早上起来看到这个代码 整理一下
1 // PETableDlg.cpp : 实现文件 2 // 3 4 #include "stdafx.h" 5 #include "PECheck.h" 6 #include "PETableDlg.h" 7 #include "afxdialogex.h" 8 9 10 // CPETableDlg 对话框 11 12 #define MakePtr(a,b,c) ((a)((char*)b+c)) 13 14 extern 15 ULONG g_SelectTab; 16 extern 17 int dpix; 18 19 UINT g_Column_Count_DirTable = 5; 20 COLUMNSTRUCT g_Column_DirTableList[] = 21 { 22 { L"Name", 180 }, //ldr 23 { L"RVA", 150 }, //传递 24 { L"Size", 150 }, // 25 {L"RAW", 150}, 26 {L"所属区块", 100} 27 }; 28 29 UINT g_Column_Count_SectionTable = 5; 30 COLUMNSTRUCT g_Column_SectionTableList[] = 31 { 32 { L"Name", 180 }, //ldr 33 { L"RVA", 150 }, //传递 34 { L"内存区块大小(未对齐)", 150 }, // 35 {L"文件偏移(offset)", 150}, 36 {L"文件大小", 150} 37 }; 38 39 UINT g_Column_Count_ImportTable = 4; 40 COLUMNSTRUCT g_Column_ImportTableList[] = 41 { 42 { L"函数序号", 150 }, //ldr 43 { L"函数名", 180 }, //传递 44 { L"函数地址", 150 }, // 45 {L"导入模块",150} 46 }; 47 48 UINT g_Column_Count_ExportTable = 5; 49 COLUMNSTRUCT g_Column_ExportTableList[] = 50 { 51 { L"函数序号", 150 }, //ldr 52 { L"函数名", 180 }, //传递 53 { L"函数地址", 150 }, // 54 {L"RVA", 150}, 55 {L"Offset", 150} 56 }; 57 58 UINT g_Column_Count_RelocTable = 7; 59 COLUMNSTRUCT g_Column_RelocTableList[] = 60 { 61 { L"重定位表RVA", 150 }, //ldr 62 {L"重定位表Offset",100}, 63 { L"重定位结构大小", 180 }, //传递 64 { L"TypeOffset", 150 }, 65 {L"重定位项RVA",150}, 66 {L"重定位项Offset",100}, 67 {L"需要重定位的数据",150} 68 }; 69 70 71 WCHAR wzDirTable[15][64] = {L"导出表地址",L"导入名称表",L"资源表",L"异常表",L"证书",L"重定向表",L"调试",L"版权",L"全局指针",L"LTS",L"加载配置",L"绑定导入表",L"导入地址表(IAT)",L"延迟加载导入表",L".NET 运行时"}; 72 73 74 IMPLEMENT_DYNAMIC(CPETableDlg, CDialog) 75 76 CPETableDlg::CPETableDlg(CWnd* pParent /*=NULL*/) 77 : CDialog(CPETableDlg::IDD, pParent) 78 , m_Table1(_T("")) 79 , m_Table2(_T("")) 80 , m_Table3(_T("")) 81 , m_Table4(_T("")) 82 , m_EditTable1(_T("")) 83 , m_EditTable2(_T("")) 84 , m_EditTable3(_T("")) 85 , m_EditTable4(_T("")) 86 { 87 88 } 89 90 CPETableDlg::~CPETableDlg() 91 { 92 } 93 94 void CPETableDlg::DoDataExchange(CDataExchange* pDX) 95 { 96 CDialog::DoDataExchange(pDX); 97 DDX_Control(pDX, IDC_LIST1, m_ListTable); 98 DDX_Text(pDX, IDC_STATIC_TABLE1, m_Table1); 99 DDX_Text(pDX, IDC_STATIC_TABLE2, m_Table2); 100 DDX_Text(pDX, IDC_STATIC_TABLE3, m_Table3); 101 DDX_Text(pDX, IDC_STATIC_TABLE4, m_Table4); 102 DDX_Text(pDX, IDC_EDIT_TABLE1, m_EditTable1); 103 DDX_Text(pDX, IDC_EDIT_TABLE2, m_EditTable2); 104 DDX_Text(pDX, IDC_EDIT_TABLE3, m_EditTable3); 105 DDX_Text(pDX, IDC_EDIT_TABLE4, m_EditTable4); 106 } 107 108 109 BEGIN_MESSAGE_MAP(CPETableDlg, CDialog) 110 // ON_EN_CHANGE(IDC_EDIT4, &CPETableDlg::OnEnChangeEdit4) 111 END_MESSAGE_MAP() 112 113 114 // CPETableDlg 消息处理程序 115 116 117 //void CPETableDlg::OnEnChangeEdit4() 118 //{ 119 // // TODO: 如果该控件是 RICHEDIT 控件,它将不 120 // // 发送此通知,除非重写 CDialog::OnInitDialog() 121 // // 函数并调用 CRichEditCtrl().SetEventMask(), 122 // // 同时将 ENM_CHANGE 标志“或”运算到掩码中。 123 // 124 // // TODO: 在此添加控件通知处理程序代码 125 //} 126 127 128 129 VOID 130 CPETableDlg::ShowPeTable(CHAR* FileData,PETYPE PeType) 131 { 132 UpdateData(TRUE); 133 134 switch(g_SelectTab) 135 { 136 case 1: 137 { 138 //m_GroupStatic.Format(L"目录表详细信息"); 139 m_Table1.Format(L""); 140 m_Table2.Format(L""); 141 m_Table3.Format(L""); 142 m_Table4.Format(L""); 143 144 ShowDataDirTable(FileData,PeType); 145 break; 146 } 147 148 case 2: 149 { 150 //m_GroupStatic.Format(L"区块表详细信息"); 151 m_Table1.Format(L""); 152 m_Table2.Format(L""); 153 m_Table3.Format(L""); 154 m_Table4.Format(L""); 155 156 ShowSectionTable(FileData,PeType); 157 break; 158 } 159 160 case 3: 161 { 162 //m_GroupStatic.Format(L"导入表详细信息"); 163 164 m_Table1.Format(L"输入表RVA"); 165 m_Table2.Format(L""); 166 m_Table3.Format(L""); 167 m_Table4.Format(L""); 168 169 ShowImportTable(FileData,PeType); 170 break; 171 } 172 173 case 4: 174 { 175 //m_GroupStatic.Format(L"导出表详细信息"); 176 177 m_Table1.Format(L"模块真实名称"); 178 m_Table2.Format(L"函数地址数组RVA"); 179 m_Table3.Format(L"函数名字指针RVA"); 180 m_Table4.Format(L"导出序号数组RVA"); 181 182 m_EditTable1.Format(L""); 183 184 ShowExportTable(FileData,PeType); 185 break; 186 } 187 188 case 5: 189 { 190 m_Table1.Format(L""); 191 m_Table2.Format(L""); 192 m_Table3.Format(L""); 193 m_Table4.Format(L""); 194 ShowRelocTable(FileData,PeType); 195 196 break; 197 } 198 199 default: 200 break; 201 } 202 203 UpdateData(FALSE); 204 } 205 206 207 VOID 208 CPETableDlg::ShowDataDirTable(CHAR* szFileData,PETYPE PeType) 209 { 210 211 PIMAGE_NT_HEADERS32 NtHead = NULL; 212 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 213 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 214 IMAGE_OPTIONAL_HEADER32 OptionHead32; 215 IMAGE_OPTIONAL_HEADER64 OptionHead64; 216 PIMAGE_SECTION_HEADER SectionHeader = NULL; 217 218 ULONG DataDirTable = 0; 219 ULONG DataSize = 0; 220 ULONG_PTR DataRaw = 0; 221 222 CString strRVA; 223 CString strSize; 224 CString strSection; 225 CString strRaw; 226 227 while(m_ListTable.DeleteColumn(0)); 228 m_ListTable.DeleteAllItems(); 229 230 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP); 231 232 UINT i = 0; 233 for (i = 0;i<g_Column_Count_DirTable;i++) 234 { 235 m_ListTable.InsertColumn(i, g_Column_DirTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_DirTableList[i].nWidth*(dpix/96.0))); 236 } 237 238 if (szFileData==NULL) 239 { 240 return; 241 } 242 243 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; //ReadFile()返回的szFileData地址 244 245 switch(PeType) 246 { 247 case PE: 248 { 249 NtHeader32 = (PIMAGE_NT_HEADERS32)((ULONG)szFileData+DosHead->e_lfanew); 250 OptionHead32 = NtHeader32->OptionalHeader; 251 252 for (int i = 0;i<OptionHead32.NumberOfRvaAndSizes;i++) 253 { 254 DataDirTable = OptionHead32.DataDirectory[i].VirtualAddress; 255 DataSize = OptionHead32.DataDirectory[i].Size; 256 257 //得到数据块在文件中的偏移 258 DataRaw = RVATwoOffset(NtHeader32,DataDirTable); 259 260 //计算数据块属于哪个节中 261 SectionHeader = GetSectionHeaderFromRva(DataDirTable,(PIMAGE_NT_HEADERS)NtHeader32); 262 263 strRVA.Format(L"0x%X",DataDirTable); 264 strSize.Format(L"0x%X",DataSize); 265 strSection = SectionHeader->Name; 266 strRaw.Format(L"0x%X",DataRaw); 267 268 int n = m_ListTable.GetItemCount(); 269 int j = m_ListTable.InsertItem(n, wzDirTable[i]); 270 m_ListTable.SetItemText(j, 1, strRVA); 271 m_ListTable.SetItemText(j, 2, strSize); 272 m_ListTable.SetItemText(j,3,strRaw); 273 m_ListTable.SetItemText(j,4,strSection); 274 275 } 276 277 278 break; 279 } 280 281 case PE64: 282 { 283 NtHeader64 = (PIMAGE_NT_HEADERS64)((ULONG)szFileData+DosHead->e_lfanew); 284 285 OptionHead64 = NtHeader64->OptionalHeader; 286 287 for (int i = 0;i<OptionHead64.NumberOfRvaAndSizes;i++) 288 { 289 DataDirTable = OptionHead64.DataDirectory[i].VirtualAddress; 290 DataSize = OptionHead64.DataDirectory[i].Size; 291 292 DataRaw = RVATwoOffset64(NtHeader64,DataDirTable); 293 294 SectionHeader = GetSectionHeaderFromRva(DataDirTable,(PIMAGE_NT_HEADERS)NtHeader64); 295 296 strRVA.Format(L"0x%X",DataDirTable); 297 strSize.Format(L"0x%X",DataSize); 298 strSection = SectionHeader->Name; 299 strRaw.Format(L"0x%X",DataRaw); 300 301 int n = m_ListTable.GetItemCount(); 302 int j = m_ListTable.InsertItem(n, wzDirTable[i]); 303 m_ListTable.SetItemText(j, 1, strRVA); 304 m_ListTable.SetItemText(j, 2, strSize); 305 m_ListTable.SetItemText(j,3,strRaw); 306 m_ListTable.SetItemText(j,4,strSection); 307 308 } 309 310 break; 311 } 312 default: 313 break; 314 315 } 316 } 317 318 PIMAGE_SECTION_HEADER 319 CPETableDlg::GetSectionHeaderFromRva(ULONG RVA,PIMAGE_NT_HEADERS NtHeader) //判断RVA是在那个节表当中 320 { 321 ULONG i = 0; 322 323 324 //Nt头得到节表 325 PIMAGE_SECTION_HEADER SectionHeader = IMAGE_FIRST_SECTION(NtHeader); 326 327 //Nt头中的File头中有区块表的个数 区块表是若干SECTION_HEADER个数据结构,个数是在文件头的NumberofSection中 328 for (i=0;i<NtHeader->FileHeader.NumberOfSections;i++,SectionHeader++) 329 { 330 331 if ((RVA>=SectionHeader->VirtualAddress)&& 332 (RVA<(SectionHeader->VirtualAddress + SectionHeader->Misc.VirtualSize))) 333 { 334 return SectionHeader; 335 } 336 } 337 338 return NULL; 339 } 340 341 DWORD RVATwoOffset(PIMAGE_NT_HEADERS32 NTHeader, ULONG ulRVA) 342 { 343 PIMAGE_SECTION_HEADER SectionHeader = 344 (PIMAGE_SECTION_HEADER)((ULONG)NTHeader + sizeof(IMAGE_NT_HEADERS)); //获得节表 345 346 for(int i = 0; i < NTHeader->FileHeader.NumberOfSections; i++) 347 { 348 //查询导出表是属于哪个节的 349 /*********************************************************************** 350 SectionHeader[i].VirtualAddress 节起始的RVA 0x1000 351 SectionHeader[i].SizeOfRawData 节在文件上的大小 352 SectionHeader[i].PointerToRawData 这是节基于文件的偏移量,PE 装载器通过本域值找到节数据在文件中的位置 353 354 假如导出表在.txt节中 355 SectionHeader[i].PointerToRawData == 0x200 SectionHeader[i].VirtualAddress == 0x1000 356 ulRVA = 0x1030 357 358 那么导出表在文件中的偏移就是0x230 返回 359 ***********************************************************************/ 360 if(ulRVA >= SectionHeader[i].VirtualAddress && ulRVA < 361 (SectionHeader[i].VirtualAddress 362 + SectionHeader[i].SizeOfRawData)) 363 { 364 //文件偏移 365 return SectionHeader[i].PointerToRawData + 366 (ulRVA - SectionHeader[i].VirtualAddress); 367 } 368 } 369 370 return 0; 371 } 372 373 ULONG_PTR RVATwoOffset64(PIMAGE_NT_HEADERS64 NTHeader, ULONG_PTR ulRVA) 374 { 375 PIMAGE_SECTION_HEADER SectionHeader = 376 (PIMAGE_SECTION_HEADER)((ULONG_PTR)NTHeader + sizeof(IMAGE_NT_HEADERS64)); //获得节表 377 378 for(int i = 0; i < NTHeader->FileHeader.NumberOfSections; i++) 379 { 380 //查询导出表是属于哪个节的 381 /*********************************************************************** 382 SectionHeader[i].VirtualAddress 节起始的RVA 0x1000 383 SectionHeader[i].SizeOfRawData 节在文件上的大小 384 SectionHeader[i].PointerToRawData 这是节基于文件的偏移量,PE 装载器通过本域值找到节数据在文件中的位置 385 386 假如导出表在.txt节中 387 SectionHeader[i].PointerToRawData == 0x200 SectionHeader[i].VirtualAddress == 0x1000 388 ulRVA = 0x1030 389 390 那么导出表在文件中的偏移就是0x230 返回 391 ***********************************************************************/ 392 if(ulRVA >= SectionHeader[i].VirtualAddress && ulRVA < 393 (SectionHeader[i].VirtualAddress 394 + SectionHeader[i].SizeOfRawData)) 395 { 396 //文件偏移 397 return SectionHeader[i].PointerToRawData + 398 (ulRVA - SectionHeader[i].VirtualAddress); 399 } 400 } 401 402 return 0; 403 } 404 405 406 407 VOID 408 CPETableDlg::ShowSectionTable(CHAR* szFileData,PETYPE PeType) 409 { 410 PIMAGE_NT_HEADERS NtHead = NULL; 411 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 412 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 413 414 IMAGE_FILE_HEADER FileHeader; 415 416 ULONG DataSize = 0; 417 PIMAGE_SECTION_HEADER SectionHeader; 418 419 CString SectionName; 420 CString strRVA; 421 CString strRSize; 422 423 CString strOffset; 424 CString strVsize; 425 426 while(m_ListTable.DeleteColumn(0)); 427 m_ListTable.DeleteAllItems(); 428 429 //CRect rect; 430 //GetWindowRect(rect); 431 ////设置ListContrl在对话框中的位置 432 //if (m_ListTable.m_hWnd != NULL) 433 //{ 434 // CRect rc; 435 // rc.left = 0; 436 // rc.top = 0; 437 // rc.right = rect.Width() - 10; 438 // rc.bottom = rect.Height() - 35; 439 // m_ListTable.MoveWindow(rc); 440 //} 441 442 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP); 443 444 UINT i = 0; 445 for (i = 0;i<g_Column_Count_SectionTable;i++) 446 { 447 m_ListTable.InsertColumn(i, g_Column_SectionTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_SectionTableList[i].nWidth*(dpix/96.0))); 448 } 449 450 if (szFileData==NULL) 451 { 452 return; 453 } 454 455 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; 456 457 //获得节表 458 if (PeType==PE) 459 { 460 NtHeader32 = (PIMAGE_NT_HEADERS32)((ULONG)szFileData+DosHead->e_lfanew); 461 FileHeader = NtHeader32->FileHeader; 462 SectionHeader = (PIMAGE_SECTION_HEADER)((ULONG_PTR)NtHeader32 + sizeof(IMAGE_NT_HEADERS32)); 463 } 464 else 465 { 466 NtHeader64 = (PIMAGE_NT_HEADERS64)((ULONG)szFileData+DosHead->e_lfanew); 467 FileHeader = NtHeader64->FileHeader; 468 469 SectionHeader = (PIMAGE_SECTION_HEADER)((ULONG_PTR)NtHeader64 + sizeof(IMAGE_NT_HEADERS64)); 470 } 471 472 473 for (int i = 0;i<FileHeader.NumberOfSections;i++,SectionHeader++) 474 { 475 SectionName = SectionHeader->Name; 476 strRVA.Format(L"0x%x",SectionHeader->VirtualAddress); 477 strRSize.Format(L"0x%x",SectionHeader->Misc.VirtualSize); 478 479 strOffset.Format(L"0x%x",SectionHeader->PointerToRawData); 480 strVsize.Format(L"0x%x",SectionHeader->SizeOfRawData); 481 482 int n = m_ListTable.GetItemCount(); 483 int j = m_ListTable.InsertItem(n, SectionName); 484 m_ListTable.SetItemText(j, 1, strRVA); 485 m_ListTable.SetItemText(j, 2, strRSize); 486 m_ListTable.SetItemText(j,3,strOffset); 487 m_ListTable.SetItemText(j,4,strVsize); 488 489 } 490 491 492 UpdateData(FALSE); 493 494 } 495 496 497 VOID 498 CPETableDlg::ShowImportTable(CHAR* szFileData,PETYPE PeType) 499 { 500 PIMAGE_NT_HEADERS NtHead = NULL; 501 PIMAGE_THUNK_DATA ImportOriFirstThunk = NULL; 502 PIMAGE_IMPORT_BY_NAME OrdinalName = NULL; 503 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 504 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 505 506 IMAGE_OPTIONAL_HEADER32 OptionHead32; 507 IMAGE_OPTIONAL_HEADER64 OptionHead64; 508 IMAGE_DATA_DIRECTORY ImportDirectory = {0}; 509 PIMAGE_IMPORT_DESCRIPTOR ImportTable = NULL; 510 ULONG_PTR ImportSize = 0; 511 ULONG_PTR ImportDiff = 0; 512 ULONG ulIndex = 0; 513 514 ULONG_PTR ulFuncRVA = 0; 515 516 517 CString strFuncName,strDllName; 518 CString strIndex = 0; 519 520 521 while(m_ListTable.DeleteColumn(0)); 522 m_ListTable.DeleteAllItems(); 523 524 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP); 525 526 UINT i = 0; 527 for (i = 0;i<g_Column_Count_ImportTable;i++) 528 { 529 m_ListTable.InsertColumn(i, g_Column_ImportTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_ImportTableList[i].nWidth*(dpix/96.0))); 530 } 531 532 if (szFileData==NULL) 533 { 534 return; 535 } 536 537 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; 538 539 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew); 540 541 switch(PeType) 542 { 543 case PE: 544 { 545 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead; 546 OptionHead32 = NtHeader32->OptionalHeader; 547 548 ImportDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]; 549 550 m_EditTable1.Format(L"0x%p",ImportDirectory); 551 552 if (ImportDirectory.Size==0) 553 { 554 return; 555 } 556 557 ImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ImportDirectory.VirtualAddress)); 558 559 while (ImportTable->Name) 560 { 561 char* DllName = (char*)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ImportTable->Name)); 562 strDllName = DllName; 563 564 ImportOriFirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportTable->OriginalFirstThunk)); 565 566 while(ImportOriFirstThunk->u1.Function) 567 { 568 569 int n = m_ListTable.GetItemCount(); 570 strIndex.Format(L"%d",ulIndex); 571 int j = m_ListTable.InsertItem(n, strIndex); 572 573 //判断是以序数导入还是以Name导入 574 //最高位为1说明以序数导入 序号值为低31位 575 int Temp = ImportOriFirstThunk->u1.Ordinal&0x80000000; 576 577 if (Temp) 578 { 579 Temp = ImportOriFirstThunk->u1.Ordinal&0x7fffffff; 580 strIndex.Format(L"%d",Temp); 581 m_ListTable.SetItemText(j,1,strIndex); 582 } 583 else 584 { 585 OrdinalName = (PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportOriFirstThunk->u1.AddressOfData)); 586 char* FuncName = (char*)OrdinalName->Name; 587 strFuncName = FuncName; 588 589 ulFuncRVA = (ULONG_PTR)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportOriFirstThunk->u1.ForwarderString)); 590 591 m_ListTable.SetItemText(j,1,strFuncName); 592 593 } 594 595 m_ListTable.SetItemText(j,3,strDllName); 596 597 ulIndex++; 598 ImportOriFirstThunk++; 599 600 } 601 602 ImportTable++; 603 } 604 605 606 break; 607 } 608 case PE64: 609 { 610 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead; 611 OptionHead64 = NtHeader64->OptionalHeader; 612 613 ImportDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]; 614 if (ImportDirectory.Size==0) 615 { 616 return; 617 } 618 619 ImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ImportDirectory.VirtualAddress)); 620 621 622 while (ImportTable->Name) 623 { 624 char* DllName = (char*)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ImportTable->Name)); 625 strDllName = DllName; 626 627 ImportOriFirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,ImportTable->OriginalFirstThunk)); 628 629 while(ImportOriFirstThunk->u1.Function) 630 { 631 632 int n = m_ListTable.GetItemCount(); 633 strIndex.Format(L"%d",ulIndex); 634 int j = m_ListTable.InsertItem(n, strIndex); 635 636 INT64 Temp = ImportOriFirstThunk->u1.Ordinal&0x8000000000000000; 637 638 if (Temp) 639 { 640 Temp = ImportOriFirstThunk->u1.Ordinal&0x7fffffffffffffff; 641 strIndex.Format(L"%d",Temp); 642 m_ListTable.SetItemText(j,1,strIndex); 643 } 644 else 645 { 646 OrdinalName = (PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,ImportOriFirstThunk->u1.AddressOfData)); 647 char* FuncName = (char*)OrdinalName->Name; 648 strFuncName = FuncName; 649 m_ListTable.SetItemText(j,1,strFuncName); 650 } 651 652 m_ListTable.SetItemText(j,3,strDllName); 653 654 ulIndex++; 655 ImportOriFirstThunk++; 656 657 } 658 659 ImportTable++; 660 } 661 662 663 break; 664 } 665 666 default: 667 break; 668 669 } 670 } 671 672 673 VOID 674 CPETableDlg::ShowRelocTable(CHAR* szFileData,PETYPE PeType) 675 { 676 PIMAGE_NT_HEADERS NtHead = NULL; 677 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 678 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 679 IMAGE_OPTIONAL_HEADER32 OptionHead32; 680 IMAGE_OPTIONAL_HEADER64 OptionHead64; 681 IMAGE_DATA_DIRECTORY RelocDirectory = {0}; 682 683 PIMAGE_BASE_RELOCATION RelocTable = NULL; 684 ULONG_PTR RelocRVA = 0; 685 ULONG_PTR BlocSize = 0; 686 ULONG_PTR RelocDataOffset = 0; 687 688 CString strRelocRVA,strRelocOffset,strRelocDataRVA,strRelcoDataOffset,strRelocDataOffset,strRelocData,strRelocSize; 689 CString strTypeOffset,strSizeOfBlock; 690 691 while(m_ListTable.DeleteColumn(0)); 692 m_ListTable.DeleteAllItems(); 693 694 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP); 695 696 UINT i = 0; 697 for (i = 0;i<g_Column_Count_RelocTable;i++) 698 { 699 m_ListTable.InsertColumn(i, g_Column_RelocTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_RelocTableList[i].nWidth*(dpix/96.0))); 700 } 701 702 if (szFileData==NULL) 703 { 704 return; 705 } 706 707 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; 708 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew); 709 710 switch (PeType) 711 { 712 case PE: 713 { 714 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead; 715 OptionHead32 = NtHeader32->OptionalHeader; 716 717 RelocDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]; 718 719 if (RelocDirectory.Size==0) 720 { 721 return; 722 } 723 724 725 RelocTable = (PIMAGE_BASE_RELOCATION)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,RelocDirectory.VirtualAddress)); 726 727 do 728 { 729 ULONG_PTR NumOfReloc=(RelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2; 730 731 SHORT MiniOffset = 0; 732 733 PSHORT RelocData =(PSHORT)((ULONG_PTR)RelocTable+sizeof(IMAGE_BASE_RELOCATION)); 734 735 for (i=0; i<NumOfReloc; i++) 736 { 737 PULONG_PTR RelocAddress = 0;//需要重定位的地址 738 739 if (((*RelocData)>>12)==IMAGE_REL_BASED_DIR64||((*RelocData)>>12)==IMAGE_REL_BASED_HIGHLOW)//判断重定位类型是否为IMAGE_REL_BASED_HIGHLOW[32]或IMAGE_REL_BASED_DIR64[64] 740 { 741 MiniOffset = (*RelocData)&0xfff; 742 743 744 RelocDataOffset = (ULONG_PTR)RVATwoOffset(NtHeader32,MiniOffset+RelocTable->VirtualAddress); 745 746 strSizeOfBlock.Format(L"0x%x",RelocTable->SizeOfBlock); 747 strTypeOffset.Format(L"0x%x",(*RelocData)); 748 749 strRelocRVA.Format(L"0x%x",RelocTable->VirtualAddress); 750 strRelocOffset.Format(L"0x%x",RVATwoOffset(NtHeader32,RelocTable->VirtualAddress)); 751 752 strRelocDataRVA.Format(L"0x%x",MiniOffset+RelocTable->VirtualAddress); 753 strRelocDataOffset.Format(L"0x%x",RelocDataOffset); 754 755 strRelocData.Format(L"0x%x",*(PULONG_PTR)((ULONG_PTR)szFileData+ RelocDataOffset)); 756 757 int n = m_ListTable.GetItemCount(); 758 int j = m_ListTable.InsertItem(n, strRelocRVA); 759 m_ListTable.SetItemText(j, 1, strRelocOffset); 760 m_ListTable.SetItemText(j, 2, strSizeOfBlock); 761 m_ListTable.SetItemText(j,3,strTypeOffset); 762 m_ListTable.SetItemText(j,4,strRelocDataRVA); 763 m_ListTable.SetItemText(j,5,strRelocDataOffset); 764 m_ListTable.SetItemText(j,6,strRelocData); 765 766 767 } 768 769 RelocData++; 770 } 771 772 RelocTable=(PIMAGE_BASE_RELOCATION)((ULONG_PTR)RelocTable+RelocTable->SizeOfBlock); 773 774 } while (RelocTable->VirtualAddress); 775 776 777 break; 778 } 779 780 case PE64: 781 { 782 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead; 783 OptionHead64 = NtHeader64->OptionalHeader; 784 785 RelocDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]; 786 787 if (RelocDirectory.Size==0) 788 { 789 return; 790 } 791 792 793 RelocTable = (PIMAGE_BASE_RELOCATION)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,RelocDirectory.VirtualAddress)); 794 795 do 796 { 797 ULONG_PTR NumOfReloc=(RelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2; 798 799 SHORT MiniOffset = 0; 800 PUSHORT RelocData =(PUSHORT)((ULONG_PTR)RelocTable+sizeof(IMAGE_BASE_RELOCATION)); 801 802 for (i=0; i<NumOfReloc; i++) 803 { 804 PULONG_PTR RelocAddress = 0;//需要重定位的地址 805 806 if (((*RelocData)>>12)==IMAGE_REL_BASED_DIR64)//判断重定位类型是否为IMAGE_REL_BASED_HIGHLOW[32]或IMAGE_REL_BASED_DIR64[64] 807 { 808 MiniOffset = (*RelocData)&0xfff; 809 810 811 RelocDataOffset = (ULONG_PTR)RVATwoOffset64(NtHeader64,MiniOffset+RelocTable->VirtualAddress); 812 813 strSizeOfBlock.Format(L"0x%x",RelocTable->SizeOfBlock); 814 strTypeOffset.Format(L"0x%x",(*RelocData)); 815 816 strRelocRVA.Format(L"0x%x",RelocTable->VirtualAddress); 817 strRelocOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,RelocTable->VirtualAddress)); 818 819 strRelocDataRVA.Format(L"0x%x",MiniOffset+RelocTable->VirtualAddress); 820 strRelocDataOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,MiniOffset+RelocTable->VirtualAddress)); 821 822 strRelocData.Format(L"0x%x",*(PULONG_PTR)((ULONG_PTR)szFileData+ RelocDataOffset)); 823 824 int n = m_ListTable.GetItemCount(); 825 int j = m_ListTable.InsertItem(n, strRelocRVA); 826 m_ListTable.SetItemText(j, 1, strRelocOffset); 827 m_ListTable.SetItemText(j, 2, strSizeOfBlock); 828 m_ListTable.SetItemText(j,3,strTypeOffset); 829 m_ListTable.SetItemText(j,4,strRelocDataRVA); 830 m_ListTable.SetItemText(j,5,strRelocDataOffset); 831 m_ListTable.SetItemText(j,6,strRelocData); 832 833 834 } 835 836 RelocData++; 837 } 838 839 RelocTable=(PIMAGE_BASE_RELOCATION)((ULONG_PTR)RelocTable+RelocTable->SizeOfBlock); 840 841 } while (RelocTable->VirtualAddress); 842 843 844 break; 845 } 846 847 default: 848 break; 849 } 850 851 } 852 VOID 853 CPETableDlg::ShowExportTable(CHAR* szFileData,PETYPE PeType) 854 { 855 PIMAGE_NT_HEADERS NtHead = NULL; 856 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 857 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 858 IMAGE_OPTIONAL_HEADER32 OptionHead32; 859 IMAGE_OPTIONAL_HEADER64 OptionHead64; 860 IMAGE_DATA_DIRECTORY ExportDirectory = {0}; 861 PIMAGE_EXPORT_DIRECTORY ExportTable = NULL; 862 863 ULONG_PTR NameOfArrayRVA = NULL; 864 ULONG* NameOfArray = NULL; 865 ULONG_PTR OrdinalsOfArrayRVA = NULL; 866 WORD* OrdinalsOfArray = NULL; 867 ULONG_PTR FuncAddressOfArrayRVA = NULL; 868 ULONG* FuncAddressOfArray = NULL; 869 ULONG_PTR FuncAdress = NULL; 870 871 CString strIndex, strFuncName,strFuncAddr,strRVA,strOffset; 872 873 while(m_ListTable.DeleteColumn(0)); 874 m_ListTable.DeleteAllItems(); 875 876 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP); 877 878 UINT i = 0; 879 for (i = 0;i<g_Column_Count_ExportTable;i++) 880 { 881 m_ListTable.InsertColumn(i, g_Column_ExportTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_ExportTableList[i].nWidth*(dpix/96.0))); 882 } 883 884 if (szFileData==NULL) 885 { 886 return; 887 } 888 889 890 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; 891 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew); 892 893 switch(PeType) 894 { 895 case PE: 896 { 897 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead; 898 OptionHead32 = NtHeader32->OptionalHeader; 899 900 ExportDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; 901 if (ExportDirectory.Size==0) 902 { 903 return; 904 } 905 906 ExportTable = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ExportDirectory.VirtualAddress)); 907 908 CHAR* DllName = (CHAR*)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ExportTable->Name)); 909 910 m_EditTable1.Format(L"%S",DllName); 911 912 // 913 NameOfArrayRVA = (ULONG_PTR)(ExportTable->AddressOfNames); 914 m_EditTable3.Format(L"0x%p",NameOfArrayRVA); 915 NameOfArrayRVA = RVATwoOffset(NtHeader32,NameOfArrayRVA); 916 NameOfArray = (ULONG*)((ULONG_PTR)szFileData + NameOfArrayRVA); 917 CHAR* wzFuncName = NULL; 918 919 // 920 OrdinalsOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfNameOrdinals; 921 m_EditTable4.Format(L"0x%p",OrdinalsOfArrayRVA); 922 OrdinalsOfArrayRVA = RVATwoOffset(NtHeader32,OrdinalsOfArrayRVA); 923 OrdinalsOfArray = (WORD*)((ULONG_PTR)szFileData + OrdinalsOfArrayRVA); 924 925 // 926 FuncAddressOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfFunctions; 927 m_EditTable2.Format(L"0x%p",FuncAddressOfArrayRVA); 928 FuncAddressOfArrayRVA = RVATwoOffset(NtHeader32,FuncAddressOfArrayRVA); 929 FuncAddressOfArray = (ULONG*)((ULONG_PTR)szFileData + FuncAddressOfArrayRVA); 930 931 932 for (int i=0;i<ExportTable->NumberOfNames;i++) 933 { 934 wzFuncName = (CHAR*)((ULONG_PTR)szFileData+RVATwoOffset(NtHeader32,NameOfArray[i])); 935 FuncAdress =(ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,FuncAddressOfArray[OrdinalsOfArray[i]]); 936 937 strIndex.Format(L"%d",OrdinalsOfArray[i]); 938 strFuncName.Format(L"%S",wzFuncName); 939 strFuncAddr.Format(L"0x%x",FuncAdress); 940 strRVA.Format(L"0x%x",FuncAddressOfArray[OrdinalsOfArray[i]]); 941 strOffset.Format(L"0x%x",RVATwoOffset(NtHeader32,FuncAddressOfArray[OrdinalsOfArray[i]])); 942 943 944 int n = m_ListTable.GetItemCount(); 945 int j = m_ListTable.InsertItem(n, strIndex); 946 m_ListTable.SetItemText(j, 1, strFuncName); 947 m_ListTable.SetItemText(j, 2, strFuncAddr); 948 m_ListTable.SetItemText(j,3,strRVA); 949 m_ListTable.SetItemText(j,4,strOffset); 950 951 } 952 953 954 break; 955 } 956 957 case PE64: 958 { 959 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead; 960 OptionHead64 = NtHeader64->OptionalHeader; 961 962 ExportDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; 963 if (ExportDirectory.Size==0) 964 { 965 return; 966 } 967 968 ExportTable = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ExportDirectory.VirtualAddress)); 969 970 971 NameOfArrayRVA = (ULONG_PTR)(ExportTable->AddressOfNames); 972 m_EditTable3.Format(L"0x%p",NameOfArrayRVA); 973 NameOfArrayRVA = RVATwoOffset64(NtHeader64,NameOfArrayRVA); 974 NameOfArray = (ULONG*)((ULONG_PTR)szFileData + NameOfArrayRVA); 975 CHAR* wzFuncName = NULL; 976 977 978 OrdinalsOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfNameOrdinals; 979 m_EditTable4.Format(L"0x%p",OrdinalsOfArrayRVA); 980 OrdinalsOfArrayRVA = RVATwoOffset64(NtHeader64,OrdinalsOfArrayRVA); 981 OrdinalsOfArray = (WORD*)((ULONG_PTR)szFileData + OrdinalsOfArrayRVA); 982 983 984 FuncAddressOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfFunctions; 985 m_EditTable2.Format(L"0x%p",FuncAddressOfArrayRVA); 986 FuncAddressOfArrayRVA = RVATwoOffset64(NtHeader64,FuncAddressOfArrayRVA); 987 FuncAddressOfArray = (ULONG*)((ULONG_PTR)szFileData + FuncAddressOfArrayRVA); 988 989 990 for (int i=0;i<ExportTable->NumberOfNames;i++) 991 { 992 wzFuncName = (CHAR*)((ULONG_PTR)szFileData+RVATwoOffset64(NtHeader64,NameOfArray[i])); 993 FuncAdress =(ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,FuncAddressOfArray[OrdinalsOfArray[i]]); 994 995 strIndex.Format(L"%d",OrdinalsOfArray[i]); 996 strFuncName.Format(L"%S",wzFuncName); 997 strFuncAddr.Format(L"0x%x",FuncAdress); 998 strRVA.Format(L"0x%x",FuncAddressOfArray[OrdinalsOfArray[i]]); 999 strOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,FuncAddressOfArray[OrdinalsOfArray[i]])); 1000 1001 1002 int n = m_ListTable.GetItemCount(); 1003 int j = m_ListTable.InsertItem(n, strIndex); 1004 m_ListTable.SetItemText(j, 1, strFuncName); 1005 m_ListTable.SetItemText(j, 2, strFuncAddr); 1006 m_ListTable.SetItemText(j,3,strRVA); 1007 m_ListTable.SetItemText(j,4,strOffset); 1008 1009 } 1010 1011 1012 break; 1013 } 1014 default: 1015 break; 1016 1017 } 1018 1019 UpdateData(FALSE); 1020 }
1 #pragma once 2 #include "afxcmn.h" 3 enum PETYPE 4 { 5 PE = 0, 6 PE64, 7 Unkonw 8 }; 9 typedef struct _COLUMNSTRUCT 10 { 11 WCHAR* szTitle; 12 UINT nWidth; 13 }COLUMNSTRUCT; 14 // CPETableDlg 对话框 15 16 class CPETableDlg : public CDialog 17 { 18 DECLARE_DYNAMIC(CPETableDlg) 19 20 public: 21 CPETableDlg(CWnd* pParent = NULL); // 标准构造函数 22 virtual ~CPETableDlg(); 23 24 // 对话框数据 25 enum { IDD = IDD_DIALOG_TABLE }; 26 27 28 protected: 29 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 30 31 DECLARE_MESSAGE_MAP() 32 public: 33 // afx_msg void OnEnChangeEdit4(); 34 CListCtrl m_ListTable; 35 CString m_Table1; 36 CString m_Table2; 37 CString m_Table3; 38 CString m_Table4; 39 CString m_EditTable1; 40 CString m_EditTable2; 41 CString m_EditTable3; 42 CString m_EditTable4; 43 VOID CPETableDlg::ShowPeTable(CHAR* FileData,PETYPE PeType); 44 VOID CPETableDlg::ShowDataDirTable(CHAR* szFileData,PETYPE PeType); 45 PIMAGE_SECTION_HEADER CPETableDlg::GetSectionHeaderFromRva(ULONG RVA,PIMAGE_NT_HEADERS NtHeader); 46 VOID CPETableDlg::ShowSectionTable(CHAR* szFileData,PETYPE PeType); 47 VOID CPETableDlg::ShowImportTable(CHAR* szFileData,PETYPE PeType); 48 VOID CPETableDlg::ShowExportTable(CHAR* szFileData,PETYPE PeType); 49 VOID CPETableDlg::ShowRelocTable(CHAR* szFileData,PETYPE PeType); 50 }; 51 ULONG_PTR RVATwoOffset64(PIMAGE_NT_HEADERS64 NTHeader, ULONG_PTR ulRVA) ; 52 DWORD RVATwoOffset(PIMAGE_NT_HEADERS32 NTHeader, ULONG ulRVA);
1 // PECheckDlg.h : 头文件 2 // 3 4 #pragma once 5 #include "afxcmn.h" 6 #include "PEHeaderDlg.h" 7 #include "PETableDlg.h" 8 // CPECheckDlg 对话框 9 10 class CPECheckDlg : public CDialogEx 11 { 12 // 构造 13 public: 14 CPECheckDlg(CWnd* pParent = NULL); // 标准构造函数 15 16 // 对话框数据 17 enum { IDD = IDD_PECHECK_DIALOG }; 18 19 20 protected: 21 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 22 TCHAR m_FilePath[1024]; 23 CHAR* m_szFileData; 24 ULONG m_ulLow; 25 PETYPE PeType; 26 27 28 CPEHeaderDlg m_PeHeaderDlg; 29 CPETableDlg m_PeTableDlg; 30 // 实现 31 protected: 32 HICON m_hIcon; 33 34 // 生成的消息映射函数 35 virtual BOOL OnInitDialog(); 36 afx_msg void OnSysCommand(UINT nID, LPARAM lParam); 37 afx_msg void OnPaint(); 38 afx_msg HCURSOR OnQueryDragIcon(); 39 DECLARE_MESSAGE_MAP() 40 public: 41 afx_msg void OnDropFiles(HDROP hDropInfo); 42 CTabCtrl m_TabMain; 43 CString m_EditFilePath; 44 45 46 47 48 BOOL LoadFileData(WCHAR* wzFilePath,CHAR** szFileData,ULONG* ulLow); 49 BOOL IsPEFile(CHAR* szFileData,PETYPE* PeType); 50 CString m_EditFileType; 51 afx_msg void OnTcnSelchangeTabMain(NMHDR *pNMHDR, LRESULT *pResult); 52 };
1 // PECheckDlg.cpp : 实现文件 2 // 3 4 #include "stdafx.h" 5 #include "PECheck.h" 6 #include "PECheckDlg.h" 7 #include "afxdialogex.h" 8 9 #ifdef _DEBUG 10 #define new DEBUG_NEW 11 #endif 12 13 14 15 CHAR* g_szFileData = NULL; 16 ULONG g_SelectTab = 0; 17 int dpix; 18 int dpiy; 19 20 // 用于应用程序“关于”菜单项的 CAboutDlg 对话框 21 22 class CAboutDlg : public CDialogEx 23 { 24 public: 25 CAboutDlg(); 26 27 // 对话框数据 28 enum { IDD = IDD_ABOUTBOX }; 29 30 protected: 31 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 32 33 // 实现 34 protected: 35 DECLARE_MESSAGE_MAP() 36 }; 37 38 CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD) 39 { 40 } 41 42 void CAboutDlg::DoDataExchange(CDataExchange* pDX) 43 { 44 CDialogEx::DoDataExchange(pDX); 45 } 46 47 BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx) 48 END_MESSAGE_MAP() 49 50 51 // CPECheckDlg 对话框 52 53 54 55 56 CPECheckDlg::CPECheckDlg(CWnd* pParent /*=NULL*/) 57 : CDialogEx(CPECheckDlg::IDD, pParent) 58 , m_EditFilePath(_T("")) 59 , m_EditFileType(_T("")) 60 { 61 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); 62 m_szFileData = NULL; 63 } 64 65 void CPECheckDlg::DoDataExchange(CDataExchange* pDX) 66 { 67 CDialogEx::DoDataExchange(pDX); 68 DDX_Control(pDX, IDC_TAB_MAIN, m_TabMain); 69 DDX_Text(pDX, IDC_EDIT_DRAGFILE, m_EditFilePath); 70 DDX_Text(pDX, IDC_FILETYPE, m_EditFileType); 71 } 72 73 BEGIN_MESSAGE_MAP(CPECheckDlg, CDialogEx) 74 ON_WM_SYSCOMMAND() 75 ON_WM_PAINT() 76 ON_WM_QUERYDRAGICON() 77 ON_WM_DROPFILES() 78 ON_NOTIFY(TCN_SELCHANGE, IDC_TAB_MAIN, &CPECheckDlg::OnTcnSelchangeTabMain) 79 END_MESSAGE_MAP() 80 81 82 // CPECheckDlg 消息处理程序 83 84 BOOL CPECheckDlg::OnInitDialog() 85 { 86 CDialogEx::OnInitDialog(); 87 88 // 将“关于...”菜单项添加到系统菜单中。 89 90 // IDM_ABOUTBOX 必须在系统命令范围内。 91 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); 92 ASSERT(IDM_ABOUTBOX < 0xF000); 93 94 CMenu* pSysMenu = GetSystemMenu(FALSE); 95 if (pSysMenu != NULL) 96 { 97 BOOL bNameValid; 98 CString strAboutMenu; 99 bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX); 100 ASSERT(bNameValid); 101 if (!strAboutMenu.IsEmpty()) 102 { 103 pSysMenu->AppendMenu(MF_SEPARATOR); 104 pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); 105 } 106 } 107 108 // 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动 109 // 执行此操作 110 SetIcon(m_hIcon, TRUE); // 设置大图标 111 SetIcon(m_hIcon, FALSE); // 设置小图标 112 113 // TODO: 在此添加额外的初始化代码 114 m_TabMain.InsertItem(0, _T("PE头")); // 115 m_TabMain.InsertItem(1, _T("目录表")); // 116 m_TabMain.InsertItem(2,_T("区块表")); 117 m_TabMain.InsertItem(3,_T("导入表")); 118 m_TabMain.InsertItem(4,_T("导出表")); 119 m_TabMain.InsertItem(5,_T("重定向表")); 120 121 122 m_PeHeaderDlg.Create(IDD_DIALOG_PEHEADER,GetDlgItem(IDC_TAB_MAIN)); 123 m_PeTableDlg.Create(IDD_DIALOG_TABLE,GetDlgItem(IDC_TAB_MAIN)); 124 125 126 CRect tabRect; 127 128 129 GetWindowRect(&tabRect); 130 131 CPaintDC dc(this); 132 dpix = GetDeviceCaps(dc.m_hDC,LOGPIXELSX); 133 dpiy = GetDeviceCaps(dc.m_hDC,LOGPIXELSY); 134 tabRect.bottom += (LONG)(1+21*(dpiy/96.0)); 135 136 MoveWindow(&tabRect); 137 138 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect 139 // 调整tabRect,使其覆盖范围适合放置标签页 140 tabRect.left += 1; 141 tabRect.right -= 1; 142 tabRect.top += 25; 143 tabRect.bottom -= 1; 144 // 根据调整好的tabRect放置m_jzmDlg子对话框,并设置为显示 145 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW); 146 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW); 147 148 149 150 return TRUE; // 除非将焦点设置到控件,否则返回 TRUE 151 } 152 153 void CPECheckDlg::OnSysCommand(UINT nID, LPARAM lParam) 154 { 155 if ((nID & 0xFFF0) == IDM_ABOUTBOX) 156 { 157 CAboutDlg dlgAbout; 158 dlgAbout.DoModal(); 159 } 160 else 161 { 162 CDialogEx::OnSysCommand(nID, lParam); 163 } 164 } 165 166 // 如果向对话框添加最小化按钮,则需要下面的代码 167 // 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序, 168 // 这将由框架自动完成。 169 170 void CPECheckDlg::OnPaint() 171 { 172 if (IsIconic()) 173 { 174 CPaintDC dc(this); // 用于绘制的设备上下文 175 176 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0); 177 178 // 使图标在工作区矩形中居中 179 int cxIcon = GetSystemMetrics(SM_CXICON); 180 int cyIcon = GetSystemMetrics(SM_CYICON); 181 CRect rect; 182 GetClientRect(&rect); 183 int x = (rect.Width() - cxIcon + 1) / 2; 184 int y = (rect.Height() - cyIcon + 1) / 2; 185 186 // 绘制图标 187 dc.DrawIcon(x, y, m_hIcon); 188 } 189 else 190 { 191 CDialogEx::OnPaint(); 192 } 193 } 194 195 //当用户拖动最小化窗口时系统调用此函数取得光标 196 //显示。 197 HCURSOR CPECheckDlg::OnQueryDragIcon() 198 { 199 return static_cast<HCURSOR>(m_hIcon); 200 } 201 202 203 204 BOOL CPECheckDlg::LoadFileData(WCHAR* wzFilePath,CHAR** szFileData,ULONG* ulLow) 205 { 206 207 HANDLE hFile; 208 ULONG ulHigh = 0; 209 ULONG ulReturn = 0; 210 211 if (wzFilePath==NULL)//判断文件路径是否为空 212 { 213 return FALSE; 214 } 215 216 hFile = CreateFileW(wzFilePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); 217 218 if (hFile==INVALID_HANDLE_VALUE) 219 { 220 return -1; 221 } 222 223 224 /* 225 // Case One: calling the function with 226 // lpFileSizeHigh == NULL 227 228 // Try to obtain hFile's size 229 dwSize = GetFileSize (hFile, NULL) ; 230 231 // If we failed ... 232 if (dwSize == 0xFFFFFFFF) { 233 234 // Obtain the error code. 235 dwError = GetLastError() ; 236 237 // Deal with that failure. 238 . 239 . 240 . 241 242 } // End of error handler 243 244 245 // 246 // Case Two: calling the function with 247 // lpFileSizeHigh != NULL 248 249 // Try to obtain hFile's huge size. 250 dwSizeLow = GetFileSize (hFile, & dwSizeHigh) ; 251 252 // If we failed ... 253 if (dwSizeLow == 0xFFFFFFFF 254 && 255 (dwError = GetLastError()) != NO_ERROR ){ 256 257 // Deal with that failure. 258 . 259 . 260 . 261 262 } // End of error handler. */ 263 264 *ulLow = GetFileSize(hFile,&ulHigh); 265 266 *szFileData = new char[*ulLow + 20]; 267 268 if (ReadFile(hFile,*szFileData,*ulLow,&ulReturn,NULL)==0) 269 { 270 CloseHandle(hFile); 271 delete *szFileData; 272 return FALSE; 273 } 274 275 276 return TRUE; 277 278 279 } 280 281 BOOL CPECheckDlg::IsPEFile(CHAR* szFileData,PETYPE* PeType) 282 { 283 PIMAGE_DOS_HEADER DosHead =NULL; 284 PIMAGE_NT_HEADERS NtHead = NULL; 285 IMAGE_FILE_HEADER FileHead = {0}; 286 287 DosHead = (PIMAGE_DOS_HEADER)szFileData; 288 if (DosHead->e_magic!=IMAGE_DOS_SIGNATURE) 289 { 290 return FALSE; 291 } 292 293 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew); 294 295 if (NtHead->Signature!=IMAGE_NT_SIGNATURE) 296 { 297 return FALSE; 298 } 299 300 FileHead = NtHead->FileHeader; 301 switch(FileHead.Machine) //根据NT头中的FileHeader.Machine判断是哪种PE文件 302 { 303 case IMAGE_FILE_MACHINE_IA64: 304 case IMAGE_FILE_MACHINE_AMD64: 305 *PeType = PE64; 306 break; 307 308 case IMAGE_FILE_MACHINE_I386: 309 *PeType = PE; 310 break; 311 312 default: *PeType = Unkonw; 313 } 314 315 return TRUE; 316 317 318 } 319 320 void CPECheckDlg::OnDropFiles(HDROP hDropInfo) 321 { 322 // TODO: 在此添加消息处理程序代码和/或调用默认值 323 UpdateData(TRUE); 324 325 CRect tabRect; 326 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect 327 // 调整tabRect,使其覆盖范围适合放置标签页 328 tabRect.left += 1; 329 tabRect.right -= 1; 330 tabRect.top += 25; 331 tabRect.bottom -= 1; 332 333 334 335 DragQueryFile(hDropInfo,0,m_FilePath,MAX_PATH);//取得第一个文件的路径 336 337 if(_wcsicmp(m_FilePath,m_EditFilePath.GetBuffer()) == 0) 338 { 339 goto END; 340 } 341 342 m_EditFilePath = m_FilePath; 343 344 //得到要检查文件的完整路径 345 346 347 if(LoadFileData(m_FilePath,&m_szFileData,&m_ulLow)==FALSE) 348 { 349 free(m_szFileData); 350 return ; 351 } 352 353 g_szFileData = m_szFileData; 354 355 if(IsPEFile(m_szFileData,&PeType)==FALSE) 356 { 357 MessageBox(L"不是PE文件",L"PECheck",0); 358 359 return; 360 } 361 362 switch(PeType) 363 { 364 case PE: 365 { 366 m_EditFileType.Format(L"32位 MZ (0x%p)",(ULONG_PTR)m_szFileData); 367 break; 368 } 369 370 case PE64: 371 { 372 m_EditFileType.Format(L"64位 MZ (0x%p)",(ULONG_PTR)m_szFileData); 373 break; 374 } 375 case Unkonw: 376 { 377 m_EditFileType = L"未知"; 378 break; 379 } 380 default: 381 break; 382 } 383 //m_PeHeaderDlg 384 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW); 385 m_PeHeaderDlg.CheckPEHeader(); 386 UpdateData(FALSE); 387 388 END: 389 390 CDialogEx::OnDropFiles(hDropInfo); 391 } 392 393 394 void CPECheckDlg::OnTcnSelchangeTabMain(NMHDR *pNMHDR, LRESULT *pResult) 395 { 396 // TODO: 在此添加控件通知处理程序代码 397 398 ULONG m_SelectTab = 0; 399 400 m_SelectTab = m_TabMain.GetCurSel(); 401 g_SelectTab = m_SelectTab; 402 403 CRect tabRect; 404 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect 405 // 调整tabRect,使其覆盖范围适合放置标签页 406 tabRect.left += 1; 407 tabRect.right -= 1; 408 tabRect.top += 25; 409 tabRect.bottom -= 1; 410 411 switch(m_SelectTab) 412 { 413 case 0: 414 { 415 416 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW); 417 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW); 418 m_PeHeaderDlg.CheckPEHeader(); 419 420 break; 421 } 422 423 case 1: 424 case 2: 425 case 3: 426 case 4: 427 case 5: 428 { 429 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW); 430 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW); 431 432 m_PeTableDlg.ShowPeTable(m_szFileData,PeType); 433 434 break; 435 } 436 437 438 } 439 440 441 *pResult = 0; 442 }
1 #pragma once 2 3 4 // CPEHeaderDlg 对话框 5 6 class CPEHeaderDlg : public CDialog 7 { 8 DECLARE_DYNAMIC(CPEHeaderDlg) 9 10 public: 11 CPEHeaderDlg(CWnd* pParent = NULL); // 标准构造函数 12 virtual ~CPEHeaderDlg(); 13 CHAR* m_FileData; 14 // 对话框数据 15 enum { IDD = IDD_DIALOG_PEHEADER }; 16 17 protected: 18 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持 19 20 DECLARE_MESSAGE_MAP() 21 public: 22 CString m_EditFileSign; 23 CString m_EditNumberofSec; 24 CString m_EditSizeOfOption; 25 CString m_EditOptionMagic; 26 CString m_EditOpEntry; 27 CString m_EditOpBaseOfData; 28 CString m_EditOpBaseOfCode; 29 CString m_EditSectionAligment; 30 CString m_EditFileAligment; 31 CString m_EditOpNumOfDir; 32 CString m_EditOpImageBase; 33 CString m_NumberofSection; 34 35 virtual BOOL OnInitDialog(); 36 VOID CPEHeaderDlg::CheckPEHeader(); 37 };
1 // PEHeaderDlg.cpp : 实现文件 2 // 3 4 #include "stdafx.h" 5 #include "PECheck.h" 6 #include "PEHeaderDlg.h" 7 #include "afxdialogex.h" 8 9 10 11 extern CHAR* g_szFileData; 12 // CPEHeaderDlg 对话框 13 14 IMPLEMENT_DYNAMIC(CPEHeaderDlg, CDialog) 15 16 CPEHeaderDlg::CPEHeaderDlg(CWnd* pParent /*=NULL*/) 17 : CDialog(CPEHeaderDlg::IDD, pParent) 18 , m_EditFileSign(_T("")) 19 , m_EditNumberofSec(_T("")) 20 , m_EditSizeOfOption(_T("")) 21 , m_EditOptionMagic(_T("")) 22 , m_EditOpEntry(_T("")) 23 , m_EditOpBaseOfData(_T("")) 24 , m_EditOpBaseOfCode(_T("")) 25 , m_EditSectionAligment(_T("")) 26 , m_EditFileAligment(_T("")) 27 , m_EditOpNumOfDir(_T("")) 28 , m_EditOpImageBase(_T("")) 29 { 30 m_FileData = g_szFileData; 31 } 32 33 CPEHeaderDlg::~CPEHeaderDlg() 34 { 35 } 36 37 void CPEHeaderDlg::DoDataExchange(CDataExchange* pDX) 38 { 39 CDialog::DoDataExchange(pDX); 40 DDX_Text(pDX, IDC_EDIT_PEHEASER_SIGN, m_EditFileSign); 41 DDX_Text(pDX, IDC_NUMBER_SECTION, m_EditNumberofSec); 42 DDX_Text(pDX, IDC_EDIT_PEHEADER_FILE_NUMBEROFSECTION, m_EditSizeOfOption); 43 DDX_Text(pDX, IDC_NUMBER_SECTION3, m_EditOptionMagic); 44 DDX_Text(pDX, IDC_NUMBER_SECTION5, m_EditOpEntry); 45 DDX_Text(pDX, IDC_NUMBER_SECTION8, m_EditOpBaseOfData); 46 DDX_Text(pDX, IDC_NUMBER_SECTION2, m_EditOpBaseOfCode); 47 DDX_Text(pDX, IDC_NUMBER_SECTION6, m_EditSectionAligment); 48 DDX_Text(pDX, IDC_NUMBER_SECTION7, m_EditFileAligment); 49 DDX_Text(pDX, IDC_NUMBER_SECTION4, m_EditOpNumOfDir); 50 DDX_Text(pDX, IDC_NUMBER_SECTION9, m_EditOpImageBase); 51 } 52 53 54 BEGIN_MESSAGE_MAP(CPEHeaderDlg, CDialog) 55 END_MESSAGE_MAP() 56 57 58 // CPEHeaderDlg 消息处理程序 59 60 61 BOOL CPEHeaderDlg::OnInitDialog() 62 { 63 CDialog::OnInitDialog(); 64 65 // TODO: 在此添加额外的初始化 66 67 CheckPEHeader(); 68 return TRUE; // return TRUE unless you set the focus to a control 69 // 异常: OCX 属性页应返回 FALSE 70 } 71 72 VOID CPEHeaderDlg::CheckPEHeader() 73 { 74 UpdateData(TRUE); 75 //exture szFileData; 76 PIMAGE_DOS_HEADER DosHead; 77 PIMAGE_NT_HEADERS NtHead = NULL; 78 IMAGE_FILE_HEADER FileHead = {0}; 79 ULONG FileKind = 0; 80 PIMAGE_NT_HEADERS64 NtHeader64 = NULL; 81 PIMAGE_NT_HEADERS32 NtHeader32 = NULL; 82 IMAGE_OPTIONAL_HEADER32 OptionHead32; 83 IMAGE_OPTIONAL_HEADER64 OptionHead64; 84 85 m_FileData = g_szFileData; 86 87 if (m_FileData == NULL) 88 { 89 90 return ; 91 } 92 DosHead = (PIMAGE_DOS_HEADER)m_FileData; 93 NtHead = (PIMAGE_NT_HEADERS)((ULONG)m_FileData+DosHead->e_lfanew); 94 CHAR szMagic[64] = {0}; 95 memcpy(szMagic,(CHAR*)NtHead,4); 96 97 m_EditFileSign = szMagic; 98 99 FileHead = NtHead->FileHeader; 100 m_NumberofSection.Format(L"%d",FileHead.NumberOfSections); 101 m_EditSizeOfOption.Format(L"0x%x",FileHead.SizeOfOptionalHeader); 102 if (FileHead.Machine == IMAGE_FILE_MACHINE_IA64||FileHead.Machine == IMAGE_FILE_MACHINE_AMD64) 103 { 104 FileKind = 64; 105 106 } 107 else if (FileHead.Machine == IMAGE_FILE_MACHINE_I386) 108 { 109 FileKind = 32; 110 } 111 112 else 113 { 114 FileKind = -1; 115 } 116 117 switch(FileKind) 118 { 119 case 32:{ 120 121 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead; 122 OptionHead32 = NtHeader32->OptionalHeader; 123 124 if (OptionHead32.Magic==0x0107) 125 { 126 m_EditOptionMagic.Format(L"ROM映像"); 127 } 128 else if (OptionHead32.Magic==0x010B) 129 { 130 m_EditOptionMagic.Format(L"可执行映像"); 131 } 132 else 133 { 134 m_EditOptionMagic.Format(L"PE32+"); 135 } 136 137 m_EditOpEntry.Format(L"0x%x",OptionHead32.AddressOfEntryPoint); 138 m_EditOpBaseOfData.Format(L"0x%x",OptionHead32.BaseOfData); 139 m_EditOpBaseOfCode.Format(L"0x%x",OptionHead32.BaseOfCode); 140 m_EditSectionAligment.Format(L"0x%x",OptionHead32.SectionAlignment); 141 m_EditFileAligment.Format(L"0x%x",OptionHead32.FileAlignment); 142 m_EditOpNumOfDir.Format(L"%d",OptionHead32.NumberOfRvaAndSizes); 143 m_EditOpImageBase.Format(L"0x%x",OptionHead32.ImageBase); 144 145 break; 146 } 147 148 case 64: 149 { 150 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead; 151 OptionHead64 = NtHeader64->OptionalHeader; 152 153 if (OptionHead64.Magic==0x0107) 154 { 155 m_EditOptionMagic.Format(L"ROM映像"); 156 } 157 else if (OptionHead64.Magic==0x010B) 158 { 159 m_EditOptionMagic.Format(L"可执行映像"); 160 } 161 else 162 { 163 m_EditOptionMagic.Format(L"PE32+"); 164 } 165 166 m_EditOpEntry.Format(L"0x%x",OptionHead64.AddressOfEntryPoint); 167 m_EditOpBaseOfCode.Format(L"0x%x",OptionHead64.BaseOfCode); 168 m_EditSectionAligment.Format(L"0x%x",OptionHead64.SectionAlignment); 169 m_EditFileAligment.Format(L"0x%x",OptionHead64.FileAlignment); 170 m_EditOpNumOfDir.Format(L"%d",OptionHead64.NumberOfRvaAndSizes); 171 m_EditOpImageBase.Format(L"0x%p",OptionHead64.ImageBase); 172 break; 173 } 174 175 default: 176 break; 177 178 } 179 180 UpdateData(FALSE); 181 182 183 184 }