• Win32 遍历导出表


      1 .386
    2 .model flat,stdcall
    3 option casemap:none
    4
    5 include Windows.inc
    6 include User32.inc
    7 include Kernel32.inc
    8 includelib User32.lib
    9 includelib Kernel32.lib
    10
    11 .data
    12 hBase dd ?
    13 lpszFilePath db 'D:\asm\SpiShow.dll',0
    14 Msg db '%08x %08x %s',0
    15 .code
    16 ;================================================
    17 ;函数:映射文件到内存
    18 ;返回:文件映射地址
    19 ;================================================
    20 _OpenFile proc _lpFilePath
    21 local @hFile
    22 local @Ret
    23 local @hMap
    24 pushad
    25 invoke CreateFile,offset lpszFilePath,GENERIC_READ,\
    26 FILE_SHARE_READ,\
    27 NULL,OPEN_EXISTING,\
    28 FILE_ATTRIBUTE_ARCHIVE,\
    29 NULL
    30 .if !eax
    31 jmp _Ret
    32 .endif
    33 mov @hFile,eax
    34 invoke CreateFileMapping,@hFile,NULL,PAGE_READONLY,\
    35 0,0,NULL
    36 mov @hMap,eax
    37 invoke MapViewOfFile,@hMap,FILE_MAP_READ,0,0,0
    38 mov @Ret,eax
    39 invoke CloseHandle,@hFile
    40 invoke CloseHandle,@hMap
    41 _Ret:
    42 popad
    43 mov eax,@Ret
    44 ret
    45 _OpenFile endp
    46 ;================================================
    47 ;函数:虚拟内存地址转换为文件地址
    48 ;返回:文件地址
    49 ;================================================
    50 _RVAToOffset proc _lpFileHead,_dwRVA
    51 local @dwReturn
    52 pushad
    53
    54 mov esi,_lpFileHead
    55 assume esi:ptr IMAGE_DOS_HEADER ;获取DOS头
    56
    57 add esi,[esi].e_lfanew
    58 assume esi:ptr IMAGE_NT_HEADERS ;获取NT头
    59
    60 mov edi,_dwRVA
    61 mov edx,esi
    62 add edx,sizeof IMAGE_NT_HEADERS ;获取到节表
    63 assume edx:ptr IMAGE_SECTION_HEADER
    64
    65 movzx ecx,[esi].FileHeader.NumberOfSections ;获取到节个数
    66 .repeat
    67
    68 mov eax,[edx].VirtualAddress
    69 add eax,[edx].SizeOfRawData
    70 .if ( edi >=[edx].VirtualAddress ) && (edi < eax)
    71 mov eax,[edx].VirtualAddress
    72 sub edi,eax
    73 mov eax,[edx].PointerToRawData
    74 add eax,edi
    75 jmp @F
    76 .endif
    77 add edx,sizeof IMAGE_SECTION_HEADER
    78 .untilcxz
    79 assume esi: nothing
    80 assume edx: nothing
    81 mov eax ,-1
    82 @@:
    83 mov @dwReturn ,eax
    84 popad
    85 mov eax,@dwReturn
    86 ret
    87 _RVAToOffset endp
    88 ;================================================
    89 ;函数:映射文件到内存
    90 ;返回:文件映射地址
    91 ;================================================
    92 _GetExportInfo proc _dwModule
    93 local @FuncNumber
    94 local @Index
    95 local @lpAddressName,@lpAddressNameOrdinals
    96 local @szBuf[1024]:byte
    97
    98 pushad
    99 mov esi,_dwModule
    100 add esi,[esi+3ch]
    101 assume esi: ptr IMAGE_NT_HEADERS
    102 mov eax,[esi].OptionalHeader.DataDirectory[0].VirtualAddress
    103 invoke _RVAToOffset,_dwModule,eax ;返回Export所在文件地址
    104 add eax,_dwModule
    105 mov edi,eax
    106 assume edi: ptr IMAGE_EXPORT_DIRECTORY
    107 invoke _RVAToOffset,_dwModule,[edi].nName
    108 add eax,_dwModule
    109 mov ecx,eax
    110 invoke _RVAToOffset,_dwModule,[edi].AddressOfNames
    111 add eax,_dwModule
    112 mov @lpAddressName,eax
    113 invoke _RVAToOffset,_dwModule,[edi].AddressOfNameOrdinals
    114 add eax,_dwModule
    115 mov @lpAddressNameOrdinals,eax
    116 invoke _RVAToOffset,_dwModule,[edi].AddressOfFunctions
    117 add eax,_dwModule
    118 mov esi,eax ;esi 导出地址表
    119
    120 mov ecx,[edi].NumberOfFunctions
    121 mov @Index,0
    122 @@:
    123 pushad
    124 mov eax,@Index
    125 push edi
    126 mov ecx,[edi].NumberOfNames
    127 cld
    128 mov edi,@lpAddressNameOrdinals
    129 repnz scasw
    130 .if ZERO?
    131 sub edi,@lpAddressNameOrdinals
    132 sub edi,2
    133 shl edi,1
    134 add edi,@lpAddressName
    135 invoke _RVAToOffset,_dwModule,dword ptr [edi]
    136 add eax,_dwModule
    137
    138 .else
    139 .endif
    140 pop edi
    141 mov ecx,@Index
    142 add ecx,[edi].nBase
    143 invoke wsprintf,addr @szBuf,addr Msg,ecx,dword ptr [esi],eax
    144 invoke MessageBox,NULL,addr @szBuf,NULL,MB_OK
    145 popad
    146 add esi,4
    147 inc @Index
    148 loop @B
    149 _Ret:
    150 popad
    151 ret
    152 _GetExportInfo endp
    153 start:
    154 invoke _OpenFile,offset lpszFilePath
    155 mov hBase,eax
    156 invoke _GetExportInfo,hBase
    157 invoke ExitProcess,NULL
    158 end start
    159
  • 相关阅读:
    c#/asp.net实现炫酷仿调色板/颜色选择器功能
    c#程序员机试题
    如何定义最佳 Cache-Control 策略
    HTTP 缓存之ETag 和Cache-Control的使用方法介绍
    ASP.NET MVC 提高运行速度的几种性能优化方法
    c#FTP操作类,包含上传,下载,删除,获取FTP文件列表文件夹等Hhelp类
    C#实现GridView导出Excel
    C#文件上传类,文件流,字节数组等
    c#XML操作类的方法总结
    c#实现list,dataset,DataTable转换成josn等各种转换方法总和
  • 原文地址:https://www.cnblogs.com/dependence/p/2400534.html
Copyright © 2020-2023  润新知