zoukankan      html  css  js  c++  java

  • Win32 遍历重定位数据

      1 .386
      2 .model flat,stdcall
      3 option casemap:none
      4 
      5 include Windows.inc
      6 include User32.inc
      7 include Kernel32.inc
      8 includelib User32.lib
      9 includelib Kernel32.lib
     10 
     11 .data
     12 hBase  dd  ?
     13 szDllBuf  db  'd:\asm\SpiShow.dll',0
     14 .code
     15 _RVAToOffset proc _lpFileHead,_dwRVA
     16 local @dwReturn 
     17 pushad
     18 
     19 mov esi,_lpFileHead
     20 assume esi:ptr IMAGE_DOS_HEADER  ;获取DOS头
     21 
     22 add esi,[esi].e_lfanew
     23 assume esi:ptr IMAGE_NT_HEADERS ;获取NT头
     24 
     25 mov edi,_dwRVA
     26 mov edx,esi
     27 add edx,sizeof IMAGE_NT_HEADERS ;获取到节表
     28 assume edx:ptr IMAGE_SECTION_HEADER
     29 
     30 movzx ecx,[esi].FileHeader.NumberOfSections ;获取到节个数
     31 .repeat 
     32 
     33  mov eax,[edx].VirtualAddress 
     34  add eax,[edx].SizeOfRawData
     35  .if  ( edi >=[edx].VirtualAddress ) && (edi < eax)
     36   mov eax,[edx].VirtualAddress 
     37   sub edi,eax
     38   mov eax,[edx].PointerToRawData
     39   add eax,edi
     40   jmp @F
     41  .endif
     42  add edx,sizeof IMAGE_SECTION_HEADER
     43 .untilcxz
     44 assume esi: nothing
     45 assume edx: nothing
     46 mov eax ,-1
     47  @@:
     48  mov @dwReturn ,eax
     49  popad
     50  mov eax,@dwReturn 
     51  ret  
     52 _RVAToOffset endp
     53 
     54 _GetRelocInfo  proc  _dwBase
     55  pushad
     56  mov esi,_dwBase
     57  add esi,[esi+3ch]
     58  assume esi : ptr IMAGE_NT_HEADERS
     59  mov eax,[esi].OptionalHeader.DataDirectory[8*5].VirtualAddress
     60  push eax
     61  invoke _RVAToOffset,_dwBase,eax
     62  add eax,_dwBase
     63  mov esi,eax
     64  assume esi : ptr IMAGE_BASE_RELOCATION
     65  pop eax
     66  .while [esi].VirtualAddress
     67   lodsd 
     68   mov ebx,eax
     69   lodsd
     70   sub eax,sizeof IMAGE_BASE_RELOCATION
     71   shr eax,1
     72   push eax
     73   pop ecx
     74   xor edi,edi
     75   .repeat
     76   push ecx
     77   lodsw
     78   mov cx,ax
     79   and cx,0f000h
     80   .if cx == 03000h
     81    and ax,0fffh
     82    movzx eax,ax
     83    add eax,ebx
     84   .else
     85    mov eax,-1
     86   .endif
     87   inc edi
     88   pop ecx
     89  .untilcxz
     90  .endw
     91 
     92 _Ret:
     93  popad
     94  ret
     95 _GetRelocInfo  endp
     96 
     97 _OpenFile proc  _lpFilePath
     98  local @hFile
     99  local @Ret
    100  local @hMap
    101  pushad 
    102  invoke CreateFile,_lpFilePath,GENERIC_READ,\
    103     FILE_SHARE_READ,\
    104     NULL,OPEN_EXISTING,\
    105     FILE_ATTRIBUTE_ARCHIVE,\
    106     NULL
    107  .if !eax
    108   jmp _Ret
    109  .endif
    110  mov @hFile,eax
    111  invoke CreateFileMapping,@hFile,NULL,PAGE_READONLY,\
    112        0,0,NULL
    113  mov @hMap,eax
    114  invoke MapViewOfFile,@hMap,FILE_MAP_READ,0,0,0
    115  mov @Ret,eax
    116  invoke CloseHandle,@hFile
    117  invoke CloseHandle,@hMap
    118 _Ret:
    119  popad
    120  mov eax,@Ret
    121  ret
    122 _OpenFile endp
    123 
    124 start:
    125  invoke _OpenFile,offset szDllBuf
    126  mov hBase,eax
    127  invoke _GetRelocInfo,hBase
    128  invoke ExitProcess,NULL
    129 end start
  • 相关阅读:
    文件权限
    文件权限
    Nginx SSL/HTTPS 配置
    Nginx SSL/HTTPS 配置
    Nginx SSL/HTTPS 配置
    安装opencv3.3.0方法
    安装opencv3.3.0方法
    安装opencv3.3.0方法
    安装opencv3.3.0方法
    阿里巴巴的体量到底有多大?
  • 原文地址:https://www.cnblogs.com/dependence/p/2400530.html
Copyright © 2011-2022 走看看