flat assembler
Message board for the users of flat assembler.
Index
> Main > Any Dll Export Dump |
Author |
|
lovefasm 27 Jul 2007, 14:24
Format PE Console
include 'Win32AX.inc' macro for var,min,instr,max { mov var,min local loop,end loop: _for_var equ var _for_limit equ max _for_instr equ instr _for_origin equ loop _for_exit equ end } macro endfor { cmp _for_var,_for_limit je _for_exit _for_instr _for_var jmp _for_origin _for_exit: restore _for_exit restore _for_origin restore _for_limit restore _for_instr restore _for_var } start: invoke GetCommandLine cinvoke strstr,eax," " cmp eax,0 je _exit0 cinvoke sscanf,eax,"%s",DllFileName cmp eax,0 je _exit0 invoke GetCurrentDirectory,8000h,DllFilePath call OpenDllFile cmp eax,0FFFFFFFFh jne _cfm;当前目录没有找到 invoke GetSystemDirectory,DllFilePath,8000h call OpenDllFile cmp eax,0FFFFFFFFh je _exit0;系统目录也没有就退出 _cfm: invoke CreateFileMapping,eax,0,2,0,0,0 mov [hFileMapping],eax cmp eax,0 je _exit1 invoke MapViewOfFile,eax,4,0,0,0 mov [lpFileBase],eax cmp eax,0 je _exit2 mov [pImage_DOS_Header],eax add eax,3Ch mov eax,[eax] add eax,[lpFileBase] mov [pImage_NT_Header],eax invoke IsBadReadPtr,eax,0F8h cmp eax,0 jne _exit3 mov eax,[pImage_NT_Header] cmp dword [eax],4550h jne _exit3 add eax,78h push dword [eax] pop [pImage_Export_Dir] cmp eax,0 je _exit3 invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header],[pImage_Export_Dir],0 mov [pImage_Export_Dir],eax cmp eax,0 je _exit3 add eax,20h push dword [eax] pop [ppdwNames] invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header],dword [eax],0 mov [ppdwNames],eax cmp eax,0 je _exit3 mov eax,[pImage_Export_Dir] add eax,18h push dword [eax] pop [NoOfExports] cinvoke printf,cnt_fmt,DllFileName,[NoOfExports] cinvoke printf,lib_fmt,DllFileName,DllFileName cinvoke printf,imp_fmt,DllFileName mov ebx,[NoOfExports] mov esi,[ppdwNames] cmp ebx,0 je _exit3 cmp ebx,1 je _end dec ebx for edi, 1 , inc , ebx invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header], dword [esi], 0 cinvoke printf,out_fmt,eax,eax add esi,4 endfor _end: invoke ImageRvaToVa,[pImage_NT_Header],[pImage_DOS_Header], dword [esi], 0 cinvoke printf,end_out_fmt,eax,eax _exit3: invoke UnmapViewOfFile,[lpFileBase] _exit2: invoke CloseHandle,[hFileMapping] _exit1: invoke CloseHandle,[hFile] _exit0: invoke ExitProcess,0 OpenDllFile: cinvoke strcat,DllFilePath,"\" cinvoke strcat,DllFilePath,DllFileName cinvoke strcat,DllFilePath,".dll" invoke CreateFile,DllFilePath,80000000h,1,0,3,80h,0 mov [hFile],eax ret ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;导入表;导入表;导入表;导入表;导入表;导入表 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; data import library kernel32,'kernel32.dll',\ msvcrt,'msvcrt.dll',\ dbghlp,'dbghelp.dll' import kernel32,\ GetCommandLine,'GetCommandLineA',\ GetCurrentDirectory,'GetCurrentDirectoryA',\ GetSystemDirectory,'GetSystemDirectoryA',\ CreateFile,'CreateFileA',\ CreateFileMapping,'CreateFileMappingA',\ MapViewOfFile,'MapViewOfFile',\ UnmapViewOfFile,'UnmapViewOfFile',\ CloseHandle,'CloseHandle',\ IsBadReadPtr,'IsBadReadPtr',\ ExitProcess,'ExitProcess' import msvcrt,\ printf,'printf',\ strcat,'strcat',\ strstr,'strstr',\ sscanf,'sscanf' import dbghlp,\ ImageRvaToVa,'ImageRvaToVa' end data ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;常量定义;常量定义;常量定义;常量定义;常量定义 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; cnt_fmt db ";%s Exports Count=%d",0dh,0ah,0h lib_fmt db "library",9h,"%s,'%s.dll'",0dh,0ah,0h imp_fmt db "import",9h,"%s,\",0dh,0ah,0h out_fmt db 9h,"%s,'%s',\",0dh,0ah,0h end_out_fmt db 9h,"%s,'%s'",0dh,0ah,0h ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;变量定义;变量定义;变量定义;变量定义;变量定义 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DllFilePath rb 8000h DllFileName rb 1000h hFile rd 1 hFileMapping rd 1 lpFileBase rd 1 pImage_DOS_Header rd 1 pImage_NT_Header rd 1 pImage_Export_Dir rd 1 ppdwNames rd 1 NoOfExports rd 1
|
|||||||||||
27 Jul 2007, 14:24 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.