Приятного времени суток - соратники.
Не могу осознать какого члена не работает кодес ( на хр и ниже работал на ура )
Какое таинство несёт переход и какая очередная MS шиза принесла погибель?
Не могу осознать какого члена не работает кодес ( на хр и ниже работал на ура )
Код:
.686
.model flat, stdcall
option casemap :none
include c:\masm32\include\windows.inc
include c:\masm32\include\kernel32.inc
include c:\masm32\include\shell32.inc
includelib c:\masm32\lib\masm32.lib
includelib c:\masm32\lib\kernel32.lib
includelib c:\masm32\lib\shell32.lib
includelib c:\masm32\lib\user32.lib
IMAGE_OPTIONAL_HEADER64 STRUCT
Magic WORD ?
MajorLinkerVersion BYTE ?
MinorLinkerVersion BYTE ?
SizeOfCode DWORD ?
SizeOfInitializedData DWORD ?
SizeOfUninitializedData DWORD ?
AddressOfEntryPoint DWORD ?
BaseOfCode DWORD ?
ImageBase QWORD ?
SectionAlignment DWORD ?
FileAlignment DWORD ?
MajorOperatingSystemVersion WORD ?
MinorOperatingSystemVersion WORD ?
MajorImageVersion WORD ?
MinorImageVersion WORD ?
MajorSubsystemVersion WORD ?
MinorSubsystemVersion WORD ?
Win32VersionValue DWORD ?
SizeOfImage DWORD ?
SizeOfHeaders DWORD ?
CheckSum DWORD ?
Subsystem WORD ?
DllCharacteristics WORD ?
SizeOfStackReserve QWORD ?
SizeOfStackCommit QWORD ?
SizeOfHeapReserve QWORD ?
SizeOfHeapCommit QWORD ?
LoaderFlags DWORD ?
NumberOfRvaAndSizes DWORD ?
DataDirectory IMAGE_DATA_DIRECTORY IMAGE_NUMBEROF_DIRECTORY_ENTRIES dup(<>)
IMAGE_OPTIONAL_HEADER64 ENDS
IMAGE_NT_HEADERS64 STRUCT
Signature DWORD ?
FileHeader IMAGE_FILE_HEADER <>
OptionalHeader IMAGE_OPTIONAL_HEADER64 <>
IMAGE_NT_HEADERS64 ENDS
.data
ConsoleTitle db "CRC32import calculator for PE32 and PE+ Win32 NTx86 ASCII (c) Izg0y 2011", 0
help db 0Dh, 0Ah, "Usage:", 0Dh, 0Ah, " name.exe C:\WINDOWS\system32\ntdll.dll", 0Dh, 0Ah, 0
Menu db 0Dh, 0Ah, " CRC32-hash APi-name", 0Dh, 0Ah, " --------------------------", 0Dh, 0Ah, 0Dh, 0Ah, 0
template db " 0x%08X %s",0Dh,0Ah, 0
Final db " --------------------------", 0Dh, 0Ah, " Total: %d", 0Dh, 0Ah, 0
.data?
hFile dd ?
argc dd ?
ConsoleHandle dd ?
hMapping dd ?
hMap dd ?
.code
CalcHash proc uses edx ecx ebx
mov edx, edi
mov ecx, eax
xor eax, eax
.IF ecx != 0
dec eax
@1:
xor al,byte ptr [edx]
inc edx
push 08
pop ebx
@2:
shr eax, 1
jnc @3
xor eax, 0EDB88320h
@3:
dec ebx
jnz @2
loop @1
not eax
.ENDIF
ret
CalcHash endp
RVAToFileMap PROC uses edi esi edx ecx RVA:DWORD
mov esi, hMap
assume esi:ptr IMAGE_DOS_HEADER
add esi, [esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS64
mov edi, RVA
mov edx, esi
.IF [esi].OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC
add edx, sizeof IMAGE_NT_HEADERS32
.ELSEIF [esi].OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC
add edx, sizeof IMAGE_NT_HEADERS64
.ENDIF
movzx ecx, cx
assume edx:ptr IMAGE_SECTION_HEADER
.while ecx > 0
.if edi >= [edx].VirtualAddress
mov eax, [edx].VirtualAddress
add eax, [edx].SizeOfRawData
.if edi < eax
mov eax, [edx].VirtualAddress
sub edi, eax
mov eax, [edx].PointerToRawData
add eax, edi
add eax, hMap
ret
.endif
.endif
add edx,sizeof IMAGE_SECTION_HEADER
dec ecx
.endw
assume edx:nothing
assume esi:nothing
mov eax,edi
ret
RVAToFileMap endp
FindImport proc
LOCAL temp[512]:BYTE
LOCAL i:DWORD
mov i, 0
mov esi, hMap
assume esi:ptr IMAGE_DOS_HEADER
.IF [esi].e_magic == IMAGE_DOS_SIGNATURE
add esi, [esi].e_lfanew
assume esi:ptr IMAGE_NT_HEADERS
.IF [esi].Signature == IMAGE_NT_SIGNATURE
.IF [esi].OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC
mov edi, [esi].OptionalHeader.DataDirectory.VirtualAddress
.ELSEIF [esi].OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC
assume esi: ptr IMAGE_NT_HEADERS64
mov edi, [esi].OptionalHeader.DataDirectory.VirtualAddress
.ENDIF
invoke RVAToFileMap, edi
mov edi, eax
assume edi:ptr IMAGE_EXPORT_DIRECTORY
mov ebx, [edi].NumberOfNames
invoke RVAToFileMap, [edi].AddressOfNames
push eax
invoke WriteFile, ConsoleHandle, addr Menu, 59, addr help, 0
pop esi
.while ebx > 0
invoke RVAToFileMap, dword ptr [esi]
mov edi, eax
invoke lstrlenA, eax
call CalcHash
invoke wsprintf, addr temp, addr template, eax, edi
invoke lstrlenA, addr temp
invoke WriteFile, ConsoleHandle, addr temp, eax, addr help, 0
dec ebx
add esi, 4
inc i
.endw
invoke wsprintf, addr temp, addr Final, i
invoke WriteFile, ConsoleHandle, addr temp, eax, addr help, 0
.ENDIF
.ENDIF
ret
FindImport endp
start:
invoke GetStdHandle, STD_OUTPUT_HANDLE
mov ConsoleHandle, eax
invoke SetConsoleTitleA, addr ConsoleTitle
invoke GetCommandLineW
invoke CommandLineToArgvW, eax, addr argc
.IF argc != 1
add eax, 4
invoke CreateFileW, [eax], GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0
.IF eax != INVALID_HANDLE_VALUE
mov hFile, eax
invoke CreateFileMapping, hFile, 0, PAGE_READONLY, 0, 0, 0
.IF eax != 0
mov hMapping, eax
invoke MapViewOfFile, hMapping, FILE_MAP_READ, 0, 0, 0
.IF eax != 0
mov hMap, eax
invoke FindImport
.ENDIF
invoke CloseHandle, hMapping
.ENDIF
invoke CloseHandle, hFile
.ENDIF
.ELSE
invoke WriteFile, ConsoleHandle, addr help, 60, 0, 0
.ENDIF
ret
end startКакое таинство несёт переход и какая очередная MS шиза принесла погибель?
