This is not for cracking or virus writing.


I want to look at the innards to see what I can learn. I am also looking for info on calling by ordinal. I am sure someone has written a veiwer for this by now.
Posted on 2001-09-07 17:25:43 by ThoughtCriminal
MASM32 package has dumpbin.exe

I found another a programfiles.com

It is to big to post here so if anyone wants it:


http://www.programfiles.com/index.asp?ID=8447
Posted on 2001-09-07 18:25:07 by ThoughtCriminal
some time ago I have written this app. Allows you to view the exported functions of LOADED dlls (sorry, Win9X/ME only, uses Toolhelpxxx stuff)



CLick here

japheth
Posted on 2001-09-08 13:01:55 by japheth
you mean something like tdump ? (tdump.exe from tasm) and if you don't know what tdump is just try it because it is maybe what you need ;)
Posted on 2001-09-09 05:34:54 by lifewire
Hi.
Japheth could you maybe post the source code for your procwine program? i'd really like to learn from it.
Posted on 2001-09-09 07:52:34 by darester
darester,

I really would like to post it, but it is written in C++, not ASM, and that's forbidden here. Sorry!

japheth
Posted on 2001-09-09 12:19:23 by japheth

darester,

I really would like to post it, but it is written in C++, not ASM, and that's forbidden here. Sorry!

japheth


Forbidden? That's new to me... Hiro?
:stupid:
Posted on 2001-09-09 13:22:19 by bazik
This is a PE viewer i made some time ago and i'm still working on it..source included of course :)
Hope that helps !


Latigo
Posted on 2001-09-09 16:49:21 by latigo
latigo,

the link seems to be broken. Better attach your app (with source :) included). Want to look if I can be "inspired" by some of your ideas.

japheth
Posted on 2001-09-10 03:49:29 by japheth
Geesh..you are right..my link was wrong.
I got the link from my own site and it has been broken all this time ! Argh !
Anyway, here's the attachment :)
Enjoy !!


Latigo

PD: you will SURELY have 'assembling' errors. All these are due different 'include' versions. Just hand-tweak and everything will be allrighty :)
Posted on 2001-09-10 09:25:17 by latigo
Japheth, maybe you could please send me the source per email?


My email: kane99@gmx.net
Posted on 2001-09-10 12:07:25 by darester
Dang Japheth! That is one VERY COOL program!! I plan on using it often :)
Posted on 2001-09-10 17:23:43 by Kenny
Thanks Kenny.

Darester, I cannot send you the source code, sorry. I have all rights of it, thats not the problem. But this program uses a module I have sold a source licence for, and it wouldn't be nice to my customer(s) to give anything away for free for which they have paid for.

But no problem. You can easily see which functions this app imports. Look the IAT. There is no dynamic linking used.

japheth
Posted on 2001-09-11 06:57:24 by japheth