📄 exerep.cpp
字号:
m_pNTOptHeader->DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ].VirtualAddress );
pRelocCur = pRelocTable ;
pRelocEnd = pRelocTable + m_pNTOptHeader->DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ].Size ;
while( ( pRelocCur < pRelocEnd )
&& ( *((DWORD*)pRelocCur) != 0 ) && (((DWORD*)pRelocCur)[1] != 0 ) )
{ // iteration sur les pages de 4 Ko
unsigned int iVirtAdr = *((DWORD*)pRelocCur) + m_pNTOptHeader->ImageBase ;
int iNumReloc = ( ((DWORD*)pRelocCur)[1] - sizeof( IMAGE_BASE_RELOCATION ) ) / sizeof(WORD) ;
pRelocCur += sizeof( IMAGE_BASE_RELOCATION );
for( int idReloc = 0 ; idReloc < iNumReloc ; idReloc++ , pRelocCur += sizeof(WORD) )
{ // iteration sur les reloc de la page
if( ( (*(WORD*)pRelocCur ) >> 12 ) & IMAGE_REL_BASED_HIGHLOW != 0 )
{
unsigned int iRelocVA = ( (*(WORD*)pRelocCur) & 0x0fff ) + iVirtAdr ;
CSymbol* pReloc = new CSymbol( iRelocVA ) ;
m_arRelocSymbols.insert( pReloc );
}
}
}
}
void CExeRep::AddExportSymb( )
{
static char_buff pszTmp ;
int iMaxNamedFunOrd = 0 ;
if( m_pNTOptHeader->DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress == 0 )
return ; // rien a exporter
// creation de fichier .def pour creer des import lib
sprintf( pszTmp ,"%s.def" , m_strBaseName.c_str() ) ;
FILE* pDefFile = fopen( pszTmp , "wb" ) ;
fprintf(pDefFile,"LIBRARY %s\n\nDESCRIPTION 'exported symbols def file '\n\nEXPORTS\n"
, m_strBaseName.c_str() ) ;
IMAGE_EXPORT_DIRECTORY* pExtDir = (IMAGE_EXPORT_DIRECTORY*)rva2ptr(
m_pNTOptHeader->DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress );
void** parFunNames = (void**)rva2ptr( (long)pExtDir->AddressOfNames );
WORD* pOrdinals = (WORD*)rva2ptr( (long)pExtDir->AddressOfNameOrdinals );
DWORD* pAdresses = (DWORD*)rva2ptr( (long)pExtDir->AddressOfFunctions );
const char* pFunName ;
int iOrdinal ;
DWORD dwFunAddress ;
CSymbol* pCurSymbol ;
for( int idFun = 0 ; idFun < pExtDir->NumberOfNames ; idFun ++ )
{
pFunName = (const char*)rva2ptr( (long)( parFunNames[ idFun ] ) ) ;
iOrdinal = pExtDir->Base + pOrdinals[ idFun ] ;
dwFunAddress = rva2va( pAdresses[ idFun ] ) ;
pCurSymbol = new CSymbol( dwFunAddress, cSymFunc | fSymPublic , pFunName );
m_arSymbols.insert( pCurSymbol ) ;
iMaxNamedFunOrd = max( iMaxNamedFunOrd , iOrdinal ) ;
fprintf( pDefFile , "\t%s\t@%i\n", pFunName , iOrdinal );
}
for( ; idFun < pExtDir->NumberOfFunctions ; idFun ++ )
{ // recuperation des fct exorte par ordinal -> ds l'ordre des ordinaux
++iMaxNamedFunOrd ;
iOrdinal = pExtDir->Base + pOrdinals[ idFun ] ;
dwFunAddress = rva2va( pAdresses[ idFun ] ) ;
pCurSymbol = new CSymbol( dwFunAddress, cSymFunc | fSymPublic , 0 );
m_arSymbols.insert( pCurSymbol ) ;
iMaxNamedFunOrd = max( iMaxNamedFunOrd , iOrdinal ) ;
fprintf( pDefFile , "\t%s\t@%i\tNONAME\n", pCurSymbol->GetName() , iOrdinal ) ;
}
fclose( pDefFile ) ;
}
void CExeRep::AddEntryPoint()
{
if( m_arSymbols.find( &CSymbol( m_pNTOptHeader->AddressOfEntryPoint + m_pNTOptHeader->ImageBase ) )
!= m_arSymbols.end() )
return ;
const char* pszEntryPoint ;
if( IsExeBin() )
pszEntryPoint = "main" ;
else
pszEntryPoint = "dllmain" ;
m_arSymbols.insert( new CSymbol( m_pNTOptHeader->AddressOfEntryPoint
+ m_pNTOptHeader->ImageBase, cSymFunc | fSymPublic , pszEntryPoint ) ) ;
}
CSection* CExeRep::GetSectFromVA( unsigned int uAdresse )
{
CSection* pRet = 0 ;
CSection* pSection ;
for( int idSect = 0 ; idSect < m_arSectHeader.size() ; idSect ++ )
{
pSection = m_arRawSections[idSect] ;
if( ( pSection->va_begin() <= uAdresse ) && ( pSection->va_end() > uAdresse ) )
{
pRet = pSection ;
break ;
}
}
return pRet ;
}
//////////////////////////////////////////////////////////////
// fonctions d'aides
bool CExeRep::IsExeBin()
{
return ( m_pNTHeader->Characteristics & IMAGE_FILE_DLL ) == 0 ;
}
bool CExeRep::HasReloc()
{
return ( m_pNTHeader->Characteristics & IMAGE_FILE_RELOCS_STRIPPED ) == 0 ;
}
bool CExeRep::LoadImpDll( const char* pszDllName )
{
int iMaxNamedFunOrd = 0 ;
LOADED_IMAGE sImage ;
unsigned long szDir ;
if( ! MapAndLoad( (char*)pszDllName , 0 , &sImage , TRUE , TRUE ) )
return false ;
dll_iterator iterDll = (m_arDll.insert( pair<const char* const,dllname_coll>( pszDllName , dllname_coll() ) ) ).first ;
IMAGE_EXPORT_DIRECTORY* pExtDir = (IMAGE_EXPORT_DIRECTORY* )ImageDirectoryEntryToData( sImage.MappedAddress , FALSE
, IMAGE_DIRECTORY_ENTRY_EXPORT , &szDir ) ;
void** parFunNames = (void**)ImageRvaToVa( sImage.FileHeader, sImage.MappedAddress , (long)pExtDir->AddressOfNames , 0 );
WORD* pOrdinals = (WORD*)ImageRvaToVa( sImage.FileHeader, sImage.MappedAddress , (long)pExtDir->AddressOfNameOrdinals , 0 );
dll_fun funName ;
for( int idFun = 0 ; idFun < pExtDir->NumberOfNames ; idFun ++ )
{
const char* pTmp ;
pTmp = (const char*)ImageRvaToVa( sImage.FileHeader, sImage.MappedAddress , (long)(parFunNames[idFun]) , 0 );
funName.m_bHasName = true ;
funName.m_pszDllName = pszDllName ;
funName.m_iOrdinal = pExtDir->Base + pOrdinals[idFun] ;
funName.m_pszName = new char[ strlen(pTmp) + 1 ] ;
strcpy( (char*)funName.m_pszName , pTmp ) ;
((*iterDll).second).push_back( funName ) ;
iMaxNamedFunOrd = max( iMaxNamedFunOrd , funName.m_iOrdinal ) ;
}
for( ; idFun < pExtDir->NumberOfFunctions ; idFun ++ )
{ // recuperation des fct exorte par ordinal -> ds l'ordre des ordinaux
++iMaxNamedFunOrd ;
funName.m_bHasName = false ;
funName.m_iOrdinal = iMaxNamedFunOrd ;
funName.m_pszDllName = pszDllName ;
funName.m_pszName = 0 ;
((*iterDll).second).push_back( funName ) ;
}
UnMapAndLoad( &sImage ) ;
return true ;
}
const char* CExeRep::GetNameFromOrd( const char* pszDllName ,int iOrdinal,bool* pbHasName )
{
dll_iterator iterDll = m_arDll.find( pszDllName ) ;
if( iterDll == m_arDll.end() )
return 0 ;
for( dllfun_iterator iterFctName = (*iterDll).second.begin()
; iterFctName != (*iterDll).second.end() ; ++ iterFctName )
{
if( iOrdinal == iterFctName->m_iOrdinal )
{
if( iterFctName->m_bHasName )
{
if( pbHasName != 0 ) *pbHasName = true ;
}
else
{
if( pbHasName != 0 ) *pbHasName = false ;
}
return iterFctName->GetName() ;
}
}
return 0 ;
}
int CExeRep::GetOrdFromName( const char* pszDllName , const char* pszFunName )
{
dll_iterator iterDll = m_arDll.find( pszDllName ) ;
if( iterDll == m_arDll.end() )
return 0 ;
for( dllfun_iterator iterFctName = (*iterDll).second.begin()
; iterFctName != (*iterDll).second.end() ; ++ iterFctName )
{
if( iterFctName->m_bHasName && ( stricmp( pszFunName , iterFctName->m_pszName ) == 0 ) )
return iterFctName->m_iOrdinal ;
}
return -1 ;
}
void CExeRep::AddSymbol( unsigned int uVA,unsigned int uRefVA, bool bTrust , unsigned int SymbolCat )
{
CSymbolColl::const_iterator prevSym = m_arSymbols.find( & CSymbol( uVA ) ) ;
bool bReallySymbol = bTrust || ( m_arRelocSymbols.find( & CSymbol( uRefVA ) ) != m_arRelocSymbols.end() ) ;
if( ( prevSym == m_arSymbols.end() ) && bReallySymbol )
{ // nouveau symbol a referencer
if( SymbolCat == cSymData ) // test si eventuellement callback
{
CSection* pSect = GetSectFromVA( uVA ) ;
if( ( pSect != 0 ) && pSect->IsCode() )
SymbolCat = cSymCallBack ;
}
m_arSymbols.insert( new CSymbol( uVA , SymbolCat ) ) ;
}
if( prevSym != m_arSymbols.end() && ( ( (*prevSym)->m_Attrib & fSymUser ) == 0 ) )
{ // on complete eventuellement
if( (*prevSym)->m_Attrib == cSymUnknown )
(*prevSym)->m_Attrib = SymbolCat ;
else if( ( (*prevSym)->m_Attrib == cSymData ) && ( SymbolCat == cSymDataPtr ) )
(*prevSym)->m_Attrib = cSymDataPtr ;
else if( ( (*prevSym)->m_Attrib == cSymCallBack )
&& ( ( SymbolCat == cSymJmp ) || ( SymbolCat == cSymFunc ) /*|| ( SymbolCat == cSymData )*/) )
(*prevSym)->m_Attrib = SymbolCat ;
}
}
const char* CExeRep::GetSymbName( unsigned int uVA, unsigned int refVA , bool bTrust , unsigned int uflags )
{
static char_buff pszRet ;
const char* pszTmp ;
CSymbolColl::const_iterator ppSymb = m_arSymbols.end() ;
// recherche si c'est un symbol et recupere un iterateur dessus ci c'est le cas
if( bTrust || ( m_arRelocSymbols.find( & CSymbol( refVA ) ) != m_arRelocSymbols.end() ) )
{
ppSymb = m_arSymbols.find( & CSymbol( uVA ) ) ;
if( ppSymb == m_arSymbols.end() )
{
//assert(0);
CSection* pSection = GetSectFromVA( uVA );
}
}
// recuperation symbol
if( ppSymb != m_arSymbols.end() )
pszTmp = (*ppSymb)->GetName() ;
else
pszTmp = GetValue( uVA , uflags ) ;
// decoration
if( ( uflags & cteDecorate ) != 0 )
{
if( ( ppSymb == m_arSymbols.end() ) && ( ( uflags & cteDecOffset ) != 0 ) )
return pszTmp ; // val num et offset
if( ( uflags & cteDecOffset ) == 0 )
sprintf( pszRet , "[ %s ]" , pszTmp ) ;
else
sprintf( pszRet , "offset %s" , pszTmp ) ;
return pszRet ;
}
else
return pszTmp ;
}
const char* CExeRep::GetValue( unsigned int uVal , int uflags )
{
static char pszTmpBuff[32] ;
if( ( uflags & cteFmtInteger ) != 0 )
{
if( ( uflags & cteFmtSign ) != 0 )
{
if( ((signed int)uVal) < 0 )
sprintf( pszTmpBuff , "- %i" , -((signed int)uVal) ) ;
else
sprintf( pszTmpBuff , "+ %i" , uVal ) ;
}
else
sprintf( pszTmpBuff , "%i" , uVal ) ;
}
else
{
sprintf( pszTmpBuff , "0%Xh" , uVal ) ;
}
return pszTmpBuff ;
}
CSymbol* CExeRep::GetSymbol( unsigned int uVA )
{
CSymbolColl::iterator iterCurSymb = m_arSymbols.find( &CSymbol( uVA ) ) ;
if( iterCurSymb == m_arSymbols.end() )
return 0 ;
else
return *iterCurSymb ;
}
CSymbol* CExeRep::FindSymbol( unsigned int uVA , unsigned int uMask )
{
symb_iterator iter = m_arSymbols.lower_bound( &CSymbol(uVA) ) ;
while( ( iter != m_arSymbols.end() ) && ( ( (*iter)->m_Attrib ) & uMask ) == 0 )
++ iter ;
if( iter == m_arSymbols.end() )
return 0 ;
else
return *iter ;
}
CSymbol* CExeRep::FindSymbol( unsigned int uVA )
{
symb_iterator iter = m_arSymbols.lower_bound( &CSymbol(uVA) ) ;
if( iter == m_arSymbols.end() )
return 0 ;
else
return *iter ;
}
void CExeRep::OutputMainHeader( FILE* pFile )
{
fprintf(pFile,"%s%s\n" , cteHeaderSep , cteHeaderStLine ) ;
fprintf(pFile, "%s PEDasm generated source file : %s.asm \n"
,cteHeaderStLine, m_strBaseName.c_str() );
fprintf(pFile, "%s\n%s\n"
,cteHeaderStLine, cteHeaderStLine );
fprintf( pFile, "\n\n.586P\n.model flat , stdcall\n\n" );
fprintf( pFile, "\n\n.radix 10 \n\n" );
fprintf( pFile, "include dllImport.inc\n\n" );
}
void CExeRep::OutputSectionHeader( CSection* pSection ,FILE* pFile )
{
fprintf(pFile,"\n\n\n%s%s section %8s\n" , cteHeaderSep
, cteHeaderStLine ,pSection->m_pHeader->Name) ;
fprintf(pFile,"%s\tV.A = 0x%08x , init part size = %u , total size = %u\n"
, cteHeaderStLine , pSection->va_begin() , pSection->init_size() , pSection->size() ) ;
fprintf(pFile,"%s\tflags : ", cteHeaderStLine );
if( ( pSection->GetFlags() & IMAGE_SCN_CNT_CODE ) != 0 )
fprintf(pFile," code section , ");
if( ( pSection->GetFlags() & IMAGE_SCN_CNT_INITIALIZED_DATA ) != 0 )
fprintf(pFile," initialized data section , ");
if( ( pSection->GetFlags() & IMAGE_SCN_CNT_UNINITIALIZED_DATA ) != 0 )
fprintf(pFile," uninitialized data section , ");
if( ( pSection->GetFlags() & IMAGE_SCN_LNK_INFO ) != 0 )
fprintf(pFile," section contains comments ,");
if( ( pSection->GetFlags() & IMAGE_SCN_LNK_NRELOC_OVFL ) != 0 )
fprintf(pFile," section contains extended relocations ,");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_DISCARDABLE ) != 0 )
fprintf(pFile," section can be discarded , ");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_NOT_CACHED ) != 0 )
fprintf(pFile," section not cachable ,");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_NOT_PAGED ) != 0 )
fprintf(pFile," section not pageable ,");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_SHARED ) != 0 )
fprintf(pFile," section in shared memory ,");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_EXECUTE ) != 0 )
fprintf(pFile," section executable , ");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_READ ) != 0 )
fprintf(pFile," section readable ");
if( ( pSection->GetFlags() & IMAGE_SCN_MEM_WRITE ) != 0 )
fprintf(pFile," section writeable ");
if( pSection->IsData() )
fprintf(pFile,"\n\n.data\n\n\n" ) ;
else if( pSection->IsCode() )
fprintf(pFile,"\n\n.code\n\nassume fs:nothing ; this requiered for SEH\n\n" ) ;
}
//////////////////////////////////////////////////////////////////
// fonctions globales
unsigned int GetImageSize( const char* pszStr )
{
_IMAGE_DOS_HEADER dosHeader ;
_IMAGE_FILE_HEADER NTHeader ;
IMAGE_OPTIONAL_HEADER NTOptHeader ;
DWORD dwNTSign ;
unsigned int uiRetSize ;
FILE* pFile = fopen( pszStr , "rb" ) ;
if( pFile == 0 )
{
printf( "error: unable to open file : %s\n" , pszStr ) ;
return 0;
}
fread( &dosHeader , sizeof( _IMAGE_DOS_HEADER ) , 1 , pFile );
fseek( pFile , dosHeader.e_lfanew , SEEK_SET ) ;
fread( &dwNTSign , 4 , 1 , pFile ) ;
if( dwNTSign != IMAGE_NT_SIGNATURE )
{
fclose(pFile) ;
printf( "error: unrecognized binary format , file : %s\n" , pszStr ) ;
return 0;
}
fread( &NTHeader , sizeof(_IMAGE_FILE_HEADER) , 1 , pFile ) ;
if( NTHeader.Machine != IMAGE_FILE_MACHINE_I386 )
{
fclose(pFile) ;
printf( "error: unknown processor , file : %s\n" , pszStr ) ;
return 0;
}
if( ( ( NTHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE ) == 0 )
|| ( NTHeader.SizeOfOptionalHeader == 0 ) )
{
fclose(pFile) ;
printf( "error: file : %s not executable\n" , pszStr ) ;
return 0 ;
}
fread( &NTOptHeader , sizeof( IMAGE_OPTIONAL_HEADER ) , 1 , pFile ) ;
uiRetSize = NTOptHeader.SizeOfImage ;
fclose(pFile) ;
return uiRetSize ;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -