kick
31.03.2017, 22:24
Код:
//
UINT32 CalcCheckSum(BYTE* _data, UINT32 _data_size, UINT32 _data_checkSumOffset)
{
UINT32 _checksum = 0, _i, _i_max;
_i_max = (_data_checkSumOffset / sizeof(UINT16));
for(_i = 0; _i > (sizeof(UINT16) * CHAR_BIT)) + ((UINT16)_checksum));
_checksum = (_checksum + (_checksum >> (sizeof(UINT16) * CHAR_BIT)));
_checksum = (_data_size + ((UINT16)_checksum));
return _checksum;
};
//
VOID Msg(const WCHAR* format = L"", ...)
{
WCHAR pBuff[2048];
va_list va;
va_start(va, format);
vswprintf_s(pBuff, 2048, format, va);
MessageBoxW(0, pBuff, L"", MB_OK);
va_end(va);
};
//
FILE* pFile = _wfopen(L"DllFile.dll", L"rb");
if(pFile)
{
fseek(pFile, 0, SEEK_END);
UINT32 _file_size = (UINT32)ftell(pFile);
fseek(pFile, 0, SEEK_SET);
string _file_buff;
_file_buff.resize(_file_size);
if(fread((LPVOID)_file_buff.c_str(), _file_size, 1, pFile) == 1)
{
fclose(pFile); pFile = NULL;
//
ULONG_PTR _file = (ULONG_PTR)_file_buff.c_str(), _file_size = (ULONG_PTR)_file_buff.size();
if(((PIMAGE_DOS_HEADER)_file)->e_magic == IMAGE_DOS_SIGNATURE)
{
PIMAGE_NT_HEADERS _pinth = (PIMAGE_NT_HEADERS)(_file + ((PIMAGE_DOS_HEADER)_file)->e_lfanew);
switch(_pinth->OptionalHeader.Magic)
{
case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
{
PIMAGE_NT_HEADERS32 pinth = (PIMAGE_NT_HEADERS32)_pinth;
Msg(L"in_file: 0x%08X, calculated: 0x%08X (X86)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));
break;
}
case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
{
PIMAGE_NT_HEADERS64 pinth = (PIMAGE_NT_HEADERS64)_pinth;
Msg(L"in_file: 0x%08X, calculated: 0x%08X (X64)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));
break;
}
}
//
}
//
}
else
{
fclose(pFile); pFile = NULL;
}
}
//
//
UINT32 CalcCheckSum(BYTE* _data, UINT32 _data_size, UINT32 _data_checkSumOffset)
{
UINT32 _checksum = 0, _i, _i_max;
_i_max = (_data_checkSumOffset / sizeof(UINT16));
for(_i = 0; _i > (sizeof(UINT16) * CHAR_BIT)) + ((UINT16)_checksum));
_checksum = (_checksum + (_checksum >> (sizeof(UINT16) * CHAR_BIT)));
_checksum = (_data_size + ((UINT16)_checksum));
return _checksum;
};
//
VOID Msg(const WCHAR* format = L"", ...)
{
WCHAR pBuff[2048];
va_list va;
va_start(va, format);
vswprintf_s(pBuff, 2048, format, va);
MessageBoxW(0, pBuff, L"", MB_OK);
va_end(va);
};
//
FILE* pFile = _wfopen(L"DllFile.dll", L"rb");
if(pFile)
{
fseek(pFile, 0, SEEK_END);
UINT32 _file_size = (UINT32)ftell(pFile);
fseek(pFile, 0, SEEK_SET);
string _file_buff;
_file_buff.resize(_file_size);
if(fread((LPVOID)_file_buff.c_str(), _file_size, 1, pFile) == 1)
{
fclose(pFile); pFile = NULL;
//
ULONG_PTR _file = (ULONG_PTR)_file_buff.c_str(), _file_size = (ULONG_PTR)_file_buff.size();
if(((PIMAGE_DOS_HEADER)_file)->e_magic == IMAGE_DOS_SIGNATURE)
{
PIMAGE_NT_HEADERS _pinth = (PIMAGE_NT_HEADERS)(_file + ((PIMAGE_DOS_HEADER)_file)->e_lfanew);
switch(_pinth->OptionalHeader.Magic)
{
case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
{
PIMAGE_NT_HEADERS32 pinth = (PIMAGE_NT_HEADERS32)_pinth;
Msg(L"in_file: 0x%08X, calculated: 0x%08X (X86)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));
break;
}
case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
{
PIMAGE_NT_HEADERS64 pinth = (PIMAGE_NT_HEADERS64)_pinth;
Msg(L"in_file: 0x%08X, calculated: 0x%08X (X64)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));
break;
}
}
//
}
//
}
else
{
fclose(pFile); pFile = NULL;
}
}
//