-
Notifications
You must be signed in to change notification settings - Fork 13
/
strings_dump.c
93 lines (87 loc) · 3.54 KB
/
strings_dump.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/*
*
* Copyright (C) 2014-2015 Motaz Reda <[email protected]>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to motaz reda
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "strings_dump.h"
#include "pe_analyzer.h"
void DumpStrings(unsigned char *buffer, char opt, unsigned char *sectionname)
{
IMAGE_DOS_HEADER *dos;
IMAGE_NT_HEADERS *ntheader;
int n, section_size = 0;
int data_dir;
char *data_dir_desc;
unsigned char *section = (unsigned char *)malloc(8);
int import_count = 0; //for count imports
printf("\t########Begin Analyzing########\n");
// Dos Header
dos = (IMAGE_DOS_HEADER *)buffer;
// End Dos Header
// begin Pe Header
unsigned char *PE_HEADER = (unsigned char *)malloc(sizeof(buffer[dos->e_lfanew])); //allocate
PE_HEADER = &buffer[dos->e_lfanew];
ntheader = (IMAGE_NT_HEADERS *)PE_HEADER;
// printf("\t#####Section Header#####\n");
int g=0;
int counter = 0;
int result_section;
int realoffset[ntheader->file_header.NumberOfSections];
for(n=1;n<=ntheader->file_header.NumberOfSections;n++) {
IMAGE_SECTION_HEADER *secheader = (IMAGE_SECTION_HEADER *)(PE_HEADER + sizeof(IMAGE_NT_HEADERS) + section_size);
section_size += sizeof(IMAGE_SECTION_HEADER);
sprintf(section, "%c%c%c%c%c%c%c%c", secheader->Name[0], secheader->Name[1], secheader->Name[2], secheader->Name[3], secheader->Name[4], secheader->Name[5], secheader->Name[6], secheader->Name[7]);
if(strcmp(sectionname, section) == 0) {
printf("\tSection Name: %c%c%c%c%c%c%c%c\n", secheader->Name[0], secheader->Name[1], secheader->Name[2], secheader->Name[3], secheader->Name[4], secheader->Name[5], secheader->Name[6], secheader->Name[7]);
printf("\tVirtualSize: %04x\n", secheader->VirtualSize);
printf("\tVirtualAddress: %04x\n", secheader->VirtualAddress);
printf("\tSizeOfRawData: %04x\n", secheader->SizeOfRawData);
printf("\tRaw Data: %04x\n", secheader->PointerToRawData);
printf("\tPointerToRelocations: %04x\n", secheader->PointerToRelocations);
printf("\tPointerToLinenumbers: %04x\n", secheader->PointerToLinenumbers);
printf("\tNumberOfRelocations: %02x\n", secheader->NumberOfRelocations);
printf("\tNumberOfLinenumbers: %02x\n", secheader->NumberOfLinenumbers);
printf("\tCharacteristics: %04x\n", secheader->Characteristics);
printf("\t-------------------------\n");
printf("\tPrinting String Dump For This Section\n");
g=0;
counter = 0;
for(g = secheader->PointerToRawData ; g < (secheader->PointerToRawData + secheader->SizeOfRawData) ; g++) {
if(counter == 64) {
printf("\n");
printf("\t");
counter = 0;
}
if(isprint(buffer[g]))
printf("%c", buffer[g]);
else if(buffer[g] == '\n')
printf("\n");
else
printf(".");
counter++;
}
printf("\n");
realoffset[n] = secheader->VirtualAddress - secheader->PointerToRawData;
} else if(strcmp(sectionname, section) != 0 && n < ntheader->file_header.NumberOfSections) {
continue;
}
}
}