📄 imageloader.c
字号:
}
if (!(NtHeader->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE))
{
printf("No execute image found \n");
return -1;
}
switch(NtHeader->OptionalHeader.Subsystem)
{
case IMAGE_SUBSYSTEM_EFI_APPLICATION:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_EFI_APPLICATION\n");
printf("This exe file is desgin run in EFI bios as applactions\n");
break;
case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER\n");
printf("This exe file is desgin run in EFI bios as service driver\n");
break;
case IMAGE_SUBSYSTEM_EFI_ROM:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_EFI_ROM\n");
printf("This exe file is EFI ROM\n");
break;
case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER\n");
printf("This exe file is desgin run in EFI bios as driver\n");
break;
case IMAGE_SUBSYSTEM_NATIVE:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_NATIVE\n");
printf("This exe file does not need any subsystem\n");
break;
case IMAGE_SUBSYSTEM_NATIVE_WINDOWS:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_NATIVE_WINDOWS\n");
printf("This exe file is desgin run on Windows 9x as driver \n");
break;
case IMAGE_SUBSYSTEM_OS2_CUI:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_OS2_CUI\n");
printf("This exe file is desgin run on OS2 as CUI\n");
break;
case IMAGE_SUBSYSTEM_POSIX_CUI:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_POSIX_CUI\n");
printf("This exe file is desgin run on POSIX as CUI\n");
break;
case IMAGE_SUBSYSTEM_WINDOWS_CE_GUI:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_WINDOWS_CE_GUI\n");
printf("This exe file is desgin run on Windows CE as GUI\n");
break;
case IMAGE_SUBSYSTEM_WINDOWS_CUI:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_WINDOWS_CUI\n");
printf("This exe file is desgin run on Windows as CUI\n");
break;
case IMAGE_SUBSYSTEM_WINDOWS_GUI:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_WINDOWS_GUI\n");
printf("This exe file is desgin run on Windows as GUI\n");
break;
case IMAGE_SUBSYSTEM_XBOX:
fprintf(outfp,"; OS type : IMAGE_SUBSYSTEM_XBOX\n");
printf("This exe file is desgin run on X-Box\n");
break;
default:
fprintf(outfp,"; OS type : Unknown\n");
printf("Unknown OS : SubID : %d\n",NtHeader->OptionalHeader.Subsystem);
break;
}
printf("Number of object : %d\n",NtHeader->FileHeader.NumberOfSections);
printf("Base Address : %8x\n\n",NtHeader->OptionalHeader.ImageBase);
pSectionHeader = IMAGE_FIRST_SECTION(NtHeader);
NumberOfSections = NtHeader->FileHeader.NumberOfSections;
for (i = 0; i < NumberOfSections; i++)
{
SectionHeader[i] = *pSectionHeader++;
printf("Found Sector : %s \n ",SectionHeader[i].Name);
printf("RVA: %08lX ",SectionHeader[i].VirtualAddress);
printf("Offset: %08lX ",SectionHeader[i].PointerToRawData);
printf("Size: %08lX ",SectionHeader[i].SizeOfRawData);
printf("Flags: %08lX \n\n",SectionHeader[i].Characteristics);
}
/* Get export data */
if (NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size != 0)
{
for (i = 0; i < NumberOfSections; i++)
{
if ( SectionHeader[i].VirtualAddress <= (ULONG) NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress &&
SectionHeader[i].VirtualAddress + SectionHeader[i].SizeOfRawData > (ULONG)NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)
{
ExportEntry = (PIMAGE_NT_HEADERS) (((ULONG)memory) +
(ULONG)(NtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress -
SectionHeader[i].VirtualAddress +
SectionHeader[i].PointerToRawData));
}
}
}
/* start decoding */
for (i=0;i < NumberOfSections; i++)
{
if (strnicmp((PCHAR) SectionHeader[i].Name,".text\0",6)==0)
{
switch (NtHeader->FileHeader.Machine)
{
case IMAGE_FILE_MACHINE_ALPHA:
printf("CPU ALPHA Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found Alpha\n");
machine_type = IMAGE_FILE_MACHINE_ALPHA;
return 3;
case IMAGE_FILE_MACHINE_ALPHA64:
printf("CPU ALPHA64/AXP64 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found Alpha64/AXP64\n");
machine_type = IMAGE_FILE_MACHINE_ALPHA64;
return 3;
case IMAGE_FILE_MACHINE_AM33:
printf("CPU AM33 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found AM33\n");
machine_type = IMAGE_FILE_MACHINE_AM33;
return 3;
case IMAGE_FILE_MACHINE_AMD64:
printf("CPU AMD64 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found AMD64\n");
machine_type = IMAGE_FILE_MACHINE_AMD64;
return 3;
case IMAGE_FILE_MACHINE_ARM:
printf("CPU ARM Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found ARM\n");
machine_type = IMAGE_FILE_MACHINE_ARM;
return 3;
case IMAGE_FILE_MACHINE_CEE:
printf("CPU CEE Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found CEE\n");
machine_type = IMAGE_FILE_MACHINE_CEE;
return 3;
case IMAGE_FILE_MACHINE_CEF:
printf("CPU CEF Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found CEF\n");
machine_type = IMAGE_FILE_MACHINE_CEF;
return 3;
case IMAGE_FILE_MACHINE_EBC:
printf("CPU EBC Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found EBC\n");
machine_type = IMAGE_FILE_MACHINE_EBC;
return 3;
case IMAGE_FILE_MACHINE_I386:
printf("CPU I386 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found I386\n");
machine_type = IMAGE_FILE_MACHINE_I386;
return 3;
case IMAGE_FILE_MACHINE_IA64:
printf("CPU IA64 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found IA64\n");
machine_type = IMAGE_FILE_MACHINE_IA64;
return 3;
case IMAGE_FILE_MACHINE_M32R:
printf("CPU M32R Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found M32R\n");
machine_type = IMAGE_FILE_MACHINE_M32R;
return 3;
case IMAGE_FILE_MACHINE_MIPS16:
printf("CPU MIPS16 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found MIPS16\n");
machine_type = IMAGE_FILE_MACHINE_MIPS16;
return 3;
case IMAGE_FILE_MACHINE_MIPSFPU:
printf("CPU MIPSFPU Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found MIPSFPU\n");
machine_type = IMAGE_FILE_MACHINE_MIPSFPU;
return 3;
case IMAGE_FILE_MACHINE_MIPSFPU16:
printf("CPU MIPSFPU16 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found MIPSFPU16\n");
machine_type = IMAGE_FILE_MACHINE_MIPSFPU16;
return 3;
case IMAGE_FILE_MACHINE_POWERPC:
printf("CPU POWERPC Detected partily CPUBrain implement for it\n");
fprintf(outfp,"; CPU found POWERPC\n");
//PPCBrain(memory, pos, cpu_size, base, 0, outfp);
machine_type = IMAGE_FILE_MACHINE_POWERPC;
PPCBrain(memory+SectionHeader[i].PointerToRawData, 0, SectionHeader[i].SizeOfRawData, NtHeader->OptionalHeader.ImageBase, 0, outfp);
break;
case IMAGE_FILE_MACHINE_POWERPCFP:
printf("CPU POWERPCFP Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found POWERPCFP\n");
machine_type = IMAGE_FILE_MACHINE_POWERPCFP;
return 3;
case IMAGE_FILE_MACHINE_R10000:
printf("CPU R10000 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found R10000\n");
machine_type = IMAGE_FILE_MACHINE_R10000;
return 3;
case IMAGE_FILE_MACHINE_R3000:
printf("CPU R3000 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found R3000\n");
machine_type = IMAGE_FILE_MACHINE_R3000;
return 3;
case IMAGE_FILE_MACHINE_R4000:
printf("CPU R4000 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found R4000\n");
machine_type = IMAGE_FILE_MACHINE_R4000;
return 3;
case IMAGE_FILE_MACHINE_SH3:
printf("CPU SH3 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found SH3\n");
machine_type = IMAGE_FILE_MACHINE_SH3;
return 3;
case IMAGE_FILE_MACHINE_SH3DSP:
printf("CPU SH3DSP Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found SH3DSP\n");
machine_type = IMAGE_FILE_MACHINE_SH3DSP;
return 3;
case IMAGE_FILE_MACHINE_SH3E:
printf("CPU SH3E Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found SH3E\n");
machine_type = IMAGE_FILE_MACHINE_SH3E;
return 3;
case IMAGE_FILE_MACHINE_SH4:
printf("CPU SH4 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found SH4\n");
machine_type = IMAGE_FILE_MACHINE_SH4;
return 3;
case IMAGE_FILE_MACHINE_SH5:
printf("CPU SH5 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found SH5\n");
machine_type = IMAGE_FILE_MACHINE_SH5;
return 3;
case IMAGE_FILE_MACHINE_THUMB:
printf("CPU THUMB Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found THUMB\n");
machine_type = IMAGE_FILE_MACHINE_THUMB;
return 3;
case IMAGE_FILE_MACHINE_TRICORE:
printf("CPU TRICORE Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found TRICORE\n");
machine_type = IMAGE_FILE_MACHINE_TRICORE;
return 3;
case IMAGE_FILE_MACHINE_WCEMIPSV2:
printf("CPU WCEMIPSV2 Detected no CPUBrain implement for it\n");
fprintf(outfp,"; CPU found WCEMIPSV2\n");
machine_type = IMAGE_FILE_MACHINE_WCEMIPSV2;
return 3;
default:
printf("Unknown Machine : %d",NtHeader->FileHeader.Machine);
return 4;
} /* end case switch*/
} /* end if text sector */
} /* end for */
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -