📄 ollydump.c
字号:
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_MEM_READ;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_MEM_READ;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDC_SE_WRITE:
if(IsDlgButtonChecked(hDlgWnd,IDC_SE_WRITE) == BST_CHECKED) {
SectInfoWrk.dwCharacteristics |= IMAGE_SCN_MEM_WRITE;
}
else {
SectInfoWrk.dwCharacteristics ^= IMAGE_SCN_MEM_WRITE;
}
wsprintf(buf,"%08X",SectInfoWrk.dwCharacteristics);
SetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf);
break;
case IDOK:
GetDlgItemText(hDlgWnd,IDC_SE_NAME,SectInfoWrk.byName,sizeof(SectInfoWrk.byName));
GetDlgItemText(hDlgWnd,IDC_SE_VSIZE,buf,sizeof(buf));
SectInfoWrk.dwVSize = strtoul(buf,&stop,16);
GetDlgItemText(hDlgWnd,IDC_SE_VOFFSET,buf,sizeof(buf));
SectInfoWrk.dwVOffset = strtoul(buf,&stop,16);
GetDlgItemText(hDlgWnd,IDC_SE_RSIZE,buf,sizeof(buf));
SectInfoWrk.dwRSize = strtoul(buf,&stop,16);
GetDlgItemText(hDlgWnd,IDC_SE_ROFFSET,buf,sizeof(buf));
SectInfoWrk.dwROffset = strtoul(buf,&stop,16);
GetDlgItemText(hDlgWnd,IDC_SE_CHAR,buf,sizeof(buf));
SectInfoWrk.dwCharacteristics = strtoul(buf,&stop,16);
EndDialog(hDlgWnd, IDOK);
break;
case IDCANCEL:
EndDialog(hDlgWnd, IDCANCEL);
break;
}
break;
default:
return FALSE;
break;
}
return TRUE;
}
LRESULT CALLBACK MainDlgProc(HWND hDlgWnd, UINT msg, WPARAM wp, LPARAM lp)
{
char *ListHeader[] = {"Section","Virtual Size","Virtual Offset","Raw Size","Raw Offset","Charactaristics"};
const int ColX[] = { 50, 73, 73, 73, 73, 82 };
RECT rect;
UINT x,y,w,h,xMax,yMax;
int i;
char buf[TEXTLEN];
LPBYTE stop;
HWND hList;
DWORD dwStyle;
LV_COLUMN lvCol;
LV_ITEM item;
switch (msg) {
case WM_INITDIALOG:
SendMessage(GetDlgItem(hDlgWnd, IDC_FIXSECT),BM_SETCHECK,(WPARAM)1, 0L);
blFixSect = TRUE;
SendMessage(GetDlgItem(hDlgWnd, IDC_REBUILD),BM_SETCHECK,(WPARAM)1, 0L);
blRebuild = TRUE;
SendMessage(GetDlgItem(hDlgWnd, IDC_RDO_M1), BM_SETCHECK, (WPARAM)1, 0L);
iRebMethod = 1;
// Center Dialog Window
GetWindowRect(hDlgWnd,&rect);
h = rect.bottom - rect.top;
w = rect.right - rect.left;
xMax = GetSystemMetrics(SM_CXMAXIMIZED);
yMax = GetSystemMetrics(SM_CYMAXIMIZED);
x = xMax/2 - w/2;
y = yMax/2 - h;
MoveWindow(hDlgWnd,x,y,w,h,TRUE);
wsprintf(buf,"OllyDump - %s",DbgeName);
SetWindowText(hDlgWnd,buf);
wsprintf(strCurEIP,"%X",GetCurrentEIP()-PEFileInfo.dwImageBase);
SetDlgItemText(hDlgWnd,IDC_OEP,strCurEIP);
wsprintf(buf,"%X",PEFileInfo.dwImageBase);
SetDlgItemText(hDlgWnd,IDE_FROM,buf);
wsprintf(buf,"%X",PEFileInfo.dwSizeOfImage);
SetDlgItemText(hDlgWnd,IDE_SIZE,buf);
wsprintf(buf,"%X",PEFileInfo.dwAddrOfEP);
SetDlgItemText(hDlgWnd,IDC_EP,buf);
wsprintf(buf,"%X",PEFileInfo.dwBaseOfCode);
SetDlgItemText(hDlgWnd,IDC_BASEOFCODE,buf);
wsprintf(buf,"%X",PEFileInfo.dwBaseOfData);
SetDlgItemText(hDlgWnd,IDC_BASEOFDATA,buf);
hList = GetDlgItem(hDlgWnd,IDC_SECTLIST);
dwStyle = ListView_GetExtendedListViewStyle(hList);
dwStyle |= LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES;
ListView_SetExtendedListViewStyle(hList, dwStyle);
for(i=0; i<sizeof(ListHeader)/sizeof(&ListHeader[0]); i++) {
lvCol.mask = LVCF_FMT | LVCF_WIDTH | LVCF_TEXT | LVCF_SUBITEM;
lvCol.fmt = LVCFMT_LEFT;
lvCol.cx = ColX[i];
lvCol.pszText = ListHeader[i];
lvCol.iSubItem = 0;
ListView_InsertColumn(hList, i, &lvCol);
}
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
for(i=0; i<(int)PEFileInfo.woNumOfSect; i++) {
item.pszText = (lpSectInfo+i)->byName;
item.iItem = i;
item.iSubItem = 0;
ListView_InsertItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVSize);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 1;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVOffset);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 2;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVSize);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 3;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVOffset);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 4;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwCharacteristics);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 5;
ListView_SetItem(hList, &item);
}
SecLstDlgProcOrg = (WNDPROC)SetWindowLong(hList,GWL_WNDPROC, (LONG)SecLstDlgProc);
return TRUE;
case WM_COMMAND:
switch (LOWORD(wp)) {
case IDC_FIXSECT:
blFixSect = (IsDlgButtonChecked(hDlgWnd,IDC_FIXSECT) == BST_CHECKED) ? TRUE : FALSE;
hList = GetDlgItem(hDlgWnd,IDC_SECTLIST);
if(blFixSect) {
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
for(i=0; i<(int)PEFileInfo.woNumOfSect; i++) {
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVSize);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 3;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwVOffset);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 4;
ListView_SetItem(hList, &item);
}
}
else {
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
for(i=0; i<(int)PEFileInfo.woNumOfSect; i++) {
wsprintf(buf,"%08X",(lpSectInfo+i)->dwRSize);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 3;
ListView_SetItem(hList, &item);
wsprintf(buf,"%08X",(lpSectInfo+i)->dwROffset);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 4;
ListView_SetItem(hList, &item);
}
}
break;
case IDC_REBUILD:
blRebuild = (IsDlgButtonChecked(hDlgWnd,IDC_REBUILD) == BST_CHECKED) ? TRUE : FALSE;
break;
case IDC_GETEIP:
wsprintf(strCurEIP,"%X",GetCurrentEIP()-PEFileInfo.dwImageBase);
SetDlgItemText(hDlgWnd,IDC_OEP,strCurEIP);
break;
case IDOK:
// Get Number and Check
if(GetWindowTextLength(GetDlgItem(hDlgWnd,IDE_FROM)) == 0) {
MessageBox(hDlgWnd,"Please specify start address of dumping.",PNAME,MB_OK | MB_ICONINFORMATION);
break;
}
else {
GetDlgItemText(hDlgWnd,IDE_FROM,buf,sizeof(buf));
if(!IsValidNumber(buf,strlen(buf),NUM_HEX)) {
goto NUM_INVALID;
}
else {
PEFileInfo.dwImageBase = strtoul(buf,&stop,16);
}
}
if(GetWindowTextLength(GetDlgItem(hDlgWnd,IDE_SIZE)) == 0) {
MessageBox(hDlgWnd,"Please specify dump size.",PNAME,MB_OK | MB_ICONINFORMATION);
break;
}
else {
GetDlgItemText(hDlgWnd,IDE_SIZE,buf,sizeof(buf));
if(!IsValidNumber(buf,strlen(buf),NUM_HEX)) {
goto NUM_INVALID;
}
else {
PEFileInfo.dwSizeOfImage = strtoul(buf,&stop,16);
}
}
if(GetWindowTextLength(GetDlgItem(hDlgWnd,IDC_OEP)) > 0) {
GetDlgItemText(hDlgWnd,IDC_OEP,buf,sizeof(buf));
if(!IsValidNumber(buf,strlen(buf),NUM_HEX)) {
goto NUM_INVALID;
}
else {
PEFileInfo.dwAddrOfEP = strtoul(buf,&stop,16);
}
}
if(GetWindowTextLength(GetDlgItem(hDlgWnd,IDC_BASEOFCODE)) > 0) {
GetDlgItemText(hDlgWnd,IDC_BASEOFCODE,buf,sizeof(buf));
if(!IsValidNumber(buf,strlen(buf),NUM_HEX)) {
goto NUM_INVALID;
}
else {
PEFileInfo.dwBaseOfCode = strtoul(buf,&stop,16);
}
}
if(GetWindowTextLength(GetDlgItem(hDlgWnd,IDC_BASEOFDATA)) > 0) {
GetDlgItemText(hDlgWnd,IDC_BASEOFDATA,buf,sizeof(buf));
if(!IsValidNumber(buf,strlen(buf),NUM_HEX)) {
goto NUM_INVALID;
}
else {
PEFileInfo.dwBaseOfData = strtoul(buf,&stop,16);
}
}
hList = GetDlgItem(hDlgWnd,IDC_SECTLIST);
item.mask = LVIF_TEXT;
item.cchTextMax = sizeof(buf);
for(i=0; i<(int)PEFileInfo.woNumOfSect; i++) {
item.pszText = (lpSectInfo+i)->byName;
item.iItem = i;
item.iSubItem = 0;
ListView_GetItem(hList, &item);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 1;
ListView_GetItem(hList, &item);
(lpSectInfo+i)->dwVSize = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 2;
ListView_GetItem(hList, &item);
(lpSectInfo+i)->dwVOffset = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 3;
ListView_GetItem(hList, &item);
(lpSectInfo+i)->dwRSize = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 4;
ListView_GetItem(hList, &item);
(lpSectInfo+i)->dwROffset = strtoul(buf,&stop,16);
item.pszText = buf;
item.iItem = i;
item.iSubItem = 5;
ListView_GetItem(hList, &item);
(lpSectInfo+i)->dwCharacteristics = strtoul(buf,&stop,16);
}
if(IsDlgButtonChecked(hDlgWnd, IDC_RDO_M1) == BST_CHECKED) {
iRebMethod = 1;
}
if(IsDlgButtonChecked(hDlgWnd, IDC_RDO_M2) == BST_CHECKED) {
iRebMethod = 2;
}
EndDialog(hDlgWnd, IDOK);
break;
NUM_INVALID:
MessageBox(hDlgWnd,"Invalid Number!!",PNAME,MB_OK | MB_ICONINFORMATION);
return FALSE;
case IDCANCEL:
EndDialog(hDlgWnd, IDCANCEL);
break;
default:
return FALSE;
}
break;
default:
return FALSE;
}
return TRUE;
}
DWORD GetCurrentEIP(void)
{
t_thread* t2;// t_thread
t2=Findthread(Getcputhreadid());
return t2->reg.ip;
}
BOOL IsValidNumber(char *numstr, int size, int mode)
{
int i;
char *s;
s = numstr;
if(*s == '-' || *s == '+') {
s++;
size--;
}
for(i=0; i<size; i++) {
switch(mode) {
case NUM_DEC:
if(*(s+i) < '0' || *(s+i) > '9') {
return FALSE;
}
break;
case NUM_HEX:
if(!( (*(s+i) >= '0' && *(s+i) <= '9')
|| (*(s+i) >= 'A' && *(s+i) <= 'F')
|| (*(s+i) >= 'a' && *(s+i) <= 'f') )) {
return FALSE;
}
break;
default:
break;
}
}
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -