Windows PE 重定位表编程（枚举重定位地址）

原理之前单独总结过，在这里：

http://blog.csdn.net/u013761036/article/details/54051347

下面是枚举重定位信息的代码：

// ReLocationX86.cpp : 定义控制台应用程序的入口点。
//
 
#include "stdafx.h"
#include <string>
#include <windows.h>
#include <shlwapi.h>
#include <Dbghelp.h> //ImageRvaToVa  
#pragma comment(lib, "Dbghelp.lib") 
#pragma comment(lib, "shlwapi.lib")
using namespace std;
#pragma warning(disable : 4996)
 
unsigned char bMemory[1024*1024*5] = {0};
 
DWORD dwLoadPE2Memory(string strPePath){
FILE *fpLoadDll; 
char cCache[1024];            
if((fpLoadDll = fopen(strPePath.c_str(),"rb")) == NULL) { 
return 0;
} 
DWORD dwNowReadId = 0;
while (1) { 
ZeroMemory(cCache ,sizeof(cCache));
DWORD dwReadSize = fread(cCache,1,1024 ,fpLoadDll);
DWORD dwErrorCode = GetLastError();
if(dwReadSize == 0){
break;
}
for(int i = 1 ;i <= dwReadSize ;i ++){
bMemory[dwNowReadId++] = cCache[i-1];
}
} 
fclose(fpLoadDll);     
return dwNowReadId;
}
 
 
void DoReLocation( void * pBaseAddress){
 
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pBaseAddress;  
PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((PBYTE)pBaseAddress + pDosHeader->e_lfanew);             
    //PIMAGE_BASE_RELOCATION pNowPageAddress = (PIMAGE_BASE_RELOCATION)((unsigned long)pBaseAddress +  pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
if(pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress == 0){
return ;
}
PIMAGE_BASE_RELOCATION pNowPageAddress = (PIMAGE_BASE_RELOCATION)ImageRvaToVa(  
pNtHeaders,    pBaseAddress,  
pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress,  
NULL);
 
 
    while ((pNowPageAddress->VirtualAddress + pNowPageAddress->SizeOfBlock) != 0) {
        WORD *pLocalListAddress = (WORD *)((PBYTE)pNowPageAddress + sizeof(IMAGE_BASE_RELOCATION));
        int nNumberOfReloc = (pNowPageAddress->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION))/sizeof(WORD);
        for ( int i=0 ; i < nNumberOfReloc; i++){
            if ((DWORD)(pLocalListAddress[i] & 0x0000F000) == 0x00003000){
 
                DWORD* pNeedReLocationAddress = (DWORD *)((PBYTE)pBaseAddress + pNowPageAddress->VirtualAddress + (pLocalListAddress[i] & 0x0FFF));
                DWORD dwDelta = (DWORD)pBaseAddress - pNtHeaders->OptionalHeader.ImageBase;
                *pLocalListAddress += dwDelta;
 
DWORD dwSorAddress ,dwNewAddress ,dwImageBaseAddress ,dwVirtualBaseAddress;
dwSorAddress = *pLocalListAddress - dwDelta;
                dwNewAddress = *pLocalListAddress;
dwImageBaseAddress = pNtHeaders->OptionalHeader.ImageBase;
dwVirtualBaseAddress = (DWORD)pBaseAddress;
printf("ImageBasAd:%X ,VirtualBasAd:%X ,SorAd:%X ,NewAd:%X
" ,dwImageBaseAddress ,dwVirtualBaseAddress ,dwSorAddress ,dwNewAddress);
            }
        }
        pNowPageAddress = (PIMAGE_BASE_RELOCATION)((PBYTE)pNowPageAddress + pNowPageAddress->SizeOfBlock);
    }
}
 
int _tmain(int argc, _TCHAR* argv[])
{
//HMODULE hModule = GetModuleHandle(NULL);   
if(dwLoadPE2Memory("C:\TTT.exe")){
DoReLocation(bMemory);
}
return 0;
}