zoukankan      html  css  js  c++  java

  • C语言编程获取PE文件File_Header内容

    #include <windows.h>
#include <stdio.h>
#include <tchar.h>

void viewImageFileCharacteristics(WORD);

int _tmain(int argc, TCHAR *argv[])
{
	PIMAGE_DOS_HEADER pImageDosHeader;
	PIMAGE_NT_HEADERS pImageNtHeaders;
	PIMAGE_FILE_HEADER pImageFileHeader;
	HANDLE hFile;
	HANDLE hMapObject;
	PUCHAR uFileMap;
	if(argc<2)
		return -1;
	if(!(hFile=CreateFile(argv[1],GENERIC_READ,0,NULL,OPEN_EXISTING,0,0)))
		return -1;
	if (!(hMapObject=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL)))
		return -1;
	if(!(uFileMap=MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0)))
		return -1;
	pImageDosHeader=(PIMAGE_DOS_HEADER)uFileMap;
	if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
		return -1;
	pImageNtHeaders=(PIMAGE_NT_HEADERS)((PUCHAR)uFileMap+pImageDosHeader->e_lfanew);
	if (pImageNtHeaders->Signature!=IMAGE_NT_SIGNATURE)
		return -1;
	pImageFileHeader=(PIMAGE_FILE_HEADER) &(pImageNtHeaders->FileHeader);
	printf("Machine:		0x%04X",pImageFileHeader->Machine);
	((pImageFileHeader->Machine == IMAGE_FILE_MACHINE_I386)
		?printf("(I386) 
")
		:printf(" (?) 
"));
	printf("NumberOfSections:	0x%04X
",pImageFileHeader->NumberOfSections);
	printf("TimeDateStamp:		0x%08X
",pImageFileHeader->TimeDateStamp);
	printf("PointerToSymbolTable:	0x08X
",pImageFileHeader->PointerToSymbolTable);
	printf("NumberOfSymbols:	0x%08X
",pImageFileHeader->NumberOfSymbols);
	printf("SizeOfOptionalHeader:	0x%04X
",pImageFileHeader->SizeOfOptionalHeader);
	printf("Characteristics:	0x%04X
",pImageFileHeader->Characteristics);
	viewImageFileCharacteristics(pImageFileHeader->Characteristics);
	UnmapViewOfFile(uFileMap);
	CloseHandle(hMapObject);
	CloseHandle(hFile);
	return 0;
}

void viewImageFileCharacteristics(WORD wCharacteristics)
{
	BYTE szCharacteristics[100];
	memset(szCharacteristics,0,100);
	szCharacteristics[0]='(';
	if (wCharacteristics & 0x0001)
		strcat(szCharacteristics,"RELOCS_STRIPPED|");
	if (wCharacteristics & 0x0002)
		strcat(szCharacteristics,"EXECUTABLE_IMAGE|");
	if (wCharacteristics & 0x0004)
		strcat(szCharacteristics,"LINE_NUMS_STRIPPED|");
	if (wCharacteristics & 0x0100)
		strcat(szCharacteristics,"32BIT_MACHINE|");
	if (wCharacteristics & 0x0200)
		strcat(szCharacteristics,"DEBUG_STRIPPED|");
	if (wCharacteristics & 0x1000)
		strcat(szCharacteristics,"FILE_SYSTEM|");
	if (wCharacteristics & 0x2000)
		strcat(szCharacteristics,"FILE_DLL|");
	szCharacteristics[strlen(szCharacteristics)-1]=')';
	szCharacteristics[strlen(szCharacteristics)]='';
	printf("	%s
",szCharacteristics);
}

  • 相关阅读:
    35 个 Java 代码性能优化总结
    P4172 [WC2006]水管局长(LCT)
    P4219 [BJOI2014]大融合(LCT)
    P1501 [国家集训队]Tree II(LCT)
    P4381 [IOI2008]Island(基环树+单调队列优化dp)
    P3332 [ZJOI2013]K大数查询(线段树套线段树+标记永久化)
    P3809 【模板】后缀排序
    P3813 [FJOI2017]矩阵填数(组合数学)
    P2147 [SDOI2008]洞穴勘测(LCT)
    P3924 康娜的线段树(期望)
  • 原文地址:https://www.cnblogs.com/AlexanderZhao/p/12878958.html
Copyright © 2011-2022 走看看