📄 pedump.c
字号:
// but still some prefixes like z (static)
// -- or some types like b (byte) ,g (long double) ,s (short) --
// -- or postfix like M ( * )
// -- or $or ( & ) which is pretty wierd. .. added.. october 12
// -- also $t business is quite tricky too. (templates)
// there may be a lot of things undiscovered yet....
// I am not so sure my interpretation is correct or not
// If I am wrong please let me know.
// october 8, 1997 .... sang
//
//
// This function is written by sang cho
// October 5, 1997
//
/* translate condesed import function name */
LPVOID WINAPI TranslateFunctionName (
char *psz)
{
int i, j, n;
char c, cc;
static char buff[512]; // result of translation
int is=0;
char pStack[32]; // parameter processing stack
Str_P sStack[32]; // String processing stack
Str_P tok; // String token
Str_P c_str; // current string
int iend=0;
char *endTab[8]; // end of string position check
char *ps;
char *pin, *pout;
BOOL stringMode=TRUE;
if (*psz != '@') return psz;
pin = psz;
pout = buff;
ps = pStack;
//................................................................
// serious users may need to run the following code.
// so I may need to include some flag options...
// If you want to know about how translation is done,
// you can just revive following line and you can see it.
// october 6, 1997 ... sang cho
//printf ("\n................................... %s", psz); // for debugging...
//pa = pb = pout;
pin++;
tok.flag = 'A'; tok.pos = pout; tok.length = 0; tok.wasString = stringMode;
sStack[is++] = tok; // initialize sStack with dummy marker
while (*pin)
{
while (*pin)
{
c = *pin;
//---------------------------------------------
// check for the end of number specified string
//---------------------------------------------
if (iend>0)
{
for (i=0;i<iend;i++) if (pin == endTab[i]) break;
if (i<iend)
{
// move the end of endTab to ith position
endTab[i] = endTab[iend-1]; iend--;
// get top of the string stack
tok = sStack[is-1];
// I am expecting '#' token from stack
if (tok.flag != '#')
{ printf("\n**some serious error1** %c is = %d char = %c",
tok.flag, is, *pin);
exit(0);}
// pop '#' token I am happy now.
else
{ //if (c)
//printf("\n pop # token ... current char = %c", c);
//else printf("\n pop percent token..next char = NULL");
is--;
}
stringMode = tok.wasString;
if (!stringMode)
{
// need to process postfix finally
cc = *(ps-1);
if (strchr ("qtx", cc))
{ if (!strchr ("@$%", c)) *pout++ = ',';
}
else
{
switch (cc)
{
case 'r': strcpy (pout, "*&"); pout += 2; ps--; break;
case 'p': strcpy (pout, "**"); pout += 2; ps--; break;
case '&': strcpy (pout, "&"); pout += 1; ps--; break;
case '*': strcpy (pout, "*"); pout += 1; ps--; break;
default: strcpy (pout, "!3!"); pout += 3; ps--; break;
}
if (!strchr ("@$%", c)) *pout++ = ',';
}
}
// string mode restored...
else;
}
else ; // do nothing..
}
//------------------------------------------------
// special control symbol processing:
//------------------------------------------------
if (strchr ("@$%", c)) break;
//---------------------------------------------------------------
// string part processing : no '$' met yet
// or inside of '%' block
// or inside of '#' block (numbered string)
//---------------------------------------------------------------
else if (stringMode) *pout++ = *pin++;
//else if (is > 1) *pout++ = *pin++;
//------------------------------------------------
// parameter part processing: '$' met
//------------------------------------------------
else // parameter processing
{
if (!isdigit (c)) TranslateParameters (&pin, &pout, &ps);
else // number specified string processing
{
n = GetStringLength (pin);
if (n<10) pin++; else pin += 2;
// push '#' token
//if (*pin)
//printf("\n push # token .. char = %c", *pin);
//else printf("\n push percent token..next char = NULL");
tok.flag = '#'; tok.pos = pout;
tok.length = 0; tok.wasString = stringMode;
sStack[is++] = tok;
// mark end of input string
endTab[iend++] = pin + n;
stringMode = TRUE;
}
}
} // end of inner while loop
//
// beginning of new string or end of string ( quotation mark )
//
if (c == '%')
{
pin++; // anyway we have to proceed...
tok = sStack[is-1]; // get top of the sStack
if (tok.flag == '%')
{
// pop '%' token and set c_str
//if (*pin)
//printf("\n pop percent token..next char = %c", *pin);
//else printf("\n pop percent token..next char = NULL");
is--;
c_str = tok; c_str.length = pout - c_str.pos;
if (*(ps-1) == 't')
{
*pout++ = '>'; ps--;
stringMode = tok.wasString;
}
else { printf("\n**some string error3** stack = %c", *(ps-1));
exit(0); }
}
else if (tok.flag == 'A' || tok.flag == '#')
{
// push '%' token
//if (*pin)
//printf("\n push percent token..next char = %c", *pin);
//else printf("\n push percent token..next char = NULL");
tok.flag = '%'; tok.pos = pout; tok.length = 0;
tok.wasString = stringMode;
sStack[is++] = tok;
}
else { printf("\n**some string error5**"); exit(0); }
}
//
// sometimes we need string to use as constructor name or destructor name
//
else if (c == '@') // get string from previous marker upto here.
{
pin++;
tok = sStack[is-1];
c_str.flag = 'S';
c_str.pos = tok.pos;
c_str.length = pout - tok.pos;
c_str.wasString = stringMode;
*pout++ = ':'; *pout++ = ':';
}
//
// we need to take care of parameter control sequence
//
else if (c == '$') // need to precess template or parameter part
{
pin++;
if (stringMode)
stringMode = StringExpands (&pin, &pout, &ps, &c_str);
else
{ // template parameter mode I guess "$t"
if (is>1)
{
if (*pin == 't') pin++;
else { printf("\nMYGOODNESS1 %c", *pin); exit(0);}
//ps--;
//if (*ps == 't') *pout++ = '>';
//else { printf("\nMYGOODNESS2"); exit(0);}
*pout++ = ','; //pin++; ..this almost blowed me....
}
// real parameter mode I guess
// unexpected case is found ... humm what can I do...
else
{
// this is newly found twist.. it really hurts.
if (ps <= pStack)
{ if (*pin == 'q') { *ps++ = 'q'; *pout++ = '('; pin++; }
else {printf("\n** I GIVEUP ***"); exit(0);}
continue;
}
ps--;
while (*ps != 'q')
{ if (*ps == '*') *pout++ = '*';
else if (*ps == '&') *pout++ = '&';
else if (*ps == 'p'){*pout++ = '*'; *pout++ = '*'; }
else if (*ps == 'r'){*pout++ = '*'; *pout++ = '&'; }
else {printf("\n*** SOMETHING IS WRONG1*** char= %c",*pin);
exit(0);}
ps--;
}
*pout++ = ')';
ps--;
while (*ps != 'q')
{ if (*ps == '*') *pout++ = '*';
else if (*ps == '&') *pout++ = '&';
else if (*ps == 'p'){*pout++ = '*'; *pout++ = '*'; }
else if (*ps == 'r'){*pout++ = '*'; *pout++ = '&'; }
else {printf("\n*** SOMETHING IS WRONG2***"); exit(0);}
ps--;
}
ps++; *pout++ = ',';
}
}
} // end of '$' processing
} // end of outer while loop
//
// need to process remaining parameter stack
//
while (ps>pStack)
{
ps--;
switch(*ps)
{
case 't': *pout++ = '>'; break;
case 'q': *pout++ = ')'; break;
case 'x': strcpy (pout, " const"); pout += 6; break;
case 'r': strcpy (pout, "*&"); pout += 2; break;
case 'p': strcpy (pout, "**"); pout += 2; break;
case '&': *pout++ = '&'; break;
case '*': *pout++ = '*'; break;
default: strcpy (pout, "!4!"); pout += 3; *pout++ = *ps;
}
}
*pout = 0;
return buff;
}
//
// This function is written by sang cho
//
//
/* get exported function names separated by null terminators, return count of functions */
int WINAPI GetExportFunctionNames (
LPVOID lpFile,
char **pszFunctions)
{
//PIMAGE_SECTION_HEADER psh;
PIMAGE_EXPORT_DIRECTORY ped;
//DWORD dwBase;
DWORD imageBase; //===========================
char *pfns[8192]={NULL,}; // maximum number of functions
//=============================
char buff[256]; // enough for any string ??
char *psz; //===============================
DWORD *pdwAddress;
DWORD *pdw1;
DWORD *pdwNames;
WORD *pwOrd;
int i, nCnt=0, ntmp=0;
int enid=0, ordBase=1; // usally ordBase is 1....
int enames=0;
/* get section header and pointer to data directory for .edata section */
ped = (PIMAGE_EXPORT_DIRECTORY)
ImageDirectoryOffset(lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
if (ped == NULL) return 0;
//
// sometimes there may be no section for idata or edata
// instead rdata or data section may contain these sections ..
// or even module names or function names are in different section.
// so that's why we need to get actual address each time.
// ...................sang cho..................
//
//psh = (PIMAGE_SECTION_HEADER)
//ImageDirectorySection(lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT);
//if (psh == NULL) return 0;
//dwBase = (DWORD)((int)lpFile + psh->PointerToRawData - psh->VirtualAddress);
/* determine the offset of the export function names */
pdwAddress = (DWORD *)GetActualAddress (lpFile, (DWORD)ped->AddressOfFunctions);
imageBase = (DWORD)GetImageBase (lpFile);
ordBase = ped->Base;
if (ped->NumberOfNames > 0)
{
pdwNames = (DWORD *)
GetActualAddress (lpFile, (DWORD)ped->AddressOfNames);
pwOrd = (WORD *)
GetActualAddress (lpFile, (DWORD)ped->AddressOfNameOrdinals);
pdw1 = pdwAddress;
/* figure out how much memory to allocate for all strings */
for (i=0; i < (int)ped->NumberOfNames; i++)
{
nCnt += strlen ((char *)
GetActualAddress (lpFile, *(DWORD *)pdwNames)) + 1 + 6;
pdwNames++;
}
// get the number of unnamed functions
for (i=0; i < (int)ped->NumberOfFunctions; i++)
if (*pdw1++) ntmp++;
// add memory required to show unnamed functions.
if (ntmp > (int)ped->NumberOfNames)
nCnt += 18*(ntmp - (int)ped->NumberOfNames);
/* allocate memory for function names */
*pszFunctions = (char *)calloc (nCnt, 1);
peNameBuffSize=nCnt;
pdwNames = (DWORD *)GetActualAddress (lpFile, (DWORD)ped->AddressOfNames);
/* copy string pointer to buffer */
for (i=0; i < (int)ped->NumberOfNames; i++)
{
pfns[(int)(*pwOrd)+ordBase] =
(char *)GetActualAddress (lpFile, *(DWORD *)pdwNames);
pdwNames++;
pwOrd++;
}
psz = *pszFunctions;
}
for (i=ordBase; i < (int)ped->NumberOfFunctions + ordBase; i++)
{
if (*pdwAddress > 0)
{
*(DWORD *)psz = imageBase + *pdwAddress;
psz += 4;
*(WORD *)psz = (WORD)(i)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -