📄 ollydump.c
字号:
Sendshortcut(PM_MAIN,0,WM_KEYDOWN,1,0,VK_F12); // Trace over
break;
}
return TRUE;
}
BOOL SaveDump(HWND hWnd)
{
int i;
OPENFILENAME ofn;
HANDLE hFile,hHeap;
LPBYTE lpDumpData;
DWORD dwFrom,dwSize,dwAccBytes;
PIMAGE_DOS_HEADER idosh;
PIMAGE_NT_HEADERS ipeh;
PIMAGE_SECTION_HEADER isech;
dwFrom = PEFileInfo.dwImageBase;
dwSize = PEFileInfo.dwSizeOfImage;
hHeap = HeapCreate(HEAP_NO_SERIALIZE,1,0);
lpDumpData = HeapAlloc(hHeap,HEAP_NO_SERIALIZE | HEAP_ZERO_MEMORY,dwSize);
dwSize = Readmemory(lpDumpData,dwFrom,dwSize,MM_RESTORE);
idosh = (PIMAGE_DOS_HEADER)lpDumpData;
if(idosh->e_magic != IMAGE_DOS_SIGNATURE) {
MessageBox(hwmain,"Bad DOS Signature!!",PNAME,MB_OK | MB_ICONEXCLAMATION);
HeapFree(hHeap,HEAP_NO_SERIALIZE,lpDumpData);
return FALSE;
}
ipeh = (PIMAGE_NT_HEADERS)(lpDumpData + idosh->e_lfanew);
if(ipeh->Signature != IMAGE_NT_SIGNATURE) {
MessageBox(hwmain,"Bad PE Signature!!",PNAME,MB_OK | MB_ICONEXCLAMATION);
HeapFree(hHeap,HEAP_NO_SERIALIZE,lpDumpData);
return FALSE;
}
ipeh->FileHeader.NumberOfSections = PEFileInfo.woNumOfSect;
ipeh->OptionalHeader.ImageBase = PEFileInfo.dwImageBase;
ipeh->OptionalHeader.SizeOfImage = PEFileInfo.dwSizeOfImage;
ipeh->OptionalHeader.BaseOfCode = PEFileInfo.dwBaseOfCode;
ipeh->OptionalHeader.BaseOfData = PEFileInfo.dwBaseOfData;
ipeh->OptionalHeader.AddressOfEntryPoint = PEFileInfo.dwAddrOfEP;
isech = IMAGE_FIRST_SECTION(ipeh);
if(blFixSect) {
for(i=0; i<(int)PEFileInfo.woNumOfSect; i++) {
strcpy((isech+i)->Name,(lpSectInfo+i)->byName);
(isech+i)->Misc.VirtualSize = (lpSectInfo+i)->dwVSize;
(isech+i)->VirtualAddress = (lpSectInfo+i)->dwVOffset;
(isech+i)->SizeOfRawData = (lpSectInfo+i)->dwRSize;
(isech+i)->PointerToRawData = (lpSectInfo+i)->dwROffset;
(isech+i)->Characteristics = (lpSectInfo+i)->dwCharacteristics;
}
}
memset(szFileName,0,sizeof(szFileName));
memset(szFile,0,sizeof(szFile));
memset(&ofn, 0, sizeof(OPENFILENAME));
ofn.lStructSize = sizeof(OPENFILENAME);
ofn.hwndOwner = hWnd;
ofn.lpstrFilter = "Executable file(*.exe)\0*.exe\0All files(*.*)\0*.*\0\0";
ofn.lpstrFile = szFileName;
ofn.lpstrFileTitle = szFile;
ofn.nMaxFile = MAX_PATH;
ofn.lpstrInitialDir = szWorkPath;
ofn.Flags = OFN_OVERWRITEPROMPT | OFN_HIDEREADONLY;
ofn.lpstrDefExt = "exe";
ofn.lpstrTitle = "Save Dump to File";
if(GetSaveFileName(&ofn)) {
hFile = CreateFile(szFileName, GENERIC_READ | GENERIC_WRITE, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if(hFile != INVALID_HANDLE_VALUE) {
SetFilePointer(hFile, 0, 0, FILE_BEGIN);
WriteFile(hFile, lpDumpData, dwSize, &dwAccBytes, NULL);
CloseHandle(hFile);
}
}
HeapFree(hHeap,HEAP_NO_SERIALIZE,lpDumpData);
Broadcast(WM_USER_CHALL,0,0);
if(blRebuild) {
switch(iRebMethod) {
case 1:
RebuildImport(szFileName);
break;
case 2:
RebuildITDeluxe(szFileName,1);
break;
default:
break;
}
}
return 0;
}
LRESULT CALLBACK OptDlgProc(HWND hDlgWnd, UINT msg, WPARAM wp, LPARAM lp)
{
switch (msg) {
case WM_INITDIALOG:
SendMessage(GetDlgItem(hDlgWnd, IDC_CHK_ANIMATION),BM_SETCHECK,(WPARAM)SearchAnimation, 0L);
SendMessage(GetDlgItem(hDlgWnd, IDC_CHK_SEARCHLOG),BM_SETCHECK,(WPARAM)SearchLog , 0L);
SetDlgItemInt(hDlgWnd,IDC_EDT_ANIMWAIT,AnimationWait,FALSE);
break;
case WM_COMMAND:
switch (LOWORD(wp)) {
break;
case IDOK:
SearchAnimation = ((IsDlgButtonChecked(hDlgWnd,IDC_CHK_ANIMATION) == BST_CHECKED) ? 1 : 0);
SearchLog = ((IsDlgButtonChecked(hDlgWnd,IDC_CHK_SEARCHLOG) == BST_CHECKED) ? 1 : 0);
AnimationWait = GetDlgItemInt(hDlgWnd,IDC_EDT_ANIMWAIT,NULL,FALSE);
EndDialog(hDlgWnd, IDOK);
break;
case IDCANCEL:
EndDialog(hDlgWnd, IDCANCEL);
break;
}
break;
default:
return FALSE;
break;
}
return TRUE;
}
/*
LRESULT CALLBACK DatDirDlgProc(HWND hDlgWnd, UINT msg, WPARAM wp, LPARAM lp)
{
switch (msg) {
case WM_INITDIALOG:
break;
case WM_COMMAND:
switch (LOWORD(wp)) {
break;
case IDOK:
EndDialog(hDlgWnd, IDOK);
break;
case IDCANCEL:
EndDialog(hDlgWnd, IDCANCEL);
break;
}
break;
default:
return FALSE;
break;
}
return TRUE;
}
*/
LRESULT CALLBACK SecLstDlgProc(HWND hList, UINT msg, WPARAM wp, LPARAM lp)
{
POINT pt;
LV_ITEM item;
LPBYTE stop;
HMENU hMenu,hSubMenu;
int nItem,id;
char buf[TEXTLEN];
switch (msg) {
case WM_RBUTTONDOWN:
pt.x = LOWORD(lp);
pt.y = HIWORD(lp);
hMenu = LoadMenu(hinst, MAKEINTRESOURCE(IDM_SECTLIST));
hSubMenu = GetSubMenu(hMenu, 0);
ClientToScreen(hList, &pt);
TrackPopupMenu(hSubMenu, TPM_LEFTALIGN, pt.x, pt.y, 0, hList, NULL);
DestroyMenu(hMenu);
break;
case WM_LBUTTONDBLCLK:
SendMessage(hList,WM_COMMAND,(WPARAM)IDM_EDITSECT,0);
break;
case WM_COMMAND:
switch (LOWORD(wp)) {
case IDM_EDITSECT:
nItem = ListView_GetNextItem(hList,(-1),LVNI_ALL|LVNI_SELECTED);
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 0;
ListView_GetItem(hList, &item);
wsprintf(SectInfoWrk.byName,"%s",buf);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 1;
ListView_GetItem(hList, &item);
SectInfoWrk.dwVSize = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 2;
ListView_GetItem(hList, &item);
SectInfoWrk.dwVOffset = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 3;
ListView_GetItem(hList, &item);
SectInfoWrk.dwRSize = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 4;
ListView_GetItem(hList, &item);
SectInfoWrk.dwROffset = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 5;
ListView_GetItem(hList, &item);
SectInfoWrk.dwCharacteristics = strtoul(buf,&stop,16);
id = DialogBox(hinst,MAKEINTRESOURCE(IDD_EDITSECT),hList,(DLGPROC)SecEdtDlgProc);
if(id == IDOK) {
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
item.pszText = SectInfoWrk.byName;
item.iItem = nItem;
item.iSubItem = 0;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",SectInfoWrk.dwVSize);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 1;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",SectInfoWrk.dwVOffset);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 2;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",SectInfoWrk.dwRSize);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 3;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",SectInfoWrk.dwROffset);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 4;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
item.pszText = buf;
item.iItem = nItem;
item.iSubItem = 5;
ListView_SetItem(hList, &item);
}
break;
/*
case IDM_ADDSECT:
MessageBox(hList,"Add Section","DEBUG",MB_OK);
break;
case IDM_DELSECT:
while(1) {
nItem = ListView_GetNextItem(hList,-1,LVNI_ALL | LVNI_SELECTED);
if (nItem == -1) {
break;
}
ListView_DeleteItem(hList, nItem);
}
MessageBox(hList,"Delete Section","DEBUG",MB_OK);
break;
*/
default:
break;
}
default:
break;
}
return (CallWindowProc((WNDPROC)SecLstDlgProcOrg, hList, msg, wp, lp));
}
LRESULT CALLBACK SecEdtDlgProc(HWND hDlgWnd, UINT msg, WPARAM wp, LPARAM lp)
{
int ichk;
char buf[TEXTLEN];
LPBYTE stop;
switch (msg) {
case WM_INITDIALOG:
SetDlgItemText(hDlgWnd,IDC_SE_NAME,SectInfoWrk.byName);
wsprintf(buf,"%08X",SectInfoWrk.dwVSize);
SetDlgItemText(hDlgWnd,IDC_SE_VSIZE,buf);
wsprintf(buf,"%08X",SectInfoWrk.dwVOffset);
SetDlgItemText(hDlgWnd,IDC_SE_VOFFSET,buf);
wsprintf(buf,"%08X",SectInfoWrk.dwRSize);
SetDlgItemText(hDlgWnd,IDC_SE_RSIZE,buf);
wsprintf(buf,"%08X",SectInfoWrk.dwROffset);
SetDlgItemText(hDlgWnd,IDC_SE_ROFFSET,buf);
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_CNT_CODE) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_CONTCODE),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_CNT_INITIALIZED_DATA) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_CONTINI),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_CNT_UNINITIALIZED_DATA) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_CONTUNINI),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_MEM_SHARED) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_SHARE),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_MEM_EXECUTE) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_EXEC),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_MEM_READ) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_READ),BM_SETCHECK,(WPARAM)ichk, 0L);
ichk = (SectInfoWrk.dwCharacteristics & IMAGE_SCN_MEM_WRITE) ? 1 : 0;
SendMessage(GetDlgItem(hDlgWnd, IDC_SE_WRITE),BM_SETCHECK,(WPARAM)ichk, 0L);
break;
case WM_COMMAND:
switch (LOWORD(wp)) {
case IDC_SE_CONTCODE:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_CONTCODE) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_CNT_CODE;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_CNT_CODE;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_CONTINI:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_CONTINI) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_CNT_INITIALIZED_DATA;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_CNT_INITIALIZED_DATA;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_CONTUNINI:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_CONTUNINI) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_CNT_UNINITIALIZED_DATA;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_CNT_UNINITIALIZED_DATA;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_SHARE:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_SHARE) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_MEM_SHARED;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_MEM_SHARED;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_EXEC:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_EXEC) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_MEM_EXECUTE;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_MEM_EXECUTE;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_READ:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_READ) == BST_CHECKED) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -