drip49

滴水逆向作业49

作业

代码

#include<stdio.h>
#include<stdlib.h>
#include<string.h>
long n;
unsigned int elfanew;
unsigned int sizeofimage;
unsigned int sizeofheads;
unsigned short numberofsections;
unsigned short sizeofoptionalheader;
int startsectiontable;

void* dllread()
{
	FILE* fp = fopen("mydll.dll","rb");
	void* p;
	if(fp == NULL)
	{
		printf("failed");
		exit(0);
	}
	fseek(fp,0,2); 
	n = ftell(fp);
	p = malloc(n);
	if(p == NULL)
	{
		printf("failed");
		exit(0);
	}
	fseek(fp,0,0);
	fread(p,1,n,fp);
	fclose(fp);
	return p;
}
int rva2foa(char* p,int rva)
{
	int i;
	if(rva<=sizeofheads)
	{
		return rva;
	}
	for(i=0;i<numberofsections;i++)
	{
		int va = *(int*)(p + startsectiontable + i*0x28 + 0xc);
		int sord = *(int*)(p + startsectiontable + i*0x28 + 0x10);
		int ptrd = *(int*)(p + startsectiontable + i*0x28 + 0x14);
		if(rva>=va && rva<=va+sord)
		{
			return ptrd + (rva - va);
		}
	}
	printf("error");
	exit(1);
}
void showinfo(char* p)
{
	int exportrva;
	int exportfoa;
	exportrva = *(int*)(p + elfanew + 4 + 0x14 + 0x60 + 0*0x8);
	exportfoa = rva2foa(p,exportrva);
	printf("---------------------\n");
	printf("infomations:\n");
	printf("Characteristic: 0x%x\n",*(int*)(p + exportfoa));
	printf("TimeDateStamp: 0x%x\n",*(int*)(p + exportfoa + 0x4));
	printf("MajorVersion: 0x%x\n",*(short*)(p + exportfoa + 0x8));
	printf("MinorVersion: 0x%x\n",*(short*)(p + exportfoa + 0xa));
	printf("Name: 0x%x\n",*(int*)(p + exportfoa + 0xc));
	printf("Base: 0x%x\n",*(int*)(p + exportfoa + 0x10));
	printf("NumberOfFunctions: 0x%x\n",*(int*)(p + exportfoa + 0x14));
	printf("NumberOfNames: 0x%x\n",*(int*)(p + exportfoa + 0x18));
	printf("AddressOfFunctions: 0x%x\n",*(int*)(p + exportfoa + 0x1c));
	printf("AddressOfNames: 0x%x\n",*(int*)(p + exportfoa + 0x20));
	printf("AddressOfNameOrdinals: 0x%x\n",*(int*)(p + exportfoa + 0x24));
}
int GetFunctionAddrByName(char* p,char* str)
{
	int exportrva;
	int exportfoa;
	int AddressOfFunctions;
	int AddressOfNameOrdinals;
	int AddressOfNames;
	int af;
	int ano;
	int an;
	int Base;
	int NumberOfNames;
	int i;
	exportrva = *(int*)(p + elfanew + 4 + 0x14 + 0x60 + 0*0x8);
	exportfoa = rva2foa(p,exportrva);
	AddressOfFunctions = *(int*)(p + exportfoa + 0x1c);
	AddressOfNameOrdinals = *(int*)(p + exportfoa + 0x24);
	AddressOfNames = *(int*)(p + exportfoa + 0x20);
	Base = *(int*)(p + exportfoa + 0x10);
	NumberOfNames = *(int*)(p + exportfoa + 0x18);
	af = rva2foa(p,AddressOfFunctions);
	ano = rva2foa(p,AddressOfNameOrdinals);
	an = rva2foa(p,AddressOfNames);
	for(i=0;i<NumberOfNames;i++)
	{
		int namefoa;
		int namerva = *(int*)(p + an + i*4);
		namefoa = rva2foa(p,namerva);
		if(strcmp(p+namefoa,str) == 0)
		{
			break;
		}
	}
	if(i == NumberOfNames)
	{
		printf("There is no such function");
		exit(1);
	}
	int ordinals = *(short*)(p + ano + i*2);
	int result = *(int*)(p + af + ordinals*4);
	return result;
}
int GetFunctionAddrByOrdinals(char* p,int ordinal)
{
	int exportrva;
	int exportfoa;
	int AddressOfFunctions;
	int af;
	int Base;
	exportrva = *(int*)(p + elfanew + 4 + 0x14 + 0x60 + 0*0x8);
	exportfoa = rva2foa(p,exportrva);
	AddressOfFunctions = *(int*)(p + exportfoa + 0x1c);
	Base = *(int*)(p + exportfoa + 0x10);
	af = rva2foa(p,AddressOfFunctions);
	int result = *(int*)(p + af + ((ordinal - Base)*4));
	return result;
}
int main()
{
	char* p;
	p = (char*)dllread();
	elfanew = *(unsigned int*)(p + 0x3c);
	sizeofheads = *(unsigned int*)(p + elfanew + 4 + 0x14 + 0x3c);
	numberofsections = *(unsigned short*)(p + elfanew + 4 + 2);
	sizeofoptionalheader = *(unsigned short*)(p + elfanew + 4 + 0x10);
	startsectiontable = elfanew + 4 + 0x14 + sizeofoptionalheader;
	showinfo(p);
	int showrva = GetFunctionAddrByName(p,"show");
	printf("the rva of show is 0x%x\n",showrva);
	int HelloWorldrva = GetFunctionAddrByOrdinals(p,1);
	printf("the rva of HelloWorld is 0x%x\n",HelloWorldrva);
	return 0;
}