글
20140822 (다른 프로그램 실행 분석 프로그램 작성)
125일차
------------------------------
실행 파일 분석 프로그램 작성
------------------------------
소스
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <windows.h>
#define MAX_PROGRAM_SIZE 0x10000
typedef struct _context
{
unsigned int EFL;
unsigned int EIP;
unsigned int EDI;
unsigned int ESI;
unsigned int EBP;
unsigned int ESP;
unsigned int EBX;
unsigned int EDX;
unsigned int ECX;
unsigned int EAX;
}Context;
static unsigned char * Mem; // 동적 메모리 시작 주소
static unsigned char * Mem_End; // 동적 메모리 끝 주소
static unsigned char * code; // 프로그램 저장공간의 시작 위치 - Code
int File_DS; // 저수준 파일의 데스크립터
extern void STST(Context *); // Reg 상태 저장
extern void LDST(Context *);
extern void MM(void *, unsigned char);// Memory 수정
extern unsigned char MD(void *); // Memory 보기
void load();
void HexaView(void *);
void Print_Register(Context *);
void Memory_Clear();
int main()
{
Context status;
unsigned int uiNum;
Mem = malloc(MAX_PROGRAM_SIZE*2);
if(0 == Mem)
{
printf("동적 할당을 받을 수 없습니다.\n");
printf("프로그램을 종료합니다.\n");
return 0;
}
else
{
code = (unsigned char *)(((unsigned int)Mem + MAX_PROGRAM_SIZE) & 0xFFFF0000);
Mem_End = Mem + MAX_PROGRAM_SIZE*2 - 1;
printf("Dynamic Memory area\t: 0x%08X to 0x%08X (128KBytes)\n", Mem, Mem_End);
}
printf("Code Start Address\t: 0x%08X\n", code);
STST(&status);
Print_Register(&status);
load();
HexaView(code);
printf("1: 프로그램 재시작, 2 : 프로그램 종료\n");
printf("선택하세요 : ");
scanf("%d", &uiNum);
if(uiNum == 1)
{
LDST(&status);
}
free(Mem);
return 0;
}
void load()
{
int Read_Num;
int Header_Size;
unsigned int uiSection_Size;
IMAGE_DOS_HEADER * stpDH;
IMAGE_NT_HEADERS * stpPH;
IMAGE_FILE_HEADER * stpFH;
IMAGE_OPTIONAL_HEADER32 * stpOH;
File_DS = open("t1.exe", O_RDONLY);
if(File_DS < 0)
{
printf("파일 열기 실패.\n");
return;
}
Read_Num = read(File_DS, Mem, MAX_PROGRAM_SIZE*2);
if(0 >= Read_Num)
{
printf("파일 읽기 실패(1).\n");
close(File_DS);
return;
}
stpDH = (IMAGE_DOS_HEADER *)Mem;
stpPH = (IMAGE_NT_HEADERS *)(Mem + stpDH->e_lfanew-1);
stpFH = (IMAGE_FILE_HEADER *)( ((char *)(stpPH)) + 4 );
stpOH = (IMAGE_OPTIONAL_HEADER32 *)( ((char *)(stpFH)) + sizeof(IMAGE_FILE_HEADER));
Header_Size = stpOH->SizeOfHeaders; // Header size
uiSection_Size = stpOH->FileAlignment; // Section size
Memory_Clear(); // Memory clear
lseek(File_DS, Header_Size, SEEK_SET); // 파일 포인터 위치 이동
Read_Num = read(File_DS, code, uiSection_Size);
if(0 >= Read_Num)
{
printf("파일 읽기 실패(2).\n");
close(File_DS);
return;
}
close(File_DS);
}
void HexaView(void * vpData)
{
int iCnt;
int iCnt2;
printf("===============================================================================\n");
printf("= ADDRESS HEXA ASCII =\n");
printf("=-----------------------------------------------------------------------------=\n");
for(iCnt2=0; 20>iCnt2; ++iCnt2)
{
//--- Address Part Start
printf("= %08X ", vpData );
//--- Address Part End
//--- Hexa View Part Start
for(iCnt=0; 16>iCnt; ++iCnt)
{
if(7 == iCnt)
{
printf("%02X ", (*((unsigned char *)vpData)) );
}
else
{
printf("%02X ", (*((unsigned char *)vpData)) );
}
++((unsigned char *)vpData);
}
//--- Hexa View Part End
//--- ASCII Part Start
((unsigned char *)vpData) = ((unsigned char *)vpData) - iCnt;
for(iCnt=0; 16>iCnt; ++iCnt)
{
if(0x20 <= (*((unsigned char *)vpData)) && 0x80 > (*((unsigned char *)vpData)))
{
printf("%c", (*((unsigned char *)vpData)));
}
else
{
printf(".");
}
++((unsigned char *)vpData);
}
printf(" =\n");
//--- ASCII Part End
}
printf("===============================================================================\n");
return ;
}
void Print_Register(Context * status)
{
printf("EAX : %08X \n", status->EAX);
printf("ECX : %08X \n", status->ECX);
printf("EDX : %08X \n", status->EDX);
printf("EBX : %08X \n", status->EBX);
printf("ESP : %08X \n", status->ESP);
printf("EBP : %08X \n", status->EBP);
printf("ESI : %08X \n", status->ESI);
printf("EDI : %08X \n", status->EDI);
printf("EIP : %08X \n", status->EIP);
printf("EFL : %08X \n\n", status->EFL);
}
void Memory_Clear()
{
unsigned char * ucData;
ucData = Mem;
while(1)
{
MM(ucData, 0x00);
++ucData;
if(ucData > Mem_End)
{
break;
}
}
}
외부 함수 Asm 코드
.386
.MODEL FLAT
.STACK 4096
PUBLIC _LDST
PUBLIC _STST
PUBLIC _MM
PUBLIC _MD
.CODE
_LDST PROC NEAR32 ; LoaD STatus Procedure Start
push ebp ; Entry Code
mov ebp, esp ; Entry Code
add esp, 12 ; load EFL
popfd
pop eax ; load EIP
mov [esp-16], eax
popad ; load Reg
mov esp, ebp ; Exit Code
pop ebp ; Exit Code
ret ; Exit Code
_LDST EndP ; LoaD STatus Procedure End
_STST PROC NEAR32
push ebp ; Entry Code
mov ebp, esp ; Entry Code
pushfd ; save temp EFL
add esp, 56
pushad ; save Reg
mov eax, [ebp+4] ; save EIP
push eax
mov eax, [ebp-4] ; save EFL
push eax
mov esp, ebp ; Exit Code
pop ebp ; Exit Code
ret ; Exit Code
_STST ENDP
_MM PROC NEAR32 ; Memory Modify
push ebp ; Entry Code
mov ebp, esp ; Entry Code
mov al, [ebp+12]
mov esp, [ebp+8]
mov [esp], al
mov esp, ebp ; Exit Code
pop ebp ; Exit Code
ret ; Exit Code
_MM EndP ; Memory Modify
_MD PROC NEAR32 ; Memory Display
push ebp ; Entry Code
mov ebp, esp ; Entry Code
mov esp, [ebp+8]
mov al, [esp]
mov esp, ebp ; Exit Code
pop ebp ; Exit Code
ret ; Exit Code
_MD EndP ; Memory Display
END
'부산IT학원 > 스마트컨트롤러' 카테고리의 다른 글
| 20140826 (작성 중인 프로그램) (0) | 2014.08.26 |
|---|---|
| 20140825 (다른 프로그램 실행 분석 프로그램 작성) (0) | 2014.08.25 |
| 20140820 (PE 구조) (0) | 2014.08.20 |
| 20140818 (Assembly CDECL, STDCALL, PE구조) (0) | 2014.08.18 |
| 20140805 (Assembly 함수 return 값, 인수) (0) | 2014.08.05 |
