void pe_print()
{
IMAGE_DOS_HEADER myDosHeader;
IMAGE_FILE_HEADER myFileHeader;
int nSectionCount;//PE文件ection数目
LONG e_lfanew;//为DOS头部的偏移
FILE *fp;
if(fp=fopen("e:\1000.exe","rb")) //打开一个文件
{
printf("[+]成功打开了文件
");
fread(&myDosHeader,sizeof(IMAGE_DOS_HEADER),1,fp); //打开一个文件流,读取一个数据块
e_lfanew = myDosHeader.e_lfanew; //为DOS头部的偏移
fseek(fp, (e_lfanew + sizeof(DWORD)), SEEK_SET);
fread(&myFileHeader,sizeof(IMAGE_FILE_HEADER),1,fp);
nSectionCount=myFileHeader.NumberOfSections;
IMAGE_SECTION_HEADER *pmySectionHeader = (IMAGE_SECTION_HEADER *)calloc(nSectionCount, sizeof(IMAGE_SECTION_HEADER));
fseek(fp, (e_lfanew + sizeof(IMAGE_NT_HEADERS)), SEEK_SET); //从文件起始位置偏移
fread(pmySectionHeader, sizeof(IMAGE_SECTION_HEADER), nSectionCount, fp);
int i = 0;
//printf("%d",nSectionCount);
for(i = 0; i <nSectionCount; i++,pmySectionHeader++)
{
printf("Name: %s
", pmySectionHeader->Name);
printf("union_PhysicalAddress: %08x
", pmySectionHeader->Misc.PhysicalAddress);
printf("union_VirtualSize: %04x
", pmySectionHeader->Misc.VirtualSize);
printf("VirtualAddress: %08x
", pmySectionHeader->VirtualAddress);
printf("SizeOfRawData: %08x
", pmySectionHeader->SizeOfRawData);
printf("PointerToRawData: %04x
", pmySectionHeader->PointerToRawData);
printf("PointerToRelocations: %04x
", pmySectionHeader->PointerToRelocations);
printf("PointerToLinenumbers: %04x
", pmySectionHeader->PointerToLinenumbers);
printf("NumberOfRelocations: %04x
", pmySectionHeader->NumberOfRelocations);
printf("NumberOfLinenumbers: %04x
", pmySectionHeader->NumberOfLinenumbers);
printf("Charateristics: %04x
", pmySectionHeader->Characteristics);
}
if(pmySectionHeader != NULL) // 释放内存
{
free(pmySectionHeader);
pmySectionHeader = NULL;
}
fclose(fp);
}
else printf("[-]打开文件失败
");
}
C语言实现打印section信息