#include "Global.h"

static BOOL bIsPe32Plus = ;                  //标志,用于表示是否为pe32+文件
static INT64 mode = ; //标志,用于表示读入的模式,若为0代表是内存读入,不为0,代表是文件打开,此时mode是文件路径指针。
static byte* data = NULL; //用于存放读入的PE文件 static IMAGE_SECTION_HEADER ish[] = { }; //用于存放区段头
static int nNumOfSections = ; //表示有多少个区段
static IMAGE_DATA_DIRECTORY idd[0x10] = { };//用于存放数据目录表
static BYTE ibrl[0x200][0x1000] = { }; //用于存放重定位相关信息 static CHAR szSectionColName[][MAX_PATH] = //区段对话框listview的列名
{
"Name","VOffset","VSize","ROffset","RSize","Flags"
};
enum SectionColPos {scp_name=,scp_voffset,scp_vsize,scp_roffset,scp_rsize,scp_flags}; //区段对话框listview列位置索引
static int nSectionColNum = ; //RVA转文件偏移
static INT RVAtoFileOff(INT nRva)
{
for (int i = ; i < nNumOfSections; ++i)
{
if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize)))
{
return nRva - ish[i].VirtualAddress + ish[i].PointerToRawData;
break;
}
}
MessageBox(NULL, "RVA转换无解", NULL, );
return -;
} //RVA找到对应的区段名
static CHAR* RVAToSectionName(INT nRva)
{
for (int i = ; i < nNumOfSections; ++i)
{
if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize)))
{
return (CHAR*)ish[i].Name;
break;
}
}
MessageBox(NULL, "RVA转换无解", NULL, );
return NULL;
} //得到基本的PE文件信息
VOID GetBasicPEInfo(HWND hwndDlg)
{ if (mode == NULL) //说明在内存中
{
HANDLE hDestProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, nLastPID);
HMODULE hModule[] = { };
DWORD cbNeeded = ;
MODULEINFO mi = { };
EnumProcessModulesEx(hDestProcess, hModule, * , &cbNeeded, LIST_MODULES_ALL);
GetModuleInformation(hDestProcess, hModule[], &mi, sizeof(mi));
data = (PBYTE)malloc(mi.SizeOfImage);
ReadProcessMemory(hDestProcess, hModule[], data, mi.SizeOfImage, NULL); }
else //说明是文件中
{
HANDLE hFile = CreateFile((CHAR*)mode, FILE_READ_ACCESS, FILE_SHARE_READ, NULL, OPEN_ALWAYS, NULL, NULL);
DWORD dwFileSize = GetFileSize(hFile, NULL);
data = (BYTE*)malloc(dwFileSize);
ReadFile(hFile, data, dwFileSize, NULL, NULL);
CloseHandle(hFile);
} PIMAGE_DOS_HEADER pidh = (PIMAGE_DOS_HEADER)data;
if (pidh->e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK);
return;
} PIMAGE_NT_HEADERS32 pinh = (PIMAGE_NT_HEADERS32)(&data[pidh->e_lfanew]); if (pinh->Signature != IMAGE_NT_SIGNATURE)
{
MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK);
return;
}
PIMAGE_FILE_HEADER pifh = &pinh->FileHeader; CHAR szTemp[] = { };
wsprintf(szTemp, "%04X", pifh->SizeOfOptionalHeader);
HWND hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT15);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pifh->Characteristics);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT13);
Edit_SetText(hwndTemp, szTemp); nNumOfSections = pifh->NumberOfSections;
wsprintf(szTemp, "%04X", pifh->NumberOfSections);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT10);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pifh->TimeDateStamp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT11);
Edit_SetText(hwndTemp, szTemp); if (pinh->OptionalHeader.Magic == 0x20B)
{
bIsPe32Plus = TRUE; PIMAGE_NT_HEADERS64 pinh64 = (PIMAGE_NT_HEADERS64)(&data[pidh->e_lfanew]);
PIMAGE_OPTIONAL_HEADER64 pioh64 = &pinh64->OptionalHeader; wsprintf(szTemp, "%08X", pioh64->AddressOfEntryPoint);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, , "%016llX", pioh64->ImageBase);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->SizeOfImage);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->BaseOfCode);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
Edit_SetText(hwndTemp, "None"); wsprintf(szTemp, "%08X", pioh64->SectionAlignment);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->FileAlignment);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh64->Magic);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh64->Subsystem);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->SizeOfHeaders);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->CheckSum);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->NumberOfRvaAndSizes);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16);
Edit_SetText(hwndTemp, szTemp); for (int i = ; i < 0x10; ++i)
{
idd[i] = (pioh64->DataDirectory)[i];
} PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh64); for (int i = ; i < nNumOfSections; ++i, ++pish)
{
ish[i] = *pish;
} return;
}
else //32位image
{
PIMAGE_OPTIONAL_HEADER32 pioh32 = &pinh->OptionalHeader; wsprintf(szTemp, "%08X", pioh32->AddressOfEntryPoint);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->ImageBase);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SizeOfImage);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->BaseOfCode);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->BaseOfData);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SectionAlignment);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->FileAlignment);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh32->Magic);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh32->Subsystem);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SizeOfHeaders);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->CheckSum);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->NumberOfRvaAndSizes);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16);
Edit_SetText(hwndTemp, szTemp); for (int i = ; i < 0x10; ++i)
{
idd[i] = (pioh32->DataDirectory)[i];
} PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh); for (int i = ; i < nNumOfSections; ++i, ++pish)
{
ish[i] = *pish;
} } } //输出表对话框 3
INT_PTR ExportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndLV;
static CHAR szColName[][] = { "Ordinal","RVA","Offset","Function Name" };
switch (uMsg)
{
case WM_INITDIALOG:
{
PIMAGE_EXPORT_DIRECTORY pied = (PIMAGE_EXPORT_DIRECTORY)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress];
int nOrder[] = { IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT9,IDC_EDIT10 }; //int nValue[10] = {pied->Characteristics,...}; 这样子是不行的
DWORD *nValue = (DWORD*)malloc( * sizeof(DWORD));
nValue[] = idd[].VirtualAddress;
nValue[] = pied->Characteristics;
nValue[] = pied->Base;
nValue[] = pied->Name;
nValue[] = pied->NumberOfFunctions;
nValue[] = pied->NumberOfNames;
nValue[] = pied->AddressOfFunctions;
nValue[] = pied->AddressOfNames;
nValue[] = pied->AddressOfNameOrdinals; CHAR szTemp[] = { };
HWND hwndTemp = NULL;
for (int i = ; i < ; ++i)
{
hwndTemp = GetDlgItem(hwndDlg, nOrder[i]);
StringCbPrintf(szTemp, , "%08X", nValue[i]);
Edit_SetText(hwndTemp, szTemp);
} hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
StringCbPrintf(szTemp, , "%s", &data[mode?RVAtoFileOff(pied->Name):pied->Name]);
Edit_SetText(hwndTemp, szTemp); hwndLV = GetDlgItem(hwndDlg, IDC_LIST1);
LVCOLUMN lvc = { };
lvc.mask = LVCF_TEXT | LVCF_WIDTH;
lvc.cx = ; for (int i = ; i < ; ++i)
{
lvc.pszText = szColName[i];
ListView_InsertColumn(hwndLV, i, &lvc);
} PWORD pOrd = (PWORD)&data[mode ? RVAtoFileOff(pied->AddressOfNameOrdinals) : pied->AddressOfNameOrdinals];
PDWORD pFun = (PDWORD)&data[mode ? RVAtoFileOff(pied->AddressOfFunctions) : pied->AddressOfFunctions];
PCHAR pName = (PCHAR)&data[mode ? RVAtoFileOff(pied->Name) : pied->Name];
pName += strlen(pName) + ;
PCHAR pTemp = pName;
LVITEM lvi = { };
lvi.mask = LVIF_TEXT; for (int i = ; i < pied->NumberOfFunctions; ++i)
{
if (!pFun[i])
continue; lvi.iItem = i;
StringCbPrintf(szTemp, , "%d", i + pied->Base);
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV, &lvi); StringCbPrintf(szTemp, , "%08X", pFun[i]);
ListView_SetItemText(hwndLV, i, , szTemp);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(pFun[i]));
ListView_SetItemText(hwndLV, i, , szTemp); int j;
for (j = ; j < pied->NumberOfNames; ++j)
{
if (pOrd[j] == i)
{
pTemp = pName; for (int k = ; k < j; k++)
{
pTemp += strlen(pTemp) + ;
}
ListView_SetItemText(hwndLV, i, , pTemp);
break;
}
}
if (j >= pied->NumberOfNames)
{
ListView_SetItemText(hwndLV, i, , "无名");
}
} break;
}
case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
} return FALSE;
} //输入表对话框 3
INT_PTR ImportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndLV1, hwndLV2;
switch (uMsg)
{
case WM_INITDIALOG:
{
hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1);
hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[][] = { "DllName","OriginalFirstThunk","TimeDateStamp","ForwarderChain","Name","FirstThunk" };
CHAR szColName2[][] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" }; LVCOLUMN lvc = { };
lvc.mask = LVCF_WIDTH | LVCF_TEXT;
lvc.cx = ; for (int i = ; i < ; ++i)
{
lvc.pszText = szColName1[i];
ListView_InsertColumn(hwndLV1, i, &lvc);
}
for (int i = ; i < ; ++i)
{
lvc.pszText = szColName2[i];
ListView_InsertColumn(hwndLV2, i, &lvc);
} PIMAGE_IMPORT_DESCRIPTOR piid = (PIMAGE_IMPORT_DESCRIPTOR)&data[mode?RVAtoFileOff(idd[].VirtualAddress):idd[].VirtualAddress];
CHAR szTemp[MAX_PATH] = { };
int k = ;
while (piid->FirstThunk)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k;
StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(piid->Name) : piid->Name]);
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV1, &lvi); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->OriginalFirstThunk);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->TimeDateStamp);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->ForwarderChain);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->Name);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->FirstThunk);
ListView_SetItemText(hwndLV1, k, , szTemp); ++k;
++piid;
} break;
} case WM_NOTIFY:
{
switch (((LPNMHDR)(lParam))->code)
{
case NM_CLICK:
{
if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
{
ListView_DeleteAllItems(hwndLV2);
int nIndex = ListView_GetSelectionMark(hwndLV1);
CHAR szBuffer[] = { };
ListView_GetItemText(hwndLV1, nIndex, , szBuffer, );
DWORD dwFirstThunk = HexStrToDec32(szBuffer); if (!bIsPe32Plus)
{
PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[] = { };
int k = ;
while (pitd32->u1.Function)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k; StringCbPrintf(szTemp, , "%08X", dwFirstThunk + k * );
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV2, &lvi);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(dwFirstThunk + k * ));
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%08X", pitd32->u1.Function);
ListView_SetItemText(hwndLV2, k, , szTemp); if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号
{
ListView_SetItemText(hwndLV2, k, , "---");
StringCbPrintf(szTemp, , "Ordinal:%X h %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000');
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //最高位为0,则可能是函数地址,或者是API名称
{
if (mode) //说明是API名称
{
PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)]; StringCbPrintf(szTemp, , "%04X", piibn->Hint);
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%s", piibn->Name);
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //说明是函数地址
{
ListView_SetItemText(hwndLV2, k, , "---");
ListView_SetItemText(hwndLV2, k, , "---");
}
} ++pitd32;
++k;
}
}
else; //pe32+
{
PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[] = { };
int k = ;
while (pitd64->u1.Function)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k; StringCbPrintf(szTemp, , "%08X", dwFirstThunk + k * );
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV2, &lvi);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(dwFirstThunk + k * ));
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%016llX", pitd64->u1.Function);
ListView_SetItemText(hwndLV2, k, , szTemp); if (pitd64->u1.Function & 0x8000'''0000) //最高位为1,则为序号
{
ListView_SetItemText(hwndLV2, k, , "---");
StringCbPrintf(szTemp, , "Ordinal:%X h %d d", pitd64->u1.Function ^ 0x8000'''0000, pitd64->u1.Function ^ 0x8000''');
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //最高位为0,则可能是函数地址,或者是API名称
{
if (mode) //说明是API名称
{
PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)]; StringCbPrintf(szTemp, , "%04X", piibn->Hint);
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%s", piibn->Name);
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //说明是函数地址
{
ListView_SetItemText(hwndLV2, k, , "---");
ListView_SetItemText(hwndLV2, k, , "---");
}
} ++pitd64;
++k;
} }
} break;
}
}
break;
}
case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //资源对话框 3
INT_PTR ResourceDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndTV = NULL;
switch (uMsg)
{
case WM_INITDIALOG:
{
hwndTV = GetDlgItem(hwndDlg, IDC_TREE1);
HWND hwndTemp;
CHAR szTemp[MAX_PATH] = { };
WCHAR szTempW[MAX_PATH] = { };
PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress]; hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfNamedEntries);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfIdEntries);
Edit_SetText(hwndTemp, szTemp); PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird+); TVINSERTSTRUCT tvis = { };
HTREEITEM hParentNode = NULL; CHAR szType[0x20][] = { "XXX","Cursor","Bitmap","Icon","Menu","Dialog" ,"字符串" ,"FontDir" ,"Font" ,"Accelerator" ,"RCData" ,"MessageTable" ,"Group_Cursor" ,"Group_Icon","XXX","XXX","Version" ,"DlgInclude" ,"XXX","PlugPlay","VXD","AniCursor","AniIcon","HTML","Manifest" };
for (int i = ; i < pird->NumberOfIdEntries + pird->NumberOfNamedEntries; ++i,++pirde)
{
tvis.hParent = NULL;
tvis.hInsertAfter = TVI_SORT;
tvis.item.mask = TVIF_TEXT | TVIF_CHILDREN;
tvis.item.cChildren = ;
if (pirde->NameIsString == )
{
StringCbPrintfA(szTemp, MAX_PATH, "%s", szType[pirde->Id]);
}
else
{
PIMAGE_RESOURCE_DIR_STRING_U pirdsu = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[].VirtualAddress + pirde->NameOffset) : idd[].VirtualAddress + pirde->NameOffset];
StringCbPrintfW(szTempW, pirdsu->Length * + , L"%s", pirdsu->NameString);
WideCharToMultiByte(CP_ACP, NULL, szTempW, -, szTemp, wcslen(szTempW) + , NULL, FALSE);
}
tvis.item.pszText = szTemp;
tvis.item.cchTextMax = MAX_PATH;
hParentNode = TreeView_InsertItem(hwndTV, &tvis); PIMAGE_RESOURCE_DIRECTORY pird_lv2 = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[].VirtualAddress+pirde->OffsetToDirectory) : idd[].VirtualAddress+ pirde->OffsetToDirectory]; TVITEM tvi = { };
tvi.mask = TVIF_PARAM;
tvi.hItem = hParentNode;
tvi.lParam = (DWORD(pird_lv2->NumberOfNamedEntries) << | pird_lv2->NumberOfIdEntries);
TreeView_SetItem(hwndTV, &tvi); PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde_lv2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird_lv2+);
tvis.hParent = hParentNode;
tvis.hInsertAfter = TVI_SORT;
tvis.item.mask = TVIF_TEXT | TVIF_PARAM; for (int j = ; j < pird_lv2->NumberOfIdEntries + pird_lv2->NumberOfNamedEntries; ++j,++pirde_lv2)
{
if (pirde_lv2->NameIsString == )
{
StringCbPrintfA(szTemp, MAX_PATH, "%d", pirde_lv2->Id);
}
else
{
PIMAGE_RESOURCE_DIR_STRING_U pirdsu_lv2 = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[].VirtualAddress + pirde_lv2->NameOffset) : idd[].VirtualAddress + pirde_lv2->NameOffset];
StringCbPrintfW(szTempW, pirdsu_lv2->Length * + , L"%s", pirdsu_lv2->NameString);
WideCharToMultiByte(CP_ACP, NULL, szTempW, -, szTemp, wcslen(szTempW) + , NULL, FALSE);
}
tvis.item.pszText = szTemp;
tvis.item.lParam = 0x8000'0000 | pirde_lv2->OffsetToDirectory;
TreeView_InsertItem(hwndTV, &tvis);
} } break;
} case WM_NOTIFY:
{
LPNMHDR lpnmh = (LPNMHDR)lParam; switch (lpnmh->code)
{
case TVN_SELCHANGED:
{
CHAR szTemp[] = { };
HWND hwndTemp = NULL;
HTREEITEM hti = TreeView_GetSelection(hwndTV); TVITEM tvi;
tvi.hItem = hti;
tvi.mask = TVIF_PARAM;
TreeView_GetItem(hwndTV, &tvi);
LPARAM tvilParam = tvi.lParam; if (tvilParam & 0x8000'0000) //第三层
{
LPARAM lPar = tvilParam ^ 0x8000'0000; PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[].VirtualAddress + lPar) : idd[].VirtualAddress + lPar]; PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird + );
PIMAGE_RESOURCE_DATA_ENTRY pirda = (PIMAGE_RESOURCE_DATA_ENTRY)&data[mode ? RVAtoFileOff(idd[].VirtualAddress+pirde->OffsetToData) : idd[].VirtualAddress+pirde->OffsetToData]; StringCbPrintf(szTemp, , "%08X", pirda->OffsetToData);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
Edit_SetText(hwndTemp, szTemp);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(pirda->OffsetToData));
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
Edit_SetText(hwndTemp, szTemp);
StringCbPrintf(szTemp, , "%08X", pirda->Size);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
Edit_SetText(hwndTemp, szTemp); HTREEITEM hParent = TreeView_GetParent(hwndTV, hti);
TVITEM tvi;
tvi.hItem = hParent;
tvi.mask = TVIF_PARAM;
TreeView_GetItem(hwndTV, &tvi);
LPARAM lPar2 = tvi.lParam; StringCbPrintf(szTemp, , "%04X", HIWORD(lPar2));
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, , "%04X", LOWORD(lPar2));
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
Edit_SetText(hwndTemp, szTemp); }
else //第二层
{
StringCbPrintf(szTemp, , "%04X", HIWORD(tvilParam));
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, , "%04X", LOWORD(tvilParam));
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
Edit_SetText(hwndTemp, "");
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
Edit_SetText(hwndTemp, "");
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7);
Edit_SetText(hwndTemp, ""); } break;
}
} break;
} case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //重定位对话框 3
INT_PTR RelocationDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndLV1, hwndLV2;
switch (uMsg)
{
case WM_INITDIALOG:
{
hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1);
hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[][] = { "Index","Section","RVA","Items"};
CHAR szColName2[][] = { "Index","RVA","Offset","Type","Far Address"}; LVCOLUMN lvc = { };
lvc.mask = LVCF_WIDTH | LVCF_TEXT;
lvc.cx = ; for (int i = ; i < ; ++i)
{
lvc.pszText = szColName1[i];
ListView_InsertColumn(hwndLV1, i, &lvc);
}
for (int i = ; i < ; ++i)
{
lvc.pszText = szColName2[i];
ListView_InsertColumn(hwndLV2, i, &lvc);
} PIMAGE_BASE_RELOCATION pibr = (PIMAGE_BASE_RELOCATION)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress];
int k = ;
CHAR szTemp[] = { };
while (pibr->VirtualAddress)
{
memcpy(&ibrl[k], pibr, pibr->SizeOfBlock);
if (pibr->SizeOfBlock > 0x1000)
{
MessageBox(hwndDlg, "pibr空间不够", "错误信息", MB_OK);
}
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k;
StringCbPrintf(szTemp, , "%d", k);
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV1, &lvi);
ListView_SetItemText(hwndLV1, k, , RVAToSectionName(pibr->VirtualAddress));
StringCbPrintf(szTemp, , "%08X", pibr->VirtualAddress);
ListView_SetItemText(hwndLV1, k, , szTemp);
int nCount = ((pibr->SizeOfBlock - ) / );
StringCbPrintf(szTemp, , "%Xh / %dd", nCount,nCount);
ListView_SetItemText(hwndLV1, k, , szTemp); pibr = (PIMAGE_BASE_RELOCATION)((ULONGLONG)pibr + pibr->SizeOfBlock);
++k;
} break;
} case WM_NOTIFY:
{
switch (((LPNMHDR)(lParam))->code)
{
case NM_CLICK:
{
if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
{
ListView_DeleteAllItems(hwndLV2);
int nIndex = ListView_GetSelectionMark(hwndLV1); int nCount = (((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock - ) / ;
CHAR szTemp[] = { };
WORD* pItem = (WORD*)((ULONGLONG)&(((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock) + );
for (int j = ; j < nCount ; ++j,++pItem)
{ LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = j; StringCbPrintf(szTemp, , "%d", j + );
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, , "%08X", ((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress);
ListView_SetItemText(hwndLV2, j, , szTemp); StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress));
ListView_SetItemText(hwndLV2, j, , szTemp); int type = ((*pItem) & 0xf000) >> ;
switch (type)
{
case IMAGE_REL_BASED_ABSOLUTE:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_ABSOLUTE");
break;
}
case IMAGE_REL_BASED_HIGH:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_HIGH");
break;
}
case IMAGE_REL_BASED_LOW:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_LOW");
break;
}
case IMAGE_REL_BASED_HIGHLOW:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_HIGHLOW");
break;
}
case IMAGE_REL_BASED_HIGHADJ:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_HIGHADJ");
break;
}
case IMAGE_REL_BASED_MACHINE_SPECIFIC_5:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_5");
break;
}
case IMAGE_REL_BASED_RESERVED:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_RESERVED");
break;
}
case IMAGE_REL_BASED_MACHINE_SPECIFIC_7:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_7");
break;
}
case IMAGE_REL_BASED_MACHINE_SPECIFIC_8:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_8");
break;
}
case IMAGE_REL_BASED_MACHINE_SPECIFIC_9:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_9");
break;
}
case IMAGE_REL_BASED_DIR64:
{
StringCbPrintf(szTemp, , "%s", "IMAGE_REL_BASED_DIR64");
break;
}
default:
{
StringCbPrintf(szTemp, , "%s", "Others");
break;
}
}
ListView_SetItemText(hwndLV2, j, , szTemp); if (bIsPe32Plus) //pe32+的地址是16个字节
{
StringCbPrintf(szTemp, , "%016llX", *(ULONGLONG*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]);
}
else //PE32的地址是8个字节
{
StringCbPrintf(szTemp, , "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]);
} //+的优先级高于&,所以这里必须括号
ListView_SetItemText(hwndLV2, j, , szTemp); } } break;
} } break;
} case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //TLS表对话框 3
INT_PTR TlsTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
if (!bIsPe32Plus) //pe32
{
PIMAGE_TLS_DIRECTORY32 pibr = (PIMAGE_TLS_DIRECTORY32)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress]; CHAR szTemp[] = { };
HWND hwndTemp;
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
StringCbPrintf(szTemp, , "%08X", pibr->StartAddressOfRawData);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
StringCbPrintf(szTemp, , "%08X", pibr->EndAddressOfRawData);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
StringCbPrintf(szTemp, , "%08X", pibr->AddressOfIndex);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
StringCbPrintf(szTemp, , "%08X", pibr->AddressOfCallBacks);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
StringCbPrintf(szTemp, , "%08X", pibr->SizeOfZeroFill);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
StringCbPrintf(szTemp, , "%08X", pibr->Characteristics);
Edit_SetText(hwndTemp, szTemp);
}
else //pe32+
{
PIMAGE_TLS_DIRECTORY64 pibr64 = (PIMAGE_TLS_DIRECTORY64)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress]; CHAR szTemp[] = { };
HWND hwndTemp;
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1);
StringCbPrintf(szTemp, , "%016llX", pibr64->StartAddressOfRawData);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2);
StringCbPrintf(szTemp, , "%016llX", pibr64->EndAddressOfRawData);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3);
StringCbPrintf(szTemp, , "%016llX", pibr64->AddressOfIndex);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4);
StringCbPrintf(szTemp, , "%016llX", pibr64->AddressOfCallBacks);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5);
StringCbPrintf(szTemp, , "%08X", pibr64->SizeOfZeroFill);
Edit_SetText(hwndTemp, szTemp);
hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6);
StringCbPrintf(szTemp, , "%08X", pibr64->Characteristics);
Edit_SetText(hwndTemp, szTemp);
} break;
}
case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //延迟输入表对话框 3
INT_PTR DelayImportDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndLV1, hwndLV2; switch (uMsg)
{
case WM_INITDIALOG:
{
hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST2);
hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST3); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT);
ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[][] = { "DllName","OriginalFirstThunk","TimeDateStamp","BoundImportAddressTableRVA","Name","FirstThunk","ModuleHandle" };
CHAR szColName2[][] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" }; LVCOLUMN lvc = { };
lvc.mask = LVCF_WIDTH | LVCF_TEXT;
lvc.cx = ; for (int i = ; i < ; ++i)
{
lvc.pszText = szColName1[i];
ListView_InsertColumn(hwndLV1, i, &lvc);
}
for (int i = ; i < ; ++i)
{
lvc.pszText = szColName2[i];
ListView_InsertColumn(hwndLV2, i, &lvc);
} PIMAGE_DELAYLOAD_DESCRIPTOR pidd = (PIMAGE_DELAYLOAD_DESCRIPTOR)&data[mode ? RVAtoFileOff(idd[].VirtualAddress) : idd[].VirtualAddress];
CHAR szTemp[MAX_PATH] = { };
int k = ;
while (pidd->ImportAddressTableRVA)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k;
StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(pidd->DllNameRVA) : pidd->DllNameRVA]);
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV1, &lvi); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportNameTableRVA);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->TimeDateStamp);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->BoundImportAddressTableRVA);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->DllNameRVA);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportAddressTableRVA);
ListView_SetItemText(hwndLV1, k, , szTemp);
StringCbPrintf(szTemp, MAX_PATH, "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(pidd->ModuleHandleRVA) : pidd->ModuleHandleRVA]);
ListView_SetItemText(hwndLV1, k, , szTemp);
++k;
++pidd;
} break;
} case WM_NOTIFY:
{
switch (((LPNMHDR)(lParam))->code)
{
case NM_CLICK:
{
if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1)
{
ListView_DeleteAllItems(hwndLV2);
int nIndex = ListView_GetSelectionMark(hwndLV1);
CHAR szBuffer[] = { };
ListView_GetItemText(hwndLV1, nIndex, , szBuffer, ); //这DelayImport得解析INT,才有名字,IAT即便是在文件中也是个地址
DWORD dwFirstThunk = HexStrToDec32(szBuffer); if (!bIsPe32Plus)
{
PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[] = { };
int k = ;
while (pitd32->u1.Function)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k; StringCbPrintf(szTemp, , "%08X", dwFirstThunk + k * );
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV2, &lvi);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(dwFirstThunk + k * ));
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%08X", pitd32->u1.Function);
ListView_SetItemText(hwndLV2, k, , szTemp); if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号
{
ListView_SetItemText(hwndLV2, k, , "---");
StringCbPrintf(szTemp, , "Ordinal:%X h %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000');
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //最高位为0,则可能是函数地址,或者是API名称
{
if (mode) //说明是API名称
{
PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)]; StringCbPrintf(szTemp, , "%04X", piibn->Hint);
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%s", piibn->Name);
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //说明是函数地址
{
ListView_SetItemText(hwndLV2, k, , "---");
ListView_SetItemText(hwndLV2, k, , "---");
}
} ++pitd32;
++k;
}
}
else //pe32+
{
PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]);
CHAR szTemp[] = { };
int k = ;
while (pitd64->u1.Function)
{
LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
lvi.iItem = k; StringCbPrintf(szTemp, , "%08X", dwFirstThunk + k * );
lvi.pszText = szTemp;
ListView_InsertItem(hwndLV2, &lvi);
StringCbPrintf(szTemp, , "%08X", RVAtoFileOff(dwFirstThunk + k * ));
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%016llX", pitd64->u1.Function);
ListView_SetItemText(hwndLV2, k, , szTemp); if (pitd64->u1.Function & 0x8000'''0000) //最高位为1,则为序号
{
ListView_SetItemText(hwndLV2, k, , "---");
StringCbPrintf(szTemp, , "Ordinal:%X h %d d", pitd64->u1.Function ^ 0x8000'''0000, pitd64->u1.Function ^ 0x8000''');
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //最高位为0,则可能是函数地址,或者是API名称
{
if (mode) //说明是API名称
{
PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)]; StringCbPrintf(szTemp, , "%04X", piibn->Hint);
ListView_SetItemText(hwndLV2, k, , szTemp);
StringCbPrintf(szTemp, , "%s", piibn->Name);
ListView_SetItemText(hwndLV2, k, , szTemp);
}
else //说明是函数地址
{
ListView_SetItemText(hwndLV2, k, , "---");
ListView_SetItemText(hwndLV2, k, , "---");
}
} ++pitd64;
++k;
}
}
} break;
}
}
break;
}
case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //数据目录表对话框 2
INT_PTR DataDirectoryDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
CHAR szTemp[] = { };
HWND hwndTemp;
int nOrder[0x20] =
{ IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT5,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT33, IDC_EDIT34, IDC_EDIT9,IDC_EDIT10,IDC_EDIT11,IDC_EDIT12,IDC_EDIT13,IDC_EDIT14,IDC_EDIT15,IDC_EDIT16,IDC_EDIT17,IDC_EDIT18,IDC_EDIT19,IDC_EDIT20,IDC_EDIT21,IDC_EDIT22,IDC_EDIT23,IDC_EDIT24,IDC_EDIT25,IDC_EDIT26,IDC_EDIT27,IDC_EDIT28,IDC_EDIT29,IDC_EDIT30 };
for (int i = ; i < 0x10; ++i)
{
wsprintf(szTemp, "%08X", idd[i].VirtualAddress);
hwndTemp = GetDlgItem(hwndDlg, nOrder[*i]);
Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", idd[i].Size);
hwndTemp = GetDlgItem(hwndDlg, nOrder[*i+]);
Edit_SetText(hwndTemp, szTemp);
} break;
} case WM_COMMAND:
{
switch (LOWORD(wParam)) //每个一个DialogBox
{
case IDC_BUTTON1: //Export Table
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "输出表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG5), hwndDlg, (DLGPROC)ExportTableDlg);
break;
}
case IDC_BUTTON2: //Import Table
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "输入表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG6), hwndDlg, (DLGPROC)ImportTableDlg);
break;
}
case IDC_BUTTON3: //Resource
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "资源表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG7), hwndDlg, (DLGPROC)ResourceDlg);
break;
}
case IDC_BUTTON4: //Relocation
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "重定位表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG8), hwndDlg, (DLGPROC)RelocationDlg);
break;
}
case IDC_BUTTON5: //TlsTable
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "TLS表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG9), hwndDlg, (DLGPROC)TlsTableDlg);
break;
}
case IDC_BUTTON7: //DelayImport
{
if (idd[].Size == )
{
MessageBox(hwndDlg, "延迟输入表不存在", "错误信息", MB_OK);
break;
}
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG10), hwndDlg, (DLGPROC)DelayImportDlg);
break;
}
}
break;
} case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
}
return FALSE;
} //区段对话框 2
INT_PTR SectionDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static HWND hwndSectionListView = NULL;
switch (uMsg)
{
case WM_INITDIALOG:
{
RECT rc = { };
GetWindowRect(hwndDlg, &rc); hwndSectionListView = CreateWindow(WC_LISTVIEW, "", WS_VISIBLE | WS_CHILD | LVS_REPORT | LVS_SHOWSELALWAYS,
, , , , hwndDlg, NULL, g_hInst, NULL);
ListView_SetExtendedListViewStyle(hwndSectionListView, LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
SetWindowPos(hwndSectionListView, HWND_TOP, , ,
rc.right - rc.left, rc.bottom - rc.top - , SWP_SHOWWINDOW); LVCOLUMN lvc = { }; lvc.mask = LVCF_FMT | LVCF_WIDTH | LVCF_TEXT;
lvc.cx = ;
lvc.fmt = LVCFMT_LEFT; for (int i = ; i < nSectionColNum; ++i)
{
lvc.pszText = szSectionColName[i];
ListView_InsertColumn(hwndSectionListView, i, &lvc);
} LVITEM lvi = { };
lvi.mask = LVIF_TEXT;
CHAR szTemp[] = { };
for (int i = ; i < nNumOfSections; ++i)
{
lvi.iItem = i;
lvi.iSubItem = ;
lvi.pszText = (CHAR*)&ish[i].Name;
ListView_InsertItem(hwndSectionListView, &lvi); wsprintf(szTemp, "%08X", ish[i].VirtualAddress);
ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_voffset, szTemp); wsprintf(szTemp, "%08X", ish[i].Misc.VirtualSize);
ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_vsize, szTemp); wsprintf(szTemp, "%08X", ish[i].PointerToRawData);
ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_roffset, szTemp); wsprintf(szTemp, "%08X", ish[i].SizeOfRawData);
ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_rsize, szTemp); wsprintf(szTemp, "%08X", ish[i].Characteristics);
ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_flags, szTemp);
} break;
} case WM_CLOSE:
{
EndDialog(hwndDlg, );
break;
}
} return FALSE;
} //PE对话框 1 //后面的数字代表层次
INT_PTR PEDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
GetBasicPEInfo(hwndDlg); break;
} case WM_COMMAND:
{ switch (LOWORD(wParam))
{
case IDC_BUTTON1: //Sections
{
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG3), hwndDlg, (DLGPROC)SectionDlg);
break;
}
case IDC_BUTTON2: //Directories
{
DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG4), hwndDlg, (DLGPROC)DataDirectoryDlg);
break;
}
} break;
} case WM_CLOSE:
{
free(data);
EndDialog(hwndDlg, );
break;
}
} return FALSE;
} //PE对话框线程的入口函数
DWORD PEInfoDlg(LPVOID lpParam)
{
bIsPe32Plus = FALSE;
mode = (INT64)lpParam; //0代表是内存,否则就是磁盘文件完整路径 DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG2), hwndMainWnd, (DLGPROC)PEDlg); return ;
}

以下是资源文件.rc:

// Microsoft Visual C++ generated resource script.
//
#include "resource.h" #define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "winres.h" /////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS /////////////////////////////////////////////////////////////////////////////
// 中文(简体,中国) resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED #ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
// TEXTINCLUDE
BEGIN
"resource.h\0"
END TEXTINCLUDE
BEGIN
"#include ""winres.h""\r\n"
"\0"
END TEXTINCLUDE
BEGIN
"\r\n"
"\0"
END #endif // APSTUDIO_INVOKED /////////////////////////////////////////////////////////////////////////////
//
// Menu
// IDR_MENU1 MENU
BEGIN
POPUP "文件"
BEGIN
MENUITEM "打开PE文件", ID_40001
MENUITEM "得到更多信息", ID_40017
END
POPUP "选项"
BEGIN
MENUITEM "置于顶层", ID_40004
END
POPUP "查看"
BEGIN
MENUITEM "立即刷新", ID_40005
END
END IDR_MENU2 MENU
BEGIN
POPUP "ProcessTabMenu"
BEGIN
MENUITEM "结束进程", ID_PROCESSTABMENU_40010
MENUITEM "进程属性", ID_PROCESSTABMENU_40011
MENUITEM "得到PE信息", ID_PROCESSTABMENU_40012
MENUITEM "代码注入", ID_PROCESSTABMENU_40013
MENUITEM "保护该进程", ID_PROCESSTABMENU_40014
MENUITEM "注入DLL", ID_PROCESSTABMENU_40016
END
END /////////////////////////////////////////////////////////////////////////////
//
// Dialog
// IDD_DIALOG1 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CLIPSIBLINGS | WS_CAPTION | WS_SYSMENU
CAPTION "Dialog"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
END IDD_DIALOG2 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[PE Editor]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
GROUPBOX "Basic PE Header Information",IDC_STATIC,,,,
LTEXT "EntryPoint",IDC_STATIC,,,,
LTEXT "ImageBase",IDC_STATIC,,,,
LTEXT "SizeOfImage",IDC_STATIC,,,,
LTEXT "BaseOfCode",IDC_STATIC,,,,
LTEXT "BaseOfData",IDC_STATIC,,,,
LTEXT "SectionAlignment",IDC_STATIC,,,,
LTEXT "FileAlignment",IDC_STATIC,,,,
LTEXT "Magic",IDC_STATIC,,,,
EDITTEXT IDC_EDIT1,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT2,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT3,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT4,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT5,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT6,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT7,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT8,,,,,ES_AUTOHSCROLL
LTEXT "Subsystem",IDC_STATIC,,,,
LTEXT "NumberOfSections",IDC_STATIC,,,,
LTEXT "TimeDateStamp",IDC_STATIC,,,,
LTEXT "SizeOfHeaders",IDC_STATIC,,,,
LTEXT "Characteristics",IDC_STATIC,,,,
LTEXT "Checksum",IDC_STATIC,,,,
LTEXT "SizeOfOptionalHeader",IDC_STATIC,,,,
LTEXT "NumOfRvaAndSizes",IDC_STATIC,,,,
EDITTEXT IDC_EDIT9,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT10,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT11,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT12,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT13,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT14,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT15,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT16,,,,,ES_AUTOHSCROLL
PUSHBUTTON "Sections",IDC_BUTTON1,,,,
PUSHBUTTON "Directories",IDC_BUTTON2,,,,
END IDD_DIALOG3 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[Section Table]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
END IDD_DIALOG4 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[Directory Table]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
GROUPBOX "Directory Information",IDC_STATIC,,,,
LTEXT "ExportTable",IDC_STATIC,,,,
LTEXT "ImportTable",IDC_STATIC,,,,
LTEXT "Resource",IDC_STATIC,,,,
LTEXT "Exception",IDC_STATIC,,,,
LTEXT "Security",IDC_STATIC,,,,
LTEXT "Relocation",IDC_STATIC,,,,
LTEXT "Debug",IDC_STATIC,,,,
LTEXT "Copyright",IDC_STATIC,,,,
LTEXT "GlobalPtr",IDC_STATIC,,,,
LTEXT "TlsTable",IDC_STATIC,,,,
LTEXT "LoadConfig",IDC_STATIC,,,,
LTEXT "BoundImport",IDC_STATIC,,,,
LTEXT "IAT",IDC_STATIC,,,,
LTEXT "DelayImport",IDC_STATIC,,,,
LTEXT "COM",IDC_STATIC,,,,
LTEXT "Reserved",IDC_STATIC,,,,
EDITTEXT IDC_EDIT1,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT2,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT3,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT4,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT5,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT6,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT7,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT8,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT9,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT10,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT11,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT12,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT13,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT14,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT15,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT16,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT17,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT18,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT19,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT20,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT21,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT22,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT23,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT24,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT25,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT26,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT27,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT28,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT29,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT30,,,,,ES_AUTOHSCROLL
LTEXT "RVA",IDC_STATIC,,,,
LTEXT "Size",IDC_STATIC,,,,
PUSHBUTTON "...",IDC_BUTTON1,,,,
PUSHBUTTON "...",IDC_BUTTON2,,,,
PUSHBUTTON "...",IDC_BUTTON3,,,,
PUSHBUTTON "...",IDC_BUTTON4,,,,
PUSHBUTTON "...",IDC_BUTTON5,,,,
PUSHBUTTON "...",IDC_BUTTON7,,,,
EDITTEXT IDC_EDIT33,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT34,,,,,ES_AUTOHSCROLL
END IDD_DIALOG5 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[ Export Table]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
GROUPBOX "Export Information",IDC_STATIC,,,,
CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
LTEXT "OffToExpTbl",IDC_STATIC,,,,
LTEXT "Characteristic",IDC_STATIC,,,,
LTEXT "Base",IDC_STATIC,,,,
LTEXT "Name",IDC_STATIC,,,,
LTEXT "NameStr",IDC_STATIC,,,,
LTEXT "NumOfFuncs",IDC_STATIC,,,,
LTEXT "NumOfNames",IDC_STATIC,,,,
LTEXT "AddrOfFuncs",IDC_STATIC,,,,
LTEXT "AddrOfNames",IDC_STATIC,,,,
LTEXT "AddrOfOrds",IDC_STATIC,,,,
EDITTEXT IDC_EDIT1,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT2,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT3,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT4,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT5,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT6,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT7,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT8,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT9,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT10,,,,,ES_AUTOHSCROLL
END IDD_DIALOG6 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[Import Table]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
END IDD_DIALOG7 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[Resource Directory]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
CONTROL "",IDC_TREE1,"SysTreeView32",TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT | TVS_SHOWSELALWAYS | WS_BORDER | WS_HSCROLL | WS_TABSTOP,,,,
GROUPBOX "Root Directory",IDC_STATIC,,,,
GROUPBOX "Selected Directory",IDC_STATIC,,,,
GROUPBOX "Selected Item",IDC_STATIC,,,,
LTEXT "Name Entries",IDC_STATIC,,,,
LTEXT "ID Entries",IDC_STATIC,,,,
EDITTEXT IDC_EDIT1,,,,,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_EDIT2,,,,,ES_AUTOHSCROLL | ES_READONLY
LTEXT "Name Entries",IDC_STATIC,,,,
LTEXT "ID Entires",IDC_STATIC,,,,
EDITTEXT IDC_EDIT3,,,,,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_EDIT4,,,,,ES_AUTOHSCROLL | ES_READONLY
LTEXT "RVA",IDC_STATIC,,,,
LTEXT "Offset",IDC_STATIC,,,,
LTEXT "Size",IDC_STATIC,,,,
EDITTEXT IDC_EDIT5,,,,,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_EDIT6,,,,,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_EDIT7,,,,,ES_AUTOHSCROLL | ES_READONLY
END IDD_DIALOG8 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[ Relocation ]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
GROUPBOX "Blocks",IDC_STATIC,,,,
GROUPBOX "Block Items",IDC_STATIC,,,,
CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
END IDD_DIALOG9 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[TLS Table]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
GROUPBOX "TLS Information",IDC_STATIC,,,,
LTEXT "DataBlockStartVA",IDC_STATIC,,,,
LTEXT "DataBlockEndVA",IDC_STATIC,,,,
LTEXT "IndexVariableVA",IDC_STATIC,,,,
LTEXT "CallBackTableVA",IDC_STATIC,,,,
LTEXT "SizeOfZeroFill",IDC_STATIC,,,,
LTEXT "Characteristics",IDC_STATIC,,,,
EDITTEXT IDC_EDIT1,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT2,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT3,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT4,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT5,,,,,ES_AUTOHSCROLL
EDITTEXT IDC_EDIT6,,,,,ES_AUTOHSCROLL
END IDD_DIALOG10 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Dialog"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
CONTROL "",IDC_LIST3,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,,,,
END IDD_DIALOG11 DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "[Inject Code]"
FONT , "MS Shell Dlg", , , 0x1
BEGIN
EDITTEXT IDC_EDIT1,,,,,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
LTEXT "VA to inject(in hex)",IDC_STATIC1,,,,
EDITTEXT IDC_EDIT2,,,,,ES_UPPERCASE | ES_AUTOHSCROLL
LTEXT "目标地址的若干条指令",IDC_STATIC,,,,
PUSHBUTTON "得到指令",IDC_BUTTON1,,,,
LTEXT "要注入的指令",IDC_STATIC,,,,
EDITTEXT IDC_EDIT3,,,,,ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_WANTRETURN | WS_VSCROLL
PUSHBUTTON "注入指令",IDC_BUTTON2,,,,
LTEXT "Static",IDC_STATIC2,,,,
END /////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
// #ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
BEGIN
IDD_DIALOG1, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG2, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG3, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG4, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG5, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG6, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG7, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG8, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG9, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG10, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END IDD_DIALOG11, DIALOG
BEGIN
LEFTMARGIN,
RIGHTMARGIN,
TOPMARGIN,
BOTTOMMARGIN,
END
END
#endif // APSTUDIO_INVOKED /////////////////////////////////////////////////////////////////////////////
//
// AFX_DIALOG_LAYOUT
// IDD_DIALOG1 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG2 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG3 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG4 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG5 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG6 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG7 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG8 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG9 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG10 AFX_DIALOG_LAYOUT
BEGIN END IDD_DIALOG11 AFX_DIALOG_LAYOUT
BEGIN END #endif // 中文(简体,中国) resources
///////////////////////////////////////////////////////////////////////////// #ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
// /////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED

以下是

PE格式文件的解析代码的更多相关文章

  1. 音频文件解析(一):WAV格式文件头部解析

    WAV为微软公司(Microsoft)开发的一种声音文件格式,它符合RIFF(Resource Interchange File Format)文件规范,用于保存Windows平台的音频信息资源. 文 ...

  2. 歌词文件解析(一):LRC格式文件的解析

    LRC是英文lyric(歌词)的缩写,被用做歌词文件的扩展名.以lrc为扩展名的歌词文件可以在各类数码播放器中同步显示.LRC 歌词是一种包含着“*:*”形式的“标签(tag)”的基于纯文本的歌词专用 ...

  3. [VB.NET][C#]WAV格式文件头部解析

    简介 WAV 为微软开发的一种声音文件格式,它符合 RIFF(Resource Interchange File Format)文件规范,用于保存 Windows 平台的音频信息资源. 第一节 文件头 ...

  4. 【转】java将excel文件转换成txt格式文件

    在实际应用中,我们难免会遇到解析excel文件入库事情,有时候为了方便,需要将excel文件转成txt格式文件.下面代码里面提供对xls.xlsx两种格式的excel文件解析,并写入到一个新的txt文 ...

  5. PE格式第四讲,数据目录表之导入表,以及IAT表

    PE格式第四讲,数据目录表之导入表,以及IAT表 一丶IAT(地址表) 首先我们思考一个问题,程序加载的时候会调用API,比如我们以前写的标准PE 那么他到底是怎么去调用的? 他会Call 下边的Jm ...

  6. PE格式第九讲,资源表解析

    PE格式第九讲,资源表解析 一丶熟悉Windows管理文件的方法 首先,为什么标题是这个,主要是为了下边讲解资源方便,因为资源结构体很乱.如果直接拿出来讲解,那么就会很晕. 1.windows管理文件 ...

  7. Dicom格式文件解析器

    转自:http://www.cnblogs.com/assassinx/archive/2013/01/09/dicomViewer.html Dicom全称是医学数字图像与通讯,这里讲的暂不涉及通讯 ...

  8. PE文件解析器的编写(二)——PE文件头的解析

    之前在学习PE文件格式的时候,是通过自己查看各个结构,自己一步步计算各个成员在结构中的偏移,然后在计算出其在文件中的偏移,从而找到各个结构的值,但是在使用C语言编写这个工具的时候,就比这个方便的多,只 ...

  9. MMIO----Wav格式文件解析

    DirectSound只支持Wav格式的音频文件,在创建次缓冲区之前需要先确定播放的Wav音频数据的格式.如果是从本地Wav文件播放,则需要先读出它的数据格式. 1. Wav音频格式布局 Wav是WA ...

随机推荐

  1. 解决ping不通win7主机

    之前在路由器上ping笔记本发现ping不通,但是笔记本ping路由器通,也没多想.今天想起来可能是win7的防火墙作怪,以前上课虚拟机好像也是ping不通宿主机,但是宿主机能ping通虚拟机. 简单 ...

  2. oracle SQL性能分析之10053事件

    优化器生成正确执行计划的前提条件是要有正确的统计信息,不准确的统计信息往往会导致错误的执行计划.当通过SQL和基数推断出的执行计划和实际执行计划不同时,就可以借助10053事件.10053事件是用来诊 ...

  3. MySQL触发器在建立时,报语法错的问题

    delimiter $$ create trigger trg_delete_on_users before DELETE on users for each row begin delete fro ...

  4. Xml & Tomcat

    文档声明: 简单声明, version : 解析这个xml的时候,使用什么版本的解析器解析 <?xml version="1.0" ?> encoding : 解析xm ...

  5. ARDUINO入门按键通信试验

    1.1按键实验 1.需要学习的知识: 1) Arduino 的输入口配置方法,配置函数的用法 通过pinMode()函数,可以将ADUINO的引脚配置(INPUT)输入模式 2) 搞懂什么是抖动 机械 ...

  6. 提高组noip2015

    一道二分答案裸题,一道dp,一道各种裸题的混合(树上差分+二分答案+LCA) stone: 二分查找裸题啊: int check(int x) { ,last=; ;i<=n;i++) if(a ...

  7. Vue路由(组件)懒加载(异步)

    传统的引入方式 import test from '@/components/test' { path: '/test', name: '测试页面', component:test }, 懒加载的方式 ...

  8. kamailio 云部署 配置NAT

    公有云配置NAT 第一步:将内网ip广播至公网ip,编辑/etc/kamailio/kamailio.cfg文件,搜索listen,添加如下配置 # listen=udp: listen= adver ...

  9. iOS has conflicting provisioning settings 解法

    *:first-child { margin-top: 0 !important; } body > *:last-child { margin-bottom: 0 !important; } ...

  10. git误commit大文件导致不能push问题解决

    git push时终端报错: error: RPC failed; HTTP 413 curl 22 The requested URL returned error: 413 Request Ent ...