WindowsPE权威指南 第二章 小工具 PEComp代码的C语言实现
主程序代码 PEComp.c
#include <windows.h>
#include <Richedit.h>
#include <Commctrl.h>
#include "resource.h" HINSTANCE hInstance;
DWORD dwCount; HWND hWinEdit; //富文本框句柄 /*
初始化窗口程序
*/
void _Init(HWND hWinMain)
{
HICON hIcon;
CHARFORMAT stCf;
TCHAR szFont[] = TEXT("宋体"); hWinEdit = GetDlgItem(hWinMain, IDC_INFO);
hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(ICO_MAIN));
SendMessage(hWinMain, WM_SETICON, ICON_BIG, (LPARAM)hIcon);//为窗口设置图标
SendMessage(hWinEdit, EM_SETTEXTMODE, TM_PLAINTEXT, );//设置编辑控件 RtlZeroMemory(&stCf, sizeof(stCf));
stCf.cbSize = sizeof(stCf);
stCf.yHeight = * ;
stCf.dwMask = CFM_FACE | CFM_SIZE | CFM_BOLD;
lstrcpy(stCf.szFaceName, szFont);
SendMessage(hWinEdit, EM_SETCHARFORMAT, , (LPARAM)&stCf);
SendMessage(hWinEdit, EM_EXLIMITTEXT, , -);
} /*
清除ListView中的内容
删除所有的行和所有的列
*/
void _ListViewClear(HWND _hWinView)
{
SendMessage(_hWinView, LVM_DELETEALLITEMS, , ); while (SendMessage(_hWinView, LVM_DELETECOLUMN, , )){}
} /*
在ListView中增加一个列
输入:_dwColumn = 增加的列编号
_dwWidth = 列的宽度
_lpszHead = 列的标题字符串
*/
void _ListViewAddColumn(HWND _hWinView,DWORD _dwColumn,DWORD _dwWidth,PTCHAR _lpszHead)
{
LV_COLUMN stLVC; RtlZeroMemory(&stLVC, sizeof(LV_COLUMN));
stLVC.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_FMT;
stLVC.fmt = LVCFMT_LEFT;
stLVC.pszText = _lpszHead;
stLVC.cx = _dwWidth;
stLVC.iSubItem = _dwColumn;
SendMessage(_hWinView, LVM_INSERTCOLUMN, _dwColumn, (LPARAM)&stLVC);
} /*
初始化结果表格
*/
void _clearResultView(HWND hProcessModuleTable)
{
_ListViewClear(hProcessModuleTable); //添加表头
_ListViewAddColumn(hProcessModuleTable, , , TEXT("PE数据结构相关字段"));
_ListViewAddColumn(hProcessModuleTable, , , TEXT("文件1的值(H)"));
_ListViewAddColumn(hProcessModuleTable, , , TEXT("文件2的值(H)")); dwCount = ;
} void _GetListViewItem(HWND _hWinView, DWORD _dwLine, DWORD _dwCol, PTCHAR _lpszText)
{
LV_ITEM stLVI; RtlZeroMemory(&stLVI, sizeof(LV_ITEM));
RtlZeroMemory(_lpszText, ); stLVI.cchTextMax = ;
stLVI.mask = LVIF_TEXT;
stLVI.pszText = _lpszText;
stLVI.iSubItem = _dwCol;
SendMessage(_hWinView, LVM_GETITEMTEXT, _dwLine, (LPARAM)&stLVI);
} int _MemCmp(PTCHAR _lp1, PTCHAR _lp2, int _size)
{
DWORD dwResult = ; for (int i = ; i < _size; ++i)
{
if (_lp1[i] != _lp2[i])
{
dwResult = ;
break;
}
}
return dwResult;
} /*
在ListView中新增一行,或修改一行中某个字段的内容
输入:_dwItem = 要修改的行的编号
_dwSubItem = 要修改的字段的编号,-1表示插入新的行,>=1表示字段的编号
*/
DWORD _ListViewSetItem(HWND _hWinView, DWORD _dwItem, DWORD _dwSubItem, PTCHAR _lpszText)
{
LV_ITEM stLVI; RtlZeroMemory(&stLVI, sizeof(LV_ITEM));
stLVI.cchTextMax = lstrlen(_lpszText);
stLVI.mask = LVIF_TEXT;
stLVI.pszText = _lpszText;
stLVI.iItem = _dwItem;
stLVI.iSubItem = _dwSubItem; if (_dwSubItem == -)
{
stLVI.iSubItem = ;
return SendMessage(_hWinView, LVM_INSERTITEM, , (LPARAM)&stLVI);
}
else
{
return SendMessage(_hWinView, LVM_SETITEM, , (LPARAM)&stLVI);
}
} /*
将_lpSZ位置处_Size个字节转换为16进制的字符串
szBuffer处为转换后的字符串
*/
void _Byte2Hex(PTCHAR _lpSZ, PTCHAR szBuffer, int _Size)
{
TCHAR szBuf[]; for (int i = ; i < _Size; ++i)
{
wsprintf(szBuf, TEXT("%02X "), (TBYTE)_lpSZ[i]);
lstrcat(szBuffer, szBuf);
}
} void _addLine(HWND hProcessModuleTable,PTCHAR _lpSZ, PTCHAR _lpSP1, PTCHAR _lpSP2, int _Size)
{
TCHAR szBuffer[]; dwCount = _ListViewSetItem(hProcessModuleTable, dwCount, -, _lpSZ); // 在表格中新增加一行
_ListViewSetItem(hProcessModuleTable, dwCount, , _lpSZ);//显示字段名 //将指定字段按照十六进制显示,格式:一个字节+一个空格 RtlZeroMemory(szBuffer, );
_Byte2Hex(_lpSP1, szBuffer, _Size);
_ListViewSetItem(hProcessModuleTable, dwCount, , szBuffer);//第一个文件中的值 RtlZeroMemory(szBuffer, );
_Byte2Hex(_lpSP2, szBuffer, _Size);
_ListViewSetItem(hProcessModuleTable, dwCount, , szBuffer);//第二个文件中的值
} /*
IMAGE_DOS_HEADER头信息
*/
void _Header1(HWND hProcessModuleTable, PTCHAR lpMemory, PTCHAR lpMemory1)
{
int offbuf[] = { , , , , , , , , , , , , , , , , , , };
TCHAR szRec[][] = {TEXT("IMAGE_DOS_HEADER.e_magic"),
TEXT("IMAGE_DOS_HEADER.e_cblp"),
TEXT("IMAGE_DOS_HEADER.e_cp"),
TEXT("IMAGE_DOS_HEADER.e_crlc"),
TEXT("IMAGE_DOS_HEADER.e_cparhdr"),
TEXT("IMAGE_DOS_HEADER.e_minalloc"),
TEXT("IMAGE_DOS_HEADER.e_maxalloc"),
TEXT("IMAGE_DOS_HEADER.e_ss"),
TEXT("IMAGE_DOS_HEADER.e_sp"),
TEXT("IMAGE_DOS_HEADER.e_csum"),
TEXT("IMAGE_DOS_HEADER.e_ip"),
TEXT("IMAGE_DOS_HEADER.e_cs"),
TEXT("IMAGE_DOS_HEADER.e_lfarlc"),
TEXT("IMAGE_DOS_HEADER.e_ovno"),
TEXT("IMAGE_DOS_HEADER.e_res"),
TEXT("IMAGE_DOS_HEADER.e_oemid"),
TEXT("IMAGE_DOS_HEADER.e_oeminfo"),
TEXT("IMAGE_DOS_HEADER.e_res2"),
TEXT("IMAGE_DOS_HEADER.e_lfanew"),}; for (int i = , off = ; i < ; ++i)
{
_addLine(hProcessModuleTable,szRec[i], lpMemory + off, lpMemory1 + off, offbuf[i]);
off += offbuf[i];
}
} /*
IMAGE_DOS_HEADER头信息
*/
void _Header2(HWND hProcessModuleTable, PTCHAR lpMemory, PTCHAR lpMemory1)
{
int offbuf[] = { , , , , , , , , , , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , };
TCHAR szRec[][] = { TEXT("IMAGE_NT_HEADERS.Signature"),
TEXT("IMAGE_FILE_HEADER.Machine"),
TEXT("IMAGE_FILE_HEADER.NumberOfSections"),
TEXT("IMAGE_FILE_HEADER.TimeDateStamp"),
TEXT("IMAGE_FILE_HEADER.PointerToSymbolTable"),
TEXT("IMAGE_FILE_HEADER.NumberOfSymbols"),
TEXT("IMAGE_FILE_HEADER.SizeOfOptionalHeader"),
TEXT("IMAGE_FILE_HEADER.Characteristics"),
TEXT("IMAGE_OPTIONAL_HEADER32.Magic"),
TEXT("IMAGE_OPTIONAL_HEADER32.MajorLinkerVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MinorLinkerVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfCode"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfInitializedData"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfUninitializedData"),
TEXT("IMAGE_OPTIONAL_HEADER32.AddressOfEntryPoint"),
TEXT("IMAGE_OPTIONAL_HEADER32.BaseOfCode"),
TEXT("IMAGE_OPTIONAL_HEADER32.BaseOfData"),
TEXT("IMAGE_OPTIONAL_HEADER32.ImageBase"),
TEXT("IMAGE_OPTIONAL_HEADER32.SectionAlignment"),
TEXT("IMAGE_OPTIONAL_HEADER32.FileAlignment"),
TEXT("IMAGE_OPTIONAL_HEADER32.MajorOperatingSystemVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MinorOperatingSystemVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MajorImageVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MinorImageVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MajorSubsystemVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.MinorSubsystemVersion"),
TEXT("IMAGE_OPTIONAL_HEADER32.Win32VersionValue"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfImage"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfHeaders"),
TEXT("IMAGE_OPTIONAL_HEADER32.CheckSum"),
TEXT("IMAGE_OPTIONAL_HEADER32.Subsystem"),
TEXT("IMAGE_OPTIONAL_HEADER32.DllCharacteristics"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfStackReserve"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfStackCommit"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfHeapReserve"),
TEXT("IMAGE_OPTIONAL_HEADER32.SizeOfHeapCommit"),
TEXT("IMAGE_OPTIONAL_HEADER32.LoaderFlags"),
TEXT("IMAGE_OPTIONAL_HEADER32.NumberOfRvaAndSizes"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Export)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Export)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Import)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Import)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Resource)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Resource)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Exception)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Exception)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Security)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Security)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(BaseReloc)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(BaseReloc)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Debug)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Debug)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Architecture)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Architecture)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(GlobalPTR)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(GlobalPTR)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(TLS)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(TLS)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Load_Config)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Load_Config)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Bound_Import)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Bound_Import)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(IAT)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(IAT)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Delay_Import)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Delay_Import)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Com_Descriptor)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Com_Descriptor)"),
TEXT("IMAGE_DATA_DIRECTORY.VirtualAddress(Reserved)"),
TEXT("IMAGE_DATA_DIRECTORY.isize(Reserved)") }; for (int i = , off = ; i < ; ++i)
{
_addLine(hProcessModuleTable,szRec[i], lpMemory + off, lpMemory1 + off, offbuf[i]);
off += offbuf[i];
}
} /*
节表
*/
void _Header3(HWND hProcessModuleTable, PTCHAR lpMemory, PTCHAR lpMemory1, DWORD _dwValue)
{
int offbuf[] = { , , , , , , , , , };
TCHAR szBuffer[];
TCHAR szRec[][] = { TEXT("IMAGE_SECTION_HEADER%d.Name1"),
TEXT("IMAGE_SECTION_HEADER%d.VirtualSize"),
TEXT("IMAGE_SECTION_HEADER%d.VirtualAddress"),
TEXT("IMAGE_SECTION_HEADER%d.SizeOfRawData"),
TEXT("IMAGE_SECTION_HEADER%d.PointerToRawData"),
TEXT("IMAGE_SECTION_HEADER%d.PointerToRelocations"),
TEXT("IMAGE_SECTION_HEADER%d.PointerToLinenumbers"),
TEXT("IMAGE_SECTION_HEADER%d.NumberOfRelocations"),
TEXT("IMAGE_SECTION_HEADER%d.NumberOfLinenumbers"),
TEXT("IMAGE_SECTION_HEADER%d.Characteristics")}; for (int i = , off = ; i < ; ++i)
{
wsprintf(szBuffer, szRec[i], _dwValue);
_addLine(hProcessModuleTable,szBuffer, lpMemory + off, lpMemory1 + off, offbuf[i]);
off += offbuf[i];
}
} /*
打开PE文件并处理
*/
void _openFile(HWND hWinMain, HWND hProcessModuleTable, PTCHAR szFileNameOpen1, PTCHAR szFileNameOpen2)
{
HANDLE hFile;
HANDLE hMapFile = NULL;
HANDLE hFile1;
HANDLE hMapFile1=NULL;
DWORD dwFileSize, dwFileSize1;
static LPVOID lpMemory, lpMemory1; hFile = CreateFile(szFileNameOpen1, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL); if (hFile != INVALID_HANDLE_VALUE)
{
dwFileSize = GetFileSize(hFile, NULL);
if (dwFileSize)
{
hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, , , NULL);// 内存映射文件
if (hMapFile)
{
lpMemory = MapViewOfFile(hMapFile, FILE_MAP_READ, , , );
if (((PIMAGE_DOS_HEADER)lpMemory)->e_magic != IMAGE_DOS_SIGNATURE)//判断是否有MZ字样
{
_ErrFormat:
MessageBox(hWinMain, TEXT("这个文件不是PE格式的文件!"), NULL, MB_OK);
UnmapViewOfFile(lpMemory);
CloseHandle(hMapFile);
CloseHandle(hFile);
return;
}
if (((PIMAGE_NT_HEADERS)((PTCHAR)lpMemory +
((PIMAGE_DOS_HEADER)lpMemory)->e_lfanew))->Signature !=
IMAGE_NT_SIGNATURE)//判断是否有PE字样
{
goto _ErrFormat;
}
}
}
} hFile1 = CreateFile(szFileNameOpen2, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL); if (hFile1 != INVALID_HANDLE_VALUE)
{
dwFileSize1 = GetFileSize(hFile1, NULL);
if (dwFileSize1)
{
hMapFile1 = CreateFileMapping(hFile1, NULL, PAGE_READONLY, , , NULL);// 内存映射文件
if (hMapFile1)
{
lpMemory1 = MapViewOfFile(hMapFile1, FILE_MAP_READ, , , ); if (((PIMAGE_DOS_HEADER)lpMemory1)->e_magic != IMAGE_DOS_SIGNATURE)//判断是否有MZ字样
{
_ErrFormat1:
MessageBox(hWinMain, TEXT("这个文件不是PE格式的文件!"), NULL, MB_OK);
UnmapViewOfFile(lpMemory1);
CloseHandle(hMapFile1);
CloseHandle(hFile1);
return;
} if (((PIMAGE_NT_HEADERS)((PTCHAR)lpMemory1 +
((PIMAGE_DOS_HEADER)lpMemory1)->e_lfanew))->Signature !=
IMAGE_NT_SIGNATURE)//判断是否有PE字样
{
goto _ErrFormat1;
}
}
}
} /*
到此为止,两个内存文件的指针已经获取到了。
lpMemory和lpMemory1分别指向两个文件头
下面是从这个文件头开始,找出各数据结构的字段值,进行比较。
*/ _Header1(hProcessModuleTable, (PTCHAR)lpMemory, (PTCHAR)lpMemory1); //调整指针指向PE文件头
(PTCHAR)lpMemory += ((PIMAGE_DOS_HEADER)lpMemory)->e_lfanew;
(PTCHAR)lpMemory1 += ((PIMAGE_DOS_HEADER)lpMemory1)->e_lfanew;
_Header2(hProcessModuleTable, (PTCHAR)lpMemory, (PTCHAR)lpMemory1); //节的数量
WORD dNum, dNum1, dNum2;
dNum1 = ((PIMAGE_NT_HEADERS)lpMemory)->FileHeader.NumberOfSections;
dNum2 = ((PIMAGE_NT_HEADERS)lpMemory1)->FileHeader.NumberOfSections;
dNum = dNum1 > dNum2 ? dNum1 : dNum2; //整指针指向节表
(PTCHAR)lpMemory += sizeof(IMAGE_NT_HEADERS);
(PTCHAR)lpMemory1 += sizeof(IMAGE_NT_HEADERS); DWORD _dwValue = ;//节序号
while (dNum--)
{
_Header3(hProcessModuleTable, (PTCHAR)lpMemory, (PTCHAR)lpMemory1, _dwValue++); (PTCHAR)lpMemory += sizeof(IMAGE_SECTION_HEADER);
(PTCHAR)lpMemory1 += sizeof(IMAGE_SECTION_HEADER);
} UnmapViewOfFile(lpMemory);
CloseHandle(hMapFile);
CloseHandle(hFile); UnmapViewOfFile(lpMemory1);
CloseHandle(hMapFile1);
CloseHandle(hFile1);
} /*
打开输入文件
*/
void _OpenFile1(HWND hWinMain, HWND hText1, PTCHAR szFileNameOpen1)
{
OPENFILENAME stOF; RtlZeroMemory(&stOF, sizeof(stOF));
stOF.lStructSize = sizeof(stOF);
stOF.hwndOwner = hWinMain;
stOF.hInstance = hInstance;
stOF.lpstrFilter = TEXT("Excutable Files\0*.exe;*.com\0\0");
stOF.lpstrFile = szFileNameOpen1;
stOF.nMaxFile = MAX_PATH;
stOF.Flags = OFN_FILEMUSTEXIST | OFN_HIDEREADONLY | OFN_PATHMUSTEXIST;
if (GetOpenFileName(&stOF))//显示“打开文件”对话框
{
SetWindowText(hText1, szFileNameOpen1);
} } /*
打开输入文件
*/
void _OpenFile2(HWND hWinMain, HWND hText2, PTCHAR szFileNameOpen2)
{
OPENFILENAME stOF; RtlZeroMemory(&stOF, sizeof(stOF));
stOF.lStructSize = sizeof(stOF);
stOF.hwndOwner = hWinMain;
stOF.hInstance = hInstance;
stOF.lpstrFilter = TEXT("Excutable Files\0*.exe;*.com\0\0");
stOF.lpstrFile = szFileNameOpen2;
stOF.nMaxFile = MAX_PATH;
stOF.Flags = OFN_FILEMUSTEXIST | OFN_HIDEREADONLY | OFN_PATHMUSTEXIST;
if (GetOpenFileName(&stOF))//显示“打开文件”对话框
{
SetWindowText(hText2, szFileNameOpen2);
} } INT_PTR CALLBACK _resultProcMain(HWND hProcessModuleDlg, UINT wMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hWinMain, hProcessModuleTable, hText1, hText2;
TCHAR bufTemp1[0x200], bufTemp2[0x200];
static TCHAR szFileNameOpen1[MAX_PATH], szFileNameOpen2[MAX_PATH]; switch (wMsg)
{
case WM_CLOSE:
EndDialog(hProcessModuleDlg, );
break; case WM_INITDIALOG: //初始化
hWinMain = (HWND)lParam; hProcessModuleTable = GetDlgItem(hProcessModuleDlg, IDC_MODULETABLE);
hText1 = GetDlgItem(hProcessModuleDlg, ID_TEXT1);
hText2 = GetDlgItem(hProcessModuleDlg, ID_TEXT2); //定义表格外观
SendMessage(hProcessModuleTable, LVM_SETEXTENDEDLISTVIEWSTYLE, ,
LVS_EX_GRIDLINES | LVS_EX_FULLROWSELECT);
ShowWindow(hProcessModuleTable, SW_SHOW); _clearResultView(hProcessModuleTable);//清空表格内容
break; case WM_NOTIFY:
if(((NMHDR *)lParam)->hwndFrom == hProcessModuleTable)//更改各控件状态
{
if (((NMHDR *)lParam)->code == NM_CUSTOMDRAW)//绘画时
{
if (((NMLVCUSTOMDRAW *)lParam)->nmcd.dwDrawStage == CDDS_PREPAINT)
{
SetWindowLong(hProcessModuleDlg, DWL_MSGRESULT, CDRF_NOTIFYITEMDRAW);
}
else if (((NMLVCUSTOMDRAW *)lParam)->nmcd.dwDrawStage == CDDS_ITEMPREPAINT)
{
//当每一单元格内容预画时,判断两列的值是否一致
//如果一致,则将文本的背景色设置为浅红色,否则黑色
_GetListViewItem(hProcessModuleTable, ((NMLVCUSTOMDRAW *)lParam)->nmcd.dwItemSpec,
, bufTemp1);
_GetListViewItem(hProcessModuleTable, ((NMLVCUSTOMDRAW *)lParam)->nmcd.dwItemSpec,
, bufTemp2);
if (_MemCmp(bufTemp1, bufTemp2, lstrlen(bufTemp1)))
{
((NMLVCUSTOMDRAW *)lParam)->clrTextBk = 0xa0a0ff;
}
else
{
((NMLVCUSTOMDRAW *)lParam)->clrTextBk = 0xffffff;
}
SetWindowLong(hProcessModuleDlg, DWL_MSGRESULT, CDRF_DODEFAULT);
}
}
}
break; case WM_COMMAND: //菜单
switch (LOWORD(wParam))
{
case IDC_OK: //刷新
_openFile(hWinMain, hProcessModuleTable, szFileNameOpen1, szFileNameOpen2);
break; case IDC_BROWSE1: //用户选择第一个文件
_OpenFile1(hWinMain, hText1, szFileNameOpen1);
break;
case IDC_BROWSE2: //用户选择第二个文件
_OpenFile2(hWinMain, hText2, szFileNameOpen2);
break;
}
break; default:
return FALSE;
} return TRUE; } /*
窗口程序
*/
INT_PTR CALLBACK _ProcDlgMain(HWND hWnd, UINT wMsg, WPARAM wParam, LPARAM lParam)
{
switch (wMsg)
{
case WM_CLOSE:
EndDialog(hWnd, );
break; case WM_INITDIALOG: //初始化
_Init(hWnd);
break; case WM_COMMAND: //菜单
switch (LOWORD(wParam))
{
case IDM_EXIT: //退出
EndDialog(hWnd, );
break; case IDM_OPEN: //打开PE对比对话框
DialogBoxParam(hInstance, MAKEINTRESOURCE(RESULT_MODULE), hWnd,
_resultProcMain, (LPARAM)hWnd);
case IDM_1:
case IDM_2:
case IDM_3:
default:
break;
}
break; default:
return FALSE;
} return TRUE;
} int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
HMODULE hRichEdit; hInstance = hInst;
InitCommonControls();
hRichEdit = LoadLibrary(TEXT("RichEd20.dll"));
DialogBoxParam(hInstance, MAKEINTRESOURCE(DLG_MAIN), NULL, _ProcDlgMain, (LPARAM)NULL);
FreeLibrary(hRichEdit);
return ;
}
头文件 resource.h
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ 生成的包含文件。
// 供 Resource.rc 使用
//
#define ICO_MAIN 101
#define IDM_MAIN 103
#define DLG_MAIN 104
#define RESULT_MODULE 105
#define IDC_INFO 1001
#define ID_TEXT1 1002
#define ID_TEXT2 1008
#define IDC_BROWSE1 1003
#define ID_STATIC 1007
#define ID_STATIC1 1004
#define IDC_EDIT2 1005
#define IDC_BROWSE2 1006
#define IDC_MODULETABLE 1009
#define IDC_THESAME 1010
#define IDC_BUTTON3 1011
#define IDC_OK 1011
#define ID_40002 40002
#define ID_40003 40003
#define ID_40004 40004
#define ID_40005 40005
#define ID_40006 40006
#define IDM_OPEN 40007
#define IDM_1 40008
#define IDM_2 40009
#define IDM_3 40010
#define IDM_EXIT 40011
#define ID_40012 40012
#define ID_40013 40013
#define ID_40014 40014
#define ID_40015 40015
#define IDM_4 40016
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 106
#define _APS_NEXT_COMMAND_VALUE 40017
#define _APS_NEXT_CONTROL_VALUE 1012
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
资源文件 resource.rc
// Microsoft Visual C++ generated resource script.
//
#include "resource.h" #define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "winres.h" /////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS /////////////////////////////////////////////////////////////////////////////
// 中文(简体,中国) resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED #ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
// TEXTINCLUDE
BEGIN
"resource.h\0"
END TEXTINCLUDE
BEGIN
"#include ""winres.h""\r\n"
"\0"
END TEXTINCLUDE
BEGIN
"\r\n"
"\0"
END #endif // APSTUDIO_INVOKED /////////////////////////////////////////////////////////////////////////////
//
// Icon
// // Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
ICO_MAIN ICON "main.ico" /////////////////////////////////////////////////////////////////////////////
//
// Menu
// IDM_MAIN MENU
BEGIN
POPUP "文件(&F)"
BEGIN
MENUITEM "打开PE对比对话框", IDM_OPEN
MENUITEM "---", IDM_1
MENUITEM "---", IDM_2
MENUITEM "---", IDM_3, CHECKED
MENUITEM SEPARATOR
MENUITEM "退出(&x)", IDM_EXIT
END
POPUP "编辑(&E)"
BEGIN
MENUITEM SEPARATOR
END
POPUP "格式(&O)"
BEGIN
MENUITEM SEPARATOR
END
POPUP "查看(&V)"
BEGIN
MENUITEM "源文件", IDM_1
MENUITEM "窗口透明度", IDM_2
MENUITEM SEPARATOR
MENUITEM "大小", IDM_3
MENUITEM "宽度", IDM_4
END
POPUP "帮助(&H)"
BEGIN
MENUITEM SEPARATOR
END
END /////////////////////////////////////////////////////////////////////////////
//
// Dialog
// DLG_MAIN DIALOG , , ,
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "PEComp"
MENU IDM_MAIN
FONT , "宋体"
BEGIN
CONTROL "",IDC_INFO,"RichEdit20A",ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_READONLY | ES_WANTRETURN | WS_BORDER | WS_VSCROLL | WS_TABSTOP,,,,
END RESULT_MODULE DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "PE文件对比结果"
FONT , "宋体", , , 0x0
BEGIN
LTEXT "您选定的第一个文件为:",ID_STATIC,,,,
EDITTEXT ID_TEXT1,,,,
PUSHBUTTON "浏览...",IDC_BROWSE1,,,,
LTEXT "您选定的第二个文件为:",ID_STATIC1,,,,
EDITTEXT ID_TEXT2,,,,
PUSHBUTTON "浏览...",IDC_BROWSE2,,,,
CONTROL "",IDC_MODULETABLE,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_SHOWSELALWAYS | WS_BORDER | WS_TABSTOP,,,,
CONTROL "只显示不同的值",IDC_THESAME,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,,,,
PUSHBUTTON "执行...(&R)",IDC_OK,,,,
END /////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
// #ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
BEGIN
DLG_MAIN, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END RESULT_MODULE, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
BOTTOMMARGIN,
END
END
#endif // APSTUDIO_INVOKED #endif // 中文(简体,中国) resources
///////////////////////////////////////////////////////////////////////////// #ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
// /////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED
WindowsPE权威指南 第二章 小工具 PEComp代码的C语言实现的更多相关文章
- WindowsPE权威指南 第二章 小工具 PEInfo代码的C语言实现
主程序代码 PEInfo.c #include <Windows.h> #include<Richedit.h> #include "resource.h" ...
- WindowsPE权威指南 第二章 小工具 pedump代码的C语言实现
2016-11-16 16:29:07 主程序代码 pedump.c #include <windows.h> #include <Richedit.h> #include & ...
- Javascript权威指南——第二章词法结构,第三章类型、值和变量,第四章表达式和运算符,第五章语句
第二章 词法结构 一.HTML并不区分大小写(尽管XHTML区分大小写),而javascript区分大小写:在HTML中,这些标签和属性名可以使用大写也可以使用小写,而在javascript中必须小写 ...
- 【笔记】javascript权威指南-第二章-词法结构
词法结构 //本书是指:javascript权威指南 //以下内容摘记时间为:2013.7.28 字符集 UTF-8和UTF-16的区别?Unicode和UTF是什么关系?Unicode转义 ...
- JavaScript权威指南 第二章 词法结构
这章主要把保留字说一下 JavaScript 把一些标识符拿出来用做自己的关键字.因此,就不能再在程序中把这些关键字用做标识符了: break delete function return typeo ...
- HTTP 权威指南 第二章 URL 与资源
前言 这一章节讲述了关于 URL 的相关知识,主要包括下面的内容: URL 语法 URL 快捷方式 URL 编码与字符规则 常见的 URL 方案 URL 的未来——URN URL 语法 一般格式(九个 ...
- PADSPCB权威指南-第一章 PADS软件系统(部分)(原创)
PADSPCB权威指南-第一章(部分)豆丁地址:http://www.docin.com/p-707128286.html
- 《Mysql 公司职员学习篇》 第二章 小A的惊喜
第二章 小A的惊喜 ---- 认识数据库 吃完饭后,小Y和小A回到了家里,并打开电脑开始学习Mysql. 小Y:"小A,你平时的Excell文件很多的情况下,怎么样存放Exce ...
- Knockout应用开发指南 第二章:监控属性(Observables)
原文:Knockout应用开发指南 第二章:监控属性(Observables) 关于Knockout的3个重要概念(Observables,DependentObservables,Observabl ...
随机推荐
- EFM32之GPIO
配置时钟: void CMU_ClockEnable(CMU_Clock_TypeDef clock, bool enable) CMU_ClockEnable(cmuClock_HFPER, tru ...
- Redis 编译安装
系统学习一下,记录一下笔记,之前都是断断续续尝试过一些简单的安装使用 下载,解压 编译安装 copy配置文件 启动连接 ./bin/redis-server ./redis.conf 登陆./bin/ ...
- 源码解析之HashMap源码
关于HashMap的源码分析,网上已经有很多写的非常好的文章了,虽然多是基于java1.8版本以下的.Java1.8版本的HashMap源码做了些改进,理解起来更复杂点,但也不脱离其桶+链表或树的重心 ...
- maven项目(转)
我记得在搞懂maven之前看了几次重复的maven的教学视频.不知道是自己悟性太低还是怎么滴,就是搞不清楚,现在弄清楚了,基本上入门了.写该篇博文,就是为了帮助那些和我一样对于maven迷迷糊糊的人. ...
- IDEAL启动项目的时候报java.lang.NoClassDefFoundError: javax/servlet/Filter错误
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring- ...
- bootstrap日期选择
<input type="text" class="form-control datepicker" style="padding: 0.375 ...
- leetcode 字谜
242. Valid Anagram Easy 66298FavoriteShare Given two strings s and t , write a function to determine ...
- 2018-2019-2 20165315《网络对抗技术》Exp2 后门原理与实践
2018-2019-2 20165315<网络对抗技术>Exp2 后门原理与实践 一.实验任务 使用netcat获取主机操作Shell,cron启动 使用socat获取主机操作Shell, ...
- 如何用命令将本地项目上传到git[z]
1.(先进入项目文件夹)通过命令 git init 把这个目录变成git可以管理的仓库 git init 2.把文件添加到版本库中,使用命令 git add .添加到暂存区里面去,不要忘记后面的小数点 ...
- 新建VS工程与填坑:解决方案与项目不在同一目录
A.新建项目->空工程 B.添加依赖库 1.属性->C/C++->附加包含目录 注:添加头文件目录,必须指向子文件夹 2.属性->链接器->常规->附加库目录 注: ...