开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Windows编程 > 钩子与API截获 > 查看源码
pe.cpp
资源名称:DebugProgram.rar [点击查看]
上传用户:yll456
上传日期:2022-03-08
资源大小:19064k
文件大小:4k
源码类别:

钩子与API截获

开发平台:

Visual C++

pe.cpp:源码内容
  1. #include "pe.h"
  2. #include <imagehlp.h>
  4. #pragma comment(lib,"imagehlp.lib")
  5. BOOL  LoadFileR(LPTSTR lpFilename,PMAP_FILE_STRUCT pstMapFile)
  6. {
  8. HANDLE hFile;
  9. HANDLE hMapping;
  10. LPVOID ImageBase;
  12. memset(pstMapFile,0,sizeof(MAP_FILE_STRUCT));
  14. hFile=CreateFile(lpFilename,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING, 
  15. FILE_ATTRIBUTE_NORMAL,0);
  17. if (!hFile)    
  18. return FALSE;
  20.  hMapping=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
  21. if(!hMapping)
  22. {
  23. CloseHandle(hFile);
  24. return FALSE;
  25. }
  26. ImageBase=MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0);
  27.     if(!ImageBase)
  28. {
  29. CloseHandle(hMapping);
  30. CloseHandle(hFile);
  31. return FALSE;
  32. }
  33. pstMapFile->hFile=hFile;
  34. pstMapFile->hMapping=hMapping;
  35. pstMapFile->ImageBase=ImageBase;
  36. return TRUE;
  37. }
  39. void UnLoadFile(PMAP_FILE_STRUCT pstMapFile)
  40. {
  41. if(pstMapFile->ImageBase)
  42. UnmapViewOfFile(pstMapFile->ImageBase);
  44. if(pstMapFile->hMapping)
  45. CloseHandle(pstMapFile->hMapping);
  47. if(pstMapFile->hFile)
  48. CloseHandle(pstMapFile->hFile);
  50. }
  51. BOOL IsPEFile(LPVOID ImageBase)
  52. {
  53.     PIMAGE_DOS_HEADER  pDH=NULL;
  54.     PIMAGE_NT_HEADERS  pNtH=NULL;
  55.   
  56.     if(!ImageBase)
  57.   return FALSE;
  58.    
  59.     pDH=(PIMAGE_DOS_HEADER)ImageBase;
  60.     if(pDH->e_magic!=IMAGE_DOS_SIGNATURE)
  61.          return FALSE;
  63.     pNtH=(PIMAGE_NT_HEADERS32)((DWORD)pDH+pDH->e_lfanew);
  64.     if (pNtH->Signature != IMAGE_NT_SIGNATURE )
  65.         return FALSE;
  67.     return TRUE;
  69. }
  70. //
  71. PIMAGE_NT_HEADERS  GetNtHeaders(LPVOID ImageBase)
  72. {
  73.     
  74. if(!IsPEFile(ImageBase))
  75. return NULL;
  76. PIMAGE_NT_HEADERS  pNtH;
  77. PIMAGE_DOS_HEADER  pDH;
  78. pDH=(PIMAGE_DOS_HEADER)ImageBase;
  79. pNtH=(PIMAGE_NT_HEADERS)((DWORD)pDH+pDH->e_lfanew);
  81. return pNtH;
  83. }
  85. //
  86. PIMAGE_FILE_HEADER   GetFileHeader(LPVOID ImageBase)
  87. {
  88.     PIMAGE_DOS_HEADER  pDH=NULL;
  89.     PIMAGE_NT_HEADERS  pNtH=NULL;
  90.     PIMAGE_FILE_HEADER pFH=NULL;
  91.     
  92.     if(!IsPEFile(ImageBase))
  93. return NULL;
  94.     pDH=(PIMAGE_DOS_HEADER)ImageBase;
  95.     pNtH=(PIMAGE_NT_HEADERS)((DWORD)pDH+pDH->e_lfanew);
  96.     pFH=&pNtH->FileHeader;
  97.     return pFH;
  98. }
  99. PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase)
  100. {
  101.     PIMAGE_DOS_HEADER  pDH=NULL;
  102.     PIMAGE_NT_HEADERS  pNtH=NULL;
  103.     PIMAGE_OPTIONAL_HEADER pOH=NULL;
  104.    
  105.      if(!IsPEFile(ImageBase))
  106. return NULL;
  107.     pDH=(PIMAGE_DOS_HEADER)ImageBase;
  108.     pNtH=(PIMAGE_NT_HEADERS)((DWORD)pDH+pDH->e_lfanew);
  109.     pOH=&pNtH->OptionalHeader;
  110.     return pOH;
  111. }
  112. PIMAGE_SECTION_HEADER GetFirstSectionHeader(LPVOID ImageBase)
  113. {
  114.    PIMAGE_NT_HEADERS     pNtH=NULL;
  115.     PIMAGE_SECTION_HEADER pSH=NULL;
  116.     
  117.     pNtH=GetNtHeaders(ImageBase);
  118.     pSH=IMAGE_FIRST_SECTION(pNtH);
  119.   return  pSH;
  120. }
  122. LPVOID RvaToPtr(PIMAGE_NT_HEADERS pNtH,LPVOID ImageBase,DWORD dwRVA)
  123. {
  124.   return ImageRvaToVa(pNtH,ImageBase,dwRVA,NULL);
  126. }
  128. LPVOID GetDirectoryEntryToData(LPVOID ImageBase,USHORT DirectoryEntry)
  129. {
  130. DWORD dwDataStartRVA;
  131. LPVOID pDirData=NULL;
  132. PIMAGE_NT_HEADERS     pNtH=NULL;
  133. PIMAGE_OPTIONAL_HEADER pOH=NULL;
  135. pNtH=GetNtHeaders(ImageBase);
  136. if(!pNtH)
  137. return NULL;
  138. pOH=GetOptionalHeader(ImageBase);
  139. if(!pOH)
  140. return NULL;
  141.     dwDataStartRVA=pOH->DataDirectory[DirectoryEntry].VirtualAddress;
  142.       if(!dwDataStartRVA)
  143.         return NULL;
  144.   
  145. pDirData=RvaToPtr(pNtH,ImageBase,dwDataStartRVA);
  146.    if(!pDirData)
  147. return NULL;  
  148.     return  pDirData;
  149. }
  151. PIMAGE_EXPORT_DIRECTORY  GetExportDirectory(LPVOID ImageBase)
  152. {
  153.    
  154. PIMAGE_EXPORT_DIRECTORY pExportDir=NULL;
  155. pExportDir=(PIMAGE_EXPORT_DIRECTORY)GetDirectoryEntryToData(ImageBase,IMAGE_DIRECTORY_ENTRY_EXPORT);
  156.     if(!pExportDir)
  157. return NULL;  
  158.     return  pExportDir;
  159. }
  160. PIMAGE_IMPORT_DESCRIPTOR  GetFirstImportDesc(LPVOID ImageBase)
  161. {
  162. PIMAGE_IMPORT_DESCRIPTOR pImportDesc;
  163. pImportDesc=(PIMAGE_IMPORT_DESCRIPTOR)GetDirectoryEntryToData(ImageBase,IMAGE_DIRECTORY_ENTRY_IMPORT);
  164.     if(!pImportDesc)
  165. return NULL;  
  166.     return  pImportDesc;
  167. }
  168. DWORD   GetNumOfExportFuncs(LPVOID ImageBase,PIMAGE_EXPORT_DIRECTORY pExportDir)
  169. {
  170. DWORD   dwnum=0;
  171.     PDWORD pdwRvas=NULL;
  173. /* if(!IsPEFile(ImageBase))
  174. return NULL;
  175. */
  176.  PIMAGE_NT_HEADERS pNtH=GetNtHeaders(ImageBase);
  177.  
  178.   pdwRvas=(PDWORD)RvaToPtr(pNtH,ImageBase,pExportDir->AddressOfFunctions);
  179. for(DWORD i=0;i<pExportDir->NumberOfFunctions;i++)
  180. {
  181. if(*pdwRvas)
  182. ++dwnum;
  184. ++pdwRvas;
  187. return dwnum;
  188. }
  190. BOOL  IsDataDirPresent(LPVOID ImageBase,USHORT DirectoryEntry)
  191. {
  193.     if(!GetDirectoryEntryToData(ImageBase,DirectoryEntry))
  194. return FALSE;
  195. return TRUE;
  197. }