Win32 遍历重定位数据

  1 .386
  2 .model flat,stdcall
  3 option casemap:none
  4 
  5 include Windows.inc
  6 include User32.inc
  7 include Kernel32.inc
  8 includelib User32.lib
  9 includelib Kernel32.lib
 10 
 11 .data
 12 hBase  dd  ?
 13 szDllBuf  db  'd:\asm\SpiShow.dll',0
 14 .code
 15 _RVAToOffset proc _lpFileHead,_dwRVA
 16 local @dwReturn 
 17 pushad
 18 
 19 mov esi,_lpFileHead
 20 assume esi:ptr IMAGE_DOS_HEADER  ;获取DOS头
 21 
 22 add esi,[esi].e_lfanew
 23 assume esi:ptr IMAGE_NT_HEADERS ;获取NT头
 24 
 25 mov edi,_dwRVA
 26 mov edx,esi
 27 add edx,sizeof IMAGE_NT_HEADERS ;获取到节表
 28 assume edx:ptr IMAGE_SECTION_HEADER
 29 
 30 movzx ecx,[esi].FileHeader.NumberOfSections ;获取到节个数
 31 .repeat 
 32 
 33  mov eax,[edx].VirtualAddress 
 34  add eax,[edx].SizeOfRawData
 35  .if  ( edi >=[edx].VirtualAddress ) && (edi < eax)
 36   mov eax,[edx].VirtualAddress 
 37   sub edi,eax
 38   mov eax,[edx].PointerToRawData
 39   add eax,edi
 40   jmp @F
 41  .endif
 42  add edx,sizeof IMAGE_SECTION_HEADER
 43 .untilcxz
 44 assume esi: nothing
 45 assume edx: nothing
 46 mov eax ,-1
 47  @@:
 48  mov @dwReturn ,eax
 49  popad
 50  mov eax,@dwReturn 
 51  ret  
 52 _RVAToOffset endp
 53 
 54 _GetRelocInfo  proc  _dwBase
 55  pushad
 56  mov esi,_dwBase
 57  add esi,[esi+3ch]
 58  assume esi : ptr IMAGE_NT_HEADERS
 59  mov eax,[esi].OptionalHeader.DataDirectory[8*5].VirtualAddress
 60  push eax
 61  invoke _RVAToOffset,_dwBase,eax
 62  add eax,_dwBase
 63  mov esi,eax
 64  assume esi : ptr IMAGE_BASE_RELOCATION
 65  pop eax
 66  .while [esi].VirtualAddress
 67   lodsd 
 68   mov ebx,eax
 69   lodsd
 70   sub eax,sizeof IMAGE_BASE_RELOCATION
 71   shr eax,1
 72   push eax
 73   pop ecx
 74   xor edi,edi
 75   .repeat
 76   push ecx
 77   lodsw
 78   mov cx,ax
 79   and cx,0f000h
 80   .if cx == 03000h
 81    and ax,0fffh
 82    movzx eax,ax
 83    add eax,ebx
 84   .else
 85    mov eax,-1
 86   .endif
 87   inc edi
 88   pop ecx
 89  .untilcxz
 90  .endw
 91 
 92 _Ret:
 93  popad
 94  ret
 95 _GetRelocInfo  endp
 96 
 97 _OpenFile proc  _lpFilePath
 98  local @hFile
 99  local @Ret
100  local @hMap
101  pushad 
102  invoke CreateFile,_lpFilePath,GENERIC_READ,\
103     FILE_SHARE_READ,\
104     NULL,OPEN_EXISTING,\
105     FILE_ATTRIBUTE_ARCHIVE,\
106     NULL
107  .if !eax
108   jmp _Ret
109  .endif
110  mov @hFile,eax
111  invoke CreateFileMapping,@hFile,NULL,PAGE_READONLY,\
112        0,0,NULL
113  mov @hMap,eax
114  invoke MapViewOfFile,@hMap,FILE_MAP_READ,0,0,0
115  mov @Ret,eax
116  invoke CloseHandle,@hFile
117  invoke CloseHandle,@hMap
118 _Ret:
119  popad
120  mov eax,@Ret
121  ret
122 _OpenFile endp
123 
124 start:
125  invoke _OpenFile,offset szDllBuf
126  mov hBase,eax
127  invoke _GetRelocInfo,hBase
128  invoke ExitProcess,NULL
129 end start