早上起来看到这个代码 整理一下
1 // PETableDlg.cpp : 实现文件
2 //
3
4 #include "stdafx.h"
5 #include "PECheck.h"
6 #include "PETableDlg.h"
7 #include "afxdialogex.h"
8
9
10 // CPETableDlg 对话框
11
12 #define MakePtr(a,b,c) ((a)((char*)b+c))
13
14 extern
15 ULONG g_SelectTab;
16 extern
17 int dpix;
18
19 UINT g_Column_Count_DirTable = 5;
20 COLUMNSTRUCT g_Column_DirTableList[] =
21 {
22 { L"Name", 180 }, //ldr
23 { L"RVA", 150 }, //传递
24 { L"Size", 150 }, //
25 {L"RAW", 150},
26 {L"所属区块", 100}
27 };
28
29 UINT g_Column_Count_SectionTable = 5;
30 COLUMNSTRUCT g_Column_SectionTableList[] =
31 {
32 { L"Name", 180 }, //ldr
33 { L"RVA", 150 }, //传递
34 { L"内存区块大小(未对齐)", 150 }, //
35 {L"文件偏移(offset)", 150},
36 {L"文件大小", 150}
37 };
38
39 UINT g_Column_Count_ImportTable = 4;
40 COLUMNSTRUCT g_Column_ImportTableList[] =
41 {
42 { L"函数序号", 150 }, //ldr
43 { L"函数名", 180 }, //传递
44 { L"函数地址", 150 }, //
45 {L"导入模块",150}
46 };
47
48 UINT g_Column_Count_ExportTable = 5;
49 COLUMNSTRUCT g_Column_ExportTableList[] =
50 {
51 { L"函数序号", 150 }, //ldr
52 { L"函数名", 180 }, //传递
53 { L"函数地址", 150 }, //
54 {L"RVA", 150},
55 {L"Offset", 150}
56 };
57
58 UINT g_Column_Count_RelocTable = 7;
59 COLUMNSTRUCT g_Column_RelocTableList[] =
60 {
61 { L"重定位表RVA", 150 }, //ldr
62 {L"重定位表Offset",100},
63 { L"重定位结构大小", 180 }, //传递
64 { L"TypeOffset", 150 },
65 {L"重定位项RVA",150},
66 {L"重定位项Offset",100},
67 {L"需要重定位的数据",150}
68 };
69
70
71 WCHAR wzDirTable[15][64] = {L"导出表地址",L"导入名称表",L"资源表",L"异常表",L"证书",L"重定向表",L"调试",L"版权",L"全局指针",L"LTS",L"加载配置",L"绑定导入表",L"导入地址表(IAT)",L"延迟加载导入表",L".NET 运行时"};
72
73
74 IMPLEMENT_DYNAMIC(CPETableDlg, CDialog)
75
76 CPETableDlg::CPETableDlg(CWnd* pParent /*=NULL*/)
77 : CDialog(CPETableDlg::IDD, pParent)
78 , m_Table1(_T(""))
79 , m_Table2(_T(""))
80 , m_Table3(_T(""))
81 , m_Table4(_T(""))
82 , m_EditTable1(_T(""))
83 , m_EditTable2(_T(""))
84 , m_EditTable3(_T(""))
85 , m_EditTable4(_T(""))
86 {
87
88 }
89
90 CPETableDlg::~CPETableDlg()
91 {
92 }
93
94 void CPETableDlg::DoDataExchange(CDataExchange* pDX)
95 {
96 CDialog::DoDataExchange(pDX);
97 DDX_Control(pDX, IDC_LIST1, m_ListTable);
98 DDX_Text(pDX, IDC_STATIC_TABLE1, m_Table1);
99 DDX_Text(pDX, IDC_STATIC_TABLE2, m_Table2);
100 DDX_Text(pDX, IDC_STATIC_TABLE3, m_Table3);
101 DDX_Text(pDX, IDC_STATIC_TABLE4, m_Table4);
102 DDX_Text(pDX, IDC_EDIT_TABLE1, m_EditTable1);
103 DDX_Text(pDX, IDC_EDIT_TABLE2, m_EditTable2);
104 DDX_Text(pDX, IDC_EDIT_TABLE3, m_EditTable3);
105 DDX_Text(pDX, IDC_EDIT_TABLE4, m_EditTable4);
106 }
107
108
109 BEGIN_MESSAGE_MAP(CPETableDlg, CDialog)
110 // ON_EN_CHANGE(IDC_EDIT4, &CPETableDlg::OnEnChangeEdit4)
111 END_MESSAGE_MAP()
112
113
114 // CPETableDlg 消息处理程序
115
116
117 //void CPETableDlg::OnEnChangeEdit4()
118 //{
119 // // TODO: 如果该控件是 RICHEDIT 控件,它将不
120 // // 发送此通知,除非重写 CDialog::OnInitDialog()
121 // // 函数并调用 CRichEditCtrl().SetEventMask(),
122 // // 同时将 ENM_CHANGE 标志“或”运算到掩码中。
123 //
124 // // TODO: 在此添加控件通知处理程序代码
125 //}
126
127
128
129 VOID
130 CPETableDlg::ShowPeTable(CHAR* FileData,PETYPE PeType)
131 {
132 UpdateData(TRUE);
133
134 switch(g_SelectTab)
135 {
136 case 1:
137 {
138 //m_GroupStatic.Format(L"目录表详细信息");
139 m_Table1.Format(L"");
140 m_Table2.Format(L"");
141 m_Table3.Format(L"");
142 m_Table4.Format(L"");
143
144 ShowDataDirTable(FileData,PeType);
145 break;
146 }
147
148 case 2:
149 {
150 //m_GroupStatic.Format(L"区块表详细信息");
151 m_Table1.Format(L"");
152 m_Table2.Format(L"");
153 m_Table3.Format(L"");
154 m_Table4.Format(L"");
155
156 ShowSectionTable(FileData,PeType);
157 break;
158 }
159
160 case 3:
161 {
162 //m_GroupStatic.Format(L"导入表详细信息");
163
164 m_Table1.Format(L"输入表RVA");
165 m_Table2.Format(L"");
166 m_Table3.Format(L"");
167 m_Table4.Format(L"");
168
169 ShowImportTable(FileData,PeType);
170 break;
171 }
172
173 case 4:
174 {
175 //m_GroupStatic.Format(L"导出表详细信息");
176
177 m_Table1.Format(L"模块真实名称");
178 m_Table2.Format(L"函数地址数组RVA");
179 m_Table3.Format(L"函数名字指针RVA");
180 m_Table4.Format(L"导出序号数组RVA");
181
182 m_EditTable1.Format(L"");
183
184 ShowExportTable(FileData,PeType);
185 break;
186 }
187
188 case 5:
189 {
190 m_Table1.Format(L"");
191 m_Table2.Format(L"");
192 m_Table3.Format(L"");
193 m_Table4.Format(L"");
194 ShowRelocTable(FileData,PeType);
195
196 break;
197 }
198
199 default:
200 break;
201 }
202
203 UpdateData(FALSE);
204 }
205
206
207 VOID
208 CPETableDlg::ShowDataDirTable(CHAR* szFileData,PETYPE PeType)
209 {
210
211 PIMAGE_NT_HEADERS32 NtHead = NULL;
212 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
213 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
214 IMAGE_OPTIONAL_HEADER32 OptionHead32;
215 IMAGE_OPTIONAL_HEADER64 OptionHead64;
216 PIMAGE_SECTION_HEADER SectionHeader = NULL;
217
218 ULONG DataDirTable = 0;
219 ULONG DataSize = 0;
220 ULONG_PTR DataRaw = 0;
221
222 CString strRVA;
223 CString strSize;
224 CString strSection;
225 CString strRaw;
226
227 while(m_ListTable.DeleteColumn(0));
228 m_ListTable.DeleteAllItems();
229
230 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP);
231
232 UINT i = 0;
233 for (i = 0;i<g_Column_Count_DirTable;i++)
234 {
235 m_ListTable.InsertColumn(i, g_Column_DirTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_DirTableList[i].nWidth*(dpix/96.0)));
236 }
237
238 if (szFileData==NULL)
239 {
240 return;
241 }
242
243 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData; //ReadFile()返回的szFileData地址
244
245 switch(PeType)
246 {
247 case PE:
248 {
249 NtHeader32 = (PIMAGE_NT_HEADERS32)((ULONG)szFileData+DosHead->e_lfanew);
250 OptionHead32 = NtHeader32->OptionalHeader;
251
252 for (int i = 0;i<OptionHead32.NumberOfRvaAndSizes;i++)
253 {
254 DataDirTable = OptionHead32.DataDirectory[i].VirtualAddress;
255 DataSize = OptionHead32.DataDirectory[i].Size;
256
257 //得到数据块在文件中的偏移
258 DataRaw = RVATwoOffset(NtHeader32,DataDirTable);
259
260 //计算数据块属于哪个节中
261 SectionHeader = GetSectionHeaderFromRva(DataDirTable,(PIMAGE_NT_HEADERS)NtHeader32);
262
263 strRVA.Format(L"0x%X",DataDirTable);
264 strSize.Format(L"0x%X",DataSize);
265 strSection = SectionHeader->Name;
266 strRaw.Format(L"0x%X",DataRaw);
267
268 int n = m_ListTable.GetItemCount();
269 int j = m_ListTable.InsertItem(n, wzDirTable[i]);
270 m_ListTable.SetItemText(j, 1, strRVA);
271 m_ListTable.SetItemText(j, 2, strSize);
272 m_ListTable.SetItemText(j,3,strRaw);
273 m_ListTable.SetItemText(j,4,strSection);
274
275 }
276
277
278 break;
279 }
280
281 case PE64:
282 {
283 NtHeader64 = (PIMAGE_NT_HEADERS64)((ULONG)szFileData+DosHead->e_lfanew);
284
285 OptionHead64 = NtHeader64->OptionalHeader;
286
287 for (int i = 0;i<OptionHead64.NumberOfRvaAndSizes;i++)
288 {
289 DataDirTable = OptionHead64.DataDirectory[i].VirtualAddress;
290 DataSize = OptionHead64.DataDirectory[i].Size;
291
292 DataRaw = RVATwoOffset64(NtHeader64,DataDirTable);
293
294 SectionHeader = GetSectionHeaderFromRva(DataDirTable,(PIMAGE_NT_HEADERS)NtHeader64);
295
296 strRVA.Format(L"0x%X",DataDirTable);
297 strSize.Format(L"0x%X",DataSize);
298 strSection = SectionHeader->Name;
299 strRaw.Format(L"0x%X",DataRaw);
300
301 int n = m_ListTable.GetItemCount();
302 int j = m_ListTable.InsertItem(n, wzDirTable[i]);
303 m_ListTable.SetItemText(j, 1, strRVA);
304 m_ListTable.SetItemText(j, 2, strSize);
305 m_ListTable.SetItemText(j,3,strRaw);
306 m_ListTable.SetItemText(j,4,strSection);
307
308 }
309
310 break;
311 }
312 default:
313 break;
314
315 }
316 }
317
318 PIMAGE_SECTION_HEADER
319 CPETableDlg::GetSectionHeaderFromRva(ULONG RVA,PIMAGE_NT_HEADERS NtHeader) //判断RVA是在那个节表当中
320 {
321 ULONG i = 0;
322
323
324 //Nt头得到节表
325 PIMAGE_SECTION_HEADER SectionHeader = IMAGE_FIRST_SECTION(NtHeader);
326
327 //Nt头中的File头中有区块表的个数 区块表是若干SECTION_HEADER个数据结构,个数是在文件头的NumberofSection中
328 for (i=0;i<NtHeader->FileHeader.NumberOfSections;i++,SectionHeader++)
329 {
330
331 if ((RVA>=SectionHeader->VirtualAddress)&&
332 (RVA<(SectionHeader->VirtualAddress + SectionHeader->Misc.VirtualSize)))
333 {
334 return SectionHeader;
335 }
336 }
337
338 return NULL;
339 }
340
341 DWORD RVATwoOffset(PIMAGE_NT_HEADERS32 NTHeader, ULONG ulRVA)
342 {
343 PIMAGE_SECTION_HEADER SectionHeader =
344 (PIMAGE_SECTION_HEADER)((ULONG)NTHeader + sizeof(IMAGE_NT_HEADERS)); //获得节表
345
346 for(int i = 0; i < NTHeader->FileHeader.NumberOfSections; i++)
347 {
348 //查询导出表是属于哪个节的
349 /***********************************************************************
350 SectionHeader[i].VirtualAddress 节起始的RVA 0x1000
351 SectionHeader[i].SizeOfRawData 节在文件上的大小
352 SectionHeader[i].PointerToRawData 这是节基于文件的偏移量,PE 装载器通过本域值找到节数据在文件中的位置
353
354 假如导出表在.txt节中
355 SectionHeader[i].PointerToRawData == 0x200 SectionHeader[i].VirtualAddress == 0x1000
356 ulRVA = 0x1030
357
358 那么导出表在文件中的偏移就是0x230 返回
359 ***********************************************************************/
360 if(ulRVA >= SectionHeader[i].VirtualAddress && ulRVA <
361 (SectionHeader[i].VirtualAddress
362 + SectionHeader[i].SizeOfRawData))
363 {
364 //文件偏移
365 return SectionHeader[i].PointerToRawData +
366 (ulRVA - SectionHeader[i].VirtualAddress);
367 }
368 }
369
370 return 0;
371 }
372
373 ULONG_PTR RVATwoOffset64(PIMAGE_NT_HEADERS64 NTHeader, ULONG_PTR ulRVA)
374 {
375 PIMAGE_SECTION_HEADER SectionHeader =
376 (PIMAGE_SECTION_HEADER)((ULONG_PTR)NTHeader + sizeof(IMAGE_NT_HEADERS64)); //获得节表
377
378 for(int i = 0; i < NTHeader->FileHeader.NumberOfSections; i++)
379 {
380 //查询导出表是属于哪个节的
381 /***********************************************************************
382 SectionHeader[i].VirtualAddress 节起始的RVA 0x1000
383 SectionHeader[i].SizeOfRawData 节在文件上的大小
384 SectionHeader[i].PointerToRawData 这是节基于文件的偏移量,PE 装载器通过本域值找到节数据在文件中的位置
385
386 假如导出表在.txt节中
387 SectionHeader[i].PointerToRawData == 0x200 SectionHeader[i].VirtualAddress == 0x1000
388 ulRVA = 0x1030
389
390 那么导出表在文件中的偏移就是0x230 返回
391 ***********************************************************************/
392 if(ulRVA >= SectionHeader[i].VirtualAddress && ulRVA <
393 (SectionHeader[i].VirtualAddress
394 + SectionHeader[i].SizeOfRawData))
395 {
396 //文件偏移
397 return SectionHeader[i].PointerToRawData +
398 (ulRVA - SectionHeader[i].VirtualAddress);
399 }
400 }
401
402 return 0;
403 }
404
405
406
407 VOID
408 CPETableDlg::ShowSectionTable(CHAR* szFileData,PETYPE PeType)
409 {
410 PIMAGE_NT_HEADERS NtHead = NULL;
411 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
412 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
413
414 IMAGE_FILE_HEADER FileHeader;
415
416 ULONG DataSize = 0;
417 PIMAGE_SECTION_HEADER SectionHeader;
418
419 CString SectionName;
420 CString strRVA;
421 CString strRSize;
422
423 CString strOffset;
424 CString strVsize;
425
426 while(m_ListTable.DeleteColumn(0));
427 m_ListTable.DeleteAllItems();
428
429 //CRect rect;
430 //GetWindowRect(rect);
431 ////设置ListContrl在对话框中的位置
432 //if (m_ListTable.m_hWnd != NULL)
433 //{
434 // CRect rc;
435 // rc.left = 0;
436 // rc.top = 0;
437 // rc.right = rect.Width() - 10;
438 // rc.bottom = rect.Height() - 35;
439 // m_ListTable.MoveWindow(rc);
440 //}
441
442 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP);
443
444 UINT i = 0;
445 for (i = 0;i<g_Column_Count_SectionTable;i++)
446 {
447 m_ListTable.InsertColumn(i, g_Column_SectionTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_SectionTableList[i].nWidth*(dpix/96.0)));
448 }
449
450 if (szFileData==NULL)
451 {
452 return;
453 }
454
455 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData;
456
457 //获得节表
458 if (PeType==PE)
459 {
460 NtHeader32 = (PIMAGE_NT_HEADERS32)((ULONG)szFileData+DosHead->e_lfanew);
461 FileHeader = NtHeader32->FileHeader;
462 SectionHeader = (PIMAGE_SECTION_HEADER)((ULONG_PTR)NtHeader32 + sizeof(IMAGE_NT_HEADERS32));
463 }
464 else
465 {
466 NtHeader64 = (PIMAGE_NT_HEADERS64)((ULONG)szFileData+DosHead->e_lfanew);
467 FileHeader = NtHeader64->FileHeader;
468
469 SectionHeader = (PIMAGE_SECTION_HEADER)((ULONG_PTR)NtHeader64 + sizeof(IMAGE_NT_HEADERS64));
470 }
471
472
473 for (int i = 0;i<FileHeader.NumberOfSections;i++,SectionHeader++)
474 {
475 SectionName = SectionHeader->Name;
476 strRVA.Format(L"0x%x",SectionHeader->VirtualAddress);
477 strRSize.Format(L"0x%x",SectionHeader->Misc.VirtualSize);
478
479 strOffset.Format(L"0x%x",SectionHeader->PointerToRawData);
480 strVsize.Format(L"0x%x",SectionHeader->SizeOfRawData);
481
482 int n = m_ListTable.GetItemCount();
483 int j = m_ListTable.InsertItem(n, SectionName);
484 m_ListTable.SetItemText(j, 1, strRVA);
485 m_ListTable.SetItemText(j, 2, strRSize);
486 m_ListTable.SetItemText(j,3,strOffset);
487 m_ListTable.SetItemText(j,4,strVsize);
488
489 }
490
491
492 UpdateData(FALSE);
493
494 }
495
496
497 VOID
498 CPETableDlg::ShowImportTable(CHAR* szFileData,PETYPE PeType)
499 {
500 PIMAGE_NT_HEADERS NtHead = NULL;
501 PIMAGE_THUNK_DATA ImportOriFirstThunk = NULL;
502 PIMAGE_IMPORT_BY_NAME OrdinalName = NULL;
503 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
504 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
505
506 IMAGE_OPTIONAL_HEADER32 OptionHead32;
507 IMAGE_OPTIONAL_HEADER64 OptionHead64;
508 IMAGE_DATA_DIRECTORY ImportDirectory = {0};
509 PIMAGE_IMPORT_DESCRIPTOR ImportTable = NULL;
510 ULONG_PTR ImportSize = 0;
511 ULONG_PTR ImportDiff = 0;
512 ULONG ulIndex = 0;
513
514 ULONG_PTR ulFuncRVA = 0;
515
516
517 CString strFuncName,strDllName;
518 CString strIndex = 0;
519
520
521 while(m_ListTable.DeleteColumn(0));
522 m_ListTable.DeleteAllItems();
523
524 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP);
525
526 UINT i = 0;
527 for (i = 0;i<g_Column_Count_ImportTable;i++)
528 {
529 m_ListTable.InsertColumn(i, g_Column_ImportTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_ImportTableList[i].nWidth*(dpix/96.0)));
530 }
531
532 if (szFileData==NULL)
533 {
534 return;
535 }
536
537 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData;
538
539 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew);
540
541 switch(PeType)
542 {
543 case PE:
544 {
545 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead;
546 OptionHead32 = NtHeader32->OptionalHeader;
547
548 ImportDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
549
550 m_EditTable1.Format(L"0x%p",ImportDirectory);
551
552 if (ImportDirectory.Size==0)
553 {
554 return;
555 }
556
557 ImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ImportDirectory.VirtualAddress));
558
559 while (ImportTable->Name)
560 {
561 char* DllName = (char*)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ImportTable->Name));
562 strDllName = DllName;
563
564 ImportOriFirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportTable->OriginalFirstThunk));
565
566 while(ImportOriFirstThunk->u1.Function)
567 {
568
569 int n = m_ListTable.GetItemCount();
570 strIndex.Format(L"%d",ulIndex);
571 int j = m_ListTable.InsertItem(n, strIndex);
572
573 //判断是以序数导入还是以Name导入
574 //最高位为1说明以序数导入 序号值为低31位
575 int Temp = ImportOriFirstThunk->u1.Ordinal&0x80000000;
576
577 if (Temp)
578 {
579 Temp = ImportOriFirstThunk->u1.Ordinal&0x7fffffff;
580 strIndex.Format(L"%d",Temp);
581 m_ListTable.SetItemText(j,1,strIndex);
582 }
583 else
584 {
585 OrdinalName = (PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportOriFirstThunk->u1.AddressOfData));
586 char* FuncName = (char*)OrdinalName->Name;
587 strFuncName = FuncName;
588
589 ulFuncRVA = (ULONG_PTR)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ImportOriFirstThunk->u1.ForwarderString));
590
591 m_ListTable.SetItemText(j,1,strFuncName);
592
593 }
594
595 m_ListTable.SetItemText(j,3,strDllName);
596
597 ulIndex++;
598 ImportOriFirstThunk++;
599
600 }
601
602 ImportTable++;
603 }
604
605
606 break;
607 }
608 case PE64:
609 {
610 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead;
611 OptionHead64 = NtHeader64->OptionalHeader;
612
613 ImportDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
614 if (ImportDirectory.Size==0)
615 {
616 return;
617 }
618
619 ImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ImportDirectory.VirtualAddress));
620
621
622 while (ImportTable->Name)
623 {
624 char* DllName = (char*)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ImportTable->Name));
625 strDllName = DllName;
626
627 ImportOriFirstThunk = (PIMAGE_THUNK_DATA)((ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,ImportTable->OriginalFirstThunk));
628
629 while(ImportOriFirstThunk->u1.Function)
630 {
631
632 int n = m_ListTable.GetItemCount();
633 strIndex.Format(L"%d",ulIndex);
634 int j = m_ListTable.InsertItem(n, strIndex);
635
636 INT64 Temp = ImportOriFirstThunk->u1.Ordinal&0x8000000000000000;
637
638 if (Temp)
639 {
640 Temp = ImportOriFirstThunk->u1.Ordinal&0x7fffffffffffffff;
641 strIndex.Format(L"%d",Temp);
642 m_ListTable.SetItemText(j,1,strIndex);
643 }
644 else
645 {
646 OrdinalName = (PIMAGE_IMPORT_BY_NAME)((ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,ImportOriFirstThunk->u1.AddressOfData));
647 char* FuncName = (char*)OrdinalName->Name;
648 strFuncName = FuncName;
649 m_ListTable.SetItemText(j,1,strFuncName);
650 }
651
652 m_ListTable.SetItemText(j,3,strDllName);
653
654 ulIndex++;
655 ImportOriFirstThunk++;
656
657 }
658
659 ImportTable++;
660 }
661
662
663 break;
664 }
665
666 default:
667 break;
668
669 }
670 }
671
672
673 VOID
674 CPETableDlg::ShowRelocTable(CHAR* szFileData,PETYPE PeType)
675 {
676 PIMAGE_NT_HEADERS NtHead = NULL;
677 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
678 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
679 IMAGE_OPTIONAL_HEADER32 OptionHead32;
680 IMAGE_OPTIONAL_HEADER64 OptionHead64;
681 IMAGE_DATA_DIRECTORY RelocDirectory = {0};
682
683 PIMAGE_BASE_RELOCATION RelocTable = NULL;
684 ULONG_PTR RelocRVA = 0;
685 ULONG_PTR BlocSize = 0;
686 ULONG_PTR RelocDataOffset = 0;
687
688 CString strRelocRVA,strRelocOffset,strRelocDataRVA,strRelcoDataOffset,strRelocDataOffset,strRelocData,strRelocSize;
689 CString strTypeOffset,strSizeOfBlock;
690
691 while(m_ListTable.DeleteColumn(0));
692 m_ListTable.DeleteAllItems();
693
694 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP);
695
696 UINT i = 0;
697 for (i = 0;i<g_Column_Count_RelocTable;i++)
698 {
699 m_ListTable.InsertColumn(i, g_Column_RelocTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_RelocTableList[i].nWidth*(dpix/96.0)));
700 }
701
702 if (szFileData==NULL)
703 {
704 return;
705 }
706
707 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData;
708 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew);
709
710 switch (PeType)
711 {
712 case PE:
713 {
714 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead;
715 OptionHead32 = NtHeader32->OptionalHeader;
716
717 RelocDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
718
719 if (RelocDirectory.Size==0)
720 {
721 return;
722 }
723
724
725 RelocTable = (PIMAGE_BASE_RELOCATION)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,RelocDirectory.VirtualAddress));
726
727 do
728 {
729 ULONG_PTR NumOfReloc=(RelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;
730
731 SHORT MiniOffset = 0;
732
733 PSHORT RelocData =(PSHORT)((ULONG_PTR)RelocTable+sizeof(IMAGE_BASE_RELOCATION));
734
735 for (i=0; i<NumOfReloc; i++)
736 {
737 PULONG_PTR RelocAddress = 0;//需要重定位的地址
738
739 if (((*RelocData)>>12)==IMAGE_REL_BASED_DIR64||((*RelocData)>>12)==IMAGE_REL_BASED_HIGHLOW)//判断重定位类型是否为IMAGE_REL_BASED_HIGHLOW[32]或IMAGE_REL_BASED_DIR64[64]
740 {
741 MiniOffset = (*RelocData)&0xfff;
742
743
744 RelocDataOffset = (ULONG_PTR)RVATwoOffset(NtHeader32,MiniOffset+RelocTable->VirtualAddress);
745
746 strSizeOfBlock.Format(L"0x%x",RelocTable->SizeOfBlock);
747 strTypeOffset.Format(L"0x%x",(*RelocData));
748
749 strRelocRVA.Format(L"0x%x",RelocTable->VirtualAddress);
750 strRelocOffset.Format(L"0x%x",RVATwoOffset(NtHeader32,RelocTable->VirtualAddress));
751
752 strRelocDataRVA.Format(L"0x%x",MiniOffset+RelocTable->VirtualAddress);
753 strRelocDataOffset.Format(L"0x%x",RelocDataOffset);
754
755 strRelocData.Format(L"0x%x",*(PULONG_PTR)((ULONG_PTR)szFileData+ RelocDataOffset));
756
757 int n = m_ListTable.GetItemCount();
758 int j = m_ListTable.InsertItem(n, strRelocRVA);
759 m_ListTable.SetItemText(j, 1, strRelocOffset);
760 m_ListTable.SetItemText(j, 2, strSizeOfBlock);
761 m_ListTable.SetItemText(j,3,strTypeOffset);
762 m_ListTable.SetItemText(j,4,strRelocDataRVA);
763 m_ListTable.SetItemText(j,5,strRelocDataOffset);
764 m_ListTable.SetItemText(j,6,strRelocData);
765
766
767 }
768
769 RelocData++;
770 }
771
772 RelocTable=(PIMAGE_BASE_RELOCATION)((ULONG_PTR)RelocTable+RelocTable->SizeOfBlock);
773
774 } while (RelocTable->VirtualAddress);
775
776
777 break;
778 }
779
780 case PE64:
781 {
782 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead;
783 OptionHead64 = NtHeader64->OptionalHeader;
784
785 RelocDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
786
787 if (RelocDirectory.Size==0)
788 {
789 return;
790 }
791
792
793 RelocTable = (PIMAGE_BASE_RELOCATION)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,RelocDirectory.VirtualAddress));
794
795 do
796 {
797 ULONG_PTR NumOfReloc=(RelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;
798
799 SHORT MiniOffset = 0;
800 PUSHORT RelocData =(PUSHORT)((ULONG_PTR)RelocTable+sizeof(IMAGE_BASE_RELOCATION));
801
802 for (i=0; i<NumOfReloc; i++)
803 {
804 PULONG_PTR RelocAddress = 0;//需要重定位的地址
805
806 if (((*RelocData)>>12)==IMAGE_REL_BASED_DIR64)//判断重定位类型是否为IMAGE_REL_BASED_HIGHLOW[32]或IMAGE_REL_BASED_DIR64[64]
807 {
808 MiniOffset = (*RelocData)&0xfff;
809
810
811 RelocDataOffset = (ULONG_PTR)RVATwoOffset64(NtHeader64,MiniOffset+RelocTable->VirtualAddress);
812
813 strSizeOfBlock.Format(L"0x%x",RelocTable->SizeOfBlock);
814 strTypeOffset.Format(L"0x%x",(*RelocData));
815
816 strRelocRVA.Format(L"0x%x",RelocTable->VirtualAddress);
817 strRelocOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,RelocTable->VirtualAddress));
818
819 strRelocDataRVA.Format(L"0x%x",MiniOffset+RelocTable->VirtualAddress);
820 strRelocDataOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,MiniOffset+RelocTable->VirtualAddress));
821
822 strRelocData.Format(L"0x%x",*(PULONG_PTR)((ULONG_PTR)szFileData+ RelocDataOffset));
823
824 int n = m_ListTable.GetItemCount();
825 int j = m_ListTable.InsertItem(n, strRelocRVA);
826 m_ListTable.SetItemText(j, 1, strRelocOffset);
827 m_ListTable.SetItemText(j, 2, strSizeOfBlock);
828 m_ListTable.SetItemText(j,3,strTypeOffset);
829 m_ListTable.SetItemText(j,4,strRelocDataRVA);
830 m_ListTable.SetItemText(j,5,strRelocDataOffset);
831 m_ListTable.SetItemText(j,6,strRelocData);
832
833
834 }
835
836 RelocData++;
837 }
838
839 RelocTable=(PIMAGE_BASE_RELOCATION)((ULONG_PTR)RelocTable+RelocTable->SizeOfBlock);
840
841 } while (RelocTable->VirtualAddress);
842
843
844 break;
845 }
846
847 default:
848 break;
849 }
850
851 }
852 VOID
853 CPETableDlg::ShowExportTable(CHAR* szFileData,PETYPE PeType)
854 {
855 PIMAGE_NT_HEADERS NtHead = NULL;
856 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
857 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
858 IMAGE_OPTIONAL_HEADER32 OptionHead32;
859 IMAGE_OPTIONAL_HEADER64 OptionHead64;
860 IMAGE_DATA_DIRECTORY ExportDirectory = {0};
861 PIMAGE_EXPORT_DIRECTORY ExportTable = NULL;
862
863 ULONG_PTR NameOfArrayRVA = NULL;
864 ULONG* NameOfArray = NULL;
865 ULONG_PTR OrdinalsOfArrayRVA = NULL;
866 WORD* OrdinalsOfArray = NULL;
867 ULONG_PTR FuncAddressOfArrayRVA = NULL;
868 ULONG* FuncAddressOfArray = NULL;
869 ULONG_PTR FuncAdress = NULL;
870
871 CString strIndex, strFuncName,strFuncAddr,strRVA,strOffset;
872
873 while(m_ListTable.DeleteColumn(0));
874 m_ListTable.DeleteAllItems();
875
876 m_ListTable.SetExtendedStyle(LVS_EX_FULLROWSELECT|LVS_EX_GRIDLINES|LVS_EX_HEADERDRAGDROP);
877
878 UINT i = 0;
879 for (i = 0;i<g_Column_Count_ExportTable;i++)
880 {
881 m_ListTable.InsertColumn(i, g_Column_ExportTableList[i].szTitle,LVCFMT_LEFT,(int)(g_Column_ExportTableList[i].nWidth*(dpix/96.0)));
882 }
883
884 if (szFileData==NULL)
885 {
886 return;
887 }
888
889
890 PIMAGE_DOS_HEADER DosHead = (PIMAGE_DOS_HEADER)szFileData;
891 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew);
892
893 switch(PeType)
894 {
895 case PE:
896 {
897 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead;
898 OptionHead32 = NtHeader32->OptionalHeader;
899
900 ExportDirectory = OptionHead32.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
901 if (ExportDirectory.Size==0)
902 {
903 return;
904 }
905
906 ExportTable = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)szFileData+ RVATwoOffset(NtHeader32,ExportDirectory.VirtualAddress));
907
908 CHAR* DllName = (CHAR*)((ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,ExportTable->Name));
909
910 m_EditTable1.Format(L"%S",DllName);
911
912 //
913 NameOfArrayRVA = (ULONG_PTR)(ExportTable->AddressOfNames);
914 m_EditTable3.Format(L"0x%p",NameOfArrayRVA);
915 NameOfArrayRVA = RVATwoOffset(NtHeader32,NameOfArrayRVA);
916 NameOfArray = (ULONG*)((ULONG_PTR)szFileData + NameOfArrayRVA);
917 CHAR* wzFuncName = NULL;
918
919 //
920 OrdinalsOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfNameOrdinals;
921 m_EditTable4.Format(L"0x%p",OrdinalsOfArrayRVA);
922 OrdinalsOfArrayRVA = RVATwoOffset(NtHeader32,OrdinalsOfArrayRVA);
923 OrdinalsOfArray = (WORD*)((ULONG_PTR)szFileData + OrdinalsOfArrayRVA);
924
925 //
926 FuncAddressOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfFunctions;
927 m_EditTable2.Format(L"0x%p",FuncAddressOfArrayRVA);
928 FuncAddressOfArrayRVA = RVATwoOffset(NtHeader32,FuncAddressOfArrayRVA);
929 FuncAddressOfArray = (ULONG*)((ULONG_PTR)szFileData + FuncAddressOfArrayRVA);
930
931
932 for (int i=0;i<ExportTable->NumberOfNames;i++)
933 {
934 wzFuncName = (CHAR*)((ULONG_PTR)szFileData+RVATwoOffset(NtHeader32,NameOfArray[i]));
935 FuncAdress =(ULONG_PTR)szFileData + RVATwoOffset(NtHeader32,FuncAddressOfArray[OrdinalsOfArray[i]]);
936
937 strIndex.Format(L"%d",OrdinalsOfArray[i]);
938 strFuncName.Format(L"%S",wzFuncName);
939 strFuncAddr.Format(L"0x%x",FuncAdress);
940 strRVA.Format(L"0x%x",FuncAddressOfArray[OrdinalsOfArray[i]]);
941 strOffset.Format(L"0x%x",RVATwoOffset(NtHeader32,FuncAddressOfArray[OrdinalsOfArray[i]]));
942
943
944 int n = m_ListTable.GetItemCount();
945 int j = m_ListTable.InsertItem(n, strIndex);
946 m_ListTable.SetItemText(j, 1, strFuncName);
947 m_ListTable.SetItemText(j, 2, strFuncAddr);
948 m_ListTable.SetItemText(j,3,strRVA);
949 m_ListTable.SetItemText(j,4,strOffset);
950
951 }
952
953
954 break;
955 }
956
957 case PE64:
958 {
959 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead;
960 OptionHead64 = NtHeader64->OptionalHeader;
961
962 ExportDirectory = OptionHead64.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
963 if (ExportDirectory.Size==0)
964 {
965 return;
966 }
967
968 ExportTable = (PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)szFileData+ RVATwoOffset64(NtHeader64,ExportDirectory.VirtualAddress));
969
970
971 NameOfArrayRVA = (ULONG_PTR)(ExportTable->AddressOfNames);
972 m_EditTable3.Format(L"0x%p",NameOfArrayRVA);
973 NameOfArrayRVA = RVATwoOffset64(NtHeader64,NameOfArrayRVA);
974 NameOfArray = (ULONG*)((ULONG_PTR)szFileData + NameOfArrayRVA);
975 CHAR* wzFuncName = NULL;
976
977
978 OrdinalsOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfNameOrdinals;
979 m_EditTable4.Format(L"0x%p",OrdinalsOfArrayRVA);
980 OrdinalsOfArrayRVA = RVATwoOffset64(NtHeader64,OrdinalsOfArrayRVA);
981 OrdinalsOfArray = (WORD*)((ULONG_PTR)szFileData + OrdinalsOfArrayRVA);
982
983
984 FuncAddressOfArrayRVA = (ULONG_PTR)ExportTable->AddressOfFunctions;
985 m_EditTable2.Format(L"0x%p",FuncAddressOfArrayRVA);
986 FuncAddressOfArrayRVA = RVATwoOffset64(NtHeader64,FuncAddressOfArrayRVA);
987 FuncAddressOfArray = (ULONG*)((ULONG_PTR)szFileData + FuncAddressOfArrayRVA);
988
989
990 for (int i=0;i<ExportTable->NumberOfNames;i++)
991 {
992 wzFuncName = (CHAR*)((ULONG_PTR)szFileData+RVATwoOffset64(NtHeader64,NameOfArray[i]));
993 FuncAdress =(ULONG_PTR)szFileData + RVATwoOffset64(NtHeader64,FuncAddressOfArray[OrdinalsOfArray[i]]);
994
995 strIndex.Format(L"%d",OrdinalsOfArray[i]);
996 strFuncName.Format(L"%S",wzFuncName);
997 strFuncAddr.Format(L"0x%x",FuncAdress);
998 strRVA.Format(L"0x%x",FuncAddressOfArray[OrdinalsOfArray[i]]);
999 strOffset.Format(L"0x%x",RVATwoOffset64(NtHeader64,FuncAddressOfArray[OrdinalsOfArray[i]]));
1000
1001
1002 int n = m_ListTable.GetItemCount();
1003 int j = m_ListTable.InsertItem(n, strIndex);
1004 m_ListTable.SetItemText(j, 1, strFuncName);
1005 m_ListTable.SetItemText(j, 2, strFuncAddr);
1006 m_ListTable.SetItemText(j,3,strRVA);
1007 m_ListTable.SetItemText(j,4,strOffset);
1008
1009 }
1010
1011
1012 break;
1013 }
1014 default:
1015 break;
1016
1017 }
1018
1019 UpdateData(FALSE);
1020 }
1 #pragma once
2 #include "afxcmn.h"
3 enum PETYPE
4 {
5 PE = 0,
6 PE64,
7 Unkonw
8 };
9 typedef struct _COLUMNSTRUCT
10 {
11 WCHAR* szTitle;
12 UINT nWidth;
13 }COLUMNSTRUCT;
14 // CPETableDlg 对话框
15
16 class CPETableDlg : public CDialog
17 {
18 DECLARE_DYNAMIC(CPETableDlg)
19
20 public:
21 CPETableDlg(CWnd* pParent = NULL); // 标准构造函数
22 virtual ~CPETableDlg();
23
24 // 对话框数据
25 enum { IDD = IDD_DIALOG_TABLE };
26
27
28 protected:
29 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
30
31 DECLARE_MESSAGE_MAP()
32 public:
33 // afx_msg void OnEnChangeEdit4();
34 CListCtrl m_ListTable;
35 CString m_Table1;
36 CString m_Table2;
37 CString m_Table3;
38 CString m_Table4;
39 CString m_EditTable1;
40 CString m_EditTable2;
41 CString m_EditTable3;
42 CString m_EditTable4;
43 VOID CPETableDlg::ShowPeTable(CHAR* FileData,PETYPE PeType);
44 VOID CPETableDlg::ShowDataDirTable(CHAR* szFileData,PETYPE PeType);
45 PIMAGE_SECTION_HEADER CPETableDlg::GetSectionHeaderFromRva(ULONG RVA,PIMAGE_NT_HEADERS NtHeader);
46 VOID CPETableDlg::ShowSectionTable(CHAR* szFileData,PETYPE PeType);
47 VOID CPETableDlg::ShowImportTable(CHAR* szFileData,PETYPE PeType);
48 VOID CPETableDlg::ShowExportTable(CHAR* szFileData,PETYPE PeType);
49 VOID CPETableDlg::ShowRelocTable(CHAR* szFileData,PETYPE PeType);
50 };
51 ULONG_PTR RVATwoOffset64(PIMAGE_NT_HEADERS64 NTHeader, ULONG_PTR ulRVA) ;
52 DWORD RVATwoOffset(PIMAGE_NT_HEADERS32 NTHeader, ULONG ulRVA);
1 // PECheckDlg.h : 头文件
2 //
3
4 #pragma once
5 #include "afxcmn.h"
6 #include "PEHeaderDlg.h"
7 #include "PETableDlg.h"
8 // CPECheckDlg 对话框
9
10 class CPECheckDlg : public CDialogEx
11 {
12 // 构造
13 public:
14 CPECheckDlg(CWnd* pParent = NULL); // 标准构造函数
15
16 // 对话框数据
17 enum { IDD = IDD_PECHECK_DIALOG };
18
19
20 protected:
21 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
22 TCHAR m_FilePath[1024];
23 CHAR* m_szFileData;
24 ULONG m_ulLow;
25 PETYPE PeType;
26
27
28 CPEHeaderDlg m_PeHeaderDlg;
29 CPETableDlg m_PeTableDlg;
30 // 实现
31 protected:
32 HICON m_hIcon;
33
34 // 生成的消息映射函数
35 virtual BOOL OnInitDialog();
36 afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
37 afx_msg void OnPaint();
38 afx_msg HCURSOR OnQueryDragIcon();
39 DECLARE_MESSAGE_MAP()
40 public:
41 afx_msg void OnDropFiles(HDROP hDropInfo);
42 CTabCtrl m_TabMain;
43 CString m_EditFilePath;
44
45
46
47
48 BOOL LoadFileData(WCHAR* wzFilePath,CHAR** szFileData,ULONG* ulLow);
49 BOOL IsPEFile(CHAR* szFileData,PETYPE* PeType);
50 CString m_EditFileType;
51 afx_msg void OnTcnSelchangeTabMain(NMHDR *pNMHDR, LRESULT *pResult);
52 };
1 // PECheckDlg.cpp : 实现文件
2 //
3
4 #include "stdafx.h"
5 #include "PECheck.h"
6 #include "PECheckDlg.h"
7 #include "afxdialogex.h"
8
9 #ifdef _DEBUG
10 #define new DEBUG_NEW
11 #endif
12
13
14
15 CHAR* g_szFileData = NULL;
16 ULONG g_SelectTab = 0;
17 int dpix;
18 int dpiy;
19
20 // 用于应用程序“关于”菜单项的 CAboutDlg 对话框
21
22 class CAboutDlg : public CDialogEx
23 {
24 public:
25 CAboutDlg();
26
27 // 对话框数据
28 enum { IDD = IDD_ABOUTBOX };
29
30 protected:
31 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
32
33 // 实现
34 protected:
35 DECLARE_MESSAGE_MAP()
36 };
37
38 CAboutDlg::CAboutDlg() : CDialogEx(CAboutDlg::IDD)
39 {
40 }
41
42 void CAboutDlg::DoDataExchange(CDataExchange* pDX)
43 {
44 CDialogEx::DoDataExchange(pDX);
45 }
46
47 BEGIN_MESSAGE_MAP(CAboutDlg, CDialogEx)
48 END_MESSAGE_MAP()
49
50
51 // CPECheckDlg 对话框
52
53
54
55
56 CPECheckDlg::CPECheckDlg(CWnd* pParent /*=NULL*/)
57 : CDialogEx(CPECheckDlg::IDD, pParent)
58 , m_EditFilePath(_T(""))
59 , m_EditFileType(_T(""))
60 {
61 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
62 m_szFileData = NULL;
63 }
64
65 void CPECheckDlg::DoDataExchange(CDataExchange* pDX)
66 {
67 CDialogEx::DoDataExchange(pDX);
68 DDX_Control(pDX, IDC_TAB_MAIN, m_TabMain);
69 DDX_Text(pDX, IDC_EDIT_DRAGFILE, m_EditFilePath);
70 DDX_Text(pDX, IDC_FILETYPE, m_EditFileType);
71 }
72
73 BEGIN_MESSAGE_MAP(CPECheckDlg, CDialogEx)
74 ON_WM_SYSCOMMAND()
75 ON_WM_PAINT()
76 ON_WM_QUERYDRAGICON()
77 ON_WM_DROPFILES()
78 ON_NOTIFY(TCN_SELCHANGE, IDC_TAB_MAIN, &CPECheckDlg::OnTcnSelchangeTabMain)
79 END_MESSAGE_MAP()
80
81
82 // CPECheckDlg 消息处理程序
83
84 BOOL CPECheckDlg::OnInitDialog()
85 {
86 CDialogEx::OnInitDialog();
87
88 // 将“关于...”菜单项添加到系统菜单中。
89
90 // IDM_ABOUTBOX 必须在系统命令范围内。
91 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
92 ASSERT(IDM_ABOUTBOX < 0xF000);
93
94 CMenu* pSysMenu = GetSystemMenu(FALSE);
95 if (pSysMenu != NULL)
96 {
97 BOOL bNameValid;
98 CString strAboutMenu;
99 bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
100 ASSERT(bNameValid);
101 if (!strAboutMenu.IsEmpty())
102 {
103 pSysMenu->AppendMenu(MF_SEPARATOR);
104 pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
105 }
106 }
107
108 // 设置此对话框的图标。当应用程序主窗口不是对话框时,框架将自动
109 // 执行此操作
110 SetIcon(m_hIcon, TRUE); // 设置大图标
111 SetIcon(m_hIcon, FALSE); // 设置小图标
112
113 // TODO: 在此添加额外的初始化代码
114 m_TabMain.InsertItem(0, _T("PE头")); //
115 m_TabMain.InsertItem(1, _T("目录表")); //
116 m_TabMain.InsertItem(2,_T("区块表"));
117 m_TabMain.InsertItem(3,_T("导入表"));
118 m_TabMain.InsertItem(4,_T("导出表"));
119 m_TabMain.InsertItem(5,_T("重定向表"));
120
121
122 m_PeHeaderDlg.Create(IDD_DIALOG_PEHEADER,GetDlgItem(IDC_TAB_MAIN));
123 m_PeTableDlg.Create(IDD_DIALOG_TABLE,GetDlgItem(IDC_TAB_MAIN));
124
125
126 CRect tabRect;
127
128
129 GetWindowRect(&tabRect);
130
131 CPaintDC dc(this);
132 dpix = GetDeviceCaps(dc.m_hDC,LOGPIXELSX);
133 dpiy = GetDeviceCaps(dc.m_hDC,LOGPIXELSY);
134 tabRect.bottom += (LONG)(1+21*(dpiy/96.0));
135
136 MoveWindow(&tabRect);
137
138 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect
139 // 调整tabRect,使其覆盖范围适合放置标签页
140 tabRect.left += 1;
141 tabRect.right -= 1;
142 tabRect.top += 25;
143 tabRect.bottom -= 1;
144 // 根据调整好的tabRect放置m_jzmDlg子对话框,并设置为显示
145 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW);
146 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW);
147
148
149
150 return TRUE; // 除非将焦点设置到控件,否则返回 TRUE
151 }
152
153 void CPECheckDlg::OnSysCommand(UINT nID, LPARAM lParam)
154 {
155 if ((nID & 0xFFF0) == IDM_ABOUTBOX)
156 {
157 CAboutDlg dlgAbout;
158 dlgAbout.DoModal();
159 }
160 else
161 {
162 CDialogEx::OnSysCommand(nID, lParam);
163 }
164 }
165
166 // 如果向对话框添加最小化按钮,则需要下面的代码
167 // 来绘制该图标。对于使用文档/视图模型的 MFC 应用程序,
168 // 这将由框架自动完成。
169
170 void CPECheckDlg::OnPaint()
171 {
172 if (IsIconic())
173 {
174 CPaintDC dc(this); // 用于绘制的设备上下文
175
176 SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
177
178 // 使图标在工作区矩形中居中
179 int cxIcon = GetSystemMetrics(SM_CXICON);
180 int cyIcon = GetSystemMetrics(SM_CYICON);
181 CRect rect;
182 GetClientRect(&rect);
183 int x = (rect.Width() - cxIcon + 1) / 2;
184 int y = (rect.Height() - cyIcon + 1) / 2;
185
186 // 绘制图标
187 dc.DrawIcon(x, y, m_hIcon);
188 }
189 else
190 {
191 CDialogEx::OnPaint();
192 }
193 }
194
195 //当用户拖动最小化窗口时系统调用此函数取得光标
196 //显示。
197 HCURSOR CPECheckDlg::OnQueryDragIcon()
198 {
199 return static_cast<HCURSOR>(m_hIcon);
200 }
201
202
203
204 BOOL CPECheckDlg::LoadFileData(WCHAR* wzFilePath,CHAR** szFileData,ULONG* ulLow)
205 {
206
207 HANDLE hFile;
208 ULONG ulHigh = 0;
209 ULONG ulReturn = 0;
210
211 if (wzFilePath==NULL)//判断文件路径是否为空
212 {
213 return FALSE;
214 }
215
216 hFile = CreateFileW(wzFilePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
217
218 if (hFile==INVALID_HANDLE_VALUE)
219 {
220 return -1;
221 }
222
223
224 /*
225 // Case One: calling the function with
226 // lpFileSizeHigh == NULL
227
228 // Try to obtain hFile‘s size
229 dwSize = GetFileSize (hFile, NULL) ;
230
231 // If we failed ...
232 if (dwSize == 0xFFFFFFFF) {
233
234 // Obtain the error code.
235 dwError = GetLastError() ;
236
237 // Deal with that failure.
238 .
239 .
240 .
241
242 } // End of error handler
243
244
245 //
246 // Case Two: calling the function with
247 // lpFileSizeHigh != NULL
248
249 // Try to obtain hFile‘s huge size.
250 dwSizeLow = GetFileSize (hFile, & dwSizeHigh) ;
251
252 // If we failed ...
253 if (dwSizeLow == 0xFFFFFFFF
254 &&
255 (dwError = GetLastError()) != NO_ERROR ){
256
257 // Deal with that failure.
258 .
259 .
260 .
261
262 } // End of error handler. */
263
264 *ulLow = GetFileSize(hFile,&ulHigh);
265
266 *szFileData = new char[*ulLow + 20];
267
268 if (ReadFile(hFile,*szFileData,*ulLow,&ulReturn,NULL)==0)
269 {
270 CloseHandle(hFile);
271 delete *szFileData;
272 return FALSE;
273 }
274
275
276 return TRUE;
277
278
279 }
280
281 BOOL CPECheckDlg::IsPEFile(CHAR* szFileData,PETYPE* PeType)
282 {
283 PIMAGE_DOS_HEADER DosHead =NULL;
284 PIMAGE_NT_HEADERS NtHead = NULL;
285 IMAGE_FILE_HEADER FileHead = {0};
286
287 DosHead = (PIMAGE_DOS_HEADER)szFileData;
288 if (DosHead->e_magic!=IMAGE_DOS_SIGNATURE)
289 {
290 return FALSE;
291 }
292
293 NtHead = (PIMAGE_NT_HEADERS)((ULONG)szFileData+DosHead->e_lfanew);
294
295 if (NtHead->Signature!=IMAGE_NT_SIGNATURE)
296 {
297 return FALSE;
298 }
299
300 FileHead = NtHead->FileHeader;
301 switch(FileHead.Machine) //根据NT头中的FileHeader.Machine判断是哪种PE文件
302 {
303 case IMAGE_FILE_MACHINE_IA64:
304 case IMAGE_FILE_MACHINE_AMD64:
305 *PeType = PE64;
306 break;
307
308 case IMAGE_FILE_MACHINE_I386:
309 *PeType = PE;
310 break;
311
312 default: *PeType = Unkonw;
313 }
314
315 return TRUE;
316
317
318 }
319
320 void CPECheckDlg::OnDropFiles(HDROP hDropInfo)
321 {
322 // TODO: 在此添加消息处理程序代码和/或调用默认值
323 UpdateData(TRUE);
324
325 CRect tabRect;
326 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect
327 // 调整tabRect,使其覆盖范围适合放置标签页
328 tabRect.left += 1;
329 tabRect.right -= 1;
330 tabRect.top += 25;
331 tabRect.bottom -= 1;
332
333
334
335 DragQueryFile(hDropInfo,0,m_FilePath,MAX_PATH);//取得第一个文件的路径
336
337 if(_wcsicmp(m_FilePath,m_EditFilePath.GetBuffer()) == 0)
338 {
339 goto END;
340 }
341
342 m_EditFilePath = m_FilePath;
343
344 //得到要检查文件的完整路径
345
346
347 if(LoadFileData(m_FilePath,&m_szFileData,&m_ulLow)==FALSE)
348 {
349 free(m_szFileData);
350 return ;
351 }
352
353 g_szFileData = m_szFileData;
354
355 if(IsPEFile(m_szFileData,&PeType)==FALSE)
356 {
357 MessageBox(L"不是PE文件",L"PECheck",0);
358
359 return;
360 }
361
362 switch(PeType)
363 {
364 case PE:
365 {
366 m_EditFileType.Format(L"32位 MZ (0x%p)",(ULONG_PTR)m_szFileData);
367 break;
368 }
369
370 case PE64:
371 {
372 m_EditFileType.Format(L"64位 MZ (0x%p)",(ULONG_PTR)m_szFileData);
373 break;
374 }
375 case Unkonw:
376 {
377 m_EditFileType = L"未知";
378 break;
379 }
380 default:
381 break;
382 }
383 //m_PeHeaderDlg
384 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW);
385 m_PeHeaderDlg.CheckPEHeader();
386 UpdateData(FALSE);
387
388 END:
389
390 CDialogEx::OnDropFiles(hDropInfo);
391 }
392
393
394 void CPECheckDlg::OnTcnSelchangeTabMain(NMHDR *pNMHDR, LRESULT *pResult)
395 {
396 // TODO: 在此添加控件通知处理程序代码
397
398 ULONG m_SelectTab = 0;
399
400 m_SelectTab = m_TabMain.GetCurSel();
401 g_SelectTab = m_SelectTab;
402
403 CRect tabRect;
404 m_TabMain.GetClientRect(&tabRect); // 获取标签控件客户区Rect
405 // 调整tabRect,使其覆盖范围适合放置标签页
406 tabRect.left += 1;
407 tabRect.right -= 1;
408 tabRect.top += 25;
409 tabRect.bottom -= 1;
410
411 switch(m_SelectTab)
412 {
413 case 0:
414 {
415
416 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW);
417 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW);
418 m_PeHeaderDlg.CheckPEHeader();
419
420 break;
421 }
422
423 case 1:
424 case 2:
425 case 3:
426 case 4:
427 case 5:
428 {
429 m_PeHeaderDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_HIDEWINDOW);
430 m_PeTableDlg.SetWindowPos(NULL, tabRect.left, tabRect.top, tabRect.Width(), tabRect.Height(), SWP_SHOWWINDOW);
431
432 m_PeTableDlg.ShowPeTable(m_szFileData,PeType);
433
434 break;
435 }
436
437
438 }
439
440
441 *pResult = 0;
442 }
1 #pragma once
2
3
4 // CPEHeaderDlg 对话框
5
6 class CPEHeaderDlg : public CDialog
7 {
8 DECLARE_DYNAMIC(CPEHeaderDlg)
9
10 public:
11 CPEHeaderDlg(CWnd* pParent = NULL); // 标准构造函数
12 virtual ~CPEHeaderDlg();
13 CHAR* m_FileData;
14 // 对话框数据
15 enum { IDD = IDD_DIALOG_PEHEADER };
16
17 protected:
18 virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
19
20 DECLARE_MESSAGE_MAP()
21 public:
22 CString m_EditFileSign;
23 CString m_EditNumberofSec;
24 CString m_EditSizeOfOption;
25 CString m_EditOptionMagic;
26 CString m_EditOpEntry;
27 CString m_EditOpBaseOfData;
28 CString m_EditOpBaseOfCode;
29 CString m_EditSectionAligment;
30 CString m_EditFileAligment;
31 CString m_EditOpNumOfDir;
32 CString m_EditOpImageBase;
33 CString m_NumberofSection;
34
35 virtual BOOL OnInitDialog();
36 VOID CPEHeaderDlg::CheckPEHeader();
37 };
1 // PEHeaderDlg.cpp : 实现文件
2 //
3
4 #include "stdafx.h"
5 #include "PECheck.h"
6 #include "PEHeaderDlg.h"
7 #include "afxdialogex.h"
8
9
10
11 extern CHAR* g_szFileData;
12 // CPEHeaderDlg 对话框
13
14 IMPLEMENT_DYNAMIC(CPEHeaderDlg, CDialog)
15
16 CPEHeaderDlg::CPEHeaderDlg(CWnd* pParent /*=NULL*/)
17 : CDialog(CPEHeaderDlg::IDD, pParent)
18 , m_EditFileSign(_T(""))
19 , m_EditNumberofSec(_T(""))
20 , m_EditSizeOfOption(_T(""))
21 , m_EditOptionMagic(_T(""))
22 , m_EditOpEntry(_T(""))
23 , m_EditOpBaseOfData(_T(""))
24 , m_EditOpBaseOfCode(_T(""))
25 , m_EditSectionAligment(_T(""))
26 , m_EditFileAligment(_T(""))
27 , m_EditOpNumOfDir(_T(""))
28 , m_EditOpImageBase(_T(""))
29 {
30 m_FileData = g_szFileData;
31 }
32
33 CPEHeaderDlg::~CPEHeaderDlg()
34 {
35 }
36
37 void CPEHeaderDlg::DoDataExchange(CDataExchange* pDX)
38 {
39 CDialog::DoDataExchange(pDX);
40 DDX_Text(pDX, IDC_EDIT_PEHEASER_SIGN, m_EditFileSign);
41 DDX_Text(pDX, IDC_NUMBER_SECTION, m_EditNumberofSec);
42 DDX_Text(pDX, IDC_EDIT_PEHEADER_FILE_NUMBEROFSECTION, m_EditSizeOfOption);
43 DDX_Text(pDX, IDC_NUMBER_SECTION3, m_EditOptionMagic);
44 DDX_Text(pDX, IDC_NUMBER_SECTION5, m_EditOpEntry);
45 DDX_Text(pDX, IDC_NUMBER_SECTION8, m_EditOpBaseOfData);
46 DDX_Text(pDX, IDC_NUMBER_SECTION2, m_EditOpBaseOfCode);
47 DDX_Text(pDX, IDC_NUMBER_SECTION6, m_EditSectionAligment);
48 DDX_Text(pDX, IDC_NUMBER_SECTION7, m_EditFileAligment);
49 DDX_Text(pDX, IDC_NUMBER_SECTION4, m_EditOpNumOfDir);
50 DDX_Text(pDX, IDC_NUMBER_SECTION9, m_EditOpImageBase);
51 }
52
53
54 BEGIN_MESSAGE_MAP(CPEHeaderDlg, CDialog)
55 END_MESSAGE_MAP()
56
57
58 // CPEHeaderDlg 消息处理程序
59
60
61 BOOL CPEHeaderDlg::OnInitDialog()
62 {
63 CDialog::OnInitDialog();
64
65 // TODO: 在此添加额外的初始化
66
67 CheckPEHeader();
68 return TRUE; // return TRUE unless you set the focus to a control
69 // 异常: OCX 属性页应返回 FALSE
70 }
71
72 VOID CPEHeaderDlg::CheckPEHeader()
73 {
74 UpdateData(TRUE);
75 //exture szFileData;
76 PIMAGE_DOS_HEADER DosHead;
77 PIMAGE_NT_HEADERS NtHead = NULL;
78 IMAGE_FILE_HEADER FileHead = {0};
79 ULONG FileKind = 0;
80 PIMAGE_NT_HEADERS64 NtHeader64 = NULL;
81 PIMAGE_NT_HEADERS32 NtHeader32 = NULL;
82 IMAGE_OPTIONAL_HEADER32 OptionHead32;
83 IMAGE_OPTIONAL_HEADER64 OptionHead64;
84
85 m_FileData = g_szFileData;
86
87 if (m_FileData == NULL)
88 {
89
90 return ;
91 }
92 DosHead = (PIMAGE_DOS_HEADER)m_FileData;
93 NtHead = (PIMAGE_NT_HEADERS)((ULONG)m_FileData+DosHead->e_lfanew);
94 CHAR szMagic[64] = {0};
95 memcpy(szMagic,(CHAR*)NtHead,4);
96
97 m_EditFileSign = szMagic;
98
99 FileHead = NtHead->FileHeader;
100 m_NumberofSection.Format(L"%d",FileHead.NumberOfSections);
101 m_EditSizeOfOption.Format(L"0x%x",FileHead.SizeOfOptionalHeader);
102 if (FileHead.Machine == IMAGE_FILE_MACHINE_IA64||FileHead.Machine == IMAGE_FILE_MACHINE_AMD64)
103 {
104 FileKind = 64;
105
106 }
107 else if (FileHead.Machine == IMAGE_FILE_MACHINE_I386)
108 {
109 FileKind = 32;
110 }
111
112 else
113 {
114 FileKind = -1;
115 }
116
117 switch(FileKind)
118 {
119 case 32:{
120
121 NtHeader32 = (PIMAGE_NT_HEADERS32)NtHead;
122 OptionHead32 = NtHeader32->OptionalHeader;
123
124 if (OptionHead32.Magic==0x0107)
125 {
126 m_EditOptionMagic.Format(L"ROM映像");
127 }
128 else if (OptionHead32.Magic==0x010B)
129 {
130 m_EditOptionMagic.Format(L"可执行映像");
131 }
132 else
133 {
134 m_EditOptionMagic.Format(L"PE32+");
135 }
136
137 m_EditOpEntry.Format(L"0x%x",OptionHead32.AddressOfEntryPoint);
138 m_EditOpBaseOfData.Format(L"0x%x",OptionHead32.BaseOfData);
139 m_EditOpBaseOfCode.Format(L"0x%x",OptionHead32.BaseOfCode);
140 m_EditSectionAligment.Format(L"0x%x",OptionHead32.SectionAlignment);
141 m_EditFileAligment.Format(L"0x%x",OptionHead32.FileAlignment);
142 m_EditOpNumOfDir.Format(L"%d",OptionHead32.NumberOfRvaAndSizes);
143 m_EditOpImageBase.Format(L"0x%x",OptionHead32.ImageBase);
144
145 break;
146 }
147
148 case 64:
149 {
150 NtHeader64 = (PIMAGE_NT_HEADERS64)NtHead;
151 OptionHead64 = NtHeader64->OptionalHeader;
152
153 if (OptionHead64.Magic==0x0107)
154 {
155 m_EditOptionMagic.Format(L"ROM映像");
156 }
157 else if (OptionHead64.Magic==0x010B)
158 {
159 m_EditOptionMagic.Format(L"可执行映像");
160 }
161 else
162 {
163 m_EditOptionMagic.Format(L"PE32+");
164 }
165
166 m_EditOpEntry.Format(L"0x%x",OptionHead64.AddressOfEntryPoint);
167 m_EditOpBaseOfCode.Format(L"0x%x",OptionHead64.BaseOfCode);
168 m_EditSectionAligment.Format(L"0x%x",OptionHead64.SectionAlignment);
169 m_EditFileAligment.Format(L"0x%x",OptionHead64.FileAlignment);
170 m_EditOpNumOfDir.Format(L"%d",OptionHead64.NumberOfRvaAndSizes);
171 m_EditOpImageBase.Format(L"0x%p",OptionHead64.ImageBase);
172 break;
173 }
174
175 default:
176 break;
177
178 }
179
180 UpdateData(FALSE);
181
182
183
184 }
时间: 2024-10-11 22:50:05