C++打印PE文件头信息Demo

PE文件格式被组织为一个线性的数据流，它由一个MS-DOS头部开始，接着是一个是模式的程序残余以及一个PE文件标志，这之后紧接着PE文件头和可选头部。这些之后是所有的段头部，段头部之后跟随着所有的段实体。文件的结束处是一些其它的区域，其中是一些混杂的信息，包括重分配信息、符号表信息、行号信息以及字串表数据。

PE文件主要信息按顺序

IMAGE_DOS_HEADER MS-DOS MZ头部

DOS STUB MS-DOS 实模式残余程序

NTSIGNATURE PE文件标识

IMAGE_FILE_HEADER PE文件头

IMAGE_OPTIONAL_HEADER PE可选头

IMAGE_SECTION_HEADER 多个段

包括.text .bss .rdata等

更详细的信息请参考：http://www.vckbase.com/document/viewdoc/?id=1334

下面给出将头文件打印出来的源码：

PE.h

#ifndef _X_PE_H_
#define _X_PE_H_
//获取PE头基地址
#define SIZE_OF_NT_SIGNATURE sizeof(DWORD)
#define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + ((PIMAGE_DOS_HEADER)a)->e_lfanew - 1))
#define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + ((PIMAGE_DOS_HEADER)a)->e_lfanew - 1 + SIZE_OF_NT_SIGNATURE))
#define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + ((PIMAGE_DOS_HEADER)a)->e_lfanew - 1 + SIZE_OF_NT_SIGNATURE + sizeof(IMAGE_FILE_HEADER)))
DWORD WINAPI ImageFileType (LPVOID lpFile);
#endif

　　

PE.cpp

#include <windows.h>
#include <stdio.h>
#include <iostream>
#include "pe.h"
using namespace std;
//PE文件类型判断
DWORD WINAPI ImageFileType (LPVOID lpFile)
{
    /* 首先出现的是DOS文件标志 */
    if (*(USHORT *)lpFile == IMAGE_DOS_SIGNATURE)
    {
        /* 由DOS头部决定PE文件头部的位置 */
        if (LOWORD (*(DWORD *)NTSIGNATURE (lpFile)) ==
            IMAGE_OS2_SIGNATURE ||
            LOWORD (*(DWORD *)NTSIGNATURE (lpFile)) ==
            IMAGE_OS2_SIGNATURE_LE)
            return (DWORD)LOWORD(*(DWORD *)NTSIGNATURE (lpFile));
        else if (*(DWORD *)NTSIGNATURE (lpFile) ==
            IMAGE_NT_SIGNATURE)
            return IMAGE_NT_SIGNATURE;
        else
            return IMAGE_DOS_SIGNATURE;
    }
    else
        /* 不明文件种类 */
        return 0;
}
int main()
{
    //业务信息参考
    //http://www.vckbase.com/document/viewdoc/?id=1334
    
    CHAR szBuf[2048];
    FILE* pFile=fopen("E://task//Win32//Debug//win32.exe","r");//这里加载一个PE文件
    int iRead=fread(szBuf,1,2048,pFile);
    
    //MZ-DOS头
    IMAGE_DOS_HEADER* dos;
    dos=(IMAGE_DOS_HEADER*)szBuf;
    cout.setf(ios::hex,ios::basefield);//设置十六进制显示数值
    cout.setf(ios::showbase|ios::uppercase);//设置0x头和大写
    cout<<"dos->e_magic="<<dos->e_magic<<endl;
    cout<<"dos->e_lfanew="<<dos->e_lfanew<<endl;
    cout<<"NTSIGNATURE="<<*(DWORD *)NTSIGNATURE(szBuf)<<endl;
    cout<<"ImageFileType="<<ImageFileType(szBuf)<<" is ";
    switch(ImageFileType(szBuf))
    {
    case IMAGE_DOS_SIGNATURE://MZ
        cout<<"IMAGE_DOS_SIGNATURE"<<endl;
        break;
    case IMAGE_OS2_SIGNATURE://NE
        cout<<"IMAGE_OS2_SIGNATURE"<<endl;
        break;
    case IMAGE_OS2_SIGNATURE_LE:
        cout<<"IMAGE_OS2_SIGNATURE_LE"<<endl;
        break;
    case IMAGE_NT_SIGNATURE:
        cout<<"IMAGE_NT_SIGNATURE"<<endl;
    }
    
    cout<<"PEFHDROFFSET="<<PEFHDROFFSET(szBuf)<<endl;
    //PE必选头
    PIMAGE_FILE_HEADER header =(PIMAGE_FILE_HEADER)PEFHDROFFSET(szBuf);
    cout<<"Machine="<<header->Machine<<endl;
    cout<<"区段数NumberOfSections="<<header->NumberOfSections<<endl;
    cout<<"建立时间TimeDateStamp="<<header->TimeDateStamp<<endl;
    cout<<"PointerToSymbolTable="<<header->PointerToSymbolTable<<endl;
    cout<<"可选头部大小SizeOfOptionalHeader="<<header->SizeOfOptionalHeader<<endl;
    cout<<"特征Characteristics="<<header->Characteristics<<endl;
    
    //PE可选头
    PIMAGE_OPTIONAL_HEADER opHeader=(PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET(szBuf);
    cout<<"魔术字Magic="<<opHeader->Magic<<endl;//0x010B为.EXE，0x0107为ROM映像
    cout<<"连接器主版本MajorLinkerVersion="<<(short)opHeader->MajorLinkerVersion<<endl;
    cout<<"连接器副版本MinorLinkerVersion="<<(short)opHeader->MinorLinkerVersion<<endl;
    cout<<"可执行代码大小SizeOfCode="<<opHeader->SizeOfCode<<endl;
    cout<<"已初始化的数据大小SizeOfInitializedData="<<opHeader->SizeOfInitializedData<<endl;
    cout<<"未初始化的数据大小SizeOfUninitializedData="<<opHeader->SizeOfUninitializedData<<endl;
    cout<<"入口点AddressOfEntryPoint="<<opHeader->AddressOfEntryPoint<<endl;
    cout<<"代码基址(.text段)BaseOfCode="<<opHeader->BaseOfCode<<endl;
    cout<<"数据基址(.bss段)BaseOfData="<<opHeader->BaseOfData<<endl;
    cout<<"映像基址ImageBase"<<opHeader->ImageBase<<endl;//进程映像地址空间中的首选基地址,Windows NT的Microsoft Win32 SDK链接器将这个值默认设为0x00400000，但是你可以使用-BASE:linker开关改变这个值。 
    cout<<"区段对齐SectionAlignment="<<opHeader->SectionAlignment<<endl;
    cout<<"FileAlignment="<<opHeader->FileAlignment<<endl;
    cout<<"NT主版本号MajorOperatingSystemVersion="<<opHeader->MajorOperatingSystemVersion<<endl;
    cout<<"NT副版本号MinorOperatingSystemVersion="<<opHeader->MinorOperatingSystemVersion<<endl;
    cout<<"应用程序主版本号MajorImageVersion="<<opHeader->MajorImageVersion<<endl;
    cout<<"应用程序副版本号MinorImageVersion="<<opHeader->MinorImageVersion<<endl;
    cout<<"Win32子系统主版本号MajorSubsystemVersion="<<opHeader->MajorSubsystemVersion<<endl;
    cout<<"Win32子系统副版本号MinorSubsystemVersion="<<opHeader->MinorSubsystemVersion<<endl;
    cout<<"SizeOfImage="<<opHeader->SizeOfImage<<endl;
    cout<<"头大小SizeOfHeaders="<<opHeader->SizeOfHeaders<<endl;
    cout<<"校验和CheckSum="<<opHeader->CheckSum<<endl;//私有算法
    cout<<"子系统Subsystem="<<opHeader->Subsystem<<endl;
    cout<<"DllCharacteristics="<<opHeader->DllCharacteristics<<endl;
    cout<<"SizeOfStackReserve="<<opHeader->SizeOfStackReserve<<endl;
    cout<<"SizeOfStackCommit="<<opHeader->SizeOfStackCommit<<endl;
    cout<<"SizeOfHeapReserve="<<opHeader->SizeOfHeapReserve<<endl;
    cout<<"SizeOfHeapCommit="<<opHeader->SizeOfHeapCommit<<endl;
    cout<<"LoaderFlags="<<opHeader->LoaderFlags<<endl;
    cout<<"NumberOfRvaAndSizes="<<opHeader->NumberOfRvaAndSizes<<endl;
    cout<<"导出表RVA:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress<<endl;
    cout<<"导出表大小:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size<<endl;
    cout<<"导入表RVA:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress<<endl;
    cout<<"导入表大小:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size<<endl;
    cout<<"资源RVA:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress<<endl;
    cout<<"资源大小:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size<<endl;
    cout<<"TLSRVA:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress<<endl;
    cout<<"TLS大小:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size<<endl;
    cout<<"调试RVA:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress<<endl;
    cout<<"调试:"<<opHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size<<endl;
    
    cout<<sizeof(IMAGE_OPTIONAL_HEADER)<<endl;
    PIMAGE_SECTION_HEADER ps=(PIMAGE_SECTION_HEADER)((BYTE*)opHeader+sizeof(IMAGE_OPTIONAL_HEADER));
    
    //打印所有的段信息
    for (int i=0;i<header->NumberOfSections;i++)
    {
        cout<<endl;
        cout<<"Name="<<ps[i].Name<<endl;
        cout<<"PhysicalAddress="<<ps[i].Misc.PhysicalAddress<<endl;
        cout<<"VirtualSize="<<ps[i].Misc.VirtualSize<<endl;
        cout<<"VirtualAddress="<<ps[i].VirtualAddress<<endl;
        cout<<"SizeOfRawData="<<ps[i].SizeOfRawData<<endl;
        cout<<"PointerToRawData="<<ps[i].PointerToRawData<<endl;
        cout<<"PointerToRelocations="<<ps[i].PointerToRelocations<<endl;
        cout<<"PointerToLinenumbers="<<ps[i].PointerToLinenumbers<<endl;
        cout<<"NumberOfRelocations="<<ps[i].NumberOfRelocations<<endl;
        cout<<"NumberOfLinenumbers="<<ps[i].NumberOfLinenumbers<<endl;
        cout<<"Characteristics="<<ps[i].Characteristics<<endl;
    }
    
    return 0;
}