2016-11-16 16:29:07
主程序代码 pedump.c
#include <windows.h>
#include <Richedit.h>
#include "resource.h" HINSTANCE hInstance; DWORD dwStop;
HWND hWinEdit; //富文本框句柄 /*
初始化窗口程序
*/
void _Init(HWND hWinMain)
{
HICON hIcon;
CHARFORMAT stCf;
TCHAR szFont[] = TEXT("宋体"); hWinEdit = GetDlgItem(hWinMain, IDC_INFO);
hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(ICO_MAIN));
SendMessage(hWinMain, WM_SETICON, ICON_BIG, (LPARAM)hIcon);//为窗口设置图标
SendMessage(hWinEdit, EM_SETTEXTMODE, TM_PLAINTEXT, );//设置编辑控件 RtlZeroMemory(&stCf, sizeof(stCf));
stCf.cbSize = sizeof(stCf);
stCf.yHeight = * ;
stCf.dwMask = CFM_FACE | CFM_SIZE | CFM_BOLD;
lstrcpy(stCf.szFaceName, szFont);
SendMessage(hWinEdit, EM_SETCHARFORMAT, , (LPARAM)&stCf);
SendMessage(hWinEdit, EM_EXLIMITTEXT, , -);
} /*
往文本框中追加文本
*/
void _appendInfo(TCHAR * _lpsz)
{
CHARRANGE stCR; stCR.cpMin = GetWindowTextLength(hWinEdit);
stCR.cpMax = GetWindowTextLength(hWinEdit);
SendMessage(hWinEdit, EM_EXSETSEL, , (LPARAM)&stCR); //将插入点移动到最后
SendMessage(hWinEdit, EM_REPLACESEL, FALSE, (LPARAM)_lpsz);
} /*
打开PE文件并处理
*/
void _openFile(HWND hWinMain)
{
OPENFILENAME stOF;
HANDLE hFile, hMapFile;
DWORD totalSize; //文件大小
LPVOID lpMemory; //内存映像文件在内存的起始位置 TCHAR szFileName[MAX_PATH] = {}; //要打开的文件路径及名称名
TCHAR bufTemp1[]; //每个字符的十六进制字节码
TCHAR bufTemp2[]; //第一列
TCHAR lpServicesBuffer[]; //一行的所有内容
TCHAR bufDisplay[]; //第三列ASCII码字符
DWORD dwCount; //计数,逢16则重新计
DWORD dwCount1; //地址顺号
DWORD dwBlanks; //最后一行空格数 TCHAR szExtPe[] = TEXT("PE Files\0*.exe;*.dll;*.scr;*.fon;*.drv\0All Files(*.*)\0*.*\0\0"); RtlZeroMemory(&stOF, sizeof(stOF));
stOF.lStructSize = sizeof(stOF);
stOF.hwndOwner = hWinMain;
stOF.lpstrFilter = szExtPe;
stOF.lpstrFile = szFileName;
stOF.nMaxFile = MAX_PATH;
stOF.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST;
if (GetOpenFileName(&stOF)) //让用户选择打开的文件
{
hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL);
if (hFile != INVALID_HANDLE_VALUE)
{
totalSize = GetFileSize(hFile, NULL);//获取文件大小
if (totalSize)
{
hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, , , NULL);//内存映射文件
if (hMapFile)
{
lpMemory = MapViewOfFile(hMapFile, FILE_MAP_READ, , , );//获得文件在内存的映象起始位置
if (lpMemory)
{
//开始处理文件 //缓冲区初始化
RtlZeroMemory(bufTemp1, );
RtlZeroMemory(bufTemp2, );
RtlZeroMemory(lpServicesBuffer, );
RtlZeroMemory(bufDisplay, ); dwCount = ; //将第一列写入lpServicesBuffer
dwCount1 = ;
wsprintf(bufTemp2, TEXT("%08x "), dwCount1);
lstrcat(lpServicesBuffer, bufTemp2); dwBlanks = ( - totalSize % ) * ;//求最后一行的空格数 while (TRUE)
{
if (totalSize == )//最后一行
{
while (dwBlanks)//填充空格
{
lstrcat(lpServicesBuffer, TEXT(" "));
--dwBlanks;
} lstrcat(lpServicesBuffer, TEXT(" "));//第二列与第三列中间的空格
lstrcat(lpServicesBuffer, bufDisplay);//第三列内容
lstrcat(lpServicesBuffer, TEXT("\n"));//回车换行符号
break;
} //翻译成可以显示的ascii码字,写入第三列的值
if (*(TCHAR *)lpMemory > 0x20 && *(TCHAR *)lpMemory < 0x7e)
{
bufDisplay[dwCount-] = *(TCHAR *)lpMemory;
}
else
{
bufDisplay[dwCount-] = 0x2e;//如果不是ASCII码值,则显示“.”
} wsprintf(bufTemp1, TEXT("%02X "), *(TBYTE *)lpMemory);//字节的十六进制字符串到@bufTemp1中
lstrcat(lpServicesBuffer, bufTemp1);//将第二列写入lpServicesBuffer if (dwCount == )//已到16个字节,
{
lstrcat(lpServicesBuffer, TEXT(" "));//第二列与第三列中间的空格
lstrcat(lpServicesBuffer, bufDisplay);//显示第三列字符
lstrcat(lpServicesBuffer, TEXT("\n"));//回车换行 _appendInfo(lpServicesBuffer);//写入内容
RtlZeroMemory(lpServicesBuffer, ); if (dwStop == )
{
break;
} wsprintf(bufTemp2, TEXT("%08X "), (++dwCount1) * ); // 显示下一行的地址
lstrcat(lpServicesBuffer, bufTemp2); dwCount = ;
RtlZeroMemory(bufDisplay, );
}
--totalSize;
++dwCount;
++(TCHAR *)lpMemory; } _appendInfo(lpServicesBuffer); //添加最后一行
UnmapViewOfFile(lpMemory);
}
CloseHandle(hMapFile);
}
}
CloseHandle(hFile);
}
}
} /*
窗口程序
*/
INT_PTR CALLBACK _ProcDlgMain(HWND hWnd, UINT wMsg, WPARAM wParam, LPARAM lParam)
{
switch (wMsg)
{
case WM_CLOSE:
EndDialog(hWnd, );
break; case WM_INITDIALOG: //初始化
_Init(hWnd);
break; case WM_COMMAND: //菜单
switch (LOWORD(wParam))
{
case IDM_EXIT: //退出
EndDialog(hWnd, );
break; case IDM_OPEN: //打开文件
dwStop = ;
CreateThread(NULL, , (LPTHREAD_START_ROUTINE)_openFile, hWnd, , NULL);
break; case IDM_1:
dwStop = ;
break; case IDM_2:
case IDM_3:
default:
break;
}
break; default:
return FALSE;
} return TRUE;
} int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
HMODULE hRichEdit; hInstance = hInst;
hRichEdit = LoadLibrary(TEXT("RichEd20.dll"));
DialogBoxParam(hInstance, MAKEINTRESOURCE(DLG_MAIN), NULL, _ProcDlgMain, (LPARAM)NULL);
FreeLibrary(hRichEdit);
return ;
}
头文件 resource.h
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ 生成的包含文件。
// 供 Resource.rc 使用
//
#define ICO_MAIN 101
#define DLG_MAIN 102
#define IDM_MAIN 103
#define IDC_INFO 1001
#define IDM_OPEN 40001
#define IDM_EXIT 40002
#define IDM_1 40003
#define IDM_2 40004
#define IDM_3 40005
#define IDM_4 40006
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 104
#define _APS_NEXT_COMMAND_VALUE 40007
#define _APS_NEXT_CONTROL_VALUE 1002
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
资源文件 resource.rc
// Microsoft Visual C++ generated resource script.
//
#include "resource.h" #define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "winres.h" /////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS /////////////////////////////////////////////////////////////////////////////
// 中文(简体,中国) resources #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED #ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
// TEXTINCLUDE
BEGIN
"resource.h\0"
END TEXTINCLUDE
BEGIN
"#include ""winres.h""\r\n"
"\0"
END TEXTINCLUDE
BEGIN
"\r\n"
"\0"
END #endif // APSTUDIO_INVOKED /////////////////////////////////////////////////////////////////////////////
//
// Icon
// // Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
ICO_MAIN ICON "main.ico" /////////////////////////////////////////////////////////////////////////////
//
// Dialog
// DLG_MAIN DIALOGEX , , ,
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "PEDump"
MENU IDM_MAIN
FONT , "宋体", , , 0x0
BEGIN
CONTROL "",IDC_INFO,"RichEdit20A",ES_MULTILINE | ES_AUTOVSCROLL | ES_AUTOHSCROLL | ES_READONLY | ES_WANTRETURN | WS_BORDER | WS_VSCROLL | WS_TABSTOP,,,,
END /////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
// #ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO
BEGIN
DLG_MAIN, DIALOG
BEGIN
RIGHTMARGIN,
BOTTOMMARGIN,
END
END
#endif // APSTUDIO_INVOKED /////////////////////////////////////////////////////////////////////////////
//
// Menu
// IDM_MAIN MENU
BEGIN
POPUP "文件(&F)"
BEGIN
MENUITEM "打开文件(&O)...", IDM_OPEN
MENUITEM SEPARATOR
MENUITEM "退出(&x)", IDM_EXIT
END
POPUP "编辑(&E)"
BEGIN
MENUITEM SEPARATOR
END
POPUP "格式(&O)"
BEGIN
MENUITEM SEPARATOR
END
POPUP "查看(&V)"
BEGIN
MENUITEM "停止Dump...", IDM_1
MENUITEM "窗口透明度", IDM_2
MENUITEM SEPARATOR
MENUITEM "大小", IDM_3
MENUITEM "宽度", IDM_4
END
POPUP "帮助(&H)"
BEGIN
MENUITEM SEPARATOR
END
END #endif // 中文(简体,中国) resources
///////////////////////////////////////////////////////////////////////////// #ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
// /////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED