STRLCPY/SearchAvailableExe

项目初始化
maoku committed 2 months ago

2c16be28

■ ■ ■ ■ ■ ■

.gitignore

1 + /.vs
2 + /Debug
3 + /Release
4 + /SearchAvailableExe/Debug
5 + /SearchAvailableExe/Release
6 +

All occurrences

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.cpp

1	+	#include <iostream>
2	+	#include <windows.h>
3	+	#include <fstream>
4	+	#include <thread>
5	+	#include "Tools.h"
6	+
7	+	using namespace std;
8	+
9	+	vector<PResultInfo> results;
10	+
11	+	void ThreadFunction(const std::wstring& filePath) {
12	+	VerifyFileSignature(filePath.c_str());
13	+	}
14	+
15	+	void ListExecutableFiles(const wstring& directory) {
16	+	WIN32_FIND_DATA findFileData;
17	+	HANDLE hFind = FindFirstFile((directory + L"\\*").c_str(), &findFileData);
18	+	std::vector<std::thread> threads;
19	+
20	+	if (hFind != INVALID_HANDLE_VALUE) {
21	+	do {
22	+	wstring filename = findFileData.cFileName;
23	+	if (filename != L"." && filename != L"..") {
24	+	if (findFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
25	+	// 如果是目录，则递归遍历
26	+	ListExecutableFiles(directory + L"\\" + filename);
27	+	}
28	+	else {
29	+	// 如果是文件，则检查是否是可执行文件
30	+	if (filename.size() > 4 && filename.substr(filename.size() - 4) == L".exe") {
31	+	// 将可执行文件路径写入文件
32	+	wstring fileFullPath = directory + L"\\" + filename;
33	+	threads.push_back(std::thread(ThreadFunction, fileFullPath));
34	+	}
35	+	}
36	+	}
37	+	} while (FindNextFile(hFind, &findFileData) != 0);
38	+	FindClose(hFind);
39	+	}
40	+
41	+	for (auto& thread : threads) {
42	+	thread.join();
43	+	}
44	+	}
45	+
46	+	int main() {
47	+	string outputFilename = "output.txt";
48	+	ofstream outputFile(outputFilename);
49	+
50	+	if (!outputFile.is_open()) {
51	+	cerr << "Failed to open output file." << endl;
52	+	return 1;
53	+	}
54	+
55	+	// 遍历系统的所有盘符
56	+	/*for (char drive = 'A'; drive <= 'Z'; ++drive) {
57	+	wstring rootDirectory = wstring(1, drive) + L":";
58	+	ListExecutableFiles(rootDirectory);
59	+	}*/
60	+
61	+	//wstring rootDirectory = L"D:\\Code\\TeamWorkspace\\beacon\\白+黑嵌入生成";
62	+	wstring rootDirectory = L"C:\\Program Files\\Microsoft Visual Studio\\2022\\Professional\\VC\\Tools\\Llvm\\x64\\bin";
63	+	ListExecutableFiles(rootDirectory);
64	+
65	+	for (const auto& result : results) {
66	+	outputFile << result->filePath << endl;
67	+	outputFile << "程序位数: " << result->bit << " 目录是否可写: " << result->isWrite << endl;
68	+
69	+	if (result->preLoadDlls.size() > 0) {
70	+	outputFile << "预加载DLL个数: " << result->preLoadDlls.size() << endl;
71	+	for (const auto& dll : result->preLoadDlls) {
72	+	outputFile << dll << endl;
73	+	delete[] dll;
74	+	}
75	+	}
76	+
77	+	if (result->postLoadDlls.size() > 0) {
78	+	outputFile << "动态加载DLL个数: " << result->postLoadDlls.size() << endl;
79	+	for (const auto& dll : result->postLoadDlls) {
80	+	outputFile << dll << endl;
81	+	delete[] dll;
82	+	}
83	+	}
84	+
85	+	outputFile << "-------------------------" << endl;
86	+
87	+	delete result;
88	+	}
89	+
90	+	outputFile.close();
91	+	cout << "Output saved to " << outputFilename << endl;
92	+
93	+	return 0;
94	+	}

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.vcxproj

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup Label="ProjectConfigurations">
4	+	<ProjectConfiguration Include="Debug\|Win32">
5	+	<Configuration>Debug</Configuration>
6	+	<Platform>Win32</Platform>
7	+	</ProjectConfiguration>
8	+	<ProjectConfiguration Include="Release\|Win32">
9	+	<Configuration>Release</Configuration>
10	+	<Platform>Win32</Platform>
11	+	</ProjectConfiguration>
12	+	<ProjectConfiguration Include="Debug\|x64">
13	+	<Configuration>Debug</Configuration>
14	+	<Platform>x64</Platform>
15	+	</ProjectConfiguration>
16	+	<ProjectConfiguration Include="Release\|x64">
17	+	<Configuration>Release</Configuration>
18	+	<Platform>x64</Platform>
19	+	</ProjectConfiguration>
20	+	</ItemGroup>
21	+	<PropertyGroup Label="Globals">
22	+	<VCProjectVersion>16.0</VCProjectVersion>
23	+	<Keyword>Win32Proj</Keyword>
24	+	<ProjectGuid>{e4d4d27b-a771-4fd8-b4b3-a3ecfdedd75b}</ProjectGuid>
25	+	<RootNamespace>SearchAvailableExe</RootNamespace>
26	+	<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
27	+	</PropertyGroup>
28	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
29	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'" Label="Configuration">
30	+	<ConfigurationType>Application</ConfigurationType>
31	+	<UseDebugLibraries>true</UseDebugLibraries>
32	+	<PlatformToolset>v143</PlatformToolset>
33	+	<CharacterSet>Unicode</CharacterSet>
34	+	</PropertyGroup>
35	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'" Label="Configuration">
36	+	<ConfigurationType>Application</ConfigurationType>
37	+	<UseDebugLibraries>false</UseDebugLibraries>
38	+	<PlatformToolset>v143</PlatformToolset>
39	+	<WholeProgramOptimization>true</WholeProgramOptimization>
40	+	<CharacterSet>MultiByte</CharacterSet>
41	+	</PropertyGroup>
42	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'" Label="Configuration">
43	+	<ConfigurationType>Application</ConfigurationType>
44	+	<UseDebugLibraries>true</UseDebugLibraries>
45	+	<PlatformToolset>v143</PlatformToolset>
46	+	<CharacterSet>Unicode</CharacterSet>
47	+	</PropertyGroup>
48	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'" Label="Configuration">
49	+	<ConfigurationType>Application</ConfigurationType>
50	+	<UseDebugLibraries>false</UseDebugLibraries>
51	+	<PlatformToolset>v143</PlatformToolset>
52	+	<WholeProgramOptimization>true</WholeProgramOptimization>
53	+	<CharacterSet>Unicode</CharacterSet>
54	+	</PropertyGroup>
55	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
56	+	<ImportGroup Label="ExtensionSettings">
57	+	</ImportGroup>
58	+	<ImportGroup Label="Shared">
59	+	</ImportGroup>
60	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
61	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
62	+	</ImportGroup>
63	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
64	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
65	+	</ImportGroup>
66	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
67	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
68	+	</ImportGroup>
69	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
70	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
71	+	</ImportGroup>
72	+	<PropertyGroup Label="UserMacros" />
73	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
74	+	<ClCompile>
75	+	<WarningLevel>Level3</WarningLevel>
76	+	<SDLCheck>true</SDLCheck>
77	+	<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
78	+	<ConformanceMode>true</ConformanceMode>
79	+	<LanguageStandard>stdcpp17</LanguageStandard>
80	+	</ClCompile>
81	+	<Link>
82	+	<SubSystem>Console</SubSystem>
83	+	<GenerateDebugInformation>true</GenerateDebugInformation>
84	+	<AdditionalDependencies>Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
85	+	</Link>
86	+	</ItemDefinitionGroup>
87	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
88	+	<ClCompile>
89	+	<WarningLevel>Level3</WarningLevel>
90	+	<FunctionLevelLinking>true</FunctionLevelLinking>
91	+	<IntrinsicFunctions>true</IntrinsicFunctions>
92	+	<SDLCheck>true</SDLCheck>
93	+	<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
94	+	<ConformanceMode>true</ConformanceMode>
95	+	<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
96	+	</ClCompile>
97	+	<Link>
98	+	<SubSystem>Console</SubSystem>
99	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
100	+	<OptimizeReferences>true</OptimizeReferences>
101	+	<GenerateDebugInformation>false</GenerateDebugInformation>
102	+	<AdditionalDependencies>Crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
103	+	</Link>
104	+	</ItemDefinitionGroup>
105	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
106	+	<ClCompile>
107	+	<WarningLevel>Level3</WarningLevel>
108	+	<SDLCheck>true</SDLCheck>
109	+	<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
110	+	<ConformanceMode>true</ConformanceMode>
111	+	</ClCompile>
112	+	<Link>
113	+	<SubSystem>Console</SubSystem>
114	+	<GenerateDebugInformation>true</GenerateDebugInformation>
115	+	</Link>
116	+	</ItemDefinitionGroup>
117	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
118	+	<ClCompile>
119	+	<WarningLevel>Level3</WarningLevel>
120	+	<FunctionLevelLinking>true</FunctionLevelLinking>
121	+	<IntrinsicFunctions>true</IntrinsicFunctions>
122	+	<SDLCheck>true</SDLCheck>
123	+	<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
124	+	<ConformanceMode>true</ConformanceMode>
125	+	</ClCompile>
126	+	<Link>
127	+	<SubSystem>Console</SubSystem>
128	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
129	+	<OptimizeReferences>true</OptimizeReferences>
130	+	<GenerateDebugInformation>true</GenerateDebugInformation>
131	+	</Link>
132	+	</ItemDefinitionGroup>
133	+	<ItemGroup>
134	+	<ClCompile Include="SearchAvailableExe.cpp" />
135	+	<ClCompile Include="Tools.cpp" />
136	+	</ItemGroup>
137	+	<ItemGroup>
138	+	<ClInclude Include="Tools.h" />
139	+	</ItemGroup>
140	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
141	+	<ImportGroup Label="ExtensionTargets">
142	+	</ImportGroup>
143	+	</Project>

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.vcxproj.filters

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup>
4	+	<Filter Include="源文件">
5	+	<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
6	+	<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
7	+	</Filter>
8	+	<Filter Include="头文件">
9	+	<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10	+	<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11	+	</Filter>
12	+	<Filter Include="资源文件">
13	+	<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14	+	<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15	+	</Filter>
16	+	</ItemGroup>
17	+	<ItemGroup>
18	+	<ClCompile Include="SearchAvailableExe.cpp">
19	+	<Filter>源文件</Filter>
20	+	</ClCompile>
21	+	<ClCompile Include="Tools.cpp">
22	+	<Filter>源文件</Filter>
23	+	</ClCompile>
24	+	</ItemGroup>
25	+	<ItemGroup>
26	+	<ClInclude Include="Tools.h">
27	+	<Filter>头文件</Filter>
28	+	</ClInclude>
29	+	</ItemGroup>
30	+	</Project>

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.vcxproj.user

1 + <?xml version="1.0" encoding="utf-8"?>
2 + <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 + <PropertyGroup />
4 + </Project>

All occurrences

■ ■ ■ ■ ■ ■

SearchAvailableExe/Tools.cpp

1	+	#include "Tools.h"
2	+
3	+	extern vector<PResultInfo> results;
4	+	std::unordered_map<std::string, std::wstring> md5Map;
5	+	std::mutex mtx;
6	+
7	+	std::string calculateMD5(BYTE* buffer, DWORD bytesRead) {
8	+	std::string md5;
9	+
10	+	// 初始化加密API
11	+	HCRYPTPROV hProv = 0;
12	+	if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
13	+	std::cerr << "CryptAcquireContext failed\n";
14	+	return md5;
15	+	}
16	+
17	+	HCRYPTHASH hHash = 0;
18	+	if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) {
19	+	std::cerr << "CryptCreateHash failed\n";
20	+	CryptReleaseContext(hProv, 0);
21	+	return md5;
22	+	}
23	+
24	+	// 读取文件并更新哈希值
25	+	if (!CryptHashData(hHash, buffer, bytesRead, 0)) {
26	+	std::cerr << "CryptHashData failed\n";
27	+	CryptDestroyHash(hHash);
28	+	CryptReleaseContext(hProv, 0);
29	+	return md5;
30	+	}
31	+
32	+	// 获取哈希值
33	+	DWORD hashSize = 16; // MD5 哈希值大小为 16 字节
34	+	BYTE hashBuffer[16];
35	+	if (CryptGetHashParam(hHash, HP_HASHVAL, hashBuffer, &hashSize, 0)) {
36	+	std::stringstream ss;
37	+	ss << std::hex << std::setfill('0');
38	+	for (int i = 0; i < hashSize; ++i) {
39	+	ss << std::setw(2) << static_cast<unsigned int>(hashBuffer[i]);
40	+	}
41	+	md5 = ss.str();
42	+	}
43	+	else {
44	+	std::cerr << "CryptGetHashParam failed\n";
45	+	}
46	+
47	+	CryptDestroyHash(hHash);
48	+	CryptReleaseContext(hProv, 0);
49	+
50	+	return md5;
51	+	}
52	+
53	+	string wstring2string(wstring wstr)
54	+	{
55	+	string result;
56	+	//获取缓冲区大小，并申请空间，缓冲区大小事按字节计算的
57	+	int len = WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), wstr.size(), NULL, 0, NULL, NULL);
58	+	char* buffer = new char[len + 1];
59	+	//宽字节编码转换成多字节编码
60	+	WideCharToMultiByte(CP_ACP, 0, wstr.c_str(), wstr.size(), buffer, len, NULL, NULL);
61	+	buffer[len] = '\0';
62	+	//删除缓冲区并返回值
63	+	result.append(buffer);
64	+	delete[] buffer;
65	+	return result;
66	+	}
67	+
68	+	DWORD rvaToFOA(LPVOID buf, int rva)
69	+	{
70	+	PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)buf;
71	+	IMAGE_SECTION_HEADER* sectionHeader;
72	+
73	+	if (*(PWORD)((size_t)pDH + pDH->e_lfanew + 0x18) == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
74	+	{
75	+	PIMAGE_NT_HEADERS32 pNtH32 = PIMAGE_NT_HEADERS32((size_t)pDH + pDH->e_lfanew);
76	+
77	+	sectionHeader = IMAGE_FIRST_SECTION(pNtH32);
78	+	}
79	+	else {
80	+	PIMAGE_NT_HEADERS64 pNtH64 = PIMAGE_NT_HEADERS64((size_t)pDH + pDH->e_lfanew);
81	+
82	+	sectionHeader = IMAGE_FIRST_SECTION(pNtH64);
83	+	}
84	+
85	+	while (sectionHeader->VirtualAddress != 0)
86	+	{
87	+	if (rva >= sectionHeader->VirtualAddress && rva < sectionHeader->VirtualAddress + sectionHeader->Misc.VirtualSize) {
88	+	return rva - sectionHeader->VirtualAddress + sectionHeader->PointerToRawData;
89	+	}
90	+
91	+	sectionHeader++;
92	+	}
93	+
94	+	return 0;
95	+	}
96	+
97	+	bool containsIgnoreCase(const std::string& str1, const std::string& str2) {
98	+	std::string str1Lower = str1;
99	+	std::string str2Lower = str2;
100	+
101	+	// 将两个字符串转换为小写
102	+	std::transform(str1Lower.begin(), str1Lower.end(), str1Lower.begin(), ::tolower);
103	+	std::transform(str2Lower.begin(), str2Lower.end(), str2Lower.begin(), ::tolower);
104	+
105	+	// 在转换后的字符串中查找
106	+	return str1Lower.find(str2Lower) != std::string::npos;
107	+	}
108	+
109	+	BYTE* readRDataSection(BYTE* buffer, PDWORD rdataLength) {
110	+	PIMAGE_DOS_HEADER dosHeader = reinterpret_cast<PIMAGE_DOS_HEADER>(buffer);
111	+	if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) {
112	+	std::cerr << "Invalid DOS header." << std::endl;
113	+	return 0;
114	+	}
115	+
116	+	PIMAGE_NT_HEADERS ntHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>(reinterpret_cast<BYTE*>(buffer) + dosHeader->e_lfanew);
117	+	if (ntHeaders->Signature != IMAGE_NT_SIGNATURE) {
118	+	std::cerr << "Invalid NT headers." << std::endl;
119	+	return 0;
120	+	}
121	+
122	+	PIMAGE_SECTION_HEADER sectionHeader = IMAGE_FIRST_SECTION(ntHeaders);
123	+	for (int i = 0; i < ntHeaders->FileHeader.NumberOfSections; ++i) {
124	+	if (strcmp(".rdata", (char*)sectionHeader[i].Name) == 0) {
125	+	*rdataLength = sectionHeader[i].SizeOfRawData;
126	+	return reinterpret_cast<BYTE*>(buffer) + sectionHeader[i].PointerToRawData;
127	+	}
128	+	}
129	+
130	+	return 0;
131	+	}
132	+
133	+	LPSTR ConvertWideToMultiByte(LPCWSTR wideString) {
134	+	int wideLength = wcslen(wideString);
135	+
136	+	int bufferSize = WideCharToMultiByte(CP_ACP, 0, wideString, wideLength, NULL, 0, NULL, NULL);
137	+
138	+	LPSTR multiByteString = new char[bufferSize + 1];
139	+	memset(multiByteString, 0, bufferSize + 1);
140	+
141	+	WideCharToMultiByte(CP_ACP, 0, wideString, wideLength, multiByteString, bufferSize, NULL, NULL);
142	+
143	+	return multiByteString;
144	+	}
145	+
146	+	std::string GetDirectoryFromPath(const std::string& filePath) {
147	+	// 将文件路径转换为路径对象
148	+	std::filesystem::path pathObj(filePath);
149	+
150	+	// 返回文件所在目录的字符串表示
151	+	return pathObj.parent_path().string();
152	+	}
153	+
154	+	bool endsWithDLL(const std::string& str) {
155	+	int strLength = str.length();
156	+	for (size_t i = 0; i < strLength; i += 2) {
157	+	char ch = str[i];
158	+	if (!((ch >= 'a' && ch <= 'z') \|\| (ch >= 'A' && ch <= 'Z') \|\| (ch >= '0' && ch <= '9') \|\| ch == '_' \|\| ch == '.' \|\| ch == '-'))
159	+	return false;
160	+	}
161	+
162	+	return str.size() > 4 && str.compare(str.size() - 4, 4, ".dll") == 0;
163	+	}
164	+
165	+	bool endsWithDLL(const std::wstring& str) {
166	+	int strLength = str.length();
167	+	for (size_t i = 0; i < strLength; i += 2) {
168	+	wchar_t ch = str[i];
169	+	if (!((ch >= L'a' && ch <= L'z') \|\| (ch >= L'A' && ch <= L'Z') \|\| (ch >= L'0' && ch <= L'9') \|\| ch == L'_' \|\| ch == L'.' \|\| ch == L'-'))
170	+	return false;
171	+	}
172	+
173	+	return str.size() > 4 && str.compare(str.size() - 4, 4, L".dll") == 0;
174	+	}
175	+
176	+	void searchDll(BYTE* buffer, PResultInfo result, LPCWSTR filePath, char* dllsName, string fileDir) {
177	+	DWORD rdataLength;
178	+	BYTE* rdata = readRDataSection(buffer, &rdataLength);
179	+	if (rdata != 0) {
180	+	LPVOID str = (LPVOID)malloc(255);
181	+	DWORD begin = 0;
182	+	int fileDirLength = fileDir.length();
183	+
184	+	for (size_t i = 0; i < rdataLength; ++i) {
185	+	char ch = rdata[i];
186	+	if (ch == '\0') {
187	+	if (i - begin > 10 && i - begin < 30) {
188	+	memcpy(str, rdata + begin, i + 1 - begin);
189	+	if (endsWithDLL((char*)str)) {
190	+	char fileFullPath[255] = { 0 };
191	+	strcat(fileFullPath, fileDir.c_str());
192	+	strcat(fileFullPath, (char*)str);
193	+
194	+	if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, (char*)str) == NULL)
195	+	result->postLoadDlls.push_back(_strdup((char*)str));
196	+	}
197	+	}
198	+	begin = i + 1;
199	+	}
200	+	}
201	+
202	+	begin = 0;
203	+	for (size_t i = 0; i < rdataLength; i += 2) {
204	+	wchar_t ch = rdata[i];
205	+
206	+	if (ch == L'\0') {
207	+	if (i - begin > 10 && i - begin < 60) {
208	+	memcpy(str, rdata + begin, i + 2 - begin);
209	+	if (endsWithDLL((wchar_t*)str)) {
210	+	char fileFullPath[255] = { 0 };
211	+	strcat(fileFullPath, fileDir.c_str());
212	+	strcat(fileFullPath, ConvertWideToMultiByte((wchar_t*)str));
213	+
214	+	if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, ConvertWideToMultiByte((wchar_t*)str)) == NULL)
215	+	result->postLoadDlls.push_back(_strdup((char)(wstring2string((wchar_t)str).c_str())));
216	+	}
217	+	}
218	+	begin = i + 2;
219	+	}
220	+	}
221	+	free(str);
222	+	}
223	+	}
224	+
225	+	bool hasWritePermission(const std::string& directoryPath) {
226	+	std::string tempFilePath = directoryPath + "\\tmp";
227	+	{
228	+	std::lock_guard<std::mutex> lock(mtx);
229	+	std::ofstream tempFile(tempFilePath);
230	+
231	+	if (!tempFile.is_open()) {
232	+	return false; // 创建文件失败，目录没有写权限
233	+	}
234	+	tempFile.close();
235	+	std::filesystem::remove(tempFilePath); // 创建文件后立即删除
236	+	}
237	+	return true; // 创建文件成功，目录有写权限
238	+	}
239	+
240	+	void printImportTableInfo(BYTE* buffer, PResultInfo result, LPCWSTR filePath)
241	+	{
242	+	const char* known_dlls[] = {"kernel32", "wow64cpu", "wowarmhw", "xtajit", "advapi32", "clbcatq", "combase", "COMDLG32", "coml2", "difxapi", "gdi32", "gdiplus", "IMAGEHLP", "IMM32", "MSCTF", "MSVCRT", "NORMALIZ", "NSI", "ole32", "OLEAUT32", "PSAPI", "rpcrt4", "sechost", "Setupapi", "SHCORE", "SHELL32", "SHLWAPI", "user32", "WLDAP32", "wow64cpu", "wow64", "wow64base", "wow64con", "wow64win", "WS2_32", "xtajit64"};
243	+	string fileDir = GetDirectoryFromPath(ConvertWideToMultiByte(filePath)) + "\\";
244	+
245	+	if (hasWritePermission(fileDir))
246	+	result->isWrite = true;
247	+	else
248	+	result->isWrite = false;
249	+
250	+	PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)buffer;
251	+	IMAGE_DATA_DIRECTORY directory;
252	+	DWORD THUNK_DATA_SIZE;
253	+
254	+	if (*(PWORD)((size_t)pDH + pDH->e_lfanew + 0x18) == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
255	+	{
256	+	PIMAGE_NT_HEADERS32 pNtH32 = PIMAGE_NT_HEADERS32((size_t)pDH + pDH->e_lfanew);
257	+	PIMAGE_OPTIONAL_HEADER32 pOH32 = &pNtH32->OptionalHeader;
258	+
259	+	directory = pOH32->DataDirectory[1];
260	+	THUNK_DATA_SIZE = 4;
261	+	result->bit = 32;
262	+	}
263	+	else {
264	+	PIMAGE_NT_HEADERS64 pNtH64 = PIMAGE_NT_HEADERS64((size_t)pDH + pDH->e_lfanew);
265	+	PIMAGE_OPTIONAL_HEADER64 pOH64 = &pNtH64->OptionalHeader;
266	+
267	+	directory = pOH64->DataDirectory[1];
268	+	THUNK_DATA_SIZE = 8;
269	+	result->bit = 64;
270	+	}
271	+
272	+	PIMAGE_IMPORT_DESCRIPTOR ImportTable = PIMAGE_IMPORT_DESCRIPTOR(rvaToFOA(buffer, directory.VirtualAddress) + buffer);
273	+	//获取导入dll名称
274	+	char* dllsName = (char*)malloc(0x2000);
275	+	memset(dllsName, 0, 0x2000);
276	+	while (ImportTable->Name)
277	+	{
278	+	char* pName = (char*)(rvaToFOA(buffer, ImportTable->Name) + buffer);
279	+	strcat(dllsName, pName);
280	+	ImportTable++;
281	+	}
282	+
283	+	ImportTable = PIMAGE_IMPORT_DESCRIPTOR(rvaToFOA(buffer, directory.VirtualAddress) + buffer);
284	+	while (ImportTable->Name)
285	+	{
286	+	char* pName = (char*)(rvaToFOA(buffer, ImportTable->Name) + buffer);
287	+	DWORD nameSize = sizeof(known_dlls) / 4;
288	+	bool flag = true;
289	+
290	+	for (int i = 0; i < nameSize; i++)
291	+	{
292	+	if (containsIgnoreCase(pName, known_dlls[i]) != NULL)
293	+	{
294	+	flag = false;
295	+	break;
296	+	}
297	+	}
298	+
299	+	PIMAGE_THUNK_DATA INT = PIMAGE_THUNK_DATA(rvaToFOA(buffer, ImportTable->OriginalFirstThunk) + buffer);
300	+	PIMAGE_THUNK_DATA IAT = PIMAGE_THUNK_DATA(rvaToFOA(buffer, ImportTable->FirstThunk) + buffer);
301	+	PIMAGE_IMPORT_BY_NAME temp = { 0 };
302	+	int count = 0;
303	+	while (INT->u1.AddressOfData)//当遍历到的是最后一个是时候是会为0，所以随便遍历一个就好
304	+	{
305	+	if (!(INT->u1.Ordinal & 0x80000000))
306	+	{
307	+	temp = (PIMAGE_IMPORT_BY_NAME)(rvaToFOA(buffer, INT->u1.AddressOfData) + buffer);
308	+	if (containsIgnoreCase(temp->Name, "loadlibrary") != NULL)
309	+	{
310	+	searchDll(buffer, result, filePath, dllsName, fileDir);
311	+	break;
312	+	}
313	+	}
314	+	INT = PIMAGE_THUNK_DATA((PBYTE)INT + THUNK_DATA_SIZE);//INT在INT数组中下移
315	+	count++;
316	+	}
317	+
318	+	char fileFullPath[255] = { 0 };
319	+	strcat(fileFullPath, fileDir.c_str());
320	+	strcat(fileFullPath, pName);
321	+
322	+	if (filesystem::exists(filesystem::path(fileFullPath)))
323	+	flag = true;
324	+
325	+	if (flag)
326	+	result->preLoadDlls.push_back(_strdup(pName));
327	+
328	+	ImportTable++;
329	+	}
330	+
331	+	free(dllsName);
332	+	}
333	+
334	+	BOOL VerifyFileSignature(LPCWSTR filePath) {
335	+	DWORD dwEncoding, dwContentType, dwFormatType;
336	+	HCERTSTORE hStore = NULL;
337	+	HCRYPTMSG hMsg = NULL;
338	+	BOOL bResult = FALSE;
339	+
340	+	// Open the file and get the file handle
341	+	HANDLE hFile = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
342	+	if (hFile == INVALID_HANDLE_VALUE) {
343	+	return FALSE;
344	+	}
345	+
346	+	// Get the size of the file
347	+	DWORD dwFileSize = GetFileSize(hFile, NULL);
348	+
349	+	// Read the file into a buffer
350	+	BYTE* pbFile = (BYTE*)malloc(dwFileSize);
351	+	DWORD dwBytesRead;
352	+	if (!ReadFile(hFile, pbFile, dwFileSize, &dwBytesRead, NULL)) {
353	+	CloseHandle(hFile);
354	+	free(pbFile);
355	+	return FALSE;
356	+	}
357	+
358	+	// Verify the signature
359	+	bResult = CryptQueryObject(CERT_QUERY_OBJECT_FILE, filePath, CERT_QUERY_CONTENT_FLAG_ALL,
360	+	CERT_QUERY_FORMAT_FLAG_ALL, 0, &dwEncoding, &dwContentType,
361	+	&dwFormatType, &hStore, &hMsg, NULL);
362	+	if (!bResult) {
363	+	CloseHandle(hFile);
364	+	free(pbFile);
365	+	return FALSE;
366	+	}
367	+
368	+	PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)pbFile;
369	+	IMAGE_DATA_DIRECTORY directory;
370	+
371	+	if (*(PWORD)((size_t)pDH + pDH->e_lfanew + 0x18) == IMAGE_NT_OPTIONAL_HDR32_MAGIC)
372	+	{
373	+	PIMAGE_NT_HEADERS32 pNtH32 = PIMAGE_NT_HEADERS32((size_t)pDH + pDH->e_lfanew);
374	+	PIMAGE_OPTIONAL_HEADER32 pOH32 = &pNtH32->OptionalHeader;
375	+
376	+	directory = pOH32->DataDirectory[1];
377	+	}
378	+	else {
379	+	PIMAGE_NT_HEADERS64 pNtH64 = PIMAGE_NT_HEADERS64((size_t)pDH + pDH->e_lfanew);
380	+	PIMAGE_OPTIONAL_HEADER64 pOH64 = &pNtH64->OptionalHeader;
381	+
382	+	directory = pOH64->DataDirectory[1];
383	+	}
384	+	//没有导入表的程序
385	+	if (directory.VirtualAddress == 0) {
386	+	CloseHandle(hFile);
387	+	free(pbFile);
388	+	return FALSE;
389	+	}
390	+
391	+	/*string md5 = calculateMD5(pbFile, dwFileSize);
392	+	{
393	+	std::lock_guard<std::mutex> lock(mtx);
394	+	if (md5Map.find(md5) != md5Map.end())
395	+	return FALSE;
396	+
397	+	md5Map[md5] = filePath;
398	+	}*/
399	+
400	+	ResultInfo* result = new ResultInfo;
401	+	result->filePath = wstring2string(filePath);
402	+
403	+	printImportTableInfo(pbFile, result, filePath);
404	+
405	+	if (result->preLoadDlls.size() > 0 \|\| result->postLoadDlls.size() > 0) {
406	+	{
407	+	std::lock_guard<std::mutex> lock(mtx);
408	+	results.push_back(result);
409	+	}
410	+	}
411	+
412	+	// Clean up resources
413	+	if (hMsg != NULL)
414	+	CryptMsgClose(hMsg);
415	+	if (hStore != NULL)
416	+	CertCloseStore(hStore, CERT_CLOSE_STORE_FORCE_FLAG);
417	+	CloseHandle(hFile);
418	+	free(pbFile);
419	+
420	+	return TRUE;
421	+	}

■ ■ ■ ■ ■ ■

SearchAvailableExe/Tools.h

1	+	#include <windows.h>
2	+	#include <wincrypt.h>
3	+	#include <stdio.h>
4	+	#include <fstream>
5	+	#include <sstream>
6	+	#include <iomanip>
7	+	#include <unordered_map>
8	+	#include <iostream>
9	+	#include <algorithm>
10	+	#include <filesystem>
11	+	#include <mutex>
12	+
13	+	using namespace std;
14	+
15	+	typedef struct {
16	+	bool isWrite;
17	+	string filePath;
18	+	int bit;
19	+	vector<char*> preLoadDlls;
20	+	vector<char*> postLoadDlls;
21	+	} ResultInfo, * PResultInfo;
22	+
23	+	BOOL VerifyFileSignature(LPCWSTR filePath);
24	+

■ ■ ■ ■ ■ ■

SearchAvailableExe.sln

1	+
2	+	Microsoft Visual Studio Solution File, Format Version 12.00
3	+	# Visual Studio Version 17
4	+	VisualStudioVersion = 17.6.33829.357
5	+	MinimumVisualStudioVersion = 10.0.40219.1
6	+	Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SearchAvailableExe", "SearchAvailableExe\SearchAvailableExe.vcxproj", "{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}"
7	+	EndProject
8	+	Global
9	+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10	+	Debug\|x64 = Debug\|x64
11	+	Debug\|x86 = Debug\|x86
12	+	Release\|x64 = Release\|x64
13	+	Release\|x86 = Release\|x86
14	+	EndGlobalSection
15	+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Debug\|x64.ActiveCfg = Debug\|x64
17	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Debug\|x64.Build.0 = Debug\|x64
18	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Debug\|x86.ActiveCfg = Debug\|Win32
19	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Debug\|x86.Build.0 = Debug\|Win32
20	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Release\|x64.ActiveCfg = Release\|x64
21	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Release\|x64.Build.0 = Release\|x64
22	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Release\|x86.ActiveCfg = Release\|Win32
23	+	{E4D4D27B-A771-4FD8-B4B3-A3ECFDEDD75B}.Release\|x86.Build.0 = Release\|Win32
24	+	EndGlobalSection
25	+	GlobalSection(SolutionProperties) = preSolution
26	+	HideSolutionNode = FALSE
27	+	EndGlobalSection
28	+	GlobalSection(ExtensibilityGlobals) = postSolution
29	+	SolutionGuid = {6BC8AA18-B8B8-404A-AD97-3F335A60D2EB}
30	+	EndGlobalSection
31	+	EndGlobal
32	+

1	+	/.vs
2	+	/Debug
3	+	/Release
4	+	/SearchAvailableExe/Debug
5	+	/SearchAvailableExe/Release
6	+

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<PropertyGroup />
4	+	</Project>

项目初始化