MASM32编程使用PE文件头信息计算文件长度

要获取一个文件的长度，我们可以使用API函数 GetFileSize()。

对于PE格式的文件，我们还可以利用PE文件头中的信息来获取文件长度，方法是：optional header中的 SizeOfHeaders值 + 所有节表中SizeOfRawData值 = 文件长度

PE文件格式说明可参考：Iczelion的PE教程
http://www.google.cn/search?complete=1&hl=zh-CN&newwindow=1&q=Iczelion%E7%9A%84PE%E6%95%99%E7%A8%8B&btnG=Google+%E6%90%9C%E7%B4%A2&meta=cr%3DcountryCN&aq=f

下面的代码也是在PE教程中的演示代码上修改而来。

;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;FileName:FileSize.asm
;Function:SelectaPEfileanddisplayit'ssizewithit'sPEfileheadinfo
;Author:PupleEndurer
;
;log
;-----------------------------------------------
;2008-04-09Created!
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

.386
.modelflat,stdcall
optioncasemap:none
include/masm32/include/windows.inc
include/masm32/include/kernel32.inc
include/masm32/include/comdlg32.inc
include/masm32/include/user32.inc
includelib/masm32/lib/user32.lib
includelib/masm32/lib/kernel32.lib
includelib/masm32/lib/comdlg32.lib

d_UseSEHequ0

SEHstruct
PrevLinkdd?;theaddressoftheprevioussehstructure
CurrentHandlerdd?;theaddressoftheexceptionhandler
SafeOffsetdd?;Theoffsetwhereit'ssafetocontinueexecution
PrevEspdd?;theoldvalueinesp
PrevEbpdd?;Theoldvalueinebp
SEHends

GetPeFileSizeproto:LPSTR
IsPeFileMapproto:DWORD
CountSectionSizeproto:dword,:dword
CountPeFileSizeproto:HANDLE

.data
g_szAppNamedb"PEFileSize",0
g_stOfnOPENFILENAME<>
g_szFilterStringdb"*.exe,*.dll",0,"*.exe;*.dll",0
db"*.*",0,"*.*",0,0
g_szFileOpenErrordb"未能打开文件以读",0
g_szFileOpenMappingErrordb"未能打开文件用于内存映射",0
g_szFileMappingErrordb"未能映射文件到内存",0
g_szFileInValidPEdb"非"
g_szFileValidPEdb"有效PE文件",0
g_szTmpFileSizedb"文件长度为%d字节",0

;.data?
g_buffer512db512dup(?)
g_dwValidPEdd?


.code
startproc
movg_stOfn.lStructSize,SIZEOFg_stOfn
movg_stOfn.lpstrFilter,OFFSETg_szFilterString
movg_stOfn.lpstrFile,OFFSETg_buffer512
movg_stOfn.nMaxFile,512
movg_stOfn.Flags,OFN_FILEMUSTEXISTorOFN_PATHMUSTEXISTorOFN_LONGNAMESorOFN_EXPLORERorOFN_HIDEREADONLY
invokeGetOpenFileName,ADDRg_stOfn
.ifeax==TRUE
invokeGetPeFileSize,OFFSETg_buffer512
invokeMessageBox,0,eax,addrg_szAppName,MB_OK
.endif
invokeExitProcess,0
startendp

GetPeFileSizeproclpszFileSpec:LPSTR
localhFile,hMapping,pMapping:dword

invokeCreateFile,lpszFileSpec,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
.ifeax!=INVALID_HANDLE_VALUE
movhFile,eax
invokeCreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,0
.ifeax!=NULL
movhMapping,eax
invokeMapViewOfFile,hMapping,FILE_MAP_READ,0,0,0
.ifeax!=NULL
movpMapping,eax
invokeIsPeFileMap,eax
.ifg_dwValidPE==TRUE
invokeCountPeFileSize,pMapping
invokewsprintf,addrg_buffer512,addrg_szTmpFileSize,eax
;invokeMessageBox,NULL,addrg_buffer512,addrg_buffer512,NULL
pushoffsetg_buffer512;g_szFileValidPE
.else
pushoffsetg_szFileInValidPE
.endif
.else
pushoffsetg_szFileMappingError
.endif
invokeCloseHandle,hMapping
.else
pushoffsetg_szFileOpenMappingError
.endif
invokeCloseHandle,hFile
popeax
.else
moveax,offsetg_szFileOpenError
.endif
ret
GetPeFileSizeendp


IsPeFileMapprocpMapping:DWORD
ifd_UseSEHeq1
localseh:SEH
endif;d_UseSEH

movg_dwValidPE,FALSE
movedi,pMapping

ifd_UseSEHeq1
assumefs:nothing
pushfs:[0]
popseh.PrevLink
movseh.CurrentHandler,offsetSEHHandler
movseh.SafeOffset,offsetFinalExit
leaeax,seh
movfs:[0],eax
movseh.PrevEsp,esp
movseh.PrevEbp,ebp
endif;d_UseSEH

assumeedi:ptrIMAGE_DOS_HEADER
.if[edi].e_magic==IMAGE_DOS_SIGNATURE
addedi,(IMAGE_DOS_HEADERptr[edi]).e_lfanew;addedi,[edi].e_lfanew
assumeedi:ptrIMAGE_NT_HEADERS
.if[edi].Signature==IMAGE_NT_SIGNATURE
movg_dwValidPE,TRUE
.endif
.endif
FinalExit:
ret
IsPeFileMapendp


;Input:dwNumberOfSections--numberofsections
;pSectionTabBeginAddr--thebegionaddressofthefirstsectiontable
;Output:eax=allsectionssize
CountSectionSizeprocdwNumberOfSections:dword,pSectionTabBeginAddr:dword
movedi,dwNumberOfSections
movesi,pSectionTabBeginAddr
xoreax,eax
.while(edi>0)
addeax,(IMAGE_SECTION_HEADERptr[esi]).SizeOfRawData
decedi
addesi,sizeofIMAGE_SECTION_HEADER
.endw
ret
CountSectionSizeendp

;Input:pMapping--thepointertopefilemapping
;Output:eax=filesize
CountPeFileSizeprocpMapping:HANDLE
movedi,pMapping
addedi,(IMAGE_DOS_HEADERptr[edi]).e_lfanew

movzxeax,(IMAGE_NT_HEADERSptr[edi]).FileHeader.NumberOfSections
testeax,eax
.if!ZERO?
pushedi
addedi,sizeofIMAGE_NT_HEADERS
invokeCountSectionSize,eax,edi
popedi
.endif
addeax,(IMAGE_NT_HEADERSptr[edi]).OptionalHeader.SizeOfHeaders

ret
CountPeFileSizeendp


ifd_UseSEHeq1

SEHHandlerprocusesedxpExcept:DWORD,pFrame:DWORD,pContext:DWORD,pDispatch:DWORD
movedx,pFrame
assumeedx:ptrSEH
moveax,pContext
assumeeax:ptrCONTEXT
push[edx].SafeOffset
pop[eax].regEip
push[edx].PrevEsp
pop[eax].regEsp
push[edx].PrevEbp
pop[eax].regEbp
movg_dwValidPE,FALSE
moveax,ExceptionContinueExecution
ret
SEHHandlerendp

endif;d_UseSEH

endstart