其他语言

本类阅读TOP10

·基于Solaris 开发环境的整体构思
·使用AutoMake轻松生成Makefile
·BCB数据库图像保存技术
·GNU中的Makefile
·射频芯片nRF401天线设计的分析
·iframe 的自适应高度
·BCB之Socket通信
·软件企业如何实施CMM
·入门系列--OpenGL最简单的入门
·WIN95中日志钩子(JournalRecord Hook)的使用

分类导航
VC语言Delphi
VB语言ASP
PerlJava
Script数据库
其他语言游戏开发
文件格式网站制作
软件工程.NET开发
PE文件有效性检查源程序

作者:未知 来源:月光软件站 加入时间:2005-5-13 月光软件站

.386
.model flat,stdcall
option casemap:none
include C:\masm32\include\windows.inc
include C:\masm32\include\kernel32.inc
include C:\masm32\include\comdlg32.inc
include C:\masm32\include\user32.inc
includelib C:\masm32\lib\user32.lib
includelib C:\masm32\lib\kernel32.lib
includelib C:\masm32\lib\comdlg32.lib
SEH struct
PrevLink dd ?
 CurrentHandler dd ?
 SafeOffset dd ?
 PrevEsp dd ?
 PrevEbp dd ?
SEH ends
.data
AppName db "PE 格式检验程序",0
ofn OPENFILENAME <>
FilterString db "Executable Files (*.exe,*.dll)",0,"*.exe;*.dll",0
    db "All Files",0,"*.*",0,0
FileOpenError db "无法读取文件",0
FileOpenMappingError db "无法打开要映射的文件",0
FileMappingError db "无法把文件映射到内存",0
FileValidPE  db "这个文件是一个有效的PE格式文件",0
FileInValidPE db "这个文件不是一个有效的PE格式文件",0

.data?
buffer db 512 dup(?)
hFile dd ?
hMapping dd ?
pMapping dd ?
ValidPE dd ?
.code
start proc
LOCAL seh:SEH
mov ofn.lStructSize,SIZEOF ofn
mov ofn.lpstrFilter,OFFSET FilterString
mov ofn.lpstrFile,OFFSET buffer
mov ofn.nMaxFile,512
mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLY
invoke GetOpenFileName,ADDR ofn
.if eax==TRUE
 invoke CreateFile,addr buffer,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
  .if eax!=INVALID_HANDLE_VALUE
   mov hFile,eax
   invoke CreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,0
   .if eax!=NULL
    mov hMapping,eax
    invoke MapViewOfFile,hMapping,FILE_MAP_READ,0,0,0
    .if eax!=NULL
     mov pMapping,eax
     assume fs:nothing
     push fs:[0]
     pop seh.PrevLink
     mov seh.CurrentHandler,offset SEHHandler
     mov seh.SafeOffset,offset FinalExit
     lea eax,seh
     mov fs:[0],eax
     mov seh.PrevEsp,esp
     mov seh.PrevEbp,ebp
     mov edi,pMapping
     assume edi:ptr IMAGE_DOS_HEADER
     .if [edi].e_magic==IMAGE_DOS_SIGNATURE
       add edi,[edi].e_lfanew
       assume edi:ptr IMAGE_NT_HEADERS
       .if [edi].Signature==IMAGE_NT_SIGNATURE
       mov ValidPE,TRUE
       .else
        mov ValidPE,FALSE
       .endif
     .else
       mov ValidPE,FALSE
     .endif
FinalExit:
     .if ValidPE==TRUE
      invoke MessageBox,0,addr FileValidPE,addr AppName,MB_OK+MB_ICONINFORMATION
     .else
      invoke MessageBox,0,addr FileInValidPE,addr AppName,MB_OK+MB_ICONINFORMATION
     .endif
    push seh.PrevLink
    pop fs:[0]
    invoke UnmapViewOfFile,pMapping
   .else
    invoke MessageBox,0,addr FileMappingError,addr AppName,MB_OK+MB_ICONERROR
   .endif
   invoke CloseHandle,hMapping
  .else
   invoke MessageBox,0,addr FileOpenMappingError,addr AppName,MB_OK+MB_ICONERROR
  .endif
   invoke CloseHandle,hFile
 .else
  invoke MessageBox,0,addr FileOpenError,addr AppName,MB_OK+MB_ICONERROR
 .endif 
.endif
invoke ExitProcess,0
start endp
SEHHandler proc C uses edx pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
 mov edx,pFrame
 assume edx:ptr SEH
 mov eax,pContext
 assume eax:ptr CONTEXT
 push [edx].SafeOffset
 pop [eax].regEip
 push [edx].PrevEsp
 pop [eax].regEsp
 push [edx].PrevEbp
 pop [eax].regEbp
 mov ValidPE,FALSE
 mov eax,ExceptionContinueExecution
 ret
SEHHandler endp
end start



相关文章

相关软件