1、/ FileName : Get.eXe.PE.Information.osc/ Comment : Get eXe PE Information/ Environment : WinXP SP2,OllyDbg V1.10,OllyScript V0.92/ Author : fly/ WebSite : / Date : 2005-10-24 15:30/#logdbhvar Tempvar ImageBasevar PEvar e_lfanewvar PE_Signaturevar NumberOfSectionsvar SizeOfOptionalHeadervar -EPvar EP
2、RVAvar EPvar OEPRVAvar -ExportTablevar ExportTableRVAvar ExportTableSizevar -ImportTablevar ImportTableRVAvar ImportTableSizevar -ResourceTablevar ResourceTableRVAvar ResourceTableSizevar -RelocationTablevar RelocationTableRVAvar RelocationTableSizevar -TlsTablevar TlsTableRVAvar TlsTableSizevar Sec
3、tionTablevar SectionsTableSizevar FirstSectionVAvar FirstSectionRVAvar FirstSectionSizevar LastSectionVAvar LastSectionRVAvar LastSectionSize/Get ImageBasemov Temp,eaxexecpush 0call GetModuleHandleAendemov ImageBase,eaxmov eax,Templog ImageBase/Get e_lfanewmov Temp,ImageBaseadd Temp,3Cmov e_lfanew,T
4、emplog e_lfanew/Get PE_Signaturemov Temp,e_lfanewadd Temp,ImageBasemov PE_Signature,Templog PE_Signature/Get NumberOfSectionsadd Temp,6mov NumberOfSections,Tempand NumberOfSections,0FFFFlog NumberOfSections/Get SizeOfOptionalHeadermov Temp,PE_Signatureadd Temp,14mov SizeOfOptionalHeader,Tempand Size
5、OfOptionalHeader,0FFFFlog SizeOfOptionalHeader/Get -EPmov Temp,PE_Signatureadd Temp,28mov -EP,Templog -EPmov EPRVA,-EPlog EPRVAmov Temp,ImageBaseadd Temp,EPRVAmov EP,Templog EP /Get ExportTablemov Temp,PE_Signatureadd Temp,78mov -ExportTable,Templog -ExportTablemov ExportTableRVA,-ExportTablelog Exp
6、ortTableRVAadd Temp,4mov ExportTableSize,Templog ExportTableSize/Get ImportTablemov Temp,PE_Signatureadd Temp,80mov -ImportTable,Templog -ImportTablemov ImportTableRVA,-ImportTablelog ImportTableRVAadd Temp,4mov ImportTableSize,Templog ImportTableSize/Get ResourceTablemov Temp,PE_Signatureadd Temp,8
7、8mov -ResourceTable,Templog -ResourceTablemov ResourceTableRVA,-ResourceTablelog ResourceTableRVAadd Temp,4mov ResourceTableSize,Templog ResourceTableSize/Get RelocationTablemov Temp,PE_Signatureadd Temp,A0mov -RelocationTable,Templog -RelocationTablemov RelocationTableRVA,-RelocationTablelog Reloca
8、tionTableRVAadd Temp,4mov RelocationTableSize,Templog RelocationTableSize/Get TlsTablemov Temp,PE_Signatureadd Temp,C0mov -TlsTable,Templog -TlsTablemov TlsTableRVA,-TlsTablelog TlsTableRVAadd Temp,4mov TlsTableSize,Templog TlsTableSize/Get SectionTablemov Temp,PE_Signatureadd Temp,SizeOfOptionalHea
9、deradd Temp,18mov SectionTable,Templog SectionTable/Get FirstSectionInformationmov Temp,SectionTableadd Temp,C mov FirstSectionRVA,Templog FirstSectionRVAsub Temp,4mov FirstSectionSize,Templog FirstSectionSizemov Temp,FirstSectionRVAadd Temp,ImageBasemov FirstSectionVA,Templog FirstSectionVA/Get Las
10、tSectionInformationmov Temp,eaxmov eax,NumberOfSectionsexecpush edxmov edx,28mul edxpop edxendemov SectionsTableSize,eaxlog SectionsTableSizemov eax,Tempmov Temp,SectionTableadd Temp,SectionsTableSizesub Temp,1Cmov LastSectionRVA,Templog LastSectionRVAmov LastSectionVA,LastSectionRVAadd LastSectionV
11、A,ImageBaselog LastSectionVAsub Temp,4mov LastSectionSize,Templog LastSectionSize/Game Overlog ImageBaselog e_lfanewlog PE_Signaturelog NumberOfSectionslog SizeOfOptionalHeaderlog -EPlog EPRVAlog EP log -ExportTablelog ExportTableRVAlog ExportTableSizelog -ImportTablelog ImportTableRVAlog ImportTabl
12、eSizelog -ResourceTablelog ResourceTableRVAlog ResourceTableSizelog -RelocationTablelog RelocationTableRVAlog RelocationTableSizelog -TlsTablelog TlsTableRVAlog TlsTableSizelog SectionTablelog FirstSectionRVAlog FirstSectionSizelog FirstSectionVAlog LastSectionRVAlog LastSectionVAlog LastSectionSizeMSG OOO Game Over. Plz View - Log OOO ret
