#include "Global.h" static BOOL bIsPe32Plus = 0; //标志,用于表示是否为pe32+文件 static INT64 mode = 0; //标志,用于表示读入的模式,若为0代表是内存读入,不为0,代表是文件打开,此时mode是文件路径指针。 static byte* data = NULL; //用于存放读入的PE文件 static IMAGE_SECTION_HEADER ish[20] = { 0 }; //用于存放区段头 static int nNumOfSections = 0; //表示有多少个区段 static IMAGE_DATA_DIRECTORY idd[0x10] = { 0 };//用于存放数据目录表 static BYTE ibrl[0x200][0x1000] = { 0 }; //用于存放重定位相关信息 static CHAR szSectionColName[6][MAX_PATH] = //区段对话框listview的列名 { "Name","VOffset","VSize","ROffset","RSize","Flags" }; enum SectionColPos {scp_name=0,scp_voffset,scp_vsize,scp_roffset,scp_rsize,scp_flags}; //区段对话框listview列位置索引 static int nSectionColNum = 6; //RVA转文件偏移 static INT RVAtoFileOff(INT nRva) { for (int i = 0; i < nNumOfSections; ++i) { if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize))) { return nRva - ish[i].VirtualAddress + ish[i].PointerToRawData; break; } } MessageBox(NULL, "RVA转换无解", NULL, 0); return -1; } //RVA找到对应的区段名 static CHAR* RVAToSectionName(INT nRva) { for (int i = 0; i < nNumOfSections; ++i) { if ((nRva >= ish[i].VirtualAddress) && (nRva <= (ish[i].VirtualAddress + ish[i].Misc.VirtualSize))) { return (CHAR*)ish[i].Name; break; } } MessageBox(NULL, "RVA转换无解", NULL, 0); return NULL; } //得到基本的PE文件信息 VOID GetBasicPEInfo(HWND hwndDlg) { if (mode == NULL) //说明在内存中 { HANDLE hDestProcess = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, nLastPID); HMODULE hModule[200] = { 0 }; DWORD cbNeeded = 0; MODULEINFO mi = { 0 }; EnumProcessModulesEx(hDestProcess, hModule, 200 * 4, &cbNeeded, LIST_MODULES_ALL); GetModuleInformation(hDestProcess, hModule[0], &mi, sizeof(mi)); data = (PBYTE)malloc(mi.SizeOfImage); ReadProcessMemory(hDestProcess, hModule[0], data, mi.SizeOfImage, NULL); } else //说明是文件中 { HANDLE hFile = CreateFile((CHAR*)mode, FILE_READ_ACCESS, FILE_SHARE_READ, NULL, OPEN_ALWAYS, NULL, NULL); DWORD dwFileSize = GetFileSize(hFile, NULL); data = (BYTE*)malloc(dwFileSize); ReadFile(hFile, data, dwFileSize, NULL, NULL); CloseHandle(hFile); } PIMAGE_DOS_HEADER pidh = (PIMAGE_DOS_HEADER)data; if (pidh->e_magic != IMAGE_DOS_SIGNATURE) { MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK); return; } PIMAGE_NT_HEADERS32 pinh = (PIMAGE_NT_HEADERS32)(&data[pidh->e_lfanew]); if (pinh->Signature != IMAGE_NT_SIGNATURE) { MessageBox(NULL, "不是个PE文件", "错误信息", MB_OK); return; } PIMAGE_FILE_HEADER pifh = &pinh->FileHeader; CHAR szTemp[20] = { 0 }; wsprintf(szTemp, "%04X", pifh->SizeOfOptionalHeader); HWND hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT15); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pifh->Characteristics); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT13); Edit_SetText(hwndTemp, szTemp); nNumOfSections = pifh->NumberOfSections; wsprintf(szTemp, "%04X", pifh->NumberOfSections); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT10); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pifh->TimeDateStamp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT11); Edit_SetText(hwndTemp, szTemp); if (pinh->OptionalHeader.Magic == 0x20B) { bIsPe32Plus = TRUE; PIMAGE_NT_HEADERS64 pinh64 = (PIMAGE_NT_HEADERS64)(&data[pidh->e_lfanew]); PIMAGE_OPTIONAL_HEADER64 pioh64 = &pinh64->OptionalHeader; wsprintf(szTemp, "%08X", pioh64->AddressOfEntryPoint); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1); Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, 20, "%016llX", pioh64->ImageBase); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->SizeOfImage); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->BaseOfCode); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); Edit_SetText(hwndTemp, "None"); wsprintf(szTemp, "%08X", pioh64->SectionAlignment); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->FileAlignment); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh64->Magic); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh64->Subsystem); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->SizeOfHeaders); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->CheckSum); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh64->NumberOfRvaAndSizes); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16); Edit_SetText(hwndTemp, szTemp); for (int i = 0; i < 0x10; ++i) { idd[i] = (pioh64->DataDirectory)[i]; } PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh64); for (int i = 0; i < nNumOfSections; ++i, ++pish) { ish[i] = *pish; } return; } else //32位image { PIMAGE_OPTIONAL_HEADER32 pioh32 = &pinh->OptionalHeader; wsprintf(szTemp, "%08X", pioh32->AddressOfEntryPoint); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->ImageBase); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SizeOfImage); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->BaseOfCode); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->BaseOfData); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SectionAlignment); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->FileAlignment); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh32->Magic); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT8); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%04X", pioh32->Subsystem); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT9); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->SizeOfHeaders); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT12); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->CheckSum); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT14); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", pioh32->NumberOfRvaAndSizes); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT16); Edit_SetText(hwndTemp, szTemp); for (int i = 0; i < 0x10; ++i) { idd[i] = (pioh32->DataDirectory)[i]; } PIMAGE_SECTION_HEADER pish = (PIMAGE_SECTION_HEADER)(++pinh); for (int i = 0; i < nNumOfSections; ++i, ++pish) { ish[i] = *pish; } } } //输出表对话框 3 INT_PTR ExportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndLV; static CHAR szColName[4][50] = { "Ordinal","RVA","Offset","Function Name" }; switch (uMsg) { case WM_INITDIALOG: { PIMAGE_EXPORT_DIRECTORY pied = (PIMAGE_EXPORT_DIRECTORY)&data[mode ? RVAtoFileOff(idd[0].VirtualAddress) : idd[0].VirtualAddress]; int nOrder[10] = { IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT9,IDC_EDIT10 }; //int nValue[10] = {pied->Characteristics,...}; 这样子是不行的 DWORD *nValue = (DWORD*)malloc(10 * sizeof(DWORD)); nValue[0] = idd[0].VirtualAddress; nValue[1] = pied->Characteristics; nValue[2] = pied->Base; nValue[3] = pied->Name; nValue[4] = pied->NumberOfFunctions; nValue[5] = pied->NumberOfNames; nValue[6] = pied->AddressOfFunctions; nValue[7] = pied->AddressOfNames; nValue[8] = pied->AddressOfNameOrdinals; CHAR szTemp[80] = { 0 }; HWND hwndTemp = NULL; for (int i = 0; i < 9; ++i) { hwndTemp = GetDlgItem(hwndDlg, nOrder[i]); StringCbPrintf(szTemp, 80, "%08X", nValue[i]); Edit_SetText(hwndTemp, szTemp); } hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); StringCbPrintf(szTemp, 80, "%s", &data[mode?RVAtoFileOff(pied->Name):pied->Name]); Edit_SetText(hwndTemp, szTemp); hwndLV = GetDlgItem(hwndDlg, IDC_LIST1); LVCOLUMN lvc = { 0 }; lvc.mask = LVCF_TEXT | LVCF_WIDTH; lvc.cx = 100; for (int i = 0; i < 4; ++i) { lvc.pszText = szColName[i]; ListView_InsertColumn(hwndLV, i, &lvc); } PWORD pOrd = (PWORD)&data[mode ? RVAtoFileOff(pied->AddressOfNameOrdinals) : pied->AddressOfNameOrdinals]; PDWORD pFun = (PDWORD)&data[mode ? RVAtoFileOff(pied->AddressOfFunctions) : pied->AddressOfFunctions]; PCHAR pName = (PCHAR)&data[mode ? RVAtoFileOff(pied->Name) : pied->Name]; pName += strlen(pName) + 1; PCHAR pTemp = pName; LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; for (int i = 0; i < pied->NumberOfFunctions; ++i) { if (!pFun[i]) continue; lvi.iItem = i; StringCbPrintf(szTemp, 80, "%d", i + pied->Base); lvi.pszText = szTemp; ListView_InsertItem(hwndLV, &lvi); StringCbPrintf(szTemp, 80, "%08X", pFun[i]); ListView_SetItemText(hwndLV, i, 1, szTemp); StringCbPrintf(szTemp, 80, "%08X", RVAtoFileOff(pFun[i])); ListView_SetItemText(hwndLV, i, 2, szTemp); int j; for (j = 0; j < pied->NumberOfNames; ++j) { if (pOrd[j] == i) { pTemp = pName; for (int k = 0; k < j; k++) { pTemp += strlen(pTemp) + 1; } ListView_SetItemText(hwndLV, i, 3, pTemp); break; } } if (j >= pied->NumberOfNames) { ListView_SetItemText(hwndLV, i, 3, "无名"); } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //输入表对话框 3 INT_PTR ImportTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndLV1, hwndLV2; switch (uMsg) { case WM_INITDIALOG: { hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1); hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT); ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[6][50] = { "DllName","OriginalFirstThunk","TimeDateStamp","ForwarderChain","Name","FirstThunk" }; CHAR szColName2[5][50] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" }; LVCOLUMN lvc = { 0 }; lvc.mask = LVCF_WIDTH | LVCF_TEXT; lvc.cx = 100; for (int i = 0; i < 6; ++i) { lvc.pszText = szColName1[i]; ListView_InsertColumn(hwndLV1, i, &lvc); } for (int i = 0; i < 5; ++i) { lvc.pszText = szColName2[i]; ListView_InsertColumn(hwndLV2, i, &lvc); } PIMAGE_IMPORT_DESCRIPTOR piid = (PIMAGE_IMPORT_DESCRIPTOR)&data[mode?RVAtoFileOff(idd[1].VirtualAddress):idd[1].VirtualAddress]; CHAR szTemp[MAX_PATH] = { 0 }; int k = 0; while (piid->FirstThunk) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(piid->Name) : piid->Name]); lvi.pszText = szTemp; ListView_InsertItem(hwndLV1, &lvi); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->OriginalFirstThunk); ListView_SetItemText(hwndLV1, k, 1, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->TimeDateStamp); ListView_SetItemText(hwndLV1, k, 2, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->ForwarderChain); ListView_SetItemText(hwndLV1, k, 3, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->Name); ListView_SetItemText(hwndLV1, k, 4, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", piid->FirstThunk); ListView_SetItemText(hwndLV1, k, 5, szTemp); ++k; ++piid; } break; } case WM_NOTIFY: { switch (((LPNMHDR)(lParam))->code) { case NM_CLICK: { if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1) { ListView_DeleteAllItems(hwndLV2); int nIndex = ListView_GetSelectionMark(hwndLV1); CHAR szBuffer[20] = { 0 }; ListView_GetItemText(hwndLV1, nIndex, 5, szBuffer, 20); DWORD dwFirstThunk = HexStrToDec32(szBuffer); if (!bIsPe32Plus) { PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[100] = { 0 }; int k = 0; while (pitd32->u1.Function) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4); lvi.pszText = szTemp; ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4)); ListView_SetItemText(hwndLV2, k, 1, szTemp); StringCbPrintf(szTemp, 100, "%08X", pitd32->u1.Function); ListView_SetItemText(hwndLV2, k, 2, szTemp); if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号 { ListView_SetItemText(hwndLV2, k, 3, "---"); StringCbPrintf(szTemp, 100, "Ordinal:%X h %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000'0000); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //最高位为0,则可能是函数地址,或者是API名称 { if (mode) //说明是API名称 { PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)]; StringCbPrintf(szTemp, 100, "%04X", piibn->Hint); ListView_SetItemText(hwndLV2, k, 3, szTemp); StringCbPrintf(szTemp, 100, "%s", piibn->Name); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //说明是函数地址 { ListView_SetItemText(hwndLV2, k, 3, "---"); ListView_SetItemText(hwndLV2, k, 4, "---"); } } ++pitd32; ++k; } } else; //pe32+ { PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[100] = { 0 }; int k = 0; while (pitd64->u1.Function) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4); lvi.pszText = szTemp; ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4)); ListView_SetItemText(hwndLV2, k, 1, szTemp); StringCbPrintf(szTemp, 100, "%016llX", pitd64->u1.Function); ListView_SetItemText(hwndLV2, k, 2, szTemp); if (pitd64->u1.Function & 0x8000'0000'0000'0000) //最高位为1,则为序号 { ListView_SetItemText(hwndLV2, k, 3, "---"); StringCbPrintf(szTemp, 100, "Ordinal:%X h %d d", pitd64->u1.Function ^ 0x8000'0000'0000'0000, pitd64->u1.Function ^ 0x8000'0000'0000'0000); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //最高位为0,则可能是函数地址,或者是API名称 { if (mode) //说明是API名称 { PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)]; StringCbPrintf(szTemp, 100, "%04X", piibn->Hint); ListView_SetItemText(hwndLV2, k, 3, szTemp); StringCbPrintf(szTemp, 100, "%s", piibn->Name); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //说明是函数地址 { ListView_SetItemText(hwndLV2, k, 3, "---"); ListView_SetItemText(hwndLV2, k, 4, "---"); } } ++pitd64; ++k; } } } break; } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //资源对话框 3 INT_PTR ResourceDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndTV = NULL; switch (uMsg) { case WM_INITDIALOG: { hwndTV = GetDlgItem(hwndDlg, IDC_TREE1); HWND hwndTemp; CHAR szTemp[MAX_PATH] = { 0 }; WCHAR szTempW[MAX_PATH] = { 0 }; PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress) : idd[2].VirtualAddress]; hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1); StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfNamedEntries); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2); StringCbPrintf(szTemp, MAX_PATH, "%04X", pird->NumberOfIdEntries); Edit_SetText(hwndTemp, szTemp); PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird+1); TVINSERTSTRUCT tvis = { 0 }; HTREEITEM hParentNode = NULL; CHAR szType[0x20][50] = { "XXX","Cursor","Bitmap","Icon","Menu","Dialog" ,"字符串" ,"FontDir" ,"Font" ,"Accelerator" ,"RCData" ,"MessageTable" ,"Group_Cursor" ,"Group_Icon","XXX","XXX","Version" ,"DlgInclude" ,"XXX","PlugPlay","VXD","AniCursor","AniIcon","HTML","Manifest" }; for (int i = 0; i < pird->NumberOfIdEntries + pird->NumberOfNamedEntries; ++i,++pirde) { tvis.hParent = NULL; tvis.hInsertAfter = TVI_SORT; tvis.item.mask = TVIF_TEXT | TVIF_CHILDREN; tvis.item.cChildren = 1; if (pirde->NameIsString == 0) { StringCbPrintfA(szTemp, MAX_PATH, "%s", szType[pirde->Id]); } else { PIMAGE_RESOURCE_DIR_STRING_U pirdsu = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + pirde->NameOffset) : idd[2].VirtualAddress + pirde->NameOffset]; StringCbPrintfW(szTempW, pirdsu->Length * 2 + 2, L"%s", pirdsu->NameString); WideCharToMultiByte(CP_ACP, NULL, szTempW, -1, szTemp, wcslen(szTempW) + 1, NULL, FALSE); } tvis.item.pszText = szTemp; tvis.item.cchTextMax = MAX_PATH; hParentNode = TreeView_InsertItem(hwndTV, &tvis); PIMAGE_RESOURCE_DIRECTORY pird_lv2 = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress+pirde->OffsetToDirectory) : idd[2].VirtualAddress+ pirde->OffsetToDirectory]; TVITEM tvi = { 0 }; tvi.mask = TVIF_PARAM; tvi.hItem = hParentNode; tvi.lParam = (DWORD(pird_lv2->NumberOfNamedEntries) << 16 | pird_lv2->NumberOfIdEntries); TreeView_SetItem(hwndTV, &tvi); PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde_lv2 = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird_lv2+1); tvis.hParent = hParentNode; tvis.hInsertAfter = TVI_SORT; tvis.item.mask = TVIF_TEXT | TVIF_PARAM; for (int j = 0; j < pird_lv2->NumberOfIdEntries + pird_lv2->NumberOfNamedEntries; ++j,++pirde_lv2) { if (pirde_lv2->NameIsString == 0) { StringCbPrintfA(szTemp, MAX_PATH, "%d", pirde_lv2->Id); } else { PIMAGE_RESOURCE_DIR_STRING_U pirdsu_lv2 = (PIMAGE_RESOURCE_DIR_STRING_U)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + pirde_lv2->NameOffset) : idd[2].VirtualAddress + pirde_lv2->NameOffset]; StringCbPrintfW(szTempW, pirdsu_lv2->Length * 2 + 2, L"%s", pirdsu_lv2->NameString); WideCharToMultiByte(CP_ACP, NULL, szTempW, -1, szTemp, wcslen(szTempW) + 1, NULL, FALSE); } tvis.item.pszText = szTemp; tvis.item.lParam = 0x8000'0000 | pirde_lv2->OffsetToDirectory; TreeView_InsertItem(hwndTV, &tvis); } } break; } case WM_NOTIFY: { LPNMHDR lpnmh = (LPNMHDR)lParam; switch (lpnmh->code) { case TVN_SELCHANGED: { CHAR szTemp[20] = { 0 }; HWND hwndTemp = NULL; HTREEITEM hti = TreeView_GetSelection(hwndTV); TVITEM tvi; tvi.hItem = hti; tvi.mask = TVIF_PARAM; TreeView_GetItem(hwndTV, &tvi); LPARAM tvilParam = tvi.lParam; if (tvilParam & 0x8000'0000) //第三层 { LPARAM lPar = tvilParam ^ 0x8000'0000; PIMAGE_RESOURCE_DIRECTORY pird = (PIMAGE_RESOURCE_DIRECTORY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress + lPar) : idd[2].VirtualAddress + lPar]; PIMAGE_RESOURCE_DIRECTORY_ENTRY pirde = (PIMAGE_RESOURCE_DIRECTORY_ENTRY)(pird + 1); PIMAGE_RESOURCE_DATA_ENTRY pirda = (PIMAGE_RESOURCE_DATA_ENTRY)&data[mode ? RVAtoFileOff(idd[2].VirtualAddress+pirde->OffsetToData) : idd[2].VirtualAddress+pirde->OffsetToData]; StringCbPrintf(szTemp, 20, "%08X", pirda->OffsetToData); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, 20, "%08X", RVAtoFileOff(pirda->OffsetToData)); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, 20, "%08X", pirda->Size); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7); Edit_SetText(hwndTemp, szTemp); HTREEITEM hParent = TreeView_GetParent(hwndTV, hti); TVITEM tvi; tvi.hItem = hParent; tvi.mask = TVIF_PARAM; TreeView_GetItem(hwndTV, &tvi); LPARAM lPar2 = tvi.lParam; StringCbPrintf(szTemp, 20, "%04X", HIWORD(lPar2)); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, 20, "%04X", LOWORD(lPar2)); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); Edit_SetText(hwndTemp, szTemp); } else //第二层 { StringCbPrintf(szTemp, 20, "%04X", HIWORD(tvilParam)); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); Edit_SetText(hwndTemp, szTemp); StringCbPrintf(szTemp, 20, "%04X", LOWORD(tvilParam)); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); Edit_SetText(hwndTemp, ""); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); Edit_SetText(hwndTemp, ""); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT7); Edit_SetText(hwndTemp, ""); } break; } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //重定位对话框 3 INT_PTR RelocationDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndLV1, hwndLV2; switch (uMsg) { case WM_INITDIALOG: { hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST1); hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST2); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT); ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[4][50] = { "Index","Section","RVA","Items"}; CHAR szColName2[5][50] = { "Index","RVA","Offset","Type","Far Address"}; LVCOLUMN lvc = { 0 }; lvc.mask = LVCF_WIDTH | LVCF_TEXT; lvc.cx = 100; for (int i = 0; i < 4; ++i) { lvc.pszText = szColName1[i]; ListView_InsertColumn(hwndLV1, i, &lvc); } for (int i = 0; i < 5; ++i) { lvc.pszText = szColName2[i]; ListView_InsertColumn(hwndLV2, i, &lvc); } PIMAGE_BASE_RELOCATION pibr = (PIMAGE_BASE_RELOCATION)&data[mode ? RVAtoFileOff(idd[5].VirtualAddress) : idd[5].VirtualAddress]; int k = 0; CHAR szTemp[100] = { 0 }; while (pibr->VirtualAddress) { memcpy(&ibrl[k], pibr, pibr->SizeOfBlock); if (pibr->SizeOfBlock > 0x1000) { MessageBox(hwndDlg, "pibr空间不够", "错误信息", MB_OK); } LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, 100, "%d", k); lvi.pszText = szTemp; ListView_InsertItem(hwndLV1, &lvi); ListView_SetItemText(hwndLV1, k, 1, RVAToSectionName(pibr->VirtualAddress)); StringCbPrintf(szTemp, 100, "%08X", pibr->VirtualAddress); ListView_SetItemText(hwndLV1, k, 2, szTemp); int nCount = ((pibr->SizeOfBlock - 8) / 2); StringCbPrintf(szTemp, 100, "%Xh / %dd", nCount,nCount); ListView_SetItemText(hwndLV1, k, 3, szTemp); pibr = (PIMAGE_BASE_RELOCATION)((ULONGLONG)pibr + pibr->SizeOfBlock); ++k; } break; } case WM_NOTIFY: { switch (((LPNMHDR)(lParam))->code) { case NM_CLICK: { if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1) { ListView_DeleteAllItems(hwndLV2); int nIndex = ListView_GetSelectionMark(hwndLV1); int nCount = (((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock - 8) / 2; CHAR szTemp[100] = { 0 }; WORD* pItem = (WORD*)((ULONGLONG)&(((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->SizeOfBlock) + 4); for (int j = 0; j < nCount ; ++j,++pItem) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = j; StringCbPrintf(szTemp, 100, "%d", j + 1); lvi.pszText = szTemp; ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, 100, "%08X", ((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress); ListView_SetItemText(hwndLV2, j, 1, szTemp); StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress)); ListView_SetItemText(hwndLV2, j, 2, szTemp); int type = ((*pItem) & 0xf000) >> 12; switch (type) { case IMAGE_REL_BASED_ABSOLUTE: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_ABSOLUTE"); break; } case IMAGE_REL_BASED_HIGH: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGH"); break; } case IMAGE_REL_BASED_LOW: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_LOW"); break; } case IMAGE_REL_BASED_HIGHLOW: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGHLOW"); break; } case IMAGE_REL_BASED_HIGHADJ: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_HIGHADJ"); break; } case IMAGE_REL_BASED_MACHINE_SPECIFIC_5: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_5"); break; } case IMAGE_REL_BASED_RESERVED: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_RESERVED"); break; } case IMAGE_REL_BASED_MACHINE_SPECIFIC_7: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_7"); break; } case IMAGE_REL_BASED_MACHINE_SPECIFIC_8: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_8"); break; } case IMAGE_REL_BASED_MACHINE_SPECIFIC_9: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_MACHINE_SPECIFIC_9"); break; } case IMAGE_REL_BASED_DIR64: { StringCbPrintf(szTemp, 100, "%s", "IMAGE_REL_BASED_DIR64"); break; } default: { StringCbPrintf(szTemp, 100, "%s", "Others"); break; } } ListView_SetItemText(hwndLV2, j, 3, szTemp); if (bIsPe32Plus) //pe32+的地址是16个字节 { StringCbPrintf(szTemp, 100, "%016llX", *(ULONGLONG*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff)+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff+ ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]); } else //PE32的地址是8个字节 { StringCbPrintf(szTemp, 100, "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(((DWORD)(*pItem) & 0x0fff) + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress) : (*pItem) & 0x0fff + ((PIMAGE_BASE_RELOCATION)(ibrl[nIndex]))->VirtualAddress]); } //+的优先级高于&,所以这里必须括号 ListView_SetItemText(hwndLV2, j, 4, szTemp); } } break; } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //TLS表对话框 3 INT_PTR TlsTableDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_INITDIALOG: { if (!bIsPe32Plus) //pe32 { PIMAGE_TLS_DIRECTORY32 pibr = (PIMAGE_TLS_DIRECTORY32)&data[mode ? RVAtoFileOff(idd[9].VirtualAddress) : idd[9].VirtualAddress]; CHAR szTemp[100] = { 0 }; HWND hwndTemp; hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1); StringCbPrintf(szTemp, 100, "%08X", pibr->StartAddressOfRawData); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2); StringCbPrintf(szTemp, 100, "%08X", pibr->EndAddressOfRawData); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); StringCbPrintf(szTemp, 100, "%08X", pibr->AddressOfIndex); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); StringCbPrintf(szTemp, 100, "%08X", pibr->AddressOfCallBacks); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); StringCbPrintf(szTemp, 100, "%08X", pibr->SizeOfZeroFill); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); StringCbPrintf(szTemp, 100, "%08X", pibr->Characteristics); Edit_SetText(hwndTemp, szTemp); } else //pe32+ { PIMAGE_TLS_DIRECTORY64 pibr64 = (PIMAGE_TLS_DIRECTORY64)&data[mode ? RVAtoFileOff(idd[9].VirtualAddress) : idd[9].VirtualAddress]; CHAR szTemp[100] = { 0 }; HWND hwndTemp; hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT1); StringCbPrintf(szTemp, 100, "%016llX", pibr64->StartAddressOfRawData); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT2); StringCbPrintf(szTemp, 100, "%016llX", pibr64->EndAddressOfRawData); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT3); StringCbPrintf(szTemp, 100, "%016llX", pibr64->AddressOfIndex); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT4); StringCbPrintf(szTemp, 100, "%016llX", pibr64->AddressOfCallBacks); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT5); StringCbPrintf(szTemp, 100, "%08X", pibr64->SizeOfZeroFill); Edit_SetText(hwndTemp, szTemp); hwndTemp = GetDlgItem(hwndDlg, IDC_EDIT6); StringCbPrintf(szTemp, 100, "%08X", pibr64->Characteristics); Edit_SetText(hwndTemp, szTemp); } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //延迟输入表对话框 3 INT_PTR DelayImportDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndLV1, hwndLV2; switch (uMsg) { case WM_INITDIALOG: { hwndLV1 = GetDlgItem(hwndDlg, IDC_LIST2); hwndLV2 = GetDlgItem(hwndDlg, IDC_LIST3); ListView_SetExtendedListViewStyle(hwndLV1, LVS_EX_FULLROWSELECT); ListView_SetExtendedListViewStyle(hwndLV2, LVS_EX_FULLROWSELECT); CHAR szColName1[7][50] = { "DllName","OriginalFirstThunk","TimeDateStamp","BoundImportAddressTableRVA","Name","FirstThunk","ModuleHandle" }; CHAR szColName2[5][50] = { "ThunkRVA","ThunkOffset","ThunkValue","Hint","ApiName" }; LVCOLUMN lvc = { 0 }; lvc.mask = LVCF_WIDTH | LVCF_TEXT; lvc.cx = 100; for (int i = 0; i < 7; ++i) { lvc.pszText = szColName1[i]; ListView_InsertColumn(hwndLV1, i, &lvc); } for (int i = 0; i < 5; ++i) { lvc.pszText = szColName2[i]; ListView_InsertColumn(hwndLV2, i, &lvc); } PIMAGE_DELAYLOAD_DESCRIPTOR pidd = (PIMAGE_DELAYLOAD_DESCRIPTOR)&data[mode ? RVAtoFileOff(idd[13].VirtualAddress) : idd[13].VirtualAddress]; CHAR szTemp[MAX_PATH] = { 0 }; int k = 0; while (pidd->ImportAddressTableRVA) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, MAX_PATH, "%s", &data[mode ? RVAtoFileOff(pidd->DllNameRVA) : pidd->DllNameRVA]); lvi.pszText = szTemp; ListView_InsertItem(hwndLV1, &lvi); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportNameTableRVA); ListView_SetItemText(hwndLV1, k, 1, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->TimeDateStamp); ListView_SetItemText(hwndLV1, k, 2, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->BoundImportAddressTableRVA); ListView_SetItemText(hwndLV1, k, 3, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->DllNameRVA); ListView_SetItemText(hwndLV1, k, 4, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", pidd->ImportAddressTableRVA); ListView_SetItemText(hwndLV1, k, 5, szTemp); StringCbPrintf(szTemp, MAX_PATH, "%08X", *(DWORD*)&data[mode ? RVAtoFileOff(pidd->ModuleHandleRVA) : pidd->ModuleHandleRVA]); ListView_SetItemText(hwndLV1, k, 6, szTemp); ++k; ++pidd; } break; } case WM_NOTIFY: { switch (((LPNMHDR)(lParam))->code) { case NM_CLICK: { if (((LPNMHDR)(lParam))->hwndFrom == hwndLV1) { ListView_DeleteAllItems(hwndLV2); int nIndex = ListView_GetSelectionMark(hwndLV1); CHAR szBuffer[20] = { 0 }; ListView_GetItemText(hwndLV1, nIndex, 1, szBuffer, 20); //这DelayImport得解析INT,才有名字,IAT即便是在文件中也是个地址 DWORD dwFirstThunk = HexStrToDec32(szBuffer); if (!bIsPe32Plus) { PIMAGE_THUNK_DATA32 pitd32 = (PIMAGE_THUNK_DATA32)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[100] = { 0 }; int k = 0; while (pitd32->u1.Function) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4); lvi.pszText = szTemp; ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4)); ListView_SetItemText(hwndLV2, k, 1, szTemp); StringCbPrintf(szTemp, 100, "%08X", pitd32->u1.Function); ListView_SetItemText(hwndLV2, k, 2, szTemp); if (pitd32->u1.Function & 0x8000'0000) //最高位为1,则为序号 { ListView_SetItemText(hwndLV2, k, 3, "---"); StringCbPrintf(szTemp, 100, "Ordinal:%X h %d d", pitd32->u1.Function ^ 0x8000'0000, pitd32->u1.Function ^ 0x8000'0000); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //最高位为0,则可能是函数地址,或者是API名称 { if (mode) //说明是API名称 { PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd32->u1.Function)]; StringCbPrintf(szTemp, 100, "%04X", piibn->Hint); ListView_SetItemText(hwndLV2, k, 3, szTemp); StringCbPrintf(szTemp, 100, "%s", piibn->Name); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //说明是函数地址 { ListView_SetItemText(hwndLV2, k, 3, "---"); ListView_SetItemText(hwndLV2, k, 4, "---"); } } ++pitd32; ++k; } } else //pe32+ { PIMAGE_THUNK_DATA64 pitd64 = (PIMAGE_THUNK_DATA64)(&data[mode ? RVAtoFileOff(dwFirstThunk) : dwFirstThunk]); CHAR szTemp[100] = { 0 }; int k = 0; while (pitd64->u1.Function) { LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; lvi.iItem = k; StringCbPrintf(szTemp, 100, "%08X", dwFirstThunk + k * 4); lvi.pszText = szTemp; ListView_InsertItem(hwndLV2, &lvi); StringCbPrintf(szTemp, 100, "%08X", RVAtoFileOff(dwFirstThunk + k * 4)); ListView_SetItemText(hwndLV2, k, 1, szTemp); StringCbPrintf(szTemp, 100, "%016llX", pitd64->u1.Function); ListView_SetItemText(hwndLV2, k, 2, szTemp); if (pitd64->u1.Function & 0x8000'0000'0000'0000) //最高位为1,则为序号 { ListView_SetItemText(hwndLV2, k, 3, "---"); StringCbPrintf(szTemp, 100, "Ordinal:%X h %d d", pitd64->u1.Function ^ 0x8000'0000'0000'0000, pitd64->u1.Function ^ 0x8000'0000'0000'0000); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //最高位为0,则可能是函数地址,或者是API名称 { if (mode) //说明是API名称 { PIMAGE_IMPORT_BY_NAME piibn = (PIMAGE_IMPORT_BY_NAME)&data[RVAtoFileOff(pitd64->u1.Function)]; StringCbPrintf(szTemp, 100, "%04X", piibn->Hint); ListView_SetItemText(hwndLV2, k, 3, szTemp); StringCbPrintf(szTemp, 100, "%s", piibn->Name); ListView_SetItemText(hwndLV2, k, 4, szTemp); } else //说明是函数地址 { ListView_SetItemText(hwndLV2, k, 3, "---"); ListView_SetItemText(hwndLV2, k, 4, "---"); } } ++pitd64; ++k; } } } break; } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //数据目录表对话框 2 INT_PTR DataDirectoryDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_INITDIALOG: { CHAR szTemp[20] = { 0 }; HWND hwndTemp; int nOrder[0x20] = { IDC_EDIT1,IDC_EDIT2,IDC_EDIT3,IDC_EDIT4,IDC_EDIT5,IDC_EDIT6,IDC_EDIT7,IDC_EDIT8,IDC_EDIT33, IDC_EDIT34, IDC_EDIT9,IDC_EDIT10,IDC_EDIT11,IDC_EDIT12,IDC_EDIT13,IDC_EDIT14,IDC_EDIT15,IDC_EDIT16,IDC_EDIT17,IDC_EDIT18,IDC_EDIT19,IDC_EDIT20,IDC_EDIT21,IDC_EDIT22,IDC_EDIT23,IDC_EDIT24,IDC_EDIT25,IDC_EDIT26,IDC_EDIT27,IDC_EDIT28,IDC_EDIT29,IDC_EDIT30 }; for (int i = 0; i < 0x10; ++i) { wsprintf(szTemp, "%08X", idd[i].VirtualAddress); hwndTemp = GetDlgItem(hwndDlg, nOrder[2*i]); Edit_SetText(hwndTemp, szTemp); wsprintf(szTemp, "%08X", idd[i].Size); hwndTemp = GetDlgItem(hwndDlg, nOrder[2*i+1]); Edit_SetText(hwndTemp, szTemp); } break; } case WM_COMMAND: { switch (LOWORD(wParam)) //每个一个DialogBox { case IDC_BUTTON1: //Export Table { if (idd[0].Size == 0) { MessageBox(hwndDlg, "输出表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG5), hwndDlg, (DLGPROC)ExportTableDlg); break; } case IDC_BUTTON2: //Import Table { if (idd[1].Size == 0) { MessageBox(hwndDlg, "输入表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG6), hwndDlg, (DLGPROC)ImportTableDlg); break; } case IDC_BUTTON3: //Resource { if (idd[2].Size == 0) { MessageBox(hwndDlg, "资源表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG7), hwndDlg, (DLGPROC)ResourceDlg); break; } case IDC_BUTTON4: //Relocation { if (idd[5].Size == 0) { MessageBox(hwndDlg, "重定位表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG8), hwndDlg, (DLGPROC)RelocationDlg); break; } case IDC_BUTTON5: //TlsTable { if (idd[9].Size == 0) { MessageBox(hwndDlg, "TLS表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG9), hwndDlg, (DLGPROC)TlsTableDlg); break; } case IDC_BUTTON7: //DelayImport { if (idd[13].Size == 0) { MessageBox(hwndDlg, "延迟输入表不存在", "错误信息", MB_OK); break; } DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG10), hwndDlg, (DLGPROC)DelayImportDlg); break; } } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //区段对话框 2 INT_PTR SectionDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { static HWND hwndSectionListView = NULL; switch (uMsg) { case WM_INITDIALOG: { RECT rc = { 0 }; GetWindowRect(hwndDlg, &rc); hwndSectionListView = CreateWindow(WC_LISTVIEW, "", WS_VISIBLE | WS_CHILD | LVS_REPORT | LVS_SHOWSELALWAYS, 0, 0, 0, 0, hwndDlg, NULL, g_hInst, NULL); ListView_SetExtendedListViewStyle(hwndSectionListView, LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES); SetWindowPos(hwndSectionListView, HWND_TOP, 0, 50, rc.right - rc.left, rc.bottom - rc.top - 100, SWP_SHOWWINDOW); LVCOLUMN lvc = { 0 }; lvc.mask = LVCF_FMT | LVCF_WIDTH | LVCF_TEXT; lvc.cx = 150; lvc.fmt = LVCFMT_LEFT; for (int i = 0; i < nSectionColNum; ++i) { lvc.pszText = szSectionColName[i]; ListView_InsertColumn(hwndSectionListView, i, &lvc); } LVITEM lvi = { 0 }; lvi.mask = LVIF_TEXT; CHAR szTemp[20] = { 0 }; for (int i = 0; i < nNumOfSections; ++i) { lvi.iItem = i; lvi.iSubItem = 0; lvi.pszText = (CHAR*)&ish[i].Name; ListView_InsertItem(hwndSectionListView, &lvi); wsprintf(szTemp, "%08X", ish[i].VirtualAddress); ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_voffset, szTemp); wsprintf(szTemp, "%08X", ish[i].Misc.VirtualSize); ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_vsize, szTemp); wsprintf(szTemp, "%08X", ish[i].PointerToRawData); ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_roffset, szTemp); wsprintf(szTemp, "%08X", ish[i].SizeOfRawData); ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_rsize, szTemp); wsprintf(szTemp, "%08X", ish[i].Characteristics); ListView_SetItemText(hwndSectionListView, i, SectionColPos::scp_flags, szTemp); } break; } case WM_CLOSE: { EndDialog(hwndDlg, 0); break; } } return FALSE; } //PE对话框 1 //后面的数字代表层次 INT_PTR PEDlg(HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) { switch (uMsg) { case WM_INITDIALOG: { GetBasicPEInfo(hwndDlg); break; } case WM_COMMAND: { switch (LOWORD(wParam)) { case IDC_BUTTON1: //Sections { DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG3), hwndDlg, (DLGPROC)SectionDlg); break; } case IDC_BUTTON2: //Directories { DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG4), hwndDlg, (DLGPROC)DataDirectoryDlg); break; } } break; } case WM_CLOSE: { free(data); EndDialog(hwndDlg, 0); break; } } return FALSE; } //PE对话框线程的入口函数 DWORD PEInfoDlg(LPVOID lpParam) { bIsPe32Plus = FALSE; mode = (INT64)lpParam; //0代表是内存,否则就是磁盘文件完整路径 DialogBox(g_hInst, MAKEINTRESOURCE(IDD_DIALOG2), hwndMainWnd, (DLGPROC)PEDlg); return 0; }
以下是资源文件.rc:
// Microsoft Visual C++ generated resource script. // #include "resource.h" #define APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // // Generated from the TEXTINCLUDE 2 resource. // #include "winres.h" ///////////////////////////////////////////////////////////////////////////// #undef APSTUDIO_READONLY_SYMBOLS ///////////////////////////////////////////////////////////////////////////// // 中文(简体,中国) resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS) LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED #ifdef APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // TEXTINCLUDE // 1 TEXTINCLUDE BEGIN "resource.h\0" END 2 TEXTINCLUDE BEGIN "#include ""winres.h""\r\n" "\0" END 3 TEXTINCLUDE BEGIN "\r\n" "\0" END #endif // APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // Menu // IDR_MENU1 MENU BEGIN POPUP "文件" BEGIN MENUITEM "打开PE文件", ID_40001 MENUITEM "得到更多信息", ID_40017 END POPUP "选项" BEGIN MENUITEM "置于顶层", ID_40004 END POPUP "查看" BEGIN MENUITEM "立即刷新", ID_40005 END END IDR_MENU2 MENU BEGIN POPUP "ProcessTabMenu" BEGIN MENUITEM "结束进程", ID_PROCESSTABMENU_40010 MENUITEM "进程属性", ID_PROCESSTABMENU_40011 MENUITEM "得到PE信息", ID_PROCESSTABMENU_40012 MENUITEM "代码注入", ID_PROCESSTABMENU_40013 MENUITEM "保护该进程", ID_PROCESSTABMENU_40014 MENUITEM "注入DLL", ID_PROCESSTABMENU_40016 END END ///////////////////////////////////////////////////////////////////////////// // // Dialog // IDD_DIALOG1 DIALOGEX 0, 0, 305, 260 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CLIPSIBLINGS | WS_CAPTION | WS_SYSMENU CAPTION "Dialog" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN END IDD_DIALOG2 DIALOGEX 0, 0, 347, 200 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[PE Editor]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN GROUPBOX "Basic PE Header Information",IDC_STATIC,7,7,252,186 LTEXT "EntryPoint",IDC_STATIC,7,24,34,8 LTEXT "ImageBase",IDC_STATIC,7,46,36,8 LTEXT "SizeOfImage",IDC_STATIC,7,66,42,8 LTEXT "BaseOfCode",IDC_STATIC,7,84,41,8 LTEXT "BaseOfData",IDC_STATIC,7,105,40,8 LTEXT "SectionAlignment",IDC_STATIC,7,126,56,8 LTEXT "FileAlignment",IDC_STATIC,7,151,43,8 LTEXT "Magic",IDC_STATIC,7,170,19,8 EDITTEXT IDC_EDIT1,55,25,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT2,55,47,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT3,55,67,52,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT4,55,86,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT5,55,106,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT6,55,127,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT7,55,152,51,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT8,55,171,52,14,ES_AUTOHSCROLL LTEXT "Subsystem",IDC_STATIC,120,24,36,8 LTEXT "NumberOfSections",IDC_STATIC,120,46,60,8 LTEXT "TimeDateStamp",IDC_STATIC,120,66,51,8 LTEXT "SizeOfHeaders",IDC_STATIC,120,84,48,8 LTEXT "Characteristics",IDC_STATIC,120,105,48,8 LTEXT "Checksum",IDC_STATIC,120,126,33,8 LTEXT "SizeOfOptionalHeader",IDC_STATIC,120,151,72,8 LTEXT "NumOfRvaAndSizes",IDC_STATIC,120,170,64,8 EDITTEXT IDC_EDIT9,191,23,54,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT10,191,45,54,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT11,191,65,54,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT12,191,83,54,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT13,191,104,53,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT14,191,125,54,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT15,191,150,53,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT16,191,169,53,14,ES_AUTOHSCROLL PUSHBUTTON "Sections",IDC_BUTTON1,276,22,50,14 PUSHBUTTON "Directories",IDC_BUTTON2,276,65,50,14 END IDD_DIALOG3 DIALOGEX 0, 0, 309, 176 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[Section Table]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN END IDD_DIALOG4 DIALOGEX 0, 0, 299, 324 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[Directory Table]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN GROUPBOX "Directory Information",IDC_STATIC,7,7,226,294 LTEXT "ExportTable",IDC_STATIC,7,47,40,8 LTEXT "ImportTable",IDC_STATIC,7,65,40,8 LTEXT "Resource",IDC_STATIC,7,82,31,8 LTEXT "Exception",IDC_STATIC,7,99,32,8 LTEXT "Security",IDC_STATIC,7,116,27,8 LTEXT "Relocation",IDC_STATIC,7,134,34,8 LTEXT "Debug",IDC_STATIC,7,152,22,8 LTEXT "Copyright",IDC_STATIC,7,166,32,8 LTEXT "GlobalPtr",IDC_STATIC,7,185,30,8 LTEXT "TlsTable",IDC_STATIC,7,201,27,8 LTEXT "LoadConfig",IDC_STATIC,7,218,37,8 LTEXT "BoundImport",IDC_STATIC,7,235,42,8 LTEXT "IAT",IDC_STATIC,7,252,12,8 LTEXT "DelayImport",IDC_STATIC,7,271,40,8 LTEXT "COM",IDC_STATIC,7,289,16,8 LTEXT "Reserved",IDC_STATIC,7,309,32,8 EDITTEXT IDC_EDIT1,73,47,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT2,135,47,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT3,73,65,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT4,135,65,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT5,73,82,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT6,135,82,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT7,73,99,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT8,135,99,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT9,74,134,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT10,135,134,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT11,73,152,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT12,135,152,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT13,73,166,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT14,135,166,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT15,73,185,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT16,135,185,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT17,73,201,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT18,135,201,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT19,73,218,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT20,135,218,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT21,73,235,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT22,135,235,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT23,73,252,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT24,135,252,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT25,73,271,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT26,135,271,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT27,73,289,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT28,135,289,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT29,72,303,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT30,135,303,40,14,ES_AUTOHSCROLL LTEXT "RVA",IDC_STATIC,81,25,14,8 LTEXT "Size",IDC_STATIC,137,25,14,8 PUSHBUTTON "...",IDC_BUTTON1,189,47,14,14 PUSHBUTTON "...",IDC_BUTTON2,189,65,14,14 PUSHBUTTON "...",IDC_BUTTON3,189,82,14,14 PUSHBUTTON "...",IDC_BUTTON4,189,134,14,14 PUSHBUTTON "...",IDC_BUTTON5,189,201,14,14 PUSHBUTTON "...",IDC_BUTTON7,189,272,14,14 EDITTEXT IDC_EDIT33,73,116,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT34,135,116,40,14,ES_AUTOHSCROLL END IDD_DIALOG5 DIALOGEX 0, 0, 327, 248 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[ Export Table]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN GROUPBOX "Export Information",IDC_STATIC,7,7,239,119 CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,133,313,108 LTEXT "OffToExpTbl",IDC_STATIC,7,21,41,8 LTEXT "Characteristic",IDC_STATIC,7,40,45,8 LTEXT "Base",IDC_STATIC,7,59,16,8 LTEXT "Name",IDC_STATIC,7,77,19,8 LTEXT "NameStr",IDC_STATIC,7,99,28,8 LTEXT "NumOfFuncs",IDC_STATIC,139,21,42,8 LTEXT "NumOfNames",IDC_STATIC,139,40,44,8 LTEXT "AddrOfFuncs",IDC_STATIC,139,59,43,8 LTEXT "AddrOfNames",IDC_STATIC,139,77,46,8 LTEXT "AddrOfOrds",IDC_STATIC,139,99,40,8 EDITTEXT IDC_EDIT1,64,21,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT2,63,40,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT3,63,59,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT4,63,77,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT5,41,99,61,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT6,188,21,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT7,188,40,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT8,188,59,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT9,188,77,40,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT10,188,99,40,14,ES_AUTOHSCROLL END IDD_DIALOG6 DIALOGEX 0, 0, 309, 176 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[Import Table]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SINGLESEL | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,63 CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,70,295,99 END IDD_DIALOG7 DIALOGEX 0, 0, 309, 176 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[Resource Directory]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN CONTROL "",IDC_TREE1,"SysTreeView32",TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT | TVS_SHOWSELALWAYS | WS_BORDER | WS_HSCROLL | WS_TABSTOP,7,7,182,162 GROUPBOX "Root Directory",IDC_STATIC,197,7,105,42 GROUPBOX "Selected Directory",IDC_STATIC,197,54,105,37 GROUPBOX "Selected Item",IDC_STATIC,198,99,104,70 LTEXT "Name Entries",IDC_STATIC,197,19,43,8 LTEXT "ID Entries",IDC_STATIC,197,33,32,8 EDITTEXT IDC_EDIT1,245,18,57,14,ES_AUTOHSCROLL | ES_READONLY EDITTEXT IDC_EDIT2,245,32,57,14,ES_AUTOHSCROLL | ES_READONLY LTEXT "Name Entries",IDC_STATIC,197,66,43,8 LTEXT "ID Entires",IDC_STATIC,197,79,32,8 EDITTEXT IDC_EDIT3,245,63,57,14,ES_AUTOHSCROLL | ES_READONLY EDITTEXT IDC_EDIT4,245,77,57,14,ES_AUTOHSCROLL | ES_READONLY LTEXT "RVA",IDC_STATIC,198,110,14,8 LTEXT "Offset",IDC_STATIC,198,129,22,8 LTEXT "Size",IDC_STATIC,197,151,14,8 EDITTEXT IDC_EDIT5,245,108,57,14,ES_AUTOHSCROLL | ES_READONLY EDITTEXT IDC_EDIT6,245,130,57,14,ES_AUTOHSCROLL | ES_READONLY EDITTEXT IDC_EDIT7,246,148,56,14,ES_AUTOHSCROLL | ES_READONLY END IDD_DIALOG8 DIALOGEX 0, 0, 309, 208 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[ Relocation ]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN GROUPBOX "Blocks",IDC_STATIC,7,7,295,76 GROUPBOX "Block Items",IDC_STATIC,7,90,295,111 CONTROL "",IDC_LIST1,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,15,295,67 CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,103,295,98 END IDD_DIALOG9 DIALOGEX 0, 0, 225, 144 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[TLS Table]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN GROUPBOX "TLS Information",IDC_STATIC,7,7,155,128 LTEXT "DataBlockStartVA",IDC_STATIC,7,25,57,8 LTEXT "DataBlockEndVA",IDC_STATIC,7,41,53,8 LTEXT "IndexVariableVA",IDC_STATIC,7,61,54,8 LTEXT "CallBackTableVA",IDC_STATIC,7,79,53,8 LTEXT "SizeOfZeroFill",IDC_STATIC,7,95,44,8 LTEXT "Characteristics",IDC_STATIC,7,113,48,8 EDITTEXT IDC_EDIT1,106,25,56,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT2,106,41,56,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT3,106,61,55,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT4,106,79,56,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT5,106,95,56,14,ES_AUTOHSCROLL EDITTEXT IDC_EDIT6,106,113,56,14,ES_AUTOHSCROLL END IDD_DIALOG10 DIALOGEX 0, 0, 309, 176 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Dialog" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN CONTROL "",IDC_LIST2,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,7,295,62 CONTROL "",IDC_LIST3,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,7,68,295,101 END IDD_DIALOG11 DIALOGEX 0, 0, 309, 176 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "[Inject Code]" FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN EDITTEXT IDC_EDIT1,133,63,89,42,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL LTEXT "VA to inject(in hex)",IDC_STATIC1,7,38,87,8 EDITTEXT IDC_EDIT2,133,38,50,14,ES_UPPERCASE | ES_AUTOHSCROLL LTEXT "目标地址的若干条指令",IDC_STATIC,7,62,85,8 PUSHBUTTON "得到指令",IDC_BUTTON1,241,63,50,14 LTEXT "要注入的指令",IDC_STATIC,7,119,49,8 EDITTEXT IDC_EDIT3,133,123,90,46,ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_WANTRETURN | WS_VSCROLL PUSHBUTTON "注入指令",IDC_BUTTON2,242,124,50,14 LTEXT "Static",IDC_STATIC2,59,17,174,8 END ///////////////////////////////////////////////////////////////////////////// // // DESIGNINFO // #ifdef APSTUDIO_INVOKED GUIDELINES DESIGNINFO BEGIN IDD_DIALOG1, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 298 TOPMARGIN, 7 BOTTOMMARGIN, 253 END IDD_DIALOG2, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 340 TOPMARGIN, 7 BOTTOMMARGIN, 193 END IDD_DIALOG3, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 169 END IDD_DIALOG4, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 292 TOPMARGIN, 7 BOTTOMMARGIN, 317 END IDD_DIALOG5, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 320 TOPMARGIN, 7 BOTTOMMARGIN, 241 END IDD_DIALOG6, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 169 END IDD_DIALOG7, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 169 END IDD_DIALOG8, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 201 END IDD_DIALOG9, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 218 TOPMARGIN, 7 BOTTOMMARGIN, 137 END IDD_DIALOG10, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 169 END IDD_DIALOG11, DIALOG BEGIN LEFTMARGIN, 7 RIGHTMARGIN, 302 TOPMARGIN, 7 BOTTOMMARGIN, 169 END END #endif // APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // AFX_DIALOG_LAYOUT // IDD_DIALOG1 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG2 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG3 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG4 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG5 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG6 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG7 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG8 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG9 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG10 AFX_DIALOG_LAYOUT BEGIN 0 END IDD_DIALOG11 AFX_DIALOG_LAYOUT BEGIN 0 END #endif // 中文(简体,中国) resources ///////////////////////////////////////////////////////////////////////////// #ifndef APSTUDIO_INVOKED ///////////////////////////////////////////////////////////////////////////// // // Generated from the TEXTINCLUDE 3 resource. // ///////////////////////////////////////////////////////////////////////////// #endif // not APSTUDIO_INVOKED
以下是
