dasmmain.c

机器码指令格式

#include <stdio.h>
#include <stdlib.h>
#include "pe.h"
#include "disassemble.h"

extern int sectionNumber;

int main(int argc, char *argv[])
{
	FILE *peFile;
	IMAGE_DOS_HEADER dosHeader;
	IMAGE_NT_HEADERS peHeader;
	PIMAGE_SECTION_HEADER sectionTable;
	PIMAGE_IMPORT_DISCRIPTOR importTable;
	IMAGE_EXPORT_DISCRIPTOR exportTable;
	int i, codeExistFlag;
	char *code;
	unsigned int BaseAddress;
	unsigned char *currentInstruction, *lastInstruction;
	INSTRUCTION Instruction;
	char InstructionStr[MAX_INSTRUCTION_LEN];


	if(argc != 2)
	{
		printf("Usage: dasm.exe PEFile\n");
		exit(0);
	}

	peFile = OpenPEFile(argv[1]);
	
	/* 解析pe文件 */

	printf("DOS Header:\n");
	printf("=========================================================================\n");
	ReadDosHeader(peFile, &dosHeader);
	PrintDosHeader(dosHeader);

	printf("\nPE Header: \n");
	printf("=========================================================================\n");
	ReadPEHeader(peFile, &peHeader, dosHeader.PEHeader);
	PrintPEHeader(peHeader);

	sectionNumber = peHeader.FileHeader.NumberOfSections;

	sectionTable = (PIMAGE_SECTION_HEADER)malloc(sizeof(IMAGE_SECTION_HEADER) * sectionNumber);
	ReadSectionTable(peFile, sectionTable, dosHeader.PEHeader + sizeof(IMAGE_NT_HEADERS), sectionNumber);
	PrintSectionTable(sectionTable, sectionNumber);	

	PrintImportTable(peFile, peHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress,
			sectionTable, importTable);

	PrintExportTable(peFile, peHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress,
			sectionTable, &exportTable);
	
	/* 从pe文件中读取代码数据 */
	printf("=========================================================================\n");
	BaseAddress = peHeader.OptionalHeader.ImageBase;
	codeExistFlag = 0;
	for(i = 0; i < sectionNumber; i++)
	{
		if(strcmp(sectionTable[i].Name, ".text") == 0)
		{
			if((code = (char *)malloc(sizeof(char) * sectionTable[i].SizeOfRawData + 17)) == NULL)
			{
				fprintf(stderr, "Memory allocation error !\n");
				exit(-1);
			}
			BaseAddress += sectionTable[i].VirtualAddress;
			fseek(peFile, sectionTable[i].PointerToRawData, SEEK_SET);
			fread(code, 1, sectionTable[i].SizeOfRawData, peFile);

			/* 反汇编 */

			currentInstruction = lastInstruction = code;
			while(lastInstruction - code <= sectionTable[i].Misc.VirtualSize)
			{
				currentInstruction = Disassemble(BaseAddress + lastInstruction - code, lastInstruction, &Instruction, InstructionStr);
				printf("%X\t", BaseAddress + lastInstruction - code);
				for( ; lastInstruction <currentInstruction; lastInstruction++)
				{
					printf("%X%X ", (*lastInstruction >> 4) & 0xF, (*lastInstruction) & 0xF);
				}
				printf(":\t\t\t");

				printf("%s\n", InstructionStr);
			}

			free(code);
			codeExistFlag = 1;
			
			break;
		}
	}
	
	if(codeExistFlag == 0)
	{
		printf("Can not find .text section!\n");
	}

	ClosePEFile(peFile);
	

	return 0;
}