2. Tech
  3. PE file validity check source program

PE file validity check source program

xiaoxiao2021-03-05  24

.386.Model flat, StdCallOption Casemap: NONE

include C: /masm32/include/windows.incinclude C: /masm32/include/kernel32.incinclude C: /masm32/include/comdlg32.incinclude C: /masm32/include/user32.incincludelib C: / masm32 / lib / user32. Libincludelib C: /masm32/lib/kernel32.libludelib C: /masm32/lib/comdlg32.lib

SEH STRUCTPREVLINK DD? CURRENTHANDLER DD? SAFEOFFSET DD? Prevesp Dd? Prevebp DD? SEH Ends

.DataAppname DB "PE Format Inspection Procedure", 0OFN OpenFileName <> Filterstring DB "Executable Files (* .exe, *. DLL)", 0, "*. EXE; *. DLL", 0 DB "All Files", 0 , "*. *", 0, 0fileopenerror DB "Unable to read the file", 0FileOpenMappinger DB "Unable to open the file you want to map", 0FileMappingerRor DB "is unable to map files to memory", 0FileValidpe db "file is a valid PE Format file ", 0fileInvalidpe db" This file is not a valid PE format file ", 0

.DATA?

Buffer DB 512 DUP (?)

HFILE DD?

Hmapping DD?

PMApping DD?

Validpe DD?

.code

START Proc

Local SEH: SEH

Mov ofn.lstructsize, Sizeof off

Mov ofn.lpstrfilter, Offset Filterstring

Mov ofn.lpstrfile, Offset buffer

Mov ofn.nmaxfile, 512

Mov off.flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES OR OFN_EXPLORER OR OFN_HIDEREADOLY

Invoke GetopenFileName, Addr OFN

.IF EAX == True

Invoke createfile, addr buffer, generic_read, file_share_read, null, open_existing, file_attribute_normal, null

.IF EAX! = INVALID_HANDLE_VALUE

Mov Hfile, EAX

Invoke CreateFilemapping, Hfile, Null, Page_Readonly, 0,0,0

.IF EAX! = NULL

Mov hmapping, EAX

Invoke mapviewoffile, hmapping, file_map_read, 0,0,0

.IF EAX! = NULL

MOV PMApping, EAX

Assume fs: Nothing

Push fs: [0]

Pop seh.prevlink

Mov seh.currenthandler, offset sehhandler

Mov Seh.SafeOffset, Offset Finalexit

Lea Eax, SEH

MOV FS: [0], EAX

Mov Seh.Prevesp, ESP

Mov Seh.PREVEBP, EBPMOV EDI, PMApping

Assume EDI: PTR Image_DOS_HEADER

.IF [EDI] .e_magic == image_dos_signature

Add Edi, [EDI] .e_lfanew

Assume EDI: PTR Image_NT_HEADERS

.IF [EDI]. Signature == Image_NT_SIGNATURE

Mov Validpe, True

.lse

Mov Validpe, False

.endif

.lse

Mov Validpe, False

.endif

Finalexit:

.IF Validpe == True

Invoke Messagebox, 0, AddR FileValidpe, Addr Appname, MB_OK MB_ICONITIONFORMATION

.lse

Invoke Messagebox, 0, AddR Fileinvalidpe, Addr Appname, MB_OK MB_ICONITIONFORMATION

.endif

Push seh.prevlink

POP FS: [0]

Invoke unmapviewoffile, pmapping

.lse

Invoke Messagebox, 0, AddR Filemappinger, Addr Appname, MB_OK MB_ICONERROR

.endif

Invoke closehandle, hmapping

.lse

Invoke Messagebox, 0, AddR FileOpenMappinger, Addr Appname, MB_OK MB_ICONERROR

.endif

Invoke Closehandle, HFile

.lse

Invoke Messagebox, 0, AddR FileOpener, Addr Appname, MB_OK MB_ICONERROR

.endif

.endif

Invoke EXITPROCESS, 0

START ENDP

SEHHANDLER Proc C Uses Edx PEXCEPT: DWORD, PFRAME: DWORD, PCONTEXT: DWORD, PDISPATCH: DWORD

MOV EDX, PFRAME

Assume Edx: PTR SEH

Mov Eax, PContext

Assume EAX: PTR Context

Push [edx] .safeoffset

POP [EAX] .Regeip

Push [EDX] .prevest

POP [EAX] .regesp

Push [edx] .prevebp

POP [EAX] .Regebp

Mov Validpe, False

MOV Eax, ExceptionContinueexecution

RET

SEHHANDLER ENDP

End Start

转载请注明原文地址:https://www.9cbs.com/read-35217.html

9cbs

New Post(0)