PE 学习 打印pe格式
来源:互联网 发布:淘宝点击量是什么意思 编辑:程序博客网 时间:2024/05/17 02:32
// petool.cpp : Defines the entry point for the console application.//#include "stdafx.h"#include <stdlib.h>#include <windows.h>FILE *fp;IMAGE_DOS_HEADER myDosHeader;IMAGE_FILE_HEADER myFileHeader;IMAGE_OPTIONAL_HEADER myOptionHeader;IMAGE_DATA_DIRECTORY myDataDir[16];char szname[][50]={ "IMAGE_DIRECTORY_ENTRY_EXPORT", "IMAGE_DIRECTORY_ENTRY_IMPORT" , "IMAGE_DIRECTORY_ENTRY_RESOURCE" , "IMAGE_DIRECTORY_ENTRY_EXCEPTION" , "IMAGE_DIRECTORY_ENTRY_SECURITY" , "IMAGE_DIRECTORY_ENTRY_BASERELOC ", "IMAGE_DIRECTORY_ENTRY_DEBUG" , "IMAGE_DIRECTORY_ENTRY_ARCHITECTURE ", "IMAGE_DIRECTORY_ENTRY_GLOBALPTR" , "IMAGE_DIRECTORY_ENTRY_TLS" , "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG" , "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT" , "IMAGE_DIRECTORY_ENTRY_IAT", "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT" , "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", "Reserved"}; void ShowDosHeader(); void ShowDosStub(); void ShowFileHeader(); void ShowOptionHeader(); void ShowDatadir(); int main(int argc, char* argv[]) { printf("欢迎使用PEViewTool\r\n"); puts("请输入一个路径:"); char cfilepath[MAX_PATH]={0}; scanf("%s",&cfilepath); fflush(stdin); fp=fopen(cfilepath,"rb"); if (fp==NULL) { printf("打开文件失败\r\n"); return -1; } //读取pe头 fread(&myDosHeader,sizeof(myDosHeader),1,fp); //找到pe的标志 fseek(fp,myDosHeader.e_lfanew,SEEK_SET); fread(&lSig,4,1,fp); if (myDosHeader.e_magic==IMAGE_DOS_SIGNATURE&&lSig==IMAGE_NT_SIGNATURE) { printf("正确有效pe文件\r\n"); ShowDosHeader(); ShowDosStub(); //定位FileHeader fseek(fp,myDosHeader.e_lfanew+sizeof(lSig),SEEK_SET); fread(&myFileHeader,sizeof(myFileHeader),1,fp); ShowFileHeader(); //IMAGE_OPTIONAL_HEADER fseek(fp,myDosHeader.e_lfanew+sizeof(lSig)+sizeof(myFileHeader),SEEK_SET); fread(&myOptionHeader,sizeof(myOptionHeader),1,fp); ShowOptionHeader(); } else { printf("不是有效率的pe\r\n"); } return 0; } //dos头显示 void ShowDosHeader() { printf("IMAGE_DOS_HEADER:\r\n"); printf("e_magic : %04X\r\n",myDosHeader.e_magic); printf("e_cblp : %04x\r\n",myDosHeader.e_cblp); printf("e_cp : %04X\r\n",myDosHeader.e_cp); printf("e_crlc : %04X\r\n",myDosHeader.e_crlc); printf("e_cparhdr : %04X\r\n",myDosHeader.e_cparhdr); printf("e_minalloc: %04X\r\n",myDosHeader.e_minalloc); printf("e_maXalloc: %04X\r\n",myDosHeader.e_maxalloc); printf("e_ss : %04X\r\n",myDosHeader.e_ss); printf("e_sp : %04X\r\n",myDosHeader.e_sp); printf("e_csum : %04X\r\n",myDosHeader.e_csum); printf("e_ip : %04X\r\n",myDosHeader.e_ip); printf("e_cs : %04X\r\n",myDosHeader.e_cs); printf("e_lfarlc : %04X\r\n",myDosHeader.e_lfarlc); printf("e_ovno : %04X\r\n",myDosHeader.e_ovno); printf("e_res[0] : %04X\r\n",myDosHeader.e_res[0]); printf("e_res[1] : %04X\r\n",myDosHeader.e_res[1]); printf("e_res[2] : %04X\r\n",myDosHeader.e_res[2]); printf("e_res[3] : %04X\r\n",myDosHeader.e_res[3]); printf("e_oemid : %04X\r\n",myDosHeader.e_oemid); printf("e_oeminfo : %04X\r\n",myDosHeader.e_oeminfo); for (int i=0;i<10;i++) { printf("e_res2[%d] : %04X\r\n",i,myDosHeader.e_res2[i]); } printf("e_lfanew : %08X\r\n",myDosHeader.e_lfanew); puts("-------------------------------------------"); } //Dos_stub 显示 void ShowDosStub() { printf("DOS_Stub:\r\n"); int nSize=myDosHeader.e_lfanew-0x40; printf("DOS_Stub size %d:\r\n",nSize); unsigned char nBuf[1000]={0}; fseek(fp,64,SEEK_SET); fread(nBuf,nSize,1,fp); printf("DOS_Stub data begin:\r\n"); for(int i=0;i<nSize;i++) { printf("%X",nBuf[i]); } puts(""); printf("DOS_Stub data end:\r\n"); puts("-------------------------------------------"); } //文件头显示 void ShowFileHeader() { printf("IMAGE_FILE_HEADER Begin:\r\n"); printf("Signature : %p\r\n",lSig); printf("Machine : %04X\r\n",myFileHeader.Machine); printf("NumberOfSections : %04X\r\n",myFileHeader.NumberOfSections); printf("TimeDateStamp : %08X\r\n",myFileHeader.TimeDateStamp); printf("PointerToSymbolTable : %08X\r\n",myFileHeader.PointerToSymbolTable); printf("NumberOfSymbols : %08X\r\n",myFileHeader.NumberOfSymbols); printf("SizeOfOptionalHeader : %04X\r\n",myFileHeader.SizeOfOptionalHeader); printf("Characteristics : %04X\r\n",myFileHeader.Characteristics); printf("IMAGE_FILE_HEADER End:\r\n"); puts("-------------------------------------------"); } //可选头显示 void ShowOptionHeader() { printf("myOptionHeader Begin:\r\n"); printf("Magic : %04X\r\n",myOptionHeader.Magic); printf("MajorLinkerVersion : %02X\r\n",myOptionHeader.MajorLinkerVersion); printf("MinorLinkerVersion : %02X\r\n",myOptionHeader.MinorLinkerVersion); printf("SizeOfCode : %p\r\n",myOptionHeader.SizeOfCode); printf("SizeOfInitializedData : %08X\r\n",myOptionHeader.SizeOfInitializedData); printf("SizeOfUninitializedData : %08X\r\n",myOptionHeader.SizeOfUninitializedData); printf("AddressOfEntryPoint : %08X\r\n",myOptionHeader.AddressOfEntryPoint); printf("BaseOfData : %08X\r\n",myOptionHeader.BaseOfData); printf("ImageBase : %08X\r\n",myOptionHeader.ImageBase); printf("SectionAlignment : %08X\r\n",myOptionHeader.SectionAlignment); printf("FileAlignment : %08X\r\n",myOptionHeader.FileAlignment); printf("MajorOperatingSystemVersion : %04X\r\n",myOptionHeader.MajorOperatingSystemVersion); printf("MinorOperatingSystemVersion : %04X\r\n",myOptionHeader.MinorOperatingSystemVersion); printf("MajorImageVersion : %04X\r\n",myOptionHeader.MajorImageVersion); printf("MinorImageVersion : %04X\r\n",myOptionHeader.MinorImageVersion); printf("MajorSubsystemVersion : %04X\r\n",myOptionHeader.MajorSubsystemVersion); printf("MinorSubsystemVersion : %04X\r\n",myOptionHeader.MinorSubsystemVersion); printf("Win32VersionValue : %p\r\n",myOptionHeader.Win32VersionValue); printf("SizeOfImage : %p\r\n",myOptionHeader.SizeOfImage); printf("SizeOfHeaders : %p\r\n",myOptionHeader.SizeOfHeaders); printf("CheckSum : %p\r\n",myOptionHeader.CheckSum); printf("Subsystem : %04X\r\n",myOptionHeader.Subsystem); printf("DllCharacteristics : %04X\r\n",myOptionHeader.DllCharacteristics); printf("SizeOfStackReserve : %p\r\n",myOptionHeader.SizeOfStackReserve); printf("SizeOfStackCommit : %p\r\n",myOptionHeader.SizeOfStackCommit); printf("SizeOfHeapCommit : %p\r\n",myOptionHeader.SizeOfHeapCommit); printf("LoaderFlags : %p\r\n",myOptionHeader.LoaderFlags ); printf("NumberOfRvaAndSizes : %p\r\n",myOptionHeader.NumberOfRvaAndSizes); puts("-------------------------------------------"); //文件字节定位 int nresult=ftell(fp)-0x80; fseek(fp,nresult,SEEK_SET); fread(&myDataDir,sizeof(myDataDir),1,fp); ShowDatadir(); } void ShowDatadir() { printf("IMAGE_DATA_DIRECTORY Begin:\r\n"); for (int i=0;i<16;i++) { printf("\t%s:\t\r\n\t\tVirtualAddress:%p, Size:%p\r\n",szname[i],myDataDir[i].VirtualAddress,myDataDir[i].Size); } printf("IMAGE_DATA_DIRECTORY End:\r\n"); puts("-------------------------------------------"); fclose(fp); }就是一个简单pe格式查看各各节区没有列举出来
0 0
- PE 学习 打印pe格式
- PE格式学习笔记
- PE格式学习笔记(三)
- PE格式学习笔记(一)
- JIURL PE 格式学习总结
- pe格式
- PE格式
- JIURL PE 格式学习总结(一)-- PE文件概述
- PE学习
- PE学习
- PE学习
- PE格式学习讨论群:3214720
- PE
- PE
- PE
- PE
- PE
- PE
- 简单实现图片多选功能
- 使用PHP和HTML5 FormData实现无刷新文件上传教程
- 实现宠物平滑跟随
- Running in a Background Service 之Creating a Background Service
- 多线程编程指南读书笔记——Run Loop
- PE 学习 打印pe格式
- 应用于负载均衡的一致性哈希及java实现
- Scipy的学习手记
- 通讯录分组排序(UILocalizedIndexedCollation)
- HttpServletRequest和HttpServletResponse详解
- memcached(八)一致性哈希高级应用
- MacBook Air密码忘了,苹果电脑密码忘了怎么办
- m,n,相加时需要进位多少次[java]
- [PAT] B1021
