Thread: Inline patching a packed dll
View Single Post
  #11  
Old 05-01-2003, 00:38
HYC
 
Posts: n/a
Wink My First PEInfo
#include "ProcessPeFile.h"
#include "stdafx.h"
#include "Richedit.h"
#include "RavToFileOffset.h"

char szMsg[190]="�ļ�����%s\x0d\x0a----------------------------------------------------------\x0d\x0a����ƽ̨�� 0x%04X\x0d\x0a���������� %d\x0d\x0a�ļ���ǣ� 0x%04X\x0d\x0a����װ���ַ�� 0x%08X\x0d\x0a\x0a";
char szMsg1[100]="\x0d\x0a\x0d\x0a----------------------------------------------------------\x0d\x0a����������Ľڣ�%s\x0d\x0a";
char szMsgSection[190]="----------------------------------------------------------\x0d\x0a�������� ������С �����ַ Raw_�ߴ� Raw_ƫ�� ��������\x0d\x0a----------------------------------------------------------\x0d\x0a";
char szFmtSection[40]="%s %08X %08X %08X %08X %08X\xd\xa";
char szMsgImport[400]="\x0d\x0a------------------------------------------------\x0d\x0a����⣺ %s\x0d\x0a------------------------------------------------\x0d\x0a OriginalFirstThunk %08X\x0d\x0a TimeDateStamp %08X\x0d\x0a ForwarderChain %08X\x0d\x0a FirstThunk %08X\x0d\x0a------------------------------------------------\x0d\x0a������� ���뺯������\x0d\x0a------------------------------------------------\x0d\x0a";
char szMsgOrdinal[30]="%8u (����ŵ���)\x0d\x0a";
char szErrNoImport[40]="����ļ���ʹ���κε��뺯��";
char szMsgName[10]="%8u %s\x0d\x0a";
extern char szFileName[MAX_PATH];
extern HINSTANCE hInst; // current instance
extern HWND hWinEdit;//richedit ���ھ��
extern HWND hWinMain;//�����ھ��

void _AppendInfo(char * szMsgSection);

void ProcessPeFile(void * lpFile, IMAGE_NT_HEADERS * lpPEHead, unsigned long dwSize)
{
char szBuffer[1024];
char szSectionName[16];
IMAGE_SECTION_HEADER * pSECTIONHead;
IMAGE_IMPORT_DESCRIPTOR * pIMPORTDES;
unsigned long visualadd;
unsigned long FileOffset;

wsprintf(szBuffer,szMsg,szFileName,lpPEHead->FileHeader.Machine,
lpPEHead->FileHeader.NumberOfSections,
lpPEHead->FileHeader.Characteristics,
lpPEHead->OptionalHeader.ImageBase);
SetWindowText(hWinEdit,szBuffer);//��ʾ PE �ļ�ͷ�е�һЩ��Ϣ

_AppendInfo(szMsgSection);
int numberOfSections;
numberOfSections=lpPEHead->FileHeader.NumberOfSections;
pSECTIONHead=(IMAGE_SECTION_HEADER *)((int)lpPEHead+sizeof(IMAGE_NT_HEADERS));
while(numberOfSections)//�_����ʾÿ����������Ϣ
{
RtlZeroMemory(szSectionName,sizeof(szSectionName));
wsprintf(szBuffer,szFmtSection,
(char *)pSECTIONHead,pSECTIONHead->Misc.VirtualSize,
pSECTIONHead->VirtualAddress,pSECTIONHead->SizeOfRawData,
pSECTIONHead->PointerToRawData,pSECTIONHead->Characteristics);
_AppendInfo(szBuffer);
pSECTIONHead=(IMAGE_SECTION_HEADER *)((int)pSECTIONHead+sizeof(IMAGE_SECTION_HEADER));
numberOfSections--;
}

///////////////////////��ʾ�������Ϣ
IMAGE_DATA_DIRECTORY derectory;
derectory=lpPEHead->OptionalHeader.DataDirectory[1];
visualadd=derectory.VirtualAddress;
FileOffset=_RVAToOffset(lpFile,visualadd);

pIMPORTDES=(IMAGE_IMPORT_DESCRIPTOR *)((int)lpFile+FileOffset);
wsprintf(szBuffer,szMsg1,
_GetRVASection(lpFile,pIMPORTDES->OriginalFirstThunk));
_AppendInfo(szBuffer);

while(pIMPORTDES->OriginalFirstThunk||pIMPORTDES->TimeDateStamp||
pIMPORTDES->ForwarderChain||pIMPORTDES->Name||pIMPORTDES->FirstThunk)
{
FileOffset=_RVAToOffset(lpFile,pIMPORTDES->Name);
FileOffset=(int)lpFile+FileOffset;
wsprintf(szBuffer,szMsgImport,(char *)FileOffset,
pIMPORTDES->OriginalFirstThunk,pIMPORTDES->TimeDateStamp,
pIMPORTDES->ForwarderChain,pIMPORTDES->FirstThunk);
_AppendInfo(szBuffer);

if(pIMPORTDES->OriginalFirstThunk)
visualadd=pIMPORTDES->OriginalFirstThunk;
else
visualadd=pIMPORTDES->FirstThunk;

FileOffset=_RVAToOffset(lpFile,visualadd);
FileOffset=(int)lpFile+FileOffset;

DWORD THUNKDATA;
THUNKDATA=*((DWORD *)FileOffset);
while(THUNKDATA)
{
if (THUNKDATA
& IMAGE_ORDINAL_FLAG32)
{
THUNKDATA=THUNKDATA & 0xFFFF;
wsprintf(szBuffer,szMsgOrdinal,THUNKDATA);
}
else
{
unsigned long Offset;
Offset=_RVAToOffset(lpFile,THUNKDATA);
Offset=(int)lpFile+Offset;
IMAGE_IMPORT_BY_NAME * pImportByName;
pImportByName=(IMAGE_IMPORT_BY_NAME *)Offset;
wsprintf(szBuffer,
szMsgName,pImportByName->Hint,pImportByName->Name);
}
_AppendInfo(szBuffer);
FileOffset=(int)FileOffset+4;
THUNKDATA=*((DWORD *)FileOffset);
}
pIMPORTDES=(IMAGE_IMPORT_DESCRIPTOR *)((int)pIMPORTDES+sizeof(IMAGE_IMPORT_DESCRIPTOR));
}
/////////////////////////�������Ϣ��ʾ���
}

void _AppendInfo(char * szMsgSection)
{
CHARRANGE stCR;
SendMessage(hWinEdit,EM_EXSETSEL,0,(LPARAM)&stCR);
SendMessage(hWinEdit,EM_REPLACESEL,FALSE,(LPARAM)szMsgSection);
}

/*But, first you should build a project(In VC workspace)
And you should map a openned file.Get the handle of the file,
get the IMAGE_NT_HEADER of the file.
If you really want the whole project, you can mail me.
[email protected].*/
Reply With Quote