📄 pe_explorer1.asm
字号:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; PE_EXPLORER code use Win32ASM & by HERX
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; PE_EXPLORER.asm
; 为了更好的学习PE文件格式,用汇编写一个简单的查看PE文件信息的工具
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 使用 nmake 或下列命令进行编译和链接:
; ml /c /coff PE_EXPLORER.asm
; rc PE_EXPLORER.rc
; Link /subsystem:windows PE_EXPLORER.obj PE_EXPLORER.res
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include comctl32.inc
includelib comctl32.lib
include comdlg32.inc
includelib comdlg32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;结构定义
_MAPFILE_STRUCT STRUCT
hFile DWORD ?
hMapFile DWORD ?
ImageBase DWORD ?
lpPEHeader DWORD ?
dwFilesize DWORD ?
_MAPFILE_STRUCT ENDS
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 等值定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;******************************************************
;图标
;******************************************************
IDI_ICON_PE_EXPLORER equ 131
IDI_ICON_SMALL equ 132
;******************************************************
;对话框
;******************************************************
IDD_DIALOG_MAIN equ 101
IDD_DIALOG_PEHEADER equ 102
IDD_DIALOG_ABOUT equ 103
IDD_DIALOG_SECTION equ 105
IDD_DATADIR_DLG equ 104
IDD_DIALOG_IMPORT equ 107
IDC_BUTTON_CONVERTER equ 1035
IDC_BUTTON_OK equ 1036
IDC_BUTTON1 equ 1037
;******************************************************
;主对话框按钮
IDC_EDIT_FILEPATH equ 1000
IDC_BUTTON_OPEN equ 1001
IDC_BUTTON_PEHEADER equ 1002
IDC_BUTTON_SECTION equ 1003
IDC_BUTTON_IMPORT equ 1005
IDC_BUTTON_EXPORTS equ 1007
IDC_BUTTON_DATADIR equ 1009
IDC_BUTTON_EXIT equ 1012
IDC_BUTTON_ABOUT equ 1013
;******************************************************
;PE Header
IDC_EDIT_ENTRYPOINT equ 1014
IDC_EDIT_IMAGEBASE equ 1015
IDC_EDIT_CODEBASE equ 1016
IDC_EDIT_DATABASE equ 1017
IDC_EDIT_IMAGESIZE equ 1018
IDC_EDIT_HEADERSIZE equ 1019
IDC_EDIT_SECTALIG equ 1020
IDC_EDIT_FILEALIG equ 1021
IDC_EDIT_SUBSYSTEM equ 1022
IDC_EDIT_CHECKSUM equ 1023
IDC_EDIT_DLLFLAG equ 1024
IDC_EDIT_MACHINE equ 1025
IDC_EDIT_NUMSECTION equ 1026
IDC_EDIT_TIMEDATA equ 1027
IDC_EDIT_PSYMTABLE equ 1028
IDC_EDIT_NUMSYMBOLS equ 1029
IDC_EDIT_OPTHAEDSIZE equ 1030
IDC_EDIT_CHARACTER equ 1031
IDC_EDIT_ORIGINALSRVA equ 1032
IDC_EDIT_OFFSET equ 1033
IDC_BUTTON_CONVERTER equ 1035
IDC_LIST_SECTION equ 1040
;DataDirectory
IDC_EDIT_DD_RVA_EXPORT equ 1041
IDC_EDIT_DD_RVA_IMPORT equ 1042
IDC_EDIT_DD_RVA_RES equ 1043
IDC_EDIT_DD_RVA_EXCEPTION equ 1044
IDC_EDIT_DD_RVA_SECURITY equ 1045
IDC_EDIT_DD_RVA_RELOC equ 1046
IDC_EDIT_DD_RVA_DEBUG equ 1047
IDC_EDIT_DD_RVA_COPYRIGHT equ 1048
IDC_EDIT_DD_RVA_GP equ 1049
IDC_EDIT_DD_RVA_TLS equ 1050
IDC_EDIT_DD_RVA_LOADCONFIG equ 1051
IDC_EDIT_DD_RVA_IAT equ 1052
IDC_EDIT_DD_RVA_BOUND equ 1053
IDC_EDIT_DD_RVA_COM equ 1054
IDC_EDIT_DD_RVA_DELAYIMPORT equ 1055
IDC_EDIT_DD_RVA_NOUSE equ 1056
IDC_EDIT_DD_SIZE_EXPORT equ 1057
IDC_EDIT_DD_SIZE_IMPORT equ 1058
IDC_EDIT_DD_SZIE_RES equ 1059
IDC_EDIT_DD_SZIE_EXCEPTION equ 1060
IDC_EDIT_DD_SIZE_SECURITY equ 1061
IDC_EDIT_DD_SIZE_RELOC equ 1062
IDC_EDIT_DD_SIZE_DEBUG equ 1063
IDC_EDIT_DD_SIZE_COPYRIGHT equ 1064
IDC_EDIT_DD_SIZE_GP equ 1065
IDC_EDIT_DD_SIZE_TLS equ 1066
IDC_EDIT_DD_SIZE_LOADCONFIG equ 1067
IDC_EDIT_DD_SIZE_IAT equ 1068
IDC_EDIT_DD_SIZE_BOUND equ 1069
IDC_EDIT_DD_SIZE_COM equ 1070
IDC_EDIT_DD_SIZE_DELAYIMPORT equ 1071
IDC_EDIT_DD_SIZE_NOUSE equ 1072
IDC_OK equ 1073
IDC_EDIT_EXPORT equ 1074
;Export
IDD_DIALOG_EXPORT equ 1074
IDC_RICHEDIT_EXPORT equ 1041
IDD_DIALOG_TEMPEXPORT equ 111
IDD_DIALOG_EXPORT1 equ 113
;import
IDC_LIST1_IMPORT equ 1087
IDC_LIST2_IMPORTFUN equ 1088
;******************************************************
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
;******************************************************
hFile dd ? ;打开文件句柄
stMapFile _MAPFILE_STRUCT <?>
szFileName db MAX_PATH dup (?)
;对话框句柄
hInstance dd ? ;模块句柄
hPEHeaderInstance dd ? ;PEHeader句柄
hMainDlgInstance dd ? ;主对话框句柄
hSection dd ? ;节表对话框句柄
hExportDlg dd ? ;输出表对话框句柄
;******************************************************
.const
szHint1 db '--',0
szFont db '宋体',0
szFmtchar db '%s',0
szFmtHex1 db "%04x",0
szFmtHex db "%08lx",0
szCaption db 'by herx',0
szFilter db 'PE Files(*.exe;*.dll)',0,'*.exe;*.dll',0,'All Files(*.*)',0,'*.*',0,0
szOpenFileErrorMsg db '打开文件错误',0
szErr db '文件格式错误!',0
szErrFormat db '这个文件不是PE格式的文件!',0
szErrNoImport db '这个文件没有导入函数',0
;******************************************************
; SectionTable列表框
ColumTitle1 db "Name",0
ColumTitle2 db "Virtual Size",0
ColumTitle3 db "Virtual Offset",0
ColumTitle4 db "Raw Size",0
ColumTitle5 db "Raw Offset",0
ColumTitle6 db "Characteristics",0
ColumTitle7 db "Hint/Name Array",0
ColumTitle8 db "Hint",0
ColumTitle9 db "Name",0
ColumTitle10 db "Import Address Table",0
;******************************************************
;输出表
szExport db '------------------------------------------------',0dh,0ah
db '导出表所处的节:%s',0dh,0ah
db '------------------------------------------------',0dh,0ah
db '原始文件名 %s',0dh,0ah
db 'nBase %08X',0dh,0ah
db 'NumberOfFunctions %08X',0dh,0ah
db 'NumberOfNames %08X',0dh,0ah
db 'AddressOfFunctions %08X',0dh,0ah
db 'AddressOfNames %08X',0dh,0ah
db 'AddressOfNameOrd %08X',0dh,0ah
db '------------------------------------------------',0dh,0ah
db '导出序号 虚拟地址 导出函数名称',0dh,0ah
db '------------------------------------------------',0dh,0ah,0
szFunName db '%08X %08X %s',0dh,0ah,0
szExportByOrd db '(按照序号导出)',0
szErrNoExport db '这个文件中没有导出函数!',0
szNotFound db '无法查找',0
CRLF db 0Dh,0Ah,0
;输出表
szDllName db 'DllName',0
szOriginal db 'OriginalFirstThunk',0
szTime db 'TimeDateStamp',0
szForward db 'ForwarderChain',0
szname db 'Name',0
szFirst db 'FirstThunk',0
szThunkRVA db 'ThunkRVA',0
szThunkValue db 'ThunkValue',0
szHint db 'Hint',0
szAPIName db 'APIName',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;***********************************************************
include function.asm
include ExportDlg.asm
include ShowPEHeaderinfo1.asm
include SectionDlg.asm
include DataDirectoryDlg.asm
include ImportDlg.asm
;************************************************************
_OpenFile proc hWnd
local @stOF:OPENFILENAME
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hWnd
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov @stOF.lpstrFile,offset szFileName
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_PATHMUSTEXIST or OFN_FILEMUSTEXIST
invoke GetOpenFileName,addr @stOF
.if ! eax
jmp @F
.endif
invoke SetDlgItemText,hWnd,IDC_EDIT_FILEPATH,OFFSET szFileName
invoke GetDlgItem,hWnd,IDC_BUTTON_SECTION
invoke EnableWindow,eax,TRUE
invoke GetDlgItem,hWnd,IDC_BUTTON_IMPORT
invoke EnableWindow,eax,TRUE
invoke GetDlgItem,hWnd,IDC_BUTTON_EXPORTS
invoke EnableWindow,eax,TRUE
invoke GetDlgItem,hWnd,IDC_BUTTON_DATADIR
invoke EnableWindow,eax,TRUE
invoke GetDlgItem,hWnd,IDC_BUTTON_PEHEADER
invoke EnableWindow,eax,TRUE
@@:
ret
_OpenFile endp
; This is a small Procedure for the about dialog box
_ProcDlgAbout PROC hDlg,wMsg,wParam,lParam
mov eax,wMsg
cmp eax,WM_CLOSE
jz _closeabout
cmp eax,WM_COMMAND
jz _command
xor eax,eax
ret
_command:
mov eax,wParam
cmp ax,IDC_BUTTON_OK
jz _closeabout
_closeabout:
invoke EndDialog,hDlg,0
ret
_ProcDlgAbout endp
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
mov eax,hWnd
mov hMainDlgInstance,eax
invoke LoadIcon,hInstance,IDI_ICON_PE_EXPLORER
invoke SendMessage,hWnd,WM_SETICON,ICON_SMALL,eax
invoke InitCommonControls
invoke GetDlgItem,hWnd,IDC_BUTTON_SECTION
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_BUTTON_IMPORT
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_BUTTON_EXPORTS
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_BUTTON_DATADIR
invoke EnableWindow,eax,FALSE
invoke GetDlgItem,hWnd,IDC_BUTTON_PEHEADER
invoke EnableWindow,eax,FALSE
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_BUTTON_EXIT
invoke SendMessage,hWnd,WM_CLOSE,NULL,NULL
ret
.elseif ax == IDC_BUTTON_ABOUT
invoke DialogBoxParam,hInstance,IDD_DIALOG_ABOUT,hWnd,offset _ProcDlgAbout,NULL
ret
.elseif ax == IDC_BUTTON_IMPORT
invoke DialogBoxParam,hInstance,IDD_DIALOG_IMPORT,hWnd,offset _ProcDlgImport,NULL
ret
.elseif ax == IDC_BUTTON_EXPORTS
invoke DialogBoxParam,hInstance,IDD_DIALOG_EXPORT1,hMainDlgInstance,offset _ProcDlgExport,NULL
ret
.elseif ax == IDC_BUTTON_DATADIR
invoke DialogBoxParam,hInstance,IDD_DATADIR_DLG,hMainDlgInstance,addr _ProcDlgDATADIR,NULL
ret
.elseif ax == IDC_BUTTON_SECTION
invoke DialogBoxParam,hInstance,IDD_DIALOG_SECTION,hMainDlgInstance,addr _ProcDlgSection,NULL
ret
.elseif ax == IDC_BUTTON_OPEN
invoke _OpenFile,hWnd
ret
.elseif ax == IDC_BUTTON_PEHEADER
invoke DialogBoxParam,hInstance,IDD_DIALOG_PEHEADER,hMainDlgInstance,addr _ProcDlgPEHeader,NULL
ret
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,0
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DIALOG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -