📄 oc.asm
字号:
.386
.model flat, stdcall ;32 bit memory model
option casemap :none ;case sensitive
include OC.inc
.code
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke InitCommonControls
invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL
invoke ExitProcess,0
;########################################################################
ReleaseMem proc
pushad
.if lpMem!=0
invoke VirtualFree,lpMem,dFileSize,MEM_RELEASE ;释放文件映像
.endif
mov lpMem,0
popad
ret
ReleaseMem endp
CreateAndMapFile proc lpFileName
LOCAL _hMap
LOCAL _hFile
LOCAL _lpMem
LOCAL _dReturn
pushad
mov _dReturn,FALSE
mov lpMem,0 ;给lpMem清零,lpMem作为判断文件是否已经打开成功的标志
invoke CreateFile,offset szOpenFileName,GENERIC_READ,NULL,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
.if eax==INVALID_HANDLE_VALUE
invoke MessageBox,hDlg,CTXT("打开文件错误,请关闭不必要程序再试一次!"),NULL,MB_ICONERROR
jmp camf_out
.endif
mov _hFile,eax
invoke GetFileSize,eax,NULL
.if eax==INVALID_FILE_SIZE
invoke MessageBox,hDlg,CTXT("获取文件大小错误!"),NULL,MB_ICONERROR
jmp camf_err1
.endif
mov dFileSize,eax
invoke CreateFileMapping,_hFile,NULL,PAGE_READONLY,NULL,NULL,NULL
.if eax==NULL
invoke MessageBox,hDlg,CTXT("创建文件映像时错误!"),NULL,MB_ICONERROR
jmp camf_err1
.endif
mov _hMap,eax
invoke MapViewOfFile,eax,FILE_MAP_READ,NULL,NULL,NULL
.if eax==NULL
invoke MessageBox,hDlg,CTXT("将文件映射到内存时出错!"),NULL,MB_ICONERROR
jmp camf_err2
.endif
mov _lpMem,eax
invoke cCheckPE,_lpMem ;判断是否是PE文件
.if eax==FALSE
invoke MessageBox,hDlg,CTXT("不是有效的PE文件!"),CTXT("打开文件错误"),MB_ICONERROR
jmp camf_err3
.endif
invoke VirtualAlloc,NULL,dFileSize,MEM_COMMIT,PAGE_READWRITE
mov lpMem,eax
cld
mov ecx,dFileSize
mov esi,_lpMem
mov edi,lpMem
rep movsb
mov _dReturn,TRUE
camf_err3:
invoke UnmapViewOfFile,_lpMem
camf_err2:
invoke CloseHandle,_hMap
camf_err1:
invoke CloseHandle,_hFile
camf_out:
popad
mov eax,_dReturn
ret
CreateAndMapFile endp
BrowseForFile proc
LOCAL _stOpenFileName:OPENFILENAME
pushad
invoke RtlZeroMemory,addr szOpenFileName,MAX_PATH
invoke RtlZeroMemory,addr _stOpenFileName,sizeof OPENFILENAME
mov _stOpenFileName.lStructSize,sizeof OPENFILENAME
push hDlg
pop _stOpenFileName.hwndOwner
mov _stOpenFileName.lpstrFilter, \
CTXT("EXE 文件",0,"*.exe",0,"DLL 文件",0,"*.dll",0,"所有PE类型文件",0,"*.*",0,0)
mov _stOpenFileName.lpstrFile,offset szOpenFileName
mov _stOpenFileName.Flags,OFN_FILEMUSTEXIST
mov _stOpenFileName.nMaxFile,MAX_PATH
invoke GetOpenFileName,addr _stOpenFileName
or eax,eax
jz @F
invoke ReleaseMem
invoke CreateAndMapFile,addr szOpenFileName
.if eax==TRUE
invoke GetDlgItem,hDlg,IDC_EDT_OF
invoke SetWindowText,eax,addr szOpenFileName
mov esi,lpMem
assume esi:ptr IMAGE_DOS_HEADER
add esi,[esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
push dword ptr [esi].OptionalHeader.ImageBase
pop dImageBase
assume esi:nothing
.endif
@@:
popad
ret
BrowseForFile endp
StringToHex proc lpString,dNum ;8位16进制字符串轮换为8位16进制数
LOCAL _dReturn
pushad
mov esi,lpString
mov ecx,dNum
xor eax,eax
xor ebx,ebx
@@: lodsb
.if al>='0' && al <='9'
sub eax,'0'
.else
sub eax,'A'
add eax,0ah
.endif
shl ebx,4
add ebx,eax
loop @B
mov _dReturn,ebx
popad
mov eax,_dReturn
ret
StringToHex endp
OffsetConvet proc index
LOCAL _dTmp
pushad
.if lpMem==0
invoke MessageBox,hDlg,CTXT("先打开文件才能进行偏移量的转换!"),CTXT("错误"),MB_OK
jmp oc_out
.endif
invoke RtlZeroMemory,addr szInputData,10
.if index==1
invoke GetDlgItemText,hDlg,IDC_EDT_R,addr szInputData,10
.else
invoke GetDlgItemText,hDlg,IDC_EDT_V,addr szInputData,10
.endif
.if eax==0
invoke MessageBox,hDlg,CTXT("请先输入偏移量!"),NULL,MB_ICONERROR
jmp oc_out
.endif
lea esi,szInputData ;检测OFFSET的正确性
push esi
invoke lstrlen,esi
pop esi
mov ecx,eax
mov _dTmp,eax
@@: xor eax,eax
lodsb
.if al<'0' ||( al>'9' && al<'A') || al>'F'
invoke MessageBox,hDlg,CTXT("请输入0-9和A-F之间的有效16进制数!"),NULL,MB_ICONWARNING
jmp oc_out
.endif
loop @B
lea esi,szInputData
invoke StringToHex,esi,_dTmp
mov _dTmp,eax
;到这里,全部检测完毕,开始转换
.if index==1
invoke cOffsetToRva,lpMem,_dTmp
.else
mov eax,dImageBase
.if _dTmp<eax
invoke VirtualAlloc,NULL,100,MEM_COMMIT,PAGE_READWRITE
mov ebx,eax
invoke wsprintf,ebx,CTXT("你输入的内存地址太小,应至少大于ImageBase=%08x"),dImageBase
invoke MessageBox,hDlg,ebx,CTXT("错误"),MB_OK
invoke VirtualFree,ebx,100,MEM_RELEASE
invoke VirtualAlloc,NULL,10,MEM_COMMIT,PAGE_READWRITE
mov ebx,eax
invoke wsprintf,ebx,CTXT("%08x"),dImageBase
invoke SetDlgItemText,hDlg,IDC_EDT_V,ebx
invoke VirtualFree,ebx,10,MEM_RELEASE
jmp oc_out
.endif
mov eax,dImageBase
sub _dTmp,eax
invoke cRvaToOffset,lpMem,_dTmp
.endif
.if eax==FALSE
invoke MessageBox,hDlg,CTXT("转换出错!请调整输入数据。"),CTXT("错误"),MB_OK
jmp oc_out
.endif
.if index==1
add eax,dImageBase
.endif
mov _dTmp,eax
invoke RtlZeroMemory,addr szInputData,10
invoke wsprintf,addr szInputData,CTXT("%08x"),_dTmp
.if index==1
invoke SetDlgItemText,hDlg,IDC_EDT_V,addr szInputData
.else
invoke SetDlgItemText,hDlg,IDC_EDT_R,addr szInputData
.endif
oc_out:
popad
ret
OffsetConvet endp
DlgProc proc uses ebx ecx esi edi hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
mov eax,uMsg
.if eax==WM_INITDIALOG
push hWin
pop hDlg
invoke LoadIcon,hInstance,102
invoke SendMessage,hWin,WM_SETICON,ICON_BIG,eax
invoke GetDlgItem,hWin,IDC_EDT_R
invoke SendMessage,eax,EM_LIMITTEXT,8,0
invoke GetDlgItem,hWin,IDC_EDT_V
invoke SendMessage,eax,EM_LIMITTEXT,8,0
.elseif eax==WM_COMMAND
mov eax,wParam
and eax,0FFFFh
.if eax==IDC_BTN_R2V
invoke OffsetConvet,1
.elseif eax==IDC_BTN_V2R
invoke OffsetConvet,2
.elseif eax==IDC_BTN_OF
invoke BrowseForFile
.endif
.elseif eax==WM_CLOSE
invoke EndDialog,hWin,0
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
DlgProc endp
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -