好友
阅读权限10
听众
最后登录1970-1-1
|
本帖最后由 奋斗丶小Z 于 2016-6-11 11:22 编辑
快一个月了,学习pe ,今天发个自己写的pe信息查看器吧,把exe改名,c:\test2.exe,运行就可以打印。再给一下源码
VOID TestPrintNTHeaders()
{
DWORD size = 0;
LPVOID pFileBuffer = NULL;
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
size = ReadPEFile(FILEPATH_OUT,&pFileBuffer);
printf("path: %s \t size :%d byte\n",FILEPATH_OUT,size );
if(size == 0 || !pFileBuffer)
{
printf("read fileBuffer error! \n");
return ;
}
if(*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE)
{
printf("invalid mz \n");
free(pFileBuffer);
return ;
}
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
// printf dos
printf("*********************dosSub*******************\n");
printf(" mz: %x\n",pDosHeader->e_magic);
printf(" pe offset: %04x\n",pDosHeader->e_lfanew);
if(*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE)
{
printf("invalid pe signature \n");
free(pFileBuffer);
return;
}
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
//printf nt
printf("*********************ntSUB******************\n");
printf("nt : %0x\n ",pNTHeader->Signature);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
printf("**********************peSUB******************\n");
printf("stard pe: %04X \n",pPEHeader->Machine);
printf("sections: %x \n",pPEHeader->NumberOfSections);
printf("timestamp: %04x \n",pPEHeader->TimeDateStamp);
printf("size of optionalHeader: %X \n",pPEHeader->SizeOfOptionalHeader);
printf("characteristics: %X \n",pPEHeader->Characteristics);
// optionalheader
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
printf("***********************optionSUB******************\n");
printf("option_pe: %X \n",pOptionHeader->Magic);
printf("oep: %08X \n",pOptionHeader->AddressOfEntryPoint);
printf("imagebase: %08X \n",pOptionHeader->ImageBase);
printf("memory aligment: %4X \n",pOptionHeader->SectionAlignment);
printf("file alignment: %4X \n",pOptionHeader->FileAlignment);
printf("sizeofimage(拉伸后的尺寸): %08X \n",pOptionHeader->SizeOfImage);
printf("sizeofheaders(头+节表按文件对齐): %08X \n",pOptionHeader->SizeOfHeaders);
printf("numberofrva and sizes: %08X \n",pOptionHeader->NumberOfRvaAndSizes);
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
printf("***********************section******************\n");
PIMAGE_SECTION_HEADER ptempSectionHeader = pSectionHeader;
for(int i = 0;i<pPEHeader->NumberOfSections;i++,ptempSectionHeader++)
{
char szBuffer[9];
memset(szBuffer,0,9);
memcpy(szBuffer,ptempSectionHeader->Name,8);
printf("第 %d 个节的name: %s \n",i+1,szBuffer);
printf("misc/virtualsize: %08X \n",ptempSectionHeader->Misc);
printf("virtualAddress: %08X \n",ptempSectionHeader->VirtualAddress);
printf("SizeOfRawData(文件中对齐大小): %08X \n",ptempSectionHeader->SizeOfRawData);
printf("pointertoRawData(文件中对齐偏移): %08X\n",ptempSectionHeader->PointerToRawData);
printf("Characteristics: %08X \n",ptempSectionHeader->Characteristics);
}
free(pFileBuffer);
}
|
-
-
readPe.rar
28.91 KB, 下载次数: 9, 下载积分: 吾爱币 -1 CB
pe查看器
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|