PE编程汇总
来源:互联网 发布:mac安装iphone应用 编辑:程序博客网 时间:2024/06/04 21:10
判断是否为有效PE文件:
(c 版读写文件)
//通过判断DOS头标志和PE头标志以及PE头属性值来确定文件是否可执行文件BOOL IsExeFile(HANDLE hFile){DWORD nCount;BOOL bResult = FALSE;IMAGE_DOS_HEADER dosHeader;IMAGE_NT_HEADERS ntHeader;ReadFile(hFile,&dosHeader,sizeof(dosHeader),&nCount,NULL);if (nCount == sizeof(dosHeader)){//有效的DOS头if (IMAGE_DOS_SIGNATURE == dosHeader.e_magic){if (SetFilePointer(hFile,dosHeader.e_lfanew,NULL,FILE_BEGIN) != -1){//NT头检查ReadFile(hFile,&ntHeader,sizeof(ntHeader),&nCount,NULL);if(nCount == sizeof(ntHeader))if(IMAGE_NT_SIGNATURE == ntHeader.Signature)if(ntHeader.FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE){bResult = TRUE;}}}}SetFilePointer(hFile,0,NULL,FILE_BEGIN);return bResult;}
(以下通过文件指针操作)
//通过ImageBase 文件指针判断,映像基址由MapViewOfFile函数获得BOOL IsPEFile(LPVOID ImageBase){PIMAGE_DOS_HEADER pDosHeader = NULL;PIMAGE_NT_HEADERS pNtHeader = NULL;if(!ImageBase) //指针安全检查return FALSE;//DOS头和PE头检查pDosHeader = (PIMAGE_DOS_HEADER)ImageBase; //转换ImageBase为PIMAGE_DOS_HEADER结构变量类型if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)return FALSE;pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader+pDosHeader->e_lfanew); //一般可等同于 pNtHeader = (PIMAGE_NT_HEADERS32)(pDosHeader->e_lfanew);if(pNtHeader->Signature != IMAGE_NT_SIGNATURE)return FALSE;return TRUE;}//映像基址的获取HANDLE hFile;HANDLE hMapping;LPVOID ImageBase;HANDLE hFile = CreateFile(szFilePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);if(INVALID_HANDLE_VALUE == hFile) return FALSE;//可以添加判断空文件语句 hMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);if(!hMapping){CloseHandle(hFile);return FALSE;}ImageBase = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0); if(!ImageBase){CloseHandle(hMapping);CloseHandle(hFile);return FALSE;}//获取 NT头、文件头、可选头、区块PIMAGE_NT_HEADERS32 GetNtHeader(LPVOID ImageBase){PIMAGE_DOS_HEADER pDosHeader = NULL;PIMAGE_NT_HEADERS32 pNtHeader = NULL;if(!ImageBase)return NULL;pDosHeader = (PIMAGE_DOS_HEADER)ImageBase;pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader+pDosHeader->e_lfanew);return pNtHeader;}PIMAGE_FILE_HEADER GetFileHeader(LPVOIDImagebase){ PIMAGE_NT_HEADERS pNtHeader = NULL;pNtHeader = GetNtHeader(Imagebase);if(!pNtHeader)return NULL;elsereturn &pNtHeader->FileHeader; }PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase){ PIMAGE_NT_HEADERS32 pNtHeader = NULL; pNtHeader=GetNtHeaders(ImageBase); if(!pNtHeader) return NULL; else return &pNtHeader->OptionalHeader;}//获得区块表指针PIMAGE_SECTION_HEADER GetSectionHeader(LPVOID ImageBase){return (PIMAGE_SECTION_HEADER)(GetOptionalHeader(ImageBase)+sizeof(IMAGE_OPTIONAL_HEADER));}
//待添加: rva转化、输入输出表获取、文件目录等
- PE编程汇总
- PE 文件格式汇总
- PE文件数据结构汇总
- Windows Pe 第三章 PE头文件-EX-相关编程-1(PE头内容获取)
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- PE
- 《Windows核心编程》---检测PE文件有效性
- 基于VC++实现PE的修改编程
- c语言第一季
- hdu 2809 God of War //状态压缩DP
- 模拟七段数码管输出
- 一个更强大的高精度
- Hibernate 中的联合主键
- PE编程汇总
- 给虚拟机扩展空间
- C++中的预处理指示和宏
- 解决:No configuration found for the specified action
- T-SQL中的SET NOCOUNT ON
- jstl的学习笔记
- android模拟器访问本地站点
- win2003 登陆端口修改
- 排列哈希、反哈希(求一个排列是所有排列中的第K个排列)