控制台程序,打印pe头信息-创新互联

#include "stdafx.h"

创新互联建站是一家专业提供元谋企业网站建设,专注与成都网站建设、成都做网站、HTML5、小程序制作等业务。10年已为元谋众多企业、政府机构等服务。创新互联专业的建站公司优惠进行中。

#include <stdio.h>

#include <string.h>

#include <iostream.h>

#include <math.h>

#include <stdlib.h>

#define DWORD unsigned long

#define LPVOID void*

#define VOID void

#define WORD unsigned short

#define LONG  long

#define BYTE unsigned char

#define PWORD short*

#define IMAGE_DOS_SIGNATURE         0x5A4D    // MZ

#define IMAGE_OS2_SIGNATURE         0x454E    // NE

#define IMAGE_OS2_SIGNATURE_LE        0x454C    // LE

#define IMAGE_VXD_SIGNATURE         0x454C    // LE

#define IMAGE_NT_SIGNATURE          0x00004550  // PE00

#define IMAGE_SIZEOF_FILE_HEADER       0x14

#define IMAGE_SIZEOF_SHORT_NAME        8

typedef struct _IMAGE_DOS_HEADER {    // DOS .EXE header

WORD  e_magic;           // Magic number

WORD  e_cblp;            // Bytes on last page of file

WORD  e_cp;             // Pages in file

WORD  e_crlc;            // Relocations

WORD  e_cparhdr;          // Size of header in paragraphs

WORD  e_minalloc;          // Minimum extra paragraphs needed

WORD  e_maxalloc;          // Maximum extra paragraphs needed

WORD  e_ss;             // Initial (relative) SS value

WORD  e_sp;             // Initial SP value

WORD  e_csum;            // Checksum

WORD  e_ip;             // Initial IP value

WORD  e_cs;             // Initial (relative) CS value

WORD  e_lfarlc;           // File address of relocation table

WORD  e_ovno;            // Overlay number

WORD  e_res[4];           // Reserved words

WORD  e_oemid;           // OEM identifier (for e_oeminfo)

WORD  e_oeminfo;          // OEM information; e_oemid specific

WORD  e_res2[10];          // Reserved words

LONG  e_lfanew;           // File address of new exe header

} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

typedef struct _IMAGE_FILE_HEADER {

WORD   Machine;

WORD   NumberOfSections;

DWORD  TimeDateStamp;

DWORD  PointerToSymbolTable;

DWORD  NumberOfSymbols;

WORD   SizeOfOptionalHeader;

WORD   Characteristics;

} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

typedef struct _IMAGE_OPTIONAL_HEADER {

//

// Standard fields.

//

WORD   Magic;

BYTE   MajorLinkerVersion;

BYTE   MinorLinkerVersion;

DWORD  SizeOfCode;

DWORD  SizeOfInitializedData;

DWORD  SizeOfUninitializedData;

DWORD  AddressOfEntryPoint;

DWORD  BaseOfCode;

DWORD  BaseOfData;

//

// NT additional fields.

//

DWORD  ImageBase;

DWORD  SectionAlignment;

DWORD  FileAlignment;

WORD   MajorOperatingSystemVersion;

WORD   MinorOperatingSystemVersion;

WORD   MajorImageVersion;

WORD   MinorImageVersion;

WORD   MajorSubsystemVersion;

WORD   MinorSubsystemVersion;

DWORD  Win32VersionValue;

DWORD  SizeOfImage;

DWORD  SizeOfHeaders;

DWORD  CheckSum;

WORD   Subsystem;

WORD   DllCharacteristics;

DWORD  SizeOfStackReserve;

DWORD  SizeOfStackCommit;

DWORD  SizeOfHeapReserve;

DWORD  SizeOfHeapCommit;

DWORD  LoaderFlags;

DWORD  NumberOfRvaAndSizes;

// IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];

} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

typedef struct _IMAGE_NT_HEADERS {

DWORD Signature;

IMAGE_FILE_HEADER FileHeader;

IMAGE_OPTIONAL_HEADER32 OptionalHeader;

} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;

typedef struct _IMAGE_SECTION_HEADER {

BYTE   Name[IMAGE_SIZEOF_SHORT_NAME];

union {

DWORD  PhysicalAddress;

DWORD  VirtualSize;

} Misc;

DWORD  VirtualAddress;

DWORD  SizeOfRawData;

DWORD  PointerToRawData;

DWORD  PointerToRelocations;

DWORD  PointerToLinenumbers;

WORD   NumberOfRelocations;

WORD   NumberOfLinenumbers;

DWORD  Characteristics;

} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

void* ReadPEFile(char* LpszFile)

{

FILE *pFile=NULL;

DWORD fileSize=0;

LPVOID pFileBuffer=NULL;

pFile=fopen(LpszFile,"rb");

if(!pFile)

{

printf("无法打开EXE文件");

return NULL;

}

//读取文件

fseek(pFile,0,SEEK_END);

fileSize=ftell(pFile);

fseek(pFile,0,SEEK_SET);

//分配缓冲区

pFileBuffer=malloc(fileSize);

if(!pFileBuffer)

{

printf("分配缓冲区失败");

fclose(pFile);

return NULL;

}

//将文件数据读取到缓冲区

size_t n=fread(pFileBuffer,fileSize,1,pFile);

if(!n)

{

printf("读取文件到缓冲区失败");

free(pFileBuffer);

fclose(pFile);

return NULL;

}

fclose(pFile);

return pFileBuffer;

}

VOID PrintNTHeaders(char *path)

{

LPVOID pFileBuffer=NULL;

PIMAGE_DOS_HEADER pDosHeader=NULL;

PIMAGE_NT_HEADERS pNTHeader=NULL;

PIMAGE_FILE_HEADER pPEHeader=NULL;

PIMAGE_OPTIONAL_HEADER32 pOptionHeader=NULL;

PIMAGE_SECTION_HEADER pSectionHeader=NULL;

pFileBuffer=ReadPEFile(path);

if(!pFileBuffer)

{

printf("读取文件失败");

return ;

}

if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)

{

printf("不是MZ");

free(pFileBuffer);

return ;

}

pDosHeader=(PIMAGE_DOS_HEADER)pFileBuffer;

//打印doc头

printf("************doc************\n");

printf("MZ偏移: %x\n",pDosHeader->e_magic);

printf(" e_cblp; 文件最后页的字节数: %x\n",pDosHeader->e_cblp);

printf(" e_cp;  文件页数: %x\n",pDosHeader->e_cp);

printf(" e_crlc;  重定义元素个数: %x\n",pDosHeader->e_crlc);

printf(" e_cparhdr; 头部尺寸,以段落为单位: %x\n",pDosHeader->e_cparhdr);

printf(" ; 所需的最小附加段: %x\n",pDosHeader->e_minalloc);

printf(" ; 所需的大附加段: %x\n",pDosHeader->e_maxalloc);

printf(" e_ss; // 初始的SS值(相对偏移量): %x\n",pDosHeader->e_ss);

printf(" e_sp; // 初始的SP值: %x\n",pDosHeader->e_sp);

printf(" e_csum; // 校验和: %x\n",pDosHeader->e_csum);

printf(" e_ip; // 初始的IP值: %x\n",pDosHeader->e_ip);

printf(" e_cs; // 初始的CS值(相对偏移量): %x\n",pDosHeader->e_cs);

printf(" e_lfarlc; // 重分配表文件地址: %x\n",pDosHeader->e_lfarlc);

printf(" e_ovno; // 覆盖号: %x\n",pDosHeader->e_ovno);

printf(" e_res[4]; // 保留字: %x\n",pDosHeader->e_res);

printf(" e_oemid; // OEM标识符(相对e_oeminfo): %x\n",pDosHeader->e_oemid);

printf(" e_oeminfo; // OEM信息: %x\n",pDosHeader->e_oeminfo);

printf(" e_res2[10]; // 保留字: %x\n",pDosHeader->e_res2[0]);

printf("PE偏移: %x\n",pDosHeader->e_lfanew);

pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pDosHeader+(pDosHeader->e_lfanew));

printf("************NT************\n");

printf("NTsignature: %x-%x\n",(DWORD)&(pNTHeader->Signature),pNTHeader->Signature);

printf("NT-FileHeader: %x\n",pNTHeader->FileHeader);

pPEHeader=(PIMAGE_FILE_HEADER)((DWORD)pNTHeader+0x4);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->Machine),pPEHeader->Machine);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->NumberOfSections),pPEHeader->NumberOfSections);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->SizeOfOptionalHeader),pPEHeader->SizeOfOptionalHeader);

pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);

for(int i=0;i<pPEHeader->NumberOfSections;i++){

pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader+sizeof(_IMAGE_SECTION_HEADER)*i);

  printf("************第%d节表************\n",i+1);

printf(" Name: %x-%x%x%x%x%x%x%x%x\n",

(DWORD)&(pSectionHeader->Name),

pSectionHeader->Name[0],

pSectionHeader->Name[1],

pSectionHeader->Name[2],

pSectionHeader->Name[3],

pSectionHeader->Name[4],

pSectionHeader->Name[5],

pSectionHeader->Name[6],

pSectionHeader->Name[7]);

printf(" Name: %x-------%s\n",(DWORD)&(pSectionHeader->Name),pSectionHeader->Name);

printf(" VirtualAddress: %x-------%x\n",(DWORD)&(pSectionHeader->VirtualAddress),pSectionHeader->VirtualAddress);

printf(" PointerToRawData: %x-------%x\n",(DWORD)&(pSectionHeader->PointerToRawData),pSectionHeader->PointerToRawData);

}

free(pFileBuffer);

}

int main(int argc, char* argv[])

{

char path[]="d:/firefox.exe";

PrintNTHeaders(path);

printf("Hello World!\n");

return 0;

}


另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。

标题名称:控制台程序,打印pe头信息-创新互联
当前链接:https://www.cdcxhl.com/article46/ccejeg.html

成都网站建设公司_创新互联,为您提供虚拟主机建站公司域名注册网站策划网站设计公司网站设计

广告

声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联

微信小程序开发