52ky 发表于 2021-6-25 14:14:59

Stud PE v2.6.1.0


- 添加了 Optionalheader.DllCharacteristic 标志修饰符;
- reloc 解析器的变化;现在遵循重定位 while(SizeOfBlock != 0) 而不是 VirtualAddress; reloc sec 中的第一个块,IMAGE_BASE_RELOCATION.VirtualAddress==0(XP 上的 beep.sys);
- 修复了在设置反编译资源标志时总是弹出的 dialogex(一种对话框);现在与“从 rsrc 创建对话框”复选框相关联;
- 在资源选项卡中浏览 PE 对话框时,可以创建更多对话框(通过 InitModalIndirect);但是我们无法显示菜单,因为这些菜单是在 dlgtemplate 中硬编码的,并在 dlg 创建时从我们调用的 hmodule 中加载;其他一些控件(如richedit)没有显示,因为这需要额外的初始化,我们不处理;
- 在“节”选项卡上使用“分析”时,将显示绑定的导入目录是否位于最后一节标题和第一节开头之间的空间内;添加新部分时,可以覆盖绑定的目录,因此您可以 nop 绑定的导入目录以使新的 exe 工作;


(- added Optionalheader.DllCharacteristic flags modifier;
- changes in the reloc parser; relocations are followed now while(SizeOfBlock != 0) instead of VirtualAddress; first chunk in reloc sec, IMAGE_BASE_RELOCATION.VirtualAddress==0 (beep.sys on XP);
- fixed dialogex (a type of dialogs) popping up always when decompile resource flag was set; associated now with "create dialogs from rsrc" checkbox;
- more dialogs can be created (via InitModalIndirect) when browsing PE dialogs in resources tab; however we can't show menus since those are hardcoded inside dlgtemplate and loaded at dlg creation time from hmodule from where we call; some other controls like richedit are not shown since this requires additional init and we don't handle that;
- when using Analyze on Sections tab, it will show if bound import dir lies inside teh space between last section's header and beginning of the first section; when adding new section, the bound dir can be overwritten so you may nop the bound imports dir to make the new exe working;)


页: [1]
查看完整版本: Stud PE v2.6.1.0