zoukankan      html  css  js  c++  java
  • PE格式文件的解析代码

    #include "Global.h"
    
    
    static BOOL bIsPe32Plus = 0;                  //标志,用于表示是否为pe32+文件
    static INT64 mode = 0;                        //标志,用于表示读入的模式,若为0代表是内存读入,不为0,代表是文件打开,此时mode是文件路径指针。
    static byte* data = NULL;                     //用于存放读入的PE文件
    
    static IMAGE_SECTION_HEADER ish[20] = { 0 };  //用于存放区段头
    static int nNumOfSections = 0;                //表示有多少个区段
    static IMAGE_DATA_DIRECTORY idd[0x10] = { 0 };//用于存放数据目录表
    static BYTE ibrl[0x200][0x1000] = { 0 };      //用于存放重定位相关信息
    
    static CHAR szSectionColName[6][MAX_PATH] =   //区段对话框listview的列名
    {
        "Name","VOffset","VSize","ROffset","RSize","Flags"
    };
    enum SectionColPos {scp_name=0,scp_voffset,scp_vsize,scp_roffset,scp_rsize,scp_flags};      //区段对话框listview列位置索引
    static int nSectionColNum = 6;
    
    //RVA转文件偏移
    static INT RVAtoFileOff(INT nRva)
    {
        for (int i = 0; i < nNumOfSections; ++i)
        {
            if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize)))
            {
                return nRva - ish[i].VirtualAddress + ish[i].PointerToRawData;
                break;
            }
        }
        MessageBox(NULL, "RVA转换无解", NULL, 0);
        return -1;
    } 
    
    //RVA找到对应的区段名
    static CHAR* RVAToSectionName(INT nRva)
    {
        for (int i = 0; i < nNumOfSections; ++i)
        {
            if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize)))
            {
                return (CHAR*)ish[i].Name;
                break;
            }
        }
        MessageBox(NULL, "RVA转换无解", NULL, 0);
        return NULL;
    }
    
    //得到基本的PE文件信息
    VOID GetBasicPEInfo(HWND hwndDlg)
    {
        
        if (mode == NULL)  //说明在内存中
        {
            HANDLE hDestProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, nLastPID);
            HMODULE hModule[200] = { 0 };
            DWORD cbNeeded = 0;
            MODULEINFO mi = { 0 };
            EnumProcessModulesEx(hDestProcess, hModule, 200 * 4, &cbNeeded, LIST_MODULES_ALL);
            GetModuleInformation(hDestProcess, hModule[0], &mi, sizeof(mi));
            data = (PBYTE)malloc(mi.SizeOfImage);
            ReadProcessMemory(hDestProcess, hModule[0], data, mi.SizeOfImage, NULL);
    
        }
        else //说明是文件中
        {
            HANDLE hFile = CreateFile((CHAR*)mode, FILE_READ_ACCESS, FILE_SHARE_READ, NULL, OPEN_ALWAYS, NULL, NULL);
            DWORD dwFileSize = GetFileSize(hFile, NULL);
            data = (BYTE*)malloc(dwFileSize);
            ReadFile(hFile, data, dwFileSize, NULL, NULL);
            CloseHandle(hFile);
        }
    
    
        PIMAGE_DOS_HEADER pidh = (PIMAGE_DOS_HEADER)data;
        if (pidh->e_magic != IMAGE_DOS_SIGNATURE)
        {
            MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK);
            return;
        }
    
        PIMAGE_NT_HEADERS32 pinh = (PIMAGE_NT_HEADERS32)(&data[pidh->e_lfanew]);
    
        if (pinh->Signature != IMAGE_NT_SIGNATURE)
        {
            MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK);
            return;
        }
        PIMAGE_FILE_HEADER pifh = &pinh->FileHeader;
    
        CHAR szTemp[20] = { 0 };
        wsprintf(szTemp, "%04X", pifh->SizeOfOptionalHeader);
        HWND hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT15);
        Edit_SetText(hwndTemp, szTemp);
    
        wsprintf(szTemp, "%04X", pifh->Characteristics);
        hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT13);
        Edit_SetText(hwndTemp, szTemp);
    
        nNumOfSections = pifh->NumberOfSections;
        wsprintf(szTemp, "%04X", pifh->NumberOfSections);
        hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT10);
        Edit_SetText(hwndTemp, szTemp);
    
        wsprintf(szTemp, "%08X", pifh->TimeDateStamp);
        hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT11);
        Edit_SetText(hwndTemp, szTemp);
    
        if (pinh->OptionalHeader.Magic == 0x20B)
        {
            bIsPe32Plus = TRUE;
    
            PIMAGE_NT_HEADERS64 pinh64 = (PIMAGE_NT_HEADERS64)(&data[pidh->e_lfanew]);
            PIMAGE_OPTIONAL_HEADER64 pioh64 = &pinh64->OptionalHeader;
            
            wsprintf(szTemp, "%08X", pioh64->AddressOfEntryPoint);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
            Edit_SetText(hwndTemp, szTemp);
    
            StringCbPrintf(szTemp, 20, "%016llX", pioh64->ImageBase);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->SizeOfImage);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->BaseOfCode);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
            Edit_SetText(hwndTemp, szTemp);
    
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
            Edit_SetText(hwndTemp, "None");
    
            wsprintf(szTemp, "%08X", pioh64->SectionAlignment);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->FileAlignment);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%04X", pioh64->Magic);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%04X", pioh64->Subsystem);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->SizeOfHeaders);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->CheckSum);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh64->NumberOfRvaAndSizes);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16);
            Edit_SetText(hwndTemp, szTemp);
    
    
            for (int i = 0; i < 0x10; ++i)
            {
                idd[i] = (pioh64->DataDirectory)[i];
            }
    
            PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh64);
    
            for (int i = 0; i < nNumOfSections; ++i, ++pish)
            {
                ish[i] = *pish;
            }
    
            return; 
        }
        else  //32位image
        {
            PIMAGE_OPTIONAL_HEADER32 pioh32 = &pinh->OptionalHeader;
    
            wsprintf(szTemp, "%08X", pioh32->AddressOfEntryPoint);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->ImageBase);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->SizeOfImage);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->BaseOfCode);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->BaseOfData);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->SectionAlignment);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->FileAlignment);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%04X", pioh32->Magic);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%04X", pioh32->Subsystem);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->SizeOfHeaders);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->CheckSum);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14);
            Edit_SetText(hwndTemp, szTemp);
    
            wsprintf(szTemp, "%08X", pioh32->NumberOfRvaAndSizes);
            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16);
            Edit_SetText(hwndTemp, szTemp);
    
    
            for (int i = 0; i < 0x10; ++i)
            {
                idd[i] = (pioh32->DataDirectory)[i];
            }
    
            PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh);
    
            for (int i = 0; i < nNumOfSections; ++i, ++pish)
            {
                ish[i] = *pish;
            }
    
        }
    
    }
    
    
    
    
    //输出表对话框       3
    INT_PTR ExportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndLV;
        static CHAR szColName[4][50] = { "Ordinal","RVA","Offset","Function Name" };
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                PIMAGE_EXPORT_DIRECTORY pied = (PIMAGE_EXPORT_DIRECTORY)&data[mode ? RVAtoFileOff(idd[0].VirtualAddress) : idd[0].VirtualAddress];
                int nOrder[10] = { IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT9,IDC_EDIT10 };
    
                //int nValue[10] = {pied->Characteristics,...}; 这样子是不行的
                DWORD *nValue = (DWORD*)malloc(10 * sizeof(DWORD));
                nValue[0] = idd[0].VirtualAddress;
                nValue[1] = pied->Characteristics;
                nValue[2] = pied->Base;
                nValue[3] = pied->Name;
                nValue[4] = pied->NumberOfFunctions;
                nValue[5] = pied->NumberOfNames;
                nValue[6] = pied->AddressOfFunctions;
                nValue[7] = pied->AddressOfNames;
                nValue[8] = pied->AddressOfNameOrdinals;
    
                CHAR szTemp[80] = { 0 };
                HWND hwndTemp = NULL;
                for (int i = 0; i < 9; ++i)
                {
                    hwndTemp = GetDlgItem(hwndDlg, nOrder[i]);
                    StringCbPrintf(szTemp, 80, "%08X", nValue[i]);
                    Edit_SetText(hwndTemp, szTemp);
                }
    
                hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
                StringCbPrintf(szTemp, 80, "%s", &data[mode?RVAtoFileOff(pied->Name):pied->Name]);
                Edit_SetText(hwndTemp, szTemp);
    
                hwndLV = GetDlgItem(hwndDlg, IDC_LIST1);
                LVCOLUMN lvc = { 0 };
                lvc.mask = LVCF_TEXT | LVCF_WIDTH;
                lvc.cx = 100;
                
                for (int i = 0; i < 4; ++i)
                {
                    lvc.pszText = szColName[i];
                    ListView_InsertColumn(hwndLV, i, &lvc);
                }
    
                PWORD pOrd = (PWORD)&data[mode ? RVAtoFileOff(pied->AddressOfNameOrdinals) : pied->AddressOfNameOrdinals];
                PDWORD pFun = (PDWORD)&data[mode ? RVAtoFileOff(pied->AddressOfFunctions) : pied->AddressOfFunctions];
                PCHAR pName = (PCHAR)&data[mode ? RVAtoFileOff(pied->Name) : pied->Name]; 
                pName += strlen(pName) + 1;
                PCHAR pTemp = pName;
                LVITEM lvi = { 0 };
                lvi.mask = LVIF_TEXT;
                
                for (int i = 0; i < pied->NumberOfFunctions; ++i)
                {
                    if (!pFun[i])
                        continue;
    
                    lvi.iItem = i;
                    StringCbPrintf(szTemp, 80, "%d", i + pied->Base);
                    lvi.pszText = szTemp;
                    ListView_InsertItem(hwndLV, &lvi);
    
                    StringCbPrintf(szTemp, 80, "%08X", pFun[i]);
                    ListView_SetItemText(hwndLV, i, 1, szTemp);
                    StringCbPrintf(szTemp, 80, "%08X", RVAtoFileOff(pFun[i]));
                    ListView_SetItemText(hwndLV, i, 2, szTemp);
                    
                    int j;
                    for (j = 0; j < pied->NumberOfNames; ++j)
                    {
                        if (pOrd[j] == i)
                        {
                            pTemp = pName;
                            
    
                            for (int k = 0; k < j; k++)
                            {
                                pTemp += strlen(pTemp) + 1;
                            }
                            ListView_SetItemText(hwndLV, i, 3, pTemp);
                            break;
                        }
                    }
                    if (j >= pied->NumberOfNames)
                    {
                        ListView_SetItemText(hwndLV, i, 3, "无名");
                    }
                }
    
                break;
            }
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
    
        return FALSE;
    }
    
    //输入表对话框       3
    INT_PTR ImportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndLV1, hwndLV2;
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1);
                hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2);
    
                ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
                ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT);
    
                CHAR szColName1[6][50] = { "DllName","OriginalFirstThunk","TimeDateStamp","ForwarderChain","Name","FirstThunk" };
                CHAR szColName2[5][50] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" };
    
                LVCOLUMN lvc = { 0 };
                lvc.mask = LVCF_WIDTH | LVCF_TEXT;
                lvc.cx = 100;
    
                for (int i = 0; i < 6; ++i)
                {
                    lvc.pszText = szColName1[i];
                    ListView_InsertColumn(hwndLV1, i, &lvc);
                }
                for (int i = 0; i < 5; ++i)
                {
                    lvc.pszText = szColName2[i];
                    ListView_InsertColumn(hwndLV2, i, &lvc);
                }
    
                PIMAGE_IMPORT_DESCRIPTOR piid = (PIMAGE_IMPORT_DESCRIPTOR)&data[mode?RVAtoFileOff(idd[1].VirtualAddress):idd[1].VirtualAddress];
                CHAR szTemp[MAX_PATH] = { 0 };
                int k = 0;
                while (piid->FirstThunk)
                {
                    LVITEM lvi = { 0 };
                    lvi.mask = LVIF_TEXT;
                    lvi.iItem = k;
                    StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(piid->Name) : piid->Name]);
                    lvi.pszText = szTemp;
                    ListView_InsertItem(hwndLV1, &lvi);
    
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->OriginalFirstThunk);
                    ListView_SetItemText(hwndLV1, k, 1, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->TimeDateStamp);
                    ListView_SetItemText(hwndLV1, k, 2, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->ForwarderChain);
                    ListView_SetItemText(hwndLV1, k, 3, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->Name);
                    ListView_SetItemText(hwndLV1, k, 4, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->FirstThunk);
                    ListView_SetItemText(hwndLV1, k, 5, szTemp);
    
                    ++k;
                    ++piid;
                }
    
    
    
                break;
            }
    
            case WM_NOTIFY:
            {
                switch (((LPNMHDR)(lParam))->code)
                {
                    case NM_CLICK:
                    {
                        if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
                        {
                            ListView_DeleteAllItems(hwndLV2);
                            int nIndex = ListView_GetSelectionMark(hwndLV1);
                            CHAR szBuffer[20] = { 0 };
                            ListView_GetItemText(hwndLV1, nIndex, 5, szBuffer, 20);
                            DWORD dwFirstThunk = HexStrToDec32(szBuffer);
    
                            if (!bIsPe32Plus)
                            {
                                PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]);
    
                                CHAR szTemp[100] = { 0 };
                                int k = 0;
                                while (pitd32->u1.Function)
                                {
                                    LVITEM lvi = { 0 };
                                    lvi.mask = LVIF_TEXT;
                                    lvi.iItem = k;
    
                                    StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4);
                                    lvi.pszText = szTemp;
                                    ListView_InsertItem(hwndLV2, &lvi);
                                    StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4));
                                    ListView_SetItemText(hwndLV2, k, 1, szTemp);
                                    StringCbPrintf(szTemp, 100, "%08X", pitd32->u1.Function);
                                    ListView_SetItemText(hwndLV2, k, 2, szTemp);
    
    
                                    if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号
                                    {
                                        ListView_SetItemText(hwndLV2, k, 3, "---");
                                        StringCbPrintf(szTemp, 100, "Ordinal:%X h  %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000'0000);
                                        ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                    }
                                    else  //最高位为0,则可能是函数地址,或者是API名称
                                    {
                                        if (mode)  //说明是API名称
                                        {
                                            PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)];
    
                                            StringCbPrintf(szTemp, 100, "%04X", piibn->Hint);
                                            ListView_SetItemText(hwndLV2, k, 3, szTemp);
                                            StringCbPrintf(szTemp, 100, "%s", piibn->Name);
                                            ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                        }
                                        else //说明是函数地址
                                        {
                                            ListView_SetItemText(hwndLV2, k, 3, "---");
                                            ListView_SetItemText(hwndLV2, k, 4, "---");
                                        }
                                    }
    
    
                                    ++pitd32;
                                    ++k;
                                }
                            }
                            else; //pe32+
                            {
                                PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]);
    
                                CHAR szTemp[100] = { 0 };
                                int k = 0;
                                while (pitd64->u1.Function)
                                {
                                    LVITEM lvi = { 0 };
                                    lvi.mask = LVIF_TEXT;
                                    lvi.iItem = k;
    
                                    StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4);
                                    lvi.pszText = szTemp;
                                    ListView_InsertItem(hwndLV2, &lvi);
                                    StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4));
                                    ListView_SetItemText(hwndLV2, k, 1, szTemp);
                                    StringCbPrintf(szTemp, 100, "%016llX", pitd64->u1.Function);
                                    ListView_SetItemText(hwndLV2, k, 2, szTemp);
    
    
                                    if (pitd64->u1.Function & 0x8000'0000'0000'0000) //最高位为1,则为序号
                                    {
                                        ListView_SetItemText(hwndLV2, k, 3, "---");
                                        StringCbPrintf(szTemp, 100, "Ordinal:%X h  %d d", pitd64->u1.Function ^ 0x8000'0000'0000'0000, pitd64->u1.Function ^ 0x8000'0000'0000'0000);
                                        ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                    }
                                    else  //最高位为0,则可能是函数地址,或者是API名称
                                    {
                                        if (mode)  //说明是API名称
                                        {
                                            PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)];
    
                                            StringCbPrintf(szTemp, 100, "%04X", piibn->Hint);
                                            ListView_SetItemText(hwndLV2, k, 3, szTemp);
                                            StringCbPrintf(szTemp, 100, "%s", piibn->Name);
                                            ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                        }
                                        else //说明是函数地址
                                        {
                                            ListView_SetItemText(hwndLV2, k, 3, "---");
                                            ListView_SetItemText(hwndLV2, k, 4, "---");
                                        }
                                    }
    
    
                                    ++pitd64;
                                    ++k;
                                }
                                
                            }
                        }
                        
                        
                        
    
                        break;
                    }
                }
                break;
            }
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //资源对话框         3
    INT_PTR ResourceDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndTV = NULL;
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                hwndTV = GetDlgItem(hwndDlg, IDC_TREE1);
                HWND hwndTemp;
                CHAR szTemp[MAX_PATH] = { 0 };
                WCHAR szTempW[MAX_PATH] = { 0 };
                PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress) : idd[2].VirtualAddress];
    
                hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
                StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfNamedEntries);
                Edit_SetText(hwndTemp, szTemp);
                hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
                StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfIdEntries);
                Edit_SetText(hwndTemp, szTemp);
    
                PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird+1);
                
                TVINSERTSTRUCT tvis = { 0 };
                HTREEITEM hParentNode = NULL;
    
                CHAR szType[0x20][50] = { "XXX","Cursor","Bitmap","Icon","Menu","Dialog" ,"字符串" ,"FontDir" ,"Font" ,"Accelerator" ,"RCData" ,"MessageTable" ,"Group_Cursor" ,"Group_Icon","XXX","XXX","Version" ,"DlgInclude" ,"XXX","PlugPlay","VXD","AniCursor","AniIcon","HTML","Manifest" };
                for (int i = 0; i < pird->NumberOfIdEntries + pird->NumberOfNamedEntries; ++i,++pirde)
                {
                    tvis.hParent = NULL;
                    tvis.hInsertAfter = TVI_SORT;
                    tvis.item.mask = TVIF_TEXT | TVIF_CHILDREN;
                    tvis.item.cChildren = 1;
                    if (pirde->NameIsString == 0)
                    {
                        StringCbPrintfA(szTemp, MAX_PATH, "%s", szType[pirde->Id]);            
                    }
                    else
                    {
                        PIMAGE_RESOURCE_DIR_STRING_U pirdsu = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + pirde->NameOffset) : idd[2].VirtualAddress + pirde->NameOffset];
                        StringCbPrintfW(szTempW, pirdsu->Length * 2 + 2, L"%s", pirdsu->NameString);
                        WideCharToMultiByte(CP_ACP, NULL, szTempW, -1, szTemp, wcslen(szTempW) + 1, NULL, FALSE);
                    }
                    tvis.item.pszText = szTemp;
                    tvis.item.cchTextMax = MAX_PATH;
                    hParentNode = TreeView_InsertItem(hwndTV, &tvis);
    
                    PIMAGE_RESOURCE_DIRECTORY pird_lv2 = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress+pirde->OffsetToDirectory) : idd[2].VirtualAddress+ pirde->OffsetToDirectory];
                    
                    TVITEM tvi = { 0 };
                    tvi.mask = TVIF_PARAM;
                    tvi.hItem = hParentNode;
                    tvi.lParam = (DWORD(pird_lv2->NumberOfNamedEntries) << 16 | pird_lv2->NumberOfIdEntries);
                    TreeView_SetItem(hwndTV, &tvi);
    
                    PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde_lv2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird_lv2+1);
                    tvis.hParent = hParentNode;
                    tvis.hInsertAfter = TVI_SORT;
                    tvis.item.mask = TVIF_TEXT | TVIF_PARAM;
    
                    for (int j = 0; j < pird_lv2->NumberOfIdEntries + pird_lv2->NumberOfNamedEntries; ++j,++pirde_lv2)
                    {
                        if (pirde_lv2->NameIsString == 0)
                        {
                            StringCbPrintfA(szTemp, MAX_PATH, "%d", pirde_lv2->Id);
                        }
                        else
                        {
                            PIMAGE_RESOURCE_DIR_STRING_U pirdsu_lv2 = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + pirde_lv2->NameOffset) : idd[2].VirtualAddress + pirde_lv2->NameOffset];
                            StringCbPrintfW(szTempW, pirdsu_lv2->Length * 2 + 2, L"%s", pirdsu_lv2->NameString);
                            WideCharToMultiByte(CP_ACP, NULL, szTempW, -1, szTemp, wcslen(szTempW) + 1, NULL, FALSE);
                        }
                        tvis.item.pszText = szTemp;
                        tvis.item.lParam = 0x8000'0000 | pirde_lv2->OffsetToDirectory;
                        TreeView_InsertItem(hwndTV, &tvis);
                    }
    
                }
    
                
    
                break;
            }
    
            case WM_NOTIFY:
            {
                LPNMHDR lpnmh = (LPNMHDR)lParam;
    
                switch (lpnmh->code)
                {
                    case TVN_SELCHANGED:
                    {
                        CHAR szTemp[20] = { 0 };
                        HWND hwndTemp = NULL;
                        HTREEITEM hti = TreeView_GetSelection(hwndTV);
    
                        TVITEM tvi;
                        tvi.hItem = hti;
                        tvi.mask = TVIF_PARAM;
                        TreeView_GetItem(hwndTV, &tvi);
                        LPARAM tvilParam = tvi.lParam;
    
                        if (tvilParam & 0x8000'0000) //第三层
                        {
                            LPARAM lPar = tvilParam ^ 0x8000'0000;
    
                            PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + lPar) : idd[2].VirtualAddress + lPar];
    
                            PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird + 1);
                            PIMAGE_RESOURCE_DATA_ENTRY pirda = (PIMAGE_RESOURCE_DATA_ENTRY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress+pirde->OffsetToData) : idd[2].VirtualAddress+pirde->OffsetToData];
    
                            StringCbPrintf(szTemp, 20, "%08X", pirda->OffsetToData);
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
                            Edit_SetText(hwndTemp, szTemp);
                            StringCbPrintf(szTemp, 20, "%08X", RVAtoFileOff(pirda->OffsetToData));
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
                            Edit_SetText(hwndTemp, szTemp);
                            StringCbPrintf(szTemp, 20, "%08X", pirda->Size);
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
                            Edit_SetText(hwndTemp, szTemp);
    
                            HTREEITEM hParent = TreeView_GetParent(hwndTV, hti);
                            TVITEM tvi;
                            tvi.hItem = hParent;
                            tvi.mask = TVIF_PARAM;
                            TreeView_GetItem(hwndTV, &tvi);
                            LPARAM lPar2 = tvi.lParam;
    
                            StringCbPrintf(szTemp, 20, "%04X", HIWORD(lPar2));
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
                            Edit_SetText(hwndTemp, szTemp);
    
                            StringCbPrintf(szTemp, 20, "%04X", LOWORD(lPar2));
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
                            Edit_SetText(hwndTemp, szTemp);
    
                        }
                        else //第二层
                        {
                            StringCbPrintf(szTemp, 20, "%04X", HIWORD(tvilParam));
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
                            Edit_SetText(hwndTemp, szTemp);
    
                            StringCbPrintf(szTemp, 20, "%04X", LOWORD(tvilParam));
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
                            Edit_SetText(hwndTemp, szTemp);
    
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
                            Edit_SetText(hwndTemp, "");
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
                            Edit_SetText(hwndTemp, "");
                            hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
                            Edit_SetText(hwndTemp, "");
    
                        }
    
                        break;
                    }
                }
    
                break;
            }
    
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //重定位对话框       3
    INT_PTR RelocationDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndLV1, hwndLV2;
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1);
                hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2);
    
                ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
                ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT);
    
                CHAR szColName1[4][50] = { "Index","Section","RVA","Items"};
                CHAR szColName2[5][50] = { "Index","RVA","Offset","Type","Far Address"};
    
                LVCOLUMN lvc = { 0 };
                lvc.mask = LVCF_WIDTH | LVCF_TEXT;
                lvc.cx = 100;
    
                for (int i = 0; i < 4; ++i)
                {
                    lvc.pszText = szColName1[i];
                    ListView_InsertColumn(hwndLV1, i, &lvc);
                }
                for (int i = 0; i < 5; ++i)
                {
                    lvc.pszText = szColName2[i];
                    ListView_InsertColumn(hwndLV2, i, &lvc);
                }
    
                PIMAGE_BASE_RELOCATION pibr = (PIMAGE_BASE_RELOCATION)&data[mode ? RVAtoFileOff(idd[5].VirtualAddress) : idd[5].VirtualAddress];
                int k = 0;
                CHAR szTemp[100] = { 0 };
                while (pibr->VirtualAddress)
                {
                    memcpy(&ibrl[k], pibr, pibr->SizeOfBlock);
                    if (pibr->SizeOfBlock > 0x1000)
                    {
                        MessageBox(hwndDlg, "pibr空间不够", "错误信息", MB_OK);
                    }
                    LVITEM lvi = { 0 };
                    lvi.mask = LVIF_TEXT;
                    lvi.iItem = k;
                    StringCbPrintf(szTemp, 100, "%d", k);
                    lvi.pszText = szTemp;
                    ListView_InsertItem(hwndLV1, &lvi);
                    ListView_SetItemText(hwndLV1, k, 1, RVAToSectionName(pibr->VirtualAddress));
                    StringCbPrintf(szTemp, 100, "%08X", pibr->VirtualAddress);
                    ListView_SetItemText(hwndLV1, k, 2, szTemp);
                    int nCount = ((pibr->SizeOfBlock - 8) / 2);
                    StringCbPrintf(szTemp, 100, "%Xh / %dd", nCount,nCount);
                    ListView_SetItemText(hwndLV1, k, 3, szTemp);
                    
                    pibr = (PIMAGE_BASE_RELOCATION)((ULONGLONG)pibr + pibr->SizeOfBlock);
                    ++k;
                }
    
                break;
            }
    
            case WM_NOTIFY:
            {
                switch (((LPNMHDR)(lParam))->code)
                {
                    case NM_CLICK:
                    {
                        if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
                        {
                            ListView_DeleteAllItems(hwndLV2);
                            int nIndex = ListView_GetSelectionMark(hwndLV1);
    
                            int nCount = (((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock - 8) / 2;
                            CHAR szTemp[100] = { 0 };
                            WORD* pItem = (WORD*)((ULONGLONG)&(((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock) + 4);
                            for (int j = 0; j < nCount ; ++j,++pItem)
                            {
                                
                                LVITEM lvi = { 0 };
                                lvi.mask = LVIF_TEXT;
                                lvi.iItem = j;
    
                                StringCbPrintf(szTemp, 100, "%d", j + 1);
                                lvi.pszText = szTemp;
                                ListView_InsertItem(hwndLV2, &lvi);
    
                                StringCbPrintf(szTemp, 100, "%08X", ((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress);
                                ListView_SetItemText(hwndLV2, j, 1, szTemp);
    
                                StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress));
                                ListView_SetItemText(hwndLV2, j, 2, szTemp);
    
                                int type = ((*pItem) & 0xf000) >> 12;
                                switch (type)
                                {
                                    case IMAGE_REL_BASED_ABSOLUTE:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_ABSOLUTE");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_HIGH:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGH");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_LOW:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_LOW");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_HIGHLOW:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGHLOW");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_HIGHADJ:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGHADJ");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_MACHINE_SPECIFIC_5:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_5");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_RESERVED:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_RESERVED");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_MACHINE_SPECIFIC_7:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_7");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_MACHINE_SPECIFIC_8:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_8");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_MACHINE_SPECIFIC_9:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_9");
                                        break;
                                    }
                                    case IMAGE_REL_BASED_DIR64:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_DIR64");
                                        break;
                                    }
                                    default:
                                    {
                                        StringCbPrintf(szTemp, 100, "%s", "Others");
                                        break;
                                    }
                                }
                                ListView_SetItemText(hwndLV2, j, 3, szTemp);
    
                                if (bIsPe32Plus) //pe32+的地址是16个字节
                                {
                                    StringCbPrintf(szTemp, 100, "%016llX", *(ULONGLONG*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]);
                                }
                                else  //PE32的地址是8个字节
                                {
                                    StringCbPrintf(szTemp, 100, "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]);
                                }                                                                                //+的优先级高于&,所以这里必须括号
                                ListView_SetItemText(hwndLV2, j, 4, szTemp);
    
    
                            }
    
    
    
                        }
    
                        break;
                    }
    
                }
    
                break;
            }
    
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //TLS表对话框        3
    INT_PTR TlsTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                if (!bIsPe32Plus)  //pe32
                {
                    PIMAGE_TLS_DIRECTORY32 pibr = (PIMAGE_TLS_DIRECTORY32)&data[mode ? RVAtoFileOff(idd[9].VirtualAddress) : idd[9].VirtualAddress];
    
                    CHAR szTemp[100] = { 0 };
                    HWND hwndTemp;
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->StartAddressOfRawData);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->EndAddressOfRawData);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->AddressOfIndex);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->AddressOfCallBacks);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->SizeOfZeroFill);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
                    StringCbPrintf(szTemp, 100, "%08X", pibr->Characteristics);
                    Edit_SetText(hwndTemp, szTemp);
                }
                else  //pe32+
                {
                    PIMAGE_TLS_DIRECTORY64 pibr64 = (PIMAGE_TLS_DIRECTORY64)&data[mode ? RVAtoFileOff(idd[9].VirtualAddress) : idd[9].VirtualAddress];
    
                    CHAR szTemp[100] = { 0 };
                    HWND hwndTemp;
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
                    StringCbPrintf(szTemp, 100, "%016llX", pibr64->StartAddressOfRawData);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
                    StringCbPrintf(szTemp, 100, "%016llX", pibr64->EndAddressOfRawData);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
                    StringCbPrintf(szTemp, 100, "%016llX", pibr64->AddressOfIndex);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
                    StringCbPrintf(szTemp, 100, "%016llX", pibr64->AddressOfCallBacks);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
                    StringCbPrintf(szTemp, 100, "%08X", pibr64->SizeOfZeroFill);
                    Edit_SetText(hwndTemp, szTemp);
                    hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
                    StringCbPrintf(szTemp, 100, "%08X", pibr64->Characteristics);
                    Edit_SetText(hwndTemp, szTemp);
                }
    
                break;
            }
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //延迟输入表对话框   3
    INT_PTR DelayImportDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndLV1, hwndLV2;
        
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST2);
                hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST3);
    
                ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
                ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT);
    
                CHAR szColName1[7][50] = { "DllName","OriginalFirstThunk","TimeDateStamp","BoundImportAddressTableRVA","Name","FirstThunk","ModuleHandle" };
                CHAR szColName2[5][50] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" };
    
                LVCOLUMN lvc = { 0 };
                lvc.mask = LVCF_WIDTH | LVCF_TEXT;
                lvc.cx = 100;
    
                for (int i = 0; i < 7; ++i)
                {
                    lvc.pszText = szColName1[i];
                    ListView_InsertColumn(hwndLV1, i, &lvc);
                }
                for (int i = 0; i < 5; ++i)
                {
                    lvc.pszText = szColName2[i];
                    ListView_InsertColumn(hwndLV2, i, &lvc);
                }
    
                PIMAGE_DELAYLOAD_DESCRIPTOR pidd = (PIMAGE_DELAYLOAD_DESCRIPTOR)&data[mode ? RVAtoFileOff(idd[13].VirtualAddress) : idd[13].VirtualAddress];
                CHAR szTemp[MAX_PATH] = { 0 };
                int k = 0;
                while (pidd->ImportAddressTableRVA)
                {
                    LVITEM lvi = { 0 };
                    lvi.mask = LVIF_TEXT;
                    lvi.iItem = k;
                    StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(pidd->DllNameRVA) : pidd->DllNameRVA]);
                    lvi.pszText = szTemp;
                    ListView_InsertItem(hwndLV1, &lvi);
    
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportNameTableRVA);
                    ListView_SetItemText(hwndLV1, k, 1, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->TimeDateStamp);
                    ListView_SetItemText(hwndLV1, k, 2, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->BoundImportAddressTableRVA);
                    ListView_SetItemText(hwndLV1, k, 3, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->DllNameRVA);
                    ListView_SetItemText(hwndLV1, k, 4, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportAddressTableRVA);
                    ListView_SetItemText(hwndLV1, k, 5, szTemp);
                    StringCbPrintf(szTemp, MAX_PATH, "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(pidd->ModuleHandleRVA) : pidd->ModuleHandleRVA]);
                    ListView_SetItemText(hwndLV1, k, 6, szTemp);
                    ++k;
                    ++pidd;
                }
    
    
    
                break;
            }
    
            case WM_NOTIFY:
            {
                switch (((LPNMHDR)(lParam))->code)
                {
                    case NM_CLICK:
                    {
                        if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
                        {
                            ListView_DeleteAllItems(hwndLV2);
                            int nIndex = ListView_GetSelectionMark(hwndLV1);
                            CHAR szBuffer[20] = { 0 };
                            ListView_GetItemText(hwndLV1, nIndex, 1, szBuffer, 20);            //这DelayImport得解析INT,才有名字,IAT即便是在文件中也是个地址
                            DWORD dwFirstThunk = HexStrToDec32(szBuffer);
                            
                            if (!bIsPe32Plus)
                            {
                                PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]);
    
                                CHAR szTemp[100] = { 0 };
                                int k = 0;
                                while (pitd32->u1.Function)
                                {
                                    LVITEM lvi = { 0 };
                                    lvi.mask = LVIF_TEXT;
                                    lvi.iItem = k;
    
                                    StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4);
                                    lvi.pszText = szTemp;
                                    ListView_InsertItem(hwndLV2, &lvi);
                                    StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4));
                                    ListView_SetItemText(hwndLV2, k, 1, szTemp);
                                    StringCbPrintf(szTemp, 100, "%08X", pitd32->u1.Function);
                                    ListView_SetItemText(hwndLV2, k, 2, szTemp);
    
    
                                    if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号
                                    {
                                        ListView_SetItemText(hwndLV2, k, 3, "---");
                                        StringCbPrintf(szTemp, 100, "Ordinal:%X h  %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000'0000);
                                        ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                    }
                                    else  //最高位为0,则可能是函数地址,或者是API名称
                                    {
                                        if (mode)  //说明是API名称
                                        {
                                            PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)];
    
                                            StringCbPrintf(szTemp, 100, "%04X", piibn->Hint);
                                            ListView_SetItemText(hwndLV2, k, 3, szTemp);
                                            StringCbPrintf(szTemp, 100, "%s", piibn->Name);
                                            ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                        }
                                        else //说明是函数地址
                                        {
                                            ListView_SetItemText(hwndLV2, k, 3, "---");
                                            ListView_SetItemText(hwndLV2, k, 4, "---");
                                        }
                                    }
    
    
                                    ++pitd32;
                                    ++k;
                                }
                            }
                            else  //pe32+
                            {
                                PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]);
                                CHAR szTemp[100] = { 0 };
                                int k = 0;
                                while (pitd64->u1.Function)
                                {
                                    LVITEM lvi = { 0 };
                                    lvi.mask = LVIF_TEXT;
                                    lvi.iItem = k;
    
                                    StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4);
                                    lvi.pszText = szTemp;
                                    ListView_InsertItem(hwndLV2, &lvi);
                                    StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4));
                                    ListView_SetItemText(hwndLV2, k, 1, szTemp);
                                    StringCbPrintf(szTemp, 100, "%016llX", pitd64->u1.Function);
                                    ListView_SetItemText(hwndLV2, k, 2, szTemp);
    
    
                                    if (pitd64->u1.Function & 0x8000'0000'0000'0000) //最高位为1,则为序号
                                    {
                                        ListView_SetItemText(hwndLV2, k, 3, "---");
                                        StringCbPrintf(szTemp, 100, "Ordinal:%X h  %d d", pitd64->u1.Function ^ 0x8000'0000'0000'0000, pitd64->u1.Function ^ 0x8000'0000'0000'0000);
                                        ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                    }
                                    else  //最高位为0,则可能是函数地址,或者是API名称
                                    {
                                        if (mode)  //说明是API名称
                                        {
                                            PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)];
    
                                            StringCbPrintf(szTemp, 100, "%04X", piibn->Hint);
                                            ListView_SetItemText(hwndLV2, k, 3, szTemp);
                                            StringCbPrintf(szTemp, 100, "%s", piibn->Name);
                                            ListView_SetItemText(hwndLV2, k, 4, szTemp);
                                        }
                                        else //说明是函数地址
                                        {
                                            ListView_SetItemText(hwndLV2, k, 3, "---");
                                            ListView_SetItemText(hwndLV2, k, 4, "---");
                                        }
                                    }
    
    
                                    ++pitd64;
                                    ++k;
                                }
                            }
                        }
    
    
    
    
                        break;
                    }
                }
                break;
            }
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //数据目录表对话框   2
    INT_PTR DataDirectoryDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                CHAR szTemp[20] = { 0 };
                HWND hwndTemp;
                int nOrder[0x20] =
                { IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT5,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT33, IDC_EDIT34, IDC_EDIT9,IDC_EDIT10,IDC_EDIT11,IDC_EDIT12,IDC_EDIT13,IDC_EDIT14,IDC_EDIT15,IDC_EDIT16,IDC_EDIT17,IDC_EDIT18,IDC_EDIT19,IDC_EDIT20,IDC_EDIT21,IDC_EDIT22,IDC_EDIT23,IDC_EDIT24,IDC_EDIT25,IDC_EDIT26,IDC_EDIT27,IDC_EDIT28,IDC_EDIT29,IDC_EDIT30 };
                for (int i = 0; i < 0x10; ++i)
                {
                    wsprintf(szTemp, "%08X", idd[i].VirtualAddress);
                    hwndTemp = GetDlgItem(hwndDlg, nOrder[2*i]);
                    Edit_SetText(hwndTemp, szTemp);
    
                    wsprintf(szTemp, "%08X", idd[i].Size);
                    hwndTemp = GetDlgItem(hwndDlg, nOrder[2*i+1]);
                    Edit_SetText(hwndTemp, szTemp);
                }
                
    
                break;
            }
    
            case WM_COMMAND:
            {
                switch (LOWORD(wParam))  //每个一个DialogBox
                {
                    case IDC_BUTTON1:  //Export Table
                    {
                        if (idd[0].Size == 0)
                        {
                            MessageBox(hwndDlg, "输出表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG5), hwndDlg, (DLGPROC)ExportTableDlg);
                        break;
                    }
                    case IDC_BUTTON2:  //Import Table
                    {
                        if (idd[1].Size == 0)
                        {
                            MessageBox(hwndDlg, "输入表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG6), hwndDlg, (DLGPROC)ImportTableDlg);
                        break;
                    }
                    case IDC_BUTTON3:  //Resource
                    {
                        if (idd[2].Size == 0)
                        {
                            MessageBox(hwndDlg, "资源表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG7), hwndDlg, (DLGPROC)ResourceDlg);
                        break;
                    }
                    case IDC_BUTTON4:  //Relocation
                    {
                        if (idd[5].Size == 0)
                        {
                            MessageBox(hwndDlg, "重定位表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG8), hwndDlg, (DLGPROC)RelocationDlg);
                        break;
                    }
                    case IDC_BUTTON5:  //TlsTable
                    {
                        if (idd[9].Size == 0)
                        {
                            MessageBox(hwndDlg, "TLS表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG9), hwndDlg, (DLGPROC)TlsTableDlg);
                        break;
                    }
                    case IDC_BUTTON7:  //DelayImport
                    {
                        if (idd[13].Size == 0)
                        {
                            MessageBox(hwndDlg, "延迟输入表不存在", "错误信息", MB_OK);
                            break;
                        }
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG10), hwndDlg, (DLGPROC)DelayImportDlg);
                        break;
                    }
                }
                break;
            }
    
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
        return FALSE;
    }
    
    //区段对话框         2
    INT_PTR SectionDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        static HWND hwndSectionListView = NULL;
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                RECT rc = { 0 };
                GetWindowRect(hwndDlg, &rc);
    
                hwndSectionListView = CreateWindow(WC_LISTVIEW, "", WS_VISIBLE | WS_CHILD | LVS_REPORT | LVS_SHOWSELALWAYS,
                    0, 0, 0, 0, hwndDlg, NULL, g_hInst, NULL);
                ListView_SetExtendedListViewStyle(hwndSectionListView, LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
                SetWindowPos(hwndSectionListView, HWND_TOP, 0, 50,
                    rc.right - rc.left, rc.bottom - rc.top - 100, SWP_SHOWWINDOW);
    
                LVCOLUMN lvc = { 0 };
    
                lvc.mask = LVCF_FMT | LVCF_WIDTH | LVCF_TEXT;
                lvc.cx = 150;
                lvc.fmt = LVCFMT_LEFT;
    
                for (int i = 0; i < nSectionColNum; ++i)
                {
                    lvc.pszText = szSectionColName[i];
                    ListView_InsertColumn(hwndSectionListView, i, &lvc);
                }
    
                LVITEM lvi = { 0 };
                lvi.mask = LVIF_TEXT;
                CHAR szTemp[20] = { 0 };
                for (int i = 0; i < nNumOfSections; ++i)
                {
                    lvi.iItem = i;
                    lvi.iSubItem = 0;
                    lvi.pszText = (CHAR*)&ish[i].Name;
                    ListView_InsertItem(hwndSectionListView, &lvi);
    
                    wsprintf(szTemp, "%08X", ish[i].VirtualAddress);
                    ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_voffset, szTemp);
    
                    wsprintf(szTemp, "%08X", ish[i].Misc.VirtualSize);
                    ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_vsize, szTemp);
    
                    wsprintf(szTemp, "%08X", ish[i].PointerToRawData);
                    ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_roffset, szTemp);
    
                    wsprintf(szTemp, "%08X", ish[i].SizeOfRawData);
                    ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_rsize, szTemp);
    
                    wsprintf(szTemp, "%08X", ish[i].Characteristics);
                    ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_flags, szTemp);
                }
    
                break;
            }
    
            case WM_CLOSE:
            {
                EndDialog(hwndDlg, 0);
                break;
            }
        }
    
        return FALSE;
    }
    
    //PE对话框           1             //后面的数字代表层次
    INT_PTR PEDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
    {
        switch (uMsg)
        {
            case WM_INITDIALOG:
            {
                GetBasicPEInfo(hwndDlg);
    
                break;
            }
    
            case WM_COMMAND:
            {
    
                switch (LOWORD(wParam))
                {
                    case IDC_BUTTON1: //Sections
                    {
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG3), hwndDlg, (DLGPROC)SectionDlg);
                        break;
                    }
                    case IDC_BUTTON2: //Directories
                    {
                        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG4), hwndDlg, (DLGPROC)DataDirectoryDlg);
                        break;
                    }
                }
    
    
                break;
            }
    
            case WM_CLOSE:
            {
                free(data);
                EndDialog(hwndDlg, 0);
                break;
            }
        }
    
    
    
        return FALSE;
    }
    
    
    
    //PE对话框线程的入口函数
    DWORD PEInfoDlg(LPVOID lpParam)
    {
        bIsPe32Plus = FALSE;
        mode = (INT64)lpParam; //0代表是内存,否则就是磁盘文件完整路径
    
        DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG2), hwndMainWnd, (DLGPROC)PEDlg);
    
        return 0;
    }

    以下是资源文件.rc:

    // Microsoft Visual C++ generated resource script.
    //
    #include "resource.h"
    
    #define APSTUDIO_READONLY_SYMBOLS
    /////////////////////////////////////////////////////////////////////////////
    //
    // Generated from the TEXTINCLUDE 2 resource.
    //
    #include "winres.h"
    
    /////////////////////////////////////////////////////////////////////////////
    #undef APSTUDIO_READONLY_SYMBOLS
    
    /////////////////////////////////////////////////////////////////////////////
    // 中文(简体,中国) resources
    
    #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
    LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
    
    #ifdef APSTUDIO_INVOKED
    /////////////////////////////////////////////////////////////////////////////
    //
    // TEXTINCLUDE
    //
    
    1 TEXTINCLUDE 
    BEGIN
        "resource.h"
    END
    
    2 TEXTINCLUDE 
    BEGIN
        "#include ""winres.h""
    "
        ""
    END
    
    3 TEXTINCLUDE 
    BEGIN
        "
    "
        ""
    END
    
    #endif    // APSTUDIO_INVOKED
    
    
    /////////////////////////////////////////////////////////////////////////////
    //
    // Menu
    //
    
    IDR_MENU1 MENU
    BEGIN
        POPUP "文件"
        BEGIN
            MENUITEM "打开PE文件",                      ID_40001
            MENUITEM "得到更多信息",                      ID_40017
        END
        POPUP "选项"
        BEGIN
            MENUITEM "置于顶层",                        ID_40004
        END
        POPUP "查看"
        BEGIN
            MENUITEM "立即刷新",                        ID_40005
        END
    END
    
    IDR_MENU2 MENU
    BEGIN
        POPUP "ProcessTabMenu"
        BEGIN
            MENUITEM "结束进程",                        ID_PROCESSTABMENU_40010
            MENUITEM "进程属性",                        ID_PROCESSTABMENU_40011
            MENUITEM "得到PE信息",                      ID_PROCESSTABMENU_40012
            MENUITEM "代码注入",                        ID_PROCESSTABMENU_40013
            MENUITEM "保护该进程",                       ID_PROCESSTABMENU_40014
            MENUITEM "注入DLL",                       ID_PROCESSTABMENU_40016
        END
    END
    
    
    /////////////////////////////////////////////////////////////////////////////
    //
    // Dialog
    //
    
    IDD_DIALOG1 DIALOGEX 0, 0, 305, 260
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CLIPSIBLINGS | WS_CAPTION | WS_SYSMENU
    CAPTION "Dialog"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
    END
    
    IDD_DIALOG2 DIALOGEX 0, 0, 347, 200
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[PE Editor]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        GROUPBOX        "Basic PE Header Information",IDC_STATIC,7,7,252,186
        LTEXT           "EntryPoint",IDC_STATIC,7,24,34,8
        LTEXT           "ImageBase",IDC_STATIC,7,46,36,8
        LTEXT           "SizeOfImage",IDC_STATIC,7,66,42,8
        LTEXT           "BaseOfCode",IDC_STATIC,7,84,41,8
        LTEXT           "BaseOfData",IDC_STATIC,7,105,40,8
        LTEXT           "SectionAlignment",IDC_STATIC,7,126,56,8
        LTEXT           "FileAlignment",IDC_STATIC,7,151,43,8
        LTEXT           "Magic",IDC_STATIC,7,170,19,8
        EDITTEXT        IDC_EDIT1,55,25,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT2,55,47,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT3,55,67,52,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT4,55,86,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT5,55,106,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT6,55,127,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT7,55,152,51,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT8,55,171,52,14,ES_AUTOHSCROLL
        LTEXT           "Subsystem",IDC_STATIC,120,24,36,8
        LTEXT           "NumberOfSections",IDC_STATIC,120,46,60,8
        LTEXT           "TimeDateStamp",IDC_STATIC,120,66,51,8
        LTEXT           "SizeOfHeaders",IDC_STATIC,120,84,48,8
        LTEXT           "Characteristics",IDC_STATIC,120,105,48,8
        LTEXT           "Checksum",IDC_STATIC,120,126,33,8
        LTEXT           "SizeOfOptionalHeader",IDC_STATIC,120,151,72,8
        LTEXT           "NumOfRvaAndSizes",IDC_STATIC,120,170,64,8
        EDITTEXT        IDC_EDIT9,191,23,54,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT10,191,45,54,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT11,191,65,54,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT12,191,83,54,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT13,191,104,53,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT14,191,125,54,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT15,191,150,53,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT16,191,169,53,14,ES_AUTOHSCROLL
        PUSHBUTTON      "Sections",IDC_BUTTON1,276,22,50,14
        PUSHBUTTON      "Directories",IDC_BUTTON2,276,65,50,14
    END
    
    IDD_DIALOG3 DIALOGEX 0, 0, 309, 176
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[Section Table]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
    END
    
    IDD_DIALOG4 DIALOGEX 0, 0, 299, 324
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[Directory Table]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        GROUPBOX        "Directory Information",IDC_STATIC,7,7,226,294
        LTEXT           "ExportTable",IDC_STATIC,7,47,40,8
        LTEXT           "ImportTable",IDC_STATIC,7,65,40,8
        LTEXT           "Resource",IDC_STATIC,7,82,31,8
        LTEXT           "Exception",IDC_STATIC,7,99,32,8
        LTEXT           "Security",IDC_STATIC,7,116,27,8
        LTEXT           "Relocation",IDC_STATIC,7,134,34,8
        LTEXT           "Debug",IDC_STATIC,7,152,22,8
        LTEXT           "Copyright",IDC_STATIC,7,166,32,8
        LTEXT           "GlobalPtr",IDC_STATIC,7,185,30,8
        LTEXT           "TlsTable",IDC_STATIC,7,201,27,8
        LTEXT           "LoadConfig",IDC_STATIC,7,218,37,8
        LTEXT           "BoundImport",IDC_STATIC,7,235,42,8
        LTEXT           "IAT",IDC_STATIC,7,252,12,8
        LTEXT           "DelayImport",IDC_STATIC,7,271,40,8
        LTEXT           "COM",IDC_STATIC,7,289,16,8
        LTEXT           "Reserved",IDC_STATIC,7,309,32,8
        EDITTEXT        IDC_EDIT1,73,47,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT2,135,47,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT3,73,65,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT4,135,65,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT5,73,82,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT6,135,82,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT7,73,99,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT8,135,99,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT9,74,134,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT10,135,134,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT11,73,152,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT12,135,152,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT13,73,166,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT14,135,166,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT15,73,185,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT16,135,185,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT17,73,201,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT18,135,201,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT19,73,218,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT20,135,218,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT21,73,235,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT22,135,235,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT23,73,252,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT24,135,252,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT25,73,271,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT26,135,271,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT27,73,289,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT28,135,289,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT29,72,303,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT30,135,303,40,14,ES_AUTOHSCROLL
        LTEXT           "RVA",IDC_STATIC,81,25,14,8
        LTEXT           "Size",IDC_STATIC,137,25,14,8
        PUSHBUTTON      "...",IDC_BUTTON1,189,47,14,14
        PUSHBUTTON      "...",IDC_BUTTON2,189,65,14,14
        PUSHBUTTON      "...",IDC_BUTTON3,189,82,14,14
        PUSHBUTTON      "...",IDC_BUTTON4,189,134,14,14
        PUSHBUTTON      "...",IDC_BUTTON5,189,201,14,14
        PUSHBUTTON      "...",IDC_BUTTON7,189,272,14,14
        EDITTEXT        IDC_EDIT33,73,116,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT34,135,116,40,14,ES_AUTOHSCROLL
    END
    
    IDD_DIALOG5 DIALOGEX 0, 0, 327, 248
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[ Export Table]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        GROUPBOX        "Export Information",IDC_STATIC,7,7,239,119
        CONTROL         "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,133,313,108
        LTEXT           "OffToExpTbl",IDC_STATIC,7,21,41,8
        LTEXT           "Characteristic",IDC_STATIC,7,40,45,8
        LTEXT           "Base",IDC_STATIC,7,59,16,8
        LTEXT           "Name",IDC_STATIC,7,77,19,8
        LTEXT           "NameStr",IDC_STATIC,7,99,28,8
        LTEXT           "NumOfFuncs",IDC_STATIC,139,21,42,8
        LTEXT           "NumOfNames",IDC_STATIC,139,40,44,8
        LTEXT           "AddrOfFuncs",IDC_STATIC,139,59,43,8
        LTEXT           "AddrOfNames",IDC_STATIC,139,77,46,8
        LTEXT           "AddrOfOrds",IDC_STATIC,139,99,40,8
        EDITTEXT        IDC_EDIT1,64,21,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT2,63,40,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT3,63,59,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT4,63,77,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT5,41,99,61,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT6,188,21,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT7,188,40,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT8,188,59,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT9,188,77,40,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT10,188,99,40,14,ES_AUTOHSCROLL
    END
    
    IDD_DIALOG6 DIALOGEX 0, 0, 309, 176
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[Import Table]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        CONTROL         "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,63
        CONTROL         "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,70,295,99
    END
    
    IDD_DIALOG7 DIALOGEX 0, 0, 309, 176
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[Resource Directory]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        CONTROL         "",IDC_TREE1,"SysTreeView32",TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT | TVS_SHOWSELALWAYS | WS_BORDER | WS_HSCROLL | WS_TABSTOP,7,7,182,162
        GROUPBOX        "Root Directory",IDC_STATIC,197,7,105,42
        GROUPBOX        "Selected Directory",IDC_STATIC,197,54,105,37
        GROUPBOX        "Selected Item",IDC_STATIC,198,99,104,70
        LTEXT           "Name Entries",IDC_STATIC,197,19,43,8
        LTEXT           "ID Entries",IDC_STATIC,197,33,32,8
        EDITTEXT        IDC_EDIT1,245,18,57,14,ES_AUTOHSCROLL | ES_READONLY
        EDITTEXT        IDC_EDIT2,245,32,57,14,ES_AUTOHSCROLL | ES_READONLY
        LTEXT           "Name Entries",IDC_STATIC,197,66,43,8
        LTEXT           "ID Entires",IDC_STATIC,197,79,32,8
        EDITTEXT        IDC_EDIT3,245,63,57,14,ES_AUTOHSCROLL | ES_READONLY
        EDITTEXT        IDC_EDIT4,245,77,57,14,ES_AUTOHSCROLL | ES_READONLY
        LTEXT           "RVA",IDC_STATIC,198,110,14,8
        LTEXT           "Offset",IDC_STATIC,198,129,22,8
        LTEXT           "Size",IDC_STATIC,197,151,14,8
        EDITTEXT        IDC_EDIT5,245,108,57,14,ES_AUTOHSCROLL | ES_READONLY
        EDITTEXT        IDC_EDIT6,245,130,57,14,ES_AUTOHSCROLL | ES_READONLY
        EDITTEXT        IDC_EDIT7,246,148,56,14,ES_AUTOHSCROLL | ES_READONLY
    END
    
    IDD_DIALOG8 DIALOGEX 0, 0, 309, 208
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[ Relocation ]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        GROUPBOX        "Blocks",IDC_STATIC,7,7,295,76
        GROUPBOX        "Block Items",IDC_STATIC,7,90,295,111
        CONTROL         "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,15,295,67
        CONTROL         "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,103,295,98
    END
    
    IDD_DIALOG9 DIALOGEX 0, 0, 225, 144
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[TLS Table]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        GROUPBOX        "TLS Information",IDC_STATIC,7,7,155,128
        LTEXT           "DataBlockStartVA",IDC_STATIC,7,25,57,8
        LTEXT           "DataBlockEndVA",IDC_STATIC,7,41,53,8
        LTEXT           "IndexVariableVA",IDC_STATIC,7,61,54,8
        LTEXT           "CallBackTableVA",IDC_STATIC,7,79,53,8
        LTEXT           "SizeOfZeroFill",IDC_STATIC,7,95,44,8
        LTEXT           "Characteristics",IDC_STATIC,7,113,48,8
        EDITTEXT        IDC_EDIT1,106,25,56,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT2,106,41,56,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT3,106,61,55,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT4,106,79,56,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT5,106,95,56,14,ES_AUTOHSCROLL
        EDITTEXT        IDC_EDIT6,106,113,56,14,ES_AUTOHSCROLL
    END
    
    IDD_DIALOG10 DIALOGEX 0, 0, 309, 176
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "Dialog"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        CONTROL         "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,62
        CONTROL         "",IDC_LIST3,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,68,295,101
    END
    
    IDD_DIALOG11 DIALOGEX 0, 0, 309, 176
    STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
    CAPTION "[Inject Code]"
    FONT 8, "MS Shell Dlg", 400, 0, 0x1
    BEGIN
        EDITTEXT        IDC_EDIT1,133,63,89,42,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
        LTEXT           "VA to inject(in hex)",IDC_STATIC1,7,38,87,8
        EDITTEXT        IDC_EDIT2,133,38,50,14,ES_UPPERCASE | ES_AUTOHSCROLL
        LTEXT           "目标地址的若干条指令",IDC_STATIC,7,62,85,8
        PUSHBUTTON      "得到指令",IDC_BUTTON1,241,63,50,14
        LTEXT           "要注入的指令",IDC_STATIC,7,119,49,8
        EDITTEXT        IDC_EDIT3,133,123,90,46,ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_WANTRETURN | WS_VSCROLL
        PUSHBUTTON      "注入指令",IDC_BUTTON2,242,124,50,14
        LTEXT           "Static",IDC_STATIC2,59,17,174,8
    END
    
    
    /////////////////////////////////////////////////////////////////////////////
    //
    // DESIGNINFO
    //
    
    #ifdef APSTUDIO_INVOKED
    GUIDELINES DESIGNINFO
    BEGIN
        IDD_DIALOG1, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 298
            TOPMARGIN, 7
            BOTTOMMARGIN, 253
        END
    
        IDD_DIALOG2, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 340
            TOPMARGIN, 7
            BOTTOMMARGIN, 193
        END
    
        IDD_DIALOG3, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 169
        END
    
        IDD_DIALOG4, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 292
            TOPMARGIN, 7
            BOTTOMMARGIN, 317
        END
    
        IDD_DIALOG5, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 320
            TOPMARGIN, 7
            BOTTOMMARGIN, 241
        END
    
        IDD_DIALOG6, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 169
        END
    
        IDD_DIALOG7, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 169
        END
    
        IDD_DIALOG8, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 201
        END
    
        IDD_DIALOG9, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 218
            TOPMARGIN, 7
            BOTTOMMARGIN, 137
        END
    
        IDD_DIALOG10, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 169
        END
    
        IDD_DIALOG11, DIALOG
        BEGIN
            LEFTMARGIN, 7
            RIGHTMARGIN, 302
            TOPMARGIN, 7
            BOTTOMMARGIN, 169
        END
    END
    #endif    // APSTUDIO_INVOKED
    
    
    /////////////////////////////////////////////////////////////////////////////
    //
    // AFX_DIALOG_LAYOUT
    //
    
    IDD_DIALOG1 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG2 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG3 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG4 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG5 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG6 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG7 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG8 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG9 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG10 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    IDD_DIALOG11 AFX_DIALOG_LAYOUT
    BEGIN
        0
    END
    
    #endif    // 中文(简体,中国) resources
    /////////////////////////////////////////////////////////////////////////////
    
    
    
    #ifndef APSTUDIO_INVOKED
    /////////////////////////////////////////////////////////////////////////////
    //
    // Generated from the TEXTINCLUDE 3 resource.
    //
    
    
    /////////////////////////////////////////////////////////////////////////////
    #endif    // not APSTUDIO_INVOKED

    以下是

  • 相关阅读:
    dotnet 使用 MessagePack 序列化对象
    dotnet 使用 MessagePack 序列化对象
    PHP die() 函数
    PHP defined() 函数
    PHP define() 函数
    PHP constant() 函数
    PHP connection_status() 函数
    查看物理CPU个数、核数、逻辑CPU个数
    CF997C Sky Full of Stars
    dotnet 使用 lz4net 压缩 Stream 或文件
  • 原文地址:https://www.cnblogs.com/cqubsj/p/6618092.html
Copyright © 2011-2022 走看看