flat assembler
Message board for the users of flat assembler.

Index > Main > Any Dll Export Dump

Author
Thread Post new topic Reply to topic
lovefasm



Joined: 17 Jun 2007
Posts: 22
lovefasm
Format PE Console

include 'Win32AX.inc'

macro for var,min,instr,max
{
mov var,min
local loop,end
loop:
_for_var equ var
_for_limit equ max
_for_instr equ instr
_for_origin equ loop
_for_exit equ end
}

macro endfor
{
cmp _for_var,_for_limit
je _for_exit
_for_instr _for_var
jmp _for_origin
_for_exit:
restore _for_exit
restore _for_origin
restore _for_limit
restore _for_instr
restore _for_var
}

start:
invoke GetCommandLine
cinvoke strstr,eax," "
cmp eax,0
je _exit0

cinvoke sscanf,eax,"%s",DllFileName
cmp eax,0
je _exit0

invoke GetCurrentDirectory,8000h,DllFilePath
call OpenDllFile
cmp eax,0FFFFFFFFh
jne _cfm;当前目录没有找到
invoke GetSystemDirectory,DllFilePath,8000h
call OpenDllFile
cmp eax,0FFFFFFFFh
je _exit0;系统目录也没有就退出

_cfm:
invoke CreateFileMapping,eax,0,2,0,0,0
mov [hFileMapping],eax
cmp eax,0
je _exit1

invoke MapViewOfFile,eax,4,0,0,0
mov [lpFileBase],eax
cmp eax,0
je _exit2

mov [pImage_DOS_Header],eax
add eax,3Ch
mov eax,[eax]
add eax,[lpFileBase]
mov [pImage_NT_Header],eax

invoke IsBadReadPtr,eax,0F8h
cmp eax,0
jne _exit3

mov eax,[pImage_NT_Header]
cmp dword [eax],4550h
jne _exit3

add eax,78h
push dword [eax]
pop [pImage_Export_Dir]

cmp eax,0
je _exit3

invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header],[pImage_Export_Dir],0
mov [pImage_Export_Dir],eax
cmp eax,0
je _exit3

add eax,20h
push dword [eax]
pop [ppdwNames]
invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header],dword [eax],0
mov [ppdwNames],eax
cmp eax,0
je _exit3

mov eax,[pImage_Export_Dir]
add eax,18h
push dword [eax]
pop [NoOfExports]

cinvoke printf,cnt_fmt,DllFileName,[NoOfExports]
cinvoke printf,lib_fmt,DllFileName,DllFileName
cinvoke printf,imp_fmt,DllFileName

mov ebx,[NoOfExports]
mov esi,[ppdwNames]

cmp ebx,0
je _exit3
cmp ebx,1
je _end

dec ebx
for edi, 1 , inc , ebx
invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header], dword [esi], 0
cinvoke printf,out_fmt,eax,eax
add esi,4
endfor
_end:
invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header], dword [esi], 0
cinvoke printf,end_out_fmt,eax,eax

_exit3:
invoke UnmapViewOfFile,[lpFileBase]
_exit2:
invoke CloseHandle,[hFileMapping]
_exit1:
invoke CloseHandle,[hFile]
_exit0:
invoke ExitProcess,0

OpenDllFile:
cinvoke strcat,DllFilePath,"\"
cinvoke strcat,DllFilePath,DllFileName
cinvoke strcat,DllFilePath,".dll"

invoke CreateFile,DllFilePath,80000000h,1,0,3,80h,0
mov [hFile],eax
ret

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;导入表;导入表;导入表;导入表;导入表;导入表
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
data import
library kernel32,'kernel32.dll',\
msvcrt,'msvcrt.dll',\
dbghlp,'dbghelp.dll'

import kernel32,\
GetCommandLine,'GetCommandLineA',\
GetCurrentDirectory,'GetCurrentDirectoryA',\
GetSystemDirectory,'GetSystemDirectoryA',\
CreateFile,'CreateFileA',\
CreateFileMapping,'CreateFileMappingA',\
MapViewOfFile,'MapViewOfFile',\
UnmapViewOfFile,'UnmapViewOfFile',\
CloseHandle,'CloseHandle',\
IsBadReadPtr,'IsBadReadPtr',\
ExitProcess,'ExitProcess'
import msvcrt,\
printf,'printf',\
strcat,'strcat',\
strstr,'strstr',\
sscanf,'sscanf'
import dbghlp,\
ImageRvaToVa,'ImageRvaToVa'
end data

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;常量定义;常量定义;常量定义;常量定义;常量定义
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
cnt_fmt db ";%s Exports Count=%d",0dh,0ah,0h
lib_fmt db "library",9h,"%s,'%s.dll'",0dh,0ah,0h
imp_fmt db "import",9h,"%s,\",0dh,0ah,0h

out_fmt db 9h,"%s,'%s',\",0dh,0ah,0h

end_out_fmt db 9h,"%s,'%s'",0dh,0ah,0h

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;变量定义;变量定义;变量定义;变量定义;变量定义
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
DllFilePath rb 8000h
DllFileName rb 1000h

hFile rd 1
hFileMapping rd 1
lpFileBase rd 1

pImage_DOS_Header rd 1
pImage_NT_Header rd 1
pImage_Export_Dir rd 1

ppdwNames rd 1
NoOfExports rd 1


Description:
Download
Filename: el.rar
Filesize: 2.17 KB
Downloaded: 160 Time(s)

Post 27 Jul 2007, 14:24
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 245
Location: US
Yardman
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:30; edited 1 time in total
Post 28 Jul 2007, 01:29
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8962
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
很高兴看到有华人在这
欢迎你 lovefasm
Post 28 Jul 2007, 14:18
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan
Really-really nice tool!! Thanks to writer. //but CL parser suffers a bit - it don't process pathes with blank spaces.
Post 21 Sep 2007, 16:16
View user's profile Send private message Reply with quote
lehox



Joined: 06 Aug 2007
Posts: 16
lehox
too bad i don't understand the section description.. can you translate it please?
Post 21 Sep 2007, 17:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.