/*
* Open up a file, memory map it, and call the appropriate dumping routine
*/
void DumpFile(LPSTR filename, FILE *fout, int full)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile == INVALID_HANDLE_VALUE) {
fprintf(stderr, "Couldn't open file with CreateFile(%s)\n", filename);
return;
}
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (hFileMapping == 0) {
CloseHandle(hFile);
fprintf(stderr, "Couldn't open file mapping with CreateFileMapping()\n");
return;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if (lpFileBase == 0) {
CloseHandle(hFileMapping);
CloseHandle(hFile);
fprintf(stderr, "Couldn't map view of file with MapViewOfFile()\n");
return;
}
dosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
if (dosHeader->e_magic == IMAGE_DOS_SIGNATURE) {
fprintf(stderr, "File is an executable. I don't dump those.\n");
return;
}
/* Does it look like a i386 COFF OBJ file??? */
else if ((dosHeader->e_magic == e_magic_number)
&& (dosHeader->e_sp == 0)) {
/*
* The two tests above aren't what they look like. They're
* really checking for IMAGE_FILE_HEADER.Machine == i386 (0x14C)
* and IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0;
*/
DumpObjFile((PIMAGE_FILE_HEADER) lpFileBase, fout, full);
} else if (*((BYTE *)lpFileBase) == 0x80) {
/*
* This file looks like it might be a ROMF file.
*/
DumpROMFObjFile(lpFileBase, fout);
} else {
printf("unrecognized file format\n");
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
//
// Open up a file, memory map it, and call the appropriate dumping routine
//
void TestFile(const char *pFilename)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
hFile = CreateFile(pFilename, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if ( hFile == INVALID_HANDLE_VALUE )
{
printf("Couldn't open file %s with CreateFile()\n", pFilename );
return;
}
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if ( hFileMapping == 0 )
{
CloseHandle(hFile);
printf("Couldn't open file mapping with CreateFileMapping()\n");
return;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if ( lpFileBase == 0 )
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
printf("Couldn't map view of file with MapViewOfFile()\n");
return;
}
dosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE )
{
TestExeFile( pFilename, dosHeader );
}
#if 0
else if ( (dosHeader->e_magic == 0x014C) // Does it look like a i386
&& (dosHeader->e_sp == 0) ) // COFF OBJ file???
{
// The two tests above aren't what they look like. They're
// really checking for IMAGE_FILE_HEADER.Machine == i386 (0x14C)
// and IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0;
DumpObjFile( (PIMAGE_FILE_HEADER)lpFileBase );
}
#endif
else
printf("unrecognized file format\n");
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
//
// Open up a file, memory map it, and call the appropriate dumping routine
//
bool DumpFile(MPanelItem* pRoot, LPCTSTR filename, bool abForceDetect)
{
bool lbSucceeded = false;
HANDLE hFile;
HANDLE hFileMapping;
PIMAGE_DOS_HEADER dosHeader;
gpNTHeader32 = NULL;
gpNTHeader64 = NULL;
g_bIs64Bit = false;
g_bUPXed = false;
// ќчистка переменных!
//g_pStrResEntries = 0;
g_pDlgResEntries = 0;
//g_cStrResEntries = 0;
g_cDlgResEntries = 0;
g_pMiscDebugInfo = 0;
g_pCVHeader = 0;
g_pCOFFHeader = 0;
g_pCOFFSymbolTable = 0;
PszLongnames = 0;
// ќткрываем файл
hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if ( hFile == INVALID_HANDLE_VALUE )
hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if ( hFile == INVALID_HANDLE_VALUE )
{
merror(_T("Couldn't open file with CreateFile()\n"));
return false;
}
g_FileSize.LowPart = GetFileSize(hFile, &g_FileSize.HighPart);
if (!abForceDetect)
{
MEMORYSTATUSEX mem = {sizeof(MEMORYSTATUSEX)};
GlobalMemoryStatusEx(&mem);
if (g_FileSize.HighPart ||
(g_FileSize.LowPart > mem.ullAvailPhys && g_FileSize.LowPart > mem.ullAvailPageFile))
{
// выходим по тихому, ибо abForceDetect == false
// Too large file
CloseHandle(hFile);
return false;
}
}
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if ( hFileMapping == 0 )
{
CloseHandle(hFile);
merror(_T("Couldn't open file mapping with CreateFileMapping()\n"));
return false;
}
g_pMappedFileBase = (PBYTE)MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0);
if ( g_pMappedFileBase == 0 )
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
merror(_T("Couldn't map view of file with MapViewOfFile()\n"));
return false;
}
pRoot->AddText(_T("Dump of file "));
pRoot->AddText(filename);
pRoot->AddText(_T("\n\n"));
dosHeader = (PIMAGE_DOS_HEADER)g_pMappedFileBase;
PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)g_pMappedFileBase;
__try
{
if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE )
{
lbSucceeded = DumpExeFile( pRoot, dosHeader );
}
else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE )
{
lbSucceeded = DumpDbgFile( pRoot, (PIMAGE_SEPARATE_DEBUG_HEADER)g_pMappedFileBase );
}
else if ( IsValidMachineType(pImgFileHdr->Machine) )
{
if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header
{
lbSucceeded = DumpObjFile( pRoot, pImgFileHdr ); // means it's an OBJ
}
else if ( pImgFileHdr->SizeOfOptionalHeader
== IMAGE_SIZEOF_ROM_OPTIONAL_HEADER )
{
lbSucceeded = DumpROMImage( pRoot, (PIMAGE_ROM_HEADERS)pImgFileHdr );
}
}
else if ( 0 == strncmp((char *)g_pMappedFileBase, IMAGE_ARCHIVE_START,
IMAGE_ARCHIVE_START_SIZE) )
{
lbSucceeded = DumpLibFile( pRoot, g_pMappedFileBase );
}
else
{
if (abForceDetect)
merror(_T("Unrecognized file format\n"));
lbSucceeded = false;
}
}__except(EXCEPTION_EXECUTE_HANDLER){
pRoot->AddText(_T("\n\n!!! Exception !!!\n"));
if (abForceDetect)
merror(_T("Exception, while dumping\n"));
lbSucceeded = false;
}
UnmapViewOfFile(g_pMappedFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return lbSucceeded;
}
void DumpLibFile( LPVOID lpFileBase )
{
PIMAGE_ARCHIVE_MEMBER_HEADER pArchHeader;
BOOL fSawFirstLinkerMember = FALSE;
BOOL fSawSecondLinkerMember = FALSE;
BOOL fBreak = FALSE;
if ( strncmp((char *)lpFileBase,IMAGE_ARCHIVE_START,
IMAGE_ARCHIVE_START_SIZE ) )
{
printf("Not a valid .LIB file - signature not found\n");
return;
}
pArchHeader = MakePtr(PIMAGE_ARCHIVE_MEMBER_HEADER, lpFileBase,
IMAGE_ARCHIVE_START_SIZE);
while ( pArchHeader )
{
DWORD thisMemberSize;
DisplayArchiveMemberHeader( pArchHeader,
(PBYTE)pArchHeader - (PBYTE) lpFileBase );
printf("\n");
if ( !strncmp( (char *)pArchHeader->Name,
IMAGE_ARCHIVE_LINKER_MEMBER, 16) )
{
if ( !fSawFirstLinkerMember )
{
DumpFirstLinkerMember( (PVOID)(pArchHeader + 1) );
printf("\n");
fSawFirstLinkerMember = TRUE;
}
else if ( !fSawSecondLinkerMember )
{
DumpSecondLinkerMember( (PVOID)(pArchHeader + 1) );
printf("\n");
fSawSecondLinkerMember = TRUE;
}
}
else if( !strncmp( (char *)pArchHeader->Name,
IMAGE_ARCHIVE_LONGNAMES_MEMBER, 16) )
{
DumpLongnamesMember( (PVOID)(pArchHeader + 1),
atoi((char *)pArchHeader->Size) );
printf("\n");
}
else // It's an OBJ file
{
DumpObjFile( (PIMAGE_FILE_HEADER)(pArchHeader + 1) );
}
// Calculate how big this member is (it's originally stored as
// as ASCII string.
thisMemberSize = atoi((char *)pArchHeader->Size)
+ IMAGE_SIZEOF_ARCHIVE_MEMBER_HDR;
thisMemberSize = (thisMemberSize+1) & ~1; // Round up
// Get a pointer to the next archive member
pArchHeader = MakePtr(PIMAGE_ARCHIVE_MEMBER_HEADER, pArchHeader,
thisMemberSize);
// Bail out if we don't see the EndHeader signature in the next record
#if 0
__try
#endif
{
if (strncmp( (char *)pArchHeader->EndHeader, IMAGE_ARCHIVE_END, 2))
break;
}
#if 0
__except( TRUE ) // Should only get here if pArchHeader is bogus
{
fBreak = TRUE; // Ideally, we could just put a "break;" here,
} // but BC++ doesn't like it.
#endif
if ( fBreak ) // work around BC++ problem.
break;
}
}
//
// Open up a file, memory map it, and call the appropriate dumping routine
//
void DumpFile(LPSTR filename)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if ( hFile == INVALID_HANDLE_VALUE )
{
printf("Couldn't open file with CreateFile()\n");
return;
}
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if ( hFileMapping == 0 )
{
CloseHandle(hFile);
printf("Couldn't open file mapping with CreateFileMapping()\n");
return;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if ( lpFileBase == 0 )
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
printf("Couldn't map view of file with MapViewOfFile()\n");
return;
}
printf("Dump of file %s\n\n", filename);
dosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)lpFileBase;
if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE )
{
DumpExeFile( dosHeader );
}
else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE )
{
DumpDbgFile( (PIMAGE_SEPARATE_DEBUG_HEADER)lpFileBase );
}
else if ( (pImgFileHdr->Machine == IMAGE_FILE_MACHINE_I386) // FIX THIS!!!
||(pImgFileHdr->Machine == IMAGE_FILE_MACHINE_ALPHA) )
{
if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header
DumpObjFile( pImgFileHdr ); // means it's an OBJ
else if ( pImgFileHdr->SizeOfOptionalHeader
== IMAGE_SIZEOF_ROM_OPTIONAL_HEADER )
{
DumpROMImage( (PIMAGE_ROM_HEADERS)pImgFileHdr );
}
}
else if ( 0 == strncmp((char *)lpFileBase, IMAGE_ARCHIVE_START,
IMAGE_ARCHIVE_START_SIZE ) )
{
DumpLibFile( lpFileBase );
}
else
printf("unrecognized file format\n");
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
