PETools源码

时间:2015-05-29 18:32:29
【文件属性】:

文件名称:PETools源码

文件大小:94KB

文件格式:RAR

更新时间:2015-05-29 18:32:29

PETools 源码

PETools 源码 // ImportTable.cpp : implementation file // #include "stdafx.h" #include "PEinfo by saga.h" #include "ImportTable.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif ///////////////////////////////////////////////////////////////////////////// // CImportTable dialog CImportTable::CImportTable(CWnd* pParent /*=NULL*/) : CDialog(CImportTable::IDD, pParent) { //{{AFX_DATA_INIT(CImportTable) //}}AFX_DATA_INIT } void CImportTable::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); //{{AFX_DATA_MAP(CImportTable) DDX_Control(pDX, IDC_LIST2, m_ListCtrl2); DDX_Control(pDX, IDC_LIST1, m_ListCtrl1); //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CImportTable, CDialog) //{{AFX_MSG_MAP(CImportTable) ON_NOTIFY(NM_CLICK, IDC_LIST1, OnClickList1) //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CImportTable message handlers BOOL CImportTable::OnInitDialog() { // TODO: Add extra initialization here CDialog::OnInitDialog(); CFile PEfile,PEfile2; WORD NumofSection; DWORD n,j,ImpRVA,ImpRaw,NameRaw; char cBuff[1024]; IMAGE_IMPORT_DESCRIPTOR ImpDescriptor; if (!PEfile.Open(CPEinfo::FilePathName.GetBuffer(CPEinfo::\ FilePathName.GetLength()),CFile::shareDenyNone)) { MessageBox("无法打开文件!"); return TRUE; } else{ PEfile.Seek(CPEinfo::DosHeader.e_lfanew,CFile::begin); PEfile.Seek(sizeof(CPEinfo::NtHeader),CFile::current); } if (!PEfile2.Open(CPEinfo::FilePathName.GetBuffer(CPEinfo::\ FilePathName.GetLength()),CFile::shareDenyNone)) { MessageBox("无法打开文件!"); return TRUE; } this->m_ListCtrl1.InsertColumn(0,"DLL Name",LVCFMT_LEFT,80); this->m_ListCtrl1.InsertColumn(1,"OriginalFirstThunk",LVCFMT_LEFT,98); this->m_ListCtrl1.InsertColumn(2,"TimeDateStamp",LVCFMT_LEFT,94); this->m_ListCtrl1.InsertColumn(3,"ForwarderChain",LVCFMT_LEFT,94); this->m_ListCtrl1.InsertColumn(4,"Name",LVCFMT_LEFT,90); this->m_ListCtrl1.InsertColumn(5,"FirstThunk",LVCFMT_LEFT,94); this->m_ListCtrl1.SetExtendedStyle(LVS_EX_FULLROWSELECT); this->m_ListCtrl2.InsertColumn(0,"ThunkRVA",LVCFMT_LEFT,90); this->m_ListCtrl2.InsertColumn(1,"ThunkValue",LVCFMT_LEFT,90); this->m_ListCtrl2.InsertColumn(2,"Hint",LVCFMT_LEFT,50); this->m_ListCtrl2.InsertColumn(3,"Function Name",LVCFMT_LEFT,300); this->m_ListCtrl2.SetExtendedStyle(LVS_EX_FULLROWSELECT); NumofSection=CPEinfo::NtHeader.FileHeader.NumberOfSections; ImpRVA=CPEinfo::NtHeader.OptionalHeader.DataDirectory[1].VirtualAddress; for(n=NumofSection;n>0;n--){ PEfile.Read(&CPEinfo;::SecHeader,sizeof(CPEinfo::SecHeader)); if (ImpRVA<(CPEinfo::SecHeader.VirtualAddress+\ CPEinfo::SecHeader.Misc.VirtualSize)) { ImpRaw=ImpRVA-CPEinfo::SecHeader.VirtualAddress\ +CPEinfo::SecHeader.PointerToRawData; break; } } PEfile.Seek(ImpRaw,CFile::begin); n=0; while (TRUE) { PEfile.Read(&ImpDescriptor;,20); if (ImpDescriptor.Name==NULL) { break; } else { NameRaw=ImpDescriptor.Name-ImpRVA+ImpRaw; PEfile2.Seek(NameRaw,CFile::begin); for(j=0;j<1024;j++){ PEfile2.Read(&cBuff;[j],1); if (cBuff[j]==NULL) { break; } } this->m_ListCtrl1.InsertItem(n,cBuff); wsprintf(cBuff,"lX",ImpDescriptor.OriginalFirstThunk); this->m_ListCtrl1.SetItemText(n,1,cBuff); wsprintf(cBuff,"lX",ImpDescriptor.TimeDateStamp); this->m_ListCtrl1.SetItemText(n,2,cBuff); wsprintf(cBuff,"lX",ImpDescriptor.ForwarderChain); this->m_ListCtrl1.SetItemText(n,3,cBuff); wsprintf(cBuff,"lX",ImpDescriptor.Name); this->m_ListCtrl1.SetItemText(n,4,cBuff); wsprintf(cBuff,"lX",ImpDescriptor.FirstThunk); this->m_ListCtrl1.SetItemText(n,5,cBuff); n++; } } PEfile.Close(); PEfile2.Close(); return TRUE; // return TRUE unless you set the focus to a control // EXCEPTION: OCX Property Pages should return FALSE } void CImportTable::OnClickList1(NMHDR* pNMHDR, LRESULT* pResult) { // TODO: Add your control notification handler code here POSITION SelectItemNum; char cBuff[1024]; CFile PEfile,PEfile2; DWORD n,j,ImpRVA,ImpRaw,IATRaw,NameRaw; WORD NumofSection,Hint; IMAGE_IMPORT_DESCRIPTOR ImpDescriptor; IMAGE_THUNK_DATA ThunkData; if (!PEfile.Open(CPEinfo::FilePathName.GetBuffer(CPEinfo::\ FilePathName.GetLength()),CFile::shareDenyNone)) { MessageBox("无法打开文件!"); return; } else{ PEfile.Seek(CPEinfo::DosHeader.e_lfanew,CFile::begin); PEfile.Seek(sizeof(CPEinfo::NtHeader),CFile::current); } if (!PEfile2.Open(CPEinfo::FilePathName.GetBuffer(CPEinfo::\ FilePathName.GetLength()),CFile::shareDenyNone)) { MessageBox("无法打开文件!"); return; } NumofSection=CPEinfo::NtHeader.FileHeader.NumberOfSections; ImpRVA=CPEinfo::NtHeader.OptionalHeader.DataDirectory[1].VirtualAddress; for(n=NumofSection;n>0;n--){ PEfile.Read(&CPEinfo;::SecHeader,sizeof(CPEinfo::SecHeader)); if (ImpRVA<(CPEinfo::SecHeader.VirtualAddress+CPEinfo::SecHeader.Misc.VirtualSize)) { ImpRaw=ImpRVA-CPEinfo::SecHeader.VirtualAddress +CPEinfo::SecHeader.PointerToRawData; break; } } PEfile.Seek(ImpRaw,CFile::begin); if ((SelectItemNum=this->m_ListCtrl1.GetFirstSelectedItemPosition())==NULL) { return; } this->m_ListCtrl2.DeleteAllItems(); j=DWORD(SelectItemNum); for(n=0;nm_ListCtrl2.InsertItem(n,cBuff); wsprintf(cBuff,"lX",ThunkData); this->m_ListCtrl2.SetItemText(n,1,cBuff); if (((DWORD)ThunkData.u1.AddressOfData&0x80000000;)==0x80000000) { this->m_ListCtrl2.SetItemText(n,2,"--"); this->m_ListCtrl2.SetItemText(n,3,"--"); } else{ NameRaw=(DWORD)ThunkData.u1.AddressOfData-ImpRVA+ImpRaw; PEfile2.Seek(NameRaw,CFile::begin); PEfile2.Read(&Hint;,2); wsprintf(cBuff,"lX",Hint); this->m_ListCtrl2.SetItemText(n,2,cBuff); for(j=0;j<1024;j++){ PEfile2.Read(&cBuff;[j],1); if (cBuff[j]==NULL) { break; } } this->m_ListCtrl2.SetItemText(n,3,cBuff); } ImpDescriptor.FirstThunk+=4; n++; } PEfile.Close(); PEfile2.Close(); *pResult = 0; }


网友评论

  • 用法很经典~
  • 计算机程序设计艺术 卷2:半数值算法(第3版)