增加写了关于输入表输出表的部分
还有一点小问题,载入某些程序会错误#include "windows.h"
#include "stdio.h"
int main()
{
PIMAGE_DOS_HEADER dosHeader=NULL;
PIMAGE_NT_HEADERS ntHeader=NULL;
PIMAGE_FILE_HEADER fileHeader=NULL;
PIMAGE_OPTIONAL_HEADER optHeader=NULL;
PIMAGE_SECTION_HEADER secHeader=NULL;
PIMAGE_DATA_DIRECTORY dataDirectory=NULL;
PIMAGE_EXPORT_DIRECTORY expDirectory=NULL;
PIMAGE_IMPORT_DESCRIPTOR impDescriptor=NULL;
PIMAGE_THUNK_DATA thuData=NULL;
PIMAGE_IMPORT_BY_NAME ibName=NULL;
PIMAGE_RESOURCE_DIRECTORY_ENTRY rdEntry=NULL;
PIMAGE_RESOURCE_DIRECTORY resDirectory=NULL;
unsigned int n;
char filename[50]="";
printf("please input filename:");
scanf("%s",filename);
/************************************************************************/
/* 打开文件 */
/************************************************************************/
HANDLE hFile = CreateFile(filename,GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile == INVALID_HANDLE_VALUE)
{
printf("open file failed!\n");
goto W;
}
/************************************************************************/
/* 创建文件映射 */
/************************************************************************/
HANDLE hMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,NULL,NULL,NULL);
if(hMap == INVALID_HANDLE_VALUE)
{
printf("create map failed!\n");
goto W;
}
LPVOID lpBase = MapViewOfFile(hMap,FILE_MAP_WRITE,0,0,0);
if(lpBase == NULL)
{
printf("get view failed!\n");
goto W;
}
/************************************************************************/
/* 获得 PIMAGE_DOS_HEADER */
/************************************************************************/
dosHeader = (IMAGE_DOS_HEADER *)lpBase;
/************************************************************************/
/* 是否是PE文件判断1 */
/************************************************************************/
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
printf("not PE file!\n");
goto W;
}
/************************************************************************/
/* 获得 PIMAGE_NT_HEADERS */
/************************************************************************/
ntHeader = (IMAGE_NT_HEADERS *)((BYTE*)lpBase+dosHeader->e_lfanew);
/************************************************************************/
/* 是否是PE文件判断2 */
/************************************************************************/
if(ntHeader->Signature != IMAGE_NT_SIGNATURE)
{
printf("not FE file!\n");
goto W;
}
/************************************************************************/
/* 获得 PIMAGE_FILE_HEADER */
/************************************************************************/
fileHeader = &ntHeader->FileHeader;
if (fileHeader == NULL)
{
printf("get fileheader failed!\n");
goto W;
}
/************************************************************************/
/* 获得 PIMAGE_OPTIONAL_HEADER */
/************************************************************************/
optHeader = &ntHeader->OptionalHeader;
if (optHeader == NULL)
{
printf("get optionalheader failed!\n");
goto W;
}
/************************************************************************/
/* 输出部分文件信息 */
/************************************************************************/
printf("区段数:%d\n",fileHeader->NumberOfSections);
printf("入口点RVA:0000%x\n",optHeader->AddressOfEntryPoint);
printf("镜象基址:00%x\n",optHeader->ImageBase);
printf("代码段大小:%x\n",optHeader->SizeOfCode);
printf("代码段起始RVA:00%x\n",optHeader->ImageBase + optHeader->BaseOfCode);
printf("数据段起始RVA:00%x\n",optHeader->ImageBase + optHeader->BaseOfData);
printf("加载时区块对齐大小:%x\n",optHeader->SectionAlignment);
printf("文件内区块对齐大小:%x\n",optHeader->FileAlignment);
/************************************************************************/
/* 获得 PIMAGE_SECTION_HEADER */
/************************************************************************/
secHeader = IMAGE_FIRST_SECTION( ntHeader );
if (secHeader == NULL)
{
printf("get sectionheader failed!\n");
goto W;
}
/************************************************************************/
/* 遍历所有区段 */
/************************************************************************/
for ( n=0; n<fileHeader->NumberOfSections; n++)
{
printf("\n第%d个区块\n",n+1);
printf("区块名:%s\n",secHeader->Name);
printf("区块大小:%x\n",optHeader->ImageBase + secHeader->SizeOfRawData);
printf("区块虚拟地址:%x\n",optHeader->ImageBase + secHeader->VirtualAddress);
++secHeader;
}
/************************************************************************/
/* 获得 PIMAGE_EXPORT_DIRECTORY */
/************************************************************************/
dataDirectory = &optHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
if (dataDirectory == NULL)
{
printf("get exportdtrectory failed!\n");
goto W;
}
expDirectory = (IMAGE_EXPORT_DIRECTORY *)dataDirectory->VirtualAddress;
if (expDirectory == NULL)
{
printf("没有导出函数\n");
}
else
{
printf("有导出函数----待开发\n");
}
/************************************************************************/
/* 获得 PIMAGE_IMPORT_DESCRIPTOR */
/************************************************************************/
dataDirectory = &(optHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]);
if (dataDirectory == NULL)
{
printf("get importdtrectory failed!\n");
goto W;
}
impDescriptor = (IMAGE_IMPORT_DESCRIPTOR *)((DWORD)dataDirectory->VirtualAddress+(DWORD)lpBase);
if (impDescriptor == NULL)
{
printf("没有导入函数\n");
}
else
{
/************************************************************************/
/* 枚举导入表DLL */
/************************************************************************/
while ( impDescriptor->FirstThunk )
{
printf("\nDLL名:%s\n",(char *)((DWORD)impDescriptor->Name + (DWORD)lpBase));
thuData = (PIMAGE_THUNK_DATA)((DWORD)impDescriptor->FirstThunk + (DWORD)lpBase);
if ( thuData == NULL)
{
printf("get DLL data failed!\n");
break;
}
/************************************************************************/
/* 枚举导入DLL里的函数 */
/************************************************************************/
while ( thuData->u1.Function )
{
/************************************************************************/
/* 获得PIMAGE_IMPORT_BY_NAME,从而获得函数名 */
/************************************************************************/
ibName = (PIMAGE_IMPORT_BY_NAME)((DWORD)thuData->u1.AddressOfData + (DWORD)lpBase);
if ( ibName == NULL)
{
printf("get function name failed!\n");
break;
}
printf("函数名:%s\n",(char *)(DWORD)ibName->Name);
++thuData;
}
++impDescriptor;
}
}
/************************************************************************/
/* 获得 PIMAGE_RESOURCE_DIRECTORY */
/************************************************************************/
resDirectory = (PIMAGE_RESOURCE_DIRECTORY)((DWORD)optHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress + (DWORD)lpBase);
if (resDirectory == NULL)
{
printf("get resousedtrectory failed!\n");
goto W;
}
if (optHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size == 0)
{
printf("no resoused!\n");
goto W;
}
n = resDirectory->NumberOfIdEntries + resDirectory->NumberOfNamedEntries;
printf("资源总数:%d",n);
W:
Sleep(10000);
return 0;
}
| 
发表于 2009-4-29 17:40
