/* * Open up a file, memory map it, and call the appropriate dumping routine */ void DumpFile(LPSTR filename, FILE *fout, int full) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER dosHeader; hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile == INVALID_HANDLE_VALUE) { fprintf(stderr, "Couldn't open file with CreateFile(%s)\n", filename); return; } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if (hFileMapping == 0) { CloseHandle(hFile); fprintf(stderr, "Couldn't open file mapping with CreateFileMapping()\n"); return; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if (lpFileBase == 0) { CloseHandle(hFileMapping); CloseHandle(hFile); fprintf(stderr, "Couldn't map view of file with MapViewOfFile()\n"); return; } dosHeader = (PIMAGE_DOS_HEADER)lpFileBase; if (dosHeader->e_magic == IMAGE_DOS_SIGNATURE) { fprintf(stderr, "File is an executable. I don't dump those.\n"); return; } /* Does it look like a i386 COFF OBJ file??? */ else if ((dosHeader->e_magic == e_magic_number) && (dosHeader->e_sp == 0)) { /* * The two tests above aren't what they look like. They're * really checking for IMAGE_FILE_HEADER.Machine == i386 (0x14C) * and IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0; */ DumpObjFile((PIMAGE_FILE_HEADER) lpFileBase, fout, full); } else if (*((BYTE *)lpFileBase) == 0x80) { /* * This file looks like it might be a ROMF file. */ DumpROMFObjFile(lpFileBase, fout); } else { printf("unrecognized file format\n"); } UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); }
// // Open up a file, memory map it, and call the appropriate dumping routine // void TestFile(const char *pFilename) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER dosHeader; hFile = CreateFile(pFilename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) { printf("Couldn't open file %s with CreateFile()\n", pFilename ); return; } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if ( hFileMapping == 0 ) { CloseHandle(hFile); printf("Couldn't open file mapping with CreateFileMapping()\n"); return; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if ( lpFileBase == 0 ) { CloseHandle(hFileMapping); CloseHandle(hFile); printf("Couldn't map view of file with MapViewOfFile()\n"); return; } dosHeader = (PIMAGE_DOS_HEADER)lpFileBase; if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE ) { TestExeFile( pFilename, dosHeader ); } #if 0 else if ( (dosHeader->e_magic == 0x014C) // Does it look like a i386 && (dosHeader->e_sp == 0) ) // COFF OBJ file??? { // The two tests above aren't what they look like. They're // really checking for IMAGE_FILE_HEADER.Machine == i386 (0x14C) // and IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0; DumpObjFile( (PIMAGE_FILE_HEADER)lpFileBase ); } #endif else printf("unrecognized file format\n"); UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); }
// // Open up a file, memory map it, and call the appropriate dumping routine // bool DumpFile(MPanelItem* pRoot, LPCTSTR filename, bool abForceDetect) { bool lbSucceeded = false; HANDLE hFile; HANDLE hFileMapping; PIMAGE_DOS_HEADER dosHeader; gpNTHeader32 = NULL; gpNTHeader64 = NULL; g_bIs64Bit = false; g_bUPXed = false; // ќчистка переменных! //g_pStrResEntries = 0; g_pDlgResEntries = 0; //g_cStrResEntries = 0; g_cDlgResEntries = 0; g_pMiscDebugInfo = 0; g_pCVHeader = 0; g_pCOFFHeader = 0; g_pCOFFSymbolTable = 0; PszLongnames = 0; // ќткрываем файл hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) { merror(_T("Couldn't open file with CreateFile()\n")); return false; } g_FileSize.LowPart = GetFileSize(hFile, &g_FileSize.HighPart); if (!abForceDetect) { MEMORYSTATUSEX mem = {sizeof(MEMORYSTATUSEX)}; GlobalMemoryStatusEx(&mem); if (g_FileSize.HighPart || (g_FileSize.LowPart > mem.ullAvailPhys && g_FileSize.LowPart > mem.ullAvailPageFile)) { // выходим по тихому, ибо abForceDetect == false // Too large file CloseHandle(hFile); return false; } } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if ( hFileMapping == 0 ) { CloseHandle(hFile); merror(_T("Couldn't open file mapping with CreateFileMapping()\n")); return false; } g_pMappedFileBase = (PBYTE)MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0); if ( g_pMappedFileBase == 0 ) { CloseHandle(hFileMapping); CloseHandle(hFile); merror(_T("Couldn't map view of file with MapViewOfFile()\n")); return false; } pRoot->AddText(_T("Dump of file ")); pRoot->AddText(filename); pRoot->AddText(_T("\n\n")); dosHeader = (PIMAGE_DOS_HEADER)g_pMappedFileBase; PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)g_pMappedFileBase; __try { if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE ) { lbSucceeded = DumpExeFile( pRoot, dosHeader ); } else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE ) { lbSucceeded = DumpDbgFile( pRoot, (PIMAGE_SEPARATE_DEBUG_HEADER)g_pMappedFileBase ); } else if ( IsValidMachineType(pImgFileHdr->Machine) ) { if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header { lbSucceeded = DumpObjFile( pRoot, pImgFileHdr ); // means it's an OBJ } else if ( pImgFileHdr->SizeOfOptionalHeader == IMAGE_SIZEOF_ROM_OPTIONAL_HEADER ) { lbSucceeded = DumpROMImage( pRoot, (PIMAGE_ROM_HEADERS)pImgFileHdr ); } } else if ( 0 == strncmp((char *)g_pMappedFileBase, IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE) ) { lbSucceeded = DumpLibFile( pRoot, g_pMappedFileBase ); } else { if (abForceDetect) merror(_T("Unrecognized file format\n")); lbSucceeded = false; } }__except(EXCEPTION_EXECUTE_HANDLER){ pRoot->AddText(_T("\n\n!!! Exception !!!\n")); if (abForceDetect) merror(_T("Exception, while dumping\n")); lbSucceeded = false; } UnmapViewOfFile(g_pMappedFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return lbSucceeded; }
void DumpLibFile( LPVOID lpFileBase ) { PIMAGE_ARCHIVE_MEMBER_HEADER pArchHeader; BOOL fSawFirstLinkerMember = FALSE; BOOL fSawSecondLinkerMember = FALSE; BOOL fBreak = FALSE; if ( strncmp((char *)lpFileBase,IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE ) ) { printf("Not a valid .LIB file - signature not found\n"); return; } pArchHeader = MakePtr(PIMAGE_ARCHIVE_MEMBER_HEADER, lpFileBase, IMAGE_ARCHIVE_START_SIZE); while ( pArchHeader ) { DWORD thisMemberSize; DisplayArchiveMemberHeader( pArchHeader, (PBYTE)pArchHeader - (PBYTE) lpFileBase ); printf("\n"); if ( !strncmp( (char *)pArchHeader->Name, IMAGE_ARCHIVE_LINKER_MEMBER, 16) ) { if ( !fSawFirstLinkerMember ) { DumpFirstLinkerMember( (PVOID)(pArchHeader + 1) ); printf("\n"); fSawFirstLinkerMember = TRUE; } else if ( !fSawSecondLinkerMember ) { DumpSecondLinkerMember( (PVOID)(pArchHeader + 1) ); printf("\n"); fSawSecondLinkerMember = TRUE; } } else if( !strncmp( (char *)pArchHeader->Name, IMAGE_ARCHIVE_LONGNAMES_MEMBER, 16) ) { DumpLongnamesMember( (PVOID)(pArchHeader + 1), atoi((char *)pArchHeader->Size) ); printf("\n"); } else // It's an OBJ file { DumpObjFile( (PIMAGE_FILE_HEADER)(pArchHeader + 1) ); } // Calculate how big this member is (it's originally stored as // as ASCII string. thisMemberSize = atoi((char *)pArchHeader->Size) + IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR; thisMemberSize = (thisMemberSize+1) & ~1; // Round up // Get a pointer to the next archive member pArchHeader = MakePtr(PIMAGE_ARCHIVE_MEMBER_HEADER, pArchHeader, thisMemberSize); // Bail out if we don't see the EndHeader signature in the next record #if 0 __try #endif { if (strncmp( (char *)pArchHeader->EndHeader, IMAGE_ARCHIVE_END, 2)) break; } #if 0 __except( TRUE ) // Should only get here if pArchHeader is bogus { fBreak = TRUE; // Ideally, we could just put a "break;" here, } // but BC++ doesn't like it. #endif if ( fBreak ) // work around BC++ problem. break; } }
// // Open up a file, memory map it, and call the appropriate dumping routine // void DumpFile(LPSTR filename) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER dosHeader; hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) { printf("Couldn't open file with CreateFile()\n"); return; } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if ( hFileMapping == 0 ) { CloseHandle(hFile); printf("Couldn't open file mapping with CreateFileMapping()\n"); return; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if ( lpFileBase == 0 ) { CloseHandle(hFileMapping); CloseHandle(hFile); printf("Couldn't map view of file with MapViewOfFile()\n"); return; } printf("Dump of file %s\n\n", filename); dosHeader = (PIMAGE_DOS_HEADER)lpFileBase; PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)lpFileBase; if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE ) { DumpExeFile( dosHeader ); } else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE ) { DumpDbgFile( (PIMAGE_SEPARATE_DEBUG_HEADER)lpFileBase ); } else if ( (pImgFileHdr->Machine == IMAGE_FILE_MACHINE_I386) // FIX THIS!!! ||(pImgFileHdr->Machine == IMAGE_FILE_MACHINE_ALPHA) ) { if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header DumpObjFile( pImgFileHdr ); // means it's an OBJ else if ( pImgFileHdr->SizeOfOptionalHeader == IMAGE_SIZEOF_ROM_OPTIONAL_HEADER ) { DumpROMImage( (PIMAGE_ROM_HEADERS)pImgFileHdr ); } } else if ( 0 == strncmp((char *)lpFileBase, IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE ) ) { DumpLibFile( lpFileBase ); } else printf("unrecognized file format\n"); UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); }