: TLPEView partially imitate wjr's PEView (FREEZED)
Post by: frankie on August 18, 2017, 12:56:16 pm
Very good!  ;)
Title: IMAGE_OPTIONAL_HEADER subtree
Post by: Jupiter on September 07, 2017, 02:26:48 pm
Subtree of IMAGE_OPTIONAL_HEADER doesn't react on clicks at all
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on September 07, 2017, 09:37:58 pm
Hi Jupiter,

Welcome to the forum. On my system, I can view the subtree IMAGE_OPTIONAL_HEADER. Could you please provide more information like your operation system and the file you are inspecting with TLPEView?
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on May 31, 2018, 01:51:52 pm
These one are compiled with msvc 2017 and linked with msvcrt.lib for WindowsXP.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on June 01, 2018, 07:53:36 pm
Hi Timo,

Quote
These one are compiled with msvc 2017 and linked with msvcrt.lib for WindowsXP.

Thanks for this release. TLPEView64.exe works fine but TLPEView.exe fails and outputs the following error message :

Code: [Select]
The procedure entry point _except_handler4_common could not be located in the dynamic link library msvcrt.dll
OS : Windows XP 64-bit
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on June 02, 2018, 10:25:39 am
Thank's for test. Fixed with a correct msvcrt.lib.

EDIT: A smaller one linked with polink. (76 kB)

EDIT: What is that additional code what that 2017 insert ??? The speed optimization ;)
Code: [Select]
Windows x86 app O2
.text   92712
.rdata  12340
.data   3052
.reloc  6240
Total   114344

Windows x86 app O1
.text   43209
.rdata  12340
.data   3052
.reloc  3348
Total   61949
Code: [Select]
Windows x86 app
.text   52838
.rdata  9719
.data   5276
Total   67833

TLPEView.exe msvc 2015 + polink
Windows x86 app
.text   61964
.rdata  9684
.data   5348
Total   76996

TLPEView.exe msvc 2013
Windows x86 app
.text   61524
.rdata  12052
.data   3052
.reloc  4092
Total   80720

TLPEView.exe msvc 2015
Windows x86 app
.text   61864
.rdata  12420
.data   3048
.reloc  4108
Total   81440

TLPEView.exe msvc 2017 community
Windows x86 app
.text   92712
.rdata  12420
.data   3052
.reloc  6244
Total   114428
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on June 02, 2018, 10:45:17 am
Hi Timo,

Thanks for the new upload. It works on my system.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on March 10, 2019, 11:32:12 am
Hi Timo,

Thanks for the new release a42. TLPView cannot display the sections of an object file created with nidud's asmc. The attachment contains the object module and a screen capture.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on March 10, 2019, 11:43:37 am
There is a TLOMFView (https://forum.pellesc.de/index.php?topic=3246.msg12264#msg12264) for it.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: Vortex on March 11, 2019, 07:28:56 pm
Hi Timo,

Thanks. I forgo to specify the option /coff while assembling the code. Everything is fine now. My apologies.
Title: Re: TLPEView partially imitate wjr's PEView
Post by: TimoVJL on April 13, 2019, 09:05:44 pm
Updated 2019-04-13: UNICODE a44 fix some export table forwards issues.
Updated 2019-04-15: UNICODE a45 changes in menu handling and listview header for clipboard

Same zip as in masm32 (http://masm32.com/board/index.php?topic=7435.msg81276#msg81276)