2016-11-16 16:29:07
主程序代码 pedump.c
1 #include <windows.h> 2 #include <Richedit.h> 3 #include "resource.h" 4 5 6 HINSTANCE hInstance; 7 8 DWORD dwStop; 9 HWND hWinEdit; //富文本框句柄 10 11 12 /* 13 初始化窗口程序 14 */ 15 void _Init(HWND hWinMain) 16 { 17 HICON hIcon; 18 CHARFORMAT stCf; 19 TCHAR szFont[] = TEXT("宋体"); 20 21 22 hWinEdit = GetDlgItem(hWinMain, IDC_INFO); 23 hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(ICO_MAIN)); 24 SendMessage(hWinMain, WM_SETICON, ICON_BIG, (LPARAM)hIcon);//为窗口设置图标 25 SendMessage(hWinEdit, EM_SETTEXTMODE, TM_PLAINTEXT, 0);//设置编辑控件 26 27 RtlZeroMemory(&stCf, sizeof(stCf)); 28 stCf.cbSize = sizeof(stCf); 29 stCf.yHeight = 10 * 20; 30 stCf.dwMask = CFM_FACE | CFM_SIZE | CFM_BOLD; 31 lstrcpy(stCf.szFaceName, szFont); 32 SendMessage(hWinEdit, EM_SETCHARFORMAT, 0, (LPARAM)&stCf); 33 SendMessage(hWinEdit, EM_EXLIMITTEXT, 0, -1); 34 } 35 36 37 /* 38 往文本框中追加文本 39 */ 40 void _appendInfo(TCHAR * _lpsz) 41 { 42 CHARRANGE stCR; 43 44 stCR.cpMin = GetWindowTextLength(hWinEdit); 45 stCR.cpMax = GetWindowTextLength(hWinEdit); 46 SendMessage(hWinEdit, EM_EXSETSEL, 0, (LPARAM)&stCR); //将插入点移动到最后 47 SendMessage(hWinEdit, EM_REPLACESEL, FALSE, (LPARAM)_lpsz); 48 } 49 50 51 52 /* 53 打开PE文件并处理 54 */ 55 void _openFile(HWND hWinMain) 56 { 57 OPENFILENAME stOF; 58 HANDLE hFile, hMapFile; 59 DWORD totalSize; //文件大小 60 LPVOID lpMemory; //内存映像文件在内存的起始位置 61 62 TCHAR szFileName[MAX_PATH] = {0}; //要打开的文件路径及名称名 63 TCHAR bufTemp1[10]; //每个字符的十六进制字节码 64 TCHAR bufTemp2[20]; //第一列 65 TCHAR lpServicesBuffer[100]; //一行的所有内容 66 TCHAR bufDisplay[50]; //第三列ASCII码字符 67 DWORD dwCount; //计数,逢16则重新计 68 DWORD dwCount1; //地址顺号 69 DWORD dwBlanks; //最后一行空格数 70 71 TCHAR szExtPe[] = TEXT("PE Files\0*.exe;*.dll;*.scr;*.fon;*.drv\0All Files(*.*)\0*.*\0\0"); 72 73 74 RtlZeroMemory(&stOF, sizeof(stOF)); 75 stOF.lStructSize = sizeof(stOF); 76 stOF.hwndOwner = hWinMain; 77 stOF.lpstrFilter = szExtPe; 78 stOF.lpstrFile = szFileName; 79 stOF.nMaxFile = MAX_PATH; 80 stOF.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST; 81 if (GetOpenFileName(&stOF)) //让用户选择打开的文件 82 { 83 hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, 84 NULL, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL); 85 if (hFile != INVALID_HANDLE_VALUE) 86 { 87 totalSize = GetFileSize(hFile, NULL);//获取文件大小 88 if (totalSize) 89 { 90 hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);//内存映射文件 91 if (hMapFile) 92 { 93 lpMemory = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 0);//获得文件在内存的映象起始位置 94 if (lpMemory) 95 { 96 //开始处理文件 97 98 //缓冲区初始化 99 RtlZeroMemory(bufTemp1, 10); 100 RtlZeroMemory(bufTemp2, 20); 101 RtlZeroMemory(lpServicesBuffer, 100); 102 RtlZeroMemory(bufDisplay, 50); 103 104 dwCount = 1; 105 106 //将第一列写入lpServicesBuffer 107 dwCount1 = 0; 108 wsprintf(bufTemp2, TEXT("%08x "), dwCount1); 109 lstrcat(lpServicesBuffer, bufTemp2); 110 111 dwBlanks = (16 - totalSize % 16) * 3;//求最后一行的空格数 112 113 while (TRUE) 114 { 115 if (totalSize == 0)//最后一行 116 { 117 while (dwBlanks)//填充空格 118 { 119 lstrcat(lpServicesBuffer, TEXT(" ")); 120 --dwBlanks; 121 } 122 123 lstrcat(lpServicesBuffer, TEXT(" "));//第二列与第三列中间的空格 124 lstrcat(lpServicesBuffer, bufDisplay);//第三列内容 125 lstrcat(lpServicesBuffer, TEXT("\n"));//回车换行符号 126 break; 127 } 128 129 //翻译成可以显示的ascii码字,写入第三列的值 130 if (*(TCHAR *)lpMemory > 0x20 && *(TCHAR *)lpMemory < 0x7e) 131 { 132 bufDisplay[dwCount-1] = *(TCHAR *)lpMemory; 133 } 134 else 135 { 136 bufDisplay[dwCount-1] = 0x2e;//如果不是ASCII码值,则显示“.” 137 } 138 139 wsprintf(bufTemp1, TEXT("%02X "), *(TBYTE *)lpMemory);//字节的十六进制字符串到@bufTemp1中 140 lstrcat(lpServicesBuffer, bufTemp1);//将第二列写入lpServicesBuffer 141 142 if (dwCount == 16)//已到16个字节, 143 { 144 lstrcat(lpServicesBuffer, TEXT(" "));//第二列与第三列中间的空格 145 lstrcat(lpServicesBuffer, bufDisplay);//显示第三列字符 146 lstrcat(lpServicesBuffer, TEXT("\n"));//回车换行 147 148 _appendInfo(lpServicesBuffer);//写入内容 149 RtlZeroMemory(lpServicesBuffer, 100); 150 151 if (dwStop == 1) 152 { 153 break; 154 } 155 156 wsprintf(bufTemp2, TEXT("%08X "), (++dwCount1) * 16); // 显示下一行的地址 157 lstrcat(lpServicesBuffer, bufTemp2); 158 159 dwCount = 0; 160 RtlZeroMemory(bufDisplay, 50); 161 } 162 --totalSize; 163 ++dwCount; 164 ++(TCHAR *)lpMemory; 165 166 } 167 168 _appendInfo(lpServicesBuffer); //添加最后一行 169 UnmapViewOfFile(lpMemory); 170 } 171 CloseHandle(hMapFile); 172 } 173 } 174 CloseHandle(hFile); 175 } 176 } 177 } 178 179 180 181 182 183 /* 184 窗口程序 185 */ 186 INT_PTR CALLBACK _ProcDlgMain(HWND hWnd, UINT wMsg, WPARAM wParam, LPARAM lParam) 187 { 188 switch (wMsg) 189 { 190 case WM_CLOSE: 191 EndDialog(hWnd, 0); 192 break; 193 194 case WM_INITDIALOG: //初始化 195 _Init(hWnd); 196 break; 197 198 case WM_COMMAND: //菜单 199 switch (LOWORD(wParam)) 200 { 201 case IDM_EXIT: //退出 202 EndDialog(hWnd, 0); 203 break; 204 205 case IDM_OPEN: //打开文件 206 dwStop = 0; 207 CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)_openFile, hWnd, 0, NULL); 208 break; 209 210 case IDM_1: 211 dwStop = 1; 212 break; 213 214 case IDM_2: 215 case IDM_3: 216 default: 217 break; 218 } 219 break; 220 221 default: 222 return FALSE; 223 } 224 225 return TRUE; 226 } 227 228 229 230 231 int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) 232 { 233 HMODULE hRichEdit; 234 235 hInstance = hInst; 236 hRichEdit = LoadLibrary(TEXT("RichEd20.dll")); 237 DialogBoxParam(hInstance, MAKEINTRESOURCE(DLG_MAIN), NULL, _ProcDlgMain, (LPARAM)NULL); 238 FreeLibrary(hRichEdit); 239 return 0; 240 }
头文件 resource.h
1 //{{NO_DEPENDENCIES}} 2 // Microsoft Visual C++ 生成的包含文件。 3 // 供 Resource.rc 使用 4 // 5 #define ICO_MAIN 101 6 #define DLG_MAIN 102 7 #define IDM_MAIN 103 8 #define IDC_INFO 1001 9 #define IDM_OPEN 40001 10 #define IDM_EXIT 40002 11 #define IDM_1 40003 12 #define IDM_2 40004 13 #define IDM_3 40005 14 #define IDM_4 40006 15 16 // Next default values for new objects 17 // 18 #ifdef APSTUDIO_INVOKED 19 #ifndef APSTUDIO_READONLY_SYMBOLS 20 #define _APS_NEXT_RESOURCE_VALUE 104 21 #define _APS_NEXT_COMMAND_VALUE 40007 22 #define _APS_NEXT_CONTROL_VALUE 1002 23 #define _APS_NEXT_SYMED_VALUE 101 24 #endif 25 #endif
资源文件 resource.rc
1 // Microsoft Visual C++ generated resource script. 2 // 3 #include "resource.h" 4 5 #define APSTUDIO_READONLY_SYMBOLS 6 ///////////////////////////////////////////////////////////////////////////// 7 // 8 // Generated from the TEXTINCLUDE 2 resource. 9 // 10 #include "winres.h" 11 12 ///////////////////////////////////////////////////////////////////////////// 13 #undef APSTUDIO_READONLY_SYMBOLS 14 15 ///////////////////////////////////////////////////////////////////////////// 16 // 中文(简体,中国) resources 17 18 #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS) 19 LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED 20 21 #ifdef APSTUDIO_INVOKED 22 ///////////////////////////////////////////////////////////////////////////// 23 // 24 // TEXTINCLUDE 25 // 26 27 1 TEXTINCLUDE 28 BEGIN 29 "resource.h\0" 30 END 31 32 2 TEXTINCLUDE 33 BEGIN 34 "#include ""winres.h""\r\n" 35 "\0" 36 END 37 38 3 TEXTINCLUDE 39 BEGIN 40 "\r\n" 41 "\0" 42 END 43 44 #endif // APSTUDIO_INVOKED 45 46 47 ///////////////////////////////////////////////////////////////////////////// 48 // 49 // Icon 50 // 51 52 // Icon with lowest ID value placed first to ensure application icon 53 // remains consistent on all systems. 54 ICO_MAIN ICON "main.ico" 55 56 ///////////////////////////////////////////////////////////////////////////// 57 // 58 // Dialog 59 // 60 61 DLG_MAIN DIALOGEX 50, 50, 399, 399 62 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU 63 CAPTION "PEDump" 64 MENU IDM_MAIN 65 FONT 9, "宋体", 0, 0, 0x0 66 BEGIN 67 CONTROL "",IDC_INFO,"RichEdit20A",ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_READONLY | ES_WANTRETURN | WS_BORDER | WS_VSCROLL | WS_TABSTOP,0,0,395,394 68 END 69 70 71 ///////////////////////////////////////////////////////////////////////////// 72 // 73 // DESIGNINFO 74 // 75 76 #ifdef APSTUDIO_INVOKED 77 GUIDELINES DESIGNINFO 78 BEGIN 79 DLG_MAIN, DIALOG 80 BEGIN 81 RIGHTMARGIN, 395 82 BOTTOMMARGIN, 394 83 END 84 END 85 #endif // APSTUDIO_INVOKED 86 87 88 ///////////////////////////////////////////////////////////////////////////// 89 // 90 // Menu 91 // 92 93 IDM_MAIN MENU 94 BEGIN 95 POPUP "文件(&F)" 96 BEGIN 97 MENUITEM "打开文件(&O)...", IDM_OPEN 98 MENUITEM SEPARATOR 99 MENUITEM "退出(&x)", IDM_EXIT 100 END 101 POPUP "编辑(&E)" 102 BEGIN 103 MENUITEM SEPARATOR 104 END 105 POPUP "格式(&O)" 106 BEGIN 107 MENUITEM SEPARATOR 108 END 109 POPUP "查看(&V)" 110 BEGIN 111 MENUITEM "停止Dump...", IDM_1 112 MENUITEM "窗口透明度", IDM_2 113 MENUITEM SEPARATOR 114 MENUITEM "大小", IDM_3 115 MENUITEM "宽度", IDM_4 116 END 117 POPUP "帮助(&H)" 118 BEGIN 119 MENUITEM SEPARATOR 120 END 121 END 122 123 #endif // 中文(简体,中国) resources 124 ///////////////////////////////////////////////////////////////////////////// 125 126 127 128 #ifndef APSTUDIO_INVOKED 129 ///////////////////////////////////////////////////////////////////////////// 130 // 131 // Generated from the TEXTINCLUDE 3 resource. 132 // 133 134 135 ///////////////////////////////////////////////////////////////////////////// 136 #endif // not APSTUDIO_INVOKED
