peview: Add raw sections, Add raw prodid hash, Add unused header bytes, Disable PE directory rva highlighting

Author: dmex

tools/peview/pedirprp.c

@@ -22,37 +22,37 @@
 
 #include <peview.h>
 
-BOOLEAN PvpPeCheckImageDataEntryAddress(
-    _In_ ULONG Index,
-    _In_ ULONG StartRva,
-    _In_ ULONG EndRva
-    )
-{
-    PIMAGE_DATA_DIRECTORY directory;
-
-    for (ULONG i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
-    {
-        if (i == Index)
-            continue;
-
-        if (NT_SUCCESS(PhGetMappedImageDataEntry(&PvMappedImage, i, &directory)))
-        {
-            if ((StartRva >= directory->VirtualAddress) &&
-                (StartRva < directory->VirtualAddress + directory->Size))
-            {
-                return TRUE;
-            }
-
-            if ((EndRva >= directory->VirtualAddress) &&
-                (EndRva < directory->VirtualAddress + directory->Size))
-            {
-                return TRUE;
-            }
-        }
-    }
-
-    return FALSE;
-}
+//BOOLEAN PvpPeCheckImageDataEntryAddress(
+//    _In_ ULONG Index,
+//    _In_ ULONG StartRva,
+//    _In_ ULONG EndRva
+//    )
+//{
+//    PIMAGE_DATA_DIRECTORY directory;
+//
+//    for (ULONG i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
+//    {
+//        if (i == Index)
+//            continue;
+//
+//        if (NT_SUCCESS(PhGetMappedImageDataEntry(&PvMappedImage, i, &directory)))
+//        {
+//            if ((StartRva >= directory->VirtualAddress) &&
+//                (StartRva < directory->VirtualAddress + directory->Size))
+//            {
+//                return TRUE;
+//            }
+//
+//            if ((EndRva >= directory->VirtualAddress) &&
+//                (EndRva < directory->VirtualAddress + directory->Size))
+//            {
+//                return TRUE;
+//            }
+//        }
+//    }
+//
+//    return FALSE;
+//}
 
 VOID PvpPeEnumerateImageDataDirectory(
     _In_ HWND ListViewHandle,
@@ -63,7 +63,7 @@ VOID PvpPeEnumerateImageDataDirectory(
     INT lvItemIndex;
     ULONG directoryAddress = 0;
     ULONG directorySize = 0;
-    BOOLEAN directoryOverlay = FALSE;
+    //BOOLEAN directoryOverlay = FALSE;
     PIMAGE_DATA_DIRECTORY directory;
     PIMAGE_SECTION_HEADER directorySection = NULL;
     WCHAR value[PH_INT64_STR_LEN_1];
@@ -85,18 +85,18 @@ VOID PvpPeEnumerateImageDataDirectory(
             directorySection = PhMappedImageRvaToSection(&PvMappedImage, directoryAddress);
         }
 
-        if (directoryAddress && directorySize)
-        {
-            directoryOverlay = PvpPeCheckImageDataEntryAddress(
-                Index,
-                directoryAddress,
-                PtrToUlong(PTR_ADD_OFFSET(directoryAddress, directorySize))
-                );
-        }
+        //if (directoryAddress && directorySize)
+        //{
+        //    directoryOverlay = PvpPeCheckImageDataEntryAddress(
+        //        Index,
+        //        directoryAddress,
+        //        PtrToUlong(PTR_ADD_OFFSET(directoryAddress, directorySize))
+        //        );
+        //}
     }
 
     PhPrintUInt32(value, Index + 1);
-    lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, value, (PVOID)directoryOverlay);
+    lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, value, NULL);
     PhSetListViewSubItem(ListViewHandle, lvItemIndex, 1, Name);
 
     if (directoryAddress)
@@ -170,16 +170,16 @@ typedef struct _PVP_PE_DIRECTORY_CONTEXT
     HIMAGELIST ListViewImageList;
 } PVP_PE_DIRECTORY_CONTEXT, *PPVP_PE_DIRECTORY_CONTEXT;
 
-COLORREF NTAPI PvPeSectionColorFunction(
-    _In_ INT Index,
-    _In_ PVOID Param,
-    _In_opt_ PVOID Context
-    )
-{
-    if ((BOOLEAN)Param)
-        return RGB(0xf0, 0xa0, 0xa0);
-    return RGB(0xff, 0xff, 0xff);
-}
+//COLORREF NTAPI PvPeSectionColorFunction(
+//    _In_ INT Index,
+//    _In_ PVOID Param,
+//    _In_opt_ PVOID Context
+//    )
+//{
+//    if ((BOOLEAN)Param)
+//        return RGB(0xf0, 0xa0, 0xa0);
+//    return RGB(0xff, 0xff, 0xff);
+//}
 
 INT_PTR CALLBACK PvpPeDirectoryDlgProc(
     _In_ HWND hwndDlg,
@@ -221,7 +221,7 @@ INT_PTR CALLBACK PvpPeDirectoryDlgProc(
             PhAddListViewColumn(context->ListViewHandle, 5, 5, 5, LVCFMT_LEFT, 100, L"Section");
             PhAddListViewColumn(context->ListViewHandle, 6, 6, 6, LVCFMT_LEFT, 100, L"Hash");
             PhSetExtendedListView(context->ListViewHandle);
-            ExtendedListView_SetItemColorFunction(context->ListViewHandle, PvPeSectionColorFunction);
+            //ExtendedListView_SetItemColorFunction(context->ListViewHandle, PvPeSectionColorFunction);
             PhLoadListViewColumnsFromSetting(L"ImageDirectoryListViewColumns", context->ListViewHandle);
 
             if (context->ListViewImageList = ImageList_Create(2, 20, ILC_MASK | ILC_COLOR, 1, 1))

tools/peview/peprp.c

@@ -52,7 +52,8 @@ typedef enum _PVP_IMAGE_GENERAL_INDEX
     PVP_IMAGE_GENERAL_INDEX_IMAGESIZE,
     PVP_IMAGE_GENERAL_INDEX_ENTRYPOINT,
     PVP_IMAGE_GENERAL_INDEX_CHECKSUM,
-    PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT,
+    //PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT,
+    PVP_IMAGE_GENERAL_INDEX_HEADERSPARE,
     PVP_IMAGE_GENERAL_INDEX_SUBSYSTEM,
     PVP_IMAGE_GENERAL_INDEX_SUBSYSTEMVERSION,
     PVP_IMAGE_GENERAL_INDEX_CHARACTERISTICS,
@@ -477,38 +478,11 @@ static NTSTATUS CheckSumImageThreadStart(
     )
 {
     HWND windowHandle = Parameter;
-    PPH_STRING importHash = NULL;
     ULONG checkSum;
-    HANDLE fileHandle;
 
     checkSum = PhCheckSumMappedImage(&PvMappedImage);
 
-    if (NT_SUCCESS(PhCreateFileWin32(
-        &fileHandle,
-        PhGetString(PvFileName),
-        FILE_READ_DATA | SYNCHRONIZE,
-        FILE_ATTRIBUTE_NORMAL,
-        FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
-        FILE_OPEN,
-        FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT
-        )))
-    {
-        BYTE importTableMd5Hash[16];
-
-        if (NT_SUCCESS(RtlComputeImportTableHash(fileHandle, importTableMd5Hash, RTL_IMPORT_TABLE_HASH_REVISION)))
-        {
-            importHash = PhBufferToHexString(importTableMd5Hash, 16);
-        }
-
-        NtClose(fileHandle);
-    }
-
-    PostMessage(
-        windowHandle,
-        PVM_CHECKSUM_DONE,
-        checkSum,
-        (LPARAM)importHash
-        );
+    PostMessage(windowHandle, PVM_CHECKSUM_DONE, checkSum, 0);
 
     return STATUS_SUCCESS;
 }
@@ -546,7 +520,7 @@ VERIFY_RESULT PvpVerifyFileWithAdditionalCatalog(
             PhSkipStringRef(&remainingFileName, windowsAppsPath->Length);
             indexOfBackslash = PhFindCharInStringRef(&remainingFileName, OBJ_NAME_PATH_SEPARATOR, FALSE);
 
-            if (indexOfBackslash != -1)
+            if (indexOfBackslash != SIZE_MAX)
             {
                 baseFileName.Buffer = FileName->Buffer;
                 baseFileName.Length = windowsAppsPath->Length + indexOfBackslash * sizeof(WCHAR);
@@ -818,7 +792,6 @@ VOID PvpSetPeImageSize(
     PPH_STRING string;
     ULONG lastRawDataAddress = 0;
     ULONG64 lastRawDataOffset = 0;
-    ULONG64 lastRawDataAddressSize = 0;
 
     // https://reverseengineering.stackexchange.com/questions/2014/how-can-one-extract-the-appended-data-of-a-portable-executable/2015#2015
 
@@ -907,13 +880,38 @@ VOID PvpSetPeImageCheckSum(
     string = PhFormatString(L"0x%I32x (verifying...)", PvMappedImage.NtHeaders->OptionalHeader.CheckSum); // same for 32-bit and 64-bit images
 
     PhSetListViewSubItem(ListViewHandle, PVP_IMAGE_GENERAL_INDEX_CHECKSUM, 1, string->Buffer);
-    PhSetListViewSubItem(ListViewHandle, PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT, 1, L"(verifying...)");
 
     PhQueueItemWorkQueue(PhGetGlobalWorkQueue(), CheckSumImageThreadStart, WindowHandle);
 
     PhDereferenceObject(string);
 }
 
+VOID PvpSetPeImageSpareHeaderBytes(
+    _In_ HWND ListViewHandle
+    )
+{
+    if (PvMappedImage.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
+    {
+        ULONG nativeHeadersLength = PtrToUlong(PTR_SUB_OFFSET(PvMappedImage.NtHeaders32, PvMappedImage.ViewBase));
+        ULONG optionalHeadersLength = UFIELD_OFFSET(IMAGE_NT_HEADERS32, OptionalHeader) + PvMappedImage.NtHeaders32->FileHeader.SizeOfOptionalHeader;
+        ULONG sectionsLength = PvMappedImage.NtHeaders32->FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER);
+        ULONG totalLength = nativeHeadersLength + optionalHeadersLength + sectionsLength;
+        ULONG spareLength = PtrToUlong(PTR_SUB_OFFSET(PvMappedImage.NtHeaders32->OptionalHeader.SizeOfHeaders, totalLength));
+
+        PhSetListViewSubItem(ListViewHandle, PVP_IMAGE_GENERAL_INDEX_HEADERSPARE, 1, PhaFormatSize(spareLength, ULONG_MAX)->Buffer);
+    }
+    else if (PvMappedImage.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
+    {
+        ULONG nativeHeadersLength = PtrToUlong(PTR_SUB_OFFSET(PvMappedImage.NtHeaders, PvMappedImage.ViewBase));
+        ULONG optionalHeadersLength = UFIELD_OFFSET(IMAGE_NT_HEADERS64, OptionalHeader) + PvMappedImage.NtHeaders->FileHeader.SizeOfOptionalHeader;
+        ULONG sectionsLength = PvMappedImage.NtHeaders->FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER);
+        ULONG totalLength = nativeHeadersLength + optionalHeadersLength + sectionsLength;
+        ULONG spareLength = PtrToUlong(PTR_SUB_OFFSET(PvMappedImage.NtHeaders->OptionalHeader.SizeOfHeaders, totalLength));
+
+        PhSetListViewSubItem(ListViewHandle, PVP_IMAGE_GENERAL_INDEX_HEADERSPARE, 1, PhaFormatSize(spareLength, ULONG_MAX)->Buffer);
+    }
+}
+
 VOID PvpSetPeImageSubsystem(
     _In_ HWND ListViewHandle
     )
@@ -1045,14 +1043,14 @@ VOID PvpSetPeImageCharacteristics(
         &debugEntry
         )))
     {
-        ULONG characteristics = ULONG_MAX;
+        ULONG characteristicsEx = ULONG_MAX;
 
         if (debugEntryLength == sizeof(ULONG))
-            characteristics = *(ULONG*)debugEntry;
+            characteristicsEx = *(ULONG*)debugEntry;
 
-        if (characteristics != ULONG_MAX)
+        if (characteristicsEx != ULONG_MAX)
         {
-            if (characteristics & IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT)
+            if (characteristicsEx & IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT)
                 PhAppendStringBuilder2(&stringBuilder, L"CET compatible, ");
         }
     }
@@ -1382,7 +1380,8 @@ VOID PvpSetPeImageProperties(
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_IMAGESIZE, L"Image size", NULL);
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_ENTRYPOINT, L"Entry point", NULL);
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_CHECKSUM, L"Header checksum", NULL);
-    PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT, L"Import checksum", NULL);
+    //PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT, L"Import checksum", NULL);
+    PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_HEADERSPARE, L"Header spare", NULL);
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_SUBSYSTEM, L"Subsystem", NULL);
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_SUBSYSTEMVERSION, L"Subsystem version", NULL);
     PhAddListViewGroupItem(Context->ListViewHandle, PVP_IMAGE_GENERAL_CATEGORY_BASICINFO, PVP_IMAGE_GENERAL_INDEX_CHARACTERISTICS, L"Characteristics", NULL);
@@ -1403,6 +1402,7 @@ VOID PvpSetPeImageProperties(
     PvpSetPeImageSize(Context->ListViewHandle);
     PvpSetPeImageEntryPoint(Context->ListViewHandle);
     PvpSetPeImageCheckSum(Context->WindowHandle, Context->ListViewHandle);
+    PvpSetPeImageSpareHeaderBytes(Context->ListViewHandle);
     PvpSetPeImageSubsystem(Context->ListViewHandle);
     PvpSetPeImageCharacteristics(Context->ListViewHandle);
     // File information
@@ -1621,13 +1621,11 @@ INT_PTR CALLBACK PvpPeGeneralDlgProc(
     case PVM_CHECKSUM_DONE:
         {
             PPH_STRING string;
-            PPH_STRING importTableHash;
             ULONG headerCheckSum;
             ULONG realCheckSum;
 
             headerCheckSum = PvMappedImage.NtHeaders->OptionalHeader.CheckSum; // same for 32-bit and 64-bit images
             realCheckSum = (ULONG)wParam;
-            importTableHash = (PPH_STRING)lParam;
 
             if (headerCheckSum == 0)
             {
@@ -1648,12 +1646,6 @@ INT_PTR CALLBACK PvpPeGeneralDlgProc(
                 PhSetListViewSubItem(context->ListViewHandle, PVP_IMAGE_GENERAL_INDEX_CHECKSUM, 1, string->Buffer);
                 PhDereferenceObject(string);
             }
-
-            if (importTableHash)
-            {
-                PhSetListViewSubItem(context->ListViewHandle, PVP_IMAGE_GENERAL_INDEX_CHECKSUMIAT, 1, PhGetStringOrEmpty(importTableHash));
-                PhDereferenceObject(importTableHash);
-            }
         }
         break;
     case PVM_VERIFY_DONE:

tools/peview/pesectionprp.c

@@ -170,12 +170,20 @@ VOID PvSetPeImageSections(
             PhPrintUInt32(value, i + 1);
             lvItemIndex = PhAddListViewItem(ListViewHandle, MAXINT, value, &PvMappedImage.Sections[i]);
             PhSetListViewSubItem(ListViewHandle, lvItemIndex, 1, sectionName);
-            PhPrintPointer(value, UlongToPtr(PvMappedImage.Sections[i].VirtualAddress));
+
+            PhPrintPointer(value, UlongToPtr(PvMappedImage.Sections[i].PointerToRawData));
             PhSetListViewSubItem(ListViewHandle, lvItemIndex, 2, value);
-            PhPrintPointer(value, PTR_ADD_OFFSET(PvMappedImage.Sections[i].VirtualAddress, PvMappedImage.Sections[i].SizeOfRawData));
+            PhPrintPointer(value, PTR_ADD_OFFSET(PvMappedImage.Sections[i].PointerToRawData, PvMappedImage.Sections[i].SizeOfRawData));
             PhSetListViewSubItem(ListViewHandle, lvItemIndex, 3, value);
             PhSetListViewSubItem(ListViewHandle, lvItemIndex, 4, PhaFormatSize(PvMappedImage.Sections[i].SizeOfRawData, ULONG_MAX)->Buffer);
-            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 5, PH_AUTO_T(PH_STRING, PvGetSectionCharacteristics(PvMappedImage.Sections[i].Characteristics))->Buffer);
+
+            PhPrintPointer(value, UlongToPtr(PvMappedImage.Sections[i].VirtualAddress));
+            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 5, value);
+            PhPrintPointer(value, PTR_ADD_OFFSET(PvMappedImage.Sections[i].VirtualAddress, PvMappedImage.Sections[i].Misc.VirtualSize));
+            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 6, value);
+            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 7, PhaFormatSize(PvMappedImage.Sections[i].Misc.VirtualSize, ULONG_MAX)->Buffer);
+
+            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 8, PH_AUTO_T(PH_STRING, PvGetSectionCharacteristics(PvMappedImage.Sections[i].Characteristics))->Buffer);
 
             if (PvMappedImage.Sections[i].VirtualAddress && PvMappedImage.Sections[i].SizeOfRawData)
             {
@@ -194,7 +202,7 @@ VOID PvSetPeImageSections(
                         if (PhFinalHash(&hashContext, hash, 16, NULL))
                         {
                             hashString = PhBufferToHexString(hash, 16);
-                            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 6, hashString->Buffer);
+                            PhSetListViewSubItem(ListViewHandle, lvItemIndex, 9, hashString->Buffer);
                             PhDereferenceObject(hashString);
                         }
                     }
@@ -206,7 +214,7 @@ VOID PvSetPeImageSections(
                     //message = PH_AUTO(PhGetNtMessage(GetExceptionCode()));
                     message = PH_AUTO(PhGetWin32Message(RtlNtStatusToDosError(GetExceptionCode()))); // WIN32_FROM_NTSTATUS
 
-                    PhSetListViewSubItem(ListViewHandle, lvItemIndex, 6, PhGetStringOrEmpty(message));
+                    PhSetListViewSubItem(ListViewHandle, lvItemIndex, 9, PhGetStringOrEmpty(message));
                 }
             }
         }
@@ -251,11 +259,14 @@ INT_PTR CALLBACK PvPeSectionsDlgProc(
             PhSetControlTheme(context->ListViewHandle, L"explorer");
             PhAddListViewColumn(context->ListViewHandle, 0, 0, 0, LVCFMT_LEFT, 40, L"#");
             PhAddListViewColumn(context->ListViewHandle, 1, 1, 1, LVCFMT_LEFT, 80, L"Name");
-            PhAddListViewColumn(context->ListViewHandle, 2, 2, 2, LVCFMT_LEFT, 100, L"RVA (start)");
-            PhAddListViewColumn(context->ListViewHandle, 3, 3, 3, LVCFMT_LEFT, 100, L"RVA (end)");
-            PhAddListViewColumn(context->ListViewHandle, 4, 4, 4, LVCFMT_LEFT, 80, L"Size");
-            PhAddListViewColumn(context->ListViewHandle, 5, 5, 5, LVCFMT_LEFT, 250, L"Characteristics");
-            PhAddListViewColumn(context->ListViewHandle, 6, 6, 6, LVCFMT_LEFT, 80, L"Hash");
+            PhAddListViewColumn(context->ListViewHandle, 2, 2, 2, LVCFMT_LEFT, 100, L"RAW (start)");
+            PhAddListViewColumn(context->ListViewHandle, 3, 3, 3, LVCFMT_LEFT, 100, L"RAW (end)");
+            PhAddListViewColumn(context->ListViewHandle, 4, 4, 4, LVCFMT_LEFT, 80, L"RAW (size)");
+            PhAddListViewColumn(context->ListViewHandle, 5, 5, 5, LVCFMT_LEFT, 100, L"RVA (start)");
+            PhAddListViewColumn(context->ListViewHandle, 6, 6, 6, LVCFMT_LEFT, 100, L"RVA (end)");
+            PhAddListViewColumn(context->ListViewHandle, 7, 7, 7, LVCFMT_LEFT, 80, L"RVA (size)");
+            PhAddListViewColumn(context->ListViewHandle, 8, 8, 8, LVCFMT_LEFT, 250, L"Characteristics");
+            PhAddListViewColumn(context->ListViewHandle, 9, 9, 9, LVCFMT_LEFT, 80, L"Hash");
             //ExtendedListView_SetItemColorFunction(context->ListViewHandle, PvPeCharacteristicsColorFunction);
             ExtendedListView_SetCompareFunction(context->ListViewHandle, 1, PvPeVirtualAddressCompareFunction);
             ExtendedListView_SetCompareFunction(context->ListViewHandle, 2, PvPeSizeOfRawDataCompareFunction);

tools/peview/peview.rc

@@ -410,11 +410,13 @@ STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSM
 CAPTION "ProdID"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
-    CONTROL         "",IDC_LIST,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_TABSTOP,0,38,300,242
+    CONTROL         "",IDC_LIST,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_TABSTOP,0,52,300,228
     LTEXT           "Checksum:",IDC_STATIC,7,7,38,8
     EDITTEXT        IDC_PRODCHECKSUM,58,7,217,12,ES_AUTOHSCROLL | ES_READONLY | NOT WS_BORDER
-    LTEXT           "Hash:",IDC_STATIC,7,21,38,8
+    LTEXT           "Hash (raw):",IDC_STATIC,7,21,38,8
     EDITTEXT        IDC_PRODHASH,58,21,217,12,ES_AUTOHSCROLL | ES_READONLY | NOT WS_BORDER
+    LTEXT           "Hash:",IDC_STATIC,7,35,38,8
+    EDITTEXT        IDC_PRODHASH2,58,35,217,12,ES_AUTOHSCROLL | ES_READONLY | NOT WS_BORDER
 END
 
 IDD_PEDEBUG DIALOGEX 0, 0, 300, 280

tools/peview/resource.h

@@ -64,6 +64,7 @@
 #define IDC_PREVIEW                     1023
 #define IDC_PRODCHECKSUM                1025
 #define IDC_PRODHASH                    1026
+#define IDC_PRODHASH2                   1027
 #define IDC_FONT                        1079
 #define IDC_GOTO                        1079
 #define IDC_RESET                       1086