📄 dumprom.cpp
字号:
DWORD MemoryMap::GetDword(DWORD offset)
{
DWORD *p= (DWORD*)GetPtr(offset);
if (p==NULL)
return 0;
return *p;
}
void *MemoryMap::GetPtr(DWORD offset)
{
for (MemoryBlockVector::iterator i=m_blocks.begin() ; i!=m_blocks.end(); ++i)
{
if ((*i).InRange(offset)) {
return (*i).data+(offset-(*i).start);
}
}
printf("ERROR: could not find pointer for ofs %08lx\n", offset);
return NULL;
}
DWORD MemoryMap::GetOfs(void *ptr)
{
for (MemoryBlockVector::iterator i=m_blocks.begin() ; i!= m_blocks.end() ; ++i)
{
if ((*i).data <= ptr && ptr < (*i).data+(*i).length)
{
return ((BYTE*)ptr - (*i).data) + (*i).start;
}
}
printf("ERROR: could not find offset for ptr %08lx\n", (DWORD)ptr);
return 0;
}
DWORD MemoryMap::FirstAddress()
{
MemoryBlockVector::iterator i=m_blocks.begin();
return (*i).start;
}
DWORD MemoryMap::LastAddress()
{
MemoryBlockVector::reverse_iterator i=m_blocks.rbegin();
return (*i).end;
}
MemoryMapIterator MemoryMap::begin()
{
return MemoryMapIterator(m_blocks.begin(), m_blocks.end());
}
const MemoryMapIterator MemoryMap::end()
{
return MemoryMapIterator(m_blocks.end(), m_blocks.end());
}
// -----------------------------------------------------------------------------
// -----------------------------------------------------------------------------
MemRegion& MemRegions::MarkRange(DWORD start, DWORD end, const char *msg, ...)
{
va_list ap;
va_start(ap, msg);
MemRegion& r= MarkRegion_v(start, end-start, msg, ap);
va_end(ap);
return r;
}
MemRegion& MemRegions::MarkRegion(DWORD start, DWORD length, const char *msg, ...)
{
va_list ap;
va_start(ap, msg);
MemRegion& r= MarkRegion_v(start, length, msg, ap);
va_end(ap);
return r;
}
MemRegion& MemRegions::MarkRegion_v(DWORD start, DWORD length, const char *msg, va_list ap)
{
char msgbuf[1024];
_vsnprintf(msgbuf, 1024, msg, ap);
if (start==0) {
printf("start=0\n");
}
//printf("region %08lx-%08lx %s\n", start, length, msgbuf);
MemRegion *m= new MemRegion(start, start+length);
m->description= new string(msgbuf);
if (m->description==NULL)
{
printf("error allocating memory\n");
}
m_list.push_back(*m);
return *m;
}
void bytedump(DWORD start, DWORD end)
{
for (DWORD ofs= start; ofs<end ; ++ofs)
printf(" %02x", g_mem.GetByte(ofs));
}
string dworddumpasstring(DWORD start, DWORD end)
{
string s;
char buf[10];
for (DWORD ofs= start ; ofs<(end&~3) ; ofs+=4)
{
_snprintf(buf, 10, " %08lx", g_mem.GetDword(ofs));
s += buf;
}
return s;
}
void dworddump(DWORD start, DWORD end)
{
if (start&3)
{
bytedump(start, min(end, (start&~3)+4));
start= min(end, (start&~3)+4);
}
for (DWORD ofs= start ; ofs<(end&~3) ; ofs+=4)
printf(" %08lx", g_mem.GetDword(ofs));
if (end&3)
bytedump(end&~3, end);
}
void MemRegions::DumpMemoryMap()
{
sort(m_list.begin(), m_list.end());
DWORD offset= g_mem.FirstAddress();
for (MemRegionVector::iterator i=m_list.begin() ; i!=m_list.end() ; ++i)
{
if (offset < (*i).start) {
MemRegion m(offset, (*i).start);
if ( ((*i).start & 3)==0 && (*i).start - offset < 4)
{
if (g_verbose>0) {
printf("\t%08lx - %08lx L%08lx alignment", m.start, m.end, m.length);
if (m.FirstNonzero()!=m.end)
bytedump(m.start, m.end);
}
}
else
{
DWORD firstnz= max(m.start, m.FirstNonzero() & ~3);
DWORD lastnz= min(m.end, (m.LastNonzero() & ~3)+4);
if (firstnz==m.end)
printf("\n%08lx - %08lx L%08lx NUL", m.start, m.end, m.length);
else {
if (firstnz != m.start)
printf("\n%08lx - %08lx L%08lx NUL", m.start, firstnz, firstnz-m.start);
printf("\n%08lx - %08lx L%08lx unknown", firstnz, lastnz, lastnz-firstnz);
if (lastnz-firstnz<16)
bytedump(firstnz, lastnz);
else if (lastnz-firstnz<64)
dworddump(firstnz, lastnz);
if (lastnz != m.end)
printf("\n%08lx - %08lx L%08lx NUL", lastnz, m.end, m.end-lastnz);
}
}
}
else if (offset > (*i).start) {
printf("\n!!! overlap of %ld bytes\n", offset-(*i).start );
}
printf("\n%08lx - %08lx L%08lx %s", (*i).start, (*i).end, (*i).length, (*i).description->c_str());
offset= (*i).end;
}
if (offset<g_mem.LastAddress())
{
printf("\n%08lx - %08lx unknown", offset, g_mem.LastAddress());
}
printf("\n");
}
// -----------------------------------------------------------------------------
// -----------------------------------------------------------------------------
// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/PEHDR.H
struct info { /* Extra information header block */
unsigned long rva; /* Virtual relative address of info */
unsigned long size; /* Size of information block */
};
// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/ROMLDR.H
#define ROM_SIGNATURE_OFFSET 64
#define ROM_SIGNATURE 0x43454345
#define ROM_EXTRA 9
typedef struct e32_rom {
unsigned short e32_objcnt; /* Number of memory objects */
unsigned short e32_imageflags; /* Image flags */
unsigned long e32_entryrva; /* Relative virt. addr. of entry point */
unsigned long e32_vbase; /* Virtual base address of module */
unsigned short e32_subsysmajor;/* The subsystem major version number */
unsigned short e32_subsysminor;/* The subsystem minor version number */
unsigned long e32_stackmax; /* Maximum stack size */
unsigned long e32_vsize; /* Virtual size of the entire image */
unsigned long e32_sect14rva; /* section 14 rva */
unsigned long e32_sect14size; /* section 14 size */
struct info e32_unit[ROM_EXTRA]; /* Array of extra info units */
unsigned short e32_subsys; /* The subsystem type */
} e32_rom;
// o32_flags
#define IMAGE_SCN_COMPRESSED 0x00002000 // Section is compressed
typedef struct o32_rom {
unsigned long o32_vsize; /* Virtual memory size */
unsigned long o32_rva; /* Object relative virtual address */
unsigned long o32_psize; /* Physical file size of init. data */
unsigned long o32_dataptr; /* Image pages offset */
unsigned long o32_realaddr; /* pointer to actual */
unsigned long o32_flags; /* Attribute flags for the object */
} o32_rom;
typedef struct ROMHDR {
ULONG dllfirst; // first DLL address
ULONG dlllast; // last DLL address
ULONG physfirst; // first physical address
ULONG physlast; // highest physical address
ULONG nummods; // number of TOCentry's
ULONG ulRAMStart; // start of RAM
ULONG ulRAMFree; // start of RAM free space
ULONG ulRAMEnd; // end of RAM
ULONG ulCopyEntries; // number of copy section entries
ULONG ulCopyOffset; // offset to copy section
ULONG ulProfileLen; // length of PROFentries RAM
ULONG ulProfileOffset; // offset to PROFentries
ULONG numfiles; // number of FILES
ULONG ulKernelFlags; // optional kernel flags from ROMFLAGS .bib config option
ULONG ulFSRamPercent; // Percentage of RAM used for filesystem
// byte 0 = #4K chunks/Mbyte of RAM for filesystem 0-2Mbytes 0-255
// byte 1 = #4K chunks/Mbyte of RAM for filesystem 2-4Mbytes 0-255
// byte 2 = #4K chunks/Mbyte of RAM for filesystem 4-6Mbytes 0-255
// byte 3 = #4K chunks/Mbyte of RAM for filesystem > 6Mbytes 0-255
ULONG ulDrivglobStart; // device driver global starting address
ULONG ulDrivglobLen; // device driver global length
USHORT usCPUType; // CPU (machine) Type
USHORT usMiscFlags; // Miscellaneous flags
void *pExtensions; // pointer to ROM Header extensions
ULONG ulTrackingStart; // tracking memory starting address
ULONG ulTrackingLen; // tracking memory ending address
} ROMHDR;
// followed by nummods <TOCentry>'s
typedef struct TOCentry { // MODULE BIB section structure
DWORD dwFileAttributes;
FILETIME ftTime;
DWORD nFileSize;
LPSTR lpszFileName;
ULONG ulE32Offset; // Offset to E32 structure
ULONG ulO32Offset; // Offset to O32 structure
ULONG ulLoadOffset; // MODULE load buffer offset
} TOCentry, *LPTOCentry;
// followed by numfiles <TOCentry>'s
typedef struct FILESentry { // FILES BIB section structure
DWORD dwFileAttributes;
FILETIME ftTime;
DWORD nRealFileSize;
DWORD nCompFileSize;
LPSTR lpszFileName;
ULONG ulLoadOffset; // FILES load buffer offset
} FILESentry, *LPFILESentry;
typedef struct COPYentry {
ULONG ulSource; // copy source address
ULONG ulDest; // copy destination address
ULONG ulCopyLen; // copy length
ULONG ulDestLen; // copy destination length
// (zero fill to end if > ulCopyLen)
} COPYentry;
// from c:\local\wince420\PUBLIC/COMMON/OAK/INC/ROMLDR.H
#define MAX_ROM 32 // max numbler of XIPs
#define XIP_NAMELEN 32 // max name length of XIP
#define ROM_CHAIN_OFFSET 0x100 // offset for XIPCHAIN_INFO
typedef struct _XIPCHAIN_ENTRY {
LPVOID pvAddr; // address of the XIP
DWORD dwLength; // the size of the XIP
DWORD dwMaxLength; // the biggest it can grow to
USHORT usOrder; // where to put into ROMChain_t
USHORT usFlags; // flags/status of XIP
DWORD dwVersion; // version info
CHAR szName[XIP_NAMELEN]; // Name of XIP, typically the bin file's name, w/o .bin
DWORD dwAlgoFlags; // algorithm to use for signature verification
DWORD dwKeyLen; // length of key in byPublicKey
BYTE byPublicKey[596]; // public key data
} XIPCHAIN_ENTRY, *PXIPCHAIN_ENTRY;
typedef struct _XIPCHAIN_INFO {
DWORD cXIPs;
//
// may contain more than one entry, but we only need the address of first one
//
XIPCHAIN_ENTRY xipEntryStart;
} XIPCHAIN_INFO, *PXIPCHAIN_INFO;
#define PID_LENGTH 10
// pointed to by ROMHDR.pExtensions
typedef struct ROMPID {
union{
DWORD dwPID[PID_LENGTH]; // PID
struct {
char name[(PID_LENGTH - 4) * sizeof(DWORD)];
DWORD type;
PVOID pdata;
DWORD length;
DWORD reserved;
} s;
};
PVOID pNextExt; // pointer to next extension if any
} ROMPID, EXTENSION;
//----------------output structures [ how pe-exe files are structured ]
//
// file starts with IMAGE_DOS_HEADER
// 0000000: 5a4d 0090 0003 0000 0004 0000 ffff 0000 MZ..............
// 0000010: 00b8 0000 0000 0000 0040 0000 0000 0000 ........@.......
// 0000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
// 0000030: 0000 0000 0000 0000 0000 0000 000000c0 ................
//
// followed by some dummy code
// 0000040: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 ........!..L.!Th
// 0000050: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f is program canno
// 0000060: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 t be run in DOS
// 0000070: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 mode....$.......
//
// followed by something unknown
// 0000080: bf 1a f4 da fb 7b 9a 89 fb 7b 9a 89 fb 7b 9a 89 .....{...{...{..
// 0000090: fb 7b 9b 89 fa 7b 9a 89 66 5b ba 89 f8 7b 9a 89 .{...{..f[...{..
// 00000a0: 82 5a be 89 fa 7b 9a 89 52 69 63 68 fb 7b 9a 89 .Z...{..Rich.{..
// 00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
//
// followed by a 'e32_exe' struct
// followed by <e32_objcnt> 'o32_obj' structs
// followed by NUL's to align to next 512-byte boundary
// followed by data-sections, each NUL-padded to the next 512-byte boundary
//
// followed by the debug-directory
// also defined in c:\local\WINCE420\PUBLIC\COMMON\SDK\INC\winnt.h
#ifndef IMAGE_DOS_SIGNATURE
#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
WORD e_magic; // Magic number
WORD e_cblp; // Bytes on last page of file
WORD e_cp; // Pages in file
WORD e_crlc; // Relocations
WORD e_cparhdr; // Size of header in paragraphs
WORD e_minalloc; // Minimum extra paragraphs needed
WORD e_maxalloc; // Maximum extra paragraphs needed
WORD e_ss; // Initial (relative) SS value
WORD e_sp; // Initial SP value
WORD e_csum; // Checksum
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -