作者在 2009-02-08 23:27:27 发布以下内容
我在学习汇编的时候,往往在读别人的程序,或者是在认识了新API函数的时候,不清楚这个函数在那个头文件和导入库中,于是,就写了个小程序.
程序记录如下:
;=========API函数头文件查询器====================
;程序功能:给定函数名称,查找该函数在D:\masm32\INCLUDE
;目录中所在的头文件.返回头文件名称.
;使用编译器:MASMPlus
;作者:ONEPROBLEM QQ:962361395
;时期:2009年02月07日
;================================================
.386
.model flat,stdcall
option casemap:none
;程序功能:给定函数名称,查找该函数在D:\masm32\INCLUDE
;目录中所在的头文件.返回头文件名称.
;使用编译器:MASMPlus
;作者:ONEPROBLEM QQ:962361395
;时期:2009年02月07日
;================================================
.386
.model flat,stdcall
option casemap:none
IDD_DIALOG1 equ 1
IDC_EDIT equ 100
ICO_MAIN equ 1
IDC_STATICA equ 200
IDC_EDIT equ 100
ICO_MAIN equ 1
IDC_STATICA equ 200
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
.data?
hInstance dd ?
stFindFileData WIN32_FIND_DATA <>
hFindFile dd ?
szBuffer db 256 dup (?)
szBuffer1 db 256 dup (?)
szBuffer2 db 256 dup (?)
.data
szFindFile db 'D:\masm32\INCLUDE\*.inc',0
szFileName db 'd:\masm32\include\',0
szCaption db '提示',0
szText db '对不起,没有查询到对应的头文件!',0
szReturn db 0dh,0ah,0
hInstance dd ?
stFindFileData WIN32_FIND_DATA <>
hFindFile dd ?
szBuffer db 256 dup (?)
szBuffer1 db 256 dup (?)
szBuffer2 db 256 dup (?)
.data
szFindFile db 'D:\masm32\INCLUDE\*.inc',0
szFileName db 'd:\masm32\include\',0
szCaption db '提示',0
szText db '对不起,没有查询到对应的头文件!',0
szReturn db 0dh,0ah,0
.code
;=================字符串匹配函数=================
_Index proc _szSource,_dwSourceSize,_szTarget,_dwTargetSize
local @TrueOrFalse
pushad
mov esi,_szSource
mov edi,_szTarget
xor ecx,ecx
xor edx,edx
.while ecx < _dwSourceSize && edx < _dwTargetSize
mov al,[esi+ecx] ;全都转换成大写,再进行比较
and al,11011111B
mov ah,[edi+edx]
and ah,11011111B
cmp al,ah
.if ZERO?
inc ecx
inc edx
.else
sub ecx,edx
inc ecx
xor edx,edx
.endif
.endw
.if edx == _dwTargetSize
mov @TrueOrFalse,1 ;在此也可返回查询到的位置值
.else
mov @TrueOrFalse,-1
.endif
popad
mov eax,@TrueOrFalse
ret
_Index endp
;=================建立文件映射函数===============
_ProcFile proc _szFileName
local @hFile,@hFileMap,@lpMemory,@dwFileSize
local @dwszSize
local @TrueOrFalse
pushad
xor eax,eax
mov @TrueOrFalse,eax ;预先置0,当没有输入时返回0
invoke CreateFile,_szFileName,GENERIC_READ,FILE_SHARE_READ,\
0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax == INVALID_HANDLE_VALUE
ret
.endif
mov @hFile,eax
invoke GetFileSize,@hFile,NULL
mov @dwFileSize,eax
invoke CreateFileMapping,@hFile,NULL,PAGE_READONLY,0,0,NULL
.if ! eax
jmp _Ret1
.endif
mov @hFileMap,eax
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
.if ! eax
jmp _Ret2
.endif
mov @lpMemory,eax
invoke lstrlen,addr szBuffer
.if eax
invoke lstrcpy,addr szBuffer2,addr szReturn ;在函数名称前面
invoke lstrcat,addr szBuffer2,addr szBuffer ;加上回车及换行
invoke lstrlen,addr szBuffer2 ;因为函数名称都
mov @dwszSize,eax ;在每行的开头
lea edi,szBuffer2
mov dl,20h
mov [edi+eax],dl ;在函数名称后面添加一个空格
inc @dwszSize
invoke _Index,@lpMemory,@dwFileSize,addr szBuffer2,@dwszSize
.if eax == -1
mov @TrueOrFalse,0
.else
mov @TrueOrFalse,1
.endif
.endif
invoke UnmapViewOfFile,@lpMemory
_Ret2:
invoke CloseHandle,@hFileMap
_Ret1:
invoke CloseHandle,@hFile
popad
mov eax,@TrueOrFalse
ret
_ProcFile endp
;================查找文件函数====================
_FindFile proc _hWnd
;=================字符串匹配函数=================
_Index proc _szSource,_dwSourceSize,_szTarget,_dwTargetSize
local @TrueOrFalse
pushad
mov esi,_szSource
mov edi,_szTarget
xor ecx,ecx
xor edx,edx
.while ecx < _dwSourceSize && edx < _dwTargetSize
mov al,[esi+ecx] ;全都转换成大写,再进行比较
and al,11011111B
mov ah,[edi+edx]
and ah,11011111B
cmp al,ah
.if ZERO?
inc ecx
inc edx
.else
sub ecx,edx
inc ecx
xor edx,edx
.endif
.endw
.if edx == _dwTargetSize
mov @TrueOrFalse,1 ;在此也可返回查询到的位置值
.else
mov @TrueOrFalse,-1
.endif
popad
mov eax,@TrueOrFalse
ret
_Index endp
;=================建立文件映射函数===============
_ProcFile proc _szFileName
local @hFile,@hFileMap,@lpMemory,@dwFileSize
local @dwszSize
local @TrueOrFalse
pushad
xor eax,eax
mov @TrueOrFalse,eax ;预先置0,当没有输入时返回0
invoke CreateFile,_szFileName,GENERIC_READ,FILE_SHARE_READ,\
0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax == INVALID_HANDLE_VALUE
ret
.endif
mov @hFile,eax
invoke GetFileSize,@hFile,NULL
mov @dwFileSize,eax
invoke CreateFileMapping,@hFile,NULL,PAGE_READONLY,0,0,NULL
.if ! eax
jmp _Ret1
.endif
mov @hFileMap,eax
invoke MapViewOfFile,eax,FILE_MAP_READ,0,0,0
.if ! eax
jmp _Ret2
.endif
mov @lpMemory,eax
invoke lstrlen,addr szBuffer
.if eax
invoke lstrcpy,addr szBuffer2,addr szReturn ;在函数名称前面
invoke lstrcat,addr szBuffer2,addr szBuffer ;加上回车及换行
invoke lstrlen,addr szBuffer2 ;因为函数名称都
mov @dwszSize,eax ;在每行的开头
lea edi,szBuffer2
mov dl,20h
mov [edi+eax],dl ;在函数名称后面添加一个空格
inc @dwszSize
invoke _Index,@lpMemory,@dwFileSize,addr szBuffer2,@dwszSize
.if eax == -1
mov @TrueOrFalse,0
.else
mov @TrueOrFalse,1
.endif
.endif
invoke UnmapViewOfFile,@lpMemory
_Ret2:
invoke CloseHandle,@hFileMap
_Ret1:
invoke CloseHandle,@hFile
popad
mov eax,@TrueOrFalse
ret
_ProcFile endp
;================查找文件函数====================
_FindFile proc _hWnd
invoke FindFirstFile,addr szFindFile,addr stFindFileData
.if eax != INVALID_HANDLE_VALUE
mov hFindFile,eax
.repeat
invoke RtlZeroMemory,addr szBuffer1,sizeof szBuffer1
invoke lstrcpy,addr szBuffer1,addr szFileName
invoke lstrcat,addr szBuffer1,addr stFindFileData.cFileName
invoke _ProcFile,addr szBuffer1
.if eax ;已找到则跳出循环
invoke SetDlgItemText,_hWnd,IDC_STATICA,\
addr szBuffer1
jmp @F
.endif
invoke FindNextFile,hFindFile,addr stFindFileData
.until eax == FALSE
invoke MessageBox,NULL,addr szText,addr szCaption,MB_OK
@@:
invoke FindClose,hFindFile
.endif
ret ;呵呵,少了这句,程序就
;跳出"0x0012fb0e"指令引用的"0x00000000"内存.该内存不能为"read".
_FindFile endp
;=====================对话框过程=================
_ProcDlgMain proc uses ebx edi esi,hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_CHAR
mov eax,wParam
.if eax == 0dh
invoke SendMessage,hWnd,WM_COMMAND,IDOK,0
.endif
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_EDIT
invoke GetDlgItemText,hWnd,IDC_EDIT,\
addr szBuffer,sizeof szBuffer
.elseif ax == IDOK
invoke _FindFile,hWnd
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;===============主程序===========================
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
end start
;================================================
;注:RC文件略.
.if eax != INVALID_HANDLE_VALUE
mov hFindFile,eax
.repeat
invoke RtlZeroMemory,addr szBuffer1,sizeof szBuffer1
invoke lstrcpy,addr szBuffer1,addr szFileName
invoke lstrcat,addr szBuffer1,addr stFindFileData.cFileName
invoke _ProcFile,addr szBuffer1
.if eax ;已找到则跳出循环
invoke SetDlgItemText,_hWnd,IDC_STATICA,\
addr szBuffer1
jmp @F
.endif
invoke FindNextFile,hFindFile,addr stFindFileData
.until eax == FALSE
invoke MessageBox,NULL,addr szText,addr szCaption,MB_OK
@@:
invoke FindClose,hFindFile
.endif
ret ;呵呵,少了这句,程序就
;跳出"0x0012fb0e"指令引用的"0x00000000"内存.该内存不能为"read".
_FindFile endp
;=====================对话框过程=================
_ProcDlgMain proc uses ebx edi esi,hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_CHAR
mov eax,wParam
.if eax == 0dh
invoke SendMessage,hWnd,WM_COMMAND,IDOK,0
.endif
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_EDIT
invoke GetDlgItemText,hWnd,IDC_EDIT,\
addr szBuffer,sizeof szBuffer
.elseif ax == IDOK
invoke _FindFile,hWnd
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;===============主程序===========================
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
end start
;================================================
;注:RC文件略.