32位汇编编写PE查看器
很久没用汇编大规模编码了,今天本打算用c语言写的。想想还是用汇编写就算是把将要遗忘的汇编找回来。开发工具很简单。介绍下:
操作系统:xp sp3(en)
编译器 :MASM 8
项目组织:MakeFile
开发工具:EditPlus 3.10
基本上跟linux上写代码一样感觉了。呵呵。我编写PE查看器,主要目的是熟练下汇编,其次就是更加深入理解PE结构。这东西没写过这次,确实还有很多盲点。写完后感觉真的不同,比看100遍书效果都要强。PE结构和原理这里我就不讲了,我这里只是贴下代码。如果有时间,我再写专门文章,这东西讲解我必须画N多的漂亮图片,要时间啊。以后吧。
界面图:
工程结构:
PEInfo.asm 主界面
About.asm 关于界面
Import.asm 导入表界面
Section.asm 节表界面
dlgMain.rc 资源文件
MAKEFILE 辅助编译用的。windows上高级语言,工具帮你做这个了。但linux和汇编都是自己写罗
主界面(PEInfo.asm)
.386
.model flat,stdcall
option casemap:none
;Description : PE INFO Tools
;Authors: zhujian
;City: changsha
;date: 2009/1/20
include WINDOWS.INC
include user32.inc
include kernel32.inc
include comdlg32.inc
includelib user32.lib
includelib kernel32.lib
includelib Comdlg32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>Recource ID Const >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
IDD_DLG1 equ 1000
IDC_EDT_FILE equ 1001
IDC_BTN_OPEN equ 1002
IDC_STC1 equ 1003
IDC_EntyPoint equ 1004
IDC_EDT_EntryPoint equ 1005
IDC_EDT_ImageBase equ 1006
IDC_ImageBase equ 1007
IDC_EDT_CodeBase equ 1008
IDC_CodeBase equ 1009
IDC_EDT_DataBase equ 1010
IDC_DataBase equ 1011
IDC_EDT_ImageSize equ 1012
IDC_ImageSize equ 1013
IDC_EDT_HeadersSize equ 1014
IDC_HeadersSize equ 1015
IDC_EDT1 equ 1016
IDC_SectionAlig equ 1017
IDC_EDT_FileAligment equ 1018
IDC_FileAligment equ 1019
IDC_EDT_Subsystem equ 1020
IDC_Subsystem equ 1021
IDC_EDT_CheckSum equ 1022
IDC_CheckSum equ 1023
IDC_EDT_DllFlags equ 1024
IDC_STC2 equ 1026
IDC_Machine equ 1027
IDC_EDT_Machine equ 1028
IDC_EDT_NumberOfSections equ 1029
IDC_NumberOfSections equ 1030
IDC_EDT_TimeDateStamp equ 1031
IDC_TimeDateStamp equ 1032
IDC_EDT_PointerOfSymbol equ 1033
IDC_PointerToSymbol equ 1034
IDC_EDT_NumberOfSymbols equ 1035
IDC_NumberOfSymbols equ 1036
IDC_EDT_SizeOfOptional equ 1037
IDC_SizeOfOptional equ 1038
IDC_EDT_Characteristics equ 1039
IDC_Characteristics equ 1040
IDC_STC3 equ 1041
IDC_BTN_SectionTable equ 1042
IDC_BTN_DataDirectory equ 1043
IDC_BTN_About equ 1044
IDC_BTN_Exit equ 1045
IDD_DLG_About equ 1100
IDD_DLG_Section equ 1200
IDC_BTN_IAT equ 1046
IDD_DLG_Import equ 1300
ICON_MAIN equ 100
_MAPFILE_STRUCT STRUCT
hFile DWORD ?
hMapFile DWORD ?
ImageBase DWORD ?
lpPEHeader DWORD ?
dwFilesize DWORD ?
_MAPFILE_STRUCT ENDS
public stMapFile
.const
szFilter db 'PE Files(*.exe;*.dll)',0,'*.exe;*.dll',0,'All Files(*.*)',0,'*.*',0,0
szOpenFileErr db 'Open File Error',0
szFileIsNotExe db 'File Is Not Exe',0
szFmtHex1 db "%04x",0
szFmtHex db "%08lx",0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Data Segment>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
szFileName db MAX_PATH dup(?)
hFile dd ?
stMapFile _MAPFILE_STRUCT<?,?,?,?,?>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>code Segment>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
AboutProc proto:DWORD,:DWORD,:DWORD,:DWORD
SectionProc proto:DWORD,:DWORD,:DWORD,:DWORD
ImportProc proto:DWORD,:DWORD,:DWORD,:DWORD
showNtHeader proc uses esi,hwnd:DWORD
local @szbuffer[64]:byte
mov esi,offset stMapFile
assume esi:ptr _MAPFILE_STRUCT
mov ebx,[esi].lpPEHeader
mov esi,ebx
assume esi:ptr IMAGE_NT_HEADERS
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.AddressOfEntryPoint
invoke SetDlgItemText,hwnd,IDC_EDT_EntryPoint,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.ImageBase
invoke SetDlgItemText,hwnd,IDC_EDT_ImageBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfCode
invoke SetDlgItemText,hwnd,IDC_EDT_CodeBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfData
invoke SetDlgItemText,hwnd,IDC_EDT_DataBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfImage
invoke SetDlgItemText,hwnd,IDC_EDT_ImageSize,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfHeaders
invoke SetDlgItemText,hwnd,IDC_EDT_HeadersSize,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.FileAlignment
invoke SetDlgItemText,hwnd,IDC_EDT_FileAligment,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SectionAlignment
invoke SetDlgItemText,hwnd,IDC_EDT1,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.Subsystem
invoke SetDlgItemText,hwnd,IDC_EDT_Subsystem,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.CheckSum
invoke SetDlgItemText,hwnd,IDC_EDT_CheckSum,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.LoaderFlags
invoke SetDlgItemText,hwnd,IDC_EDT_DllFlags,addr @szbuffer
assume esi:nothing
ret
showNtHeader endp
showFileHeader proc uses esi, hwnd:DWORD
local @szbuffer[64]:byte
mov esi,offset stMapFile
assume esi:ptr _MAPFILE_STRUCT
mov ebx,[esi].lpPEHeader
mov esi,ebx
assume esi:ptr IMAGE_NT_HEADERS
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Machine
invoke SetDlgItemText,hwnd,IDC_EDT_Machine,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.NumberOfSections
invoke SetDlgItemText,hwnd,IDC_EDT_NumberOfSections,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.TimeDateStamp
invoke SetDlgItemText,hwnd,IDC_EDT_TimeDateStamp,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.PointerToSymbolTable
invoke SetDlgItemText,hwnd,IDC_EDT_PointerOfSymbol,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.NumberOfSymbols
invoke SetDlgItemText,hwnd,IDC_EDT_NumberOfSymbols,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.SizeOfOptionalHeader
invoke SetDlgItemText,hwnd,IDC_EDT_SizeOfOptional,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Characteristics
invoke SetDlgItemText,hwnd,IDC_EDT_Characteristics,addr @szbuffer
assume esi:nothing
ret
showFileHeader endp
_UnLoadFile proc pstMapFile
push ebx
xor ebx,ebx
mov ebx,pstMapFile
assume ebx:ptr _MAPFILE_STRUCT
.if [ebx].ImageBase
invoke CloseHandle,[ebx].ImageBase
.endif
.if [ebx].hMapFile
invoke CloseHandle,[ebx].hMapFile
.endif
.if [ebx].hFile
invoke CloseHandle,[ebx].hFile
.endif
assume ebx:nothing
pop ebx
ret
_UnLoadFile endp
LoadAndIsPEFile proc uses esi,hwnd
LOCAL @dwFileSize:DWORD
LOCAL @hMapFile:DWORD
LOCAL @lpImageBase:DWORD
invoke CreateFile,addr szFileName,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
cmp eax,INVALID_HANDLE_VALUE
jz @F
mov hFile,eax
invoke GetFileSize,hFile,NULL
mov @dwFileSize,eax
test eax,eax
jz @F
invoke CreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,NULL
test eax,eax
jz @F
mov @hMapFile,eax
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
test eax,eax
jz @F
mov @lpImageBase,eax ;Get Image Base Address values
;Is PE Format ?
mov esi,@lpImageBase
assume esi:ptr IMAGE_DOS_HEADER
cmp [esi].e_magic,IMAGE_DOS_SIGNATURE
jnz FileFormatErr
add esi,[esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
cmp [esi].Signature,IMAGE_NT_SIGNATURE
jnz FileFormatErr
;set _MAPFILE_STRUCT value
push ebx
xor ebx,ebx
mov ebx,offset stMapFile
assume ebx:ptr _MAPFILE_STRUCT
mov eax,hFile
mov [ebx].hFile,eax
mov eax,@hMapFile
mov [ebx].hMapFile,eax
mov eax,@lpImageBase
mov [ebx].ImageBase,eax
mov eax,@dwFileSize
mov [ebx].dwFilesize,eax
mov [ebx].lpPEHeader,esi
assume ebx:nothing
pop ebx
xor eax,eax
inc eax
ret
FileFormatErr:
invoke MessageBox,hwnd,addr szFileIsNotExe,NULL,MB_ICONINFORMATION
xor eax,eax
ret
@@:
invoke MessageBox,hwnd,addr szOpenFileErr,NULL,MB_ICONINFORMATION
xor eax,eax
ret
LoadAndIsPEFile endp
OpenFileProc proc hwnd
LOCAL @stOF:OPENFILENAME
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hwnd
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov @stOF.lpstrFile,offset szFileName
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_PATHMUSTEXIST or OFN_FILEMUSTEXIST
invoke GetOpenFileName,addr @stOF
test eax,eax
jz @F
push hwnd
call LoadAndIsPEFile ; call function confirm file formart
cmp eax,0h
jz @F
;show filename is TextBox
invoke SetDlgItemText,hwnd,IDC_EDT_FILE,offset szFileName
;show FileHeader information
push hwnd
call showFileHeader
push hwnd
call showNtHeader
;Enalbe Section Button and Data Driaction
invoke GetDlgItem,hwnd,IDC_BTN_SectionTable
invoke EnableWindow,eax,1
invoke GetDlgItem,hwnd,IDC_BTN_IAT
invoke EnableWindow,eax,1
invoke GetDlgItem,hwnd,IDC_BTN_DataDirectory
invoke EnableWindow,eax,1
;invoke MessageBox,hwnd,addr szFileName,addr szFileName,MB_OK
@@:
invoke _UnLoadFile,addr stMapFile
ret
OpenFileProc endp
;----------------------------------dlg proc --------------------------------
dlgProc proc hWnd,Msg,wParam,lParam
mov eax,Msg
cmp eax,WM_CLOSE
jz Exit
cmp eax,WM_INITDIALOG
jz Init
cmp eax,WM_COMMAND
jz Command
jmp N
Init:
invoke LoadIcon,hInstance,ICON_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
jmp H
Command:
mov eax,wParam
cmp eax,IDC_BTN_Exit ;Exit Button Handle
jz Exit
cmp eax,IDC_BTN_OPEN ;Open File Handle
jz OpenF
cmp eax,IDC_BTN_About
jz DlgAbout
cmp eax,IDC_BTN_SectionTable
jz SectionDlg
cmp eax,IDC_BTN_IAT
jz IATDlg
jmp N
IATDlg:
invoke DialogBoxParam,hInstance,IDD_DLG_Import,hWnd,addr ImportProc,NULL
jmp H
SectionDlg:
invoke DialogBoxParam,hInstance,IDD_DLG_Section,hWnd,addr SectionProc,NULL
jmp H
DlgAbout:
invoke DialogBoxParam,hInstance,IDD_DLG_About,hWnd,addr AboutProc,NULL
jmp H
OpenF: ;open file
push hWnd
call OpenFileProc
jmp H
Exit:
Invoke EndDialog,hWnd,NULL
jmp H
H:
xor eax,eax
inc eax
ret
N:
xor eax,eax
ret
dlgProc endp
;----------------------------------program entry ----------------------------
main:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DLG1,NULL,offset dlgProc,NULL
invoke ExitProcess,NULL
end main
.model flat,stdcall
option casemap:none
;Description : PE INFO Tools
;Authors: zhujian
;City: changsha
;date: 2009/1/20
include WINDOWS.INC
include user32.inc
include kernel32.inc
include comdlg32.inc
includelib user32.lib
includelib kernel32.lib
includelib Comdlg32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>Recource ID Const >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
IDD_DLG1 equ 1000
IDC_EDT_FILE equ 1001
IDC_BTN_OPEN equ 1002
IDC_STC1 equ 1003
IDC_EntyPoint equ 1004
IDC_EDT_EntryPoint equ 1005
IDC_EDT_ImageBase equ 1006
IDC_ImageBase equ 1007
IDC_EDT_CodeBase equ 1008
IDC_CodeBase equ 1009
IDC_EDT_DataBase equ 1010
IDC_DataBase equ 1011
IDC_EDT_ImageSize equ 1012
IDC_ImageSize equ 1013
IDC_EDT_HeadersSize equ 1014
IDC_HeadersSize equ 1015
IDC_EDT1 equ 1016
IDC_SectionAlig equ 1017
IDC_EDT_FileAligment equ 1018
IDC_FileAligment equ 1019
IDC_EDT_Subsystem equ 1020
IDC_Subsystem equ 1021
IDC_EDT_CheckSum equ 1022
IDC_CheckSum equ 1023
IDC_EDT_DllFlags equ 1024
IDC_STC2 equ 1026
IDC_Machine equ 1027
IDC_EDT_Machine equ 1028
IDC_EDT_NumberOfSections equ 1029
IDC_NumberOfSections equ 1030
IDC_EDT_TimeDateStamp equ 1031
IDC_TimeDateStamp equ 1032
IDC_EDT_PointerOfSymbol equ 1033
IDC_PointerToSymbol equ 1034
IDC_EDT_NumberOfSymbols equ 1035
IDC_NumberOfSymbols equ 1036
IDC_EDT_SizeOfOptional equ 1037
IDC_SizeOfOptional equ 1038
IDC_EDT_Characteristics equ 1039
IDC_Characteristics equ 1040
IDC_STC3 equ 1041
IDC_BTN_SectionTable equ 1042
IDC_BTN_DataDirectory equ 1043
IDC_BTN_About equ 1044
IDC_BTN_Exit equ 1045
IDD_DLG_About equ 1100
IDD_DLG_Section equ 1200
IDC_BTN_IAT equ 1046
IDD_DLG_Import equ 1300
ICON_MAIN equ 100
_MAPFILE_STRUCT STRUCT
hFile DWORD ?
hMapFile DWORD ?
ImageBase DWORD ?
lpPEHeader DWORD ?
dwFilesize DWORD ?
_MAPFILE_STRUCT ENDS
public stMapFile
.const
szFilter db 'PE Files(*.exe;*.dll)',0,'*.exe;*.dll',0,'All Files(*.*)',0,'*.*',0,0
szOpenFileErr db 'Open File Error',0
szFileIsNotExe db 'File Is Not Exe',0
szFmtHex1 db "%04x",0
szFmtHex db "%08lx",0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Data Segment>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
szFileName db MAX_PATH dup(?)
hFile dd ?
stMapFile _MAPFILE_STRUCT<?,?,?,?,?>
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>code Segment>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
AboutProc proto:DWORD,:DWORD,:DWORD,:DWORD
SectionProc proto:DWORD,:DWORD,:DWORD,:DWORD
ImportProc proto:DWORD,:DWORD,:DWORD,:DWORD
showNtHeader proc uses esi,hwnd:DWORD
local @szbuffer[64]:byte
mov esi,offset stMapFile
assume esi:ptr _MAPFILE_STRUCT
mov ebx,[esi].lpPEHeader
mov esi,ebx
assume esi:ptr IMAGE_NT_HEADERS
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.AddressOfEntryPoint
invoke SetDlgItemText,hwnd,IDC_EDT_EntryPoint,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.ImageBase
invoke SetDlgItemText,hwnd,IDC_EDT_ImageBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfCode
invoke SetDlgItemText,hwnd,IDC_EDT_CodeBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.BaseOfData
invoke SetDlgItemText,hwnd,IDC_EDT_DataBase,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfImage
invoke SetDlgItemText,hwnd,IDC_EDT_ImageSize,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SizeOfHeaders
invoke SetDlgItemText,hwnd,IDC_EDT_HeadersSize,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.FileAlignment
invoke SetDlgItemText,hwnd,IDC_EDT_FileAligment,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.SectionAlignment
invoke SetDlgItemText,hwnd,IDC_EDT1,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].OptionalHeader.Subsystem
invoke SetDlgItemText,hwnd,IDC_EDT_Subsystem,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.CheckSum
invoke SetDlgItemText,hwnd,IDC_EDT_CheckSum,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].OptionalHeader.LoaderFlags
invoke SetDlgItemText,hwnd,IDC_EDT_DllFlags,addr @szbuffer
assume esi:nothing
ret
showNtHeader endp
showFileHeader proc uses esi, hwnd:DWORD
local @szbuffer[64]:byte
mov esi,offset stMapFile
assume esi:ptr _MAPFILE_STRUCT
mov ebx,[esi].lpPEHeader
mov esi,ebx
assume esi:ptr IMAGE_NT_HEADERS
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Machine
invoke SetDlgItemText,hwnd,IDC_EDT_Machine,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.NumberOfSections
invoke SetDlgItemText,hwnd,IDC_EDT_NumberOfSections,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.TimeDateStamp
invoke SetDlgItemText,hwnd,IDC_EDT_TimeDateStamp,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.PointerToSymbolTable
invoke SetDlgItemText,hwnd,IDC_EDT_PointerOfSymbol,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex,[esi].FileHeader.NumberOfSymbols
invoke SetDlgItemText,hwnd,IDC_EDT_NumberOfSymbols,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.SizeOfOptionalHeader
invoke SetDlgItemText,hwnd,IDC_EDT_SizeOfOptional,addr @szbuffer
invoke wsprintf,addr @szbuffer,addr szFmtHex1,[esi].FileHeader.Characteristics
invoke SetDlgItemText,hwnd,IDC_EDT_Characteristics,addr @szbuffer
assume esi:nothing
ret
showFileHeader endp
_UnLoadFile proc pstMapFile
push ebx
xor ebx,ebx
mov ebx,pstMapFile
assume ebx:ptr _MAPFILE_STRUCT
.if [ebx].ImageBase
invoke CloseHandle,[ebx].ImageBase
.endif
.if [ebx].hMapFile
invoke CloseHandle,[ebx].hMapFile
.endif
.if [ebx].hFile
invoke CloseHandle,[ebx].hFile
.endif
assume ebx:nothing
pop ebx
ret
_UnLoadFile endp
LoadAndIsPEFile proc uses esi,hwnd
LOCAL @dwFileSize:DWORD
LOCAL @hMapFile:DWORD
LOCAL @lpImageBase:DWORD
invoke CreateFile,addr szFileName,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
cmp eax,INVALID_HANDLE_VALUE
jz @F
mov hFile,eax
invoke GetFileSize,hFile,NULL
mov @dwFileSize,eax
test eax,eax
jz @F
invoke CreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,NULL
test eax,eax
jz @F
mov @hMapFile,eax
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
test eax,eax
jz @F
mov @lpImageBase,eax ;Get Image Base Address values
;Is PE Format ?
mov esi,@lpImageBase
assume esi:ptr IMAGE_DOS_HEADER
cmp [esi].e_magic,IMAGE_DOS_SIGNATURE
jnz FileFormatErr
add esi,[esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
cmp [esi].Signature,IMAGE_NT_SIGNATURE
jnz FileFormatErr
;set _MAPFILE_STRUCT value
push ebx
xor ebx,ebx
mov ebx,offset stMapFile
assume ebx:ptr _MAPFILE_STRUCT
mov eax,hFile
mov [ebx].hFile,eax
mov eax,@hMapFile
mov [ebx].hMapFile,eax
mov eax,@lpImageBase
mov [ebx].ImageBase,eax
mov eax,@dwFileSize
mov [ebx].dwFilesize,eax
mov [ebx].lpPEHeader,esi
assume ebx:nothing
pop ebx
xor eax,eax
inc eax
ret
FileFormatErr:
invoke MessageBox,hwnd,addr szFileIsNotExe,NULL,MB_ICONINFORMATION
xor eax,eax
ret
@@:
invoke MessageBox,hwnd,addr szOpenFileErr,NULL,MB_ICONINFORMATION
xor eax,eax
ret
LoadAndIsPEFile endp
OpenFileProc proc hwnd
LOCAL @stOF:OPENFILENAME
invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hwnd
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
mov @stOF.lpstrFile,offset szFileName
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_PATHMUSTEXIST or OFN_FILEMUSTEXIST
invoke GetOpenFileName,addr @stOF
test eax,eax
jz @F
push hwnd
call LoadAndIsPEFile ; call function confirm file formart
cmp eax,0h
jz @F
;show filename is TextBox
invoke SetDlgItemText,hwnd,IDC_EDT_FILE,offset szFileName
;show FileHeader information
push hwnd
call showFileHeader
push hwnd
call showNtHeader
;Enalbe Section Button and Data Driaction
invoke GetDlgItem,hwnd,IDC_BTN_SectionTable
invoke EnableWindow,eax,1
invoke GetDlgItem,hwnd,IDC_BTN_IAT
invoke EnableWindow,eax,1
invoke GetDlgItem,hwnd,IDC_BTN_DataDirectory
invoke EnableWindow,eax,1
;invoke MessageBox,hwnd,addr szFileName,addr szFileName,MB_OK
@@:
invoke _UnLoadFile,addr stMapFile
ret
OpenFileProc endp
;----------------------------------dlg proc --------------------------------
dlgProc proc hWnd,Msg,wParam,lParam
mov eax,Msg
cmp eax,WM_CLOSE
jz Exit
cmp eax,WM_INITDIALOG
jz Init
cmp eax,WM_COMMAND
jz Command
jmp N
Init:
invoke LoadIcon,hInstance,ICON_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
jmp H
Command:
mov eax,wParam
cmp eax,IDC_BTN_Exit ;Exit Button Handle
jz Exit
cmp eax,IDC_BTN_OPEN ;Open File Handle
jz OpenF
cmp eax,IDC_BTN_About
jz DlgAbout
cmp eax,IDC_BTN_SectionTable
jz SectionDlg
cmp eax,IDC_BTN_IAT
jz IATDlg
jmp N
IATDlg:
invoke DialogBoxParam,hInstance,IDD_DLG_Import,hWnd,addr ImportProc,NULL
jmp H
SectionDlg:
invoke DialogBoxParam,hInstance,IDD_DLG_Section,hWnd,addr SectionProc,NULL
jmp H
DlgAbout:
invoke DialogBoxParam,hInstance,IDD_DLG_About,hWnd,addr AboutProc,NULL
jmp H
OpenF: ;open file
push hWnd
call OpenFileProc
jmp H
Exit:
Invoke EndDialog,hWnd,NULL
jmp H
H:
xor eax,eax
inc eax
ret
N:
xor eax,eax
ret
dlgProc endp
;----------------------------------program entry ----------------------------
main:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DLG1,NULL,offset dlgProc,NULL
invoke ExitProcess,NULL
end main
节表界面 (Section.asm )
.386
.model flat,stdcall
option casemap:none
;Description : PE INFO Tools
;FileDescriptin : Section Dialog File
;Authors: zhujian
;City: changsha
;date: 2009/1/21
include WINDOWS.INC
include user32.inc
include kernel32.inc
include comctl32.inc
includelib user32.lib
includelib kernel32.lib
includelib comctl32.lib
IDC_LSV_Section equ 1201
_MAPFILE_STRUCT STRUCT
hFile DWORD ?
hMapFile DWORD ?
ImageBase DWORD ?
lpPEHeader DWORD ?
dwFilesize DWORD ?
_MAPFILE_STRUCT ENDS
EXTERN stMapFile:_MAPFILE_STRUCT
.const
ColumTitle1 db 'Name',0
ColumTitle2 db 'Virual Address',0
ColumTitle3 db 'Virual Size',0
ColumTitle4 db 'Raw Address',0
ColumTitle5 db 'Raw Size',0
ColumTitle6 db 'Characteristics',0
szFmtHex1 db "%04x",0
szFmtHex db "%08lx",0
.code
showSectionInfo proc hwnd
local @stlvItem:LVITEM
local @szName[16]:byte,@szbuffer[1024]:byte
LOCAL @i
pushad
mov edi,stMapFile.lpPEHeader
assume edi:ptr IMAGE_NT_HEADERS
movzx ecx,[edi].FileHeader.NumberOfSections
add edi,sizeof IMAGE_NT_HEADERS
assume edi:ptr IMAGE_SECTION_HEADER
mov @i , 0
L1:
push ecx
invoke RtlZeroMemory,addr @szName,sizeof @szName
push edi
push esi
mov esi,edi
lea edi,@szName
mov ecx,8
cld ; esi edi dirction
L2:
lodsb
test al,al
jnz @F
mov al,' '
@@:
stosb
loop L2
pop esi
pop edi
invoke RtlZeroMemory,addr @stlvItem,sizeof @stlvItem
;show name column
mov @stlvItem.imask,LVIF_TEXT
push @i
pop @stlvItem.iItem
lea ebx,@szName
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,0
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_INSERTITEM,0,addr @stlvItem
;show virtual Size column
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].VirtualAddress
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,1
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].Misc.VirtualSize
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,2
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].PointerToRawData
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,3
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].SizeOfRawData
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,4
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].Characteristics
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,5
invoke SendDlgItemMessage,hwnd,IDC_LSV_Section,LVM_SETITEM,0,addr @stlvItem
inc @stlvItem.iItem
inc @i
add edi,sizeof IMAGE_SECTION_HEADER
pop ecx
dec ecx
cmp ecx,0
jg L1
popad
ret
showSectionInfo endp
InitSectionList proc hWnd
local @stlvColumn:LVCOLUMN,@hList:DWORD
invoke RtlZeroMemory,addr @stlvColumn,sizeof @stlvColumn
invoke GetDlgItem,hWnd,IDC_LSV_Section
mov @hList,eax
invoke SendMessage,@hList,LVM_SETEXTENDEDLISTVIEWSTYLE,NULL,LVS_EX_FULLROWSELECT
mov @stlvColumn.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH or LVCF_SUBITEM
mov @stlvColumn.fmt,LVCFMT_LEFT
mov @stlvColumn.iSubItem,0
mov @stlvColumn.lx,100
mov @stlvColumn.pszText,OFFSET ColumTitle1
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,0,addr @stlvColumn
mov @stlvColumn.fmt,LVCFMT_RIGHT
mov @stlvColumn.lx,100
mov @stlvColumn.pszText,OFFSET ColumTitle2
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,1,addr @stlvColumn
mov @stlvColumn.lx,100
mov @stlvColumn.pszText,OFFSET ColumTitle3
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,2,addr @stlvColumn
mov @stlvColumn.lx,100
mov @stlvColumn.pszText,OFFSET ColumTitle4
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,3,addr @stlvColumn
mov @stlvColumn.lx,100
mov @stlvColumn.pszText,OFFSET ColumTitle5
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,4,addr @stlvColumn
mov @stlvColumn.lx,110
mov @stlvColumn.pszText,OFFSET ColumTitle6
invoke SendDlgItemMessage,hWnd,IDC_LSV_Section,LVM_INSERTCOLUMN,5,addr @stlvColumn
ret
InitSectionList endp
SectionProc proc hWnd,Msg,wParam,lParam
mov eax,Msg
cmp eax,WM_CLOSE
jz EXIT
cmp eax,WM_INITDIALOG
jz INIT
jmp @F
EXIT:
invoke EndDialog,hWnd,NULL
xor eax,eax
inc eax
ret
INIT:
;show section data
push hWnd
call InitSectionList
push hWnd
call showSectionInfo
xor eax,eax
inc eax
ret
@@: xor eax,eax
ret
SectionProc endp
end
导入表界面 (Import.asm )
.386
.model flat,stdcall
option casemap:none
;Description : PE INFO Tools
;FileDescriptin : Import Table File
;Authors: zhujian
;City: changsha
;date: 2009/1/22
include WINDOWS.INC
include user32.inc
include kernel32.inc
include comctl32.inc
includelib user32.lib
includelib kernel32.lib
includelib comctl32.lib
_MAPFILE_STRUCT STRUCT
hFile DWORD ?
hMapFile DWORD ?
ImageBase DWORD ?
lpPEHeader DWORD ?
dwFilesize DWORD ?
_MAPFILE_STRUCT ENDS
IDC_LSV_Fun equ 1302
IDC_LSV_IDD equ 1301
EXTERN stMapFile:_MAPFILE_STRUCT
.const
COL1 db 'DLLName',0
COL2 db 'OriginalFirstThunk',0
COL3 db 'TimeDateStamp',0
COL4 db 'ForwarderChain',0
COL5 db 'Name',0
COL6 db 'FirstTrunk',0
;----------------------------------
fCol1 db 'ThrunkRva',0
fCol2 db 'ThrunkOffset',0
fCol3 db 'ThrunkValue',0
fCol4 db 'Hint',0
fCol5 db 'ApiName',0
HitTemp db "%04lx",0
NameTemplate db "%s",0
OrdinalTemplate db "%u (ord.)",0
szFmtHex db "%08lx",0
szIATerr db 'IAT error',0
.code
RvaToVa proc _lpPEHeader,_dwRVA
local @Return:DWORD
pushad
mov esi,_lpPEHeader
assume esi:ptr IMAGE_NT_HEADERS
mov edi,_dwRVA
mov edx,esi
add edx,sizeof IMAGE_NT_HEADERS
assume edx:ptr IMAGE_SECTION_HEADER
movzx ecx,[esi].FileHeader.NumberOfSections
.repeat
mov eax,[edx].VirtualAddress
add eax,[edx].SizeOfRawData ;eax = Section End
.if (edi >= [edx].VirtualAddress) && (edi < eax)
mov eax,[edx].VirtualAddress ;eax= Section start
sub edi,eax ;edi = offset in section
mov eax,[edx].PointerToRawData
add eax,edi ;eax = file offset
jmp @F
.endif
add edx,sizeof IMAGE_SECTION_HEADER
.untilcxz
assume edx:nothing
assume esi:nothing
mov eax,-1
@@:
mov @Return,eax
popad
mov eax,@Return
ret
RvaToVa endp
showFun proc hwnd,idx
local @stlvItem:LVITEM
LOCAL @szbuffer[1024]:BYTE
LOCAL @hList
LOCAL @lpThunkRVA:dword
pushad
invoke GetDlgItem,hwnd,IDC_LSV_Fun
mov @hList,eax
invoke SendMessage,@hList,LVM_DELETEALLITEMS ,0,0
mov edi,stMapFile.lpPEHeader
assume edi:ptr IMAGE_NT_HEADERS
mov eax,[edi].OptionalHeader.DataDirectory[8].VirtualAddress
test eax,eax
jz IATerr
invoke RvaToVa,stMapFile.lpPEHeader,eax ;change file offset address
add eax,stMapFile.ImageBase
mov edi,eax ;idi file offset
mov eax,sizeof IMAGE_IMPORT_DESCRIPTOR
mul idx
add edi,eax
assume edi:ptr IMAGE_IMPORT_DESCRIPTOR
mov ebx,[edi].OriginalFirstThunk
test ebx,ebx
jnz FirstT
mov ebx,[edi].FirstThunk
FirstT:
mov @lpThunkRVA,ebx
invoke RvaToVa,stMapFile.lpPEHeader,ebx
add eax,stMapFile.ImageBase
mov edi,eax
invoke RtlZeroMemory,addr @stlvItem,sizeof @stlvItem
mov @stlvItem.imask,LVIF_TEXT
mov @stlvItem.iItem,0
@@:
mov eax,dword ptr [edi] ;edi is rva
test eax,eax
jz @F
mov ebx,edi
;sub ebx,stMapFile.ImageBase
push edx
invoke wsprintf,addr @szbuffer, offset szFmtHex,@lpThunkRVA ;rva
lea edx,@szbuffer ;format
mov @stlvItem.pszText,edx
mov @stlvItem.iSubItem,0
pop edx
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_INSERTITEM,0,addr @stlvItem
push edx
invoke RvaToVa,stMapFile.lpPEHeader,@lpThunkRVA
invoke wsprintf,addr @szbuffer, offset szFmtHex,eax
lea edx,@szbuffer
mov @stlvItem.pszText,edx
mov @stlvItem.iSubItem,1
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_SETITEM,0,addr @stlvItem
pop edx
push edx
;invoke RvaToVa,stMapFile.lpPEHeader,dword ptr[edi]
invoke wsprintf,addr @szbuffer, offset szFmtHex,dword ptr[edi];eax
lea edx,@szbuffer
mov @stlvItem.pszText,edx
mov @stlvItem.iSubItem,2
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_SETITEM,0,addr @stlvItem
pop edx
test dword ptr [edi],IMAGE_ORDINAL_FLAG32
jnz ImportByOrdinal
invoke RvaToVa,stMapFile.lpPEHeader,dword ptr[edi]
mov edx,eax
add edx,stMapFile.ImageBase
push edx
assume edx:ptr IMAGE_IMPORT_BY_NAME
mov cx, [edx].Hint
movzx ecx,cx
invoke wsprintf,addr @szbuffer,addr HitTemp,ecx
lea edx,@szbuffer
mov @stlvItem.pszText,edx
mov @stlvItem.iSubItem,3
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_SETITEM,0,addr @stlvItem
pop edx
push edx
invoke wsprintf,addr @szbuffer,addr NameTemplate,addr [edx].Name1
lea eax,@szbuffer
mov @stlvItem.pszText,eax
mov @stlvItem.iSubItem,4
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_SETITEM,0,addr @stlvItem
pop edx
jmp lst
ImportByOrdinal:
mov edx,dword ptr [edi]
and edx,0FFFFh
invoke wsprintf,addr @szbuffer,addr OrdinalTemplate,edx
lea eax,@szbuffer
mov @stlvItem.pszText,eax
mov @stlvItem.iSubItem,4
invoke SendDlgItemMessage,hwnd,IDC_LSV_Fun,LVM_SETITEM,0,addr @stlvItem
lst:
inc @stlvItem.iItem
add @lpThunkRVA,4
add edi,4
jmp @B
@@:
popad
ret
IATerr:
invoke MessageBox,hwnd,addr szIATerr ,NULL,MB_ICONINFORMATION
ret
showFun endp
showIATIDD proc hwnd
local @stlvItem:LVITEM
LOCAL @szbuffer[1024]:BYTE
LOCAL @i
pushad
mov edi,stMapFile.lpPEHeader
assume edi:ptr IMAGE_NT_HEADERS
mov eax,[edi].OptionalHeader.DataDirectory[8].VirtualAddress
test eax,eax
jz IATerr
invoke RvaToVa,stMapFile.lpPEHeader,eax ;change file offset address
add eax,stMapFile.ImageBase
mov edi,eax
assume edi:ptr IMAGE_IMPORT_DESCRIPTOR
mov @i,0
@@:
mov eax,[edi].FirstThunk
test eax,eax
jz @F
invoke RtlZeroMemory,addr @stlvItem,sizeof @stlvItem
mov @stlvItem.imask,LVIF_TEXT
push @i
pop @stlvItem.iItem
invoke RvaToVa,stMapFile.lpPEHeader,[edi].Name1
add eax,stMapFile.ImageBase
mov edx,eax
mov @stlvItem.pszText,edx
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_INSERTITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].OriginalFirstThunk
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,1
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].TimeDateStamp
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,2
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].ForwarderChain
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,3
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].Name1
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,4
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_SETITEM,0,addr @stlvItem
invoke wsprintf,addr @szbuffer, offset szFmtHex,[edi].FirstThunk
lea ebx,@szbuffer
mov @stlvItem.pszText,ebx
mov @stlvItem.iSubItem,5
invoke SendDlgItemMessage,hwnd,IDC_LSV_IDD,LVM_SETITEM,0,addr @stlvItem
inc @stlvItem.iItem
inc @i
add edi,sizeof IMAGE_IMPORT_DESCRIPTOR
jmp @B
@@:
popad
ret
IATerr:
invoke MessageBox,hwnd,addr szIATerr ,NULL,MB_ICONINFORMATION
ret
showIATIDD endp
InitImportList2 proc hWnd
local @stlvColumn:LVCOLUMN,@hListDll:DWORD
invoke RtlZeroMemory,addr @stlvColumn,sizeof @stlvColumn
invoke GetDlgItem,hWnd,IDC_LSV_Fun
mov @hListDll,eax
invoke SendMessage,eax,LVM_SETEXTENDEDLISTVIEWSTYLE,NULL,LVS_EX_FULLROWSELECT
;fill LVCOLUMN DATA
mov @stlvColumn.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH or LVCF_SUBITEM
mov @stlvColumn.fmt,LVCFMT_LEFT
mov @stlvColumn.pszText,offset fCol1
mov @stlvColumn.lx,100
mov @stlvColumn.iSubItem,0
invoke SendDlgItemMessage,hWnd,IDC_LSV_Fun,LVM_INSERTCOLUMN,0,addr @stlvColumn
mov @stlvColumn.pszText,offset fCol2
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_Fun,LVM_INSERTCOLUMN,1,addr @stlvColumn
mov @stlvColumn.pszText,offset fCol3
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_Fun,LVM_INSERTCOLUMN,2,addr @stlvColumn
mov @stlvColumn.pszText,offset fCol4
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_Fun,LVM_INSERTCOLUMN,3,addr @stlvColumn
mov @stlvColumn.pszText,offset fCol5
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_Fun,LVM_INSERTCOLUMN,4,addr @stlvColumn
ret
InitImportList2 endp
InitImportList proc hWnd
local @stlvColumn:LVCOLUMN,@hListDll:DWORD
invoke RtlZeroMemory,addr @stlvColumn,sizeof @stlvColumn
invoke GetDlgItem,hWnd,IDC_LSV_IDD
mov @hListDll,eax
invoke SendMessage,eax,LVM_SETEXTENDEDLISTVIEWSTYLE,NULL,LVS_EX_FULLROWSELECT
;fill LVCOLUMN DATA
mov @stlvColumn.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH or LVCF_SUBITEM
mov @stlvColumn.fmt,LVCFMT_LEFT
mov @stlvColumn.pszText,offset COL1
mov @stlvColumn.lx,100
mov @stlvColumn.iSubItem,0
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,0,addr @stlvColumn
mov @stlvColumn.pszText,offset COL2
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,1,addr @stlvColumn
mov @stlvColumn.pszText,offset COL3
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,2,addr @stlvColumn
mov @stlvColumn.pszText,offset COL4
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,3,addr @stlvColumn
mov @stlvColumn.pszText,offset COL5
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,4,addr @stlvColumn
mov @stlvColumn.pszText,offset COL6
mov @stlvColumn.lx,100
invoke SendDlgItemMessage,hWnd,IDC_LSV_IDD,LVM_INSERTCOLUMN,5,addr @stlvColumn
ret
InitImportList endp
ImportProc proc hWnd,Msg,wParam,lParam
mov eax,Msg
cmp eax,WM_CLOSE
jz EXIT
cmp eax,WM_INITDIALOG
jz INIT
cmp eax,WM_NOTIFY
jz Notify
jmp @F
Notify:
pushad
mov eax,wParam
mov ebx,lParam
.if ax == IDC_LSV_IDD
assume ebx:ptr NMHDR
.if [ebx].code == LVN_ITEMCHANGED
assume ebx:ptr NM_LISTVIEW
.if [ebx].uNewState
invoke showFun,hWnd,[ebx].iItem
.endif
.endif
.endif
assume ebx:nothing
popad
ret
EXIT:
invoke EndDialog,hWnd,NULL
xor eax,eax
inc eax
ret
INIT:
;show section data
push hWnd
call InitImportList
push hWnd
call InitImportList2
push hWnd
call showIATIDD
xor eax,eax
inc eax
ret
@@: xor eax,eax
ret
ImportProc endp
end
关于界面 (About.asm)
.386
.model flat,stdcall
option casemap:none
;Description : PE INFO Tools
;FileDescriptin : About Dialog File
;Authors: zhujian
;City: changsha
;date: 2009/1/21
include WINDOWS.INC
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
.code
AboutProc proc hWnd,Msg,wParam,lParam
mov eax,Msg
cmp eax,WM_CLOSE
jnz s
invoke EndDialog,hWnd,NULL
xor eax,eax
inc eax
ret
s: xor eax,eax
ret
AboutProc endp
end
MAKEFILE 文件
EXE = PEInfo.exe
OBJS = PEInfo.obj About.obj Section.obj Import.obj
RES = dlgMain.res
LINK_FLAG = /subsystem:windows
ML_FLAG = /c /coff
$(EXE):$(OBJS) $(RES)
Link $(LINK_FLAG) $(OBJS) $(RES)
.asm.obj:
Ml $(ML_FLAG) $<
.rc.res:
rc $<
clean:
del *.obj
del *.res
OBJS = PEInfo.obj About.obj Section.obj Import.obj
RES = dlgMain.res
LINK_FLAG = /subsystem:windows
ML_FLAG = /c /coff
$(EXE):$(OBJS) $(RES)
Link $(LINK_FLAG) $(OBJS) $(RES)
.asm.obj:
Ml $(ML_FLAG) $<
.rc.res:
rc $<
clean:
del *.obj
del *.res
参考《加密技术内幕》和Herx兄部分代码,难免不足之处,请见谅。
作者:朱剑