;made by correy
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
include comdlg32.inc
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
include comdlg32.inc
includelib user32.lib
includelib kernel32.lib
includelib comdlg32.lib
includelib kernel32.lib
includelib comdlg32.lib
.data
correy db "made by correy",0
Machine db "Machine",0
NumberOfSections db "NumberOfSections",0
szsizeOfOptionalHeader db "sizeOfOptionalHeader",0
Characteristics db "Characteristics",0
szMagic db "Magic",0
Sizeofcode db "Sizeofcode",0
addressofentrypoint db "addressofentrypoint",0
baseofcode db "baseofcode",0
imagebase db "imagebase",0
sectionaligment db "sectionaligment",0
filealigment db "filealigment",0
SizeofImage db "SizeofImage",0
SizeofHeaders db "SizeofHeaders",0
DllCharacteristics db "DllCharacteristics",0
NumberOfRavAndSizes db "NumberOfRavAndSizes",0
optionalheadername db "optionalheadername",0
virtualsize db "virtualsize",0
virtualaddress db "virtualaddress",0
sizeofrawdata db "sizeofrawdata",0
pointertorawdata db "pointertorawdata",0
sectionsheadername db "sectionsheadername",0
correy db "made by correy",0
Machine db "Machine",0
NumberOfSections db "NumberOfSections",0
szsizeOfOptionalHeader db "sizeOfOptionalHeader",0
Characteristics db "Characteristics",0
szMagic db "Magic",0
Sizeofcode db "Sizeofcode",0
addressofentrypoint db "addressofentrypoint",0
baseofcode db "baseofcode",0
imagebase db "imagebase",0
sectionaligment db "sectionaligment",0
filealigment db "filealigment",0
SizeofImage db "SizeofImage",0
SizeofHeaders db "SizeofHeaders",0
DllCharacteristics db "DllCharacteristics",0
NumberOfRavAndSizes db "NumberOfRavAndSizes",0
optionalheadername db "optionalheadername",0
virtualsize db "virtualsize",0
virtualaddress db "virtualaddress",0
sizeofrawdata db "sizeofrawdata",0
pointertorawdata db "pointertorawdata",0
sectionsheadername db "sectionsheadername",0
FilterString db "pe File (*.exe, *.dll)",0,"*.exe;*.dll",0,0
h db "%8x",0
h db "%8x",0
.data?
ofn OPENFILENAME <>
buffer db 256 DUP (?)
mz dd ?
pe dd ?
OptionalHeader dd ?
header dd ?
magic word ?
w word ?
sizeOfOptionalHeader dd ?
sections dd ?
addrsection dd ?
ofn OPENFILENAME <>
buffer db 256 DUP (?)
mz dd ?
pe dd ?
OptionalHeader dd ?
header dd ?
magic word ?
w word ?
sizeOfOptionalHeader dd ?
sections dd ?
addrsection dd ?
.code
start:
mov ofn.lStructSize,SIZEOF ofn
mov ofn.lpstrFilter, OFFSET FilterString
mov ofn.lpstrFile, OFFSET buffer
mov ofn.nMaxFile,512
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
invoke GetOpenFileName, ADDR ofn
;invoke MessageBox,0,addr buffer,addr correy,0
invoke CreateFile, addr buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
invoke CreateFileMapping,eax, NULL, PAGE_READONLY,0,0,0
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
;show mz
mov mz,eax
;invoke MessageBox,0,mz,addr correy,0
;show pe
mov esi,mz
add esi,3ch
mov esi,[esi]
mov eax,mz
add esi,eax
mov pe,esi
;invoke wsprintf,addr buffer,addr h,pe
;invoke MessageBox,0,addr buffer,addr correy,0
;invoke MessageBox,0,pe,addr correy,0
;show Machine type
mov esi,pe
add esi,4
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr Machine,0
;show NumberOfSections
mov esi,pe
add esi,6
mov dx,word ptr [esi]
movsx edx,dx
mov sections,edx
invoke wsprintf,addr buffer,addr h,edx
invoke MessageBox,0,addr buffer,addr NumberOfSections,0
;show sizeOfOptionalHeader
mov esi,pe
add esi,20
mov dx,word ptr [esi]
movsx edx,dx
mov sizeOfOptionalHeader,edx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr szsizeOfOptionalHeader,0
;show Characteristics
mov esi,pe
add esi,22
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr Characteristics,0
mov esi,pe
add esi,24
mov OptionalHeader,esi ;保存可选头的地址。
;show Magic
mov esi,pe
add esi,24
mov dx,word ptr [esi]
mov magic,dx ;把它存起来。
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr szMagic,0
;show Sizeofcode
mov esi,OptionalHeader
add esi,4
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr Sizeofcode,0
;show addressofentrypoint
mov esi,OptionalHeader
add esi,16
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr addressofentrypoint,0
;show baseofcode
mov esi,OptionalHeader
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr baseofcode,0
;show imagebase
mov esi,OptionalHeader
cmp magic,20bh
jne next
add esi,24 ;如果是pe+文件执行这个命令。pe+文件是8字节,我没有处理。
jmp next2
next:add esi,28
next2:mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr imagebase,0
;show sectionaligment
mov esi,OptionalHeader
add esi,32
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr sectionaligment,0
;show filealigment
mov esi,OptionalHeader
add esi,36
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr filealigment,0
;show SizeofImage
mov esi,OptionalHeader
add esi,56
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr SizeofImage,0
;show SizeofHeaders
mov esi,OptionalHeader
add esi,60
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr SizeofHeaders,0
;show DllCharacteristics
mov esi,OptionalHeader
add esi,70
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr DllCharacteristics,0
;show NumberOfRavAndSizes
mov esi,OptionalHeader
cmp magic,20bh
jne next3
add esi,108 ;如果是pe+文件执行这个指令。
jmp next4
next3:add esi,92
next4:mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr NumberOfRavAndSizes,0
mov esi,OptionalHeader
add esi,sizeOfOptionalHeader
mov header,esi ;保存节头的地址。
;我用此种算法代替了.while edi>0
;dec edi
;.endw
;的功能。
mov edi,sections
again:cmp edi,0
je exit
start:
mov ofn.lStructSize,SIZEOF ofn
mov ofn.lpstrFilter, OFFSET FilterString
mov ofn.lpstrFile, OFFSET buffer
mov ofn.nMaxFile,512
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
invoke GetOpenFileName, ADDR ofn
;invoke MessageBox,0,addr buffer,addr correy,0
invoke CreateFile, addr buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL
invoke CreateFileMapping,eax, NULL, PAGE_READONLY,0,0,0
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
;show mz
mov mz,eax
;invoke MessageBox,0,mz,addr correy,0
;show pe
mov esi,mz
add esi,3ch
mov esi,[esi]
mov eax,mz
add esi,eax
mov pe,esi
;invoke wsprintf,addr buffer,addr h,pe
;invoke MessageBox,0,addr buffer,addr correy,0
;invoke MessageBox,0,pe,addr correy,0
;show Machine type
mov esi,pe
add esi,4
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr Machine,0
;show NumberOfSections
mov esi,pe
add esi,6
mov dx,word ptr [esi]
movsx edx,dx
mov sections,edx
invoke wsprintf,addr buffer,addr h,edx
invoke MessageBox,0,addr buffer,addr NumberOfSections,0
;show sizeOfOptionalHeader
mov esi,pe
add esi,20
mov dx,word ptr [esi]
movsx edx,dx
mov sizeOfOptionalHeader,edx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr szsizeOfOptionalHeader,0
;show Characteristics
mov esi,pe
add esi,22
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr Characteristics,0
mov esi,pe
add esi,24
mov OptionalHeader,esi ;保存可选头的地址。
;show Magic
mov esi,pe
add esi,24
mov dx,word ptr [esi]
mov magic,dx ;把它存起来。
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr szMagic,0
;show Sizeofcode
mov esi,OptionalHeader
add esi,4
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr Sizeofcode,0
;show addressofentrypoint
mov esi,OptionalHeader
add esi,16
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr addressofentrypoint,0
;show baseofcode
mov esi,OptionalHeader
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr baseofcode,0
;show imagebase
mov esi,OptionalHeader
cmp magic,20bh
jne next
add esi,24 ;如果是pe+文件执行这个命令。pe+文件是8字节,我没有处理。
jmp next2
next:add esi,28
next2:mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr imagebase,0
;show sectionaligment
mov esi,OptionalHeader
add esi,32
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr sectionaligment,0
;show filealigment
mov esi,OptionalHeader
add esi,36
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr filealigment,0
;show SizeofImage
mov esi,OptionalHeader
add esi,56
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr SizeofImage,0
;show SizeofHeaders
mov esi,OptionalHeader
add esi,60
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr SizeofHeaders,0
;show DllCharacteristics
mov esi,OptionalHeader
add esi,70
mov dx,word ptr [esi]
movsx edx,dx
invoke wsprintf,addr buffer,addr h,edx
;invoke MessageBox,0,addr buffer,addr DllCharacteristics,0
;show NumberOfRavAndSizes
mov esi,OptionalHeader
cmp magic,20bh
jne next3
add esi,108 ;如果是pe+文件执行这个指令。
jmp next4
next3:add esi,92
next4:mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
;invoke MessageBox,0,addr buffer,addr NumberOfRavAndSizes,0
mov esi,OptionalHeader
add esi,sizeOfOptionalHeader
mov header,esi ;保存节头的地址。
;我用此种算法代替了.while edi>0
;dec edi
;.endw
;的功能。
mov edi,sections
again:cmp edi,0
je exit
;show sectionsheadername
invoke MessageBox,0,header,addr sectionsheadername,0
invoke MessageBox,0,header,addr sectionsheadername,0
;show virtualsize
mov esi,header
add esi,8
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr virtualsize,0
;show virtualaddress
mov esi,header
add esi,12
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr virtualaddress,0
;show sizeofrawdata
mov esi,header
add esi,16
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr sizeofrawdata,0
;show pointertorawdata
mov esi,header
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr pointertorawdata,0
;show sections_header characteristics
mov esi,header
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr Characteristics,0
mov esi,header
add esi,8
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr virtualsize,0
;show virtualaddress
mov esi,header
add esi,12
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr virtualaddress,0
;show sizeofrawdata
mov esi,header
add esi,16
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr sizeofrawdata,0
;show pointertorawdata
mov esi,header
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr pointertorawdata,0
;show sections_header characteristics
mov esi,header
add esi,20
mov esi,[esi]
invoke wsprintf,addr buffer,addr h,esi
invoke MessageBox,0,addr buffer,addr Characteristics,0
add header,40
dec edi
jmp again
exit:invoke ExitProcess,NULL
end start
没有评论:
发表评论