📄 pe_dlls.idc
字号:
if(GetLastIndex(AR_LONG, BaseArray) == index++)
{
break;
}
}
DeleteArray(BaseArray);
}
static GetProcAddress(DLLBase, ProcName, ordinal)
{
auto PEoffset;
auto exportTable;
auto ord_base, num_at, num_np, at, np, ot;
auto retval;
PEoffset = LEDword(DLLBase + 0x3c) + DLLBase;
exportTable = LEDword(PEoffset + 0x78) + DLLBase;
if(SegStart(exportTable) == BADADDR)
{
WarningMessage(" export table is not in any section (run the PE_SECTIONS.IDC script on this DLL)!\n");
return 0;
}
ord_base = LEDword(exportTable + 0x10);
num_at = LEDword(exportTable + 0x14);
num_np = LEDword(exportTable + 0x18);
at = LEDword(exportTable + 0x1c) + DLLBase;
np = LEDword(exportTable + 0x20) + DLLBase;
ot = LEDword(exportTable + 0x24) + DLLBase;
if(ProcName != "")
{
auto at_proc_name;
auto pStr;
// we must find the ordinal number for the requested proc name
while(num_np)
{
pStr = LEDword(np) + DLLBase;
at_proc_name = Str(pStr);
if(ProcName == at_proc_name)
{
ordinal = LEWord(ot) + ord_base;
break;
}
np = np + 4;
ot = ot + 2;
num_np--;
}
if(!num_np)
{
return 0;
}
}
if(ordinal < ord_base)
{
return 0;
}
ordinal = ordinal - ord_base;
if(ordinal >= num_at)
{
return 0;
}
retval = LEDword(at + ordinal*4) + DLLBase;
// for later: do forwarder chain parsing...
return retval;
}
static toupper(value)
{
if((value < "a") || (value > "z"))
{
return value;
}
if(value == "a")
{
return "A";
}
else if(value == "b")
{
return "B";
}
else if(value == "c")
{
return "C";
}
else if(value == "d")
{
return "D";
}
else if(value == "e")
{
return "E";
}
else if(value == "f")
{
return "F";
}
else if(value == "g")
{
return "G";
}
else if(value == "h")
{
return "H";
}
else if(value == "i")
{
return "I";
}
else if(value == "j")
{
return "J";
}
else if(value == "k")
{
return "K";
}
else if(value == "l")
{
return "L";
}
else if(value == "m")
{
return "M";
}
else if(value == "n")
{
return "N";
}
else if(value == "o")
{
return "O";
}
else if(value == "p")
{
return "P";
}
else if(value == "q")
{
return "Q";
}
else if(value == "r")
{
return "R";
}
else if(value == "s")
{
return "S";
}
else if(value == "t")
{
return "T";
}
else if(value == "u")
{
return "U";
}
else if(value == "v")
{
return "V";
}
else if(value == "w")
{
return "W";
}
else if(value == "x")
{
return "X";
}
else if(value == "y")
{
return "Y";
}
else if(value == "z")
{
return "Z";
}
}
static FirstNamedSeg(SegToFind)
{
auto segName;
auto current;
#if defined(DEBUG_THIS)
WarningMessage(form("FirstNamedSeg: %s\n", SegToFind));
#endif
current = FirstSeg();
while(current != BADADDR)
{
segName = SegName(current);
#if defined(DEBUG_THIS)
WarningMessage(form("- SegName: %s", segName));
#endif
if(segName == SegToFind)
{
return current;
}
current = NextSeg(current);
}
return BADADDR;
}
static CleanDLLName(DLL_name)
{
auto retval;
retval = "";
if(DLL_name != "")
{
auto i, str_len;
str_len = strlen(DLL_name);
i = 0;
do
{
auto letter, sub_str;
sub_str = substr(DLL_name, i, i+1);
if((sub_str != ".") && ((sub_str < "0") || ((sub_str > "9") && (sub_str < "A") || (sub_str > "Z") && ((sub_str < "a") || (sub_str > "z")))))
{
sub_str = "_";
}
else if((sub_str >= "a") && (sub_str <= "z"))
{
sub_str = toupper(sub_str);
}
retval = retval + sub_str;
i++;
}
while(i != str_len);
}
#if defined(DEBUG_THIS)
WarningMessage(form("CleanDLLName: %s --> %s\n", DLL_name, retval));
#endif
return retval;
}
static LoadSingleDLL(DLL_name)
{
auto DLLBase, PEoffset, MZ_signature, PE_signature;
auto fhandle;
auto current;
DLL_name = CleanDLLName(DLL_name);
DLLBase = FirstNamedSeg(DLL_name + DLL_SEPERATOR + PE_HEADER_SECTION_NAME);
if((DLLBase == BADADDR) && (DLL_name == GetInputFile()))
{
DLLBase = FirstNamedSeg(PE_HEADER_SECTION_NAME);
}
if(DLLBase != BADADDR)
{
// DLL already loaded...
Message(" " + DLL_name + form(" already loaded at address %.8x\n", DLLBase));
return DLLBase; // must return the DLL image base
}
fhandle = fopen(DLL_name, "rb");
current = DLL_name;
while(fhandle == 0)
{
current = AskFile(-1, current, "Please find " + DLL_name + " for me.");
if(current == 0)
{
Message(" User didn't find " + DLL_name + "\n");
return -1;
}
fhandle = fopen(current, "rb");
}
// fhandle contains a valid handle to an open file.
if(MySeek(fhandle, 0, 0) != 0)
{
return -1;
}
Message(" " + DLL_name + " load information\n\n");
MZ_signature = readshort(fhandle, 0);
if((MZ_signature != 0x4d5a) && (MZ_signature != 0x5a4d))
{
WarningMessage("This is not an MZ executable!");
return -1;
}
MySeek(fhandle, 0x3c, 0);
PEoffset = readlong(fhandle, 0);
MySeek(fhandle, PEoffset, 0);
PE_signature = readlong(fhandle, 0);
if(PE_signature == 0x4550)
{
// MySeek(fhandle, PEoffset + 0x34, 0);
// DLLBase = readlong(fhandle, 0);
// if(SegStart(DLLBase) != BADADDR)
// {
// WarningMessage("Can't load " + DLL_name + ", address already in use.");
// return 0;
// }
DLLBase = LoadSections(fhandle, PEoffset, DLL_name);
// tables already taken care of
//
// if(DLLBase != -1)
// {
// doPETables(PEoffset, DLLBase, DLL_name);
// }
}
else
{
WarningMessage("This is not a PE executable!");
return -1;
}
fclose(fhandle);
return DLLBase;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -