■ ■ ■ ■ ■ ■
SearchAvailableExe/Tools.cpp
| skipped 150 lines |
151 | 151 | | return pathObj.parent_path().string(); |
152 | 152 | | } |
153 | 153 | | |
154 | | - | bool endsWithDLL(const std::string& str) { |
155 | | - | int strLength = str.length(); |
156 | | - | for (size_t i = 0; i < strLength; i += 2) { |
157 | | - | char ch = str[i]; |
158 | | - | if (!((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '.' || ch == '-')) |
159 | | - | return false; |
160 | | - | } |
161 | | - | |
162 | | - | return str.size() > 4 && str.compare(str.size() - 4, 4, ".dll") == 0; |
163 | | - | } |
164 | | - | |
165 | | - | bool endsWithDLL(const std::wstring& str) { |
166 | | - | int strLength = str.length(); |
167 | | - | for (size_t i = 0; i < strLength; i += 2) { |
168 | | - | wchar_t ch = str[i]; |
169 | | - | if (!((ch >= L'a' && ch <= L'z') || (ch >= L'A' && ch <= L'Z') || (ch >= L'0' && ch <= L'9') || ch == L'_' || ch == L'.' || ch == L'-')) |
170 | | - | return false; |
171 | | - | } |
172 | | - | |
173 | | - | return str.size() > 4 && str.compare(str.size() - 4, 4, L".dll") == 0; |
174 | | - | } |
175 | | - | |
176 | 154 | | void searchDll(BYTE* buffer, PResultInfo result, LPCWSTR filePath, char* dllsName, string fileDir) { |
177 | 155 | | DWORD rdataLength; |
178 | 156 | | BYTE* rdata = readRDataSection(buffer, &rdataLength); |
179 | 157 | | if (rdata != 0) { |
180 | | - | LPVOID str = (LPVOID)malloc(255); |
181 | | - | DWORD begin = 0; |
| 158 | + | char fileFullPath[255] = { 0 }; |
| 159 | + | strcat(fileFullPath, fileDir.c_str()); |
182 | 160 | | int fileDirLength = fileDir.length(); |
| 161 | + | DWORD vaule, vaule1; |
| 162 | + | char* str; |
| 163 | + | char ch; |
183 | 164 | | |
184 | | - | for (size_t i = 0; i < rdataLength; ++i) { |
185 | | - | char ch = rdata[i]; |
186 | | - | if (ch == '\0') { |
187 | | - | if (i - begin > 10 && i - begin < 30) { |
188 | | - | memcpy(str, rdata + begin, i + 1 - begin); |
189 | | - | if (endsWithDLL((char*)str)) { |
190 | | - | char fileFullPath[255] = { 0 }; |
191 | | - | strcat(fileFullPath, fileDir.c_str()); |
192 | | - | strcat(fileFullPath, (char*)str); |
| 165 | + | for (size_t i = rdataLength - 4; i > 0; --i) { |
| 166 | + | vaule = *(PDWORD)((PBYTE)rdata + i); |
193 | 167 | | |
194 | | - | if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, (char*)str) == NULL) |
195 | | - | result->postLoadDlls.push_back(_strdup((char*)str)); |
196 | | - | } |
| 168 | + | if (vaule == 0x6c6c642e) { |
| 169 | + | ch = rdata[--i]; |
| 170 | + | while (((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '.' || ch == '-')) { |
| 171 | + | ch = rdata[--i]; |
197 | 172 | | } |
198 | | - | begin = i + 1; |
| 173 | + | |
| 174 | + | if (ch != 0) |
| 175 | + | continue; |
| 176 | + | |
| 177 | + | str = (char*)(rdata + i + 1); |
| 178 | + | memcpy(fileFullPath + fileDirLength, str, strlen(str) + 1); |
| 179 | + | |
| 180 | + | if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, str) == NULL) |
| 181 | + | result->postLoadDlls.push_back(_strdup(str)); |
199 | 182 | | } |
200 | 183 | | } |
201 | 184 | | |
202 | | - | begin = 0; |
203 | | - | for (size_t i = 0; i < rdataLength; i += 2) { |
204 | | - | wchar_t ch = rdata[i]; |
| 185 | + | for (size_t i = rdataLength - 8; i > 0; i -= 2) { |
| 186 | + | vaule = *(PDWORD)((PBYTE)rdata + i); |
| 187 | + | vaule1 = *(PDWORD)((PBYTE)rdata + i + 4); |
| 188 | + | |
| 189 | + | if (vaule1 == 0x6c && vaule == 0x6c0064) { |
| 190 | + | i -= 2; |
| 191 | + | ch = rdata[i]; |
| 192 | + | while (((ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') || ch == '_' || ch == '.' || ch == '-')) { |
| 193 | + | i -= 2; |
| 194 | + | ch = rdata[i]; |
| 195 | + | } |
| 196 | + | |
| 197 | + | if (ch != 0) |
| 198 | + | continue; |
205 | 199 | | |
206 | | - | if (ch == L'\0') { |
207 | | - | if (i - begin > 10 && i - begin < 60) { |
208 | | - | memcpy(str, rdata + begin, i + 2 - begin); |
209 | | - | if (endsWithDLL((wchar_t*)str)) { |
210 | | - | char fileFullPath[255] = { 0 }; |
211 | | - | strcat(fileFullPath, fileDir.c_str()); |
212 | | - | strcat(fileFullPath, ConvertWideToMultiByte((wchar_t*)str)); |
| 200 | + | str = ConvertWideToMultiByte((wchar_t*)(rdata + i + 2)); |
| 201 | + | memcpy(fileFullPath + fileDirLength, str, strlen(str)+1); |
213 | 202 | | |
214 | | - | if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, ConvertWideToMultiByte((wchar_t*)str)) == NULL) |
215 | | - | result->postLoadDlls.push_back(_strdup((char*)(wstring2string((wchar_t*)str).c_str()))); |
216 | | - | } |
217 | | - | } |
218 | | - | begin = i + 2; |
| 203 | + | if (filesystem::exists(filesystem::path(fileFullPath)) && containsIgnoreCase(dllsName, str) == NULL) |
| 204 | + | result->postLoadDlls.push_back(_strdup(str)); |
219 | 205 | | } |
220 | 206 | | } |
221 | | - | free(str); |
222 | 207 | | } |
223 | 208 | | } |
224 | 209 | | |
| skipped 197 lines |