estimados..
como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
claudio.leiva wrote:estimados..
como se puede leer y editar una DLL
existe algun descompilador o soft que deje ver el codigo interno
#include "FiveWin.ch"
function Main()
XBrowse( ExportedFunctions( "user32.dll" ) )
return nil
#pragma BEGINDUMP
#include <windows.h>
#include <tlhelp32.h>
#include <imagehlp.h>
#include <hbapi.h>
static void ExportedFunctions( const char * dllName )
{
HMODULE hModule = LoadLibrary( dllName );
PIMAGE_NT_HEADERS pNTHeaders = ImageNtHeader( hModule );
PIMAGE_EXPORT_DIRECTORY pExportDir = ( PIMAGE_EXPORT_DIRECTORY ) ImageRvaToVa( pNTHeaders, hModule, pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, NULL );
DWORD nFunctions = pExportDir->NumberOfFunctions;
PDWORD pNames = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNames, NULL);
PWORD pOrdinals = (PWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfNameOrdinals, NULL);
PDWORD pAddresses = (PDWORD)ImageRvaToVa(pNTHeaders, hModule, pExportDir->AddressOfFunctions, NULL);
DWORD i;
hb_reta( nFunctions );
for( i = 0; i < nFunctions; i++)
{
char * name = ( char * ) ImageRvaToVa( pNTHeaders, hModule, pNames[ i ], NULL );
// WORD ordinal = pOrdinals[ i ];
// FARPROC address = GetProcAddress(hModule, name);
hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
}
FreeLibrary( hModule );
}
HB_FUNC( EXPORTEDFUNCTIONS )
{
ExportedFunctions( hb_parc( 1 ) );
}
#pragma ENDDUMP
#include "FiveWin.ch"
function Main()
XBROWSER ExportedFunctions( "c:\Windows\System32\user32.dll" ) ;
SHOW RECID TITLE "user32.dll exported functions"
return nil
#pragma BEGINDUMP
#include <stdio.h>
#include <windows.h>
#include <hbapi.h>
// A helper function to convert RVAs to file offsets
DWORD RvaToFileOffset(DWORD rva, PIMAGE_SECTION_HEADER pSectionHeaders, WORD nSections)
{
WORD i;
for ( i = 0; i < nSections; i++)
{
if (rva >= pSectionHeaders[i].VirtualAddress && rva < pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].SizeOfRawData)
{
return rva - pSectionHeaders[i].VirtualAddress + pSectionHeaders[i].PointerToRawData;
}
}
return 0;
}
// A function to list the names of the exported functions of a DLL without loading the DLL
void ExportedFunctions(LPCTSTR dllName)
{
// Declare the variables at the top
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pNtHeaders;
PIMAGE_OPTIONAL_HEADER pOptionalHeader;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_EXPORT_DIRECTORY pExportDirectory;
DWORD nNames, i;
PDWORD pAddressOfNames;
PDWORD pAddressOfFunctions;
PWORD pAddressOfNameOrdinals;
DWORD nameRva;
DWORD nameOffset;
LPSTR name;
// Open the DLL file and get a handle to it
hFile = CreateFile(dllName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("Failed to open %s\n", dllName);
return;
}
// Create a file mapping object for the DLL file and get a handle to it
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (hFileMapping == NULL)
{
printf("Failed to create file mapping for %s\n", dllName);
CloseHandle(hFile);
return;
}
// Map a view of the file mapping object into the address space of the current process and get a pointer to it
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if (lpFileBase == NULL)
{
printf("Failed to map view of file for %s\n", dllName);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return;
}
// Access the DOS header of the DLL file
pDosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
// Access the PE header of the DLL file
pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)lpFileBase + pDosHeader->e_lfanew);
// Verify that the DLL file is a valid PE file
if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE)
{
printf("%s is not a valid PE file\n", dllName);
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return;
}
// Access the optional header of the DLL file
pOptionalHeader = &pNtHeaders->OptionalHeader;
// Access the data directory array of the DLL file
pDataDirectory = pOptionalHeader->DataDirectory;
// Access the export directory of the DLL file
pExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)lpFileBase + RvaToFileOffset(pDataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
// Get the number and addresses of exported names, functions, and ordinals
nNames = pExportDirectory->NumberOfNames;
hb_reta( nNames );
pAddressOfNames = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNames, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
pAddressOfFunctions = (PDWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfFunctions, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
pAddressOfNameOrdinals = (PWORD)((DWORD)lpFileBase + RvaToFileOffset(pExportDirectory->AddressOfNameOrdinals, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections));
// Loop through each exported name and print it
for ( i = 0; i < nNames; i++)
{
nameRva = pAddressOfNames[i];
nameOffset = RvaToFileOffset(nameRva, IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections);
name = (LPSTR)((DWORD)lpFileBase + nameOffset);
hb_arraySetC( hb_param( -1, HB_IT_ARRAY ), i + 1, name );
}
// Unmap the view of the file, close the file mapping object and the file handle
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
HB_FUNC( EXPORTEDFUNCTIONS )
{
ExportedFunctions( hb_parc( 1 ) );
}
#pragma ENDDUMP
Return to FiveWin para Harbour/xHarbour
Users browsing this forum: Google [Bot], paquitohm and 42 guests