├── DumpModuleDlg.cpp ├── DumpModuleDlg.h ├── GenericPurposeMethods.cpp ├── GenericPurposeMethods.h ├── ModulesDlg.cpp ├── ModulesDlg.h ├── NativeDumper.aps ├── NativeDumper.clw ├── NativeDumper.cpp ├── NativeDumper.dsp ├── NativeDumper.dsw ├── NativeDumper.h ├── NativeDumper.ico ├── NativeDumper.ncb ├── NativeDumper.opt ├── NativeDumper.plg ├── NativeDumper.rc ├── NativeDumper.rc2 ├── NativeDumperDlg.cpp ├── NativeDumperDlg.h ├── NewEdit.cpp ├── NewEdit.h ├── README.md ├── ReadMe.txt ├── StdAfx.cpp ├── StdAfx.h └── resource.h /DumpModuleDlg.cpp: -------------------------------------------------------------------------------- 1 | // DumpModuleDlg.cpp : implementation file 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "NativeDumper.h" 6 | #include "DumpModuleDlg.h" 7 | #include "GenericPurposeMethods.h" 8 | #include "windows.h" 9 | #include "winbase.h" 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | #ifdef _DEBUG 16 | #define new DEBUG_NEW 17 | #undef THIS_FILE 18 | static char THIS_FILE[] = __FILE__; 19 | #endif 20 | 21 | ///////////////////////////////////////////////////////////////////////////// 22 | // DumpModuleDlg dialog 23 | 24 | 25 | DumpModuleDlg::DumpModuleDlg(CWnd* pParent /*=NULL*/) 26 | : CDialog(DumpModuleDlg::IDD, pParent) 27 | { 28 | //{{AFX_DATA_INIT(DumpModuleDlg) 29 | // NOTE: the ClassWizard will add member initialization here 30 | //}}AFX_DATA_INIT 31 | } 32 | 33 | DumpModuleDlg& DumpModuleDlg::operator=(DumpModuleDlg& right) 34 | { 35 | // right contains value to be set 36 | // this contains old value 37 | (*this).m_hWnd = right.m_hWnd; 38 | return *this; 39 | 40 | } 41 | 42 | void DumpModuleDlg::DoDataExchange(CDataExchange* pDX) 43 | { 44 | CDialog::DoDataExchange(pDX); 45 | //{{AFX_DATA_MAP(DumpModuleDlg) 46 | DDX_Control(pDX, IDC_NEWEntryPoint, m_ep_edit); 47 | //}}AFX_DATA_MAP 48 | } 49 | 50 | 51 | BEGIN_MESSAGE_MAP(DumpModuleDlg, CDialog) 52 | //{{AFX_MSG_MAP(DumpModuleDlg) 53 | ON_WM_CLOSE() 54 | ON_BN_CLICKED(IDC_DumpBTN, OnDumpBTN) 55 | ON_BN_CLICKED(IDC_BUT_CURRENT_EIP, OnButCurrentEip) 56 | //}}AFX_MSG_MAP 57 | END_MESSAGE_MAP() 58 | 59 | ///////////////////////////////////////////////////////////////////////////// 60 | // DumpModuleDlg message handlers 61 | 62 | 63 | void DumpModuleDlg::OnClose() 64 | { 65 | // TODO: Add your message handler code here and/or call default 66 | this->DestroyWindow(); // destroy the window 67 | CDialog::OnClose(); 68 | } 69 | 70 | BOOL DumpModuleDlg::OnInitDialog() 71 | { 72 | CDialog::OnInitDialog(); 73 | // TODO: Add extra initialization here 74 | CButton *m_ctlCheck = (CButton*) GetDlgItem(IDC_FixSizeOfImage); 75 | m_ctlCheck->SetCheck(BST_CHECKED);// check FixSizeOfImage 76 | 77 | m_ctlCheck = (CButton*) GetDlgItem(IDC_CHANGEEP); 78 | m_ctlCheck->SetCheck(BST_CHECKED);// check Change EP 79 | 80 | m_ctlCheck = (CButton*) GetDlgItem(IDC_SECTIONS_FROM_MEMORY); 81 | m_ctlCheck->SetCheck(BST_CHECKED);// check section from memeory radio 82 | 83 | m_ctlCheck = (CButton*) GetDlgItem(IDC_ORIGINAL_RAW); 84 | m_ctlCheck->SetCheck(BST_CHECKED);// check original raw 85 | 86 | m_ctlCheck = (CButton*) GetDlgItem(IDC_FIX_PACKERS); 87 | m_ctlCheck->SetCheck(BST_CHECKED);// check fix packers 88 | 89 | char window_title[500]; 90 | window_title[0] = 0; 91 | //this->GetWindowText(window_title,sizeof(window_title)); 92 | strcat(window_title, "Dump module "); 93 | strcat(window_title, shortmodulename); 94 | //strcat(window_title, " from process "); 95 | //strcat(window_title, processname); 96 | this->SetWindowText(window_title); 97 | 98 | unsigned int entrypoint = DumpModuleDlg::GetEntryPoint(); 99 | char epaddress[20]; 100 | wsprintf(epaddress,"%X",entrypoint); // convert number to hex string 101 | 102 | int len = 8-strlen(epaddress); // get the missing part size 103 | memmove(epaddress+len,epaddress,strlen(epaddress)); // move the string characters to the end 104 | for ( int i = 0; i < len; i++ ) // fill the beginning characters with '0' 105 | epaddress[i] = '0'; 106 | 107 | epaddress[8] = 0; // place the 00 end char at the end of string! 108 | 109 | GetDlgItem(IDC_NEWEntryPoint)->SetWindowText(epaddress); 110 | 111 | return TRUE; // return TRUE unless you set the focus to a control 112 | // EXCEPTION: OCX Property Pages should return FALSE 113 | } 114 | 115 | unsigned int DumpModuleDlg::GetEntryPoint() 116 | { 117 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 118 | FALSE, processid); 119 | if (hProcess==NULL) return 0; 120 | 121 | unsigned char* tempbuf= new unsigned char[04]; 122 | unsigned long dwTotalRead; 123 | 124 | unsigned int base_address = (unsigned int)hMod+0x03C; 125 | int isok = ReadProcessMemory(hProcess, (LPVOID)base_address, tempbuf, 04, &dwTotalRead); 126 | if (isok == 0) return 0; // if read failed return 0 127 | 128 | int PEOffset = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 129 | if (PEOffset==0) return 0; 130 | 131 | base_address = (unsigned int)hMod+PEOffset+0x28; 132 | isok = ReadProcessMemory(hProcess, (LPVOID)base_address, tempbuf, 04, &dwTotalRead); 133 | if (isok == 0) return 0; // if read failed return 0 134 | 135 | unsigned int EntryPointAddress = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 136 | 137 | CloseHandle(hProcess); 138 | 139 | return EntryPointAddress; 140 | 141 | } 142 | 143 | /* CAUTION: ONLY x86 TESTED 144 | * get the thread id of the main thread of a target process 145 | * 146 | * params: 147 | * DWORD dwPid process id of the target process 148 | * 149 | * return: 150 | * Success thread id 151 | * Error NULL 152 | */ 153 | DWORD DumpModuleDlg::GetMainThreadId(DWORD dwPid) 154 | { 155 | LPVOID lpTid; 156 | 157 | _asm 158 | { 159 | mov eax, fs:[18h] 160 | add eax, 36 161 | mov [lpTid], eax 162 | } 163 | 164 | HANDLE hProcess = OpenProcess(PROCESS_VM_READ, FALSE, dwPid); 165 | if(hProcess == NULL) 166 | return NULL; 167 | 168 | DWORD dwTid; 169 | if(ReadProcessMemory(hProcess, lpTid, &dwTid, sizeof(dwTid), NULL) == FALSE) 170 | { 171 | CloseHandle(hProcess); 172 | return NULL; 173 | } 174 | 175 | CloseHandle(hProcess); 176 | 177 | return dwTid; 178 | } 179 | 180 | void DumpModuleDlg::OnDumpBTN() 181 | { 182 | // TODO: Add your control notification handler code here 183 | TCHAR* extension = GenericPurposeMethods::GetExtension(shortmodulename); 184 | // Final string = "All Files (*.*)\0*.*\0\0"; 185 | TCHAR* first_part = GenericPurposeMethods::JoinChars("PE Files (*",extension); 186 | first_part = GenericPurposeMethods::JoinChars(first_part,")"); 187 | int fp_len = _tcslen(first_part); 188 | TCHAR* second_part = GenericPurposeMethods::JoinChars("*",extension); 189 | int sp_len = _tcslen(second_part); 190 | TCHAR* lpszFilter = new TCHAR[MAX_PATH]; 191 | for (int i=0;iEip; 256 | 257 | return eip; 258 | } 259 | 260 | void DumpModuleDlg::LastErrorDisplay() 261 | { 262 | // Retrieve the system error message for the last-error code 263 | DWORD dw = GetLastError(); 264 | char message[40]; 265 | wsprintf(message,"Error %d", dw); 266 | 267 | MessageBox(message, TEXT("Error"), MB_OK); 268 | 269 | } 270 | 271 | // main code: 272 | void DumpModuleDlg::DumpModule(TCHAR* filename) 273 | { 274 | GetDlgItem(IDC_STATUS_ST)->SetWindowText(""); 275 | 276 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 277 | FALSE, processid); 278 | if (hProcess==NULL) return; 279 | 280 | CButton *m_ctlCheck = (CButton*) GetDlgItem(IDC_FixSizeOfImage); 281 | bool FixSizeOfImage = false; 282 | int ChkBox = m_ctlCheck->GetCheck(); 283 | if (ChkBox == BST_CHECKED) 284 | FixSizeOfImage = true; 285 | 286 | m_ctlCheck = (CButton*) GetDlgItem(IDC_CHANGEEP); 287 | bool ChangeEP = false; 288 | ChkBox = m_ctlCheck->GetCheck(); 289 | if (ChkBox == BST_CHECKED) 290 | ChangeEP = true; 291 | 292 | m_ctlCheck = (CButton*) GetDlgItem(IDC_ROUND_RAW_SIZE); 293 | bool RoundRawSize = false; 294 | ChkBox = m_ctlCheck->GetCheck(); 295 | if (ChkBox == BST_CHECKED) 296 | RoundRawSize = false; 297 | 298 | m_ctlCheck = (CButton*) GetDlgItem(IDC_ORIGINAL_RAW); 299 | bool OriginalRaw = false; 300 | ChkBox = m_ctlCheck->GetCheck(); 301 | if (ChkBox == BST_CHECKED) 302 | OriginalRaw = true; 303 | 304 | m_ctlCheck = (CButton*) GetDlgItem(IDC_RAW_EQ_VA); 305 | bool RawEqVA = false; 306 | ChkBox = m_ctlCheck->GetCheck(); 307 | if (ChkBox == BST_CHECKED) 308 | RawEqVA = true; 309 | 310 | m_ctlCheck = (CButton*) GetDlgItem(IDC_CALCULATE_RAW); 311 | bool CalculateRaw = false; 312 | ChkBox = m_ctlCheck->GetCheck(); 313 | if (ChkBox == BST_CHECKED) 314 | CalculateRaw = true; 315 | 316 | m_ctlCheck = (CButton*) GetDlgItem(IDC_SECTIONS_FROM_FILE); 317 | bool SectionInfoFromFile = false; 318 | ChkBox = m_ctlCheck->GetCheck(); 319 | if (ChkBox == BST_CHECKED) 320 | SectionInfoFromFile = true; 321 | 322 | m_ctlCheck = (CButton*) GetDlgItem(IDC_FIX_PACKERS); 323 | bool FixPackers = false; 324 | ChkBox = m_ctlCheck->GetCheck(); 325 | if (ChkBox == BST_CHECKED) 326 | FixPackers = true; 327 | 328 | unsigned int speed = 0x1000; 329 | 330 | try 331 | { 332 | SYSTEM_INFO* pSI = new SYSTEM_INFO(); 333 | GetSystemInfo(pSI); 334 | speed = pSI->dwPageSize; 335 | } 336 | catch(...) // catch any exception 337 | { 338 | } 339 | 340 | unsigned char* tempbuf= new unsigned char[04]; 341 | unsigned long dwTotalRead; 342 | 343 | unsigned int e_lfnew = 0; 344 | unsigned int base_address = 0; 345 | int isok = 0; 346 | int PEOffset = 0; 347 | unsigned char* PeHeader = 0; 348 | int SectionsPos =0; 349 | unsigned int sizetocopy = 0; 350 | unsigned int total_size=0; 351 | 352 | unsigned int SignatureLen = 4 ; // 4 since is a dword, from Nt Headers 353 | unsigned int FileHeaderLen = 2*2+3*4+2*2; 354 | unsigned int SizeOfOptionHeaderRelPos = FileHeaderLen-2*2; 355 | 356 | try 357 | { 358 | 359 | if (SectionInfoFromFile) // read sections from disk 360 | { 361 | FILE* pFile = fopen (fullmodulename , "rb" ); // open file 362 | fseek(pFile, 0x03C, SEEK_SET); 363 | fread(tempbuf,04,1, pFile); // buffer, size = item size in bytes, count = maximum number of items to be read. 364 | PEOffset = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 365 | if (PEOffset==0) return; 366 | 367 | unsigned int SizeOfOptionHeader_pos = PEOffset+SignatureLen+SizeOfOptionHeaderRelPos; 368 | fseek(pFile, SizeOfOptionHeader_pos, SEEK_SET); 369 | fread(tempbuf,02,1, pFile); // read SizeOfOptionHeader 370 | unsigned int SizeOfOptionHeader = GenericPurposeMethods::UnsignedArrayToShort(tempbuf, 0); 371 | 372 | SectionsPos = SizeOfOptionHeader+FileHeaderLen+SignatureLen; 373 | fseek(pFile, PEOffset+SectionsPos+20, SEEK_SET); 374 | fread(tempbuf,04,1, pFile); // read RawOfFirstSection 375 | unsigned int RawOfFirstSection = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 376 | 377 | sizetocopy = RawOfFirstSection; 378 | if (sizetocopy>speed) sizetocopy=(unsigned int)speed; 379 | if (sizetocopy==0) sizetocopy = speed; 380 | 381 | total_size=total_size+RawOfFirstSection; 382 | 383 | PeHeader = new byte[sizetocopy]; 384 | for (unsigned int i=0;ispeed) sizetocopy=(unsigned int)speed; 420 | if (sizetocopy==0) sizetocopy = speed; 421 | 422 | total_size=total_size+RawOfFirstSection; 423 | 424 | PeHeader = new byte[sizetocopy]; 425 | for (unsigned int i=0;i=2) 444 | { 445 | if (PeHeader[PEOffset+SectionsPos]=='U'&&PeHeader[PEOffset+SectionsPos+1]=='P'&&PeHeader[PEOffset+SectionsPos+2]=='X' 446 | &&PeHeader[PEOffset+SectionsPos+0x28*1]=='U'&&PeHeader[PEOffset+SectionsPos+0x28*1+1]=='P'&&PeHeader[PEOffset+SectionsPos+0x28*1+2]=='X') 447 | { // If UPX 448 | 449 | unsigned char* characteristics_array = GenericPurposeMethods::UIntToUnsignedArray(0x060000020); 450 | //for (int j=0;j<04;j++) 451 | //PeHeader[PEOffset+SectionsPos+0x024+j] = characteristics_array[j]; // fix characteristics of first section 452 | 453 | 454 | } 455 | 456 | } 457 | 458 | } 459 | 460 | for (unsigned int i = 0; i < nrofsection; i++) 461 | { 462 | int virtualsize = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+SectionsPos+0x28*i+8); 463 | int toadd = (virtualsize%sectionalignment); 464 | if (toadd!=0) toadd = sectionalignment-toadd; 465 | calculatedimagesize = calculatedimagesize+virtualsize+toadd; 466 | } 467 | 468 | if (calculatedimagesize!=sizeofimage) sizeofimage=calculatedimagesize; 469 | unsigned char* Dump = new unsigned char[sizeofimage]; 470 | for (unsigned int i2=0;i20x02000) 539 | { 540 | 541 | int SizeOfHeaders = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+0x054); 542 | unsigned int new_rawaddress_of_first = SizeOfHeaders; 543 | unsigned int position = PEOffset+SectionsPos+0x014; 544 | 545 | rawaddress = new_rawaddress_of_first; 546 | unsigned char* raddress_array = GenericPurposeMethods::UIntToUnsignedArray(new_rawaddress_of_first); 547 | for (j=0;j<04;j++) 548 | Dump[position+j] = raddress_array[j]; // fix raw address 549 | 550 | } 551 | 552 | unsigned int rawsize_of_first = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+SectionsPos+0x010); 553 | 554 | if (rawsize_of_first==0||rawaddress_of_first>0xF0000000) 555 | { 556 | unsigned int virtualsize = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+SectionsPos+8); 557 | rawsize = virtualsize; 558 | 559 | unsigned char* rsize_array = GenericPurposeMethods::UIntToUnsignedArray(rawsize); 560 | for (j=0;j<04;j++) 561 | Dump[PEOffset+SectionsPos+0x10+j] = rsize_array[j]; // fix raw size 562 | 563 | } 564 | 565 | 566 | } 567 | else // for all section except first section: 568 | { 569 | unsigned int PrevSectionRawAddress = GenericPurposeMethods::UnsignedArrayToUInt(Dump, PEOffset+SectionsPos+0x28*(i-1)+0x014); 570 | unsigned int PrevSectionRawSize = GenericPurposeMethods::UnsignedArrayToUInt(Dump, PEOffset+SectionsPos+0x28*(i-1)+0x010); 571 | 572 | int to_add_size = PrevSectionRawSize%filealignment; 573 | if (to_add_size!=0) to_add_size = filealignment-to_add_size; 574 | 575 | unsigned int NewRawAddress = PrevSectionRawAddress+PrevSectionRawSize+to_add_size; 576 | 577 | unsigned int raw_address_position = PEOffset+SectionsPos+0x28*i+0x014; 578 | unsigned char* raddress_array = GenericPurposeMethods::UIntToUnsignedArray(NewRawAddress); 579 | for (j=0;j<04;j++) 580 | Dump[raw_address_position+j] = raddress_array[j]; // fix raw address 581 | 582 | rawaddress = NewRawAddress; 583 | } 584 | 585 | } 586 | 587 | isok = ReadProcessMemory(hProcess, (LPVOID)((unsigned int)hMod+virtualAddress), Partkeep, virtualsize, &dwTotalRead); 588 | //ReadProcessMemory(hProcess,(uint)(ImageBase+address),Partkeep,(uint)rawsize, ref BytesRead); 589 | if (!isok) 590 | { 591 | 592 | unsigned char* onepage = new unsigned char[512]; 593 | for (int c = 0; c < virtualsize; c=c+512) 594 | { 595 | isok = ReadProcessMemory(hProcess,(LPVOID)((unsigned int)hMod+virtualAddress+c),onepage,512, &dwTotalRead); 596 | for (int i=0;i<512;i++) 597 | Partkeep[c+i] = onepage[i]; 598 | // Array.Copy(onepage, 0, Partkeep, c, 512); 599 | } 600 | } 601 | 602 | // Copy section bytes: 603 | //Array.Copy(Partkeep, 0, Dump, offset, rawsize); 604 | for (int z=0;z= 0; --i) 612 | { 613 | 614 | rawsize = GenericPurposeMethods::UnsignedArrayToUInt(Dump, PEOffset+SectionsPos+0x28*i+0x010); 615 | rawaddress = GenericPurposeMethods::UnsignedArrayToUInt(Dump, PEOffset+SectionsPos+0x28*i+0x014); 616 | 617 | if (rawaddress!=0) // last valid raw address 618 | { 619 | total_size = rawsize+rawaddress; 620 | break; 621 | } 622 | } 623 | 624 | 625 | if (FixSizeOfImage) 626 | { 627 | unsigned int position = PEOffset+0x050; 628 | unsigned char* isize_array = GenericPurposeMethods::UIntToUnsignedArray(calculatedimagesize); 629 | for (int j=0;j<04;j++) 630 | Dump[position+j] = isize_array[j]; // fix image size 631 | } 632 | 633 | if (ChangeEP) 634 | { 635 | unsigned int position = PEOffset+0x28; 636 | char addressconv[10]; 637 | GetDlgItem(IDC_NEWEntryPoint)->GetWindowText(addressconv, sizeof(addressconv)); 638 | unsigned int conv_address = GenericPurposeMethods::ConvertHexStringToInt(addressconv); 639 | unsigned char* ep_array = GenericPurposeMethods::UIntToUnsignedArray(conv_address); 640 | for (int j=0;j<04;j++) 641 | Dump[position+j] = ep_array[j]; // fix entry point 642 | } 643 | 644 | if (Dump!=NULL&&sizeofimage>0&&sizeofimage>=total_size) 645 | { // if file total_size <= sizeofimage 646 | 647 | FILE * pFile = fopen ( filename , "w+b" ); // create file 648 | fwrite (Dump , 1 , total_size , pFile ); // save bytes file 649 | fclose (pFile); // close file 650 | 651 | GetDlgItem(IDC_STATUS_ST)->SetWindowText("Module dumped!"); 652 | } 653 | 654 | 655 | 656 | } 657 | catch(...) // catch any exception 658 | { 659 | } 660 | 661 | 662 | CloseHandle(hProcess); 663 | 664 | } 665 | 666 | unsigned int DumpModuleDlg::GetModuleSize(HMODULE hMod) 667 | { 668 | 669 | unsigned int speed = 0x1000; 670 | 671 | try 672 | { 673 | SYSTEM_INFO* pSI = new SYSTEM_INFO(); 674 | GetSystemInfo(pSI); 675 | speed = pSI->dwPageSize; 676 | } 677 | catch(...) // catch any exception 678 | { 679 | } 680 | 681 | 682 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 683 | FALSE, processid); 684 | if (hProcess==NULL) return 0; 685 | 686 | unsigned char* tempbuf= new unsigned char[04]; 687 | unsigned long dwTotalRead; 688 | 689 | unsigned int base_address = (unsigned int)hMod+0x03C; 690 | int isok = ReadProcessMemory(hProcess, (LPVOID)base_address, tempbuf, 04, &dwTotalRead); 691 | if (isok == 0) return 0; // if read failed return 0 692 | 693 | int PEOffset = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 694 | if (PEOffset==0) return 0; 695 | 696 | unsigned int SignatureLen = 4 ; // 4 since is a dword, from Nt Headers 697 | unsigned int FileHeaderLen = 2*2+3*4+2*2; 698 | unsigned int SizeOfOptionHeaderRelPos = FileHeaderLen-2*2; 699 | unsigned int SizeOfOptionHeader_pos = (unsigned int)hMod+PEOffset+SignatureLen+SizeOfOptionHeaderRelPos; 700 | isok = ReadProcessMemory(hProcess, (LPVOID)SizeOfOptionHeader_pos, tempbuf, 02, &dwTotalRead); 701 | if (isok == 0) return 0; // if read failed return 0 702 | 703 | unsigned int SizeOfOptionHeader = GenericPurposeMethods::UnsignedArrayToShort(tempbuf, 0); 704 | 705 | base_address = (unsigned int)hMod+PEOffset+SizeOfOptionHeader+20; 706 | isok = ReadProcessMemory(hProcess, (LPVOID)base_address, tempbuf, 04, &dwTotalRead); 707 | if (isok == 0) return 0; // if read failed return 708 | 709 | unsigned int RawOfFirstSection = GenericPurposeMethods::UnsignedArrayToUInt(tempbuf, 0); 710 | unsigned int offset=0; 711 | 712 | unsigned int sizetocopy = RawOfFirstSection; 713 | if (sizetocopy>speed) sizetocopy=(unsigned int)speed; 714 | if (sizetocopy==0) sizetocopy = speed; 715 | 716 | offset=offset+RawOfFirstSection; 717 | 718 | unsigned char* PeHeader = new byte[sizetocopy]; 719 | isok = ReadProcessMemory(hProcess, (LPVOID)hMod, PeHeader, sizetocopy, &dwTotalRead); 720 | if (isok == 0) return 0; // if read failed return 721 | 722 | unsigned int nrofsection = GenericPurposeMethods::UnsignedArrayToShort(PeHeader, PEOffset+0x06); 723 | 724 | base_address = (unsigned int)hMod+PEOffset+0x28; 725 | isok = ReadProcessMemory(hProcess, (LPVOID)base_address, tempbuf, 04, &dwTotalRead); 726 | if (isok == 0) return 0; // if read failed return 0 727 | 728 | unsigned int modulesize = 0; 729 | 730 | int SectionsPos = SizeOfOptionHeader+FileHeaderLen+SignatureLen; 731 | 732 | for (int i = nrofsection-1; i >= 0; --i) 733 | { 734 | unsigned int virtualsize = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+SectionsPos+0x28*i+8); 735 | unsigned int virtualAddress = GenericPurposeMethods::UnsignedArrayToUInt(PeHeader, PEOffset+SectionsPos+0x28*i+0xC); 736 | if (virtualAddress!=0) 737 | { 738 | modulesize = virtualsize+virtualAddress; 739 | break; 740 | } 741 | } 742 | 743 | CloseHandle(hProcess); 744 | 745 | return modulesize; 746 | 747 | } 748 | 749 | void DumpModuleDlg::OnButCurrentEip() 750 | { 751 | // TODO: Add your control notification handler code here 752 | unsigned int module_size = GetModuleSize(hMod); 753 | unsigned int current_EIP = GetEIPRegister(); 754 | 755 | if (current_EIP<(unsigned int)hMod) 756 | GetDlgItem(IDC_STATUS_ST)->SetWindowText("EIP before module base!"); 757 | else if(current_EIP>((unsigned int)hMod+module_size)) 758 | GetDlgItem(IDC_STATUS_ST)->SetWindowText("EIP after (module_base+module_size)!"); 759 | else // convert EIP to RVA 760 | current_EIP = current_EIP-(unsigned int)hMod; 761 | 762 | char str_EIP[20]; 763 | wsprintf(str_EIP,"%X",current_EIP); // convert number to hex string 764 | GetDlgItem(IDC_NEWEntryPoint)->SetWindowText(str_EIP); 765 | } 766 | -------------------------------------------------------------------------------- /DumpModuleDlg.h: -------------------------------------------------------------------------------- 1 | #if !defined(AFX_DUMPMODULEDLG_H__6E6FC8CC_265F_43CC_BBC7_FD4D86EF606C__INCLUDED_) 2 | #define AFX_DUMPMODULEDLG_H__6E6FC8CC_265F_43CC_BBC7_FD4D86EF606C__INCLUDED_ 3 | 4 | #include "NewEdit.h" 5 | 6 | #if _MSC_VER > 1000 7 | #pragma once 8 | #endif // _MSC_VER > 1000 9 | // DumpModuleDlg.h : header file 10 | // 11 | 12 | ///////////////////////////////////////////////////////////////////////////// 13 | // DumpModuleDlg dialog 14 | 15 | class DumpModuleDlg : public CDialog 16 | { 17 | // Construction 18 | public: 19 | DumpModuleDlg(CWnd* pParent = NULL); // standard constructor 20 | DumpModuleDlg& operator=(DumpModuleDlg& right); // Overload Assignment Operator 21 | void DumpModule(TCHAR filename[]); 22 | DWORD GetMainThreadId(DWORD dwPid); 23 | unsigned int GetModuleSize(HMODULE hMod); 24 | unsigned int GetEIPRegister(); 25 | unsigned int GetEntryPoint(); 26 | void LastErrorDisplay(); 27 | 28 | int processid; 29 | CString processname; 30 | TCHAR fullmodulename[MAX_PATH]; 31 | TCHAR shortmodulename[MAX_PATH]; 32 | HMODULE hMod; 33 | 34 | // Dialog Data 35 | //{{AFX_DATA(DumpModuleDlg) 36 | enum { IDD = IDD_DUMPMODULEDLG_DIALOG }; 37 | NewEdit m_ep_edit; 38 | //}}AFX_DATA 39 | 40 | 41 | // Overrides 42 | // ClassWizard generated virtual function overrides 43 | //{{AFX_VIRTUAL(DumpModuleDlg) 44 | protected: 45 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 46 | //}}AFX_VIRTUAL 47 | 48 | // Implementation 49 | protected: 50 | 51 | // Generated message map functions 52 | //{{AFX_MSG(DumpModuleDlg) 53 | afx_msg void OnClose(); 54 | virtual BOOL OnInitDialog(); 55 | afx_msg void OnDumpBTN(); 56 | afx_msg void OnButCurrentEip(); 57 | //}}AFX_MSG 58 | DECLARE_MESSAGE_MAP() 59 | }; 60 | 61 | //{{AFX_INSERT_LOCATION}} 62 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 63 | 64 | #endif // !defined(AFX_DUMPMODULEDLG_H__6E6FC8CC_265F_43CC_BBC7_FD4D86EF606C__INCLUDED_) 65 | -------------------------------------------------------------------------------- /GenericPurposeMethods.cpp: -------------------------------------------------------------------------------- 1 | // GenericPurposeMethods.cpp: implementation of the GenericPurposeMethods class. 2 | // 3 | ////////////////////////////////////////////////////////////////////// 4 | 5 | #include "stdafx.h" 6 | #include "NativeDumper.h" 7 | #include "GenericPurposeMethods.h" 8 | 9 | #ifdef _DEBUG 10 | #undef THIS_FILE 11 | static char THIS_FILE[]=__FILE__; 12 | #define new DEBUG_NEW 13 | #endif 14 | 15 | ////////////////////////////////////////////////////////////////////// 16 | // Construction/Destruction 17 | ////////////////////////////////////////////////////////////////////// 18 | 19 | GenericPurposeMethods::GenericPurposeMethods() 20 | { 21 | 22 | } 23 | 24 | GenericPurposeMethods::~GenericPurposeMethods() 25 | { 26 | 27 | } 28 | 29 | int GenericPurposeMethods::StringToNumber(char *buffer) 30 | { 31 | int result = 0; 32 | int startIndex = 0; 33 | bool negativeNumber = false; 34 | 35 | if (buffer[0] == '-') 36 | { 37 | negativeNumber = true; 38 | startIndex = 1; 39 | } 40 | 41 | for (int i = startIndex; i < (int)strlen(buffer); i++) 42 | { 43 | 44 | if(buffer[i] >= '0' && buffer[i] <= '9') 45 | { 46 | int digit = buffer[i] - '0'; 47 | result = result * 10 + digit; 48 | } 49 | else 50 | return 0; 51 | 52 | } 53 | 54 | if (negativeNumber == true) 55 | result *= -1; 56 | 57 | return result; 58 | } 59 | 60 | unsigned int GenericPurposeMethods::ConvertHexStringToInt(CString sHexNum) 61 | { 62 | unsigned int iSum = 0; 63 | if (sHexNum.GetLength() == 0) return 0; 64 | 65 | for(int i=sHexNum.GetLength()-1; i >= 0; i--) 66 | { 67 | if (!GenericPurposeMethods::IsHexNumber(sHexNum[i])) return 0; 68 | 69 | if(sHexNum[i]) 70 | { 71 | unsigned int current_char = sHexNum[i]-'0'; 72 | if (current_char>=0x011&¤t_char<=0x016) // is it 'A'- 'F' 73 | current_char = current_char - 07; 74 | 75 | if (current_char>=0x031&¤t_char<=0x036) // is it 'a'- 'f' 76 | current_char = current_char - 0x27; 77 | 78 | iSum += current_char*Pow(16,sHexNum.GetLength()-1-i); 79 | } 80 | } 81 | return iSum; 82 | 83 | } 84 | 85 | bool GenericPurposeMethods::IsHexNumber(char tobetested) 86 | { 87 | if (tobetested >= '0' && tobetested <= '9') 88 | return true; 89 | 90 | if (tobetested >= 'A' && tobetested <= 'F') 91 | return true; 92 | 93 | if (tobetested >= 'a' && tobetested <= 'f') 94 | return true; 95 | 96 | return false; 97 | } 98 | 99 | unsigned int GenericPurposeMethods::Pow(int value,int exponent) 100 | { 101 | unsigned int result = 1; 102 | 103 | for (int i = 0; i < exponent; ++i) 104 | result *= value; 105 | 106 | return (result); 107 | } 108 | 109 | void GenericPurposeMethods::ToUpperCase(char *buffer) 110 | { 111 | for (int i = 0; i < (int)strlen(buffer); i++) 112 | { 113 | 114 | if(buffer[i] >= 'a' && buffer[i] <= 'z') 115 | { 116 | buffer[i] -= 'a'-'A'; 117 | } 118 | } 119 | } 120 | 121 | unsigned int GenericPurposeMethods::UnsignedArrayToUInt(unsigned char *buffer,int position) 122 | { 123 | return ((buffer[position+3]<<24)|(buffer[position+2]<<16)|(buffer[position+1]<<8)|(buffer[position+0])); 124 | } 125 | 126 | unsigned int GenericPurposeMethods::UnsignedArrayToShort(unsigned char *buffer,int position) 127 | { 128 | return ((buffer[position+1]<<8)|(buffer[position+0])); 129 | } 130 | 131 | unsigned char* GenericPurposeMethods::UIntToUnsignedArray(unsigned int value) 132 | { 133 | unsigned char* array = new unsigned char[4]; 134 | array[0] = value & 0x000000ff; 135 | array[1] = (value & 0x0000ff00) >> 8; 136 | array[2] = (value & 0x00ff0000) >> 16; 137 | array[3] = (value & 0xff000000) >> 24; 138 | 139 | return array; 140 | 141 | } 142 | 143 | TCHAR* GenericPurposeMethods::GetShortModuleName(TCHAR fullname[]) 144 | { 145 | TCHAR* shortname = new TCHAR[MAX_PATH]; 146 | int i=0; 147 | int ostringlen = _tcslen(fullname); 148 | int slash_position = 0; 149 | 150 | for (i = ostringlen - 1; i >= 0; --i) 151 | { 152 | if (fullname[i]==92) // if char == "\" 153 | { 154 | slash_position=i+1; 155 | break; 156 | } 157 | 158 | } 159 | 160 | for (i=slash_position;i<=ostringlen;i++) // including null (00) terminating char! 161 | shortname[i-slash_position]=fullname[i]; 162 | 163 | return shortname; 164 | 165 | } 166 | 167 | TCHAR* GenericPurposeMethods::GetDirectory(TCHAR fullname[]) 168 | { 169 | TCHAR* directory = new TCHAR[MAX_PATH]; 170 | int i=0; 171 | int ostringlen = _tcslen(fullname); 172 | int slash_position = 0; 173 | 174 | for (i = ostringlen - 1; i >= 0; --i) 175 | { 176 | if (fullname[i]==92) // if char == "\" 177 | { 178 | slash_position=i+1; 179 | break; 180 | } 181 | 182 | } 183 | 184 | for (i=0;i= 0; --i) 201 | { 202 | if (shortname[i]==46) // if char == "." 203 | { 204 | point_position=i; 205 | break; 206 | } 207 | 208 | } 209 | 210 | for (i=0;i= 0; --i) 236 | { 237 | if (shortname[i]==46) // if char == "." 238 | { 239 | point_position=i; 240 | break; 241 | } 242 | 243 | } 244 | 245 | for (i=point_position;i= 0; --i) 282 | { 283 | if (filename[i]==46) // if char == "." 284 | { 285 | point_position=i; 286 | break; 287 | } 288 | 289 | } 290 | 291 | if (point_position == -1) return false; 292 | 293 | int extpos = stringlen-point_position; 294 | if (extpos==4) // if 3 chars as extension 295 | return true; 296 | 297 | if (extpos==3) // if 2 chars as extension 298 | return true; 299 | 300 | if (extpos==2) // if 1 chars as extension 301 | return true; 302 | 303 | return false; 304 | } -------------------------------------------------------------------------------- /GenericPurposeMethods.h: -------------------------------------------------------------------------------- 1 | // GenericPurposeMethods.h: interface for the GenericPurposeMethods class. 2 | // 3 | ////////////////////////////////////////////////////////////////////// 4 | 5 | #if !defined(AFX_GENERICPURPOSEMETHODS_H__DB5CA191_5583_4171_9A54_3B45355468DF__INCLUDED_) 6 | #define AFX_GENERICPURPOSEMETHODS_H__DB5CA191_5583_4171_9A54_3B45355468DF__INCLUDED_ 7 | 8 | #if _MSC_VER > 1000 9 | #pragma once 10 | #endif // _MSC_VER > 1000 11 | 12 | class GenericPurposeMethods 13 | { 14 | public: 15 | GenericPurposeMethods(); 16 | virtual ~GenericPurposeMethods(); 17 | static unsigned int ConvertHexStringToInt(CString sHexNum); 18 | static bool IsHexNumber(char tobetested); 19 | static unsigned int Pow(int value,int exponent); 20 | static int StringToNumber(char *buffer); 21 | static void ToUpperCase(char *buffer); 22 | static unsigned int UnsignedArrayToUInt(unsigned char *buffer,int position); 23 | static unsigned char* UIntToUnsignedArray(unsigned int value); 24 | static unsigned int UnsignedArrayToShort(unsigned char *buffer,int position); 25 | static TCHAR* GetShortModuleName(TCHAR fullname[]); 26 | static TCHAR* GetDirectory(TCHAR fullname[]); 27 | static TCHAR* GetDumpFileName(TCHAR shortname[]); 28 | static TCHAR* GetExtension(TCHAR shortname[]); 29 | static TCHAR* JoinChars(TCHAR first[],TCHAR second[]); 30 | static bool ContainsExtension(TCHAR filename[]); 31 | 32 | 33 | }; 34 | 35 | #endif // !defined(AFX_GENERICPURPOSEMETHODS_H__DB5CA191_5583_4171_9A54_3B45355468DF__INCLUDED_) 36 | -------------------------------------------------------------------------------- /ModulesDlg.cpp: -------------------------------------------------------------------------------- 1 | // ModulesDlg.cpp : implementation file 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "NativeDumper.h" 6 | #include "ModulesDlg.h" 7 | #include "GenericPurposeMethods.h" 8 | 9 | #include "C:\Program Files (x86)\Microsoft SDK\include\Psapi.h" 10 | #pragma comment (lib, "Psapi.lib") 11 | 12 | #ifdef _DEBUG 13 | #define new DEBUG_NEW 14 | #undef THIS_FILE 15 | static char THIS_FILE[] = __FILE__; 16 | #endif 17 | 18 | ///////////////////////////////////////////////////////////////////////////// 19 | // ModulesDlg dialog 20 | 21 | 22 | ModulesDlg::ModulesDlg(CWnd* pParent /*=NULL*/) 23 | : CDialog(ModulesDlg::IDD, pParent) 24 | { 25 | //{{AFX_DATA_INIT(ModulesDlg) 26 | // NOTE: the ClassWizard will add member initialization here 27 | //}}AFX_DATA_INIT 28 | } 29 | 30 | ModulesDlg& ModulesDlg::operator=(ModulesDlg& right) 31 | { 32 | // right contains value to be set 33 | // this contains old value 34 | (*this).m_hWnd = right.m_hWnd; 35 | return *this; 36 | 37 | } 38 | 39 | void ModulesDlg::DoDataExchange(CDataExchange* pDX) 40 | { 41 | CDialog::DoDataExchange(pDX); 42 | //{{AFX_DATA_MAP(ModulesDlg) 43 | DDX_Control(pDX, IDC_LIST1, m_cListCtrl); 44 | //}}AFX_DATA_MAP 45 | } 46 | 47 | 48 | BEGIN_MESSAGE_MAP(ModulesDlg, CDialog) 49 | //{{AFX_MSG_MAP(ModulesDlg) 50 | ON_WM_CLOSE() 51 | ON_NOTIFY(NM_RCLICK, IDC_LIST1, OnRclickList1) 52 | //}}AFX_MSG_MAP 53 | END_MESSAGE_MAP() 54 | 55 | ///////////////////////////////////////////////////////////////////////////// 56 | // ModulesDlg message handlers 57 | 58 | void ModulesDlg::OnClose() 59 | { 60 | // TODO: Add your message handler code here and/or call default 61 | this->DestroyWindow(); // destroy the window 62 | CDialog::OnClose(); 63 | } 64 | TCHAR fullmodulenames[1024][MAX_PATH]; 65 | TCHAR shortmodulenames[1024][MAX_PATH]; 66 | HMODULE modules_address[1024]; 67 | int modulecount; 68 | 69 | void ModulesDlg::RefreshModulesList() 70 | { 71 | m_cListCtrl.DeleteAllItems(); // clean old items! 72 | 73 | modulecount = 0; 74 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | 75 | PROCESS_VM_READ, 76 | FALSE, processid); 77 | 78 | if (hProcess==NULL) return; 79 | 80 | HMODULE hMods[1024]; 81 | DWORD cbNeeded; 82 | 83 | 84 | // Get a list of all the modules in this process. 85 | if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) 86 | { 87 | 88 | for (unsigned int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ ) 89 | { 90 | TCHAR szModName[MAX_PATH]; 91 | // Get the full path to the module's file. 92 | if ( GetModuleFileNameEx( hProcess, hMods[i], szModName, 93 | sizeof(szModName) / sizeof(TCHAR))) 94 | { 95 | 96 | for (int j=0;j<(sizeof(szModName) / sizeof(TCHAR));j++) 97 | fullmodulenames[modulecount][j] = szModName[j]; 98 | 99 | modules_address[modulecount] = hMods[i]; 100 | 101 | TCHAR* psname = GenericPurposeMethods::GetShortModuleName(fullmodulenames[modulecount]); 102 | for (int k=0;k<(sizeof(szModName) / sizeof(TCHAR));k++) 103 | shortmodulenames[modulecount][k] = psname[k]; 104 | 105 | modulecount++; 106 | 107 | } 108 | } 109 | 110 | } 111 | 112 | CloseHandle(hProcess); 113 | 114 | 115 | // Add the process name and identifier. 116 | for (int i=0;iGetWindowText(window_title,sizeof(window_title)); 172 | strcat(window_title, processname); 173 | this->SetWindowText(window_title); 174 | 175 | return TRUE; // return TRUE unless you set the focus to a control 176 | // EXCEPTION: OCX Property Pages should return FALSE 177 | } 178 | 179 | void ModulesDlg::OnRclickList1(NMHDR* pNMHDR, LRESULT* pResult) 180 | { 181 | // TODO: Add your control notification handler code here 182 | CMenu menu; 183 | menu.LoadMenu(IDR_MODULEMENU); // our context menu 184 | CMenu* pPopup = menu.GetSubMenu(0); 185 | 186 | RECT rect; 187 | GetWindowRect(&rect); 188 | CPoint mousepos; 189 | GetCursorPos(&mousepos); 190 | pPopup->TrackPopupMenu(NULL,mousepos.x,mousepos.y, this); 191 | 192 | // The menu is a temporary MFC object, no need to delete it. 193 | *pResult = 0; 194 | } 195 | 196 | BOOL ModulesDlg::OnCommand(WPARAM wParam, LPARAM lParam) 197 | { 198 | // TODO: Add your specialized code here and/or call the base class 199 | if (HIWORD(wParam) == BN_CLICKED) // if button clicked 200 | { 201 | switch(LOWORD(wParam)) // Retrieves the low-order word from the specified value. 202 | { 203 | case ID_MODULE_DUMP: 204 | { 205 | if (!IsWindow(dumpmoduledlg.m_hWnd)||!dumpmoduledlg.IsWindowVisible()) 206 | { 207 | 208 | DumpModuleDlg m_pdmoduledialog = new DumpModuleDlg(this); 209 | dumpmoduledlg = m_pdmoduledialog; 210 | POSITION pos = m_cListCtrl.GetFirstSelectedItemPosition(); 211 | int position = m_cListCtrl.GetNextSelectedItem(pos); 212 | 213 | dumpmoduledlg.processname = processname; 214 | dumpmoduledlg.processid = processid; 215 | 216 | for (int i=0;i 1000 7 | #pragma once 8 | #endif // _MSC_VER > 1000 9 | // ModulesDlg.h : header file 10 | // 11 | 12 | ///////////////////////////////////////////////////////////////////////////// 13 | // ModulesDlg dialog 14 | 15 | class ModulesDlg : public CDialog 16 | { 17 | // Construction 18 | public: 19 | ModulesDlg(CWnd* pParent = NULL); // standard constructor 20 | ModulesDlg& operator=(ModulesDlg& right); // Overload Assignment Operator 21 | void RefreshModulesList(); 22 | 23 | int processid; 24 | CString processname; 25 | DumpModuleDlg dumpmoduledlg; 26 | 27 | // Dialog Data 28 | //{{AFX_DATA(ModulesDlg) 29 | enum { IDD = IDD_MODULES }; 30 | CListCtrl m_cListCtrl; 31 | //}}AFX_DATA 32 | 33 | 34 | // Overrides 35 | // ClassWizard generated virtual function overrides 36 | //{{AFX_VIRTUAL(ModulesDlg) 37 | protected: 38 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 39 | virtual BOOL OnCommand(WPARAM wParam, LPARAM lParam); 40 | //}}AFX_VIRTUAL 41 | 42 | // Implementation 43 | protected: 44 | 45 | // Generated message map functions 46 | //{{AFX_MSG(ModulesDlg) 47 | afx_msg void OnClose(); 48 | virtual BOOL OnInitDialog(); 49 | afx_msg void OnRclickList1(NMHDR* pNMHDR, LRESULT* pResult); 50 | //}}AFX_MSG 51 | DECLARE_MESSAGE_MAP() 52 | }; 53 | 54 | //{{AFX_INSERT_LOCATION}} 55 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 56 | 57 | #endif // !defined(AFX_MODULESDLG_H__475D31CD_C05E_471B_A736_52D5392DDF07__INCLUDED_) 58 | -------------------------------------------------------------------------------- /NativeDumper.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeCrackerSND/NativeDumper/446559560fa61f250a958ca4f217c22f43117c9b/NativeDumper.aps -------------------------------------------------------------------------------- /NativeDumper.clw: -------------------------------------------------------------------------------- 1 | ; CLW file contains information for the MFC ClassWizard 2 | 3 | [General Info] 4 | Version=1 5 | LastClass=DumpModuleDlg 6 | LastTemplate=CDialog 7 | NewFileInclude1=#include "stdafx.h" 8 | NewFileInclude2=#include "NativeDumper.h" 9 | 10 | ClassCount=5 11 | Class1=CNativeDumperApp 12 | Class2=CNativeDumperDlg 13 | 14 | ResourceCount=6 15 | Resource1=IDR_MAINFRAME 16 | Resource2=IDR_PROCESSMENU 17 | Class3=DumpModuleDlg 18 | Class4=NewEdit 19 | Resource3=IDD_MODULES 20 | Class5=ModulesDlg 21 | Resource4=IDD_DUMPMODULEDLG_DIALOG 22 | Resource5=IDD_NATIVEDUMPER_DIALOG 23 | Resource6=IDR_MODULEMENU 24 | 25 | [CLS:CNativeDumperApp] 26 | Type=0 27 | HeaderFile=NativeDumper.h 28 | ImplementationFile=NativeDumper.cpp 29 | Filter=N 30 | 31 | [CLS:CNativeDumperDlg] 32 | Type=0 33 | HeaderFile=NativeDumperDlg.h 34 | ImplementationFile=NativeDumperDlg.cpp 35 | Filter=D 36 | BaseClass=CDialog 37 | VirtualFilter=dWC 38 | LastObject=CNativeDumperDlg 39 | 40 | 41 | 42 | [DLG:IDD_NATIVEDUMPER_DIALOG] 43 | Type=1 44 | Class=CNativeDumperDlg 45 | ControlCount=1 46 | Control1=IDC_LIST1,SysListView32,1350631425 47 | 48 | [DLG:IDD_DUMPMODULEDLG_DIALOG] 49 | Type=1 50 | Class=DumpModuleDlg 51 | ControlCount=16 52 | Control1=IDC_CHANGEEP,button,1342242819 53 | Control2=IDC_FixSizeOfImage,button,1342242819 54 | Control3=IDC_STATIC,static,1342308352 55 | Control4=IDC_NEWEntryPoint,edit,1350631552 56 | Control5=IDC_DumpBTN,button,1342242816 57 | Control6=IDC_STATUS_ST,static,1342308352 58 | Control7=IDC_ROUND_RAW_SIZE,button,1342242819 59 | Control8=IDC_ORIGINAL_RAW,button,1342308361 60 | Control9=IDC_RAW_EQ_VA,button,1342177289 61 | Control10=IDC_CALCULATE_RAW,button,1342177289 62 | Control11=IDC_SECTIONS_FROM_MEMORY,button,1342308361 63 | Control12=IDC_STATIC,button,1342177287 64 | Control13=IDC_SECTIONS_FROM_FILE,button,1342177289 65 | Control14=IDC_BUT_CURRENT_EIP,button,1342242816 66 | Control15=IDC_STATIC,button,1342177287 67 | Control16=IDC_FIX_PACKERS,button,1342242819 68 | 69 | [CLS:DumpModuleDlg] 70 | Type=0 71 | HeaderFile=DumpModuleDlg.h 72 | ImplementationFile=DumpModuleDlg.cpp 73 | BaseClass=CDialog 74 | Filter=D 75 | LastObject=DumpModuleDlg 76 | VirtualFilter=dWC 77 | 78 | [CLS:NewEdit] 79 | Type=0 80 | HeaderFile=NewEdit.h 81 | ImplementationFile=NewEdit.cpp 82 | BaseClass=CEdit 83 | Filter=W 84 | LastObject=NewEdit 85 | 86 | [CLS:ModulesDlg] 87 | Type=0 88 | HeaderFile=ModulesDlg.h 89 | ImplementationFile=ModulesDlg.cpp 90 | BaseClass=CDialog 91 | Filter=D 92 | VirtualFilter=dWC 93 | LastObject=ModulesDlg 94 | 95 | [MNU:IDR_PROCESSMENU] 96 | Type=1 97 | Class=? 98 | Command1=ID_MODULES 99 | Command2=ID_DUMPMAINMODULE 100 | Command3=ID_REFRESH 101 | CommandCount=3 102 | 103 | [DLG:IDD_MODULES] 104 | Type=1 105 | Class=ModulesDlg 106 | ControlCount=1 107 | Control1=IDC_LIST1,SysListView32,1350631425 108 | 109 | [MNU:IDR_MODULEMENU] 110 | Type=1 111 | Class=? 112 | Command1=ID_MODULE_DUMP 113 | Command2=ID_MODULE_REFRESH 114 | CommandCount=2 115 | 116 | -------------------------------------------------------------------------------- /NativeDumper.cpp: -------------------------------------------------------------------------------- 1 | // NativeDumper.cpp : Defines the class behaviors for the application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "NativeDumper.h" 6 | #include "NativeDumperDlg.h" 7 | 8 | #ifdef _DEBUG 9 | #define new DEBUG_NEW 10 | #undef THIS_FILE 11 | static char THIS_FILE[] = __FILE__; 12 | #endif 13 | 14 | ///////////////////////////////////////////////////////////////////////////// 15 | // CNativeDumperApp 16 | 17 | BEGIN_MESSAGE_MAP(CNativeDumperApp, CWinApp) 18 | //{{AFX_MSG_MAP(CNativeDumperApp) 19 | // NOTE - the ClassWizard will add and remove mapping macros here. 20 | // DO NOT EDIT what you see in these blocks of generated code! 21 | //}}AFX_MSG 22 | ON_COMMAND(ID_HELP, CWinApp::OnHelp) 23 | END_MESSAGE_MAP() 24 | 25 | ///////////////////////////////////////////////////////////////////////////// 26 | // CNativeDumperApp construction 27 | 28 | CNativeDumperApp::CNativeDumperApp() 29 | { 30 | // TODO: add construction code here, 31 | // Place all significant initialization in InitInstance 32 | } 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | // The one and only CNativeDumperApp object 36 | 37 | CNativeDumperApp theApp; 38 | 39 | ///////////////////////////////////////////////////////////////////////////// 40 | // CNativeDumperApp initialization 41 | 42 | BOOL CNativeDumperApp::InitInstance() 43 | { 44 | // Standard initialization 45 | // If you are not using these features and wish to reduce the size 46 | // of your final executable, you should remove from the following 47 | // the specific initialization routines you do not need. 48 | 49 | CNativeDumperDlg dlg; 50 | m_pMainWnd = &dlg; 51 | int nResponse = dlg.DoModal(); 52 | if (nResponse == IDOK) 53 | { 54 | // TODO: Place code here to handle when the dialog is 55 | // dismissed with OK 56 | } 57 | else if (nResponse == IDCANCEL) 58 | { 59 | // TODO: Place code here to handle when the dialog is 60 | // dismissed with Cancel 61 | } 62 | 63 | // Since the dialog has been closed, return FALSE so that we exit the 64 | // application, rather than start the application's message pump. 65 | return FALSE; 66 | } 67 | -------------------------------------------------------------------------------- /NativeDumper.dsp: -------------------------------------------------------------------------------- 1 | # Microsoft Developer Studio Project File - Name="NativeDumper" - Package Owner=<4> 2 | # Microsoft Developer Studio Generated Build File, Format Version 6.00 3 | # ** DO NOT EDIT ** 4 | 5 | # TARGTYPE "Win32 (x86) Application" 0x0101 6 | 7 | CFG=NativeDumper - Win32 Debug 8 | !MESSAGE This is not a valid makefile. To build this project using NMAKE, 9 | !MESSAGE use the Export Makefile command and run 10 | !MESSAGE 11 | !MESSAGE NMAKE /f "NativeDumper.mak". 12 | !MESSAGE 13 | !MESSAGE You can specify a configuration when running NMAKE 14 | !MESSAGE by defining the macro CFG on the command line. For example: 15 | !MESSAGE 16 | !MESSAGE NMAKE /f "NativeDumper.mak" CFG="NativeDumper - Win32 Debug" 17 | !MESSAGE 18 | !MESSAGE Possible choices for configuration are: 19 | !MESSAGE 20 | !MESSAGE "NativeDumper - Win32 Release" (based on "Win32 (x86) Application") 21 | !MESSAGE "NativeDumper - Win32 Debug" (based on "Win32 (x86) Application") 22 | !MESSAGE 23 | 24 | # Begin Project 25 | # PROP AllowPerConfigDependencies 0 26 | # PROP Scc_ProjName "" 27 | # PROP Scc_LocalPath "" 28 | CPP=cl.exe 29 | MTL=midl.exe 30 | RSC=rc.exe 31 | 32 | !IF "$(CFG)" == "NativeDumper - Win32 Release" 33 | 34 | # PROP BASE Use_MFC 6 35 | # PROP BASE Use_Debug_Libraries 0 36 | # PROP BASE Output_Dir "Release" 37 | # PROP BASE Intermediate_Dir "Release" 38 | # PROP BASE Target_Dir "" 39 | # PROP Use_MFC 6 40 | # PROP Use_Debug_Libraries 0 41 | # PROP Output_Dir "Release" 42 | # PROP Intermediate_Dir "Release" 43 | # PROP Target_Dir "" 44 | # ADD BASE CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /c 45 | # ADD CPP /nologo /MD /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /c 46 | # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32 47 | # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 48 | # ADD BASE RSC /l 0x409 /d "NDEBUG" /d "_AFXDLL" 49 | # ADD RSC /l 0x409 /d "NDEBUG" /d "_AFXDLL" 50 | BSC32=bscmake.exe 51 | # ADD BASE BSC32 /nologo 52 | # ADD BSC32 /nologo 53 | LINK32=link.exe 54 | # ADD BASE LINK32 /nologo /subsystem:windows /machine:I386 55 | # ADD LINK32 /nologo /subsystem:windows /machine:I386 56 | 57 | !ELSEIF "$(CFG)" == "NativeDumper - Win32 Debug" 58 | 59 | # PROP BASE Use_MFC 6 60 | # PROP BASE Use_Debug_Libraries 1 61 | # PROP BASE Output_Dir "Debug" 62 | # PROP BASE Intermediate_Dir "Debug" 63 | # PROP BASE Target_Dir "" 64 | # PROP Use_MFC 6 65 | # PROP Use_Debug_Libraries 1 66 | # PROP Output_Dir "Debug" 67 | # PROP Intermediate_Dir "Debug" 68 | # PROP Target_Dir "" 69 | # ADD BASE CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /Yu"stdafx.h" /FD /GZ /c 70 | # ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c 71 | # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32 72 | # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 73 | # ADD BASE RSC /l 0x409 /d "_DEBUG" /d "_AFXDLL" 74 | # ADD RSC /l 0x409 /d "_DEBUG" /d "_AFXDLL" 75 | BSC32=bscmake.exe 76 | # ADD BASE BSC32 /nologo 77 | # ADD BSC32 /nologo 78 | LINK32=link.exe 79 | # ADD BASE LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept 80 | # ADD LINK32 /nologo /subsystem:windows /debug /machine:I386 /pdbtype:sept 81 | 82 | !ENDIF 83 | 84 | # Begin Target 85 | 86 | # Name "NativeDumper - Win32 Release" 87 | # Name "NativeDumper - Win32 Debug" 88 | # Begin Group "Source Files" 89 | 90 | # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat" 91 | # Begin Source File 92 | 93 | SOURCE=.\DumpModuleDlg.cpp 94 | # End Source File 95 | # Begin Source File 96 | 97 | SOURCE=.\GenericPurposeMethods.cpp 98 | # End Source File 99 | # Begin Source File 100 | 101 | SOURCE=.\ModulesDlg.cpp 102 | # End Source File 103 | # Begin Source File 104 | 105 | SOURCE=.\NativeDumper.cpp 106 | # End Source File 107 | # Begin Source File 108 | 109 | SOURCE=.\NativeDumper.rc 110 | # End Source File 111 | # Begin Source File 112 | 113 | SOURCE=.\NativeDumperDlg.cpp 114 | # End Source File 115 | # Begin Source File 116 | 117 | SOURCE=.\NewEdit.cpp 118 | # End Source File 119 | # Begin Source File 120 | 121 | SOURCE=.\StdAfx.cpp 122 | # ADD CPP /Yc"stdafx.h" 123 | # End Source File 124 | # End Group 125 | # Begin Group "Header Files" 126 | 127 | # PROP Default_Filter "h;hpp;hxx;hm;inl" 128 | # Begin Source File 129 | 130 | SOURCE=.\DumpModuleDlg.h 131 | # End Source File 132 | # Begin Source File 133 | 134 | SOURCE=.\GenericPurposeMethods.h 135 | # End Source File 136 | # Begin Source File 137 | 138 | SOURCE=.\ModulesDlg.h 139 | # End Source File 140 | # Begin Source File 141 | 142 | SOURCE=.\NativeDumper.h 143 | # End Source File 144 | # Begin Source File 145 | 146 | SOURCE=.\NativeDumperDlg.h 147 | # End Source File 148 | # Begin Source File 149 | 150 | SOURCE=.\NewEdit.h 151 | # End Source File 152 | # Begin Source File 153 | 154 | SOURCE=.\Resource.h 155 | # End Source File 156 | # Begin Source File 157 | 158 | SOURCE=.\StdAfx.h 159 | # End Source File 160 | # End Group 161 | # Begin Group "Resource Files" 162 | 163 | # PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe" 164 | # Begin Source File 165 | 166 | SOURCE=.\res\NativeDumper.ico 167 | # End Source File 168 | # Begin Source File 169 | 170 | SOURCE=.\res\NativeDumper.rc2 171 | # End Source File 172 | # End Group 173 | # Begin Source File 174 | 175 | SOURCE=.\ReadMe.txt 176 | # End Source File 177 | # End Target 178 | # End Project 179 | -------------------------------------------------------------------------------- /NativeDumper.dsw: -------------------------------------------------------------------------------- 1 | Microsoft Developer Studio Workspace File, Format Version 6.00 2 | # WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE! 3 | 4 | ############################################################################### 5 | 6 | Project: "NativeDumper"=.\NativeDumper.dsp - Package Owner=<4> 7 | 8 | Package=<5> 9 | {{{ 10 | }}} 11 | 12 | Package=<4> 13 | {{{ 14 | }}} 15 | 16 | ############################################################################### 17 | 18 | Global: 19 | 20 | Package=<5> 21 | {{{ 22 | }}} 23 | 24 | Package=<3> 25 | {{{ 26 | }}} 27 | 28 | ############################################################################### 29 | 30 | -------------------------------------------------------------------------------- /NativeDumper.h: -------------------------------------------------------------------------------- 1 | // NativeDumper.h : main header file for the NATIVEDUMPER application 2 | // 3 | 4 | #if !defined(AFX_NATIVEDUMPER_H__582C232C_849A_4C7F_A620_BCB9FD8F36AE__INCLUDED_) 5 | #define AFX_NATIVEDUMPER_H__582C232C_849A_4C7F_A620_BCB9FD8F36AE__INCLUDED_ 6 | 7 | #if _MSC_VER > 1000 8 | #pragma once 9 | #endif // _MSC_VER > 1000 10 | 11 | #ifndef __AFXWIN_H__ 12 | #error include 'stdafx.h' before including this file for PCH 13 | #endif 14 | 15 | #include "resource.h" // main symbols 16 | 17 | ///////////////////////////////////////////////////////////////////////////// 18 | // CNativeDumperApp: 19 | // See NativeDumper.cpp for the implementation of this class 20 | // 21 | 22 | class CNativeDumperApp : public CWinApp 23 | { 24 | public: 25 | CNativeDumperApp(); 26 | 27 | // Overrides 28 | // ClassWizard generated virtual function overrides 29 | //{{AFX_VIRTUAL(CNativeDumperApp) 30 | public: 31 | virtual BOOL InitInstance(); 32 | //}}AFX_VIRTUAL 33 | 34 | // Implementation 35 | 36 | //{{AFX_MSG(CNativeDumperApp) 37 | // NOTE - the ClassWizard will add and remove member functions here. 38 | // DO NOT EDIT what you see in these blocks of generated code ! 39 | //}}AFX_MSG 40 | DECLARE_MESSAGE_MAP() 41 | }; 42 | 43 | 44 | ///////////////////////////////////////////////////////////////////////////// 45 | 46 | //{{AFX_INSERT_LOCATION}} 47 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 48 | 49 | #endif // !defined(AFX_NATIVEDUMPER_H__582C232C_849A_4C7F_A620_BCB9FD8F36AE__INCLUDED_) 50 | -------------------------------------------------------------------------------- /NativeDumper.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeCrackerSND/NativeDumper/446559560fa61f250a958ca4f217c22f43117c9b/NativeDumper.ico -------------------------------------------------------------------------------- /NativeDumper.ncb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeCrackerSND/NativeDumper/446559560fa61f250a958ca4f217c22f43117c9b/NativeDumper.ncb -------------------------------------------------------------------------------- /NativeDumper.opt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CodeCrackerSND/NativeDumper/446559560fa61f250a958ca4f217c22f43117c9b/NativeDumper.opt -------------------------------------------------------------------------------- /NativeDumper.plg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 
 4 | 
Build Log

 5 | 

 6 | --------------------Configuration: NativeDumper - Win32 Debug--------------------
 7 | 

 8 | 
Command Lines

 9 | Creating command line "rc.exe /l 0x409 /fo"Debug/NativeDumper.res" /d "_DEBUG" /d "_AFXDLL" "D:\NewProjects\Native\NativeDumper\NativeDumper.rc"" 
10 | Creating temporary file "C:\Users\Mihai\AppData\Local\Temp\RSPA490.tmp" with contents
11 | [
12 | /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Fp"Debug/NativeDumper.pch" /Yu"stdafx.h" /Fo"Debug/" /Fd"Debug/" /FD /GZ /c 
13 | "D:\NewProjects\Native\NativeDumper\DumpModuleDlg.cpp"
14 | "D:\NewProjects\Native\NativeDumper\GenericPurposeMethods.cpp"
15 | "D:\NewProjects\Native\NativeDumper\ModulesDlg.cpp"
16 | "D:\NewProjects\Native\NativeDumper\NativeDumper.cpp"
17 | "D:\NewProjects\Native\NativeDumper\NativeDumperDlg.cpp"
18 | "D:\NewProjects\Native\NativeDumper\NewEdit.cpp"
19 | ]
20 | Creating command line "cl.exe @C:\Users\Mihai\AppData\Local\Temp\RSPA490.tmp" 
21 | Creating temporary file "C:\Users\Mihai\AppData\Local\Temp\RSPA491.tmp" with contents
22 | [
23 | /nologo /MDd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_AFXDLL" /D "_MBCS" /Fp"Debug/NativeDumper.pch" /Yc"stdafx.h" /Fo"Debug/" /Fd"Debug/" /FD /GZ /c 
24 | "D:\NewProjects\Native\NativeDumper\StdAfx.cpp"
25 | ]
26 | Creating command line "cl.exe @C:\Users\Mihai\AppData\Local\Temp\RSPA491.tmp" 
27 | Creating temporary file "C:\Users\Mihai\AppData\Local\Temp\RSPA492.tmp" with contents
28 | [
29 | /nologo /subsystem:windows /incremental:yes /pdb:"Debug/NativeDumper.pdb" /debug /machine:I386 /out:"Debug/NativeDumper.exe" /pdbtype:sept 
30 | .\Debug\DumpModuleDlg.obj
31 | .\Debug\GenericPurposeMethods.obj
32 | .\Debug\ModulesDlg.obj
33 | .\Debug\NativeDumper.obj
34 | .\Debug\NativeDumperDlg.obj
35 | .\Debug\NewEdit.obj
36 | .\Debug\StdAfx.obj
37 | .\Debug\NativeDumper.res
38 | ]
39 | Creating command line "link.exe @C:\Users\Mihai\AppData\Local\Temp\RSPA492.tmp"
40 | 
Output Window

41 | Compiling resources...
42 | Compiling...
43 | StdAfx.cpp
44 | Compiling...
45 | DumpModuleDlg.cpp
46 | GenericPurposeMethods.cpp
47 | ModulesDlg.cpp
48 | NativeDumper.cpp
49 | NativeDumperDlg.cpp
50 | NewEdit.cpp
51 | Generating Code...
52 | Linking...
53 | 
54 | 
55 | 
56 | 
Results

57 | NativeDumper.exe - 0 error(s), 0 warning(s)
58 |
59 | 60 | 61 | -------------------------------------------------------------------------------- /NativeDumper.rc: -------------------------------------------------------------------------------- 1 | //Microsoft Developer Studio generated resource script. 2 | // 3 | #include "resource.h" 4 | 5 | #define APSTUDIO_READONLY_SYMBOLS 6 | ///////////////////////////////////////////////////////////////////////////// 7 | // 8 | // Generated from the TEXTINCLUDE 2 resource. 9 | // 10 | #include "afxres.h" 11 | 12 | ///////////////////////////////////////////////////////////////////////////// 13 | #undef APSTUDIO_READONLY_SYMBOLS 14 | 15 | ///////////////////////////////////////////////////////////////////////////// 16 | // English (U.S.) resources 17 | 18 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) 19 | #ifdef _WIN32 20 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 21 | #pragma code_page(1252) 22 | #endif //_WIN32 23 | 24 | #ifdef APSTUDIO_INVOKED 25 | ///////////////////////////////////////////////////////////////////////////// 26 | // 27 | // TEXTINCLUDE 28 | // 29 | 30 | 1 TEXTINCLUDE DISCARDABLE 31 | BEGIN 32 | "resource.h\0" 33 | END 34 | 35 | 2 TEXTINCLUDE DISCARDABLE 36 | BEGIN 37 | "#include ""afxres.h""\r\n" 38 | "\0" 39 | END 40 | 41 | 3 TEXTINCLUDE DISCARDABLE 42 | BEGIN 43 | "#define _AFX_NO_SPLITTER_RESOURCES\r\n" 44 | "#define _AFX_NO_OLE_RESOURCES\r\n" 45 | "#define _AFX_NO_TRACKER_RESOURCES\r\n" 46 | "#define _AFX_NO_PROPERTY_RESOURCES\r\n" 47 | "\r\n" 48 | "#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)\r\n" 49 | "#ifdef _WIN32\r\n" 50 | "LANGUAGE 9, 1\r\n" 51 | "#pragma code_page(1252)\r\n" 52 | "#endif //_WIN32\r\n" 53 | "#include ""res\\NativeDumper.rc2"" // non-Microsoft Visual C++ edited resources\r\n" 54 | "#include ""afxres.rc"" // Standard components\r\n" 55 | "#endif\r\n" 56 | "\0" 57 | END 58 | 59 | #endif // APSTUDIO_INVOKED 60 | 61 | 62 | ///////////////////////////////////////////////////////////////////////////// 63 | // 64 | // Icon 65 | // 66 | 67 | // Icon with lowest ID value placed first to ensure application icon 68 | // remains consistent on all systems. 69 | IDR_MAINFRAME ICON DISCARDABLE "res\\NativeDumper.ico" 70 | 71 | ///////////////////////////////////////////////////////////////////////////// 72 | // 73 | // Dialog 74 | // 75 | 76 | IDD_NATIVEDUMPER_DIALOG DIALOGEX 0, 0, 320, 313 77 | STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU 78 | EXSTYLE WS_EX_APPWINDOW 79 | CAPTION "NativeDumper by CodeCracker / SnD" 80 | FONT 8, "MS Sans Serif", 0, 0, 0x1 81 | BEGIN 82 | CONTROL "List1",IDC_LIST1,"SysListView32",LVS_REPORT | WS_BORDER | 83 | WS_TABSTOP,7,7,306,299 84 | END 85 | 86 | IDD_DUMPMODULEDLG_DIALOG DIALOG DISCARDABLE 0, 0, 198, 160 87 | STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU 88 | CAPTION "Dump module " 89 | FONT 8, "MS Sans Serif" 90 | BEGIN 91 | CONTROL "Change EP",IDC_CHANGEEP,"Button",BS_AUTOCHECKBOX | 92 | WS_TABSTOP,75,36,52,10 93 | CONTROL "Fix SizeOfImage",IDC_FixSizeOfImage,"Button", 94 | BS_AUTOCHECKBOX | WS_TABSTOP,24,17,67,10 95 | LTEXT "New EntryPoint:",IDC_STATIC,75,46,52,8 96 | EDITTEXT IDC_NEWEntryPoint,73,57,86,13,ES_AUTOHSCROLL 97 | PUSHBUTTON "Dump",IDC_DumpBTN,24,130,42,12 98 | LTEXT "Status",IDC_STATUS_ST,19,150,121,8 99 | CONTROL "Round raw size",IDC_ROUND_RAW_SIZE,"Button", 100 | BS_AUTOCHECKBOX | WS_TABSTOP,93,18,65,10 101 | CONTROL "Original raw",IDC_ORIGINAL_RAW,"Button", 102 | BS_AUTORADIOBUTTON | WS_GROUP,29,113,53,10 103 | CONTROL "RAW=VA",IDC_RAW_EQ_VA,"Button",BS_AUTORADIOBUTTON,81, 104 | 113,47,10 105 | CONTROL "Calculate raw",IDC_CALCULATE_RAW,"Button", 106 | BS_AUTORADIOBUTTON,129,113,59,10 107 | CONTROL "Memory",IDC_SECTIONS_FROM_MEMORY,"Button", 108 | BS_AUTORADIOBUTTON | WS_GROUP,30,87,41,10 109 | GROUPBOX "Sections info from:",IDC_STATIC,24,79,101,23 110 | CONTROL "File",IDC_SECTIONS_FROM_FILE,"Button", 111 | BS_AUTORADIOBUTTON,77,87,27,10 112 | PUSHBUTTON "Current EIP",IDC_BUT_CURRENT_EIP,23,57,46,14 113 | GROUPBOX "Raw",IDC_STATIC,13,103,181,27 114 | CONTROL "Fix packers",IDC_FIX_PACKERS,"Button",BS_AUTOCHECKBOX | 115 | WS_TABSTOP,24,37,52,10 116 | END 117 | 118 | IDD_MODULES DIALOG DISCARDABLE 0, 0, 320, 313 119 | STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU 120 | CAPTION "Modules for " 121 | FONT 8, "MS Sans Serif" 122 | BEGIN 123 | CONTROL "List1",IDC_LIST1,"SysListView32",LVS_REPORT | WS_BORDER | 124 | WS_TABSTOP,7,7,306,299 125 | END 126 | 127 | 128 | #ifndef _MAC 129 | ///////////////////////////////////////////////////////////////////////////// 130 | // 131 | // Version 132 | // 133 | 134 | VS_VERSION_INFO VERSIONINFO 135 | FILEVERSION 1,0,0,1 136 | PRODUCTVERSION 1,0,0,1 137 | FILEFLAGSMASK 0x3fL 138 | #ifdef _DEBUG 139 | FILEFLAGS 0x1L 140 | #else 141 | FILEFLAGS 0x0L 142 | #endif 143 | FILEOS 0x4L 144 | FILETYPE 0x1L 145 | FILESUBTYPE 0x0L 146 | BEGIN 147 | BLOCK "StringFileInfo" 148 | BEGIN 149 | BLOCK "040904B0" 150 | BEGIN 151 | VALUE "CompanyName", "\0" 152 | VALUE "FileDescription", "NativeDumper MFC Application\0" 153 | VALUE "FileVersion", "1, 0, 0, 1\0" 154 | VALUE "InternalName", "NativeDumper\0" 155 | VALUE "LegalCopyright", "Copyright (C) 2016\0" 156 | VALUE "LegalTrademarks", "\0" 157 | VALUE "OriginalFilename", "NativeDumper.EXE\0" 158 | VALUE "ProductName", "NativeDumper Application\0" 159 | VALUE "ProductVersion", "1, 0, 0, 1\0" 160 | END 161 | END 162 | BLOCK "VarFileInfo" 163 | BEGIN 164 | VALUE "Translation", 0x409, 1200 165 | END 166 | END 167 | 168 | #endif // !_MAC 169 | 170 | 171 | ///////////////////////////////////////////////////////////////////////////// 172 | // 173 | // DESIGNINFO 174 | // 175 | 176 | #ifdef APSTUDIO_INVOKED 177 | GUIDELINES DESIGNINFO DISCARDABLE 178 | BEGIN 179 | IDD_NATIVEDUMPER_DIALOG, DIALOG 180 | BEGIN 181 | LEFTMARGIN, 7 182 | RIGHTMARGIN, 313 183 | TOPMARGIN, 7 184 | BOTTOMMARGIN, 193 185 | END 186 | 187 | IDD_DUMPMODULEDLG_DIALOG, DIALOG 188 | BEGIN 189 | LEFTMARGIN, 7 190 | RIGHTMARGIN, 194 191 | TOPMARGIN, 7 192 | BOTTOMMARGIN, 150 193 | END 194 | 195 | IDD_MODULES, DIALOG 196 | BEGIN 197 | LEFTMARGIN, 7 198 | RIGHTMARGIN, 313 199 | TOPMARGIN, 7 200 | BOTTOMMARGIN, 194 201 | END 202 | END 203 | #endif // APSTUDIO_INVOKED 204 | 205 | 206 | ///////////////////////////////////////////////////////////////////////////// 207 | // 208 | // Menu 209 | // 210 | 211 | IDR_PROCESSMENU MENU DISCARDABLE 212 | BEGIN 213 | POPUP "Process" 214 | BEGIN 215 | MENUITEM "Modules", ID_MODULES 216 | MENUITEM "Dump main module", ID_DUMPMAINMODULE 217 | MENUITEM "Refresh", ID_REFRESH 218 | END 219 | END 220 | 221 | IDR_MODULEMENU MENU DISCARDABLE 222 | BEGIN 223 | POPUP "Module" 224 | BEGIN 225 | MENUITEM "Dump", ID_MODULE_DUMP 226 | MENUITEM "Refresh", ID_MODULE_REFRESH 227 | END 228 | END 229 | 230 | #endif // English (U.S.) resources 231 | ///////////////////////////////////////////////////////////////////////////// 232 | 233 | 234 | 235 | #ifndef APSTUDIO_INVOKED 236 | ///////////////////////////////////////////////////////////////////////////// 237 | // 238 | // Generated from the TEXTINCLUDE 3 resource. 239 | // 240 | #define _AFX_NO_SPLITTER_RESOURCES 241 | #define _AFX_NO_OLE_RESOURCES 242 | #define _AFX_NO_TRACKER_RESOURCES 243 | #define _AFX_NO_PROPERTY_RESOURCES 244 | 245 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) 246 | #ifdef _WIN32 247 | LANGUAGE 9, 1 248 | #pragma code_page(1252) 249 | #endif //_WIN32 250 | #include "res\NativeDumper.rc2" // non-Microsoft Visual C++ edited resources 251 | #include "afxres.rc" // Standard components 252 | #endif 253 | 254 | ///////////////////////////////////////////////////////////////////////////// 255 | #endif // not APSTUDIO_INVOKED 256 | 257 | -------------------------------------------------------------------------------- /NativeDumper.rc2: -------------------------------------------------------------------------------- 1 | // 2 | // NATIVEDUMPER.RC2 - resources Microsoft Visual C++ does not edit directly 3 | // 4 | 5 | #ifdef APSTUDIO_INVOKED 6 | #error this file is not editable by Microsoft Visual C++ 7 | #endif //APSTUDIO_INVOKED 8 | 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // Add manually edited resources here... 12 | 13 | ///////////////////////////////////////////////////////////////////////////// 14 | -------------------------------------------------------------------------------- /NativeDumperDlg.cpp: -------------------------------------------------------------------------------- 1 | // NativeDumperDlg.cpp : implementation file 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "NativeDumper.h" 6 | #include "NativeDumperDlg.h" 7 | #include "GenericPurposeMethods.h" 8 | 9 | #include "C:\Program Files (x86)\Microsoft SDK\include\Psapi.h" 10 | #pragma comment (lib, "Psapi.lib") 11 | 12 | #ifdef _DEBUG 13 | #define new DEBUG_NEW 14 | #undef THIS_FILE 15 | static char THIS_FILE[] = __FILE__; 16 | #endif 17 | 18 | ///////////////////////////////////////////////////////////////////////////// 19 | // CNativeDumperDlg dialog 20 | 21 | CNativeDumperDlg::CNativeDumperDlg(CWnd* pParent /*=NULL*/) 22 | : CDialog(CNativeDumperDlg::IDD, pParent) 23 | { 24 | //{{AFX_DATA_INIT(CNativeDumperDlg) 25 | // NOTE: the ClassWizard will add member initialization here 26 | //}}AFX_DATA_INIT 27 | // Note that LoadIcon does not require a subsequent DestroyIcon in Win32 28 | m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); 29 | } 30 | 31 | void CNativeDumperDlg::DoDataExchange(CDataExchange* pDX) 32 | { 33 | CDialog::DoDataExchange(pDX); 34 | //{{AFX_DATA_MAP(CNativeDumperDlg) 35 | DDX_Control(pDX, IDC_LIST1, m_cListCtrl); 36 | //}}AFX_DATA_MAP 37 | } 38 | 39 | BEGIN_MESSAGE_MAP(CNativeDumperDlg, CDialog) 40 | //{{AFX_MSG_MAP(CNativeDumperDlg) 41 | ON_WM_PAINT() 42 | ON_WM_QUERYDRAGICON() 43 | ON_NOTIFY(NM_RCLICK, IDC_LIST1, OnRclickList1) 44 | //}}AFX_MSG_MAP 45 | END_MESSAGE_MAP() 46 | 47 | ///////////////////////////////////////////////////////////////////////////// 48 | // CNativeDumperDlg message handlers 49 | 50 | BOOL CNativeDumperDlg::OnInitDialog() 51 | { 52 | CDialog::OnInitDialog(); 53 | 54 | // Set the icon for this dialog. The framework does this automatically 55 | // when the application's main window is not a dialog 56 | SetIcon(m_hIcon, TRUE); // Set big icon 57 | SetIcon(m_hIcon, FALSE); // Set small icon 58 | 59 | // TODO: Add extra initialization here 60 | DWORD dwStyle = m_cListCtrl.GetExtendedStyle(); 61 | dwStyle |= LVS_EX_FULLROWSELECT; 62 | 63 | // Setup the list control 64 | m_cListCtrl.SetExtendedStyle(dwStyle); 65 | 66 | // Create the columns 67 | CRect rect; 68 | m_cListCtrl.GetClientRect(&rect); 69 | int size = rect.Width()/3-16; 70 | m_cListCtrl.InsertColumn(0, _T("ProcessName"), LVCFMT_LEFT, size*2); 71 | m_cListCtrl.InsertColumn(1, _T("pid"), LVCFMT_LEFT, size); 72 | 73 | RefreshProcessList(); 74 | return TRUE; // return TRUE unless you set the focus to a control 75 | } 76 | 77 | // If you add a minimize button to your dialog, you will need the code below 78 | // to draw the icon. For MFC applications using the document/view model, 79 | // this is automatically done for you by the framework. 80 | 81 | void CNativeDumperDlg::OnPaint() 82 | { 83 | if (IsIconic()) 84 | { 85 | CPaintDC dc(this); // device context for painting 86 | 87 | SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0); 88 | 89 | // Center icon in client rectangle 90 | int cxIcon = GetSystemMetrics(SM_CXICON); 91 | int cyIcon = GetSystemMetrics(SM_CYICON); 92 | CRect rect; 93 | GetClientRect(&rect); 94 | int x = (rect.Width() - cxIcon + 1) / 2; 95 | int y = (rect.Height() - cyIcon + 1) / 2; 96 | 97 | // Draw the icon 98 | dc.DrawIcon(x, y, m_hIcon); 99 | } 100 | else 101 | { 102 | CDialog::OnPaint(); 103 | } 104 | } 105 | 106 | // The system calls this to obtain the cursor to display while the user drags 107 | // the minimized window. 108 | HCURSOR CNativeDumperDlg::OnQueryDragIcon() 109 | { 110 | return (HCURSOR) m_hIcon; 111 | } 112 | 113 | BOOL CNativeDumperDlg::EnableDebugPrivileges() 114 | { 115 | HANDLE tokenHandle; 116 | LUID luid; 117 | TOKEN_PRIVILEGES newPrivileges; 118 | 119 | if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &tokenHandle)) 120 | return FALSE; 121 | 122 | if(!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid)) 123 | { 124 | CloseHandle(tokenHandle); 125 | return FALSE; 126 | } 127 | 128 | newPrivileges.PrivilegeCount = 1; 129 | newPrivileges.Privileges[0].Luid = luid; 130 | newPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 131 | 132 | if(!AdjustTokenPrivileges(tokenHandle, FALSE, &newPrivileges, sizeof(newPrivileges), NULL, NULL)) 133 | { 134 | CloseHandle(tokenHandle); 135 | return FALSE; 136 | } 137 | 138 | CloseHandle(tokenHandle); 139 | 140 | return TRUE; 141 | } 142 | 143 | void CNativeDumperDlg::RefreshProcessList() 144 | { 145 | 146 | m_cListCtrl.DeleteAllItems(); // clean old items! 147 | 148 | EnableDebugPrivileges(); // enable debug privileges for this process 149 | // Get the list of process identifiers. 150 | DWORD aProcesses[1024], cbNeeded, cProcesses; 151 | unsigned int i; 152 | 153 | if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) 154 | return; 155 | 156 | // Calculate how many process identifiers were returned. 157 | cProcesses = cbNeeded / sizeof(DWORD); 158 | 159 | // The name and process identifier for each process. 160 | for ( i = 0; i < cProcesses; i++ ) 161 | { 162 | if( aProcesses[i] != 0 ) 163 | { 164 | TCHAR szProcessName[MAX_PATH] = TEXT(""); 165 | 166 | 167 | // Get a handle to the process. 168 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | 169 | PROCESS_VM_READ, 170 | FALSE, aProcesses[i] ); 171 | 172 | // DWORD Error = GetLastError(); 173 | // Get the process name. 174 | if (NULL != hProcess ) 175 | { 176 | HMODULE hMod; 177 | DWORD cbNeeded; 178 | 179 | if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), 180 | &cbNeeded) ) 181 | { 182 | GetModuleBaseName( hProcess, hMod, szProcessName, 183 | sizeof(szProcessName)/sizeof(TCHAR) ); 184 | } 185 | } 186 | 187 | // Add the process name and identifier. 188 | LVITEM lvi; 189 | CString strItem; 190 | 191 | // Insert the first item 192 | lvi.mask = LVIF_TEXT; 193 | lvi.iItem = m_cListCtrl.GetItemCount(); // this starts with 0! 194 | 195 | // insert subitem 0 196 | lvi.iSubItem = 0; 197 | lvi.pszText = (LPTSTR)(szProcessName); 198 | m_cListCtrl.InsertItem(&lvi); 199 | 200 | CString cpid; 201 | cpid.Format(_T("%d"), aProcesses[i]); 202 | // insert subitem 1 203 | lvi.iSubItem =1; 204 | lvi.pszText = (char*)LPCTSTR(cpid); 205 | m_cListCtrl.SetItem(&lvi); 206 | 207 | // Release the handle to the process. 208 | CloseHandle( hProcess ); 209 | } 210 | } 211 | } 212 | 213 | void CNativeDumperDlg::OnRclickList1(NMHDR* pNMHDR, LRESULT* pResult) 214 | { 215 | // TODO: Add your control notification handler code here 216 | CMenu menu; 217 | menu.LoadMenu(IDR_PROCESSMENU); // our context menu 218 | CMenu* pPopup = menu.GetSubMenu(0); 219 | 220 | RECT rect; 221 | GetWindowRect(&rect); 222 | CPoint mousepos; 223 | GetCursorPos(&mousepos); 224 | pPopup->TrackPopupMenu(NULL,mousepos.x,mousepos.y, this); 225 | 226 | // The menu is a temporary MFC object, no need to delete it. 227 | *pResult = 0; 228 | } 229 | 230 | BOOL CNativeDumperDlg::OnCommand(WPARAM wParam, LPARAM lParam) 231 | { 232 | // TODO: Add your specialized code here and/or call the base class 233 | if (HIWORD(wParam) == BN_CLICKED) // if button clicked 234 | { 235 | switch(LOWORD(wParam)) // Retrieves the low-order word from the specified value. 236 | { 237 | case ID_MODULES: 238 | { 239 | if (!IsWindow(modulesdlg.m_hWnd)||!modulesdlg.IsWindowVisible()) 240 | { 241 | 242 | ModulesDlg m_pmodulesdialog = new ModulesDlg(this); 243 | modulesdlg = m_pmodulesdialog; 244 | POSITION pos = m_cListCtrl.GetFirstSelectedItemPosition(); 245 | int position = m_cListCtrl.GetNextSelectedItem(pos); 246 | 247 | modulesdlg.processname = m_cListCtrl.GetItemText(position, 0); // item number, subitem number 248 | CString pid_str = m_cListCtrl.GetItemText(position, 1); // 1 since we need process id 249 | modulesdlg.processid = GenericPurposeMethods::StringToNumber(pid_str.GetBuffer(pid_str.GetLength())); 250 | //testdlg.DoModal(); // not modal one! 251 | BOOL ret = modulesdlg.Create(IDD_MODULES,this); 252 | if (ret) // If create not failed. 253 | modulesdlg.ShowWindow(SW_SHOWNORMAL); 254 | } 255 | 256 | break; 257 | } 258 | 259 | 260 | 261 | case ID_DUMPMAINMODULE: 262 | { 263 | 264 | if (!IsWindow(dmoduledlg.m_hWnd)||!dmoduledlg.IsWindowVisible()) 265 | { 266 | 267 | DumpModuleDlg m_pdmoduledialog = new DumpModuleDlg(this); 268 | dmoduledlg = m_pdmoduledialog; 269 | POSITION pos = m_cListCtrl.GetFirstSelectedItemPosition(); 270 | int position = m_cListCtrl.GetNextSelectedItem(pos); 271 | 272 | dmoduledlg.processname = m_cListCtrl.GetItemText(position, 0); // item number, subitem number 273 | CString pid_str = m_cListCtrl.GetItemText(position, 1); // 1 since we need process id 274 | dmoduledlg.processid = GenericPurposeMethods::StringToNumber(pid_str.GetBuffer(pid_str.GetLength())); 275 | 276 | // Get a handle to the process. 277 | HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | 278 | PROCESS_VM_READ, 279 | FALSE, dmoduledlg.processid ); 280 | 281 | // DWORD Error = GetLastError(); 282 | // Get the process name. 283 | if (NULL != hProcess ) 284 | { 285 | HMODULE hMod; 286 | DWORD cbNeeded; 287 | 288 | if ( EnumProcessModules( hProcess, &hMod, sizeof(hMod), 289 | &cbNeeded) ) 290 | { 291 | TCHAR szProcessName[MAX_PATH] = TEXT(""); 292 | GetModuleBaseName( hProcess, hMod, szProcessName, 293 | sizeof(szProcessName)/sizeof(TCHAR) ); 294 | 295 | for (int i=0;i 1000 10 | #pragma once 11 | #endif // _MSC_VER > 1000 12 | 13 | ///////////////////////////////////////////////////////////////////////////// 14 | // CNativeDumperDlg dialog 15 | 16 | class CNativeDumperDlg : public CDialog 17 | { 18 | // Construction 19 | public: 20 | CNativeDumperDlg(CWnd* pParent = NULL); // standard constructor 21 | static BOOL EnableDebugPrivileges(); 22 | 23 | ModulesDlg modulesdlg; 24 | DumpModuleDlg dmoduledlg; 25 | // Dialog Data 26 | //{{AFX_DATA(CNativeDumperDlg) 27 | enum { IDD = IDD_NATIVEDUMPER_DIALOG }; 28 | CListCtrl m_cListCtrl; 29 | //}}AFX_DATA 30 | 31 | // ClassWizard generated virtual function overrides 32 | //{{AFX_VIRTUAL(CNativeDumperDlg) 33 | protected: 34 | virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support 35 | virtual BOOL OnCommand(WPARAM wParam, LPARAM lParam); 36 | //}}AFX_VIRTUAL 37 | 38 | // Implementation 39 | protected: 40 | void RefreshProcessList(); 41 | HICON m_hIcon; 42 | 43 | // Generated message map functions 44 | //{{AFX_MSG(CNativeDumperDlg) 45 | virtual BOOL OnInitDialog(); 46 | afx_msg void OnPaint(); 47 | afx_msg HCURSOR OnQueryDragIcon(); 48 | afx_msg void OnRclickList1(NMHDR* pNMHDR, LRESULT* pResult); 49 | //}}AFX_MSG 50 | DECLARE_MESSAGE_MAP() 51 | }; 52 | 53 | //{{AFX_INSERT_LOCATION}} 54 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 55 | 56 | #endif // !defined(AFX_NATIVEDUMPERDLG_H__646483B9_F49A_4496_92F9_A35784B1060A__INCLUDED_) 57 | -------------------------------------------------------------------------------- /NewEdit.cpp: -------------------------------------------------------------------------------- 1 | // NewEdit.cpp : implementation file 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "NativeDumper.h" 6 | #include "NewEdit.h" 7 | 8 | #ifdef _DEBUG 9 | #define new DEBUG_NEW 10 | #undef THIS_FILE 11 | static char THIS_FILE[] = __FILE__; 12 | #endif 13 | 14 | ///////////////////////////////////////////////////////////////////////////// 15 | // NewEdit 16 | 17 | NewEdit::NewEdit() 18 | { 19 | } 20 | 21 | NewEdit::~NewEdit() 22 | { 23 | } 24 | 25 | 26 | BEGIN_MESSAGE_MAP(NewEdit, CEdit) 27 | //{{AFX_MSG_MAP(NewEdit) 28 | ON_WM_CHAR() 29 | //}}AFX_MSG_MAP 30 | END_MESSAGE_MAP() 31 | 32 | ///////////////////////////////////////////////////////////////////////////// 33 | // NewEdit message handlers 34 | 35 | void NewEdit::OnChar(UINT nChar, UINT nRepCnt, UINT nFlags) 36 | { 37 | // TODO: Add your message handler code here and/or call default 38 | if (islower(nChar)) nChar -=32; // MAKE CHAR UPPER IF IS LOWER 39 | 40 | if ((nChar>=48&&nChar<=57)||(nChar>=65&&nChar<=70)) 41 | DefWindowProc(WM_CHAR, nChar,0); 42 | 43 | if (nChar == VK_BACK||nChar == VK_DELETE) // if backslash or delete key 44 | DefWindowProc(WM_CHAR, nChar,0); 45 | 46 | // Originaly calls this: 47 | //CEdit::OnChar(nChar, nRepCnt, nFlags); 48 | } 49 | 50 | void NewEdit::PreSubclassWindow() 51 | { 52 | // TODO: Add your specialized code here and/or call the base class 53 | this->SetLimitText(8); // set max text lenght to 8 54 | CEdit::PreSubclassWindow(); 55 | } 56 | -------------------------------------------------------------------------------- /NewEdit.h: -------------------------------------------------------------------------------- 1 | #if !defined(AFX_NEWEDIT_H__C7ADE44F_91C6_4741_BE27_5A11F8D50BAF__INCLUDED_) 2 | #define AFX_NEWEDIT_H__C7ADE44F_91C6_4741_BE27_5A11F8D50BAF__INCLUDED_ 3 | 4 | #if _MSC_VER > 1000 5 | #pragma once 6 | #endif // _MSC_VER > 1000 7 | // NewEdit.h : header file 8 | // 9 | 10 | ///////////////////////////////////////////////////////////////////////////// 11 | // NewEdit window 12 | 13 | class NewEdit : public CEdit 14 | { 15 | // Construction 16 | public: 17 | NewEdit(); 18 | 19 | // Attributes 20 | public: 21 | 22 | // Operations 23 | public: 24 | 25 | // Overrides 26 | // ClassWizard generated virtual function overrides 27 | //{{AFX_VIRTUAL(NewEdit) 28 | protected: 29 | virtual void PreSubclassWindow(); 30 | //}}AFX_VIRTUAL 31 | 32 | // Implementation 33 | public: 34 | virtual ~NewEdit(); 35 | 36 | // Generated message map functions 37 | protected: 38 | //{{AFX_MSG(NewEdit) 39 | afx_msg void OnChar(UINT nChar, UINT nRepCnt, UINT nFlags); 40 | //}}AFX_MSG 41 | 42 | DECLARE_MESSAGE_MAP() 43 | }; 44 | 45 | ///////////////////////////////////////////////////////////////////////////// 46 | 47 | //{{AFX_INSERT_LOCATION}} 48 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 49 | 50 | #endif // !defined(AFX_NEWEDIT_H__C7ADE44F_91C6_4741_BE27_5A11F8D50BAF__INCLUDED_) 51 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NativeDumper 2 | Native module dumper 3 | -------------------------------------------------------------------------------- /ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | MICROSOFT FOUNDATION CLASS LIBRARY : NativeDumper 3 | ======================================================================== 4 | 5 | 6 | AppWizard has created this NativeDumper application for you. This application 7 | not only demonstrates the basics of using the Microsoft Foundation classes 8 | but is also a starting point for writing your application. 9 | 10 | This file contains a summary of what you will find in each of the files that 11 | make up your NativeDumper application. 12 | 13 | NativeDumper.dsp 14 | This file (the project file) contains information at the project level and 15 | is used to build a single project or subproject. Other users can share the 16 | project (.dsp) file, but they should export the makefiles locally. 17 | 18 | NativeDumper.h 19 | This is the main header file for the application. It includes other 20 | project specific headers (including Resource.h) and declares the 21 | CNativeDumperApp application class. 22 | 23 | NativeDumper.cpp 24 | This is the main application source file that contains the application 25 | class CNativeDumperApp. 26 | 27 | NativeDumper.rc 28 | This is a listing of all of the Microsoft Windows resources that the 29 | program uses. It includes the icons, bitmaps, and cursors that are stored 30 | in the RES subdirectory. This file can be directly edited in Microsoft 31 | Visual C++. 32 | 33 | NativeDumper.clw 34 | This file contains information used by ClassWizard to edit existing 35 | classes or add new classes. ClassWizard also uses this file to store 36 | information needed to create and edit message maps and dialog data 37 | maps and to create prototype member functions. 38 | 39 | res\NativeDumper.ico 40 | This is an icon file, which is used as the application's icon. This 41 | icon is included by the main resource file NativeDumper.rc. 42 | 43 | res\NativeDumper.rc2 44 | This file contains resources that are not edited by Microsoft 45 | Visual C++. You should place all resources not editable by 46 | the resource editor in this file. 47 | 48 | 49 | 50 | 51 | ///////////////////////////////////////////////////////////////////////////// 52 | 53 | AppWizard creates one dialog class: 54 | 55 | NativeDumperDlg.h, NativeDumperDlg.cpp - the dialog 56 | These files contain your CNativeDumperDlg class. This class defines 57 | the behavior of your application's main dialog. The dialog's 58 | template is in NativeDumper.rc, which can be edited in Microsoft 59 | Visual C++. 60 | 61 | 62 | ///////////////////////////////////////////////////////////////////////////// 63 | Other standard files: 64 | 65 | StdAfx.h, StdAfx.cpp 66 | These files are used to build a precompiled header (PCH) file 67 | named NativeDumper.pch and a precompiled types file named StdAfx.obj. 68 | 69 | Resource.h 70 | This is the standard header file, which defines new resource IDs. 71 | Microsoft Visual C++ reads and updates this file. 72 | 73 | ///////////////////////////////////////////////////////////////////////////// 74 | Other notes: 75 | 76 | AppWizard uses "TODO:" to indicate parts of the source code you 77 | should add to or customize. 78 | 79 | If your application uses MFC in a shared DLL, and your application is 80 | in a language other than the operating system's current language, you 81 | will need to copy the corresponding localized resources MFC42XXX.DLL 82 | from the Microsoft Visual C++ CD-ROM onto the system or system32 directory, 83 | and rename it to be MFCLOC.DLL. ("XXX" stands for the language abbreviation. 84 | For example, MFC42DEU.DLL contains resources translated to German.) If you 85 | don't do this, some of the UI elements of your application will remain in the 86 | language of the operating system. 87 | 88 | ///////////////////////////////////////////////////////////////////////////// 89 | -------------------------------------------------------------------------------- /StdAfx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // NativeDumper.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /StdAfx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #if !defined(AFX_STDAFX_H__78F4D3BD_0750_404F_8032_71D99371B909__INCLUDED_) 7 | #define AFX_STDAFX_H__78F4D3BD_0750_404F_8032_71D99371B909__INCLUDED_ 8 | 9 | #if _MSC_VER > 1000 10 | #pragma once 11 | #endif // _MSC_VER > 1000 12 | 13 | #define VC_EXTRALEAN // Exclude rarely-used stuff from Windows headers 14 | 15 | #include // MFC core and standard components 16 | #include // MFC extensions 17 | #include // MFC support for Internet Explorer 4 Common Controls 18 | #ifndef _AFX_NO_AFXCMN_SUPPORT 19 | #include // MFC support for Windows Common Controls 20 | #endif // _AFX_NO_AFXCMN_SUPPORT 21 | 22 | 23 | //{{AFX_INSERT_LOCATION}} 24 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 25 | 26 | #endif // !defined(AFX_STDAFX_H__78F4D3BD_0750_404F_8032_71D99371B909__INCLUDED_) 27 | -------------------------------------------------------------------------------- /resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Developer Studio generated include file. 3 | // Used by NativeDumper.rc 4 | // 5 | #define IDD_NATIVEDUMPER_DIALOG 102 6 | #define IDD_DUMPMODULEDLG_DIALOG 103 7 | #define IDD_MODULES 104 8 | #define IDR_MAINFRAME 128 9 | #define IDR_PROCESSMENU 130 10 | #define IDR_MODULEMENU 132 11 | #define IDC_LIST1 1000 12 | #define IDC_CHANGEEP 1000 13 | #define IDC_FixSizeOfImage 1001 14 | #define IDC_NEWEntryPoint 1004 15 | #define IDC_DumpBTN 1005 16 | #define IDC_STATUS_ST 1006 17 | #define IDC_ROUND_RAW_SIZE 1010 18 | #define IDC_ORIGINAL_RAW 1011 19 | #define IDC_RAW_EQ_VA 1012 20 | #define IDC_CALCULATE_RAW 1013 21 | #define IDC_SECTIONS_FROM_MEMORY 1014 22 | #define IDC_SECTIONS_FROM_FILE 1015 23 | #define IDC_BUT_CURRENT_EIP 1016 24 | #define IDC_FIX_PACKERS 1017 25 | #define ID_MODULES 32771 26 | #define ID_DUMPMAINMODULE 32772 27 | #define ID_REFRESH 32773 28 | #define ID_MODULE_DUMP 32774 29 | #define ID_MODULE_REFRESH 32775 30 | 31 | // Next default values for new objects 32 | // 33 | #ifdef APSTUDIO_INVOKED 34 | #ifndef APSTUDIO_READONLY_SYMBOLS 35 | #define _APS_NEXT_RESOURCE_VALUE 133 36 | #define _APS_NEXT_COMMAND_VALUE 32776 37 | #define _APS_NEXT_CONTROL_VALUE 1018 38 | #define _APS_NEXT_SYMED_VALUE 105 39 | #endif 40 | #endif 41 | --------------------------------------------------------------------------------