analydlg.cpp

EXE文件格式分析:包括调用文件

// AnalyDlg.cpp : implementation file
//

#include "stdafx.h"
#include "Analy.h"
#include "AnalyDlg.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CAnalyDlg dialog

CAnalyDlg::CAnalyDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CAnalyDlg::IDD, pParent)
{
	//{{AFX_DATA_INIT(CAnalyDlg)
		// NOTE: the ClassWizard will add member initialization here
	//}}AFX_DATA_INIT
	// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CAnalyDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	//{{AFX_DATA_MAP(CAnalyDlg)
	DDX_Control(pDX, IDC_LIST1, m_List);
	//}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAnalyDlg, CDialog)
	//{{AFX_MSG_MAP(CAnalyDlg)
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	ON_BN_CLICKED(IDC_LoadFile, OnLoadFile)
	ON_BN_CLICKED(IDC_Dos_Head, OnDosHead)
	ON_BN_CLICKED(IDC_Directory, OnDirectory)
	ON_BN_CLICKED(IDC_Offset, OnOffset)
	ON_BN_CLICKED(IDC_SECTION, OnSection)
	ON_BN_CLICKED(IDC_Character, OnCharacter)
	ON_BN_CLICKED(IDC_Entry, OnEntry)
	ON_LBN_SELCHANGE(IDC_LIST1, OnSelchangeList1)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CAnalyDlg message handlers

BOOL CAnalyDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon
		ptr=NULL;
		inf="";
		m_List.SetItemHeight(0,30);
	// TODO: Add extra initialization here
	
	return TRUE;  // return TRUE  unless you set the focus to a control
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CAnalyDlg::OnPaint() 
{   
	CPaintDC dc(this); 
	if (IsIconic())
	{
		// device context for painting

		SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}

}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CAnalyDlg::OnQueryDragIcon()
{
	return (HCURSOR) m_hIcon;
}

void CAnalyDlg::OnLoadFile() 
{
if(ptr)delete []ptr;
char szFilter[] = "选择可执行文件(*.exe)|*.exe||";
CFileDialog file(TRUE,NULL,NULL,NULL,szFilter,this);
file.DoModal();	
fileName=file.GetPathName();
if(fileName==""||(fileName.Find(".exe")==-1)){
	AfxMessageBox("无可执行文件名");
	return;}
if(!fp.Open(fileName,CFile::modeRead)){
	AfxMessageBox("不可对其读");	
	return;}
len=fp.GetLength();
ptr=new BYTE[len];
if(!ptr){
  AfxMessageBox("内存不够!");
  return;
}
DWORD l1=fp.ReadHuge(ptr,len);
fp.Close();
CString inf;
inf.Format("文件长度=%X  实读长度=%X",len,l1);
AfxMessageBox(inf);
}

void CAnalyDlg::OnDosHead() 
{
if(!ptr)return;
m_List.ResetContent();
memmove(&dos_header,ptr,sizeof(dos_header));
CString inf1;
inf1.Format("DOS可执行文件标记        %c%c  ",dos_header.e_magic,dos_header.e_magic>>8);
m_List.AddString(inf1);
inf1.Format("DOS代码的初始化堆栈段    ss=%4XH",dos_header.e_ss);
m_List.AddString(inf1);
inf1.Format("DOS代码的初始化堆栈指针  sp=%4XH",dos_header.e_sp);
m_List.AddString(inf1);
inf1.Format("DOS代码的入口段地址      cs=%4XH",dos_header.e_cs);
m_List.AddString(inf1);
inf1.Format("DOS代码的入口偏移地址    cs=%4XH",dos_header.e_ip);
m_List.AddString(inf1);
inf1.Format("DOS头指向PE文件头位置    cs=%4XH",dos_header.e_lfanew);
m_List.AddString(inf1);

inf1.Format("-------PE文件头结构-------:");
m_List.AddString(inf1);
memmove(&nt_header,ptr+dos_header.e_lfanew,sizeof(nt_header));
inf1.Format("PE文件标志-------:%c%c%c%c",
			         nt_header.Signature,
			         nt_header.Signature>>8,
					 (nt_header.Signature>>16)==0? 0x20:(nt_header.Signature>>16),
					 (nt_header.Signature>>24)==0? 0x20:(nt_header.Signature>>24));
m_List.AddString(inf1);
inf+="PE文件运行平台:";

switch(nt_header.FileHeader.Machine){
case 0:
	inf1="未知(0)";
	break;
case 0x014c:
	inf1="INTEL(014cH)";
	break;
//default:;
}

inf1+="";
m_List.AddString(inf1);
inf1.Format("PE文件的节数目: %d",nt_header.FileHeader.NumberOfSections);
m_List.AddString(inf1);
inf1="PE该程序:";
WORD ch=nt_header.FileHeader.Characteristics;
if(ch&IMAGE_FILE_EXECUTABLE_IMAGE)inf1+="可执行-";
if(ch&IMAGE_FILE_32BIT_MACHINE)inf1+="只在32未平台运行-";
if(ch&IMAGE_FILE_DLL)inf1+="这是DLL文件";
m_List.AddString(inf1);
inf+="";

inf1.Format("-------PE IMAGE_OPTION_HEADER 结构-------:");
m_List.AddString(inf1);
inf1.Format("所有含代码节的总大小: 0x %X",nt_header.OptionalHeader.SizeOfCode);
m_List.AddString(inf1);
inf1.Format("所有含已初始化数据节的大小: 0x %X",nt_header.OptionalHeader.SizeOfInitializedData);
m_List.AddString(inf1);
inf1.Format("所有含未初始化数据节的大小: 0x %X",nt_header.OptionalHeader.SizeOfUninitializedData);
m_List.AddString(inf1);
inf1.Format("程序执行入口 RVA:   0x %X",nt_header.OptionalHeader.AddressOfEntryPoint);
m_List.AddString(inf1);
inf1.Format("代码的节起始 RVA:   0x %X",nt_header.OptionalHeader.BaseOfCode);
m_List.AddString(inf1);
inf1.Format("数据的节起始 RVA:   0x %X",nt_header.OptionalHeader.BaseOfData);
m_List.AddString(inf1);
inf1.Format("程序的建议装载地址:0x %X",nt_header.OptionalHeader.ImageBase);
m_List.AddString(inf1);
inf1.Format("内存中节的对齐单位:0x %X",nt_header.OptionalHeader.SectionAlignment);
m_List.AddString(inf1);
inf1.Format("文件中节的对齐单位:0x %X",nt_header.OptionalHeader.FileAlignment);
m_List.AddString(inf1);
inf1.Format("内存中整个文件映像尺寸:0x %X",nt_header.OptionalHeader.SizeOfImage);
m_List.AddString(inf1);
inf1.Format("所有头+节表的大小:0x %X",nt_header.OptionalHeader.SizeOfHeaders);
m_List.AddString(inf1);
inf1.Format("程序效验值:       0x %X",nt_header.OptionalHeader.CheckSum);
m_List.AddString(inf1);
}

void CAnalyDlg::OnDirectory() 
{
if(!ptr)return;
m_List.ResetContent();