📄 format.c
字号:
printf( MSG_PE_INITDATASIZE , exeFile->pexHdr.init_data_size,
exeFile->pexHdr.init_data_size );
printf( MSG_PE_UNINITDATASIZE , exeFile->pexHdr.uninit_data_size,
exeFile->pexHdr.uninit_data_size );
printf( MSG_PE_ENTRYRVA , exeFile->pexHdr.entry_rva );
printf( MSG_PE_CODEBASE , exeFile->pexHdr.code_base );
printf( MSG_PE_DATABASE , exeFile->pexHdr.data_base );
printf( MSG_PE_IMAGEBASE , exeFile->pexHdr.image_base );
printf( MSG_PE_OBJECTALIGN , exeFile->pexHdr.object_align );
printf( MSG_PE_FILEALIGN , exeFile->pexHdr.file_align );
printf( MSG_PE_OSMAJOR , exeFile->pexHdr.os_major );
printf( MSG_PE_OSMINOR , exeFile->pexHdr.os_minor );
printf( MSG_PE_USERMAJOR , exeFile->pexHdr.user_major );
printf( MSG_PE_USERMINOR , exeFile->pexHdr.user_minor );
printf( MSG_PE_SUBSYSMAJOR , exeFile->pexHdr.subsys_major );
printf( MSG_PE_SUBSYSMINOR , exeFile->pexHdr.subsys_minor );
printf( MSG_PE_RSVD1 , exeFile->pexHdr.rsvd1 );
printf( MSG_PE_IMAGESIZE , exeFile->pexHdr.image_size );
printf( MSG_PE_HEADERSIZE , exeFile->pexHdr.header_size );
printf( MSG_PE_FILECHECKSUM , exeFile->pexHdr.file_checksum );
printf( MSG_PE_SUBSYSTEM , exeFile->pexHdr.subsystem );
for( i = 1; i <= ss_masks_table[0]; i++ ) {
if( exeFile->pexHdr.subsystem == ss_masks_table[i] ) {
printf( MSG_PE_SUBSYSTEMTEXT, ss_flags_labels[i] );
break;
}
}
if( i > ss_masks_table[0] ) {
printf( MSG_PE_SUBSYSTEMNOTRECOGNIZED );
}
printf( MSG_PE_DLLFLAGS , exeFile->pexHdr.dll_flags );
printFlags( exeFile->pexHdr.dll_flags,
dll_masks_table, dll_flags_labels,
MSG_PE_DLLFLAGSINDENT );
printf( MSG_PE_STACKRESERVESIZE , exeFile->pexHdr.stack_reserve_size );
printf( MSG_PE_STACKCOMMITSIZE , exeFile->pexHdr.stack_commit_size );
printf( MSG_PE_HEAPRESERVESIZE , exeFile->pexHdr.heap_reserve_size );
printf( MSG_PE_HEAPCOMMITSIZE , exeFile->pexHdr.heap_commit_size );
printf( MSG_PE_TLSIDXADDR , exeFile->pexHdr.tls_idx_addr );
printf( MSG_PE_NUMTABLES , exeFile->pexHdr.num_tables );
printf( "\n\n" );
}
}
void printResObject( ExeFile *exeFile, Parameters *param )
/*********************************************************/
{
if( param->dumpResObjectInfo ) {
printf( MSG_RESOBJ_HEADING );
printRuler( true, false, param );
printf( MSG_RESOBJ_VIRTUALSIZE, exeFile->resObj.virtual_size );
printf( MSG_RESOBJ_RVA, exeFile->resObj.rva );
printf( MSG_RESOBJ_PHYSICALSIZE, exeFile->resObj.physical_size );
printf( MSG_RESOBJ_PHYSICALOFFSET, exeFile->resObj.physical_offset );
printf( MSG_RESOBJ_RELOCSRVA, exeFile->resObj.relocs_rva );
printf( MSG_RESOBJ_LINNUMRVA, exeFile->resObj.linnum_rva );
printf( MSG_RESOBJ_NUMRELOCS, exeFile->resObj.num_relocs );
printf( MSG_RESOBJ_NUMLINNUMS, exeFile->resObj.num_linnums );
printf( MSG_RESOBJ_FLAGS, exeFile->resObj.flags );
printFlags( exeFile->resObj.flags,
obj_masks_table, obj_flags_labels,
MSG_RESOBJ_FLAGSINDENT );
printf( "\n" );
printHexDump( exeFile->resObjAddr, sizeof( pe_object ),
exeFile, param );
printf( "\n" );
printRuler( true, false, param );
printf( "\n\n" );
}
}
void printTableContents( ResTableEntry *table, ExeFile *exeFile,
Parameters *param, long int addr, int depth )
/*********************************************************************/
{
int i;
int entriesCount;
printIndent( false, param );
printf( LBL_DIRHEADER );
printf( ": " );
if( param->dumpOffsets ) {
printf( "0x%-8.8X ", addr );
}
if( param->dumpHexHeaders ) {
printHexBytes( addr, sizeof( resource_dir_header ), exeFile );
}
printRuler( true, true, param );
if( param->dumpInterpretation ) {
printIndent( false, param );
printf( MSG_TABLE_TIMESTAMP, table->header.time_stamp );
printIndent( false, param );
printf( MSG_TABLE_MAJOR, table->header.major );
printIndent( false, param );
printf( MSG_TABLE_MINOR, table->header.minor );
printIndent( false, param );
printf( MSG_TABLE_NUMNAMEENTRIES, table->header.num_name_entries,
table->header.num_name_entries );
printIndent( false, param );
printf( MSG_TABLE_NUMIDENTRIES, table->header.num_id_entries,
table->header.num_id_entries );
printIndent( false, param );
printf( MSG_TABLE_FLAGS, table->header.flags );
/* interpretation of flags: flags field currently always
set to 0. */
}
printf( "\n" );
entriesCount = table->header.num_name_entries + table->header.num_id_entries;
indentMore( 1 );
for( i = 0; i < entriesCount; i++ ) {
printDirContents( &table->dirs[ i ], exeFile, param,
addr + sizeof( resource_dir_header )
+ sizeof( resource_dir_entry ) * i,
depth + 1 );
}
indentLess( 1 );
printf( "\n" );
}
void printDirContents( ResDirEntry *dir, ExeFile *exeFile,
Parameters *param, long int addr, int depth )
/********************************************************************/
{
int i;
if( depth == 1 && param->specificType &&
param->specificTypeID != dir->dir.id_name ) {
return;
}
printIndent( false, param );
printf( LBL_DIRENTRY );
printf( ": " );
if( param->dumpOffsets ) {
printf( "0x%-8.8X ", addr );
}
if( param->dumpHexHeaders ) {
printHexBytes( addr, sizeof( resource_dir_entry ), exeFile );
}
printRuler( true, true, param );
if( param->dumpInterpretation ) {
printIndent( false, param );
if( dir->nameID == NAME ) {
printf( MSG_DIR_NAME );
for( i = 0; i < dir->nameSize; i++ ) {
printf( "%1s", &dir->name[ i ] );
}
printIndent( true, param );
printf( MSG_DIR_NAMEADDRESS, getDirNameAbs( dir, exeFile ) );
printIndent( false, param );
printf( MSG_DIR_NAMESIZE, dir->nameSize );
} else {
printf( MSG_DIR_ID, dir->dir.id_name );
if( depth == 1 && dir->dir.id_name < RT_COUNT ) {
printIndent( false, param );
printf( MSG_DIR_IDTYPE, resTypes[ dir->dir.id_name ] );
}
}
printIndent( false, param );
printf( MSG_DIR_ENTRYRVA, dir->dir.entry_rva & PE_RESOURCE_MASK );
}
printf( "\n" );
if( dir->entryType == TABLE ) {
printTableContents( dir->table, exeFile, param,
getDirChildAbs( dir, exeFile ), depth );
} else {
printDataContents( dir->data, exeFile, param,
getDirChildAbs( dir, exeFile ) );
}
printf( "\n" );
}
void printDataContents( ResDataEntry *data, ExeFile *exeFile,
Parameters *param, long int addr )
/***********************************************************/
{
printIndent( false, param );
printf( LBL_DATAENTRY );
printf( ": " );
if( param->dumpOffsets ) {
printf( "0x%-8.8X ", addr );
}
if( param->dumpHexHeaders ) {
printHexBytes( addr, sizeof( resource_entry ), exeFile );
}
printRuler( true, true, param );
if( param->dumpInterpretation ) {
printIndent( false, param );
printf( MSG_DATA_RVA, getResDataRva( data, exeFile ) );
printIndent( false, param );
printf( MSG_DATA_SIZE, data->entry.size, data->entry.size );
printIndent( false, param );
printf( MSG_DATA_CODEPAGE, data->entry.code_page );
printIndent( false, param );
printf( MSG_DATA_RSVD, data->entry.rsvd );
}
printf( "\n" );
if( param->dumpHexData ) {
printHexDump( getResDataAbs( data, exeFile ),
(size_t) data->entry.size,
exeFile, param );
}
}
void printHexBytes( long int addr, size_t length, ExeFile *exeFile )
/********************************************************************/
{
long int prevPos;
unsigned_8 *buffer;
size_t count;
int i;
count = (size_t) (length / sizeof( unsigned_8 ) );
buffer = (unsigned_8 *) malloc( count );
if( buffer != NULL ) {
prevPos = ftell( exeFile->file );
if( fseek( exeFile->file, addr, SEEK_SET ) == 0 ) {
if( fread( buffer, sizeof( unsigned_8 ), count, exeFile->file ) == count ) {
for( i = 0; i < count; i++ ) {
printf( "%2.2X ", buffer[ i ] );
}
free( buffer );
fseek( exeFile->file, prevPos, SEEK_SET );
return;
}
}
}
free( (void *) buffer );
fseek( exeFile->file, prevPos, SEEK_SET );
printf( ERR_FORMAT_CANNOT_DUMP_HEX );
}
bool isPrintable( unsigned_8 buffer )
/************************************/
{
if( buffer == '\0' ||
buffer == '\n' ||
buffer == '\r' ||
buffer == '\f' ||
buffer == '\t' ||
buffer == '\v' ||
buffer == '\b' ||
buffer == '\a' ) {
return( false );
} else {
return( true );
}
}
void printHexLine( long int lower, long int upper, ExeFile *exeFile,
const char *mask, const char *emptyMask,
const char *unprintableMask, bool testPrintable,
bool splitAtEight )
/********************************************************************/
{
long int prevPos;
unsigned_8 buffer;
long int i;
prevPos = ftell( exeFile->file );
if( fseek( exeFile->file, ( lower / 16L ) * 16L, SEEK_SET ) ) {
printf( ERR_FORMAT_CANNOT_DUMP_HEX );
printf( "\n" );
return;
}
for( i = 0; i < 16; i++ ) {
if( fread( &buffer, sizeof( unsigned_8 ),
1, exeFile->file ) != 1 ) {
printf( ERR_FORMAT_CANNOT_DUMP_HEX );
printf( "\n" );
return;
}
if( i == 8 && splitAtEight ) {
printf( " " );
}
if( i + lower < upper ) {
if( i < lower % 16L ) {
printf( emptyMask );
} else {
if( !testPrintable || isPrintable( buffer ) ) {
printf( mask, buffer );
} else {
printf( unprintableMask );
}
}
} else {
printf( emptyMask );
}
}
fseek( exeFile->file, prevPos, SEEK_SET );
}
void printHexDump( long int addr, size_t length, ExeFile *exeFile,
Parameters *param )
/*****************************************************************/
{
long int i;
for( i = addr; i < addr + length; i = ( i / 16L + 1L ) * 16 ) {
if( param->hexIndentSpaces == -1 ) {
printIndent( false, param );
} else {
printf( "%*s", param->hexIndentSpaces, "" );
}
printf( "0x%8.8X ", i );
printHexLine( i, addr + length, exeFile,
"%2.2X ", "-- ", "", false, true );
printf( " " );
printHexLine( i, addr + length, exeFile,
"%c", " ", ".", true, false );
printf( "\n" );
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -