// // Open up a file, memory map it, and call the appropriate dumping routine // void DumpFile(LPSTR filename) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER dosHeader; hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) { printf("Couldn't open file with CreateFile()\n"); return; } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if ( hFileMapping == 0 ) { CloseHandle(hFile); printf("Couldn't open file mapping with CreateFileMapping()\n"); return; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if ( lpFileBase == 0 ) { CloseHandle(hFileMapping); CloseHandle(hFile); printf("Couldn't map view of file with MapViewOfFile()\n"); return; } printf("Dump of file %s\n\n", filename); dosHeader = (PIMAGE_DOS_HEADER)lpFileBase; PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)lpFileBase; if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE ) { DumpExeFile( dosHeader ); } else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE ) { DumpDbgFile( (PIMAGE_SEPARATE_DEBUG_HEADER)lpFileBase ); } else if ( (pImgFileHdr->Machine == IMAGE_FILE_MACHINE_I386) // FIX THIS!!! ||(pImgFileHdr->Machine == IMAGE_FILE_MACHINE_ALPHA) ) { if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header DumpObjFile( pImgFileHdr ); // means it's an OBJ else if ( pImgFileHdr->SizeOfOptionalHeader == IMAGE_SIZEOF_ROM_OPTIONAL_HEADER ) { DumpROMImage( (PIMAGE_ROM_HEADERS)pImgFileHdr ); } } else if ( 0 == strncmp((char *)lpFileBase, IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE ) ) { DumpLibFile( lpFileBase ); } else printf("unrecognized file format\n"); UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); }
// // Open up a file, memory map it, and call the appropriate dumping routine // bool DumpFile(MPanelItem* pRoot, LPCTSTR filename, bool abForceDetect) { bool lbSucceeded = false; HANDLE hFile; HANDLE hFileMapping; PIMAGE_DOS_HEADER dosHeader; gpNTHeader32 = NULL; gpNTHeader64 = NULL; g_bIs64Bit = false; g_bUPXed = false; // ќчистка переменных! //g_pStrResEntries = 0; g_pDlgResEntries = 0; //g_cStrResEntries = 0; g_cDlgResEntries = 0; g_pMiscDebugInfo = 0; g_pCVHeader = 0; g_pCOFFHeader = 0; g_pCOFFSymbolTable = 0; PszLongnames = 0; // ќткрываем файл hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if ( hFile == INVALID_HANDLE_VALUE ) { merror(_T("Couldn't open file with CreateFile()\n")); return false; } g_FileSize.LowPart = GetFileSize(hFile, &g_FileSize.HighPart); if (!abForceDetect) { MEMORYSTATUSEX mem = {sizeof(MEMORYSTATUSEX)}; GlobalMemoryStatusEx(&mem); if (g_FileSize.HighPart || (g_FileSize.LowPart > mem.ullAvailPhys && g_FileSize.LowPart > mem.ullAvailPageFile)) { // выходим по тихому, ибо abForceDetect == false // Too large file CloseHandle(hFile); return false; } } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if ( hFileMapping == 0 ) { CloseHandle(hFile); merror(_T("Couldn't open file mapping with CreateFileMapping()\n")); return false; } g_pMappedFileBase = (PBYTE)MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0); if ( g_pMappedFileBase == 0 ) { CloseHandle(hFileMapping); CloseHandle(hFile); merror(_T("Couldn't map view of file with MapViewOfFile()\n")); return false; } pRoot->AddText(_T("Dump of file ")); pRoot->AddText(filename); pRoot->AddText(_T("\n\n")); dosHeader = (PIMAGE_DOS_HEADER)g_pMappedFileBase; PIMAGE_FILE_HEADER pImgFileHdr = (PIMAGE_FILE_HEADER)g_pMappedFileBase; __try { if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE ) { lbSucceeded = DumpExeFile( pRoot, dosHeader ); } else if ( dosHeader->e_magic == IMAGE_SEPARATE_DEBUG_SIGNATURE ) { lbSucceeded = DumpDbgFile( pRoot, (PIMAGE_SEPARATE_DEBUG_HEADER)g_pMappedFileBase ); } else if ( IsValidMachineType(pImgFileHdr->Machine) ) { if ( 0 == pImgFileHdr->SizeOfOptionalHeader ) // 0 optional header { lbSucceeded = DumpObjFile( pRoot, pImgFileHdr ); // means it's an OBJ } else if ( pImgFileHdr->SizeOfOptionalHeader == IMAGE_SIZEOF_ROM_OPTIONAL_HEADER ) { lbSucceeded = DumpROMImage( pRoot, (PIMAGE_ROM_HEADERS)pImgFileHdr ); } } else if ( 0 == strncmp((char *)g_pMappedFileBase, IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE) ) { lbSucceeded = DumpLibFile( pRoot, g_pMappedFileBase ); } else { if (abForceDetect) merror(_T("Unrecognized file format\n")); lbSucceeded = false; } }__except(EXCEPTION_EXECUTE_HANDLER){ pRoot->AddText(_T("\n\n!!! Exception !!!\n")); if (abForceDetect) merror(_T("Exception, while dumping\n")); lbSucceeded = false; } UnmapViewOfFile(g_pMappedFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return lbSucceeded; }
/* *---------------------------------------------------------------------- * DumpFile -- * * Open up a file, memory map it, and call the appropriate * dumping routine *---------------------------------------------------------------------- */ void DumpFile(LPSTR filename, FILE *fout, int full) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER dosHeader; hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile == INVALID_HANDLE_VALUE) { fprintf(stderr, "Couldn't open file with CreateFile(%s)\n", filename); return; } hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if (hFileMapping == 0) { CloseHandle(hFile); fprintf(stderr, "Couldn't open file mapping with CreateFileMapping()\n"); return; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if (lpFileBase == 0) { CloseHandle(hFileMapping); CloseHandle(hFile); fprintf(stderr, "Couldn't map view of file with MapViewOfFile()\n"); return; } dosHeader = (PIMAGE_DOS_HEADER)lpFileBase; if (dosHeader->e_magic == IMAGE_DOS_SIGNATURE) { #if 0 DumpExeFile( dosHeader ); #else fprintf(stderr, "File is an executable. I don't dump those.\n"); return; #endif } /* Does it look like a i386 COFF OBJ file??? */ else if ((dosHeader->e_magic == e_magic_number) && (dosHeader->e_sp == 0)) { /* * The two tests above aren't what they look like. They're * really checking for IMAGE_FILE_HEADER.Machine == i386 (0x14C) * and IMAGE_FILE_HEADER.SizeOfOptionalHeader == 0; */ DumpObjFile((PIMAGE_FILE_HEADER) lpFileBase, fout, full); } else if (*((BYTE *)lpFileBase) == 0x80) { /* * This file looks like it might be a ROMF file. */ DumpROMFObjFile(lpFileBase, fout); } else { printf("unrecognized file format\n"); } UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); }