PE文件有效性检查源程序

类别:编程语言 点击:0 评论:0 推荐:
.386
.model flat,stdcall
option casemap:noneinclude C:\masm32\include\windows.inc
include C:\masm32\include\kernel32.inc
include C:\masm32\include\comdlg32.inc
include C:\masm32\include\user32.inc
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\comdlg32.libSEH struct
PrevLink dd ?
 CurrentHandler dd ?
 SafeOffset dd ?
 PrevEsp dd ?
 PrevEbp dd ?
SEH ends.data
AppName db "PE 格式检验程序",0
ofn OPENFILENAME <>
FilterString db "Executable Files (*.exe,*.dll)",0,"*.exe;*.dll",0
    db "All Files",0,"*.*",0,0
FileOpenError db "无法读取文件",0
FileOpenMappingError db "无法打开要映射的文件",0
FileMappingError db "无法把文件映射到内存",0
FileValidPE  db "这个文件是一个有效的PE格式文件",0
FileInValidPE db "这个文件不是一个有效的PE格式文件",0
.data?
buffer db 512 dup(?)
hFile dd ?
hMapping dd ?
pMapping dd ?
ValidPE dd ?.code
start proc
LOCAL seh:SEH
mov ofn.lStructSize,SIZEOF ofn
mov ofn.lpstrFilter,OFFSET FilterString
mov ofn.lpstrFile,OFFSET buffer
mov ofn.nMaxFile,512
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
invoke GetOpenFileName,ADDR ofn
.if eax==TRUE
 invoke CreateFile,addr buffer,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
  .if eax!=INVALID_HANDLE_VALUE
   mov hFile,eax
   invoke CreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,0
   .if eax!=NULL
    mov hMapping,eax
    invoke MapViewOfFile,hMapping,FILE_MAP_READ,0,0,0
    .if eax!=NULL
     mov pMapping,eax
     assume fs:nothing
     push fs:[0]
     pop seh.PrevLink
     mov seh.CurrentHandler,offset SEHHandler
     mov seh.SafeOffset,offset FinalExit
     lea eax,seh
     mov fs:[0],eax
     mov seh.PrevEsp,esp
     mov seh.PrevEbp,ebp
     mov edi,pMapping
     assume edi:ptr IMAGE_DOS_HEADER
     .if [edi].e_magic==IMAGE_DOS_SIGNATURE
       add edi,[edi].e_lfanew
       assume edi:ptr IMAGE_NT_HEADERS
       .if [edi].Signature==IMAGE_NT_SIGNATURE
       mov ValidPE,TRUE
       .else
        mov ValidPE,FALSE
       .endif
     .else
       mov ValidPE,FALSE
     .endif
FinalExit:
     .if ValidPE==TRUE
      invoke MessageBox,0,addr FileValidPE,addr AppName,MB_OK+MB_ICONINFORMATION
     .else
      invoke MessageBox,0,addr FileInValidPE,addr AppName,MB_OK+MB_ICONINFORMATION
     .endif
    push seh.PrevLink
    pop fs:[0]
    invoke UnmapViewOfFile,pMapping
   .else
    invoke MessageBox,0,addr FileMappingError,addr AppName,MB_OK+MB_ICONERROR
   .endif
   invoke CloseHandle,hMapping
  .else
   invoke MessageBox,0,addr FileOpenMappingError,addr AppName,MB_OK+MB_ICONERROR
  .endif
   invoke CloseHandle,hFile
 .else
  invoke MessageBox,0,addr FileOpenError,addr AppName,MB_OK+MB_ICONERROR
 .endif 
.endif
invoke ExitProcess,0
start endpSEHHandler proc C uses edx pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
 mov edx,pFrame
 assume edx:ptr SEH
 mov eax,pContext
 assume eax:ptr CONTEXT
 push [edx].SafeOffset
 pop [eax].regEip
 push [edx].PrevEsp
 pop [eax].regEsp
 push [edx].PrevEbp
 pop [eax].regEbp
 mov ValidPE,FALSE
 mov eax,ExceptionContinueExecution
 ret
SEHHandler endp
end start

本文地址:http://com.8s8s.com/it/it22359.htm