📄 pedump.c
字号:
//fprintf(stderr, "\npid=%08X", pid),getch();
/* exit if the module is not found */
if (!pid->dwRVAModuleName)
return 0;
// I am doing this to get rid of .dll from module name
strcpy (name, pszModule+4);
mnlength = strlen (pszModule+4);
for (i=0; i<mnlength; i++) if (name[i] == '.') break;
name[i] = 0;
mnlength = i;
/* count number of function names and length of strings */
dwFunctionName = pid->dwRVAFunctionNameList;
// IMAGE_IMPORT_BY_NAME OR IMAGE_THUNK_DATA
// modified by Sang Cho
//fprintf(stderr,"pid = %08X dwFunctionName = %08X name = %s",
//(int)pid-(int)lpFile, dwFunctionName,name),getch();
// modified by sang cho 1998.1.24
if (dwFunctionName==0) dwFunctionName = pid->dwRVAFunctionAddressList;
while (dwFunctionName &&
*(pdw=(DWORD *)GetActualAddress (lpFile, dwFunctionName)) )
{
if ((*pdw) & 0x80000000 ) nSize += mnlength + 10 + 1 + 6;
else nSize += strlen ((char *)GetActualAddress (lpFile, *pdw+2)) + 1+6;
dwFunctionName += 4;
nCnt++;
}
/* allocate memory for function names */
*pszFunctions = (char *)calloc (nSize, 1);
psz = *pszFunctions;
//
// I modified this part to store function address (4 bytes),
// ord number (2 bytes),
// and name strings (which was there originally)
// so that's why there are 6 more bytes...... +6, or +4 and +2 etc.
// these informations are used where they are needed.
// ...........sang cho..................
//
/* copy function names to mempry pointer */
dwFunctionName = pid->dwRVAFunctionNameList;
// modified by sang cho 1998.1.24
if (dwFunctionName==0) dwFunctionName = pid->dwRVAFunctionAddressList;
dwFunctionAddress = pid->dwRVAFunctionAddressList;
while (dwFunctionName &&
*(pdw=(DWORD *)GetActualAddress (lpFile, dwFunctionName)) )
{
if ((*pdw) & 0x80000000)
{
*(int *)psz=(int)(*(DWORD *)GetActualAddress (lpFile, dwFunctionAddress));
psz += 4;
*(short *)psz=*(short *)pdw;
psz += 2;
sprintf(buff, "%s:NoName%04d", name, nnid++);
strcpy (psz, buff); psz += strlen (buff) + 1;
}
else
{
r=*(int *)psz=(int)(*(DWORD *)GetActualAddress (lpFile, dwFunctionAddress));
psz += 4;
*(short *)psz=(*(short *)GetActualAddress(lpFile, *pdw));
psz += 2; rr=(int)GetActualAddress(lpFile, *pdw + 2);
strcpy (psz, (char *)rr);
psz += strlen ((char *)GetActualAddress(lpFile, *pdw + 2)) + 1;
// this one is needed to link import function names to codes..
k.class=0; k.c_ref= r; k.c_pos=-rr;
MyBtreeInsert(&k);
k.class=0; k.c_ref=-(rr); k.c_pos=(int)pszModule+4;
MyBtreeInsert(&k);
}
dwFunctionName += 4;
dwFunctionAddress += 4;
}
return nCnt;
}
//
// This function is written by sang cho
// October 6, 1997
//
/* get numerically expressed string length */
int WINAPI GetStringLength (
char *psz)
{
if (!isdigit (*psz)) return 0;
if (isdigit (*(psz+1))) return (*psz - '0')*10 + *(psz+1) - '0';
else return *psz - '0';
}
//
// This function is written by sang cho
// October 12, 1997
//
/* translate parameter part of condensed name */
void WINAPI GetPreviousParamString (
char *xpin, // read-only source
char *xpout) // translated result
{
int n=0;
char *pin, *pout;
pin = xpin;
pout = xpout;
pin--;
if (*pin == ',') pin--;
else { printf ("\n **error PreviousParamString1 char = %c", *pin); exit(0); }
while (*pin)
{
if (*pin == '>') n++;
else if (*pin == '<') n--;
else if (*pin == ')') n++;
if (n > 0)
{
if (*pin == '(') n--;
}
else if (strchr (",(", *pin)) break;
pin--;
}
//printf("\n ----- %s", pin);
if (strchr (",(", *pin)) {pin++;} // printf("\n %s", pin); }
else { printf ("\n **error PreviousParamString2"); exit(0); }
n = xpin - pin - 1;
strncpy (pout, pin, n);
*(pout + n) = 0;
}
//
// This function is written by sang cho
// October 10, 1997
//
/* translate parameter part of condensed name */
void WINAPI TranslateParameters (
char **ppin, // read-only source
char **ppout, // translated result
char **pps) // parameter stack
{
int i, n;
char c;
char name[128];
char *pin, *pout, *ps;
//printf(" %c ", **in);
pin = *ppin;
pout = *ppout;
ps = *pps;
c = *pin;
switch (c)
{
// types processing
case 'b': strcpy (pout, "byte"); pout += 4; pin++; break;
case 'c': strcpy (pout, "char"); pout += 4; pin++; break;
case 'd': strcpy (pout, "double"); pout += 6; pin++; break;
case 'f': strcpy (pout, "float"); pout += 5; pin++; break;
case 'g': strcpy (pout, "long double");pout += 11; pin++; break;
case 'i': strcpy (pout, "int"); pout += 3; pin++; break;
case 'l': strcpy (pout, "long"); pout += 4; pin++; break;
case 's': strcpy (pout, "short"); pout += 5; pin++; break;
case 'v': strcpy (pout, "void"); pout += 4; pin++; break;
// postfix processing
case 'M':
case 'p':
if (*(pin+1) == 'p') { *ps++ = 'p'; pin += 2; }
else { *ps++ = '*'; pin++; }
*ppin = pin; *ppout = pout; *pps = ps;
return;
case 'q':
*pout++ = '('; pin++;
*ps++ = 'q';
*ppin = pin; *ppout = pout; *pps = ps;
return;
case 'r':
if (*(pin+1) == 'p') { *ps++ = 'r'; pin += 2; }
else { *ps++ = '&'; pin++; }
*ppin = pin; *ppout = pout; *pps = ps;
return;
// repeat processing
case 't':
if (isdigit(*(pin+1)))
{
n = *(pin+1) - '0'; pin++; pin++;
GetPreviousParamString (pout, name);
strcpy (pout, name); pout += strlen (name);
for (i=1; i<n; i++)
{
*pout++ = ',';
strcpy (pout, name); pout += strlen (name);
}
}
else pin++;
break;
// prefix processing
case 'u':
strcpy (pout, "u"); pout += 1; pin++;
*ppin = pin; *ppout = pout; *pps = ps;
return;
case 'x':
strcpy (pout, "const "); pout += 6; pin++;
*ppin = pin; *ppout = pout; *pps = ps;
return;
case 'z':
strcpy (pout, "static "); pout += 7; pin++;
*ppin = pin; *ppout = pout; *pps = ps;
return;
default: strcpy (pout, "!1!");pout += 3; *pout++=*pin++;
*ppin = pin; *ppout = pout; *pps = ps;
return;
}
// need to process postfix finally
c = *(ps-1);
if (strchr ("tqx", c))
{ if (*(pin)&& !strchr( "@$%", *(pin))) *pout++ = ',';
*ppin = pin; *ppout = pout; *pps = ps; return; }
switch (c)
{
case 'r': strcpy (pout, "*&"); pout += 2; ps--; break;
case 'p': strcpy (pout, "**"); pout += 2; ps--; break;
case '&': strcpy (pout, "&"); pout += 1; ps--; break;
case '*': strcpy (pout, "*"); pout += 1; ps--; break;
default: strcpy (pout, "!2!"); pout += 3; ps--; break;
}
if (*(pin) && !strchr( "@$%", *(pin))) *pout++ = ',';
*ppin = pin; *ppout = pout; *pps = ps;
}
//
// This function is written by sang cho
// October 11, 1997
//
/* translate parameter part of condensed name */
BOOL WINAPI StringExpands (
char **ppin, // read-only source
char **ppout, // translated result
char **pps, // parameter stack
Str_P *pcstr) // currently stored string
{
int n;
char c;
char *pin, *pout, *ps;
Str_P c_str;
BOOL stringMode = TRUE;
pin = *ppin;
pout = *ppout;
ps = *pps;
c_str = *pcstr;
if (strncmp (pin, "bctr", 4) == 0)
{ strncpy (pout, c_str.pos, c_str.length);
pout += c_str.length; pin += 4; }
else if (strncmp (pin, "bdtr", 4) == 0)
{ *pout++ = '~';
strncpy (pout, c_str.pos, c_str.length);
pout += c_str.length; pin += 4; }
else if (*pin == 'o')
{ strcpy(pout, "const "); pout += 6; pin++;
stringMode = FALSE;
}
else if (*pin == 'q')
{ *pout++ = '('; pin++;
*ps++ = 'q'; stringMode = FALSE;
}
else if (*pin == 't')
{
//if (*(ps-1) == 't') { *pout++ = ','; pin++; } // this also got me...
//else october 12 .. sang
{ *pout++ = '<'; pin++;
*ps++ = 't';
}
stringMode = FALSE;
}
else if (strncmp (pin, "xq", 2) == 0)
{ *pout++ = '('; pin += 2;
*ps++ = 'x'; *ps++ = 'q';
stringMode = FALSE;
}
else if (strncmp (pin, "bcall", 5) == 0)
{ strcpy (pout, "operator ()"); pout += 11; pin += 5; }
else if (strncmp (pin, "bsubs", 5) == 0)
{ strcpy (pout, "operator []"); pout += 11; pin += 5; }
else if (strncmp (pin, "bnwa", 4) == 0)
{ strcpy (pout, "operator new[]"); pout += 14; pin += 4; }
else if (strncmp (pin, "bdla", 4) == 0)
{ strcpy (pout, "operator delete[]"); pout += 17; pin += 4; }
else if (strncmp (pin, "bnew", 4) == 0)
{ strcpy (pout, "operator new"); pout += 12; pin += 4; }
else if (strncmp (pin, "bdele", 5) == 0)
{ strcpy (pout, "operator delete"); pout += 15; pin += 5; }
else if (strncmp (pin, "blsh", 4) == 0)
{ strcpy (pout, "operator <<"); pout += 11; pin += 4; }
else if (strncmp (pin, "brsh", 4) == 0)
{ strcpy (pout, "operator >>"); pout += 11; pin += 4; }
else if (strncmp (pin, "binc", 4) == 0)
{ strcpy (pout, "operator ++"); pout += 11; pin += 4; }
else if (strncmp (pin, "bdec", 4) == 0)
{ strcpy (pout, "operator --"); pout += 11; pin += 4; }
else if (strncmp (pin, "badd", 4) == 0)
{ strcpy (pout, "operator +"); pout += 10; pin += 4; }
else if (strncmp (pin, "brplu", 5) == 0)
{ strcpy (pout, "operator +="); pout += 11; pin += 5; }
else if (strncmp (pin, "bdiv", 4) == 0)
{ strcpy (pout, "operator /"); pout += 10; pin += 4; }
else if (strncmp (pin, "brdiv", 5) == 0)
{ strcpy (pout, "operator /="); pout += 11; pin += 5; }
else if (strncmp (pin, "bmul", 4) == 0)
{ strcpy (pout, "operator *"); pout += 10; pin += 4; }
else if (strncmp (pin, "brmul", 5) == 0)
{ strcpy (pout, "operator *="); pout += 11; pin += 5; }
else if (strncmp (pin, "basg", 4) == 0)
{ strcpy (pout, "operator ="); pout += 10; pin += 4; }
else if (strncmp (pin, "beql", 4) == 0)
{ strcpy (pout, "operator =="); pout += 11; pin += 4; }
else if (strncmp (pin, "bneq", 4) == 0)
{ strcpy (pout, "operator !="); pout += 11; pin += 4; }
else if (strncmp (pin, "bor", 3) == 0)
{ strcpy (pout, "operator |"); pout += 10; pin += 3; }
else if (strncmp (pin, "bror", 4) == 0)
{ strcpy (pout, "operator |="); pout += 11; pin += 4; }
else if (strncmp (pin, "bcmp", 4) == 0)
{ strcpy (pout, "operator ~"); pout += 10; pin += 4; }
else if (strncmp (pin, "bnot", 4) == 0)
{ strcpy (pout, "operator !"); pout += 10; pin += 4; }
else if (strncmp (pin, "band", 4) == 0)
{ strcpy (pout, "operator &"); pout += 10; pin += 4; }
else if (strncmp (pin, "brand", 5) == 0)
{ strcpy (pout, "operator &="); pout += 11; pin += 5; }
else if (strncmp (pin, "bxor", 4) == 0)
{ strcpy (pout, "operator ^"); pout += 10; pin += 4; }
else if (strncmp (pin, "brxor", 5) == 0)
{ strcpy (pout, "operator ^="); pout += 11; pin += 5; }
else
{
strcpy (pout, "!$$$!"); pout += 5;
}
*ppin = pin; *ppout = pout; *pps = ps;
return stringMode;
} // end of '$' processing
//----------------------------------------------------------------------
// structure to store string tokens
//----------------------------------------------------------------------
//typedef struct _Str_P {
// char flag; // string_flag '@' or '%' or '#'
// char *pos; // starting postion of string
// int length; // length of string
// BOOL wasString; // if it were stringMode or not
//} Str_P;
//----------------------------------------------------------------------
//
// I think I knocked it down finally. But who knows?
// october 12, 1997 ... sang
//
// well I have to rewrite whole part of TranslateFunctionName..
// this time I am a little bit more experienced than 5 days ago.
// or am i??? anyway i use stacks instead of recurcive calls
// and i hope this will take care of every symptoms i have experienced..
// october 10, 1997 .... sang
// It took a lot of time for me to figure out what is all about....
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -