📄 chap8-1-5.htm.primary
字号:
buffer db 512 dup(?) <br>
hFile dd ? <br>
hMapping dd ? <br>
pMapping dd ? <br>
ValidPE dd ? <br>
NumberOfSections dd ? <br>
<br>
.code <br>
start proc <br>
LOCAL seh:SEH <br>
invoke GetModuleHandle,NULL <br>
mov hInstance,eax <br>
mov ofn.lStructSize,SIZEOF ofn <br>
mov ofn.lpstrFilter, OFFSET FilterString <br>
mov ofn.lpstrFile, OFFSET buffer <br>
mov ofn.nMaxFile,512 <br>
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES
or OFN_EXPLORER or OFN_HIDEREADONLY <br>
invoke GetOpenFileName, ADDR ofn <br>
.if eax==TRUE <br>
invoke CreateFile, addr buffer, GENERIC_READ,
FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL <br>
.if eax!=INVALID_HANDLE_VALUE <br>
mov hFile, eax <br>
invoke CreateFileMapping, hFile,
NULL, PAGE_READONLY,0,0,0 <br>
.if eax!=NULL <br>
mov hMapping,
eax <br>
invoke MapViewOfFile,hMapping,FILE_MAP_READ,0,0,0
<br>
.if eax!=NULL
<br>
mov
pMapping,eax <br>
assume fs:nothing <br>
push fs:[0] <br>
pop seh.PrevLink <br>
mov seh.CurrentHandler,offset SEHHandler <br>
mov seh.SafeOffset,offset FinalExit <br>
lea eax,seh <br>
mov fs:[0], eax <br>
mov seh.PrevEsp,esp <br>
mov seh.PrevEbp,ebp <br>
mov edi, pMapping <br>
assume edi:ptr IMAGE_DOS_HEADER <br>
.if [edi].e_magic==IMAGE_DOS_SIGNATURE <br>
add edi, [edi].e_lfanew <br>
assume
edi:ptr IMAGE_NT_HEADERS <br>
.if [edi].Signature==IMAGE_NT_SIGNATURE <br>
mov ValidPE, TRUE <br>
.else
<br>
mov ValidPE, FALSE <br>
.endif <br>
.else <br>
mov
ValidPE,FALSE <br>
.endif <br>
FinalExit: <br>
push
seh.PrevLink <br>
pop fs:[0] <br>
.if ValidPE==TRUE <br>
call ShowSectionInfo <br>
.else <br>
invoke MessageBox, 0, addr FileInValidPE, addr AppName, MB_OK+MB_ICONINFORMATION
<br>
.endif <br>
invoke UnmapViewOfFile, pMapping <br>
.else <br>
invoke MessageBox, 0, addr FileMappingError, addr AppName, MB_OK+MB_ICONERROR
<br>
.endif <br>
invoke CloseHandle,hMapping
<br>
.else <br>
invoke MessageBox, 0,
addr FileOpenMappingError, addr AppName, MB_OK+MB_ICONERROR <br>
.endif <br>
invoke CloseHandle, hFile <br>
.else <br>
invoke MessageBox, 0, addr FileOpenError,
addr AppName, MB_OK+MB_ICONERROR <br>
.endif <br>
.endif <br>
invoke ExitProcess, 0 <br>
invoke InitCommonControls <br>
start endp <br>
<br>
SEHHandler proc uses edx pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
<br>
mov edx,pFrame <br>
assume edx:ptr SEH <br>
mov eax,pContext <br>
assume eax:ptr CONTEXT <br>
push [edx].SafeOffset <br>
pop [eax].regEip <br>
push [edx].PrevEsp <br>
pop [eax].regEsp <br>
push [edx].PrevEbp <br>
pop [eax].regEbp <br>
mov ValidPE, FALSE <br>
mov eax,ExceptionContinueExecution <br>
ret <br>
SEHHandler endp <br>
<br>
DlgProc proc uses edi esi hDlg:DWORD, uMsg:DWORD, wParam:DWORD, lParam:DWORD
<br>
LOCAL lvc:LV_COLUMN <br>
LOCAL lvi:LV_ITEM <br>
.if uMsg==WM_INITDIALOG <br>
mov esi, lParam <br>
mov lvc.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH
or LVCF_SUBITEM <br>
mov lvc.fmt,LVCFMT_LEFT <br>
mov lvc.lx,80 <br>
mov lvc.iSubItem,0 <br>
mov lvc.pszText,offset SectionName <br>
invoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,0,addr
lvc inc lvc.iSubItem <br>
mov lvc.fmt,LVCFMT_RIGHT <br>
mov lvc.pszText,offset VirtualSize <br>
invoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,1,addr
lvc <br>
inc lvc.iSubItem <br>
mov lvc.pszText,offset VirtualAddress <br>
invoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,2,addr
lvc <br>
inc lvc.iSubItem <br>
mov lvc.pszText,offset SizeOfRawData <br>
invoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,3,addr
lvc <br>
inc lvc.iSubItem <br>
mov lvc.pszText,offset RawOffset <br>
invoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,4,addr
lvc <br>
inc lvc.iSubItem <br>
mov lvc.pszText,offset Characteristics <br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -