zoukankan      html  css  js  c++  java

  • Windows Pe 第三章 PE头文件-EX-相关编程-1(PE头内容获取)

    获取pE头相关的内容,就是类似如下内容


    原理:比较简单,直接读取PE到内存,然后直接强转就行了。

    #include <windows.h>
#include <stdio.h>
#include <tchar.h>
 
#pragma warning(disable:4996)
 
void viewImageFileCharacteristics(WORD);
 
int _tmain(int argc, TCHAR *argv[])
{
PIMAGE_DOS_HEADER pImageDosHeader;
PIMAGE_NT_HEADERS pImageNtHeaders;
PIMAGE_FILE_HEADER pImageFileHeader;
HANDLE hFile;
HANDLE hMapObject;
PUCHAR uFileMap;
//if(argc<2)
//return -1;
if(!(hFile=CreateFile(/*argv[1]*/L"c:\hello.exe",GENERIC_READ,0,NULL,OPEN_EXISTING,0,0)))
return -1;
if (!(hMapObject=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL)))
return -1;
if(!(uFileMap=(PUCHAR)MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0)))
return -1;
pImageDosHeader=(PIMAGE_DOS_HEADER)uFileMap;
if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
return -1;
pImageNtHeaders=(PIMAGE_NT_HEADERS)((PUCHAR)uFileMap+pImageDosHeader->e_lfanew);
if (pImageNtHeaders->Signature!=IMAGE_NT_SIGNATURE)
return -1;
pImageFileHeader=(PIMAGE_FILE_HEADER) &(pImageNtHeaders->FileHeader);
 
printf("Machine:	0x%04X",pImageFileHeader->Machine);
((pImageFileHeader->Machine == IMAGE_FILE_MACHINE_I386)
?printf("(I386) 
")
:printf(" (?) 
"));
printf("NumberOfSections:	0x%04X
",pImageFileHeader->NumberOfSections);
printf("TimeDateStamp:	0x%08X
",pImageFileHeader->TimeDateStamp);
printf("PointerToSymbolTable:	0x08X
",pImageFileHeader->PointerToSymbolTable);
printf("NumberOfSymbols:	0x%08X
",pImageFileHeader->NumberOfSymbols);
printf("SizeOfOptionalHeader:	0x%04X
",pImageFileHeader->SizeOfOptionalHeader);
printf("Characteristics:	0x%04X
",pImageFileHeader->Characteristics);
viewImageFileCharacteristics(pImageFileHeader->Characteristics);
UnmapViewOfFile(uFileMap);
CloseHandle(hMapObject);
CloseHandle(hFile);
return 0;
}
 
void viewImageFileCharacteristics(WORD wCharacteristics)
{
char szCharacteristics[100];
memset(szCharacteristics,0,100);
szCharacteristics[0]='(';
if (wCharacteristics & 0x0001)
strcat(szCharacteristics,"RELOCS_STRIPPED|");
if (wCharacteristics & 0x0002)
strcat(szCharacteristics,"EXECUTABLE_IMAGE|");
if (wCharacteristics & 0x0004)
strcat(szCharacteristics,"LINE_NUMS_STRIPPED|");
if (wCharacteristics & 0x0100)
strcat(szCharacteristics,"32BIT_MACHINE|");
if (wCharacteristics & 0x0200)
strcat(szCharacteristics,"DEBUG_STRIPPED|");
if (wCharacteristics & 0x1000)
strcat(szCharacteristics,"FILE_SYSTEM|");
if (wCharacteristics & 0x2000)
strcat(szCharacteristics,"FILE_DLL|");
szCharacteristics[strlen(szCharacteristics)-1]=')';
szCharacteristics[strlen(szCharacteristics)]='';
printf("	%s
",szCharacteristics);
}

    执行结果:


     
  • 相关阅读:
    Mysql问题1862
    S3TC IAP15F2K61S2点亮一个发光二极管keil和stc-isp软件操作
    .NET练习计算平方根
    求一个整数以内的素数(函数实现)
    判断一个数是不是素数(函数实现)
    #号在进制输出值的作用,美化输出
    分类——决策树模型(附有决策树生成步骤)
    分类:贝叶斯分类之新闻组数据组学习(查看数据类型的方法)(环境:Pycharm)
    分类:K-近邻分类之鸢尾花数据集学习(包含数据预处理中的标准化)(环境:Pycharm)
    编写一个程序,求2~n间的素数,n由键盘输入,循环变量分别 从2到n、2到(int)sqrt(n),分别测出两个循环的所用时间。
  • 原文地址:https://www.cnblogs.com/csnd/p/12062238.html
Copyright © 2011-2022 走看看