网站设计培训成都dw如何做网站后台
张小明 2026/1/8 13:22:47
网站设计培训成都,dw如何做网站后台,安徽省两学一做网站专栏,内江网站建设0832hdsj请下载 范例。理论:到本课为止#xff0c;我们已经学了许多关于 DOS header 和 PE header 的知识。接下来就该轮到 section table#xff08;节表#xff09;了。节表其实就是紧挨着 PE header 的一结构数组。该数组成员的数目由 file header (IMAGE_FILE_HEADER) 结构中 Nu…请下载 范例。理论:到本课为止我们已经学了许多关于 DOS header 和 PE header 的知识。接下来就该轮到 section table节表了。节表其实就是紧挨着 PE header 的一结构数组。该数组成员的数目由 file header (IMAGE_FILE_HEADER) 结构中 NumberOfSections 域的域值来决定。节表结构又命名为 IMAGE_SECTION_HEADER。IMAGE_SIZEOF_SHORT_NAME equ 8IMAGE_SECTION_HEADER STRUCTName1 db IMAGE_SIZEOF_SHORT_NAME dup(?)union MiscPhysicalAddress dd ?VirtualSize dd ?endsVirtualAddress dd ?SizeOfRawData dd ?PointerToRawData dd ?PointerToRelocations dd ?PointerToLinenumbers dd ? 哦NumberOfRelocations dw ?NumberOfLinenumbers dw ?Characteristics dd ?IMAGE_SECTION_HEADER ENDS同样不是所有成员都是很有用的我们只关心那些真正重要的。FieldMeaningsName1事实上本域的名称是name只是name已被MASM用作关键字所以我们只能用Name1代替。这儿的节名长不超过8字节。记住节名仅仅是个标记而已我们选择任何名字甚至空着也行注意这里不用null结束。命名不是一个ASCIIZ字符串所以不用null结尾。VirtualAddress本节的RVA相对虚拟地址。PE装载器将节映射至内存时会读取本值因此如果域值是1000h而PE文件装在地址400000h处那么本节就被载到401000h。SizeOfRawData经过文件对齐处理后节尺寸PE装载器提取本域值了解需映射入内存的节字节数。译者注: 假设一个文件的文件对齐尺寸是0x200如果前面的 VirtualSize域指示本节长度是0x388字节则本域值为0x400表示本节是0x400字节长。PointerToRawData这是节基于文件的偏移量PE装载器通过本域值找到节数据在文件中的位置。Characteristics包含标记以指示节属性比如节是否含有可执行代码、初始化数据、未初始数据是否可写、可读等。现在我们已知晓 IMAGE_SECTION_HEADER 结构再来模拟一下 PE装载器的工作吧:读取 IMAGE_FILE_HEADER 的 NumberOfSections域知道文件的节数目。SizeOfHeaders 域值作为节表的文件偏移量并以此定位节表。遍历整个结构数组检查各成员值。对于每个结构我们读取PointerToRawData域值并定位到该文件偏移量。然后再读取SizeOfRawData域值来决定映射内存的字节数。将VirtualAddress域值加上ImageBase域值等于节起始的虚拟地址。然后就准备把节映射进内存并根据Characteristics域值设置属性。遍历整个数组直至所有节都已处理完毕。注意我们并没有使用节名: 这其实并不重要。示例:本例程打开一PE文件遍历其节表并在列表框控件显示各节的信息。.386.model flat,stdcalloption casemap:noneinclude \masm32\include\windows.incinclude \masm32\include\kernel32.incinclude \masm32\include\comdlg32.incinclude \masm32\include\user32.incinclude \masm32\include\comctl32.incincludelib \masm32\lib\comctl32.libincludelib \masm32\lib\user32.libincludelib \masm32\lib\kernel32.libincludelib \masm32\lib\comdlg32.libIDD_SECTIONTABLE equ 104IDC_SECTIONLIST equ 1001SEH structPrevLink dd ? ; the address of the previous seh structureCurrentHandler dd ? ; the address of the new exception handlerSafeOffset dd ? ; The offset where its safe to continue executionPrevEsp dd ? ; the old value in espPrevEbp dd ? ; The old value in ebpSEH ends.dataAppName db PE tutorial no.5,0ofn OPENFILENAME FilterString db Executable Files (*.exe, *.dll),0,*.exe;*.dll,0db All Files,0,*.*,0,0FileOpenError db Cannot open the file for reading,0FileOpenMappingError db Cannot open the file for memory mapping,0FileMappingError db Cannot map the file into memory,0FileInValidPE db This file is not a valid PE,0template db %08lx,0SectionName db Section,0VirtualSize db V.Size,0VirtualAddress db V.Address,0SizeOfRawData db Raw Size,0RawOffset db Raw Offset,0Characteristics db Characteristics,0.data?hInstance dd ?buffer db 512 dup(?)hFile dd ?hMapping dd ?pMapping dd ?ValidPE dd ?NumberOfSections dd ?.codestart procLOCAL seh:SEHinvoke GetModuleHandle,NULLmov hInstance,eaxmov ofn.lStructSize,SIZEOF ofnmov ofn.lpstrFilter, OFFSET FilterStringmov ofn.lpstrFile, OFFSET buffermov ofn.nMaxFile,512mov ofn.Flags, OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST or OFN_LONGNAMES or OFN_EXPLORER or OFN_HIDEREADONLYinvoke GetOpenFileName, ADDR ofn.if eaxTRUEinvoke CreateFile, addr buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL.if eax!INVALID_HANDLE_VALUEmov hFile, eaxinvoke CreateFileMapping, hFile, NULL, PAGE_READONLY,0,0,0.if eax!NULLmov hMapping, eaxinvoke MapViewOfFile,hMapping,FILE_MAP_READ,0,0,0.if eax!NULLmov pMapping,eaxassume fs:nothingpush fs:[0]pop seh.PrevLinkmov seh.CurrentHandler,offset SEHHandlermov seh.SafeOffset,offset FinalExitlea eax,sehmov fs:[0], eaxmov seh.PrevEsp,espmov seh.PrevEbp,ebpmov edi, pMappingassume edi:ptr IMAGE_DOS_HEADER.if [edi].e_magicIMAGE_DOS_SIGNATUREadd edi, [edi].e_lfanewassume edi:ptr IMAGE_NT_HEADERS.if [edi].SignatureIMAGE_NT_SIGNATUREmov ValidPE, TRUE.elsemov ValidPE, FALSE.endif.elsemov ValidPE,FALSE.endifFinalExit:push seh.PrevLinkpop fs:[0].if ValidPETRUEcall ShowSectionInfo.elseinvoke MessageBox, 0, addr FileInValidPE, addr AppName, MB_OKMB_ICONINFORMATION.endifinvoke UnmapViewOfFile, pMapping.elseinvoke MessageBox, 0, addr FileMappingError, addr AppName, MB_OKMB_ICONERROR.endifinvoke CloseHandle,hMapping.elseinvoke MessageBox, 0, addr FileOpenMappingError, addr AppName, MB_OKMB_ICONERROR.endifinvoke CloseHandle, hFile.elseinvoke MessageBox, 0, addr FileOpenError, addr AppName, MB_OKMB_ICONERROR.endif.endifinvoke ExitProcess, 0invoke InitCommonControlsstart endpSEHHandler proc uses edx pExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORDmov edx,pFrameassume edx:ptr SEHmov eax,pContextassume eax:ptr CONTEXTpush [edx].SafeOffsetpop [eax].regEippush [edx].PrevEsppop [eax].regEsppush [edx].PrevEbppop [eax].regEbpmov ValidPE, FALSEmov eax,ExceptionContinueExecutionretSEHHandler endpDlgProc proc uses edi esi hDlg:DWORD, uMsg:DWORD, wParam:DWORD, lParam:DWORDLOCAL lvc:LV_COLUMNLOCAL lvi:LV_ITEM.if uMsgWM_INITDIALOGmov esi, lParammov lvc.imask,LVCF_FMT or LVCF_TEXT or LVCF_WIDTH or LVCF_SUBITEMmov lvc.fmt,LVCFMT_LEFTmov lvc.lx,80mov lvc.iSubItem,0mov lvc.pszText,offset SectionNameinvoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,0,addr lvc inc lvc.iSubItemmov lvc.fmt,LVCFMT_RIGHTmov lvc.pszText,offset VirtualSizeinvoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,1,addr lvcinc lvc.iSubItemmov lvc.pszText,offset VirtualAddressinvoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,2,addr lvcinc lvc.iSubItemmov lvc.pszText,offset SizeOfRawDatainvoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,3,addr lvcinc lvc.iSubItemmov lvc.pszText,offset RawOffsetinvoke SendDlgItemMessage,hDlg,IDC_SECTIONLIST,LVM_INSERTCOLUMN,4,a