📄 peserv.c
字号:
///////////////////////////////////////////////////////////////////////////////
//
// FileName : PEServ.c
// Version : 0.10
// Author : Luo Cong
// Date : 2004-09-02 (yyyy-mm-dd)
// Comment :
//
///////////////////////////////////////////////////////////////////////////////
#include <windows.h>
#include <stdio.h>
#include "Misc.h"
#include "PEServ.h"
#include "MemServ.h"
#include "disasm.h"
int IsPEFile(
/* [in] */ const char *szFileName
)
{
int nRetResult = 0;
FILE *fp_in = NULL;
unsigned long ulPEHeaderOffset = 0;
unsigned short usMagic = 0; // should be "MZ", 0x5a4d
unsigned long ulPESignature = 0; // should be "PE", 0x4550
fp_in = fopen(szFileName, "rb");
if (NULL == fp_in)
{
printf(ErrMsg[ERR_OPEN_FILE], szFileName);
goto Exit0;
}
fread(&usMagic, 1, 2, fp_in);
if (0x5a4d != usMagic)
{
printf(ErrMsg[ERR_NOT_A_PE_FILE], szFileName);
goto Exit0;
}
fseek(fp_in, 0x3c, SEEK_SET);
fread(&ulPEHeaderOffset, 1, 4, fp_in);
fseek(fp_in, ulPEHeaderOffset, SEEK_SET);
fread(&ulPESignature, 1, 4, fp_in);
if (0x4550 != ulPESignature)
{
printf(ErrMsg[ERR_NOT_A_PE_FILE], szFileName);
goto Exit0;
}
nRetResult = 1;
Exit0:
if (fp_in)
{
fclose(fp_in);
fp_in = NULL;
}
return nRetResult;
}
unsigned long RVAToFileOffset(
/* [in] */ const unsigned long RVA
)
{
unsigned long ulOffset = 0;
const int nSizeOfImageNtHeaders = 0xf8;
const int nSizeOfSectionHeader = 0x28;
const long ulPEHeaderOffset = *(unsigned long *)&g_FileContents[0x3c];
const int nNumberOfSections =
*(unsigned short *)&g_FileContents[ulPEHeaderOffset + 0x06];
unsigned long ulVirtualAddress;
unsigned long ulSizeOfRawData;
unsigned long ulPointerToRawData;
int i;
for (i = 0; i < nNumberOfSections; ++i)
{
// 0x0c is the offset of VirtualAddress in IMAGE_SECTION_HEADER:
ulVirtualAddress =
*(unsigned int *)&g_FileContents[
ulPEHeaderOffset +
nSizeOfImageNtHeaders +
nSizeOfSectionHeader * i + 0x0c
];
// 0x10 is the offset of SizeOfRawData in IMAGE_SECTION_HEADER:
ulSizeOfRawData =
*(unsigned int *)&g_FileContents[
ulPEHeaderOffset +
nSizeOfImageNtHeaders +
nSizeOfSectionHeader * i +
0x10
];
if (RVA >= ulVirtualAddress)
{
if ((ulVirtualAddress + ulSizeOfRawData) > RVA)
{
// 0x14 is the offset of
// PointerToRawData in IMAGE_SECTION_HEADER:
ulPointerToRawData =
*(unsigned int *)&g_FileContents[
ulPEHeaderOffset +
nSizeOfImageNtHeaders +
nSizeOfSectionHeader * i +
0x14
];
ulOffset = RVA - ulVirtualAddress + ulPointerToRawData;
break;
}
}
}
return ulOffset;
}
/**
* Must call IsPEFile() & Initialize() first!
*/
int GetNTHeader(
/* [out] */ IMAGE_NT_HEADERS *nt_header
)
{
int nRetResult = 0;
unsigned long ulPEHeaderOffset = 0;
MY_PROCESS_ERROR(nt_header);
ulPEHeaderOffset = *(unsigned long *)&g_FileContents[0x3c];
*nt_header = *(IMAGE_NT_HEADERS *)&g_FileContents[ulPEHeaderOffset];
nRetResult = 1;
Exit0:
return nRetResult;
}
int GetImportFunctionName(
/* [in] */ const unsigned long ip,
/* [out] */ char *szFuncName
)
{
int nRetResult = 0;
int nRetCode;
unsigned long ulFileOffset;
char cmd[MAXCMDSIZE];
t_disasm da;
MY_PROCESS_ERROR(szFuncName);
szFuncName[0] = '\0';
nRetCode = ReadCommand(ip, MAXCMDSIZE, cmd);
MY_PROCESS_ERROR(nRetCode);
Disasm(cmd, MAXCMDSIZE, ip, &da, DISASM_CODE);
if (C_CAL != da.cmdtype)
goto Exit1;
if (0 != da.jmpconst)
{
nRetCode = ReadCommand(da.jmpconst, MAXCMDSIZE, cmd);
MY_PROCESS_ERROR(nRetCode);
Disasm(cmd, da.jmpconst, da.jmpconst, &da, DISASM_CODE);
}
if (0 == da.adrconst)
goto Exit1;
nRetCode = ReadCommand(da.adrconst, 4, cmd);
MY_PROCESS_ERROR(nRetCode);
ulFileOffset = RVAToFileOffset(*(unsigned long *)&cmd);
MY_PROCESS_ERROR(nRetCode);
ulFileOffset += 2;
strcpy(szFuncName, &g_FileContents[ulFileOffset]);
Exit1:
nRetResult = 1;
Exit0:
return nRetResult;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -