📄 myhiew.cpp
字号:
// myHiew.cpp : Defines the entry point for the DLL application.
//
#include "stdafx.h"
#include <stdio.h>
#include <map>
#include <string>
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
return TRUE;
}
#define getdata(buf,pos,len) {if(fseek(fh,pos,0))return 0;if(fread(buf,1,len,fh)!=len)return 0;}
#define getvalue(var,pos) getdata(&var,pos,sizeof(var))
#define getstring(buf,pos) {if(fseek(fh,pos,0))return 0;if(!fgets(buf,sizeof(buf),fh))return 0;}
static IMAGE_DOS_HEADER DOSHeader;
static IMAGE_NT_HEADERS NTHeader;
static IMAGE_SECTION_HEADER*pSecHeader;
static FILE*fh;
//addbyme
static bool bLocked = false;
//addbyme
HANDLE hConsoleOut;
HANDLE hConsoleIn;
using namespace std;
map <string,DWORD> LableMap;
void (*MsgOut)(char*msg)=(void(*)(char*))0x4249C0;
DWORD (*GetInput)(void)=(DWORD(*)(void))0x4244A0;
IMAGE_SECTION_HEADER*GetSecHeaderByRVA(DWORD RVA)
{
int nSec=NTHeader.FileHeader.NumberOfSections;
for(int i=0;i<nSec;i++)
{
if((RVA>=pSecHeader[i].VirtualAddress)&&(RVA<(pSecHeader[i].VirtualAddress+pSecHeader[i].SizeOfRawData)))
{
return &pSecHeader[i];
}
}
return 0;
}
IMAGE_SECTION_HEADER*GetSecHeaderByFO(DWORD FO) //File Offset
{
int nSec=NTHeader.FileHeader.NumberOfSections;
for(int i=0;i<nSec;i++)
{
if((FO>=pSecHeader[i].PointerToRawData)&&(FO<(pSecHeader[i].PointerToRawData+pSecHeader[i].SizeOfRawData)))
{
return &pSecHeader[i];
}
}
return 0;
}
IMAGE_SECTION_HEADER*GetSecHeaderByVA(DWORD VA)
{
DWORD RVA=VA-NTHeader.OptionalHeader.ImageBase;
return GetSecHeaderByRVA(RVA);
}
DWORD RVAtoOfs(DWORD RVA)
{
IMAGE_SECTION_HEADER*pSection=GetSecHeaderByRVA(RVA);
if(pSection)return RVA-pSection->VirtualAddress+pSection->PointerToRawData;
return 0xFFFFFFFF;
}
DWORD VAtoOfs(DWORD VA)
{
return RVAtoOfs(VA-NTHeader.OptionalHeader.ImageBase);
}
DWORD VAtoFixedOfs(DWORD VA,DWORD srcaddr)
{
DWORD addr=VA;
IMAGE_SECTION_HEADER*pSrcSecHeader=GetSecHeaderByFO(srcaddr);
if(!pSrcSecHeader)return 0xFFFFFFFF;
if(!GetSecHeaderByVA(addr))return 0xFFFFFFFF;
//fd=fs-vs+vd=vd-(vs-fs)=vd-((srcVirtualBase+ImageBase)-srcFileBase)
addr=addr-(pSrcSecHeader->VirtualAddress+NTHeader.OptionalHeader.ImageBase-pSrcSecHeader->PointerToRawData);
return addr;
}
DWORD RVAtoFixedOfs(DWORD VA,DWORD srcaddr)
{
return VAtoFixedOfs(VA+NTHeader.OptionalHeader.ImageBase,srcaddr);
}
DWORD GetThunkByName(char*dll,char*api)
{
strlwr(api);
IMAGE_IMPORT_DESCRIPTOR IID;
int nIID=0;
getvalue(IID,RVAtoOfs(NTHeader.OptionalHeader.DataDirectory[1].VirtualAddress));
while(IID.Name)
{
char dllname[50];
getstring(dllname,RVAtoOfs(IID.Name));
strlwr(dllname);
if(dll)
{
if(strstr(dllname,".dll"))
*strstr(dllname,".dll")=0;
strlwr(dll);
if(strcmp(dll,dllname))
{
nIID++;
getvalue(IID,RVAtoOfs(NTHeader.OptionalHeader.DataDirectory[1].VirtualAddress)+sizeof(IMAGE_IMPORT_DESCRIPTOR)*nIID);
continue;
}
}
DWORD thunk;
int nThunk=0;
getvalue(thunk,RVAtoOfs(IID.FirstThunk+nThunk*4));
if(RVAtoOfs(thunk+2)==0xFFFFFFFF)
getvalue(thunk,RVAtoOfs(IID.OriginalFirstThunk+nThunk*4));
while(thunk)
{
char apiname[50];
if(!(thunk&IMAGE_ORDINAL_FLAG32))
{
getstring(apiname,RVAtoOfs(thunk+2));
strlwr(apiname);
//WritePrivateProfileString("Debug",api,apiname,".\\Debug.ini");
if(!strcmp(api,apiname))return IID.FirstThunk+nThunk*4;
}
nThunk++;
getvalue(thunk,RVAtoOfs(IID.FirstThunk+nThunk*4));
if(RVAtoOfs(thunk+2)==0xFFFFFFFF)
getvalue(thunk,RVAtoOfs(IID.OriginalFirstThunk+nThunk*4));
}
nIID++;
getvalue(IID,RVAtoOfs(NTHeader.OptionalHeader.DataDirectory[1].VirtualAddress)+sizeof(IMAGE_IMPORT_DESCRIPTOR)*nIID);
}
return 0;
}
BOOL ReadPE(char*path)
{
//Read DOSHeader PEHeader SectionHeader
pSecHeader=NULL;
fh=NULL;
fh=fopen(path,"rb");
if(!fh)return 0;
getvalue(DOSHeader,0);
getvalue(NTHeader,DOSHeader.e_lfanew);
int nSec=NTHeader.FileHeader.NumberOfSections;
pSecHeader=new IMAGE_SECTION_HEADER[nSec];
getdata(pSecHeader,sizeof(IMAGE_NT_HEADERS)+DOSHeader.e_lfanew,sizeof(IMAGE_SECTION_HEADER)*nSec);
return 1;
}
BOOL ClosePE()
{
if(pSecHeader)delete []pSecHeader;
if(fh)fclose(fh);
return 1;
}
BOOL ConvertIns(char*srcins,int srcaddr)
{
char tmp[100];
char sign[100];
char ins[100];
char operand[500];
int len=strlen(srcins);
int i;
strcpy(tmp,srcins);
for(i=0;i<len;i++)if(tmp[i]==0x20)tmp[i]=0;
i=0;
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto getsign;
i++;
}
goto invalid;
getsign:
strcpy(sign,tmp+i);
i+=strlen(tmp+i);
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto getins;
i++;
}
goto invalid;
getins:
strcpy(ins,tmp+i);
i+=strlen(tmp+i);
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto getoperand;
i++;
}
goto invalid;
getoperand:
strcpy(operand,tmp+i);
i+=strlen(tmp+i);
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto invalid;
i++;
}
goto termin;
termin:
strlwr(sign);
if(!strcmp(sign,"ofslb"))
{
if(!strlen(operand))goto invalid;
strlwr(operand);
map<string,DWORD>::iterator mi=LableMap.find(operand);
if(mi==LableMap.end())goto invalid;
DWORD addr=mi->second;
addr=VAtoFixedOfs(addr,srcaddr);
if(addr==0xFFFFFFFF)goto invalid;
sprintf(tmp,"%s 0%x",ins,addr);
goto valid;
}
if(!strcmp(sign,"valb"))
{
if(!strlen(operand))goto invalid;
strlwr(operand);
map<string,DWORD>::iterator mi=LableMap.find(operand);
if(mi==LableMap.end())goto invalid;
sprintf(tmp,"%s 0%x",ins,mi->second);
goto valid;
}
if(!strcmp(sign,"rva"))
{
int j=strlen(operand);
for(i=0;i<j;i++)
{
if(!isxdigit(operand[i]))goto invalid;
}
DWORD addr;
sscanf(operand,"%x",&addr);
addr=RVAtoFixedOfs(addr,srcaddr);
if(addr==0xFFFFFFFF)goto invalid;
sprintf(tmp,"%s 0%x",ins,addr);
goto valid;
}
if(!strcmp(sign,"va"))
{
int j=strlen(operand);
for(i=0;i<j;i++)
{
if(!isxdigit(operand[i]))goto invalid;
}
DWORD addr;
sscanf(operand,"%x",&addr);
addr=VAtoFixedOfs(addr,srcaddr);
if(addr==0xFFFFFFFF)goto invalid;
sprintf(tmp,"%s 0%x",ins,addr);
goto valid;
}
if(!strcmp(sign,"api"))
{
char*ptoken=strchr(operand,'.');
char dll[50];
char api[50];
DWORD thunk;
if(ptoken)
{
if(strchr(ptoken+1,'.'))goto invalid;
*ptoken=0;
strcpy(dll,operand);
strcpy(api,ptoken+1);
thunk=GetThunkByName(dll,api);
if(thunk)
{
sprintf(tmp,"%s d,[0%x]",ins,thunk+NTHeader.OptionalHeader.ImageBase);
goto valid;
}
}
else
{
thunk=GetThunkByName(NULL,operand);
if(thunk)
{
sprintf(tmp,"%s d,[0%x]",ins,thunk+NTHeader.OptionalHeader.ImageBase);
goto valid;
}
}
goto invalid;
}
goto invalid;
valid:
strcpy(srcins,tmp);
return 1;
invalid:
return 0;
}
BOOL GetCallAddr(char*str,DWORD srcaddr)
{
if(isdigit(*str)) // VA
{
DWORD addr=0xFFFFFFFF;
sscanf(str,"%X",&addr);
addr=VAtoFixedOfs(addr,srcaddr);
if(addr==0xFFFFFFFF)return 0;
sprintf(str,"0%X",addr);
return 1;
}
DWORD thunk=GetThunkByName(NULL,str);
if(thunk) //API
{
sprintf(str,"d,[0%x]",thunk+NTHeader.OptionalHeader.ImageBase);
return 1;
}
//Lable
strlwr(str);
map<string,DWORD>::iterator mi=LableMap.find(str);
if(mi==LableMap.end())return 0;
DWORD addr=mi->second;
addr=VAtoFixedOfs(addr,srcaddr);
if(addr==0xFFFFFFFF)return 0;
sprintf(str,"0%X",addr);
return 1;
}
#define ifins(a) if(!strcmp(ins,a))
int myAsmEng(char*srcins,char*buf,int unknow,int srcaddr)
{
//addbyme
bLocked = true;
//addbyme
int (*AsmEng)(char*srcins,char*buf,int unknow,int srcaddr);
AsmEng=(int (__cdecl *)(char *,char *,int,int))0x0410320;
int MyRet=-1;
char srcins_bak[100];
strcpy(srcins_bak,srcins);
char*path=*(char**)(0x441D44);
if(!path)goto invalid;
if(!ReadPE(path))
{
ClosePE();
goto invalid;
}
ConvertIns(srcins,srcaddr);
strcpy(srcins_bak,srcins);
char tmp[100];
char ins[100];
char operand[500];
int len;
len=strlen(srcins);
int i;
strcpy(tmp,srcins);
for(i=0;i<len;i++)if(tmp[i]==0x20)tmp[i]=0;
i=0;
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto getins;
i++;
}
goto invalid;
getins:
strcpy(ins,tmp+i);
i+=strlen(tmp+i);
while(*(srcins+i))
{
if(*(srcins+i)!=0x20)goto getoperand;
i++;
}
goto getoperand;
getoperand:
strcpy(operand,srcins+i);
goto valid;
valid:
strlwr(ins);
//addbyme
//char nonename[100];
//nonename[0]=':';
//strcpy(nonename+1,ins);
//MsgOut(nonename);
//addbyme
ifins("codexor") // codexor len,key
{
if(!strlen(operand))goto invalid;
if(!strchr(operand,','))goto invalid;
char*ptok=strchr(operand,',');
*ptok=0;
DWORD len=0x200;
DWORD key=0;
sscanf(operand,"%X",&len);
sscanf(ptok+1,"%X",&key);
if((len>0x100)||(!len))goto invalid;
len=len/4;
if(fseek(fh,srcaddr,0))goto invalid;
DWORD*databuf=new DWORD[len];
if(fread(databuf,4,len,fh)!=len)
{
delete []databuf;
goto invalid;
}
int i;
for(i=0;i<len;i++)
*((DWORD*)buf+i)=databuf[i] ^ key;
MyRet=len*4;
goto end;
}
ifins("asc")
{
int lenoperand=strlen(operand);
if(!lenoperand)goto invalid;
strcpy(buf,operand);
MyRet=strlen(operand)+1;
goto end;
}
ifins("cinvoke")
{
char paramtbl[10][100];
int nParam=0;
char*param=strtok(operand,"/");
while(param&&(nParam<10))
{
strcpy(paramtbl[nParam],param);
param=strtok(NULL,"/");
nParam++;
}
nParam--;
if(nParam==0)goto invalid;
if(!GetCallAddr(paramtbl[0],srcaddr))goto invalid;
int npush=nParam;
int ndata=0;
char curins[100];
int AsmEngRet;
map<string,DWORD>::iterator mi;
while(nParam)
{
strlwr(paramtbl[nParam]);
switch(paramtbl[nParam][0])
{
case '@':
mi=LableMap.find(¶mtbl[nParam][1]);
if(mi==LableMap.end())
sprintf(curins,"push %s",paramtbl[nParam]);
else
sprintf(curins,"push 0%x",mi->second);
break;
case '*':
mi=LableMap.find(¶mtbl[nParam][1]);
if(mi==LableMap.end())
sprintf(curins,"push %s",paramtbl[nParam]);
else
sprintf(curins,"push d,[0%x]",mi->second);
break;
default:
sprintf(curins,"push %s",paramtbl[nParam]);
break;
}
AsmEngRet=AsmEng(curins,buf+ndata,0x7FFF,srcaddr+ndata);
if(AsmEngRet>0)
ndata+=AsmEngRet;
else
//addbyme
{
bLocked = false;
return AsmEngRet;
}
//addbyme
nParam--;
}
sprintf(curins,"call %s",paramtbl[0]);
AsmEngRet=AsmEng(curins,buf+ndata,0x7FFF,srcaddr+ndata);
if(AsmEngRet>0)
ndata+=AsmEngRet;
else
{
MyRet=AsmEngRet;
goto end;
}
if(npush>1)
{
sprintf(curins,"add esp,0%x",npush*4);
AsmEngRet=AsmEng(curins,buf+ndata,0x7FFF,srcaddr+ndata);
if(AsmEngRet>0)
ndata+=AsmEngRet;
else
{
MyRet=AsmEngRet;
goto end;
}
}
//addbyme
bLocked = false;
//addbyme
return ndata;
}
ifins("sinvoke")
{
char paramtbl[10][100];
int nParam=0;
char*param=strtok(operand,"/");
while(param&&(nParam<10))
{
strcpy(paramtbl[nParam],param);
param=strtok(NULL,"/");
nParam++;
}
nParam--;
if(nParam==0)goto invalid;
if(!GetCallAddr(paramtbl[0],srcaddr))goto invalid;
int npush=nParam;
int ndata=0;
char curins[100];
int AsmEngRet;
map<string,DWORD>::iterator mi;
while(nParam)
{
strlwr(paramtbl[nParam]);
switch(paramtbl[nParam][0])
{
case '@':
mi=LableMap.find(¶mtbl[nParam][1]);
if(mi==LableMap.end())
sprintf(curins,"push %s",paramtbl[nParam]);
else
sprintf(curins,"push 0%x",mi->second);
break;
case '*':
mi=LableMap.find(¶mtbl[nParam][1]);
if(mi==LableMap.end())
sprintf(curins,"push %s",paramtbl[nParam]);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -