[C] 纯文本查看 复制代码 #include "iostream"
#include <windows.h>
unsigned int RvaToFoa(char*buf, DWORD rva)
{
if (buf == NULL)
{
return 0;
}
PIMAGE_DOS_HEADER pdosHeader = (PIMAGE_DOS_HEADER)buf;
PIMAGE_NT_HEADERS pNtheader = (PIMAGE_NT_HEADERS)((DWORD)buf + (DWORD)pdosHeader->e_lfanew);
PIMAGE_FILE_HEADER pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)buf + 4 + (DWORD)pdosHeader->e_lfanew);
PIMAGE_OPTIONAL_HEADER pOptHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pFileHeader + sizeof(IMAGE_FILE_HEADER));
PIMAGE_SECTION_HEADER pSectionheader = (PIMAGE_SECTION_HEADER)((DWORD)pFileHeader + sizeof(IMAGE_FILE_HEADER)+pFileHeader->SizeOfOptionalHeader);
for (int i = 0; i<=pFileHeader->NumberOfSections; i++)
{
if (rva >= (pSectionheader->VirtualAddress) && rva < (pSectionheader->VirtualAddress + pSectionheader->Misc.VirtualSize))
{
return (rva - pSectionheader->VirtualAddress) + pSectionheader->PointerToRawData;
}
pSectionheader++;
}
return 0;
}
LPVOID ReadPEFile(LPSTR lpszFile)
{
FILE *pFile = NULL;
DWORD fileSize = 0;
LPVOID pFileBuffer = NULL;
if ( (pFile = fopen(lpszFile, "rb")) == NULL )
puts("Fail to open file!");
fseek(pFile,0,SEEK_END);
fileSize=ftell(pFile);
pFileBuffer = malloc(fileSize);
fseek(pFile,0,SEEK_SET);
if(pFileBuffer == NULL)
puts("申请失败");
size_t n = fread(pFileBuffer, fileSize, 1, pFile);
if(!n)
{
printf(" 读取数据失败! ");
free(pFileBuffer);
fclose(pFile);
return NULL;
}
fclose(pFile);
return pFileBuffer;
}
VOID PrintNTHeaders()
{
LPVOID pFileBuffer = NULL,pFileBuffer1;
PIMAGE_DOS_HEADER pDosHeader = NULL,pDosHeader1;
PIMAGE_NT_HEADERS pNTHeader = NULL,pNTHeader1;
PIMAGE_FILE_HEADER pPEHeader = NULL,pPEHeader1;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL,pOptionHeader1;
PIMAGE_SECTION_HEADER pSectionHeader = NULL,pSectionHeader1;
pFileBuffer = ReadPEFile("C:\\1111.exe");
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader=(PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pNTHeader+0x18);
pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
pFileBuffer1=malloc(pOptionHeader->SizeOfImage);
pDosHeader1 = (PIMAGE_DOS_HEADER)pFileBuffer;
pNTHeader1=(PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader1=(PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader1=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pNTHeader+0x18);
pSectionHeader1=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
//pSectionHeader1->VirtualAddress-pFileBuffer1;
}
int main()
{
PrintNTHeaders();
return 0;
}
请问接下去该怎么写 | 
发表于 2020-5-6 15:09
|
发表于 2020-5-6 19:53
