OBJ分析代码

OBJ分析代码

2010-08-07 21:31 467人阅读 评论(0) 收藏 举报

headerimagefiletablestringstruct

紧跟着上一篇，自己写了个简单的分析OBJ的源代码，知道了基本的COFF结构以后其实分析起来不难，但是要以比较整齐的方式输入比较麻烦，于是乎...代码变得很难看...将就一下吧，以实现功能为主...争取下次写PE分析代码的时候好好重构一下...

 

"pch.cpp"是一个预编译头文件：cl pch.cpp /Yc

 

pch.h:

#include <afxwin.h>

#include <afxext.h>

#include <afxdisp.h>

#include <afxdtctl.h>

#include <afxcmn.h>

 

[cpp] view plaincopy

1. #include "pch.h"  
2. #include <iostream>  
3. #include <fstream>  
4. #include <iomanip>  
5. using namespace std;  
6. #define C(X) ((unsigned char)(fileHeader[X]) + 0)  
7. #define D(X) ((unsigned char)(sectionHeader[X]) + 0)  
8. #define E(X) ((unsigned char)(pSymbolData[X]) + 0)  
9. #define PRINT_ADDRESS(X) (cout<<right<<"0x"<<setfill('0')<<setw(8)<<address(X)<<" "<<setw(2))  
10. // Get current address  
11. int address(int size)  
12. {  
13.     static int presize = 0;  
14.     static int address = 0;  
15.     address += presize;  
16.     presize  = size;  
17.       
18.     return address;  
19. }  
20. int main(int argc, char *agrv[])  
21. {  
22.     if(argc != 2)  
23.     {  
24.         cout<<"Usage: objview.exe C://sample.obj"<<endl;  
25.         return 0;  
26.     }  
27.       
28.     fstream file(agrv[1], ios_base::in | ios::binary);  
29.     if(!file.is_open())  
30.     {  
31.         cout<<"ERROR: Invalid File Name!"<<endl;  
32.         return 0;         
33.     }  
34.    
35.     cout<<setiosflags(ios::uppercase);  
36.     cout.setf(ios_base::hex, ios_base::basefield);  
37.       
38. /*  -----COFF File Header - 20byte----- 
39.     typedef struct _IMAGE_FILE_HEADER { 
40.         WORD  Machine; 
41.         WORD  NumberOfSections; 
42.         DWORD TimeDateStamp; 
43.         DWORD PointerToSymbolTable; 
44.         DWORD NumberOfSymbols; 
45.         WORD  SizeOfOptionalHeader; 
46.         WORD  Characteristics; 
47.     } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; 
48.  */   
49.     IMAGE_FILE_HEADER File_Header;  
50.     char fileHeader[sizeof(File_Header)] = {0};  
51.     file.read(fileHeader, sizeof(fileHeader));  
52.     memcpy(&File_Header, fileHeader, sizeof(File_Header));  
53.       
54.     cout<<"---------------------------COFF FILE HEAD---------------------------"<<endl;  
55.     PRINT_ADDRESS(2)<<C(0)<<" "<<setw(2)<<C(1)  
56.                     <<setfill(' ')<<setw(30)<<" "<<"// Machine"<<endl;  
57.     PRINT_ADDRESS(2)<<C(2)<<" "<<setw(2)<<C(3)  
58.                     <<setfill(' ')<<setw(30)<<" "<<"// NumberOfSections"<<endl;  
59.     PRINT_ADDRESS(4)<<C(4)<<" "<<setw(2)<<C(5)<<" "<<setw(2)<<C(6)<<" "<<setw(2)<<C(7)  
60.                     <<setfill(' ')<<setw(24)<<" "<<"// TimeDateStamp"<<endl;  
61.     PRINT_ADDRESS(4)<<C(8)<<" "<<setw(2)<<C(9)<<" "<<setw(2)<<C(10)<<" "<<setw(2)<<C(11)  
62.                     <<setfill(' ')<<setw(24)<<" "<<"// PointerTosymbolTable"<<endl;  
63.     PRINT_ADDRESS(4)<<C(12)<<" "<<setw(2)<<C(13)<<" "<<setw(2)<<C(14)<<" "<<setw(2)<<C(15)  
64.                     <<setfill(' ')<<setw(24)<<" "<<"// NumberOfSymbols"<<endl;  
65.     PRINT_ADDRESS(2)<<C(16)<<" "<<setw(2)<<C(17)  
66.                     <<setfill(' ')<<setw(30)<<" "<<"// SizeOfOptionalHeader"<<endl;  
67.     PRINT_ADDRESS(2)<<C(18)<<" "<<setw(2)<<C(19)  
68.                     <<setfill(' ')<<setw(30)<<" "<<"// Characteristics"<<endl;  
69.     cout<<"------------------------END:  COFF FILE HEAD------------------------"<<endl<<endl;  
70.       
71.     cout<<"Press any key to show section table!"<<endl;  
72.     cin.get();  
73. /*  -----------------Section Table----------------- 
74.     #define IMAGE_SIZEOF_SHORT_NAME              8 
75.     typedef struct _IMAGE_SECTION_HEADER { 
76.         BYTE    Name[IMAGE_SIZEOF_SHORT_NAME]; 
77.         union { 
78.                 DWORD   PhysicalAddress; 
79.                 DWORD   VirtualSize; 
80.         } Misc; 
81.         DWORD   VirtualAddress; 
82.         DWORD   SizeOfRawData; 
83.         DWORD   PointerToRawData; 
84.         DWORD   PointerToRelocations; 
85.         DWORD   PointerToLinenumbers; 
86.         WORD    NumberOfRelocations; 
87.         WORD    NumberOfLinenumbers; 
88.         DWORD   Characteristics; 
89.     } IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER; 
90.     #define IMAGE_SIZEOF_SECTION_HEADER          40 */  
91.     cout<<"----------------------------SECTION HEAD----------------------------"<<endl;  
92.     IMAGE_SECTION_HEADER *Section_Header_Array = new IMAGE_SECTION_HEADER[File_Header.NumberOfSections];  
93.     for(int i = 0; i < File_Header.NumberOfSections; i++)  
94.     {  
95.         char sectionHeader[sizeof(IMAGE_SECTION_HEADER)] = {0};  
96.         file.read(sectionHeader, sizeof(sectionHeader));  
97.         memcpy(&Section_Header_Array[i], sectionHeader, sizeof(IMAGE_SECTION_HEADER));  
98.           
99.         cout<<"section name: "<<(char*)(Section_Header_Array[i].Name)<<endl;  
100.         PRINT_ADDRESS(8)<<D(0)<<" "<<setw(2)<<D(1)<<" "<<setw(2)<<D(2)<<" "<<setw(2)<<D(3)<<" "  
101.                         <<setw(2)<<D(4)<<" "<<setw(2)<<D(5)<<" "<<setw(2)<<D(6)<<" "<<setw(2)<<D(7)  
102.                         <<setfill(' ')<<setw(12)<<" "<<"// Name"<<endl;  
103.         PRINT_ADDRESS(4)<<D(8)<<" "<<setw(2)<<D(9)<<" "<<setw(2)<<D(10)<<" "<<setw(2)<<D(11)  
104.                         <<setfill(' ')<<setw(24)<<" "<<"// VirtualSize"<<endl;  
105.         PRINT_ADDRESS(4)<<D(12)<<" "<<setw(2)<<D(13)<<" "<<setw(2)<<D(14)<<" "<<setw(2)<<D(15)  
106.                         <<setfill(' ')<<setw(24)<<" "<<"// VirtualAddress"<<endl;  
107.         PRINT_ADDRESS(4)<<D(16)<<" "<<setw(2)<<D(17)<<" "<<setw(2)<<D(18)<<" "<<setw(2)<<D(19)  
108.                         <<setfill(' ')<<setw(24)<<" "<<"// SizeOfRawData"<<endl;  
109.         PRINT_ADDRESS(4)<<D(20)<<" "<<setw(2)<<D(21)<<" "<<setw(2)<<D(22)<<" "<<setw(2)<<D(23)  
110.                         <<setfill(' ')<<setw(24)<<" "<<"// PointerToRawData"<<endl;  
111.         PRINT_ADDRESS(4)<<D(24)<<" "<<setw(2)<<D(25)<<" "<<setw(2)<<D(26)<<" "<<setw(2)<<D(27)  
112.                         <<setfill(' ')<<setw(24)<<" "<<"// PointerToRelocations"<<endl;  
113.         PRINT_ADDRESS(4)<<D(28)<<" "<<setw(2)<<D(29)<<" "<<setw(2)<<D(30)<<" "<<setw(2)<<D(31)  
114.                         <<setfill(' ')<<setw(24)<<" "<<"// PointerToLinenumbers"<<endl;  
115.         PRINT_ADDRESS(2)<<D(32)<<" "<<setw(2)<<D(33)  
116.                         <<setfill(' ')<<setw(30)<<" "<<"// NumberOfRelocations"<<endl;  
117.         PRINT_ADDRESS(2)<<D(34)<<" "<<setw(2)<<D(35)  
118.                         <<setfill(' ')<<setw(30)<<" "<<"// NumberOfLinenumbers"<<endl;  
119.         PRINT_ADDRESS(4)<<D(36)<<" "<<setw(2)<<D(37)<<" "<<setw(2)<<D(38)<<" "<<setw(2)<<D(39)  
120.                         <<setfill(' ')<<setw(24)<<" "<<"// Characteristics"<<endl;  
121.     }  
122.     cout<<"--------------------------END:  SECTION HEAD-------------------------"<<endl<<endl;  
123.       
124.     cout<<"Press any key to show each sections!"<<endl;  
125.     cin.get();  
126.       
127.     for(int i = 0; i < File_Header.NumberOfSections; i++)  
128.     {  
129.         DWORD dAddr = Section_Header_Array[i].PointerToRawData;  
130.         DWORD dSize = Section_Header_Array[i].SizeOfRawData;  
131.         DWORD dEndr = (dAddr == 0) ? 0 : (dAddr + dSize);  
132.         cout<<"---------------SECTION DATA: "<<(char*)(Section_Header_Array[i].Name)<<"----------------"<<endl;  
133.         cout<<left<<setfill(' ')<<setw(20)<<"section name: "<<(char*)(Section_Header_Array[i].Name)<<endl;  
134.         cout<<left<<setfill(' ')<<setw(20)<<"start address: "<<"0x"<<right<<setfill('0')<<setw(8)<<dAddr<<endl;  
135.         cout<<left<<setfill(' ')<<setw(20)<<"data size: "<<Section_Header_Array[i].SizeOfRawData<<endl;  
136.         cout<<left<<setfill(' ')<<setw(20)<<"end address: "<<"0x"<<right<<setfill('0')<<setw(8)<<dEndr<<endl;  
137.           
138.         // .bbs setction doesn't have any data  
139.         if(dAddr != 0)  
140.         {  
141.             file.seekg(dAddr, ios::beg);  
142.             char* pData = new char[dSize];  
143.             file.read(pData, dSize);  
144.               
145.             cout<<left<<setfill(' ')<<setw(20)<<"data: ";  
146.             for(int j = 0; j < dSize; j++)  
147.             {  
148.                 cout<<right<<setw(2)<<setfill('0')<<(unsigned char)(pData[j]) + 0<<" ";  
149.             }  
150.             address(Section_Header_Array[i].SizeOfRawData);  
151.             cout<<endl;  
152.               
153.             // relocation data in .text section  
154.             if(Section_Header_Array[i].NumberOfRelocations != 0)  
155.             {  
156.                 /*typedef struct _IMAGE_RELOCATION { 
157.                     union { 
158.                         DWORD   VirtualAddress; 
159.                         DWORD   RelocCount; 
160.                     } DUMMYUNIONNAME; 
161.                     DWORD       SymbolTableIndex; 
162.                     WORD        Type; 
163.                 } IMAGE_RELOCATION; 
164.                 typedef IMAGE_RELOCATION UNALIGNED *PIMAGE_RELOCATION; */  
165.                   
166.                 DWORD dRelocationNum  = Section_Header_Array[i].NumberOfRelocations;  
167.                 DWORD dImageSize      = sizeof(IMAGE_RELOCATION);  
168.                 char* pRelocationData = new char[dRelocationNum * dImageSize];  
169.                 file.seekg(Section_Header_Array[i].PointerToRelocations, ios::beg);  
170.                 file.read(pRelocationData, dRelocationNum * dImageSize);  
171.                       
172.                 cout<<left<<setfill(' ')<<setw(20)<<"relacation: "  
173.                     <<"VirtualAddress "<<"SymbolTableIndex "<<"Type"<<endl;  
174.                 for(int k = 0; k < dRelocationNum; k++)  
175.                 {  
176.                     PRINT_ADDRESS(dImageSize)<<"         ";  
177.                     for(int n = 0; n < dImageSize; n++)  
178.                     {  
179.                         cout<<right<<setw(2)<<setfill('0')  
180.                             <<(unsigned char)(pRelocationData[n+k*dImageSize]) + 0<<" ";  
181.                         if((n+1)%4 == 0)  
182.                             cout<<"    ";  
183.                     }  
184.                     cout<<endl;  
185.                 }  
186.                 delete[] pRelocationData;  
187.             }  
188.               
189.             delete[] pData;  
190.         }  
191.         cout<<"-------------SECTION DATA END: "<<(char*)(Section_Header_Array[i].Name)<<"--------------"<<endl<<endl;  
192.     }  
193.       
194. /*  typedef struct _IMAGE_SYMBOL { 
195.     union { 
196.         BYTE    ShortName[8]; 
197.         struct { 
198.                 DWORD   Short;     // if 0, use LongName 
199.                 DWORD   Long;      // offset into string table 
200.             } Name; 
201.             DWORD   LongName[2];  
202.         } N; 
203.         DWORD   Value; 
204.         SHORT   SectionNumber; 
205.         WORD    Type; 
206.         BYTE    StorageClass; 
207.         BYTE    NumberOfAuxSymbols; 
208.     } IMAGE_SYMBOL; 
209.     typedef IMAGE_SYMBOL UNALIGNED *PIMAGE_SYMBOL; 
210.     #define IMAGE_SIZEOF_SYMBOL  18 */  
211.       
212.     cout<<"Press any key to show symbol table!"<<endl;  
213.     cin.get();  
214.                   
215.     cout<<"----------------------------SYMBOL TABLE----------------------------"<<endl;  
216.     DWORD dSymbolTableSize = sizeof(IMAGE_SYMBOL);  
217.     for(int i = 0; i < File_Header.NumberOfSymbols; i++)  
218.     {  
219.         IMAGE_SYMBOL Symbol_Data;  
220.         char* pSymbolData = new char[dSymbolTableSize];  
221.         memcpy(&Symbol_Data, pSymbolData, sizeof(IMAGE_SYMBOL));  
222.         file.seekg(File_Header.PointerToSymbolTable + i*dSymbolTableSize, ios::beg);  
223.         file.read(pSymbolData, dSymbolTableSize);  
224.           
225.         static bool bHasAppendedTablePrevious = false;  
226.           
227.         if(bHasAppendedTablePrevious)  
228.             cout<<"symbol name: APPENDED TABLE"<<endl;  
229.         else  
230.             cout<<"symbol name: "<<pSymbolData<<endl;  
231.               
232.         if(pSymbolData[dSymbolTableSize - 1] != 0)  
233.             bHasAppendedTablePrevious = true;  
234.         else  
235.             bHasAppendedTablePrevious = false;  
236.               
237.         PRINT_ADDRESS(8)<<E(0)<<" "<<setw(2)<<E(1)<<" "<<setw(2)<<E(2)<<" "<<setw(2)<<E(3)<<" "  
238.                         <<setw(2)<<E(4)<<" "<<setw(2)<<E(5)<<" "<<setw(2)<<E(6)<<" "<<setw(2)<<E(7)  
239.                         <<setfill(' ')<<setw(12)<<" "<<"// Name"<<endl;  
240.         PRINT_ADDRESS(4)<<E(8)<<" "<<setw(2)<<E(9)<<" "<<setw(2)<<E(10)<<" "<<setw(2)<<E(11)  
241.                         <<setfill(' ')<<setw(24)<<" "<<"// Value"<<endl;  
242.         PRINT_ADDRESS(2)<<E(12)<<" "<<setw(2)<<E(13)  
243.                         <<setfill(' ')<<setw(30)<<" "<<"// SectionNumber"<<endl;  
244.         PRINT_ADDRESS(2)<<E(14)<<" "<<setw(2)<<E(15)  
245.                         <<setfill(' ')<<setw(30)<<" "<<"// Type"<<endl;  
246.         PRINT_ADDRESS(1)<<E(16)<<" "<<setfill(' ')<<setw(32)<<" "<<"// StorageClass"<<endl;  
247.         PRINT_ADDRESS(1)<<E(17)<<" "<<setfill(' ')<<setw(32)<<" "<<"// NumberOfAuxSymbols"<<endl;  
248.           
249.         delete[] pSymbolData;  
250.     }  
251.     cout<<"-------------------------END:  SYMBOL TABLE-------------------------"<<endl<<endl;  
252.       
253.     cout<<"Press any key to show string table!"<<endl;  
254.     cin.get();  
255.       
256.     cout<<"----------------------------STRING TABLE----------------------------"<<endl;  
257.     int iStringTableSize = 0;  
258.     file.read((char*)(&iStringTableSize), 4);  
259.     cout<<"SIZE OF STRING TABLE: "<<iStringTableSize<<endl;  
260.       
261.     while(true)  
262.     {  
263.         static int iOffset = 4;  
264.         char ch = file.get();  
265.           
266.         if(iOffset == 4)  
267.             cout<<left<<"OFFSET FROM STRING TABLE:  "<<right<<setw(8)<<setfill('0')<<iOffset<<"        ";  
268.               
269.         iOffset++;  
270.           
271.         if(ch == EOF || iOffset == iStringTableSize)   
272.             break;  
273.         else if(ch == 0)   
274.             cout<<endl<<left<<"OFFSET FROM STRING TABLE:  "<<right<<setw(8)<<setfill('0')<<iOffset<<"        ";  
275.         else   
276.             cout<<ch;  
277.     }  
278.     cout<<endl<<"-------------------------END OF STRING TABLE-------------------------"<<endl;  
279.       
280.     cout<<endl<<"THE END!"<<endl;  
281.     file.close();  
282. }