获得PE文件输入表和输出表
来源:互联网 发布:潍坊行知学校录取标准 编辑:程序博客网 时间:2024/05/29 03:07
#include <windows.h>
#include <iostream>
#include<ImageHlp.h>
#pragma comment(lib,"imagehlp.lib")
using namespace std;
int main()
{
char* strExePath="C:\\Windows\\System32\\kernel32.dll";
//打开文件
HANDLE hFile=::CreateFile(strExePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(NULL==hFile)
{
cout<<"CreateFile error:"<<GetLastError()<<endl;
return 0;
}
cout<<"CreateFile successfully\n";
//创建内存映像
HANDLE hMap=CreateFileMappingA(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(NULL==hMap)
{
cout<<"CreateFileMappingA error:"<<GetLastError()<<endl;
return 0;
}
cout<<"CreateFilemappingA successfully\n";
//获得文件基地址
LPVOID lpImageBase=MapViewOfFile(hMap,FILE_MAP_READ,0,0,0);
if(NULL==lpImageBase)
{
cout<<"MapViewOfFile error:"<<GetLastError()<<endl;
return 0;
}
cout<<"MapViewOfFile successfully\n";
//获得DOS头部指针
PIMAGE_DOS_HEADER pDos=(PIMAGE_DOS_HEADER)lpImageBase;
if(pDos->e_magic==IMAGE_DOS_SIGNATURE)
cout<<"DOS 头部检测成功\n";
else
{
cout<<"并非exe文件\n";
}
//获得NT文件头
PIMAGE_NT_HEADERS pNtHeader;
pNtHeader = (PIMAGE_NT_HEADERS)((DWORD)pDos + pDos->e_lfanew);
if(pNtHeader->Signature==IMAGE_NT_SIGNATURE)
{
cout<<"可用exe文件\n";
}
//获得文件头部
PIMAGE_FILE_HEADER pFile=(PIMAGE_FILE_HEADER)(&pNtHeader->FileHeader);
//获得可选头部
PIMAGE_OPTIONAL_HEADER pOptionalHeader=(PIMAGE_OPTIONAL_HEADER)(&pNtHeader->OptionalHeader);
//获得区段头
PIMAGE_SECTION_HEADER pSectionHeader;
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader + pFile->SizeOfOptionalHeader);
PIMAGE_SECTION_HEADER pSectionUse=pSectionHeader;
for(int i=0;i<pFile->NumberOfSections;i++)
{
char tmp[256]={0};
wsprintf(tmp,"%s",pSectionUse->Name);
cout<<tmp<<endl;
//pSectionHeader+=sizeof(PIMAGE_SECTION_HEADER);
pSectionUse++;
}
//获得输出表
PIMAGE_EXPORT_DIRECTORY pExportDir=(PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pNtHeader,lpImageBase,pOptionalHeader->DataDirectory[0].VirtualAddress,&pSectionHeader);
cout<<"输出函数个数是:"<<pExportDir->NumberOfNames<<endl;
DWORD **ppdwNames = (DWORD **)pExportDir->AddressOfNames;
ppdwNames = (PDWORD*)ImageRvaToVa(pNtHeader,
lpImageBase, (DWORD)ppdwNames, 0);
DWORD ppdwFunc = (DWORD )pExportDir->AddressOfFunctions;
for(int i=0;i<1;i++)
{
char *szFunc=(PSTR)ImageRvaToVa(pNtHeader, lpImageBase, (DWORD)*ppdwNames, 0);
DWORD dwAddress=(DWORD)ImageRvaToVa(pNtHeader, lpImageBase, (DWORD)ppdwFunc, 0);
cout<<szFunc<<"::"<<dwAddress<<endl;
ppdwNames++;
}
DWORD* pFuncAddress=(DWORD*)pExportDir->AddressOfNameOrdinals;
//获得输入表
PIMAGE_IMPORT_DESCRIPTOR pImportDir ;
cout<<"通过寻找OrignalFirstThunk\n";
pImportDir = (PIMAGE_IMPORT_DESCRIPTOR)ImageRvaToVa(pNtHeader,lpImageBase,(DWORD)pOptionalHeader->DataDirectory[1].VirtualAddress,&pSectionHeader);
while((pImportDir->Name)!=NULL)
{
cout<<(char*)ImageRvaToVa(pNtHeader,lpImageBase,pImportDir->Name,&pSectionHeader)<<endl<<endl;;
PIMAGE_THUNK_DATA thunk_data=(PIMAGE_THUNK_DATA)ImageRvaToVa(pNtHeader,lpImageBase,pImportDir->OriginalFirstThunk,&pSectionHeader);
while((thunk_data->u1.AddressOfData)!=NULL)
{
PIMAGE_IMPORT_BY_NAME he=(PIMAGE_IMPORT_BY_NAME)ImageRvaToVa(pNtHeader,lpImageBase,thunk_data->u1.AddressOfData,&pSectionHeader);
cout<<he->Hint<<":"<<he->Name<<endl;
thunk_data++;
}
pImportDir++;
cout<<endl;
}
return 0;
}
#include <iostream>
#include<ImageHlp.h>
#pragma comment(lib,"imagehlp.lib")
using namespace std;
int main()
{
char* strExePath="C:\\Windows\\System32\\kernel32.dll";
//打开文件
HANDLE hFile=::CreateFile(strExePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(NULL==hFile)
{
cout<<"CreateFile error:"<<GetLastError()<<endl;
return 0;
}
cout<<"CreateFile successfully\n";
//创建内存映像
HANDLE hMap=CreateFileMappingA(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(NULL==hMap)
{
cout<<"CreateFileMappingA error:"<<GetLastError()<<endl;
return 0;
}
cout<<"CreateFilemappingA successfully\n";
//获得文件基地址
LPVOID lpImageBase=MapViewOfFile(hMap,FILE_MAP_READ,0,0,0);
if(NULL==lpImageBase)
{
cout<<"MapViewOfFile error:"<<GetLastError()<<endl;
return 0;
}
cout<<"MapViewOfFile successfully\n";
//获得DOS头部指针
PIMAGE_DOS_HEADER pDos=(PIMAGE_DOS_HEADER)lpImageBase;
if(pDos->e_magic==IMAGE_DOS_SIGNATURE)
cout<<"DOS 头部检测成功\n";
else
{
cout<<"并非exe文件\n";
}
//获得NT文件头
PIMAGE_NT_HEADERS pNtHeader;
pNtHeader = (PIMAGE_NT_HEADERS)((DWORD)pDos + pDos->e_lfanew);
if(pNtHeader->Signature==IMAGE_NT_SIGNATURE)
{
cout<<"可用exe文件\n";
}
//获得文件头部
PIMAGE_FILE_HEADER pFile=(PIMAGE_FILE_HEADER)(&pNtHeader->FileHeader);
//获得可选头部
PIMAGE_OPTIONAL_HEADER pOptionalHeader=(PIMAGE_OPTIONAL_HEADER)(&pNtHeader->OptionalHeader);
//获得区段头
PIMAGE_SECTION_HEADER pSectionHeader;
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader + pFile->SizeOfOptionalHeader);
PIMAGE_SECTION_HEADER pSectionUse=pSectionHeader;
for(int i=0;i<pFile->NumberOfSections;i++)
{
char tmp[256]={0};
wsprintf(tmp,"%s",pSectionUse->Name);
cout<<tmp<<endl;
//pSectionHeader+=sizeof(PIMAGE_SECTION_HEADER);
pSectionUse++;
}
//获得输出表
PIMAGE_EXPORT_DIRECTORY pExportDir=(PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pNtHeader,lpImageBase,pOptionalHeader->DataDirectory[0].VirtualAddress,&pSectionHeader);
cout<<"输出函数个数是:"<<pExportDir->NumberOfNames<<endl;
DWORD **ppdwNames = (DWORD **)pExportDir->AddressOfNames;
ppdwNames = (PDWORD*)ImageRvaToVa(pNtHeader,
lpImageBase, (DWORD)ppdwNames, 0);
DWORD ppdwFunc = (DWORD )pExportDir->AddressOfFunctions;
for(int i=0;i<1;i++)
{
char *szFunc=(PSTR)ImageRvaToVa(pNtHeader, lpImageBase, (DWORD)*ppdwNames, 0);
DWORD dwAddress=(DWORD)ImageRvaToVa(pNtHeader, lpImageBase, (DWORD)ppdwFunc, 0);
cout<<szFunc<<"::"<<dwAddress<<endl;
ppdwNames++;
}
DWORD* pFuncAddress=(DWORD*)pExportDir->AddressOfNameOrdinals;
//获得输入表
PIMAGE_IMPORT_DESCRIPTOR pImportDir ;
cout<<"通过寻找OrignalFirstThunk\n";
pImportDir = (PIMAGE_IMPORT_DESCRIPTOR)ImageRvaToVa(pNtHeader,lpImageBase,(DWORD)pOptionalHeader->DataDirectory[1].VirtualAddress,&pSectionHeader);
while((pImportDir->Name)!=NULL)
{
cout<<(char*)ImageRvaToVa(pNtHeader,lpImageBase,pImportDir->Name,&pSectionHeader)<<endl<<endl;;
PIMAGE_THUNK_DATA thunk_data=(PIMAGE_THUNK_DATA)ImageRvaToVa(pNtHeader,lpImageBase,pImportDir->OriginalFirstThunk,&pSectionHeader);
while((thunk_data->u1.AddressOfData)!=NULL)
{
PIMAGE_IMPORT_BY_NAME he=(PIMAGE_IMPORT_BY_NAME)ImageRvaToVa(pNtHeader,lpImageBase,thunk_data->u1.AddressOfData,&pSectionHeader);
cout<<he->Hint<<":"<<he->Name<<endl;
thunk_data++;
}
pImportDir++;
cout<<endl;
}
return 0;
}
- 获得PE文件输入表和输出表
- 重建 PE 文件的输入表 TiTi
- 重建 PE 文件的输入表
- PE文件输入表获取过程
- PE文件结构(三) 输入表
- 关于PE文件——输入表
- PE文件结构(四) 输出表
- PE: 输入表与输出表的细微区别
- 文件输入 和 输出
- PE导出/输入表————文件影射
- PE导出/输入表————文件影射
- PE文件结构(二)-输入表实例分析
- 转:通过ReverseMe学习PE文件结构-输出表
- PE文件详解五:PE详解之输入表(导入表)详解1
- PE文件详解六:PE详解之输入表(导入表)详解2
- PE格式之输入表
- 学习PE之输出表
- PE文件导入表
- 2013/09/05 SQLLDR 加载多个文件和导入多个表
- 一个公司的管理之二:“临阵换将乃兵家之大忌”
- Android Handler、Message完全解析,带你从源码的角度彻底理解
- linux nginx安装
- 一次遍历找出单链表中的倒数第k个元素
- 获得PE文件输入表和输出表
- Canvas的save和restore
- 用C++ 写一个不能被继承的类
- 2012华为校园招聘上机笔试题---版本1
- 调停者模式mediator 笔记
- 关于Android当中新建activity的注册问题
- 小伙伴们的ceph源码分析二——monitor启动流程
- LR中的同行取值(same line as)
- CSS3 @font-face Rule
