📄 pe_sections.idc
字号:
}
}
}
}
// year - year number
// leap - 1 if it is a leap year
// TimeStamp - number of seconds passed into the year
day = TimeStamp/86400; // 0 <= day < 365
TimeStamp = TimeStamp - day*86400;
month = 1;
while(1)
{
// jan - 31
if(day < 31)
break;
day = day - 31;
month++;
// feb - 28 + 1(leap)
if(day < (28 + leap))
break;
day = day - (28 + leap);
month++;
// mar - 31
if(day < 31)
break;
day = day - 31;
month++;
// apr - 30
if(day < 30)
break;
day = day - 30;
month++;
// may - 31
if(day < 31)
break;
day = day - 31;
month++;
// jun - 30
if(day < 30)
break;
day = day - 30;
month++;
// jul - 31
if(day < 31)
break;
day = day - 31;
month++;
// aug - 31
if(day < 31)
break;
day = day - 31;
month++;
// sep - 30
if(day < 30)
break;
day = day - 30;
month++;
// okt - 31
if(day < 31)
break;
day = day - 31;
month++;
// nov - 30
if(day < 30)
break;
day = day - 30;
month++;
// des - 31
break;
}
day = day + 1;
// TimeStamp - number of seconds passed into the day-month-year
hour = TimeStamp/3600;
TimeStamp = TimeStamp - (hour*3600);
min = TimeStamp/60;
TimeStamp = TimeStamp - (min*60);
RetString = form("%i-%s-%i %i:%.02i:%.02i", day, getMonthStr(month), year, hour, min, TimeStamp);
return RetString;
}
static getMonthStr(month)
{
if(!--month)
{
return "jan";
}
if(!--month)
{
return "feb";
}
if(!--month)
{
return "mar";
}
if(!--month)
{
return "apr";
}
if(!--month)
{
return "may";
}
if(!--month)
{
return "jun";
}
if(!--month)
{
return "jul";
}
if(!--month)
{
return "aug";
}
if(!--month)
{
return "sep";
}
if(!--month)
{
return "oct";
}
if(!--month)
{
return "nov";
}
if(!--month)
{
return "dec";
}
return "invalid";
}
static ULDosDateToStr(TimeStamp)
{
auto year, month, day, hour, min, sec;
auto leap;
auto RetString;
if((TimeStamp == 0xffffffff) || (TimeStamp == 0))
{
return "uninitialized";
}
// TimeStamp is a DOS date of the following format
//
// 33222222222211111111110000000000
// 10987654321098765432109876543210
// | | | | | |
// | | | | | +++++ --- day (5) 4 - 0
// | | | | ++++ -------- month (4) 8 - 5
// | | | +++++++ ------------ year - 1980 (7) 15 - 9
// | | +++++ ------------------- seconds/2 (5) 20 - 16
// | ++++++ ------------------------ minutes (6) 26 - 21
// +++++ ------------------------------ hours (5) 31 - 27
day = (TimeStamp) & 0x1f;
month = (TimeStamp >> 5) & 0x0f;
year = ((TimeStamp >> 9) & 0x7f) + 1980;
sec = ((TimeStamp >> 16) & 0x1f) << 1;
min = (TimeStamp >> 21) & 0x3f;
hour = (TimeStamp >> 27) & 0x1f;
RetString = form("%i-%s-%i %i:%.02i:%.02i", day, getMonthStr(month), year, hour, min, sec);
return RetString;
}
static doPETables(PEoffset, imageBase, DLL_name)
{
auto ask_user, user_quit;
auto number_of_tables;
auto current;
auto table_start, table_size;
auto PEtype;
PEtype = LEWord(imageBase + PEoffset + 0x18);
if(PEtype != 0x20b)
{
number_of_tables = LEDword(imageBase + PEoffset + 0x74);
current = imageBase + PEoffset + 0x78;
}
else
{
number_of_tables = LEDword(imageBase + PEoffset + 0x84);
current = imageBase + PEoffset + 0x88;
}
///////////////////////////////////////////////////
// Various Structures
if(ExportStructs(imageBase, DLL_name) < 0)
{
return -1;
}
if(ImportStructs(imageBase, DLL_name) < 0)
{
return -1;
}
if(DebugStructs(imageBase, DLL_name) < 0)
{
return -1;
}
if(ResourceStructs(imageBase, DLL_name) < 0)
{
return -1;
}
if(TLSStructs(imageBase, DLL_name) < 0)
{
return -1;
}
///////////////////////////////////////////////////
// And now the tables
user_quit = 0; // just in case there are no tables.
while(1)
{
if(!number_of_tables--)
{
break;
}
#if !defined(DEBUG_ASK_TABLES)
ask_user = 1;
#else
ask_user = AskYN(1, "Do you want me to parse all the PE tables?");
#endif
// -1 - we return from this function.
// 0 - we ask the user which tables he wants.
// 1 - we do all the tables, with out anoying the user.
if(ask_user < 0)
{
break;
}
///////////////////////////////////////////////////
// exports
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doExportTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// imports
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doImportTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// resources
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doResourceTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// exceptions
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = 0; // doExceptionTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// security
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = 0; // doSecurityTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// relocations
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doRelocTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// debug
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doDebugTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// architecture
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = 0; // doArchitectureTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// Global Pointer
table_start = LEDword(current);
table_size = LEDword(current + 4); // should be zero
current = current + 8;
user_quit = 0; // doGlobalPtrTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// TLS
table_start = LEDword(current);
table_size = LEDword(current + 4);
current = current + 8;
user_quit = doTLSTable(ask_user, imageBase, table_start, table_size, DLL_name);
if((user_quit < 0) || (!number_of_tables--))
{
break;
}
///////////////////////////////////////////////////
// Load Config
table_start = LEDword(current);
table_size = LEDword(cur⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -