📄 showpeheaderinfo1.asm
字号:
_ShowNTHeaderinfo proc _lpFILE,_lpPEHeader
local @szbuffer[64]:byte
push esi
xor esi,esi
mov esi,_lpPEHeader
assume esi:ptr IMAGE_NT_HEADERS
;显示FileHeader
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Machine
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_MACHINE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.NumberOfSections
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_NUMSECTION,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.TimeDateStamp
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_TIMEDATA,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.PointerToSymbolTable
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_PSYMTABLE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.NumberOfSymbols
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_NUMSYMBOLS,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.SizeOfOptionalHeader
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_OPTHAEDSIZE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Characteristics
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_CHARACTER,addr @szbuffer
;显示OptionHeaderInfo
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.AddressOfEntryPoint
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_ENTRYPOINT,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.ImageBase
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_IMAGEBASE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfCode
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_CODEBASE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfData
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_DATABASE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfImage
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_IMAGESIZE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfHeaders
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_HEADERSIZE,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SectionAlignment
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_SECTALIG,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.FileAlignment
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_FILEALIG,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.Subsystem
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_SUBSYSTEM,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.CheckSum
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_CHECKSUM,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.DllCharacteristics
invoke SetDlgItemText,hPEHeaderInstance,IDC_EDIT_DLLFLAG,addr @szbuffer
assume esi:nothing
pop esi
ret
_ShowNTHeaderinfo endp
_Convert proc hWnd
local @szbuffer[64]:byte,@bTranslated:byte
invoke GetDlgItemInt,hWnd,IDC_EDIT_ORIGINALSRVA,addr @bTranslated,FALSE
invoke _RVAToOffset,stMapFile.lpPEHeader,eax
invoke wsprintf,addr @szbuffer,addr szFmtHex,eax
invoke SetDlgItemText,hWnd,IDC_EDIT_OFFSET,addr @szbuffer
ret
_Convert endp
;查看PEHeader对话框
_ProcDlgPEHeader proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
mov eax,hWnd
mov hPEHeaderInstance,eax
invoke LoadIcon,hInstance,IDI_ICON_PE_EXPLORER
invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax
invoke InitCommonControls
invoke _UnLoadFile,offset stMapFile
invoke _LoadIsPEFile,offset szFileName,offset stMapFile,hWnd
invoke _ShowNTHeaderinfo,stMapFile.ImageBase,stMapFile.lpPEHeader
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_BUTTON1
invoke EndDialog,hWnd,NULL
ret
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgPEHeader endp
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -