DISCLAIMER

This software is provided "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantibility and fitness for a particular purpose are disclaimed. In no event shall the author be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.


DESCRIPTION

Modify PE is a commandline tool, which can be used to manipulate the Header of PE-Executables. The tool has two main functions. 

-realign the physical/virtual structure of a file (can be used to make executables smaller without packing)
-delete/add physical/virtual space in a section (can be used to add code to an executable)

The virtual/physical realignment are self explanatory and can be used by most people even if they know nothing about the PE Structure or Asm. Just be careful what alignment you choose, because there is no sanity check in the code. According to Microsoft Object Align must be a power of 2 between 512 and 256MB, File Align should be a power of 2 between 512 and 64KB.

But the second feature is the main reason i have written this tool. If you want to shrink or extend a section, there are a lot of RVAs (relativ virtual addresses) in the file which need patching. This is tedious to say the least, and if you dont know the PE Structure by heart you will certainly forget one RVA and corrupt the file. The tool takes care of patching all RVAs (hopefully ;) ). Only RVAs and the ObjectTable are patched nothing else.

If you delete/add phyiscal space, virtual space of the same size will also be deleted/added. The modified sections are aligned to object alignment and file alignment as specified in the PE Header.

EditPE copies the file to %root/temp/modifype.tmp. Then modifype.tmp get memmapped, and modified. If no error occurs the memmapped file is saved under the original filename. Therefore if a fatal error occurs and you didnt backup your file, the unmodified file can be found in the %root/temp folder and restored by hand. 


USAGE

Type ModifyPE to get help.

There are no sanity checks on the parameters you enter, in order to give you more control. This means your file will get corrupted if you dont take care.

-v (verbose output)
If you specify verbose output, some status information will be printed to Standard Output. Changes in size are always printed as size increases, e.g. if the virtual size of the image decreases by 0x1000 you will get the output:  Increase by: FFFFF000. 

-p (prevent padding)
If you use physical realign, this switch prevents the padding of the last section to file alignment. A few bytes can be saved this way, but I am not sure the executable will run on every Win32 Platform.


LIMITATIONS

Files must be < 4 GB.
By using realign, holes in the virtual/phyiscal layout of the sections get deleted, e.g. the RVA of a section is 0x1000, virtual size of section is 0x2000, ObjectAlignment ist 0x2000 but the RVA of the next section is 0x6000 and not 0x4000. I do not know why the linker would leave such a hole in the virtual/physical section layout. Perhaps somebody has more information and could enlighten me.


NOTES

If FileAlignment is bigger than ObjectAlignment, the file will not run.
This is still a beta, and I know there are problems under Win95. Under WinNT it was tested and should run without trouble. I also lack information on the exact structure of the reloc section. There may be some RVAs my code does not patch.


HISTORY

01.09.99	v0.8, first official release (still beta version)

11.12.99	v0.81, bug fixes


CONTACT

	metheus@gmx.net


PGP KEY

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.0.2

mQENAzfJWrwAAAEIANMLQTpGCoLf+pXFgsxXWcs0ndEYWofdXf3OC3Z1S/QXl6i7
9/DEuk/KgbjzKc3oJZiC+z9qqhUeBRdY3PF7nz/4rYw7M673PCPTuhf2ce13TLzk
D12/jJw2KEsYQ6opf7uaxFBcMSrm5OKguzTkEPxRHMsIbCowsEmnh+n2/zO+gNda
KPcJb+hkYMLGu8VwN4nkgMxtVcc/WR51MnsMI3nRW22ixAOHsQ4RTvvirN4iYCp+
Lqfig9AaouqNr172VgNowLfovwO4uwCzXeRNVsYtP/AoSD48U9LvKs/wOesT84Pn
CMfriKKq/KZMsZBO15mQ29SvRsgosCoqgKAyaZ8ABRG0GW1ldGhldXMgPG1ldGhl
dXNAZ214Lm5ldD6JARUDBRA3yVq8sCoqgKAyaZ8BATLzB/9uNh4l80EvvIzNO80h
K+78qeqMjvyAN0vbF6OzXeNGUF/JFZvEH6Zjk/V16cJlqJkZNVzBMYPSHvWNVCAi
+qn09dBvYo3fNo2OwR1Vst4XuyaoX2sEu+J0wp2fJFnBV5u+hAn9jvYCe0LUfiIq
uOd7wYstYZATCfacEXfXzG7Oe5ZJYUWHSm9UWEeT0ktAWyRswntFBytLfQswuOfx
iLpEL0/6xdzRpt3/6sbs5cyHB49rKRP4V1aSzYUqkQbZTa2iYuB8e7uYHBWRLf3B
9oZtQiKjsQxWJQpBLnI1DtOGjcu/3/vqVRInjQ1Ai6xmoH4Jf793DeLZ8P3IAaEI
FsvG
=30EN
-----END PGP PUBLIC KEY BLOCK-----


GREETINGS

The Nasm Team, for an excellent free assembler
Anthony A.J. Williams, for ALINK
Philippe Auphelle, for win32asm documentation
Sven B. Schreiber, for the Walk32 package
