📄 dsasmer.cpp
字号:
// DSASMER.cpp : 定义应用程序的入口点。
//
#include <windows.h>
#include "DSASMER.h"
#include <vector>
#include <map>
#include "fastlist.h"
#include "PEFuncs.h"
#include "Disasm.h"
#include "HDisasm.h"
using namespace std;
// 全局变量:
HINSTANCE hInst; // 当前实例
TCHAR szTitle[MAX_LOADSTRING]; // 标题栏文本
TCHAR szWindowClass[MAX_LOADSTRING]; // 主窗口类名
TCHAR szFileName[MAX_STRINGLEN]; // 打开的文件名
MAP_FILE_STRUCT stMapFile={0,0,0}; // 内存映射文件
FLDATA g_stFList; // 快速列表控件
vector<DISASSEMBLY> g_stDisasmList; // 反汇编后的结果集合
vector<char *> g_stPCHList; // 分配的内存集合
FLDATA g_stFLShowIMP; // 输入表显示窗口控件
map<DWORD,ImportFunc> ImportFuncMap; // 输入函数表
typedef pair <DWORD,ImportFunc> ImportFuncPair;
// 此代码模块中包含的函数的前向声明:
ATOM MyRegisterClass(HINSTANCE hInstance);
BOOL InitInstance(HINSTANCE, int);
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
LRESULT CALLBACK About(HWND, UINT, WPARAM, LPARAM);
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
// TODO: 在此放置代码。
MSG msg;
HACCEL hAccelTable;
// 初始化全局字符串
LoadString(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING);
LoadString(hInstance, IDC_DSASMER, szWindowClass, MAX_LOADSTRING);
MyRegisterClass(hInstance);
// 执行应用程序初始化:
if (!InitInstance (hInstance, nCmdShow))
{
return FALSE;
}
hAccelTable = LoadAccelerators(hInstance, (LPCTSTR)IDC_DSASMER);
// 主消息循环:
while (GetMessage(&msg, NULL, 0, 0))
{
if (!TranslateAccelerator(msg.hwnd, hAccelTable, &msg))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
return (int) msg.wParam;
}
//
// 函数: MyRegisterClass()
//
// 目的: 注册窗口类。
//
// 注释:
//
// 仅当希望在已添加到 Windows 95 的
// “RegisterClassEx”函数之前此代码与 Win32 系统兼容时,
// 才需要此函数及其用法。调用此函数
// 十分重要,这样应用程序就可以获得关联的
// “格式正确的”小图标。
//
ATOM MyRegisterClass(HINSTANCE hInstance)
{
WNDCLASSEX wcex;
wcex.cbSize = sizeof(WNDCLASSEX);
wcex.style = CS_HREDRAW | CS_VREDRAW;
wcex.lpfnWndProc = (WNDPROC)WndProc;
wcex.cbClsExtra = 0;
wcex.cbWndExtra = 0;
wcex.hInstance = hInstance;
wcex.hIcon = LoadIcon(hInstance, (LPCTSTR)IDI_DSASMER);
wcex.hCursor = LoadCursor(NULL, IDC_ARROW);
wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wcex.lpszMenuName = (LPCTSTR)IDC_DSASMER;
wcex.lpszClassName = szWindowClass;
wcex.hIconSm = LoadIcon(wcex.hInstance, (LPCTSTR)IDI_SMALL);
return RegisterClassEx(&wcex);
}
//
// 函数: InitInstance(HANDLE, int)
//
// 目的: 保存实例句柄并创建主窗口
//
// 注释:
//
// 在此函数中,我们在全局变量中保存实例句柄并
// 创建和显示主程序窗口。
//
BOOL InitInstance(HINSTANCE hInstance, int nCmdShow)
{
HWND hWnd;
hInst = hInstance; // 将实例句柄存储在全局变量中
hWnd = CreateWindow(szWindowClass, szTitle, WS_OVERLAPPED|WS_CAPTION|WS_SYSMENU|WS_MINIMIZEBOX,
CW_USEDEFAULT, 0, 807,600, NULL, NULL, hInstance, NULL);
if (!hWnd)
{
return FALSE;
}
ShowWindow(hWnd, nCmdShow);
UpdateWindow(hWnd);
g_stFList.hwnd = hWnd;
return TRUE;
}
//
// 函数: WndProc(HWND, unsigned, WORD, LONG)
//
// 目的: 处理主窗口的消息。
//
// WM_COMMAND - 处理应用程序菜单
// WM_PAINT - 绘制主窗口
// WM_DESTROY - 发送退出消息并返回
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
int wmId, wmEvent;
PAINTSTRUCT ps;
HDC hdc;
switch (message)
{
case WM_COMMAND:
wmId = LOWORD(wParam);
wmEvent = HIWORD(wParam);
// 分析菜单选择:
switch (wmId)
{
case IDM_ABOUT:
DialogBox(hInst, (LPCTSTR)IDD_ABOUTBOX, hWnd, (DLGPROC)About);
break;
case IDM_EXIT:
DestroyWindow(hWnd);
break;
case IDM_OPENFILE:
if(!OpenFileDlg(hWnd))
return false;
g_stFList.hInstance = hInst;
g_stFList.hwnd = hWnd;
g_stFList.dwBackColor = RGB(252,255,230);
g_stFList.dwHeightOfRow = 20;
g_stFList.flHeader.headerBackColor = RGB(221,240,255);
g_stFList.flHeader.headerFrontColor = RGB(0,0,0);
initFastListControl(g_stFList);
flSetHeader(g_stFList,4,140,160,280,200,"Address","OpCode","Disassemble","Comment");
//flAddNewRow(g_stFList,"123","456","789","0");
DasmAndShow();
flSetNewView(g_stFList,1);
break;
case IDM_GOENTRY:
gotoTheEntry();
break;
case IDM_SHOWPEIMPORT:
ShowPeImport();
break;
return DefWindowProc(hWnd, message, wParam, lParam);
}
break;
case WM_PAINT:
hdc = BeginPaint(hWnd, &ps);
// TODO: 在此添加任意绘图代码...
EndPaint(hWnd, &ps);
break;
case WM_DESTROY:
flClose(g_stFList);
for(int i=0;i<g_stPCHList.size();i++)
free(g_stPCHList[i]);
PostQuitMessage(0);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
return 0;
}
// “关于”框的消息处理程序。
LRESULT CALLBACK About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message)
{
case WM_INITDIALOG:
return TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL)
{
EndDialog(hDlg, LOWORD(wParam));
return TRUE;
}
break;
}
return FALSE;
}
BOOL OpenFileDlg(HWND hwnd)
{
OPENFILENAME ofn;
memset(szFileName,0,MAX_STRINGLEN);
memset(&ofn, 0, sizeof(ofn));
ofn.lStructSize =sizeof(ofn);
ofn.hwndOwner =hwnd;
ofn.hInstance =GetModuleHandle(NULL);
ofn.nMaxFile =MAX_PATH;
ofn.lpstrInitialDir =".";
ofn.lpstrFile =szFileName;
ofn.lpstrTitle ="Open ...[DSASMER] by 何非[hefei2]";
ofn.Flags =OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
ofn.lpstrFilter ="*.*\0*.*\0";
if(!GetOpenFileName(&ofn))
return FALSE;
return TRUE;
}
void DasmAndShow()
{
PIMAGE_FILE_HEADER pFH=NULL;
PIMAGE_SECTION_HEADER pSH=NULL;
PIMAGE_OPTIONAL_HEADER pOH=NULL;
if(!LoadFileR((LPTSTR)szFileName,&stMapFile))
{
MessageBox(NULL,"ERROR FILE!","ERROR",MB_OK);
return;
}
if(!IsPEFile(stMapFile.ImageBase))
{
MessageBox(NULL,"NOT PE FILE!","ERROR",MB_OK);
UnLoadFile(&stMapFile);
return;
}
pFH = GetFileHeader(stMapFile.ImageBase);
pOH = GetOptionalHeader(stMapFile.ImageBase);
pSH = GetFirstSectionHeader(stMapFile.ImageBase);
for(int i=0;i<pFH->NumberOfSections;i++)
{
char *pOpCode = (char*)(pSH->PointerToRawData + (char*)stMapFile.ImageBase);
HDisasm(pOpCode,pSH->VirtualAddress+pOH->ImageBase,pSH->SizeOfRawData);
pSH++;
}
UnLoadFile(&stMapFile);
}
void HDisasm(LPVOID ImageBase,DWORD Address,DWORD length)
{
DISASSEMBLY Disasm; // Creates an Disasm Struct
// Pointer to linear address
char *Linear="";
// Index of opcoded to decode
DWORD Index=0;
char *pszaddr;
char *pszopcode;
char *pszdisassemble;
char *pszcomment;
Linear=(char*)ImageBase; // Points to the address of array to decode.
Disasm.Address=Address; // Common Entry Point (usually default..)
FlushDecoded(&Disasm); // reset all content
for(Index=0;Index<length;Index++)
{
// Decode instruction
Decode(&Disasm,Linear,&Index);
// Upper case Assembly (Optional)
CharUpper(Disasm.Assembly);
// Show Decoded instruction, size, remarks...
//ShowDecoded(Disasm);
pszaddr = (char *)malloc(MAX_STRINGLEN*sizeof(char));
pszopcode = (char *)malloc(MAX_STRINGLEN*sizeof(char));
pszdisassemble = (char *)malloc(MAX_STRINGLEN*sizeof(char));
pszcomment = (char *)malloc(MAX_STRINGLEN*sizeof(char));
wsprintf(pszaddr,"%08X",Disasm.Address);
wsprintf(pszopcode,"%s", Disasm.Opcode);
wsprintf(pszdisassemble,"%s",Disasm.Assembly);
wsprintf(pszcomment,"%d",Disasm.OpcodeSize+Disasm.PrefixSize);
g_stDisasmList.push_back(Disasm);
g_stPCHList.push_back(pszaddr);
g_stPCHList.push_back(pszopcode);
g_stPCHList.push_back(pszdisassemble);
g_stPCHList.push_back(pszcomment);
flAddNewRow(g_stFList,pszaddr,pszopcode,pszdisassemble,pszcomment);
// Calculate total Size of an instruction + Prefixes, and
// Fix the address of IP
Disasm.Address+=Disasm.OpcodeSize+Disasm.PrefixSize;
// Clear all information
FlushDecoded(&Disasm);
}
}
void gotoTheEntry()
{
PIMAGE_OPTIONAL_HEADER pOH=NULL;
if(!LoadFileR((LPTSTR)szFileName,&stMapFile))
{
MessageBox(NULL,"ERROR FILE!","ERROR",MB_OK);
return;
}
if(!IsPEFile(stMapFile.ImageBase))
{
MessageBox(NULL,"NOT PE FILE!","ERROR",MB_OK);
UnLoadFile(&stMapFile);
return;
}
pOH = GetOptionalHeader(stMapFile.ImageBase);
char AddrOfEnty[MAX_STRINGLEN];
wsprintf(AddrOfEnty,"%08X",pOH->AddressOfEntryPoint+pOH->ImageBase);
FLROW *flRow = g_stFList.flTheFirstRow;
int nIndexRow = 1;
while(flRow && strcmp(flRow->cols[0].szString,AddrOfEnty)!=0)
{
flRow = flRow->flrowNext;
nIndexRow++;
}
g_stFList.flTheFirstRowOfThePage = flRow;
SetScrollPos(g_stFList.flScrollbar.hwndscrollbar,SB_CTL,nIndexRow,true);
flRedrawFastList(g_stFList);
UnLoadFile(&stMapFile);
}
void ShowPeImport()
{
WNDCLASSEX wc;
wc.cbSize = sizeof( WNDCLASSEX );
wc.style = 0;
wc.lpfnWndProc = WndShowImportTableProc;
wc.cbClsExtra = 0;
wc.cbWndExtra = 4;
wc.hInstance = hInst;
wc.hIcon = LoadIcon(NULL, IDI_APPLICATION);
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)( COLOR_WINDOW);
wc.lpszMenuName = 0;
wc.lpszClassName = "WndShowImportTable";
wc.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
RegisterClassEx(&wc);
RECT rt;
GetWindowRect(g_stFList.hwnd,&rt);
HWND hwnd = CreateWindowEx(WS_EX_TOOLWINDOW,"WndShowImportTable","ImportTable",WS_OVERLAPPED|WS_SYSMENU,rt.left+50,rt.top+100,577,300,g_stFList.hwnd,NULL,hInst,NULL);
ShowWindow(hwnd,SW_SHOW);
UpdateWindow(hwnd);
}
LRESULT CALLBACK WndShowImportTableProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
static bool flInited = false;
static bool flIsShow = false;
switch (msg)
{
case WM_CREATE:
g_stFLShowIMP.hInstance = hInst;
g_stFLShowIMP.hwnd = hwnd;
g_stFLShowIMP.dwBackColor = RGB(252,255,230);
g_stFLShowIMP.dwHeightOfRow = 20;
g_stFLShowIMP.flHeader.headerBackColor = RGB(221,240,255);
g_stFLShowIMP.flHeader.headerFrontColor = RGB(0,0,0);
initFastListControl(g_stFLShowIMP);
flSetHeader(g_stFLShowIMP,3,100,300,150,"DLL Name","Func Name","Address");
//得到输入表
GetImportTable(szFileName);
//
flSetNewView(g_stFLShowIMP,1);
break;
case WM_COMMAND:
// 分析菜单选择:
break;
case WM_PAINT:
flRedrawFastList(g_stFLShowIMP);
break;
case WM_DESTROY:
//PostQuitMessage(0);
flClose(g_stFLShowIMP);
break;
default:
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}
void GetImportTable(char *szFN)
{
if(!LoadFileR((LPTSTR)szFN,&stMapFile))
{
MessageBox(NULL,"ERROR FILE!","ERROR",MB_OK);
return;
}
if(!IsPEFile(stMapFile.ImageBase))
{
MessageBox(NULL,"NOT PE FILE!","ERROR",MB_OK);
UnLoadFile(&stMapFile);
return;
}
PIMAGE_IMPORT_DESCRIPTOR pImportDesc=NULL;
PIMAGE_NT_HEADERS pImageNtH=NULL;
pImageNtH = GetNtHeaders(stMapFile.ImageBase);
pImportDesc = GetFirstImportDesc(stMapFile.ImageBase);
while(pImportDesc->FirstThunk)
{
//char *szDllName;
//szDllName = (char*)malloc(MAX_STRINGLEN*sizeof(char));
//wsprintf(szDllName,"%s",(char*)RvaToPtr(pImageNtH,stMapFile.ImageBase,pImportDesc->Name));
//flAddNewRow(g_stFLShowIMP,szDllName,"1","2");
ImportFunc ImportF;
wsprintf(ImportF.DllName,"%s",(char*)RvaToPtr(pImageNtH,stMapFile.ImageBase,pImportDesc->Name));
++pImportDesc;
}
UnLoadFile(&stMapFile);
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -