fileload.cpp

将exe等可执行文件转化成c程序的反编译程序,先到汇编再到c

// Copyright(C) 1999-2005 LiuTaoTao，bookaa@rorsoft.com


//	exe2c project

#include "stdafx.h"
#include "00000.h"
#include "FileLoad.h"

#define	SEG0	0x1000
#define	Load_Resources	0
#define	Load_Debug	0
#define	Load_Data	1

enum_EXEType g_EXEType = (enum_EXEType)0;

FileLoader* g_FileLoader = NULL;

FileLoader::FileLoader(void)
{
	securityatt.nLength=sizeof(SECURITY_ATTRIBUTES);
	securityatt.lpSecurityDescriptor=NULL;
	securityatt.bInheritHandle=FALSE;
	efile=INVALID_HANDLE_VALUE;
	exetype=0;
	fbuff=NULL;
}

FileLoader::~FileLoader(void)
{
	if ( fbuff!=NULL )
		delete fbuff;
	CloseHandle(efile);

	VirtualFree(image_buf,image_len,0);
}

BOOL	if_valid_ea(ea_t ea)
{
	switch (g_EXEType)
	{
	case enum_PE_sys:
		return TRUE;
	case enum_PE_exe:
		if (ea < 0x400000)
			return FALSE;
		return TRUE;
	}
	return TRUE;
}
void FileLoader::get_exetype()
{
	char mzhead[2],exthead[2];
	DWORD num;
	DWORD pe_offset;

	exetype = 0;
	if ( !ReadFile(efile,mzhead,2,&num,NULL) )
		return;
	
	if (num != 2)
		return;
	if (((mzhead[0]=='M')&&(mzhead[1]=='Z'))
		||((mzhead[0]=='Z')&&(mzhead[1]=='M')))
	{
		exetype = BIN_EXE;

		SetFilePointer(efile,0x3c,NULL,FILE_BEGIN);
		if ( ReadFile(efile,&pe_offset,4,&num,NULL) )
			SetFilePointer(efile,pe_offset,NULL,FILE_BEGIN);
		if ( ReadFile(efile,exthead,2,&num,NULL) )
		{
			if ( ((short int *)exthead)[0]==0x4550 )exetype=PE_EXE;
			else if ( ((short int *)exthead)[0]==0x454e )exetype=NE_EXE;
			else if ( ((short int *)exthead)[0]==0x454c )exetype=LE_EXE;
			else if ( ((short int *)exthead)[0]==0x584c )exetype=OS2_EXE;
			else exetype=MZ_EXE;
		}
	}
}
//checks header info, puts up initial loading dialog box and
//selects info routine for file.
bool FileLoader::load(PCSTR fname)
{
	DWORD pe_offset;
	DWORD num;
	DWORD fsize;
	if ( efile!=INVALID_HANDLE_VALUE )return FALSE;

	efile=CreateFile(fname,GENERIC_READ,1,&securityatt,OPEN_EXISTING,0,NULL);
	if ( efile==INVALID_HANDLE_VALUE )
		return FALSE;

	if ( GetFileType(efile)!=FILE_TYPE_DISK )return FALSE;

	get_exetype();

    if (exetype != PE_EXE)	//only support PE now
    	return FALSE;

	fsize=GetFileSize(efile,NULL);
	fbuff=new BYTE[fsize];
	SetFilePointer(efile,0x00,NULL,FILE_BEGIN);
	ReadFile(efile,fbuff,fsize,&num,NULL);

	pe_offset = *(DWORD *)(fbuff+0x3c);
	//DialogBox(hInst,MAKEINTRESOURCE(D_checktype),mainwindow,(DLGPROC)checktypebox);
	//if(!SEG0)
	//{
	//SEG0=0x1000;
	// MessageBox(mainwindow,"Sorry - Can't use a zero segment base.\nSegment Base has been set to 0x1000"
	//  ,"Borg Message",MB_OK);
	//}
	//dsm.dissettable();
	switch ( exetype )
	{
	case BIN_EXE:
		readbinfile(fsize);
		break;
	case PE_EXE:
		//readpefile(pe_offset);
		LoadPE(pe_offset);
		break;
	case MZ_EXE:
		readmzfile(fsize);
		break;
	case OS2_EXE:
		reados2file();
		CloseHandle(efile);
		efile=INVALID_HANDLE_VALUE;
		exetype=0;
		return FALSE; // at the moment;
	case COM_EXE:
		readcomfile(fsize);
		break;
	case SYS_EXE:
		readsysfile(fsize);
		break;
	case LE_EXE:
		readlefile();
		CloseHandle(efile);
		efile=INVALID_HANDLE_VALUE;
		exetype=0;
		return FALSE; // at the moment;
	case NE_EXE:
		readnefile(pe_offset);
		break;
	default:
		CloseHandle(efile);
		efile=INVALID_HANDLE_VALUE;
		exetype=0;
		return FALSE;
	}
	return TRUE;
}
void FileLoader::readcomfile(DWORD fsize)
{
}
void FileLoader::readsysfile(DWORD fsize)
{
}
void FileLoader::readmzfile(DWORD fsize)
{
}
void FileLoader::readlefile(void)
{
}
void FileLoader::readnefile(DWORD offs)
{
}
void FileLoader::reados2file(void)
{
}
void FileLoader::readbinfile(DWORD fsize)
{
}


bool	IfInWorkSpace(ea_t off)
{	//	check if off lye in our work space
	if (off > 0x400000 && off < 0x600000)	//	暂且这样简单处理一下吧
		return TRUE;
	return FALSE;
}
/*
void FileLoader::readpefile(DWORD peoffs)
{
    char impbuff[100],inum[10];
	lptr sseg,t;
    int k;



	//options.dseg=SEG0;
	sseg.segm= SEG0;
	sseg.offs=0;
	
	PBYTE pestart = &fbuff[peoffs];
	PEHEADER* peh = (PEHEADER *)pestart;
	
	//options.loadaddr.offs=peh->image_base; // bugfix build 14
	

	PEObjData *pdata = (PEObjData *)(pestart+sizeof(PEHEADER)+(peh->numintitems-0x0a)*8);
	for ( int i=0;i<peh->objects;i++ )
	{
		BOOL peobjdone = FALSE;
		if ( (pdata[i].rva == peh->exporttable_rva)  ||// export info
			 ((peh->exporttable_rva > pdata[i].rva) &&
              (peh->exporttable_rva < pdata[i].rva+pdata[i].phys_size)) )
		{
			BYTE* expname;
			WORD *onaddr;
			DWORD *fnaddr,*nnaddr;
			peexportdirentry *expdir =
				(peexportdirentry *)&fbuff[pdata[i].phys_offset+peh->exporttable_rva-pdata[i].rva];
			t.assign(SEG0, peh->image_base+peh->exporttable_rva);
			//scheduler.addtask(dis_datadword,priority_data,t,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+4,NULL);
			//scheduler.addtask(dis_dataword,priority_data,t+8,NULL);
			//scheduler.addtask(dis_dataword,priority_data,t+10,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+12,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+16,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+20,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+24,NULL);
			//scheduler.addtask(dis_datadword,priority_data,t+28,NULL);
			for ( int k1=0;k1<peh->objects;k1++ )
			{
				if ( (expdir->namerva>=pdata[k1].rva)&&(expdir->namerva<pdata[k1].rva+pdata[k1].phys_size) )
				{
					expname=&fbuff[expdir->namerva-pdata[k1].rva+pdata[k1].phys_offset];
					break;
				}
			}
			t.offs=expdir->namerva+peh->image_base;
			//scheduler.addtask(dis_datastring,priority_data,t,NULL);
			DWORD numsymbols=expdir->numfunctions;
			BYTE* chktable=new BYTE [numsymbols];
			for ( DWORD j=0;j<numsymbols;j++ )
				chktable[j]=0;
			if ( expdir->numnames<numsymbols )numsymbols=expdir->numnames;
			for ( k=0;k<peh->objects;k++ )
			{
				if ( (expdir->nameaddrrva>=pdata[k].rva)&&(expdir->nameaddrrva<pdata[k].rva+pdata[k].phys_size) )
				{
					nnaddr=(DWORD *)&fbuff[expdir->nameaddrrva-pdata[k].rva+pdata[k].phys_offset];
					break;
				}
			}
			for ( k=0;k<peh->objects;k++ )
			{
				if ( (expdir->funcaddrrva>=pdata[k].rva)&&(expdir->funcaddrrva<pdata[k].rva+pdata[k].phys_size) )
				{
					fnaddr=(DWORD *)&fbuff[expdir->funcaddrrva-pdata[k].rva+pdata[k].phys_offset];
					break;
				}
			}
			for ( k=0;k<peh->objects;k++ )
			{
				if ( (expdir->ordsaddrrva>=pdata[k].rva)&&(expdir->ordsaddrrva<pdata[k].rva+pdata[k].phys_size) )
				{
					onaddr=(WORD *)&fbuff[expdir->ordsaddrrva-pdata[k].rva+pdata[k].phys_offset];
					break;
				}
			}
			lptr lef,leo,len;
			lef.assign(SEG0,expdir->funcaddrrva+peh->image_base);
			leo.assign(SEG0,expdir->ordsaddrrva+peh->image_base);
			len.assign(SEG0,expdir->nameaddrrva+peh->image_base);
			while ( numsymbols )
			{
				//scheduler.addtask(dis_datadword,priority_data,lef,NULL);
				//scheduler.addtask(dis_dataword,priority_data,leo,NULL);
				//scheduler.addtask(dis_datadword,priority_data,len,NULL);
				chktable[onaddr[0]]=1;
				t.assign(SEG0,peh->image_base+fnaddr[onaddr[0]]);
				//scheduler.addtask(dis_export,priority_export,t,(char *)&fbuff[(*nnaddr)+pdata[k].phys_offset-pdata[k].rva]);
				t.assign(SEG0,(*nnaddr)+peh->image_base);
				//scheduler.addtask(dis_datastring,priority_data,t,NULL);
				t.assign(SEG0,peh->image_base+fnaddr[onaddr[0]]);
				//scheduler.addtask(dis_code,priority_definitecode,t,NULL);
				numsymbols--;
				onaddr++;
				nnaddr++;
				lef+=4;
				leo+=2;
				len+=4;
			}
			if ( expdir->numfunctions>expdir->numnames )
			{