drip53

b4nd1t
  2023-08-03 15:58:40 2023-08-03 15:58 创建   2023-08-03 16:59 2023-08-03 16 更新  

滴水逆向作业53

要求

打印导入表信息

代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
long n;
unsigned int elfanew;
unsigned int sizeofimage;
unsigned int sizeofheads;
unsigned short numberofsections;
unsigned short sizeofoptionalheader;
int startsectiontable;
void* readpe()
{
	FILE* fp = fopen("fg.exe","rb"); 
	void* p;
	if(fp == NULL)
	{
		printf("failed");
		exit(0);
	}
	fseek(fp,0,2); 
	n = ftell(fp);
	p = malloc(n);
	if(p == NULL)
	{
		printf("failed");
		exit(0);
	}
	fseek(fp,0,0);
	fread(p,1,n,fp);
	fclose(fp);
	return p;
}
int rva2foa(char* p,int rva)
{
	int i;
	if(rva<=sizeofheads)
	{
		return rva;
	}
	for(i=0;i<numberofsections;i++)
	{
		int va = *(int*)(p + startsectiontable + i*0x28 + 0xc);
		int sord = *(int*)(p + startsectiontable + i*0x28 + 0x10);
		int ptrd = *(int*)(p + startsectiontable + i*0x28 + 0x14);
		if(rva>=va && rva<=va+sord)
		{
			return ptrd + (rva - va);
		}
	}
	printf("error");
	exit(1);
}
int main()
{
	char* p;
	int importrva;
	int importfoa;
	p = (char*)readpe();
	elfanew = *(unsigned int*)(p + 0x3c);
	sizeofheads = *(unsigned int*)(p + elfanew + 4 + 0x14 + 0x3c);
	numberofsections = *(unsigned short*)(p + elfanew + 4 + 2);
	sizeofoptionalheader = *(unsigned short*)(p + elfanew + 4 + 0x10);
	startsectiontable = elfanew + 4 + 0x14 + sizeofoptionalheader;
	importrva = *(int*)(p + elfanew + 4 + 0x14 + 0x60 + 1*0x8);
	importfoa = rva2foa(p,importrva);
	printf("importrva: 0x%x\n",importrva);
	printf("importfoa: 0x%x\n",importfoa);
	printf("\n");
	while(*(int*)(p + importfoa))
	{
		int namerva = *(int*)(p + importfoa + 0xc);
		int namefoa = rva2foa(p,namerva);
		int INTfoa = rva2foa(p,*(int*)(p + importfoa));
		int IATfoa = rva2foa(p,*(int*)(p + importfoa + 0x10));
		int i;
		printf("------------------------------------\n");
		printf("%s\n",p + namefoa);
		printf("INTRVA: 0x%x\n",*(int*)(p + importfoa));
		printf("IATRVA: 0x%x\n",*(int*)(p + importfoa + 0x10));
		while(*(int*)(p + INTfoa))
		{
			int rvaitem = *(int*)(p + INTfoa);
			if(rvaitem & 0x80000000)
			{
				printf("按序号寻址  ");
				printf("%d\n",rvaitem&0x7fffffff);
			}
			else
			{
				printf("按名字寻址  ");
				printf("%s\n",p + rvaitem + 2);
			}
			INTfoa += 0x4;
		}
		printf("IAT:\n");
		while(*(int*)(p + IATfoa))
		{
			printf("0x%x\n",*(unsigned int*)(p + IATfoa));
			IATfoa += 4;
		}
		importfoa += 0x14;
	}
	return 0;
}
此页目录
drip53
  1. 滴水逆向作业53
    1. 要求
    2. 代码