Уроки Iczelion'а



Урок 7. Таблица экспорта - часть 7


.endif ret ShowExportFunctions endp

AppendText proc hDlg:DWORD,pText:DWORD invoke SendDlgItemMessage,hDlg,IDC_EDIT,EM_REPLACESEL,0,pText invoke SendDlgItemMessage,hDlg,IDC_EDIT,EM_REPLACESEL,0,addr CRLF invoke SendDlgItemMessage,hDlg,IDC_EDIT,EM_SETSEL,-1,0 ret AppendText endp

RVAToFileMap PROC uses edi esi edx ecx pFileMap:DWORD,RVA:DWORD mov esi,pFileMap assume esi:ptr IMAGE_DOS_HEADER add esi,[esi].e_lfanew assume esi:ptr IMAGE_NT_HEADERS mov edi,RVA ; edi == RVA mov edx,esi add edx,sizeof IMAGE_NT_HEADERS mov cx,[esi].FileHeader.NumberOfSections movzx ecx,cx assume edx:ptr IMAGE_SECTION_HEADER .while ecx>0 .if edi>=[edx].VirtualAddress mov eax,[edx].VirtualAddress add eax,[edx].SizeOfRawData .if edi < eax mov eax,[edx].VirtualAddress sub edi,eax mov eax,[edx].PointerToRawData add eax,edi add eax,pFileMap ret .endif .endif add edx,sizeof IMAGE_SECTION_HEADER dec ecx .endw assume edx:nothing assume esi:nothing mov eax,edi ret RVAToFileMap endp

ShowTheFunctions proc uses esi ecx ebx hDlg:DWORD, pNTHdr:DWORD LOCAL temp[512]:BYTE LOCAL NumberOfNames:DWORD LOCAL Base:DWORD

mov edi,pNTHdr assume edi:ptr IMAGE_NT_HEADERS mov edi, [edi].OptionalHeader.DataDirectory.VirtualAddress .if edi==0 invoke MessageBox,0, addr NoExportTable,addr AppName,MB_OK+MB_ICONERROR ret .endif invoke SetDlgItemText,hDlg,IDC_EDIT,0 invoke AppendText,hDlg,addr buffer invoke RVAToFileMap,pMapping,edi mov edi,eax assume edi:ptr IMAGE_EXPORT_DIRECTORY mov eax,[edi].NumberOfFunctions invoke RVAToFileMap, pMapping,[edi].nName invoke wsprintf, addr temp,addr ExportTable, eax, [edi].nBase, [edi].NumberOfFunctions, [edi].NumberOfNames, [edi].AddressOfFunctions, [edi].AddressOfNames, [edi].AddressOfNameOrdinals invoke AppendText,hDlg,addr temp invoke AppendText,hDlg,addr Header push [edi].NumberOfNames pop NumberOfNames push [edi].nBase pop Base invoke RVAToFileMap,pMapping,[edi].AddressOfNames mov esi,eax invoke RVAToFileMap,pMapping,[edi].AddressOfNameOrdinals mov ebx,eax invoke RVAToFileMap,pMapping,[edi].AddressOfFunctions mov edi,eax .while NumberOfNames>0 invoke RVAToFileMap,pMapping,dword ptr [esi] mov dx,[ebx] movzx edx,dx mov ecx,edx shl edx,2 add edx,edi add ecx,Base invoke wsprintf, addr temp,addr template,dword ptr [edx],ecx,eax invoke AppendText,hDlg,addr temp dec NumberOfNames add esi,4 add ebx,2 .endw ret




Содержание  Назад  Вперед