├── .gitattributes
├── AheadLib.aps
├── AheadLib.rc
├── screen1.png
├── res
    ├── AheadLib.ico
    └── AheadLib.rc2
├── Release
    └── AheadLib.exe
├── stdafx.cpp
├── targetver.h
├── AheadLib.vcxproj.user
├── README.md
├── .gitignore
├── AheadLib.h
├── AheadLib.sln
├── resource.h
├── stdafx.h
├── AheadLibDlg.h
├── AheadLib.cpp
├── AheadLib.vcxproj.filters
├── AheadSource.h
├── AheadLib.vcxproj
└── AheadLibDlg.cpp


/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/AheadLib.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/AheadLib.aps


--------------------------------------------------------------------------------
/AheadLib.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/AheadLib.rc


--------------------------------------------------------------------------------
/screen1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/screen1.png


--------------------------------------------------------------------------------
/res/AheadLib.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/res/AheadLib.ico


--------------------------------------------------------------------------------
/res/AheadLib.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/res/AheadLib.rc2


--------------------------------------------------------------------------------
/Release/AheadLib.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/strivexjun/AheadLib-x86-x64/HEAD/Release/AheadLib.exe


--------------------------------------------------------------------------------
/stdafx.cpp:
--------------------------------------------------------------------------------
1 | 
2 | // stdafx.cpp : 只包括标准包含文件的源文件
3 | // AheadLib.pch 将作为预编译标头
4 | // stdafx.obj 将包含预编译类型信息
5 | 
6 | #include "stdafx.h"
7 | 
8 | 
9 | 


--------------------------------------------------------------------------------
/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 | 
5 | // 如果要为以前的 Windows 平台生成应用程序，请包括 WinSDKVer.h，并将
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台，然后再包括 SDKDDKVer.h。
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/AheadLib.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup>
4 |     <RESOURCE_FILE>AheadLib.rc</RESOURCE_FILE>
5 |   </PropertyGroup>
6 | </Project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # AheadLib-x86-x64
 2 | 
 3 | ## hijack dll Source Code Generator. support x86/x64 
 4 | 
 5 | ## snapshot screen
 6 | ![Image text](screen1.png)
 7 | 
 8 | ## 不支持导出符号带有??的方法！
 9 | 
10 | ## NOTE
11 | 
12 | Pay attention to the generated file header prompt information
13 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Prerequisites
 2 | 
 3 | /Release/stdafx.obj
 4 | *.pdb
 5 | *.tlog
 6 | /.vs/AheadLib/v16/ipch
 7 | /Release/AheadLib.exe.recipe
 8 | /Release/AheadLib.iobj
 9 | /Release/AheadLib.ipdb
10 | /Release/AheadLib.log
11 | /Release/AheadLib.obj
12 | /Release/AheadLib.pch
13 | /Release/AheadLib.res
14 | /Release/AheadLib.vcxproj.FileListAbsolute.txt
15 | /Release/AheadLibDlg.obj
16 | /Release/AheadLib.Build.CppClean.log
17 | /.vs/AheadLib/v16
18 | 


--------------------------------------------------------------------------------
/AheadLib.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // AheadLib.h: PROJECT_NAME 应用程序的主头文件
 3 | //
 4 | 
 5 | #pragma once
 6 | 
 7 | #ifndef __AFXWIN_H__
 8 | 	#error "在包含此文件之前包含“stdafx.h”以生成 PCH 文件"
 9 | #endif
10 | 
11 | #include "resource.h"		// 主符号
12 | 
13 | 
14 | // CAheadLibApp:
15 | // 有关此类的实现，请参阅 AheadLib.cpp
16 | //
17 | 
18 | class CAheadLibApp : public CWinApp
19 | {
20 | public:
21 | 	CAheadLibApp();
22 | 
23 | // 重写
24 | public:
25 | 	virtual BOOL InitInstance();
26 | 
27 | // 实现
28 | 
29 | 	DECLARE_MESSAGE_MAP()
30 | };
31 | 
32 | extern CAheadLibApp theApp;
33 | 


--------------------------------------------------------------------------------
/AheadLib.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 15
 4 | VisualStudioVersion = 15.0.28307.168
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AheadLib", "AheadLib.vcxproj", "{71EEB995-B65C-4491-B273-5E6C81A92045}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Release|x86 = Release|x86
11 | 	EndGlobalSection
12 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
13 | 		{71EEB995-B65C-4491-B273-5E6C81A92045}.Release|x86.ActiveCfg = Release|Win32
14 | 		{71EEB995-B65C-4491-B273-5E6C81A92045}.Release|x86.Build.0 = Release|Win32
15 | 	EndGlobalSection
16 | 	GlobalSection(SolutionProperties) = preSolution
17 | 		HideSolutionNode = FALSE
18 | 	EndGlobalSection
19 | 	GlobalSection(ExtensibilityGlobals) = postSolution
20 | 		SolutionGuid = {D60A78CA-2204-4216-A9A0-FDB704093E1C}
21 | 	EndGlobalSection
22 | EndGlobal
23 | 


--------------------------------------------------------------------------------
/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ 生成的包含文件。
 3 | // 供 AheadLib.rc 使用
 4 | //
 5 | #define IDM_ABOUTBOX                    0x0010
 6 | #define IDD_ABOUTBOX                    100
 7 | #define IDS_ABOUTBOX                    101
 8 | #define IDD_AHEADLIB_DIALOG             102
 9 | #define IDR_MAINFRAME                   128
10 | #define IDC_EDIT_SHOW                   1000
11 | #define IDC_EDIT_INPUTFILE              1001
12 | #define IDC_EDIT_OUTPUTFILE             1002
13 | #define IDC_BUTTON_MAKEFILE             1003
14 | #define IDC_BUTTON_EXIT                 1004
15 | #define IDC_STATIC_NAMESTRING           1005
16 | #define IDC_STATIC_ARCH                 1006
17 | #define IDC_STATIC_TIMESTAMP            1007
18 | #define IDC_BUTTON_CHOSEFILE            1008
19 | #define IDC_BUTTON_SAVEFILE             1009
20 | 
21 | // Next default values for new objects
22 | // 
23 | #ifdef APSTUDIO_INVOKED
24 | #ifndef APSTUDIO_READONLY_SYMBOLS
25 | #define _APS_NEXT_RESOURCE_VALUE        130
26 | #define _APS_NEXT_COMMAND_VALUE         32771
27 | #define _APS_NEXT_CONTROL_VALUE         1009
28 | #define _APS_NEXT_SYMED_VALUE           101
29 | #endif
30 | #endif
31 | 


--------------------------------------------------------------------------------
/stdafx.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // stdafx.h : 标准系统包含文件的包含文件，
 3 | // 或是经常使用但不常更改的
 4 | // 特定于项目的包含文件
 5 | 
 6 | #pragma once
 7 | 
 8 | #ifndef VC_EXTRALEAN
 9 | #define VC_EXTRALEAN            // 从 Windows 头中排除极少使用的资料
10 | #endif
11 | 
12 | #include "targetver.h"
13 | 
14 | #define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS      // 某些 CString 构造函数将是显式的
15 | #define _AFX_NO_MFC_CONTROLS_IN_DIALOGS         // 移除对话框中的 MFC 控件支持
16 | 
17 | // 关闭 MFC 对某些常见但经常可放心忽略的警告消息的隐藏
18 | #define _AFX_ALL_WARNINGS
19 | 
20 | #include <afxwin.h>         // MFC 核心组件和标准组件
21 | #include <afxext.h>         // MFC 扩展
22 | 
23 | 
24 | #include <afxdisp.h>        // MFC 自动化类
25 | 
26 | 
27 | 
28 | #ifndef _AFX_NO_OLE_SUPPORT
29 | #include <afxdtctl.h>           // MFC 对 Internet Explorer 4 公共控件的支持
30 | #endif
31 | #ifndef _AFX_NO_AFXCMN_SUPPORT
32 | #include <afxcmn.h>             // MFC 对 Windows 公共控件的支持
33 | #endif // _AFX_NO_AFXCMN_SUPPORT
34 | 
35 | #include <afxcontrolbars.h>     // 功能区和控件条的 MFC 支持
36 | 
37 | #include <vector>
38 | #include <memory>
39 | 
40 | #include <ImageHlp.h>
41 | 
42 | #pragma comment(lib,"Dbghelp.lib")
43 | 
44 | 
45 | #ifdef _UNICODE
46 | #if defined _M_IX86
47 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
48 | #elif defined _M_X64
49 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
50 | #else
51 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
52 | #endif
53 | #endif
54 | 
55 | 
56 | 


--------------------------------------------------------------------------------
/AheadLibDlg.h:
--------------------------------------------------------------------------------
 1 | 
 2 | // AheadLibDlg.h: 头文件
 3 | //
 4 | 
 5 | #pragma once
 6 | 
 7 | typedef struct _EXPORT_FUNCTION
 8 | {
 9 | 	BOOL isOrd;
10 | 	DWORD Ordinal;
11 | 	DWORD FunctionRVA;
12 | 	DWORD NameOrdinal;
13 | 	DWORD NameRVA;
14 | 	CString Name;
15 | 
16 | 	IMAGE_SECTION_HEADER secInfo; //区段信息
17 | 
18 | 	BOOL isUnkown;
19 | 	BOOL isFunc; //是否是函数
20 | 	BOOL isTranFunc; //是否是中转导出表
21 | 	BOOL isData; //是否是数据
22 | 	ULONG isDataCount; //导出数据大小，每一个指针当一个计数 
23 | 	CString TranName; //中转导出表名称
24 | 
25 | }EXPORT_FUNCTION, *PEXPORT_FUNCTION;
26 | 
27 | // CAheadLibDlg 对话框
28 | class CAheadLibDlg : public CDialog
29 | {
30 | // 构造
31 | public:
32 | 	CAheadLibDlg(CWnd* pParent = nullptr);	// 标准构造函数
33 | 
34 | // 对话框数据
35 | #ifdef AFX_DESIGN_TIME
36 | 	enum { IDD = IDD_AHEADLIB_DIALOG };
37 | #endif
38 | 
39 | 	protected:
40 | 	virtual void DoDataExchange(CDataExchange* pDX);	// DDX/DDV 支持
41 | 
42 | 
43 | // 实现
44 | protected:
45 | 	HICON m_hIcon;
46 | 
47 | 	// 生成的消息映射函数
48 | 	virtual BOOL OnInitDialog();
49 | 	afx_msg void OnSysCommand(UINT nID, LPARAM lParam);
50 | 	afx_msg void OnPaint();
51 | 	afx_msg HCURSOR OnQueryDragIcon();
52 | 	DECLARE_MESSAGE_MAP()
53 | public:
54 | 	BOOL m_isx64;
55 | 	CString m_fileName;
56 | 	CString m_filePath;
57 |  	HMODULE m_fileBuffer;
58 | 	std::vector<IMAGE_SECTION_HEADER> m_sections;
59 | 	std::vector<EXPORT_FUNCTION> m_exportFunc;
60 | 
61 | 	CEdit m_show;
62 | 	CStatic m_NameString;
63 | 	CStatic m_Arch;
64 | 	CStatic m_Timestamp;
65 | 	CEdit m_InputFile;
66 | 	CEdit m_OutputFile;
67 | 
68 | 	void OnScanFile();
69 | 	void OnGenerateCode();
70 | 
71 | 	afx_msg void OnBnClickedButtonExit();
72 | 	afx_msg void OnBnClickedButtonMakefile();
73 | 	afx_msg void OnDropFiles(HDROP hDropInfo);
74 | 	afx_msg void OnBnClickedButtonChosefile();
75 | 	afx_msg void OnBnClickedButtonSavefile();
76 | };
77 | 


--------------------------------------------------------------------------------
/AheadLib.cpp:
--------------------------------------------------------------------------------
 1 | 
 2 | // AheadLib.cpp: 定义应用程序的类行为。
 3 | //
 4 | 
 5 | #include "stdafx.h"
 6 | #include "AheadLib.h"
 7 | #include "AheadLibDlg.h"
 8 | 
 9 | #ifdef _DEBUG
10 | #define new DEBUG_NEW
11 | #endif
12 | 
13 | 
14 | // CAheadLibApp
15 | 
16 | BEGIN_MESSAGE_MAP(CAheadLibApp, CWinApp)
17 | 	ON_COMMAND(ID_HELP, &CWinApp::OnHelp)
18 | END_MESSAGE_MAP()
19 | 
20 | 
21 | // CAheadLibApp 构造
22 | 
23 | CAheadLibApp::CAheadLibApp()
24 | {
25 | 	// 支持重新启动管理器
26 | 	m_dwRestartManagerSupportFlags = AFX_RESTART_MANAGER_SUPPORT_RESTART;
27 | 
28 | 	// TODO: 在此处添加构造代码，
29 | 	// 将所有重要的初始化放置在 InitInstance 中
30 | }
31 | 
32 | 
33 | // 唯一的 CAheadLibApp 对象
34 | 
35 | CAheadLibApp theApp;
36 | 
37 | 
38 | // CAheadLibApp 初始化
39 | 
40 | BOOL CAheadLibApp::InitInstance()
41 | {
42 | 	// 如果一个运行在 Windows XP 上的应用程序清单指定要
43 | 	// 使用 ComCtl32.dll 版本 6 或更高版本来启用可视化方式，
44 | 	//则需要 InitCommonControlsEx()。  否则，将无法创建窗口。
45 | 	INITCOMMONCONTROLSEX InitCtrls;
46 | 	InitCtrls.dwSize = sizeof(InitCtrls);
47 | 	// 将它设置为包括所有要在应用程序中使用的
48 | 	// 公共控件类。
49 | 	InitCtrls.dwICC = ICC_WIN95_CLASSES;
50 | 	InitCommonControlsEx(&InitCtrls);
51 | 
52 | 	CWinApp::InitInstance();
53 | 
54 | 
55 | 	AfxEnableControlContainer();
56 | 
57 | 
58 | 	// 标准初始化
59 | 	// 如果未使用这些功能并希望减小
60 | 	// 最终可执行文件的大小，则应移除下列
61 | 	// 不需要的特定初始化例程
62 | 	// 更改用于存储设置的注册表项
63 | 	// TODO: 应适当修改该字符串，
64 | 	// 例如修改为公司或组织名
65 | 	SetRegistryKey(_T("应用程序向导生成的本地应用程序"));
66 | 
67 | 	CAheadLibDlg dlg;
68 | 	m_pMainWnd = &dlg;
69 | 	INT_PTR nResponse = dlg.DoModal();
70 | 	if (nResponse == IDOK)
71 | 	{
72 | 		// TODO: 在此放置处理何时用
73 | 		//  “确定”来关闭对话框的代码
74 | 	}
75 | 	else if (nResponse == IDCANCEL)
76 | 	{
77 | 		// TODO: 在此放置处理何时用
78 | 		//  “取消”来关闭对话框的代码
79 | 	}
80 | 	else if (nResponse == -1)
81 | 	{
82 | 		TRACE(traceAppMsg, 0, "警告: 对话框创建失败，应用程序将意外终止。\n");
83 | 	}
84 | 
85 | 
86 | #if !defined(_AFXDLL) && !defined(_AFX_NO_MFC_CONTROLS_IN_DIALOGS)
87 | 	ControlBarCleanUp();
88 | #endif
89 | 
90 | 	// 由于对话框已关闭，所以将返回 FALSE 以便退出应用程序，
91 | 	//  而不是启动应用程序的消息泵。
92 | 	return FALSE;
93 | }
94 | 
95 | 


--------------------------------------------------------------------------------
/AheadLib.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="源文件">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="头文件">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="资源文件">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="AheadLib.h">
19 |       <Filter>头文件</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="AheadLibDlg.h">
22 |       <Filter>头文件</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="stdafx.h">
25 |       <Filter>头文件</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="targetver.h">
28 |       <Filter>头文件</Filter>
29 |     </ClInclude>
30 |     <ClInclude Include="Resource.h">
31 |       <Filter>头文件</Filter>
32 |     </ClInclude>
33 |     <ClInclude Include="AheadSource.h">
34 |       <Filter>头文件</Filter>
35 |     </ClInclude>
36 |   </ItemGroup>
37 |   <ItemGroup>
38 |     <ClCompile Include="AheadLib.cpp">
39 |       <Filter>源文件</Filter>
40 |     </ClCompile>
41 |     <ClCompile Include="AheadLibDlg.cpp">
42 |       <Filter>源文件</Filter>
43 |     </ClCompile>
44 |     <ClCompile Include="stdafx.cpp">
45 |       <Filter>源文件</Filter>
46 |     </ClCompile>
47 |   </ItemGroup>
48 |   <ItemGroup>
49 |     <ResourceCompile Include="AheadLib.rc">
50 |       <Filter>资源文件</Filter>
51 |     </ResourceCompile>
52 |   </ItemGroup>
53 |   <ItemGroup>
54 |     <None Include="res\AheadLib.rc2">
55 |       <Filter>资源文件</Filter>
56 |     </None>
57 |   </ItemGroup>
58 |   <ItemGroup>
59 |     <Image Include="res\AheadLib.ico">
60 |       <Filter>资源文件</Filter>
61 |     </Image>
62 |   </ItemGroup>
63 | </Project>


--------------------------------------------------------------------------------
/AheadSource.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | 
  3 | 
  4 | WCHAR *g_asmFileHeader = LR"(
  5 | ;
  6 | ; created by AheadLib
  7 | ; github:https://github.com/strivexjun/AheadLib-x86-x64
  8 | ;
  9 | ; 把 .asm 文件添加到工程一次
 10 | ; 右键单击文件-属性-常规-
 11 | ; 项类型:自定义生成工具
 12 | ; 从生成中排除:否
 13 | 
 14 | ; 然后复制下面命令填入
 15 | ; 命令行: ml64 /Fo $(IntDir)%(fileName).obj /c /Cp %(fileName).asm
 16 | ; 输出: $(IntDir)%(fileName).obj;%(Outputs)
 17 | ; 链接对象: 是
 18 | ;
 19 | 
 20 | 
 21 | )";
 22 | 
 23 | WCHAR *g_fileHeader = LR"(
 24 | //
 25 | // created by AheadLib
 26 | // github:https://github.com/strivexjun/AheadLib-x86-x64
 27 | //
 28 | 
 29 | #include <windows.h>
 30 | #include <Shlwapi.h>
 31 | 
 32 | #pragma comment( lib, "Shlwapi.lib")
 33 | 
 34 | )";
 35 | 
 36 | 
 37 | WCHAR *g_Free = LR"(
 38 | static
 39 | HMODULE g_OldModule = NULL;
 40 | 
 41 | VOID WINAPI Free()
 42 | {
 43 | 	if (g_OldModule)
 44 | 	{
 45 | 		FreeLibrary(g_OldModule);
 46 | 	}
 47 | }
 48 | 
 49 | )";
 50 | 
 51 | WCHAR *g_GetAddress = LR"(
 52 | FARPROC WINAPI GetAddress(PCSTR pszProcName)
 53 | {
 54 | 	FARPROC fpAddress;
 55 | 	CHAR szProcName[64];
 56 | 	TCHAR tzTemp[MAX_PATH];
 57 | 
 58 | 	fpAddress = GetProcAddress(g_OldModule, pszProcName);
 59 | 	if (fpAddress == NULL)
 60 | 	{
 61 | 		if (HIWORD(pszProcName) == 0)
 62 | 		{
 63 | 			wsprintfA(szProcName, "#%d", pszProcName);
 64 | 			pszProcName = szProcName;
 65 | 		}
 66 | 
 67 | 		wsprintf(tzTemp, TEXT("无法找到函数 %hs,程序无法正常运行"), pszProcName);
 68 | 		MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
 69 | 		ExitProcess(-2);
 70 | 	}
 71 | 	return fpAddress;
 72 | }
 73 | 
 74 | )";
 75 | 
 76 | WCHAR *g_Load = LR"(
 77 | BOOL WINAPI Load()
 78 | {
 79 | 	TCHAR tzPath[MAX_PATH];
 80 | 	TCHAR tzTemp[MAX_PATH * 2];
 81 | 
 82 | 	//
 83 | 	// 这里是否从系统目录或当前目录加载原始DLL
 84 | 	//
 85 | 	//GetModuleFileName(NULL,tzPath,MAX_PATH); //获取本目录下的
 86 | 	//PathRemoveFileSpec(tzPath);
 87 | 
 88 | 	GetSystemDirectory(tzPath, MAX_PATH); //默认获取系统目录的
 89 | 
 90 | 	lstrcat(tzPath, TEXT("\\AHEADLIB_XXXXXX.dll"));
 91 | 
 92 | 	g_OldModule = LoadLibrary(tzPath);
 93 | 	if (g_OldModule == NULL)
 94 | 	{
 95 | 		wsprintf(tzTemp, TEXT("无法找到模块 %s,程序无法正常运行"), tzPath);
 96 | 		MessageBox(NULL, tzTemp, TEXT("AheadLib"), MB_ICONSTOP);
 97 | 	}
 98 | 
 99 | 	return (g_OldModule != NULL);
100 | 
101 | }
102 | 
103 | )";
104 | 
105 | WCHAR *g_ThreadProc = LR"(
106 | DWORD WINAPI ThreadProc(LPVOID lpThreadParameter)
107 | {
108 | 	HANDLE hProcess;
109 | 
110 | 	PVOID addr1 = reinterpret_cast<PVOID>(0x00401000);
111 | 	BYTE data1[] = { 0x90, 0x90, 0x90, 0x90 };
112 | 
113 | 	//
114 | 	// 绕过VMP3.x 的内存保护
115 | 	//
116 | 	hProcess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, GetCurrentProcessId());
117 | 	if (hProcess)
118 | 	{
119 | 		WriteProcessMemory(hProcess, addr1, data1, sizeof(data1), NULL);
120 | 
121 | 		CloseHandle(hProcess);
122 | 	}
123 | 
124 | 	return 0;
125 | }
126 | 
127 | )";
128 | 
129 | WCHAR *g_Dllmain = LR"(
130 | BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
131 | {
132 | 	if (dwReason == DLL_PROCESS_ATTACH)
133 | 	{
134 | 		DisableThreadLibraryCalls(hModule);
135 | 
136 | 		if (Load() && Init())
137 | 		{
138 | 			TCHAR szAppName[MAX_PATH] = TEXT("MyApp.exe");//请修改宿主进程名
139 | 			TCHAR szCurName[MAX_PATH];
140 | 
141 | 			GetModuleFileName(NULL, szCurName, MAX_PATH);
142 | 			PathStripPath(szCurName);
143 | 
144 | 			//是否判断宿主进程名
145 | 			if (StrCmpI(szCurName, szAppName) == 0)
146 | 			{
147 | 				//启动补丁线程或者其他操作
148 | 				HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
149 | 				if (hThread)
150 | 				{
151 | 					CloseHandle(hThread);
152 | 				}
153 | 			}
154 | 		}
155 | 	}
156 | 	else if (dwReason == DLL_PROCESS_DETACH)
157 | 	{
158 | 		Free();
159 | 	}
160 | 
161 | 	return TRUE;
162 | }
163 | 
164 | )";
165 | 


--------------------------------------------------------------------------------
/AheadLib.vcxproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup Label="ProjectConfigurations">
 4 |     <ProjectConfiguration Include="Release|Win32">
 5 |       <Configuration>Release</Configuration>
 6 |       <Platform>Win32</Platform>
 7 |     </ProjectConfiguration>
 8 |   </ItemGroup>
 9 |   <PropertyGroup Label="Globals">
10 |     <VCProjectVersion>15.0</VCProjectVersion>
11 |     <ProjectGuid>{71EEB995-B65C-4491-B273-5E6C81A92045}</ProjectGuid>
12 |     <Keyword>MFCProj</Keyword>
13 |     <RootNamespace>AheadLib</RootNamespace>
14 |     <WindowsTargetPlatformVersion>10.0.18362.0</WindowsTargetPlatformVersion>
15 |   </PropertyGroup>
16 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
17 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
18 |     <ConfigurationType>Application</ConfigurationType>
19 |     <UseDebugLibraries>false</UseDebugLibraries>
20 |     <PlatformToolset>v142</PlatformToolset>
21 |     <WholeProgramOptimization>true</WholeProgramOptimization>
22 |     <CharacterSet>Unicode</CharacterSet>
23 |     <UseOfMfc>Static</UseOfMfc>
24 |   </PropertyGroup>
25 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
26 |   <ImportGroup Label="ExtensionSettings">
27 |   </ImportGroup>
28 |   <ImportGroup Label="Shared">
29 |   </ImportGroup>
30 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
31 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
32 |   </ImportGroup>
33 |   <PropertyGroup Label="UserMacros" />
34 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
35 |     <LinkIncremental>false</LinkIncremental>
36 |   </PropertyGroup>
37 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
38 |     <ClCompile>
39 |       <PrecompiledHeader>Use</PrecompiledHeader>
40 |       <WarningLevel>Level3</WarningLevel>
41 |       <Optimization>MaxSpeed</Optimization>
42 |       <FunctionLevelLinking>true</FunctionLevelLinking>
43 |       <IntrinsicFunctions>true</IntrinsicFunctions>
44 |       <PreprocessorDefinitions>WIN32;_WINDOWS;NDEBUG;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
45 |       <WholeProgramOptimization>true</WholeProgramOptimization>
46 |     </ClCompile>
47 |     <Link>
48 |       <SubSystem>Windows</SubSystem>
49 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
50 |       <OptimizeReferences>true</OptimizeReferences>
51 |     </Link>
52 |     <Midl>
53 |       <MkTypLibCompatible>false</MkTypLibCompatible>
54 |       <ValidateAllParameters>true</ValidateAllParameters>
55 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
56 |     </Midl>
57 |     <ResourceCompile>
58 |       <Culture>0x0804</Culture>
59 |       <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
60 |       <AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
61 |     </ResourceCompile>
62 |   </ItemDefinitionGroup>
63 |   <ItemGroup>
64 |     <ClInclude Include="AheadLib.h" />
65 |     <ClInclude Include="AheadLibDlg.h" />
66 |     <ClInclude Include="AheadSource.h" />
67 |     <ClInclude Include="Resource.h" />
68 |     <ClInclude Include="stdafx.h" />
69 |     <ClInclude Include="targetver.h" />
70 |   </ItemGroup>
71 |   <ItemGroup>
72 |     <ClCompile Include="AheadLib.cpp" />
73 |     <ClCompile Include="AheadLibDlg.cpp" />
74 |     <ClCompile Include="stdafx.cpp">
75 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
76 |     </ClCompile>
77 |   </ItemGroup>
78 |   <ItemGroup>
79 |     <ResourceCompile Include="AheadLib.rc" />
80 |   </ItemGroup>
81 |   <ItemGroup>
82 |     <None Include="res\AheadLib.rc2" />
83 |   </ItemGroup>
84 |   <ItemGroup>
85 |     <Image Include="res\AheadLib.ico" />
86 |   </ItemGroup>
87 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
88 |   <ImportGroup Label="ExtensionTargets">
89 |   </ImportGroup>
90 | </Project>


--------------------------------------------------------------------------------
/AheadLibDlg.cpp:
--------------------------------------------------------------------------------
   1 | 
   2 | // AheadLibDlg.cpp: 实现文件
   3 | //
   4 | 
   5 | #include "stdafx.h"
   6 | #include "AheadLib.h"
   7 | #include "AheadLibDlg.h"
   8 | #include "afxdialogex.h"
   9 | 
  10 | #include "AheadSource.h"
  11 | 
  12 | #define AHEADLIB_VERSION _T("AheadLib x86/x64  Ver:1.2")
  13 | 
  14 | #ifdef _DEBUG
  15 | #define new DEBUG_NEW
  16 | #endif
  17 | 
  18 | // 用于应用程序“关于”菜单项的 CAboutDlg 对话框
  19 | 
  20 | class CAboutDlg : public CDialog
  21 | {
  22 | public:
  23 | 	CAboutDlg();
  24 | 
  25 | 	// 对话框数据
  26 | #ifdef AFX_DESIGN_TIME
  27 | 	enum { IDD = IDD_ABOUTBOX };
  28 | #endif
  29 | 
  30 | protected:
  31 | 	virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV 支持
  32 | 
  33 | // 实现
  34 | protected:
  35 | 	DECLARE_MESSAGE_MAP()
  36 | };
  37 | 
  38 | CAboutDlg::CAboutDlg() : CDialog(IDD_ABOUTBOX)
  39 | {
  40 | }
  41 | 
  42 | void CAboutDlg::DoDataExchange(CDataExchange* pDX)
  43 | {
  44 | 	CDialog::DoDataExchange(pDX);
  45 | }
  46 | 
  47 | BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
  48 | END_MESSAGE_MAP()
  49 | 
  50 | 
  51 | // CAheadLibDlg 对话框
  52 | 
  53 | 
  54 | CAheadLibDlg::CAheadLibDlg(CWnd* pParent /*=nullptr*/)
  55 | 	: CDialog(IDD_AHEADLIB_DIALOG, pParent)
  56 | {
  57 | 	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
  58 | }
  59 | 
  60 | void CAheadLibDlg::DoDataExchange(CDataExchange* pDX)
  61 | {
  62 | 	CDialog::DoDataExchange(pDX);
  63 | 	DDX_Control(pDX, IDC_EDIT_SHOW, m_show);
  64 | 	DDX_Control(pDX, IDC_STATIC_NAMESTRING, m_NameString);
  65 | 	DDX_Control(pDX, IDC_STATIC_ARCH, m_Arch);
  66 | 	DDX_Control(pDX, IDC_STATIC_TIMESTAMP, m_Timestamp);
  67 | 	DDX_Control(pDX, IDC_EDIT_INPUTFILE, m_InputFile);
  68 | 	DDX_Control(pDX, IDC_EDIT_OUTPUTFILE, m_OutputFile);
  69 | }
  70 | 
  71 | BEGIN_MESSAGE_MAP(CAheadLibDlg, CDialog)
  72 | 	ON_WM_SYSCOMMAND()
  73 | 	ON_WM_PAINT()
  74 | 	ON_WM_QUERYDRAGICON()
  75 | 	ON_BN_CLICKED(IDC_BUTTON_EXIT, &CAheadLibDlg::OnBnClickedButtonExit)
  76 | 	ON_BN_CLICKED(IDC_BUTTON_MAKEFILE, &CAheadLibDlg::OnBnClickedButtonMakefile)
  77 | 	ON_WM_DROPFILES()
  78 | 	ON_BN_CLICKED(IDC_BUTTON_CHOSEFILE, &CAheadLibDlg::OnBnClickedButtonChosefile)
  79 | 	ON_BN_CLICKED(IDC_BUTTON_SAVEFILE, &CAheadLibDlg::OnBnClickedButtonSavefile)
  80 | END_MESSAGE_MAP()
  81 | 
  82 | 
  83 | 
  84 | /*
  85 |  *	禁止目录重定向
  86 |  */
  87 | BOOL safeWow64DisableDirectory(PVOID &arg)
  88 | {
  89 | 	typedef BOOL WINAPI fntype_Wow64DisableWow64FsRedirection(PVOID *OldValue);
  90 | 	auto pfnWow64DisableWow64FsRedirection = (fntype_Wow64DisableWow64FsRedirection*)\
  91 | 		GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");
  92 | 
  93 | 	if (pfnWow64DisableWow64FsRedirection) {
  94 | 
  95 | 		(*pfnWow64DisableWow64FsRedirection)(&arg);
  96 | 		return TRUE;
  97 | 	}
  98 | 	else {
  99 | 		return FALSE;
 100 | 	}
 101 | }
 102 | 
 103 | /*
 104 |  *	恢复目录重定向
 105 |  */
 106 | BOOL safeWow64ReverDirectory(PVOID &arg)
 107 | {
 108 | 	typedef BOOL WINAPI fntype_Wow64RevertWow64FsRedirection(PVOID *OldValue);
 109 | 	auto pfnWow64RevertWow64FsRedirection = (fntype_Wow64RevertWow64FsRedirection*) \
 110 | 		GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64RevertWow64FsRedirection");
 111 | 
 112 | 	if (pfnWow64RevertWow64FsRedirection) {
 113 | 
 114 | 		(*pfnWow64RevertWow64FsRedirection)(&arg);
 115 | 		return TRUE;
 116 | 	}
 117 | 	else {
 118 | 		return FALSE;
 119 | 	}
 120 | }
 121 | 
 122 | /*
 123 |  *	安全取得系统真实信息
 124 |  */
 125 | VOID SafeGetNativeSystemInfo(__out LPSYSTEM_INFO lpSystemInfo)
 126 | {
 127 | 	if (NULL == lpSystemInfo)    return;
 128 | 	typedef VOID(WINAPI *LPFN_GetNativeSystemInfo)(LPSYSTEM_INFO lpSystemInfo);
 129 | 	LPFN_GetNativeSystemInfo fnGetNativeSystemInfo = \
 130 | 		(LPFN_GetNativeSystemInfo)GetProcAddress(GetModuleHandleA("kernel32"), "GetNativeSystemInfo");
 131 | 
 132 | 	if (NULL != fnGetNativeSystemInfo)
 133 | 	{
 134 | 		fnGetNativeSystemInfo(lpSystemInfo);
 135 | 	}
 136 | 	else
 137 | 	{
 138 | 		GetSystemInfo(lpSystemInfo);
 139 | 	}
 140 | }
 141 | 
 142 | /**
 143 |  * 获取系统位数
 144 |  */
 145 | BOOL IsArch64()
 146 | {
 147 | 	SYSTEM_INFO si;
 148 |  	SafeGetNativeSystemInfo(&si);
 149 | 	if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 ||
 150 | 		si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64)
 151 | 	{
 152 | 		return TRUE;
 153 | 	}
 154 | 
 155 | 	return FALSE;
 156 | }
 157 | 
 158 | // CAheadLibDlg 消息处理程序
 159 | 
 160 | BOOL CAheadLibDlg::OnInitDialog()
 161 | {
 162 | 	CDialog::OnInitDialog();
 163 | 
 164 | 	// 将“关于...”菜单项添加到系统菜单中。
 165 | 
 166 | 	// IDM_ABOUTBOX 必须在系统命令范围内。
 167 | 	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
 168 | 	ASSERT(IDM_ABOUTBOX < 0xF000);
 169 | 
 170 | 	CMenu* pSysMenu = GetSystemMenu(FALSE);
 171 | 	if (pSysMenu != nullptr)
 172 | 	{
 173 | 		BOOL bNameValid;
 174 | 		CString strAboutMenu;
 175 | 		bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
 176 | 		ASSERT(bNameValid);
 177 | 		if (!strAboutMenu.IsEmpty())
 178 | 		{
 179 | 			pSysMenu->AppendMenu(MF_SEPARATOR);
 180 | 			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
 181 | 		}
 182 | 	}
 183 | 
 184 | 	// 设置此对话框的图标。  当应用程序主窗口不是对话框时，框架将自动
 185 | 	//  执行此操作
 186 | 	SetIcon(m_hIcon, TRUE);			// 设置大图标
 187 | 	SetIcon(m_hIcon, FALSE);		// 设置小图标
 188 | 
 189 | 	// TODO: 在此添加额外的初始化代码
 190 | 
 191 | 	PVOID redir;
 192 | 
 193 | 	SetWindowText(AHEADLIB_VERSION);
 194 | 
 195 | 	if (IsArch64())
 196 | 	{
 197 | 		safeWow64DisableDirectory(redir);
 198 | 	}
 199 | 
 200 | 	return TRUE;  // 除非将焦点设置到控件，否则返回 TRUE
 201 | }
 202 | 
 203 | void CAheadLibDlg::OnSysCommand(UINT nID, LPARAM lParam)
 204 | {
 205 | 	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
 206 | 	{
 207 | 		CAboutDlg dlgAbout;
 208 | 		dlgAbout.DoModal();
 209 | 	}
 210 | 	else
 211 | 	{
 212 | 		CDialog::OnSysCommand(nID, lParam);
 213 | 	}
 214 | }
 215 | 
 216 | // 如果向对话框添加最小化按钮，则需要下面的代码
 217 | //  来绘制该图标。  对于使用文档/视图模型的 MFC 应用程序，
 218 | //  这将由框架自动完成。
 219 | 
 220 | void CAheadLibDlg::OnPaint()
 221 | {
 222 | 	if (IsIconic())
 223 | 	{
 224 | 		CPaintDC dc(this); // 用于绘制的设备上下文
 225 | 
 226 | 		SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);
 227 | 
 228 | 		// 使图标在工作区矩形中居中
 229 | 		int cxIcon = GetSystemMetrics(SM_CXICON);
 230 | 		int cyIcon = GetSystemMetrics(SM_CYICON);
 231 | 		CRect rect;
 232 | 		GetClientRect(&rect);
 233 | 		int x = (rect.Width() - cxIcon + 1) / 2;
 234 | 		int y = (rect.Height() - cyIcon + 1) / 2;
 235 | 
 236 | 		// 绘制图标
 237 | 		dc.DrawIcon(x, y, m_hIcon);
 238 | 	}
 239 | 	else
 240 | 	{
 241 | 		CDialog::OnPaint();
 242 | 	}
 243 | }
 244 | 
 245 | //当用户拖动最小化窗口时系统调用此函数取得光标
 246 | //显示。
 247 | HCURSOR CAheadLibDlg::OnQueryDragIcon()
 248 | {
 249 | 	return static_cast<HCURSOR>(m_hIcon);
 250 | }
 251 | 
 252 | void CAheadLibDlg::OnBnClickedButtonMakefile()
 253 | {
 254 | 	//
 255 | 	//开始生成文件
 256 | 	//
 257 | 
 258 | 	CString str;
 259 | 	CString source;
 260 | 	CString source_asm;
 261 | 
 262 | 	//文件头
 263 | 	source += g_fileHeader;
 264 | 
 265 | 	//编译器linker头
 266 | 	for (auto exFunc : m_exportFunc)
 267 | 	{
 268 | 
 269 | 		if (exFunc.isTranFunc) //中转函数
 270 | 		{
 271 | 			str.Format(_T("#pragma comment(linker, \"/EXPORT:%s=%s,@%d\")\r\n"),
 272 | 				exFunc.Name.GetString(), exFunc.TranName.GetString(), exFunc.Ordinal);
 273 | 		}
 274 | 		else if (exFunc.isOrd) //序号导出
 275 | 		{
 276 | 			if (m_isx64)
 277 | 			{
 278 | 				str.Format(_T("#pragma comment(linker, \"/EXPORT:Noname%d=AheadLib_Unnamed%d,@%d,NONAME\")\r\n"),
 279 | 					exFunc.Ordinal, exFunc.Ordinal, exFunc.Ordinal);
 280 | 			}
 281 | 			else
 282 | 			{
 283 | 				str.Format(_T("#pragma comment(linker, \"/EXPORT:Noname%d=_AheadLib_Unnamed%d,@%d,NONAME\")\r\n"),
 284 | 					exFunc.Ordinal, exFunc.Ordinal, exFunc.Ordinal);
 285 | 			}
 286 | 
 287 | 		}
 288 | 		else //名称导出
 289 | 		{
 290 | 			if (m_isx64)
 291 | 			{
 292 | 				str.Format(_T("#pragma comment(linker, \"/EXPORT:%s=AheadLib_%s,@%d\")\r\n"),
 293 | 					exFunc.Name.GetString(), exFunc.Name.GetString(), exFunc.Ordinal);
 294 | 			}
 295 | 			else
 296 | 			{
 297 | 				str.Format(_T("#pragma comment(linker, \"/EXPORT:%s=_AheadLib_%s,@%d\")\r\n"),
 298 | 					exFunc.Name.GetString(), exFunc.Name.GetString(), exFunc.Ordinal);
 299 | 			}
 300 | 
 301 | 		}
 302 | 
 303 | 		source += str;
 304 | 	}
 305 | 
 306 | 	source += _T("\r\n");
 307 | 
 308 | 	//全局变量定义
 309 | 	for (auto exFunc : m_exportFunc)
 310 | 	{
 311 | 		//
 312 | 		//第一次先生成 data变量
 313 | 		//
 314 | 		if (exFunc.isTranFunc)
 315 | 		{
 316 | 			continue;
 317 | 		}
 318 | 
 319 | 		if (exFunc.isData)
 320 | 		{
 321 | 			if (exFunc.isOrd)
 322 | 			{
 323 | 				str.Format(_T("EXTERN_C PVOID AheadLib_Unnamed%d[%d] = { 0 };\r\n"),
 324 | 					exFunc.Ordinal, exFunc.isDataCount);
 325 | 			}
 326 | 			else
 327 | 			{
 328 | 				str.Format(_T("EXTERN_C PVOID AheadLib_%s[%d] = { 0 };\r\n"),
 329 | 					exFunc.Name.GetString(), exFunc.isDataCount);
 330 | 			}
 331 | 
 332 | 			source += str;
 333 | 		}
 334 | 
 335 | 	}
 336 | 
 337 | 	source += _T("\r\n");
 338 | 
 339 | 
 340 | 	if (m_isx64) {
 341 | 		source += _T("extern \"C\" \n{\r\n");
 342 | 	}
 343 | 
 344 | 	for (auto exFunc : m_exportFunc)
 345 | 	{
 346 | 		//
 347 | 		//生成函数指针全局变量
 348 | 		//
 349 | 		if (exFunc.isTranFunc)
 350 | 		{
 351 | 			continue;
 352 | 		}
 353 | 
 354 | 		if (exFunc.isOrd)
 355 | 		{
 356 | 			str.Format(_T("PVOID pfnAheadLib_Unnamed%d;\r\n"),
 357 | 				exFunc.Ordinal);
 358 | 		}
 359 | 		else
 360 | 		{
 361 | 			str.Format(_T("PVOID pfnAheadLib_%s;\r\n"),
 362 | 				exFunc.Name.GetString());
 363 | 		}
 364 | 
 365 | 		source += str;
 366 | 
 367 | 	}
 368 | 
 369 | 	if (m_isx64) {
 370 | 		source += _T("}\r\n");
 371 | 	}
 372 | 
 373 | 	source += _T("\r\n");
 374 | 
 375 | 	//
 376 | 	//其他代码
 377 | 	//
 378 | 	CString g_init;
 379 | 
 380 | 	source += g_Free;
 381 | 
 382 | 	str = g_Load;
 383 | 	str.Replace(_T("AHEADLIB_XXXXXX.dll"), m_fileName.GetString());
 384 | 	source += str;
 385 | 
 386 | 	source += g_GetAddress;
 387 | 	
 388 | 	//生成Init函数代码
 389 | 	g_init = _T("BOOL WINAPI Init()\r\n{\r\n");
 390 | 
 391 | 	for (auto exFunc : m_exportFunc)
 392 | 	{
 393 | 		if (exFunc.isTranFunc)
 394 | 		{
 395 | 			continue;
 396 | 		}
 397 | 
 398 | 		if (exFunc.isOrd)
 399 | 		{
 400 | 			str.Format(_T("\tpfnAheadLib_Unnamed%d = GetAddress(MAKEINTRESOURCEA(%d));\r\n"),
 401 | 				exFunc.Ordinal, exFunc.Ordinal);
 402 | 		}
 403 | 		else
 404 | 		{
 405 | 			str.Format(_T("\tpfnAheadLib_%s = GetAddress(\"%s\");\r\n"),
 406 | 				exFunc.Name.GetString(), exFunc.Name.GetString());
 407 | 		}
 408 | 
 409 | 		g_init += str;
 410 | 
 411 | 		if (exFunc.isData)
 412 | 		{
 413 | 			if (exFunc.isOrd)
 414 | 			{
 415 | 				str.Format(_T("\tmemcpy(AheadLib_Unnamed%d,pfnAheadLib_Unnamed%d,sizeof(PVOID) * %d);\r\n"),
 416 | 					exFunc.Ordinal, exFunc.Ordinal, exFunc.isDataCount);
 417 | 			}
 418 | 			else
 419 | 			{
 420 | 				str.Format(_T("\tmemcpy(AheadLib_%s,pfnAheadLib_%s,sizeof(PVOID) * %d);\r\n"),
 421 | 					exFunc.Name.GetString(), exFunc.Name.GetString(), exFunc.isDataCount);
 422 | 			}
 423 | 			
 424 | 			g_init += str;
 425 | 		}
 426 | 
 427 | 	}
 428 | 
 429 | 	g_init += _T("\treturn TRUE;\r\n");
 430 | 	g_init += _T("}\t\n");
 431 | 
 432 | 	source += g_init;
 433 | 	source += g_ThreadProc;
 434 | 	source += g_Dllmain;
 435 | 
 436 | 	//
 437 | 	//生成汇编跳转代码
 438 | 	//
 439 | 	if (m_isx64)
 440 | 	{
 441 | 		source_asm += g_asmFileHeader;
 442 | 
 443 | 		source_asm += _T(".DATA\r\n");
 444 | 
 445 | 		for (auto exFunc : m_exportFunc)
 446 | 		{
 447 | 			if (exFunc.isTranFunc)
 448 | 			{
 449 | 				continue;
 450 | 			}
 451 | 			if (exFunc.isData)
 452 | 			{
 453 | 				continue;
 454 | 			}
 455 | 
 456 | 			if (exFunc.isOrd)
 457 | 			{
 458 | 				str.Format(_T("EXTERN pfnAheadLib_Unnamed%d:dq;\r\n"),
 459 | 					exFunc.Ordinal);
 460 | 			}
 461 | 			else
 462 | 			{
 463 | 				str.Format(_T("EXTERN pfnAheadLib_%s:dq;\r\n"),
 464 | 					exFunc.Name.GetString());
 465 | 			}
 466 | 
 467 | 			source_asm += str;
 468 | 		}
 469 | 
 470 | 		source_asm += _T("\r\n.CODE\r\n");
 471 | 
 472 | 		for (auto exFunc : m_exportFunc)
 473 | 		{
 474 | 			if (exFunc.isTranFunc)
 475 | 			{
 476 | 				continue;
 477 | 			}
 478 | 			if (exFunc.isData)
 479 | 			{
 480 | 				continue;
 481 | 			}
 482 | 
 483 | 			if (exFunc.isOrd)
 484 | 			{
 485 | 				str.Format(_T(
 486 | 					"AheadLib_Unnamed%d PROC\r\n"
 487 | 					"\tjmp pfnAheadLib_Unnamed%d\r\n"
 488 | 					"AheadLib_Unnamed%d ENDP\r\n\r\n"),
 489 | 					exFunc.Ordinal, exFunc.Ordinal, exFunc.Ordinal);
 490 | 			}
 491 | 			else
 492 | 			{
 493 | 				str.Format(_T(
 494 | 					"AheadLib_%s PROC\r\n"
 495 | 					"\tjmp pfnAheadLib_%s\r\n"
 496 | 					"AheadLib_%s ENDP\r\n\r\n"),
 497 | 					exFunc.Name.GetString(), exFunc.Name.GetString(), exFunc.Name.GetString());
 498 | 			}
 499 | 
 500 | 			source_asm += str;
 501 | 		}
 502 | 
 503 | 		source_asm += _T("\r\nEND\r\n");
 504 | 
 505 | 	}
 506 | 	else
 507 | 	{
 508 | 		for (auto exFunc : m_exportFunc)
 509 | 		{
 510 | 			if (exFunc.isTranFunc)
 511 | 			{
 512 | 				continue;
 513 | 			}
 514 | 			if (exFunc.isData)
 515 | 			{
 516 | 				continue;
 517 | 			}
 518 | 
 519 | 			if (exFunc.isOrd)
 520 | 			{
 521 | 				str.Format(_T("EXTERN_C __declspec(naked) void __cdecl AheadLib_Unnamed%d(void)\r\n"
 522 | 					"{\r\n"
 523 | 					"\t__asm jmp pfnAheadLib_Unnamed%d;\r\n"
 524 | 					"}\r\n"),
 525 | 					exFunc.Ordinal, exFunc.Ordinal);
 526 | 			}
 527 | 			else
 528 | 			{
 529 | 				str.Format(_T("EXTERN_C __declspec(naked) void __cdecl AheadLib_%s(void)\r\n"
 530 | 					"{\r\n"
 531 | 					"\t__asm jmp pfnAheadLib_%s;\r\n"
 532 | 					"}\r\n"),
 533 | 					exFunc.Name.GetString(), exFunc.Name.GetString());
 534 | 			}
 535 | 
 536 | 			source += str;
 537 | 			source += _T("\r\n");
 538 | 
 539 | 		}
 540 | 	}
 541 | 
 542 | 
 543 | 	CString outputPath;
 544 | 	CFile fileOut;
 545 | 	CStringA ansiSource;
 546 | 
 547 | 	m_OutputFile.GetWindowText(outputPath);
 548 | 
 549 | 	if (fileOut.Open(outputPath, CFile::modeCreate | CFile::modeWrite))
 550 | 	{
 551 | 		ansiSource = CW2CW(source.GetString());
 552 | 		fileOut.Write(ansiSource.GetString(), ansiSource.GetLength());
 553 | 		fileOut.Close();
 554 | 
 555 | 		AfxMessageBox(_T("Generate code success!"), MB_ICONINFORMATION);
 556 | 	}
 557 | 
 558 | 	if (m_isx64)
 559 | 	{
 560 | 		CFile fileOutAsm;
 561 | 		CString outputPathAsm;
 562 | 		CStringA ansiSourceAsm;
 563 | 
 564 | 		_tcscpy(outputPathAsm.GetBuffer(outputPath.GetLength() + 16), outputPath.GetString());
 565 | 		PathRenameExtension(outputPathAsm.GetBuffer(), _T("_jump.asm"));
 566 | 		outputPathAsm.ReleaseBuffer();
 567 | 
 568 | 		if (fileOutAsm.Open(outputPathAsm, CFile::modeCreate | CFile::modeWrite))
 569 | 		{
 570 | 			ansiSourceAsm = CW2CW(source_asm.GetString());
 571 | 			fileOutAsm.Write(ansiSourceAsm.GetString(), ansiSourceAsm.GetLength());
 572 | 			fileOutAsm.Close();
 573 | 		}
 574 | 	}
 575 | }
 576 | 
 577 | 
 578 | void CAheadLibDlg::OnScanFile()
 579 | {
 580 | 	CString str;
 581 | 
 582 | 	m_fileBuffer = LoadLibraryEx(m_filePath, NULL, LOAD_LIBRARY_AS_IMAGE_RESOURCE);
 583 | 
 584 | 	m_fileName = m_filePath;
 585 | 	PathStripPath(m_fileName.GetBuffer());
 586 | 	m_fileName.ReleaseBuffer();
 587 | 
 588 | 	if (m_fileBuffer == NULL)
 589 | 	{
 590 | 		str.Format(_T("Mapping file error! code=%d"), GetLastError());
 591 | 		AfxMessageBox(str, MB_ICONERROR);
 592 | 		return;
 593 | 	}
 594 | 
 595 | 	PIMAGE_DOS_HEADER dosHead;
 596 | 	PIMAGE_NT_HEADERS ntHead;
 597 | 	PIMAGE_NT_HEADERS64 ntHead64;
 598 | 	PIMAGE_SECTION_HEADER secHead;
 599 | 	m_isx64 = FALSE;
 600 | 	BOOL correct = FALSE;
 601 | 
 602 | 	CString nameString;
 603 | 	CString fileArch;
 604 | 	CString timestamp;
 605 | 	LPCSTR nameStringPtr;
 606 | 	CString expEdit;
 607 | 
 608 | 	for (int i = 0; i <= 2; i++)
 609 | 	{
 610 | 		dosHead = (PIMAGE_DOS_HEADER)((ULONG_PTR)m_fileBuffer - i);
 611 | 		if (dosHead->e_magic == IMAGE_DOS_SIGNATURE)
 612 | 		{
 613 | 			correct = TRUE;
 614 | 			break;
 615 | 		}
 616 | 	}
 617 | 
 618 | 	if (!correct)
 619 | 	{
 620 | 		AfxMessageBox(_T("Invalid PE File!"), MB_ICONERROR);
 621 | 		goto _exit;
 622 | 	}
 623 | 
 624 | 	if (dosHead->e_magic != IMAGE_DOS_SIGNATURE)
 625 | 	{
 626 | 		AfxMessageBox(_T("Invalid DOS Header!"), MB_ICONERROR);
 627 | 		goto _exit;
 628 | 	}
 629 | 
 630 | 	ntHead = ImageNtHeader(dosHead);
 631 | 	if (ntHead->Signature != IMAGE_NT_SIGNATURE)
 632 | 	{
 633 | 		AfxMessageBox(_T("Invalid NT Header!"), MB_ICONERROR);
 634 | 		goto _exit;
 635 | 	}
 636 | 
 637 | 	if (ntHead->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 ||
 638 | 		ntHead->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64)
 639 | 	{
 640 | 		m_isx64 = TRUE;
 641 | 		ntHead64 = (PIMAGE_NT_HEADERS64)ntHead;
 642 | 	}
 643 | 
 644 | 	if (!(ntHead->FileHeader.Characteristics & IMAGE_FILE_DLL))
 645 | 	{
 646 | 		AfxMessageBox(_T("The target is not a dynamic link library!"), MB_ICONERROR);
 647 | 		goto _exit;
 648 | 	}
 649 | 
 650 | 	if (m_isx64)
 651 | 	{
 652 | 		if (ntHead64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0 ||
 653 | 			ntHead64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
 654 | 		{
 655 | 			AfxMessageBox(_T("Export table does not exist!"), MB_ICONERROR);
 656 | 			goto _exit;
 657 | 		}
 658 | 	}
 659 | 	else
 660 | 	{
 661 | 		if (ntHead->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0 ||
 662 | 			ntHead->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
 663 | 		{
 664 | 			AfxMessageBox(_T("Export table does not exist!"), MB_ICONERROR);
 665 | 			goto _exit;
 666 | 		}
 667 | 	}
 668 | 
 669 | 	if (m_isx64)
 670 | 	{
 671 | 		secHead = IMAGE_FIRST_SECTION(ntHead64);
 672 | 	}
 673 | 	else
 674 | 	{
 675 | 		secHead = IMAGE_FIRST_SECTION(ntHead);
 676 | 	}
 677 | 
 678 | 	//
 679 | 	// 获取文件节区表信息
 680 | 	//
 681 | 
 682 | 	m_sections.clear();
 683 | 
 684 | 	if (m_isx64)
 685 | 	{
 686 | 		for (WORD i = 0; i < ntHead64->FileHeader.NumberOfSections; i++)
 687 | 		{
 688 | 			m_sections.push_back(*secHead);
 689 | 			secHead++;
 690 | 		}
 691 | 	}
 692 | 	else
 693 | 	{
 694 | 		for (WORD i = 0; i < ntHead->FileHeader.NumberOfSections; i++)
 695 | 		{
 696 | 			m_sections.push_back(*secHead);
 697 | 			secHead++;
 698 | 		}
 699 | 	}
 700 | 
 701 | 	//
 702 | 	//获取导出表信息
 703 | 	//
 704 | 
 705 | 	PIMAGE_EXPORT_DIRECTORY exports;
 706 | 	if (m_isx64)
 707 | 	{
 708 | 		exports = (PIMAGE_EXPORT_DIRECTORY)\
 709 | 			((ULONG)dosHead + ntHead64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
 710 | 	}
 711 | 	else
 712 | 	{
 713 | 		exports = (PIMAGE_EXPORT_DIRECTORY)\
 714 | 			((ULONG)dosHead + ntHead->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
 715 | 	}
 716 | 
 717 | 	nameStringPtr = (LPCSTR)((ULONG_PTR)dosHead + exports->Name);
 718 | 	if (IsBadReadPtr(nameStringPtr, sizeof(PUCHAR)) == 0)
 719 | 	{
 720 | 		nameString = (WCHAR*)CA2W(nameStringPtr);
 721 | 	}
 722 | 	else
 723 | 	{
 724 | 		nameString = _T("ERROR!");
 725 | 	}
 726 | 
 727 | 	m_exportFunc.clear();
 728 | 
 729 | 	DWORD *pFunc = (DWORD*)(exports->AddressOfFunctions + (ULONG_PTR)dosHead);
 730 | 	DWORD *nameRVA = (DWORD*)(exports->AddressOfNames + (ULONG_PTR)dosHead);
 731 | 	int name = 0;
 732 | 
 733 | 	EXPORT_FUNCTION  *exFunc = new EXPORT_FUNCTION;
 734 | 
 735 |  	for (DWORD Index = 0; Index < exports->NumberOfFunctions ; Index++)
 736 | 	{
 737 | 		//
 738 | 		//默认以序号导出
 739 | 		//
 740 | 
 741 | 		exFunc->isOrd = TRUE;
 742 | 		exFunc->Ordinal = exports->Base + Index;
 743 | 		exFunc->FunctionRVA = pFunc[Index];
 744 | 		exFunc->NameOrdinal = 0;
 745 | 		exFunc->NameRVA = 0;
 746 | 		exFunc->Name = _T("N/A");
 747 | 		ZeroMemory(&exFunc->secInfo, sizeof(IMAGE_SECTION_HEADER));
 748 | 		exFunc->isUnkown = FALSE;
 749 | 		exFunc->isFunc = FALSE;
 750 | 		exFunc->isTranFunc = FALSE;
 751 | 		exFunc->isData = FALSE;
 752 | 		exFunc->isDataCount = 0;
 753 | 
 754 | 		//
 755 | 		//过滤无效的RVA
 756 | 		//
 757 | 
 758 | 		if (exFunc->FunctionRVA == 0)
 759 | 		{
 760 | 			continue;
 761 | 		}
 762 | 
 763 | 		WORD *ordName = (WORD*)(exports->AddressOfNameOrdinals + (ULONG_PTR)dosHead);
 764 | 		for (DWORD i = 0; i < exports->NumberOfNames; i++)
 765 | 		{
 766 | 			//
 767 | 			//查找是否是以名称导出
 768 | 			//
 769 | 			if (LOWORD(Index) == *ordName)
 770 | 			{
 771 | 				exFunc->isOrd = FALSE;
 772 | 				exFunc->NameOrdinal = *ordName;
 773 | 				exFunc->NameRVA = nameRVA[i];
 774 | 				exFunc->Name = (WCHAR*)CA2W((LPCSTR)((ULONG_PTR)dosHead + exFunc->NameRVA));
 775 | 				name++;
 776 | 
 777 | 				break;
 778 | 			}
 779 | 			ordName++;
 780 | 		}
 781 | 
 782 | 		//
 783 | 		//查找所在区段,定位导出表函数是否是 函数 或 数据 或 中转导出表
 784 | 		//
 785 | 
 786 | 		exFunc->isUnkown = TRUE;
 787 | 		strcpy((char*)exFunc->secInfo.Name, "ERROR!");
 788 | 		for (auto sec : m_sections)
 789 | 		{
 790 | 			if (exFunc->FunctionRVA >= sec.VirtualAddress &&
 791 | 				exFunc->FunctionRVA <= (sec.VirtualAddress + sec.Misc.VirtualSize))
 792 | 			{
 793 | 				memcpy(&exFunc->secInfo, &sec, sizeof(IMAGE_SECTION_HEADER));
 794 | 
 795 | // 				if ((sec.Characteristics & IMAGE_SCN_MEM_EXECUTE) &&
 796 | // 					!(sec.Characteristics & IMAGE_SCN_MEM_WRITE))
 797 | // 				{
 798 | 				if (sec.Characteristics & IMAGE_SCN_MEM_EXECUTE)
 799 | 				{
 800 | 					//
 801 | 					//可运行不可写 代码区段
 802 | 					//
 803 | 					exFunc->isFunc = TRUE;
 804 | 					exFunc->isUnkown = FALSE;
 805 | 					break;
 806 | 				}
 807 | 				if ((sec.Characteristics & IMAGE_SCN_MEM_READ) &&
 808 | 					!(sec.Characteristics & IMAGE_SCN_MEM_WRITE))
 809 | 				{
 810 | 					//
 811 | 					//可读不可写 .rdata 区段,一般都是中转导出表
 812 | 					//
 813 | 					
 814 | 					char *nameTran = (char*)((ULONG_PTR)dosHead + exFunc->FunctionRVA);
 815 | 					if (IsBadReadPtr(nameTran,sizeof(void*)) == 0)
 816 | 					{
 817 | 						if (strstr(nameTran, ".") != NULL)
 818 | 						{
 819 | 							exFunc->isTranFunc = TRUE;
 820 | 							exFunc->isUnkown = FALSE;
 821 | 							exFunc->TranName = (WCHAR*)CA2W((LPCSTR)nameTran);
 822 | 						}
 823 | 						else
 824 | 						{
 825 | 							//
 826 | 							//无法识别的函数，不知道怎么处理，只有退出
 827 | 							//
 828 | 							str.Format(_T(
 829 | 								"Unknown .rdata section data! continue?\r\n"
 830 | 								"ord:%d\r\n"
 831 | 								"func_rva:%08X\r\n"
 832 | 								"name:%s"),
 833 | 								exFunc->Ordinal, exFunc->FunctionRVA, exFunc->Name.GetString());
 834 | 
 835 | 							AfxMessageBox(str, MB_ICONERROR);
 836 | 							ExitProcess(-1);
 837 | 							
 838 | 						}
 839 | 					}
 840 | 					else
 841 | 					{
 842 | 						str.Format(_T(
 843 | 							"Try to read .rdata section data exception! continue?\r\n"
 844 | 							"ord:%d\r\n"
 845 | 							"func_rva:%08X\r\n"
 846 | 							"name:%s"),
 847 | 							exFunc->Ordinal, exFunc->FunctionRVA, exFunc->Name.GetString());
 848 | 
 849 | 						AfxMessageBox(str, MB_ICONERROR );
 850 | 						ExitProcess(-1);
 851 | 						
 852 | 					}
 853 | 
 854 | 					break;
 855 | 				}
 856 | 				if ((sec.Characteristics & IMAGE_SCN_MEM_READ) &&
 857 | 					(sec.Characteristics & IMAGE_SCN_MEM_WRITE) &&
 858 | 					!(sec.Characteristics & IMAGE_SCN_MEM_EXECUTE))
 859 | 				{
 860 | 					//
 861 | 					//可读可写不可运行，数据区段
 862 | 					//
 863 | 					exFunc->isData = TRUE;
 864 | 					exFunc->isUnkown = FALSE;
 865 | 
 866 | 					//
 867 | 					//探测数据区段的大小
 868 | 					//
 869 | 
 870 | 					if (m_isx64)
 871 | 					{
 872 | 						uint64_t *probePtr = (uint64_t*)((ULONG_PTR)dosHead + exFunc->FunctionRVA);
 873 | 						if (IsBadReadPtr(probePtr,sizeof(void*)) == 0)
 874 | 						{
 875 | 							while (TRUE)
 876 | 							{
 877 | 								if (*probePtr != NULL)
 878 | 								{
 879 | 									exFunc->isDataCount++;
 880 | 									probePtr++;
 881 | 								}
 882 | 								else
 883 | 								{
 884 | 									break;
 885 | 								}
 886 | 							}
 887 | 						}
 888 | 						else
 889 | 						{
 890 | 							str.Format(_T(
 891 | 								"Try to read .data section data exception!\r\n"
 892 | 								"ord:%d\r\n"
 893 | 								"func_rva:%08X\r\n"
 894 | 								"name:%s"),
 895 | 								exFunc->Ordinal, exFunc->FunctionRVA, exFunc->Name.GetString());
 896 | 
 897 | 							AfxMessageBox(str, MB_ICONERROR);
 898 | 							ExitProcess(-1);
 899 | 						}
 900 | 					}
 901 | 					else
 902 | 					{
 903 | 						uint32_t *probePtr = (uint32_t*)((ULONG_PTR)dosHead + exFunc->FunctionRVA);
 904 | 						if (IsBadReadPtr(probePtr, sizeof(void*)) == 0)
 905 | 						{
 906 | 							while (TRUE)
 907 | 							{
 908 | 								if (*probePtr != NULL)
 909 | 								{
 910 | 									exFunc->isDataCount++;
 911 | 									probePtr++;
 912 | 								}
 913 | 								else
 914 | 								{
 915 | 									break;
 916 | 								}
 917 | 							}
 918 | 						}
 919 | 						else
 920 | 						{
 921 | 							str.Format(_T(
 922 | 								"Try to read .data section data exception!\r\n"
 923 | 								"ord:%d\r\n"
 924 | 								"func_rva:%08X\r\n"
 925 | 								"name:%s"),
 926 | 								exFunc->Ordinal, exFunc->FunctionRVA, exFunc->Name.GetString());
 927 | 
 928 | 							AfxMessageBox(str, MB_ICONERROR);
 929 | 							ExitProcess(-1);
 930 | 						}
 931 | 					}
 932 | 
 933 | 					//
 934 | 					//如果这个导出数据全为空的话，默认给他导出一个指针大小
 935 | 					//
 936 | 					if (exFunc->isDataCount == 0)
 937 | 					{
 938 | 						exFunc->isDataCount++;
 939 | 					}
 940 | 
 941 | 					break;
 942 | 				}
 943 | 
 944 | 				AfxMessageBox(_T("Unrecognized export function!"));
 945 | 				ExitProcess(-1);
 946 | 
 947 | 				break;
 948 | 			}
 949 | 		}
 950 | 
 951 | 		m_exportFunc.push_back(*exFunc);
 952 | 	}
 953 | 
 954 | 	delete exFunc;
 955 | 
 956 | 
 957 | 
 958 | 	//
 959 | 	//显示文件信息
 960 | 	//
 961 | 	switch (ntHead->FileHeader.Machine)
 962 | 	{
 963 | 	case IMAGE_FILE_MACHINE_I386:
 964 | 		fileArch = _T("IMAGE_FILE_MACHINE_I386");
 965 | 		break;
 966 | 	case IMAGE_FILE_MACHINE_AMD64:
 967 | 		fileArch = _T("IMAGE_FILE_MACHINE_AMD64");
 968 | 		break;
 969 | 	case IMAGE_FILE_MACHINE_IA64:
 970 | 		fileArch = _T("IMAGE_FILE_MACHINE_IA64");
 971 | 		break;
 972 | 	default:
 973 | 		fileArch.Format(_T("Machine->%d"), ntHead->FileHeader.Machine);
 974 | 		break;
 975 | 	}
 976 | 
 977 | 	struct tm* t = localtime((const time_t*)&ntHead->FileHeader.TimeDateStamp);
 978 | 	if (t != NULL)
 979 | 	{
 980 | 		timestamp = _tasctime(t);
 981 | 	}
 982 | 
 983 | 	m_NameString.SetWindowText(nameString);
 984 | 	m_Arch.SetWindowText(fileArch);
 985 | 	m_Timestamp.SetWindowText(timestamp);
 986 | 
 987 | 	m_InputFile.SetWindowText(m_filePath);
 988 | 	str = m_filePath;
 989 | 	PathRenameExtension((LPWSTR)str.GetString(), _T(".cpp"));
 990 | 	m_OutputFile.SetWindowText(str);
 991 | 
 992 | 	for (auto element : m_exportFunc)
 993 | 	{
 994 | 		if (element.isFunc)
 995 | 		{
 996 | 			str.Format(_T("%04X   %08X   %s | %hs\r\n"),
 997 | 				element.Ordinal, element.FunctionRVA, element.Name.GetString(), element.secInfo.Name);
 998 | 		}
 999 | 		else if (element.isTranFunc)
1000 | 		{
1001 | 			str.Format(_T("%04X   %08X   %s | %hs | %s\r\n"),
1002 | 				element.Ordinal, element.FunctionRVA, element.Name.GetString(), element.secInfo.Name, element.TranName.GetString());
1003 | 		}
1004 | 		else if (element.isData)
1005 | 		{
1006 | 			str.Format(_T("%04X   %08X   %s | %hs | DATA<%d>\r\n"),
1007 | 				element.Ordinal, element.FunctionRVA, element.Name.GetString(), element.secInfo.Name, element.isDataCount);
1008 | 		}
1009 | 		else if(element.isUnkown)
1010 | 		{
1011 | 			str.Format(_T("%04X   %08X   %s | %hs | ???\r\n"),
1012 | 				element.Ordinal, element.FunctionRVA, element.Name.GetString(), element.secInfo.Name);
1013 | 		}
1014 | 		else
1015 | 		{
1016 | 			//
1017 | 			//理论不会走到这里来
1018 | 			//
1019 | 			AfxMessageBox(_T("GG!"));
1020 | 			ExitProcess(-2);
1021 | 		}
1022 | 
1023 | 		expEdit += str;
1024 | 	}
1025 | 
1026 | 	m_show.SetWindowText(expEdit);
1027 | 
1028 | _exit:
1029 | 	
1030 | 	FreeLibrary(m_fileBuffer);
1031 | }
1032 | 
1033 | 
1034 | void CAheadLibDlg::OnGenerateCode()
1035 | {
1036 | 
1037 | }
1038 | 
1039 | void CAheadLibDlg::OnBnClickedButtonExit()
1040 | {
1041 | 	CAheadLibDlg::OnOK();
1042 | }
1043 | 
1044 | 
1045 | void CAheadLibDlg::OnDropFiles(HDROP hDropInfo)
1046 | {
1047 | 	TCHAR szFilePath[MAX_PATH];
1048 | 
1049 | 	DragQueryFile(hDropInfo, 0, szFilePath, sizeof(szFilePath));
1050 | 	DragFinish(hDropInfo);
1051 | 
1052 | 	m_filePath = szFilePath;
1053 | 
1054 | 	OnScanFile();
1055 | 
1056 | 	CDialog::OnDropFiles(hDropInfo);
1057 | }
1058 | 
1059 | 
1060 | void CAheadLibDlg::OnBnClickedButtonChosefile()
1061 | {
1062 | 	TCHAR szFilter[] = _T("Dynamic Link Library(*.dll)|*.dll|All Files(*.*)|*.*||");
1063 | 	CFileDialog fileDlg(TRUE, _T("dll"), NULL, 0, szFilter, this);
1064 | 	CString strFilePath;
1065 | 
1066 | 	if (IDOK == fileDlg.DoModal())
1067 | 	{
1068 | 		strFilePath = fileDlg.GetPathName();
1069 | 		m_InputFile.SetWindowText(strFilePath);
1070 | 
1071 | 		m_filePath = strFilePath;
1072 | 		OnScanFile();
1073 | 	}
1074 | }
1075 | 
1076 | 
1077 | void CAheadLibDlg::OnBnClickedButtonSavefile()
1078 | {
1079 | 	TCHAR szFilter[] = _T("C++ Source(*.cpp)|*.cpp|All Files(*.*)|*.*||");
1080 | 	CFileDialog fileDlg(FALSE, _T("cpp"), _T("mydll"), OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT, szFilter, this);
1081 | 	CString strFilePath;
1082 | 
1083 | 	if (IDOK == fileDlg.DoModal())
1084 | 	{
1085 | 		strFilePath = fileDlg.GetPathName();
1086 | 		m_OutputFile.SetWindowText(strFilePath);
1087 | 	}
1088 | 
1089 | }
1090 | 


--------------------------------------------------------------------------------