和前面一个类一样,这两个函数是对我前面那个类的更新!
这次不和那个贴放一块了,我觉得重定位好像还是有点不足的地方,但是已经完全正常,就是不完美! 喜欢的就拿去用吧! 这两类函数可是网络上的稀罕货! 简单先说一下重定位的结构: 地址:DWORD类型 大小:DWORD类型 内容:WORD数组 主要来说内容; 比如,内容的WORD值是 3 1 5 0 红色的就是它的类型,后面的"150"就是它要修正的量. 类型如下: #define IMAGE_REL_BASED_ABSOLUTE 0 #define IMAGE_REL_BASED_HIGH 1 #define IMAGE_REL_BASED_LOW 2 #define IMAGE_REL_BASED_HIGHLOW 3 #define IMAGE_REL_BASED_HIGHADJ 4 #define IMAGE_REL_BASED_MIPS_JMPADDR 5 #define IMAGE_REL_BASED_SECTION 6 #define IMAGE_REL_BASED_REL32 7 //下面的应该不常用的: #define IMAGE_REL_BASED_MIPS_JMPADDR16 9 #define IMAGE_REL_BASED_IA64_IMM64 9 #define IMAGE_REL_BASED_DIR64 10 #define IMAGE_REL_BASED_HIGH3ADJ 11 //这次我只处理了IMAGE_REL_BASED_HIGHLOW 这个类型,也是最多最常见的.其它的我找了好久也没找到那个文件在用!也就没研究了,这也许是我这个函数的不完美的地方吧! 前面简要说了一下结构我们可以再简要说一下实现: 获得类型的简单方法如下,假设buf是我们需要处理的值. buf=(buf&0xF000)>>0x0C; //buf就是类型号了. buf=buf&0x0FFF //就是我们要的偏移量. //------------------------------------------------------代码如下-------------------------------- PIMAGE_BASE_RELOCATION CPNExeInfo::GetRelocInfo(DWORD *dwNum,DWORD *dwAddr,DWORD *dwSize, DWORD *dwNumItem,DWORD *dwSectionNum,LPCTSTR *szSectionName) { PIMAGE_BASE_RELOCATION _reloc=NULL; _reloc=(PIMAGE_BASE_RELOCATION)_ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress; //*dwSize=(DWORD)_ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; if(_reloc==NULL){return NULL;} _reloc=(PIMAGE_BASE_RELOCATION)ImageRvaToVa(_ntHeader,_dosHeader,(DWORD)_reloc,NULL); DWORD *pdwBuf=(DWORD*)_reloc; for(int i=0;_reloc->VirtualAddress!=NULL;i++) { if(dwAddr!=NULL){dwAddr[i] =_reloc->VirtualAddress;} if(dwSize!=NULL){dwSize[i] =_reloc->SizeOfBlock;} if(dwNumItem!=NULL){dwNumItem[i]=(_reloc->SizeOfBlock-8)/2;} PIMAGE_SECTION_HEADER _section=GetSection(); for(int n=0;n<_ntHeader->FileHeader.NumberOfSections;n++) { if(_section->VirtualAddress<=_reloc->VirtualAddress&& (_section->VirtualAddress+_section->Misc.VirtualSize)>_reloc->VirtualAddress) { if(dwSectionNum!=NULL){dwSectionNum[i]=n;} if(szSectionName!=NULL){szSectionName[i]=(PSTR)_section->Name;} break; } _section++; } _reloc=(PIMAGE_BASE_RELOCATION)((DWORD)_reloc+_reloc->SizeOfBlock); } if(dwNum!=NULL){*dwNum=i;} _reloc=(PIMAGE_BASE_RELOCATION)pdwBuf; return _reloc; } DWORD CPNExeInfo::GetRelocItem(PIMAGE_BASE_RELOCATION _pbaseReloc,DWORD *dwRva,DWORD *dwOffset, LPCTSTR *szType,DWORD *dwFarAddr) { if(_pbaseReloc==NULL){return NULL;} DWORD *pdwbuf=(PDWORD)_pbaseReloc; pdwbuf=pdwbuf+2; WORD *pwdbuf=(PWORD)(pdwbuf); int num=(_pbaseReloc->SizeOfBlock-8)/2; for(int i=0;i<num;i++) { WORD wdbuf=*pwdbuf; WORD wdtype=wdbuf&0xF000; if(dwRva!=NULL){dwRva[i]=_pbaseReloc->VirtualAddress+(DWORD)(wdbuf&0x0FFF);} if(dwOffset!=NULL){ dwOffset[i]=(DWORD)ImageRvaToVa(_ntHeader, _dosHeader,(DWORD)((DWORD)(wdbuf&0x0FFF)+_pbaseReloc->VirtualAddress),NULL); dwOffset[i]=dwOffset[i]-(DWORD)_dosHeader; } if(dwFarAddr!=NULL){ DWORD dwbuf=(DWORD)(wdbuf&0x0FFF)+_pbaseReloc->VirtualAddress; DWORD *pdw=(PDWORD)ImageRvaToVa(_ntHeader,_dosHeader,(DWORD)dwbuf,NULL); dwFarAddr[i]=*pdw; } if(szType!=NULL){ wdtype=wdtype>>12; switch(wdtype) { case IMAGE_REL_BASED_ABSOLUTE: { szType[i]="[00]ABOLUTE"; if(dwRva!=NULL) {dwRva[i]=NULL;} if(dwOffset!=NULL) {dwOffset[i]=NULL;} if(dwFarAddr!=NULL){dwFarAddr[i]=NULL;} break; } case IMAGE_REL_BASED_HIGH: {szType[i]="[01]HIGH";break;} case IMAGE_REL_BASED_LOW: {szType[i]="[02]LOW";break;} case IMAGE_REL_BASED_HIGHLOW: {szType[i]="[03]HIGHLOW";break;} case IMAGE_REL_BASED_HIGHADJ: {szType[i]="[04]HIGHADJ";break;} case IMAGE_REL_BASED_MIPS_JMPADDR: {szType[i]="[05]MIPS_JMPADDR";break;} case IMAGE_REL_BASED_SECTION: {szType[i]="[06]SECTION";break;} case IMAGE_REL_BASED_REL32: {szType[i]="[07]REL32";break;} case IMAGE_REL_BASED_IA64_IMM64: {szType[i]="[09]IA64_IMM64";break;} case IMAGE_REL_BASED_DIR64: {szType[i]="[10]DIR64";break;} case IMAGE_REL_BASED_HIGH3ADJ: {szType[i]="[11]HIGH3ADJ";break;} default:{szType[i]="[-1]UNKNOW";break;} } } pwdbuf++; } return num; } PIMAGE_DEBUG_DIRECTORY CPNExeInfo::GetDebugInfo(DWORD *dwSize,LPCTSTR *szType) { PIMAGE_DEBUG_DIRECTORY _debug=NULL; _debug=(PIMAGE_DEBUG_DIRECTORY)_ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress; DWORD size=(DWORD)_ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size; if(_debug==NULL){return NULL;} _debug=(PIMAGE_DEBUG_DIRECTORY)ImageRvaToVa(_ntHeader,_dosHeader,(DWORD)_debug,NULL); DWORD *pdwBuf=(DWORD*)_debug; for(DWORD i=0;i<(size/sizeof(IMAGE_DEBUG_DIRECTORY));i++,_debug++) { switch(_debug->Type) { case IMAGE_DEBUG_TYPE_UNKNOWN :{szType[i]="[00]UNKNOW";break;} case IMAGE_DEBUG_TYPE_COFF :{szType[i]="[01]COFF";break;} case IMAGE_DEBUG_TYPE_CODEVIEW :{szType[i]="[02]CODEVIEW";break;} case IMAGE_DEBUG_TYPE_FPO :{szType[i]="[03]FPO";break;} case IMAGE_DEBUG_TYPE_MISC :{szType[i]="[04]MISC";break;} case IMAGE_DEBUG_TYPE_EXCEPTION :{szType[i]="[05]EXCEPTION";break;} case IMAGE_DEBUG_TYPE_FIXUP :{szType[i]="[06]FIXUP";break;} case IMAGE_DEBUG_TYPE_OMAP_TO_SRC :{szType[i]="[07]OMAPTOSRC";break;} case IMAGE_DEBUG_TYPE_OMAP_FROM_SRC:{szType[i]="[08]OMAPFROMSRC";break;} case IMAGE_DEBUG_TYPE_BORLAND :{szType[i]="[09]BORLAND";break;} case IMAGE_DEBUG_TYPE_RESERVED10 :{szType[i]="[10]RESERVED10";break;} default:{szType[i]="[-1]UNKNOW";break;} } } *dwSize=i; _debug=(PIMAGE_DEBUG_DIRECTORY)pdwBuf; return _debug; } //--------------------------------------------------------------------------------- 这次的代码纯粹是个人杰作!高手们指点一下!呵呵~~~,自我感觉良好! 现在还差什么表没发了!我想除了资源了吧! -By EasyStudy For PhantomNet |
获得重定位表&调试表的函数—from pediy
最新推荐文章于 2023-09-07 10:17:46 发布