www.pudn.com > pe_decoder.rar > PE_DeCODER.cpp
//*******************************************************************************
// *
// PE Decoder Version 1.0, implemented with C++ *
// *
// Created By HQ(Fahrenheit), 04CS, NJU *
// Finished On Oct 14th 2006 *
// *
// Contact me if you have good ideas. *
// Email : fahrenheit871116@163.com *
// *
//*******************************************************************************
#include
#include
#include
#include
using namespace std;
VOID ToNumeric( LPDWORD ptr, CHAR buf[], INT start, INT size )
{
if ( start<0 || size<0 )
{
return;
}
*ptr = buf[start+size-1];
for ( INT i=size-2; i>=0; i-- )
{
(*ptr) <<= 8;
(*ptr) |= (UCHAR)buf[i+start];
}
}
VOID ToString( LPSTR ptr, CHAR buf[], INT start, INT size)
{
if ( start<0 || size<0 )
{
return;
}
for ( INT i=0; iCharacteristics, buf, 0, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->TimeDateStamp, buf, 4, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->MajorVersion, buf, 8, 2);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->MinorVersion, buf, 10, 2);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->Name, buf, 12, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->Base, buf, 16, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->NumberOfFunctions, buf, 20, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->NumberOfNames, buf, 24, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->AddressOfFunctions, buf, 28, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->AddressOfNames, buf, 32, 4);
ToNumeric((LPDWORD)&EXPORT_DIRECTORY->AddressOfNameOrdinals, buf, 36, 4);
return TRUE;
}
BOOL DataDump::Show_IMPORT_TABLE( ifstream& PE_file, ofstream& fout ) const
{
CHAR buf[33];
DWORD ImOffset = Get_IMPORT_TABLE_RAW(), ThunkValue = 0x00000001, Thunk;
WORD hint = 0x00000000;
buf[28] = 0;
fout.clear();
fout<<"++++++++++++++++++++++++++ Import Table Information +++++++++++++++++++++"< DLL Name : "< "< "<No Import Table Information !"<OPTIONAL_HEADER32.DataDirectory[0].VirtualAddress )
{
ExVRk = SECTION_HEADER[i-1].VirtualAddress - SECTION_HEADER[i-1].PointerToRawData;
break;
}
}
}
VOID DataDump::Set_Import_VRk()
{
for ( INT i=1; iOPTIONAL_HEADER32.DataDirectory[1].VirtualAddress )
{
ImVRk = SECTION_HEADER[i-1].VirtualAddress - SECTION_HEADER[i-1].PointerToRawData;
break;
}
}
}
BOOL DataDump::Export_Table_Existed( VOID ) const
{
if ( !OPTIONAL_HEADER32.DataDirectory[0].VirtualAddress || !OPTIONAL_HEADER32.DataDirectory[0].Size )
{
return FALSE;
}
if ( OPTIONAL_HEADER32.DataDirectory[0].VirtualAddress < ExVRk )
{
return FALSE;
}
return TRUE;
}
BOOL DataDump::Import_Table_Existed( VOID ) const
{
if ( !OPTIONAL_HEADER32.DataDirectory[1].VirtualAddress || !OPTIONAL_HEADER32.DataDirectory[1].Size )
{
return FALSE;
}
if ( OPTIONAL_HEADER32.DataDirectory[1].VirtualAddress < ImVRk )
{
return FALSE;
}
return TRUE;
}
BOOL DataDump::Show_FILE_HEADER( ofstream& fout ) const
{
fout.clear();
fout<<"+++++++++++++++++ FILE HEADER IMFORMATION ++++++++++++++++++++++++++++++++"< 1. Runs At The Environment Of ";
if ( FILE_HEADER.Machine==IMAGE_FILE_MACHINE_I386 )
{
fout<<"32";
}
else
{
fout<<"64";
}
fout<<"-Bit Machine."< 2. Contains "<<(WORD)FILE_HEADER.NumberOfSections<<" Sections."< 3. Created Time : "<<(time_t)FILE_HEADER.TimeDateStamp< 4. OptionalHeader Size Is "< DataDirectory :"< "<Name;
fout<Characteristics<AddressOfFunctions;
fout<AddressOfNames<Base;
fout<AddressOfNameOrdinals<NumberOfNames;
fout<NumberOfFunctions<MajorVersion;
fout<MinorVersion<TimeDateStamp;
fout<Name-ExVRk));
PE_file.read(buf, 12);
fout<NumberOfFunctions )
{
OrdalOffset = EXPORT_DIRECTORY->AddressOfNameOrdinals-ExVRk; // Get The Raw Offset Of NameOrdinals
FunOffset = EXPORT_DIRECTORY->AddressOfFunctions-ExVRk; // Get The Raw Offset Of Functions
NameOffset = EXPORT_DIRECTORY->AddressOfNames-ExVRk; // Get The Raw Offset Of Name_RVA_Arrays
buf[31] = 0;
for ( INT i=0; iNumberOfFunctions; i++ )
{
fout<Base+i;
PE_file.seekg(FunOffset+4*i);
PE_file.read(buf, 4);
ToNumeric((LPDWORD)&Offset, buf, 0, 4);
fout<No Exact Information !"< No Export Table !"< Information Generated By PE_Decoder V1.0, Which Was Created By HQ(Fahrenheit) 04CS, NJU"< Decode Starts ! @_@ ..."< File_Header Decode Complete ! @_@ ..."< Exception Occured When Read File Header !"< Optional Header Decode Complete ! @_@ ..."< Exception Occured When Read Optional Header !"< Section Header Decode Complete ! @_@ ..."< Exception Occured When Read Section Table !"< Export Table Decode Complete ! @_@ ..."< Exception Occured When Read Export Table !"< Import Table Decode Complete ! @_@ ..."< Exception Occured When Read Import Table !"< Decode Complete ! ^_^"<>filename;
if ( !strcmp(filename, "EXIT") )
{
break;
}
PE.clear();
PE.open(filename, ios::in|ios::binary);
if ( PE.fail() )
{
cout<<"Unable To Open The File !"< Information Stored In The TXT File : "<