实现如下功能,将一个文件加入缓冲区,将其拉伸存盘
#include "iostream"#include <windows.h>
unsigned int RvaToFoa(char*buf, DWORD rva)
{
if (buf == NULL)
{
return 0;
}
PIMAGE_DOS_HEADER pdosHeader = (PIMAGE_DOS_HEADER)buf;
PIMAGE_NT_HEADERS pNtheader = (PIMAGE_NT_HEADERS)((DWORD)buf + (DWORD)pdosHeader->e_lfanew);
PIMAGE_FILE_HEADER pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)buf + 4 + (DWORD)pdosHeader->e_lfanew);
PIMAGE_OPTIONAL_HEADER pOptHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pFileHeader + sizeof(IMAGE_FILE_HEADER));
PIMAGE_SECTION_HEADER pSectionheader = (PIMAGE_SECTION_HEADER)((DWORD)pFileHeader + sizeof(IMAGE_FILE_HEADER)+pFileHeader->SizeOfOptionalHeader);
for (int i = 0; i<=pFileHeader->NumberOfSections; i++)
{
if (rva >= (pSectionheader->VirtualAddress) && rva < (pSectionheader->VirtualAddress + pSectionheader->Misc.VirtualSize))
{
return (rva - pSectionheader->VirtualAddress) + pSectionheader->PointerToRawData;
}
pSectionheader++;
}
return 0;
}
LPVOID ReadPEFile(LPSTR lpszFile)
{
FILE *pFile = NULL;
DWORD fileSize = 0;
LPVOID pFileBuffer = NULL;
if ( (pFile = fopen(lpszFile, "rb")) == NULL )
puts("Fail to open file!");
fseek(pFile,0,SEEK_END);
fileSize=ftell(pFile);
pFileBuffer = malloc(fileSize);
fseek(pFile,0,SEEK_SET);
if(pFileBuffer == NULL)
puts("申请失败");
size_t n = fread(pFileBuffer, fileSize, 1, pFile);
if(!n)
{
printf(" 读取数据失败! ");
free(pFileBuffer);
fclose(pFile);
return NULL;
}
fclose(pFile);
return pFileBuffer;
}
VOID PrintNTHeaders()
{
LPVOID pFileBuffer = NULL,pFileBuffer1;
PIMAGE_DOS_HEADER pDosHeader = NULL,pDosHeader1;
PIMAGE_NT_HEADERS pNTHeader = NULL,pNTHeader1;
PIMAGE_FILE_HEADER pPEHeader = NULL,pPEHeader1;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL,pOptionHeader1;
PIMAGE_SECTION_HEADER pSectionHeader = NULL,pSectionHeader1;
pFileBuffer = ReadPEFile("C:\\1111.exe");
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader=(PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pNTHeader+0x18);
pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
pFileBuffer1=malloc(pOptionHeader->SizeOfImage);
pDosHeader1 = (PIMAGE_DOS_HEADER)pFileBuffer;
pNTHeader1=(PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader1=(PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader1=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pNTHeader+0x18);
pSectionHeader1=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
//pSectionHeader1->VirtualAddress-pFileBuffer1;
}
int main()
{
PrintNTHeaders();
return 0;
}
请问接下去该怎么写 把PE文件按二进制读到内存,然后按SizeOfImage申请一块内存,再解析节表,按VirtualAddress和VirtualSize复制到申请的内存中,然后把这块内存保存就完了 nstar1221 发表于 2020-5-6 17:30
把PE文件按二进制读到内存,然后按SizeOfImage申请一块内存,再解析节表,按VirtualAddress和VirtualSize复 ...
怎么看写的对不对呢 把ImageBuffer拖到内存窗口看不就行了,跟用十六进制编辑器查看PE文件是一样的
页:
[1]