PE信息获取工具
来源:互联网 发布:win10的windows键 编辑:程序博客网 时间:2024/05/18 02:08
用TC写了一个简单的PE信息获取工具(TC2.0编译通过)。在命令行下输入:命令 文件路径 即可查看PE文件的相关信息。
头文件:fstruct.h
/*{ DOS 头部结构定义 }*/#include<stdio.h>#include<stdlib.h>typedef unsigned short WORD;typedef unsigned long LONG;typedef unsigned long DWORD;typedef char BYTE;#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16#define IMAGE_SIZEOF_SHORT_NAME 8 typedef struct _FIMAGE_DOS_HEADER { WORD e_magic; /* 魔术数字 ASCII字符MZ 0x00000000-0x00000001 */ WORD e_cblp; /* 文件最后页的字节数 0x00000002-0x00000003 */ WORD e_cp; /* 文件页数 0x00000004-0x00000005 */ WORD e_crlc; /* 重定位元素个数 0x00000006-0x00000007 */ WORD e_minalloc; /* 所需的最小附加段 0x0000000A-0x0000000B */ WORD e_maxalloc; /* 所需的最大附加段 0x0000000C-0x0000000D */ WORD e_ss; /* 初始的堆栈段(SS)相对偏移量值 0x0000000E-0x0000000F */ WORD e_sp; /* 初始的堆栈指针(SP)值 0x00000010-0x00000011 */ WORD e_csum; /* 校验和 0x00000012-0x00000013 */ WORD e_ip; /* 初始的指令指针(IP)值 0x00000014-0x00000015 */ WORD e_cs; /* 初始的代码段(CS)相对偏移量值 0x00000016-0x00000017 */ WORD e_lfarlc; /* 重定位表在文件中的偏移地址 0x00000018-0x00000019 */ WORD e_ovno; /* 覆盖号 0x0000001A-0x0000001B */ WORD e_res[4]; /* 保留字(一般都是为确保对齐而预留) 0x0000001C-0x00000023 */ WORD e_oemid; /* OEM 标识符(相对于 e_oeminfo) 0x00000024-0x00000025 */ WORD e_oeminfo; /* OEM 信息,即 e_oemid 的细节 0x00000026-0x00000027 */ WORD e_res2[10]; /* 保留字(一般都是为确保对齐而预留) 0x00000028-0x0000003B */ LONG e_lfanew; /* 新 exe 头在文件中的偏移地址 0x0000003C-0x0000003F */} FIMAGE_DOS_HEADER, *FPIMAGE_DOS_HEADER; /*文件头定义*/typedef struct _FIMAGE_FILE_HEADER { WORD Machine; WORD NumberOfSections; DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; WORD Characteristics;} FIMAGE_FILE_HEADER, *FPIMAGE_FILE_HEADER;typedef struct _FIMAGE_DATA_DIRECTORY { DWORD VirtualAddress; DWORD Size;} FIMAGE_DATA_DIRECTORY,*FPIMAGE_DATA_DIRECTORY; /*可选映像头*/typedef struct _FIMAGE_OPTIONAL_HEADER { WORD Magic; BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; DWORD BaseOfCode; DWORD BaseOfData; DWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; DWORD SizeOfHeaders; DWORD CheckSum; WORD Subsystem; WORD DllCharacteristics; DWORD SizeOfStackReserve; DWORD SizeOfStackCommit; DWORD SizeOfHeapReserve; DWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; FIMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];} FIMAGE_OPTIONAL_HEADER32, *FPIMAGE_OPTIONAL_HEADER32;/*PE Header定义*/typedef struct _FIMAGE_NT_HEADERS { /*PE 头结构定义开始 */ DWORD Signature; /*签名(文件类型标志),文件中的偏移量由 DOS 头中的域 e_lfanew 来指定 */ FIMAGE_FILE_HEADER FileHeader; /*PE 文件头结构(占用20个字节) */ FIMAGE_OPTIONAL_HEADER32 OptionalHeader; /*可选头结构(占用224个字节) */} FIMAGE_NT_HEADERS32, *FPIMAGE_NT_HEADERS32;int f_dos_head (FILE * pf);int f_file_head (FILE * pf,int v_offset);
同名头文件的实现:fstruct.c
#include<stdio.h>#include<stdlib.h>#include "fstruct.h"int f_dos_head(FILE * pf){ FPIMAGE_DOS_HEADER v_dos_head; rewind(pf); v_dos_head=(FPIMAGE_DOS_HEADER)malloc(sizeof(FIMAGE_DOS_HEADER)); if(v_dos_head==NULL) { printf("fail!"); return 0; } fread(&v_dos_head->e_magic,2,1,pf); if(v_dos_head->e_magic == 0x5A4D) { fseek(pf,60L,SEEK_SET); fread(&v_dos_head->e_lfanew,4,1,pf); fseek(pf,v_dos_head->e_lfanew,SEEK_SET); fread(&v_dos_head->e_magic,4,1,pf); if(v_dos_head->e_magic == 0x4550) { return v_dos_head->e_lfanew; } else { printf("not PE header!"); return 0; } } else { printf("not a DOS header!"); return 0; } }int f_file_head(FILE * pf,int v_offset){ FPIMAGE_FILE_HEADER v_file_head; FPIMAGE_OPTIONAL_HEADER32 v_optional_head; v_file_head=(FPIMAGE_FILE_HEADER)malloc(sizeof(FIMAGE_FILE_HEADER)); v_optional_head=(FPIMAGE_OPTIONAL_HEADER32)malloc(sizeof(FIMAGE_OPTIONAL_HEADER32)); if(!v_file_head) { printf("fail!"); return 0; } rewind(pf); if(!fseek(pf,v_offset+4,SEEK_SET)) { if(fread(v_file_head,20L,1,pf)>0) { printf("Machine : %04XH\n",v_file_head->Machine); printf("NumberOfSections : %04XH\n",v_file_head->NumberOfSections); printf("TimeDateStamp : %08lXH\n",v_file_head->TimeDateStamp); printf("PointerToSymbolTable : %08lXH\n",v_file_head->PointerToSymbolTable); printf("NumberOfSymbols : %08lXH\n",v_file_head->NumberOfSymbols); printf("SizeOfOptionalHeader : %04XH\n",v_file_head->SizeOfOptionalHeader); printf("Characteristics : %04XH\n",v_file_head->Characteristics); } else { printf("fail!"); return 0; } if(v_optional_head==NULL) { printf("fail!"); return 0; } if(fread(v_optional_head,96L,1,pf)>0) { printf("Magic : %04XH\n",v_optional_head->Magic); printf("MajorLinkerVersion : %02XH\n",v_optional_head->MajorLinkerVersion); printf("MinorLinkerVersion : %02XH\n",v_optional_head->MinorLinkerVersion); printf("SizeOfCode : %08lXH\n",v_optional_head->SizeOfCode); printf("SizeOfInitializedData : %08lXH\n",v_optional_head->SizeOfInitializedData); printf("SizeOfUninitializedData : %08lXH\n",v_optional_head->SizeOfUninitializedData); printf("AddressOfEntryPoint : %08lXH\n",v_optional_head->AddressOfEntryPoint); printf("BaseOfCode : %08lXH\n",v_optional_head->BaseOfCode); printf("BaseOfData : %08lXH\n",v_optional_head->BaseOfData); printf("ImageBase : %08lXH\n",v_optional_head->ImageBase); printf("SectionAlignment : %08lXH\n",v_optional_head->SectionAlignment); printf("FileAlignment : %08lXH\n",v_optional_head->FileAlignment); printf("MajorOperatingSystemVersion : %04XH\n",v_optional_head->MajorOperatingSystemVersion); printf("MinorOperatingSystemVersion : %04XH\n",v_optional_head->MinorOperatingSystemVersion); printf("MajorImageVersion : %04XH\n",v_optional_head->MajorImageVersion); printf("MinorImageVersion : %04XH\n",v_optional_head->MinorImageVersion); printf("MajorSubsystemVersion : %04XH\n",v_optional_head->MajorSubsystemVersion); printf("MinorSubsystemVersion : %04XH\n",v_optional_head->MinorSubsystemVersion); printf("Win32VersionValue : %08lXH\n",v_optional_head->Win32VersionValue); printf("SizeOfImage : %08lXH\n",v_optional_head->SizeOfImage); printf("SizeOfHeaders : %08lXH\n",v_optional_head->SizeOfHeaders); printf("CheckSum : %08lXH\n",v_optional_head->CheckSum); printf("Subsystem : %04XH\n",v_optional_head->Subsystem); printf("DllCharacteristics : %04XH\n",v_optional_head->DllCharacteristics); printf("SizeOfStackReserve : %08lXH\n",v_optional_head->SizeOfStackReserve); printf("SizeOfStackCommit : %08lXH\n",v_optional_head->SizeOfStackCommit); printf("SizeOfHeapReserve : %08lXH\n",v_optional_head->SizeOfHeapReserve); printf("SizeOfHeapCommit : %08lXH\n",v_optional_head->SizeOfHeapCommit); printf("LoaderFlags : %08lXH\n",v_optional_head->LoaderFlags); printf("NumberOfRvaAndSizes : %08lXH\n",v_optional_head->NumberOfRvaAndSizes); } else { printf("fail!"); return 0; } return 1; } else { printf("fail!"); return 0; }}
主文件:sfile.c
#include<stdio.h>#include<stdlib.h>#include "fstruct.h"int main(int argc,char *argv[]){ FILE *pf; if(argc>1) { pf=fopen(argv[1],"rb"); if(pf==NULL) { printf("fail\n"); return 0; } else { f_file_head(pf,f_dos_head(pf)); fclose(pf); } }}
- PE信息获取工具
- PE信息获取 记录
- pe文件解析:读取pe信息获取文件资源
- 获取PE文件信息的封装
- 获取PE文件信息的封装
- 自己写的一个PE文件FileVersionInfo类,可以轻松获取PE文件版本信息
- 获取手机信息工具le
- 取简单PE信息
- PE文件信息浏览
- 运用 Windows 工具获取 IPv6 配置信息
- 运用 Windows 工具获取 IPv6 配置信息
- 运用 Windows 工具获取 IPv6 配置信息
- 获取IIS虚拟网站信息的工具
- 获取手机信息的工具类
- 获取手机信息的工具类
- 获取手机信息工具类-android .
- 获取手机信息的工具类
- AppInfoUtil 获取App应用程序信息工具类
- C语言缺陷与陷阱(笔记)
- Mybatis + MySQL 得到刚刚插入的主键
- RTX管理器中的服务都看不到
- Java 的枚举使用
- wap学习笔记1
- PE信息获取工具
- 为Android应用增加渠道信息 自动化不同渠道的打包过程
- ubuntu 11.10 下XTerm的配置(可显示和输入中文)
- RTX服务器坏了,换服务器,原腾讯通数据恢复的问题
- iOS开发网络资源
- sqlmap注入Access实例
- 改变自己的九条建议
- Java容器类Collection、List、ArrayList、Vector及map、HashTable、HashMap区别
- 我在网站开发过程中,seo方面的一些心得