![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to pefile.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker|
Return to pefile.c CVS log | Up to [WindowsNT SDKs] / mstools / samples / sdktools / walker |
1.1 root 1: #include "pefile.h"
2:
3:
4:
5: PIMAGE_SECTION_HEADER WINAPI IDSectionHeaderOffset (LPVOID);
6:
7:
8: BOOL WINAPI DllMain (
9: HANDLE hModule,
10: DWORD dwFunction,
11: LPVOID lpNot)
12: {
13: return TRUE;
14: }
15:
16:
17:
18: /* return offset to file header */
19: PIMAGE_FILE_HEADER WINAPI FileHeaderOffset (
20: LPVOID lpFile)
21: {
22: int ImageHdrOffset = 0;
23:
24: /* if DOS based file, skip DOS header and file signature */
25: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
26: {
27: /* file image header offset exists after DOS header and nt signature */
28: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
29: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) != IMAGE_NT_SIGNATURE)
30: return NULL;
31: }
32:
33: /* optional header exists immediately after file header and image header */
34: return (PIMAGE_FILE_HEADER)((int)lpFile + ImageHdrOffset);
35: }
36:
37:
38:
39:
40: /* return optional header data */
41: PIMAGE_OPTIONAL_HEADER WINAPI OptionalHeaderOffset (
42: LPVOID lpFile)
43: {
44: int ImageHdrOffset = 0;
45:
46: /* if DOS based file, skip DOS header and file signature */
47: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
48: {
49: /* file image header offset exists after DOS header and nt signature */
50: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
51: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) != IMAGE_NT_SIGNATURE)
52: return NULL;
53: }
54:
55: /* optional header exists immediately after file header and image header */
56: return (PIMAGE_OPTIONAL_HEADER)((char *)lpFile + ImageHdrOffset + sizeof (IMAGE_FILE_HEADER));
57: }
58:
59:
60:
61:
62: /* return pointer to first section header */
63: PIMAGE_SECTION_HEADER WINAPI SectionHeaderOffset (
64: LPVOID lpFile)
65: {
66: int ImageHdrOffset = 0;
67:
68: /* if DOS based file, skip DOS header and file signature */
69: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
70: {
71: /* file image header offset exists after DOS header and nt signature */
72: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
73: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) != IMAGE_NT_SIGNATURE)
74: return NULL;
75: }
76:
77: /* optional header exists immediately after file header and image header */
78: return (PIMAGE_SECTION_HEADER)((int)OptionalHeaderOffset (lpFile) +
79: (int)((PIMAGE_FILE_HEADER)((int)lpFile + ImageHdrOffset))->SizeOfOptionalHeader);
80: }
81:
82:
83:
84:
85:
86: /* return offset to first IMAGE_IMPORT_DIRECTORY entry */
87: PIMAGE_IMPORT_DIRECTORY WINAPI ImportDirectoryOffset (
88: LPVOID lpFile)
89: {
90: PIMAGE_OPTIONAL_HEADER poh = OptionalHeaderOffset (lpFile);
91: PIMAGE_SECTION_HEADER psh = SectionHeaderOffset (lpFile);
92: int nSections = NumOfSections (lpFile);
93: int i = 0;
94: LPVOID VAImportDir;
95:
96: VAImportDir = (LPVOID)poh->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
97:
98: /* locate section containing import directory */
99: while (i++<nSections)
100: {
101: if (psh->VirtualAddress <= (DWORD)VAImportDir &&
102: psh->VirtualAddress + psh->SizeOfRawData > (DWORD)VAImportDir)
103: break;
104: psh++;
105: }
106:
107: if (i > nSections)
108: return 0;
109:
110: /* return image import directory offset */
111: return (PIMAGE_IMPORT_DIRECTORY)(((int)lpFile + (int)VAImportDir - psh->VirtualAddress) +
112: (int)psh->PointerToRawData);
113: }
114:
115:
116:
117:
118: /* return pointer to image directory section header */
119: PIMAGE_SECTION_HEADER WINAPI IDSectionHeaderOffset (
120: LPVOID lpFile)
121: {
122: int ImageHdrOffset = 0;
123: PIMAGE_OPTIONAL_HEADER poh = OptionalHeaderOffset (lpFile);
124: PIMAGE_SECTION_HEADER psh = SectionHeaderOffset (lpFile);
125: int nSections = NumOfSections (lpFile);
126: int i = 0;
127: LPVOID VAImportDir;
128:
129: VAImportDir = (LPVOID)poh->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
130:
131: /* locate section containing import directory */
132: while (i++<nSections)
133: {
134: if (psh->VirtualAddress <= (DWORD)VAImportDir &&
135: psh->VirtualAddress + psh->SizeOfRawData > (DWORD)VAImportDir)
136: break;
137: psh++;
138: }
139:
140: if (i > nSections)
141: return 0;
142: else
143: return psh;
144: }
145:
146:
147:
148:
149:
150: /* return the total number of sections in the module */
151: int WINAPI NumOfSections (
152: LPVOID lpFile)
153: {
154: int ImageHdrOffset = 0;
155:
156: /* if DOS based file, skip DOS header and file signature */
157: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
158: {
159: /* file image header offset exists after DOS header and nt signature */
160: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
161: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) != IMAGE_NT_SIGNATURE)
162: return 0;
163: }
164:
165: /* section total is found in the file header */
166: return (int)((PIMAGE_FILE_HEADER)((int)lpFile + ImageHdrOffset))->NumberOfSections;
167: }
168:
169:
170:
171: /* retrieve name of module from module's open file handle */
172: void WINAPI RetrieveModuleName (
173: char *lpszModule,
174: HANDLE hFile)
175: {
176: HANDLE hMapFile;
177: LPVOID lpFile;
178: char *lpszName;
179: int nSections;
180: ULONG VAExportDir;
181: int i=0;
182: int ImageHdrOffset;
183: PIMAGE_SECTION_HEADER psh;
184: PIMAGE_FILE_HEADER pfh;
185: PIMAGE_OPTIONAL_HEADER poh;
186: PIMAGE_EXPORT_DIRECTORY ped;
187:
188:
189: /* memory map handle to DLL for easy access */
190: hMapFile = CreateFileMapping (hFile,
191: (LPSECURITY_ATTRIBUTES)NULL,
192: PAGE_READONLY,
193: 0,
194: 0,
195: NULL);
196:
197: /* map view of entire file */
198: lpFile = MapViewOfFile (hMapFile, FILE_MAP_READ, 0, 0, 0);
199:
200: /* if DOS based file */
201: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
202: {
203: /* file image header offset exists after DOS header and nt signature */
204: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
205: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) !=
206: IMAGE_NT_SIGNATURE)
207: {
208: strcpy (lpszModule, "Error, no IMAGE_NT_SIGNATURE");
209: goto EXIT;
210: }
211: }
212:
213: pfh = (PIMAGE_FILE_HEADER)((char *)lpFile + ImageHdrOffset);
214:
215: /* if optional header exists and exports directory exists proceed */
216: if (pfh->SizeOfOptionalHeader)
217: {
218: /* locate virtual address for Export Image Directory in OptionalHeader */
219: poh = (PIMAGE_OPTIONAL_HEADER)((char *)pfh + sizeof (IMAGE_FILE_HEADER));
220: VAExportDir = poh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
221:
222: /* locate section where export virtual address is located */
223: psh = (PIMAGE_SECTION_HEADER)((char *)poh + pfh->SizeOfOptionalHeader);
224: nSections = pfh->NumberOfSections;
225: while (i++<nSections)
226: {
227: if (psh->VirtualAddress <= VAExportDir &&
228: psh->VirtualAddress + psh->SizeOfRawData > VAExportDir)
229: break;
230: psh++;
231: }
232:
233: /* locate export image directory */
234: if (i < nSections)
235: ped = (PIMAGE_EXPORT_DIRECTORY)((char *)lpFile +
236: (VAExportDir - psh->VirtualAddress) + psh->PointerToRawData);
237: else
238: {
239: strcpy (lpszModule, "IMAGE_EXPORT_DIRECTORY not found");
240: goto EXIT;
241: }
242:
243: /* read name from export directory */
244: lpszName = (char *)lpFile + ped->Name + (psh->PointerToRawData - psh->VirtualAddress);
245: strcpy (lpszModule, lpszName);
246: }
247:
248: else
249: strcpy (lpszModule, "Error, no IMAGE_OPTIONAL_HEADER");
250:
251: EXIT:
252: /* clean up before exiting */
253: UnmapViewOfFile (lpFile);
254: CloseHandle (hMapFile);
255: }
256:
257:
258:
259:
260: /* retieve section names from module file handle */
261: void WINAPI RetrieveSectionNames (
262: HANDLE hHeap,
263: HANDLE hFile,
264: SECTIONINFO **pSection)
265: {
266: HANDLE hMapFile;
267: LPVOID lpFile;
268: int nSections;
269: int i=0;
270: int ImageHdrOffset;
271: PIMAGE_SECTION_HEADER psh;
272: PIMAGE_FILE_HEADER pfh;
273: SECTIONINFO *ps;
274:
275:
276: /* memory map handle to DLL for easy access */
277: hMapFile = CreateFileMapping (hFile,
278: (LPSECURITY_ATTRIBUTES)NULL,
279: PAGE_READONLY,
280: 0,
281: 0,
282: NULL);
283:
284: /* map view of entire file */
285: lpFile = MapViewOfFile (hMapFile, FILE_MAP_READ, 0, 0, 0);
286:
287: /* if DOS based file */
288: if (*((USHORT *)lpFile) == IMAGE_DOS_SIGNATURE)
289: {
290: /* file image header offset exists after DOS header and nt signature */
291: ImageHdrOffset = (int)((ULONG *)lpFile)[15] + sizeof (ULONG);
292: if (*((ULONG *)((char *)lpFile + ImageHdrOffset - sizeof (ULONG))) !=
293: IMAGE_NT_SIGNATURE)
294: goto EXIT;
295: }
296:
297: pfh = (PIMAGE_FILE_HEADER)((char *)lpFile + ImageHdrOffset);
298:
299: /* if optional header exists, offset first section header */
300: psh = (PIMAGE_SECTION_HEADER)((char *)pfh +
301: sizeof (IMAGE_FILE_HEADER) + pfh->SizeOfOptionalHeader);
302:
303: /* allocate one section header for each section */
304: ps = *pSection = (SECTIONINFO *)HeapAlloc (hHeap,
305: HEAP_ZERO_MEMORY,
306: sizeof (SECTIONINFO));
307: nSections = pfh->NumberOfSections;
308: while (TRUE)
309: {
310: strcpy (ps->szSection, psh[i].Name);
311: ps->uVirtualAddress = psh[i].VirtualAddress;
312: ps->uSize = psh[i].SizeOfRawData;
313:
314: if (i++ >= nSections)
315: break;
316:
317: /* allocate heap memory for sections */
318: ps->Next = (LPSECTIONINFO)HeapAlloc (hHeap,
319: HEAP_ZERO_MEMORY,
320: sizeof (SECTIONINFO));
321: ps = (SECTIONINFO *)ps->Next;
322: }
323:
324: EXIT:
325: /* clean up before exiting */
326: UnmapViewOfFile (lpFile);
327: CloseHandle (hMapFile);
328: }
329:
330:
331:
332:
333: /* function returns the entry point for an exe module lpFile must
334: be a memory mapped file pointer to the beginning of the image file */
335: LPVOID WINAPI GetModuleEntryPoint (
336: LPVOID lpFile)
337: {
338: PIMAGE_OPTIONAL_HEADER poh = OptionalHeaderOffset (lpFile);
339:
340: if (poh != NULL)
341: return (LPVOID)(poh->AddressOfEntryPoint);
342: else
343: return NULL;
344: }
345:
346:
347:
348:
349: /* retrieve entry point */
350: LPVOID WINAPI GetImageBase (
351: LPVOID lpFile)
352: {
353: PIMAGE_OPTIONAL_HEADER poh = OptionalHeaderOffset (lpFile);
354:
355: if (poh != NULL)
356: return (LPVOID)(poh->ImageBase);
357: else
358: return NULL;
359: }
360:
361:
362:
363:
364: /* get import modules names separated by null terminators, return module count */
365: int WINAPI GetImportModuleNames (
366: LPVOID lpFile,
367: HANDLE hHeap,
368: char **pszModules)
369: {
370: PIMAGE_IMPORT_DIRECTORY pid = ImportDirectoryOffset (lpFile);
371: PIMAGE_SECTION_HEADER pidsh = IDSectionHeaderOffset (lpFile);
372: BYTE *pData = (BYTE *)pid;
373: int nCnt = 0, nSize = 0, i;
374: char *pModule[1024]; /* hardcoded maximum number of modules?? */
375: char *psz;
376:
377: /* extract all import modules */
378: while (pid->dwRVAModule)
379: {
380: /* allocate temporary buffer for absolute string offsets */
381: pModule[nCnt] = (char *)(pData + (pid->dwRVAModule-pidsh->VirtualAddress));
382: nSize += strlen (pModule[nCnt]) + 1;
383:
384: /* increment to the next import directory entry */
385: pid++;
386: nCnt++;
387: }
388:
389: /* copy all strings to one chunk of heap memory */
390: *pszModules = HeapAlloc (hHeap, HEAP_ZERO_MEMORY, nSize);
391: psz = *pszModules;
392: for (i=0; i<nCnt; i++)
393: {
394: strcpy (psz, pModule[i]);
395: psz += strlen (psz) + 1;
396: }
397:
398: return nCnt;
399: }
400:
401:
402:
403:
404: /* get import module function names separated by null terminators, return function count */
405: int WINAPI GetImportFunctionNamesByModule (
406: LPVOID lpFile,
407: HANDLE hHeap,
408: char *pszModule,
409: char **pszFunctions)
410: {
411: PIMAGE_IMPORT_DIRECTORY pid = ImportDirectoryOffset (lpFile);
412: PIMAGE_SECTION_HEADER pidsh = IDSectionHeaderOffset (lpFile);
413: DWORD dwBase = ((DWORD)pid - pidsh->VirtualAddress);
414: int nCnt = 0, nSize = 0;
415: DWORD dwFunction;
416: char *psz;
417:
418: /* find module's pid */
419: while (pid->dwRVAModule &&
420: strcmp (pszModule, (char *)(pid->dwRVAModule+dwBase)))
421: pid++;
422:
423: /* count functions and total space required for them */
424: nSize += strlen ((char *)((*(DWORD *)(pid->dwRVAFirstFunction + dwBase)) + dwBase+2)) + 1;
425:
426: /* last image directory does not have a separate function list, so improvise */
427: if (!(dwFunction = pid->dwRVAFunctionList))
428: dwFunction = pid->dwRVAFirstFunction + 4;
429:
430: while (dwFunction &&
431: *(char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2))
432: {
433: nSize += strlen ((char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)) + 1;
434: dwFunction += 4;
435: nCnt++;
436: }
437:
438: /* allocate memory off heap for function names */
439: *pszFunctions = HeapAlloc (hHeap, HEAP_ZERO_MEMORY, nSize);
440: psz = *pszFunctions;
441: strcpy (psz, (char *)((*(DWORD *)(pid->dwRVAFirstFunction + dwBase)) + dwBase+2));
442: psz += strlen ((char *)((*(DWORD *)(pid->dwRVAFirstFunction + dwBase)) + dwBase+2)) + 1;
443:
444: /* last image directory does not have a separate function list, so improvise */
445: if (!(dwFunction = pid->dwRVAFunctionList))
446: dwFunction = pid->dwRVAFirstFunction + 4;
447:
448: while (dwFunction &&
449: *((char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)))
450: {
451: strcpy (psz, (char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2));
452: psz += strlen ((char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)) + 1;
453: dwFunction += 4;
454: }
455:
456: return nCnt;
457: }
458:
459:
460:
461:
462: /* get exported function names separated by null terminators, return count of functions */
463: int WINAPI GetExportFunctionNames (
464: LPVOID lpFile,
465: HANDLE hHeap,
466: char **pszFunctions)
467: {
468:
469: return 0;
470: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.