📄 htxbeimp.cc
字号:
c.y--; c.h=1; FileOfs ofs; uint thunktablerva = xbe_shared->header.kernel_image_thunk_address - xbe_shared->header.base_address; uint *thunktable = ht_malloc(sizeof (xbox_exports)); if (!thunktable) goto xbe_read_error; memset(thunktable, 0, sizeof(xbox_exports)); if (!xbe_rva_to_ofs(&xbe_shared->sections, thunktablerva, &ofs)) goto xbe_read_error; file->seek(ofs); if (file->read(thunktable, sizeof(xbox_exports)-4) != sizeof(xbox_exports)-4) goto xbe_read_error; for (; *thunktable; thunktable++, thunktablerva+=4) { uint ordinal; ordinal = createHostInt(thunktable, 4, little_endian); ht_xbe_import_function *func = new ht_xbe_import_function(thunktablerva, (char *)xbox_exports[ordinal & 0xfff], ordinal); xbe_shared->imports.funcs->insert(func); function_count++; } stop_timer(h0);// LOG("%y: PE: %d ticks (%d msec) to read imports", file->get_name(), get_timer_tick(h0), get_timer_msec(h0)); delete_timer(h0); char iline[256]; ht_snprintf(iline, sizeof iline, "* XBE kernel thunk table at offset %08x (%d functions)", xbe_shared->header.kernel_image_thunk_address, function_count); head=new ht_statictext(); head->init(&c, iline, align_left); g->insert(head); g->insert(v); // for (uint i=0; i<xbe_shared->imports.funcs->count(); i++) { ht_xbe_import_function *func = (ht_xbe_import_function*)(*xbe_shared->imports.funcs)[i]; assert(func); char addr[32], name[256]; ht_snprintf(addr, sizeof addr, "%08x", func->address); if (func->byname) { ht_snprintf(name, sizeof name, "%s", func->name.name); } else { ht_snprintf(name, sizeof name, "%04x (by ordinal)", func->ordinal); } v->insert_str(i, "NTOSKRNL.EXE", addr, name); } // v->update(); g->setpalette(palkey_generic_window_default); xbe_shared->v_imports=v; return g;xbe_read_error: delete_timer(h0); String fn; errorbox("%y: XBE import section seems to be corrupted.", &file->getFilename(fn)); g->done(); delete g; v->done(); delete v; return NULL;}format_viewer_if htxbeimports_if = { htxbeimports_init, NULL};/* * ht_xbe_import_function */ht_xbe_import_function::ht_xbe_import_function(RVA a, uint o){ ordinal = o; address = a; byname = false;}ht_xbe_import_function::ht_xbe_import_function(RVA a, char *n, uint h){ name.name = ht_strdup(n); name.hint = h; address = a; byname = true;}ht_xbe_import_function::~ht_xbe_import_function(){ if (byname) free(name.name);}/* * ht_xbe_import_viewer */void ht_xbe_import_viewer::init(Bounds *b, const char *Desc, ht_format_group *fg){ ht_text_listbox::init(b, 3, 2, LISTBOX_QUICKFIND); options |= VO_BROWSABLE; desc = strdup(Desc); format_group = fg; grouplib = false; sortby = 1; dosort();}void ht_xbe_import_viewer::done(){ ht_text_listbox::done();}void ht_xbe_import_viewer::dosort(){ ht_text_listbox_sort_order sortord[2]; uint l, s; if (grouplib) { l = 0; s = 1; } else { l = 1; s = 0; } sortord[l].col = 0; sortord[l].compare_func = strcmp; sortord[s].col = sortby; sortord[s].compare_func = strcmp; sort(2, sortord);}const char *ht_xbe_import_viewer::func(uint i, bool execute){ switch (i) { case 2: if (execute) { grouplib = !grouplib; dosort(); } return grouplib ? (char*)"nbylib" : (char*)"bylib"; case 4: if (execute) { if (sortby != 1) { sortby = 1; dosort(); } } return "byaddr"; case 5: if (execute) { if (sortby != 2) { sortby = 2; dosort(); } } return "byname"; } return NULL;}void ht_xbe_import_viewer::handlemsg(htmsg *msg){ switch (msg->msg) { case msg_funcexec: if (func(msg->data1.integer, 1)) { clearmsg(msg); return; } break; case msg_funcquery: { const char *s=func(msg->data1.integer, 0); if (s) { msg->msg=msg_retval; msg->data1.cstr=s; } break; } case msg_keypressed: { if (msg->data1.integer == K_Return) { select_entry(e_cursor); clearmsg(msg); } break; } } ht_text_listbox::handlemsg(msg);}bool ht_xbe_import_viewer::select_entry(void *entry){ ht_text_listbox_item *i = (ht_text_listbox_item *)entry; ht_xbe_shared_data *xbe_shared=(ht_xbe_shared_data *)format_group->get_shared_data(); ht_xbe_import_function *e = (ht_xbe_import_function*)(*xbe_shared->imports.funcs)[i->id]; if (!e) return true; if (xbe_shared->v_image) { ht_aviewer *av = (ht_aviewer*)xbe_shared->v_image; XBEAnalyser *a = (XBEAnalyser*)av->analy; Address *addr; addr = a->createAddress32(e->address+xbe_shared->header.base_address); if (av->gotoAddress(addr, NULL)) { app->focus(av); vstate_save(); } else { global_analyser_address_string_format = ADDRESS_STRING_FORMAT_COMPACT | ADDRESS_STRING_FORMAT_ADD_0X; errorbox("can't follow: %s %y is not valid!", "import address", addr); } delete addr; } else errorbox("can't follow: no image viewer"); return true;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -