mergedll.cpp

[转载]嵌入到系统进程中,检查并报告主板型号

// MergeDll.cpp : Defines the entry point for the application.
//
#define WIN32_LEAN_AND_MEAN
#pragma comment ( linker,"/ALIGN:4096" )
#include <windows.h>
#include "resource.h"
#include <lmerr.h>
#include <stdio.h>

BOOL IsNT();
LPVOID lpImageDll2;
DWORD LoadPbDllFromMemory(LPVOID lpRawDll, LPVOID lpImageDll);
DWORD GetProcAddressDirectly(PIMAGE_DOS_HEADER dosHeader, char * FuncName);
DWORD UnloadPbDllFromMemory(PIMAGE_DOS_HEADER dosHeader);
void SetupResource(PIMAGE_DOS_HEADER dosHeader);
void DumpResourceSection(PBYTE pImageBase, PIMAGE_NT_HEADERS pNTHeader);
void DisplayErrorText( DWORD dwLastError );

//////////////////////////////////////////////////////////////////////////
#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr)+(DWORD)(addValue))
#define GetImgDirEntryRVA( pNTHdr, IDE ) \
(pNTHdr->OptionalHeader.DataDirectory[IDE].VirtualAddress)

#define GetImgDirEntrySize( pNTHdr, IDE ) \
(pNTHdr->OptionalHeader.DataDirectory[IDE].Size)

PIMAGE_SECTION_HEADER GetEnclosingSectionHeader(DWORD rva, PIMAGE_NT_HEADERS pNTHeader);
LPVOID GetPtrFromRVA( DWORD rva, PIMAGE_NT_HEADERS pNTHeader, PBYTE imageBase );
PBYTE pImageBase;

//////////////////////////////////////////////////////////////////////////
typedef char * (CALLBACK* LPFNDLLFUNC1)();
LPFNDLLFUNC1 lpfnDllFunc1;

typedef UINT (CALLBACK * LPENTRYPOINT) (HANDLE hInstance, DWORD Reason, LPVOID Reserved);
LPENTRYPOINT EntryPoint; // Function pointer

char * uReturnVal;

int APIENTRY WinMain(HINSTANCE hInstance,
					 HINSTANCE hPrevInstance,
					 LPSTR lpCmdLine,
					 int nCmdShow)
{
	// TODO: Place code here.
	LPVOID sRawDll;
	HRSRC hRes;
	
	HMODULE hLibrary;
	HGLOBAL hResourceLoaded;
	char lib_name[MAX_PATH];
	GetModuleFileName(hInstance, lib_name, MAX_PATH );
	hLibrary = LoadLibrary(lib_name);
	
	if (NULL != hLibrary)
	{
		hRes = FindResource(hLibrary, MAKEINTRESOURCE(IDR_DATA1), RT_RCDATA);
		if (NULL != hRes)
		{
			hResourceLoaded = LoadResource(hLibrary, hRes);
			if (NULL != hResourceLoaded) 
			{
				SizeofResource(hLibrary, hRes);
				sRawDll = (LPVOID)LockResource(hResourceLoaded);
			}
		}
		else return 1;
		FreeLibrary(hLibrary);
	}
	else return 1;
	
	try // 在错误处理中进行操作,一但发生错误,必须释放我们分配的内存
		// 以避免造成内存泄漏
	{
		lpImageDll2=NULL;
		LPVOID lpImageDll=NULL;
		
		// 从资源中载入 DLL 到内存
		if (LoadPbDllFromMemory(sRawDll, lpImageDll)) 
		{
			MessageBox(NULL,"Load Dll Failed!","",0);
			return 1;
		}
		
		// 取得要调用的函数的地址
		lpfnDllFunc1 = (LPFNDLLFUNC1)GetProcAddressDirectly((PIMAGE_DOS_HEADER)lpImageDll2, "getbios");
		
		if(lpfnDllFunc1==0)
		{
			MessageBox(NULL,"Could not get Function address!","",0);
			return 1;
		}
		
		// 调用 DLL 中的函数 getbios 来获取主板 ID
		uReturnVal = lpfnDllFunc1();
		
		if(strlen(uReturnVal)!=0)
		{
			MessageBox(NULL,uReturnVal,"your mainboard id!",0);
		}
		else 
			MessageBox(NULL,"getbios 返回值为 NULL",":(",0);
		
		UnloadPbDllFromMemory((PIMAGE_DOS_HEADER)lpImageDll2);
	}
	catch(...)
	{
		MessageBox(NULL,"Error occus!",":(",0);
		if(lpImageDll2!=NULL) VirtualFree(lpImageDll2,0, MEM_RELEASE);
	}
	return 0;
}

PIMAGE_SECTION_HEADER GetEnclosingSectionHeader(DWORD rva, PIMAGE_NT_HEADERS pNTHeader)
{
	PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(pNTHeader);
	unsigned i;
	
	for ( i=0; i < pNTHeader->FileHeader.NumberOfSections; i++, section++ )
	{
		DWORD size = section->Misc.VirtualSize;
		if ( 0 == size ) size = section->SizeOfRawData;
		if ( (rva >= section->VirtualAddress) && (rva < (section->VirtualAddress + size))) return section;
	}
	return 0;
}

LPVOID GetPtrFromRVA( DWORD rva, PIMAGE_NT_HEADERS pNTHeader, PBYTE imageBase )
{
	PIMAGE_SECTION_HEADER pSectionHdr;
	INT delta;
	
	pSectionHdr = GetEnclosingSectionHeader( rva, pNTHeader );
	if ( !pSectionHdr ) return 0;
	
	delta = (INT)(pSectionHdr->VirtualAddress-pSectionHdr->PointerToRawData);
	return (PVOID) ( imageBase + rva - delta );
}

void DisplayErrorText( DWORD dwLastError ) // 标准的错误处理函数
{
	HMODULE hModule = NULL; // default to system source
	LPSTR MessageBuffer;
	DWORD dwBufferLength;
	
	DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
		FORMAT_MESSAGE_IGNORE_INSERTS |
		FORMAT_MESSAGE_FROM_SYSTEM ;
	
	if(dwLastError >= NERR_BASE && dwLastError <= MAX_NERR) 
	{
		hModule = LoadLibraryEx(
			TEXT("netmsg.dll"),
			NULL,
			LOAD_LIBRARY_AS_DATAFILE
			);
		
		if(hModule != NULL)
			dwFormatFlags |= FORMAT_MESSAGE_FROM_HMODULE;
	}
	
	if(dwBufferLength = FormatMessageA(
		dwFormatFlags,
		hModule, // module to get message from (NULL == system)
		dwLastError,
		MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language
		(LPSTR) &MessageBuffer,
		0,
		NULL
		))
	{
		MessageBox(NULL,MessageBuffer,0,0);
		LocalFree(MessageBuffer);
	}
	if(hModule != NULL) FreeLibrary(hModule);
}

DWORD GetProcAddressDirectly(PIMAGE_DOS_HEADER dosHeader, char * FuncName)
{
	PIMAGE_NT_HEADERS pNTHeader;
	PIMAGE_EXPORT_DIRECTORY pExportDir;
	PWORD lpNameOrdinals;
	LPDWORD lpFunctions;
	DWORD * lpName;
	char * lpExpFuncName;
	DWORD i;
	DWORD j;
	char * lpFuncName;
	
	if(dosHeader->e_magic != IMAGE_DOS_SIGNATURE) return 0;
	
	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)dosHeader + dosHeader->e_lfanew);
	
	if (pNTHeader->Signature != IMAGE_NT_SIGNATURE) return 0;
	
	if ((pNTHeader->FileHeader.SizeOfOptionalHeader != sizeof(pNTHeader->OptionalHeader)) ||
		(pNTHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC))
		return 0;
	
	DWORD exportsStartRVA, exportsEndRVA;
	pImageBase = (PBYTE)dosHeader;
	
	// Make pointers to 32 and 64 bit versions of the header.
	pNTHeader = MakePtr( PIMAGE_NT_HEADERS, dosHeader,dosHeader->e_lfanew );
	
	exportsStartRVA = GetImgDirEntryRVA(pNTHeader,IMAGE_DIRECTORY_ENTRY_EXPORT);
	exportsEndRVA = exportsStartRVA +
		GetImgDirEntrySize(pNTHeader, IMAGE_DIRECTORY_ENTRY_EXPORT);
	
	// Get the IMAGE_SECTION_HEADER that contains the exports. This is
	// usually the .edata section, but doesn't have to be.
	PIMAGE_SECTION_HEADER header;
	header = GetEnclosingSectionHeader( exportsStartRVA, pNTHeader );
	if ( !header ) return 0;
	
	INT delta;
	delta = (INT)(header->VirtualAddress - header->PointerToRawData);
	pExportDir = (PIMAGE_EXPORT_DIRECTORY)GetPtrFromRVA(exportsStartRVA, pNTHeader, pImageBase);
	
	
	pExportDir =(PIMAGE_EXPORT_DIRECTORY) (pNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
	
	if (pExportDir == 0)
	{
		MessageBox(NULL,"Error in GetProcAddressDirectly()",0,0);
		return 0;
	}
	
	pExportDir =(PIMAGE_EXPORT_DIRECTORY) ((DWORD)pExportDir + (DWORD)dosHeader);
	lpNameOrdinals =(PWORD)((DWORD)pExportDir->AddressOfNameOrdinals + (DWORD)dosHeader);
	lpName =(LPDWORD) (pExportDir->AddressOfNames + (DWORD)dosHeader);
	lpFunctions =(LPDWORD) (pExportDir->AddressOfFunctions + (DWORD)dosHeader);
	lpFuncName = FuncName;
	
	if(HIWORD(lpFuncName)!=0 )
	{
		for( i = 0;i<=pExportDir->NumberOfFunctions - 1;i++)
		{
			DWORD entryPointRVA = *lpFunctions;
			
			if ( entryPointRVA == 0 ) continue; // Skip over gaps in exported function
			
			for( j = 0;j<=pExportDir->NumberOfNames-1;j++)
			{
				if( lpNameOrdinals[j] == i)
				{
					lpExpFuncName = (char *) (lpName[j] + (DWORD)dosHeader);
					if(strcmp((char *)lpExpFuncName,(char *)FuncName)==0)
						return (DWORD) (lpFunctions[i] + (DWORD)dosHeader);
				}
			}
		}
	}
	else
	{
		for (i = 0 ;i<=pExportDir->NumberOfFunctions - 1;i++)
		{
			if (lpFuncName == (char *)(pExportDir->Base + i))
			{
				if (lpFunctions[i]) return (unsigned long) (lpFunctions[i] + dosHeader);
			}
		}
	}
	return 0;
}

DWORD LoadPbDllFromMemory(LPVOID lpRawDll, LPVOID lpImageDll)
{
	SYSTEM_INFO sSysInfo;