WindowsAPI實現PE解析器

原創 1treeS 2018-10-30 17:14

完整代碼

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>

int func1(char *path){
    int i = 0;
    FILE *fp;
    IMAGE_DOS_HEADER mydos; // PIMAGE_DOS_HEADER pmydos = &mydos;
    IMAGE_NT_HEADERS mynt;
    IMAGE_FILE_HEADER myfile;
    IMAGE_OPTIONAL_HEADER myopt;
    IMAGE_DATA_DIRECTORY mydata;
    // IMAGE_SECTION_HEADER *mysect;
    fp = fopen(path,"rb");
    if(fp == NULL){
        printf("Error\n");
        exit(0);
    }
    fread(&mydos,sizeof(IMAGE_DOS_HEADER),1,fp);
    printf("DOS HEADER:\n");
    printf("|\n");
    printf("e_magic:0x%04x\n",mydos.e_magic);
    printf("e_cblp:0x%04x\n",mydos.e_cblp);
    printf("e_cp:0x%04x\n",mydos.e_cp);
    printf("e_crlc:0x%04x\n",mydos.e_crlc);
    printf("e_cparhdr:0x%04x\n",mydos.e_cparhdr);
    printf("e_minalloc:0x%04x\n",mydos.e_minalloc);
    printf("e_maxalloc:0x%04x\n",mydos.e_maxalloc);
    printf("e_ss:0x%04x\n",mydos.e_ss);
    printf("e_sp:0x%04x\n",mydos.e_sp);
    printf("e_csum:0x%04x\n",mydos.e_csum);
    printf("e_ip:0x%04x\n",mydos.e_ip);
    printf("e_cs:0x%04x\n",mydos.e_cs);
    printf("e_lfarlc:0x%04x\n",mydos.e_lfarlc);
    printf("e_ovno:0x%04x\n",mydos.e_ovno);
    printf("e_res[0]:0x%04x\n",mydos.e_res[0]);
    printf("e_res[1]:0x%04x\n",mydos.e_res[1]);
    printf("e_res[2]:0x%04x\n",mydos.e_res[2]);
    printf("e_res[3]:0x%04x\n",mydos.e_res[3]);
    printf("e_oemid:0x%04x\n",mydos.e_oemid);
    printf("e_oeminfo:0x%04x\n",mydos.e_oeminfo);
    while(i < 10){
        printf("e_res2[%d]:0x%04x\n",i,mydos.e_res2[i]);
        i++;
    }
    printf("e_lfanew:0x%08x\n",mydos.e_lfanew);
    printf("\n");
    printf("NT HEADER:\n");
    printf("|\n");
    fseek(fp,0x40,1); // fseek(fp,offset,where)
    fread(&mynt,sizeof(IMAGE_NT_HEADERS),1,fp);
    printf("Signature:0x%08x\n",mynt.Signature);
    myfile = mynt.FileHeader; // NT Header
    printf("FILE HEADER:\n");
    printf("|\n");
    printf("Machine:0x%04x\n",myfile.Machine);
    printf("NumberOfSections:0x%04x\n",myfile.NumberOfSections);
    printf("TimeDateStamp:0x%08x\n",myfile.TimeDateStamp);
    printf("PointerToSymbolTable:0x%08x\n",myfile.PointerToSymbolTable);
    printf("NumberOfSymbols:0x%08x\n",myfile.NumberOfSymbols);
    printf("SizeOfOptionalHeader:0x%04x\n",myfile.SizeOfOptionalHeader);
    printf("FILE_Characteristics:0x%04x\n",myfile.Characteristics);
    myopt = mynt.OptionalHeader;
    printf("Optional HEADER:\n");
    printf("|\n");
    printf("Optional_Magic:0x%04x\n",myopt.Magic);
    printf("MajorLinkerVersion:0x%02x\n",myopt.MajorLinkerVersion);
    printf("MinorLinkerVersion:0x%02x\n",myopt.MinorLinkerVersion);
    printf("SizeOfCode:0x%08x\n",myopt.SizeOfCode);
    printf("SizeOfInitializedData:0x%08x\n",myopt.SizeOfInitializedData);
    printf("SizeOfUninitializedData:0x%08x\n",myopt.SizeOfUninitializedData);
    printf("AddressOfEntryPoint:0x%08x\n",myopt.AddressOfEntryPoint);
    printf("BaseOfCode:0x%08x\n",myopt.BaseOfCode);
    printf("ImageBase:0x%016x\n",myopt.ImageBase);
    printf("SectionAlignment:0x%08x\n",myopt.SectionAlignment);
    printf("FileAlignment:0x%08x\n",myopt.FileAlignment);
    printf("MajorOperatingSystemVersion:0x%04x\n",myopt.MajorOperatingSystemVersion);
    printf("MinorOperatingSystemVersion:0x%04x\n",myopt.MinorOperatingSystemVersion);
    printf("MajorImageVersion:0x%04x\n",myopt.MajorImageVersion);
    printf("MinorImageVersion:0x%04x\n",myopt.MinorImageVersion);
    printf("MajorSubsystemVersion:0x%04x\n",myopt.MajorSubsystemVersion);
    printf("MinorSubsystemVersion:0x%04x\n",myopt.MinorSubsystemVersion);
    printf("Win32VersionValue:0x%08x\n",myopt.Win32VersionValue);
    printf("SizeOfImage:0x%08x\n",myopt.SizeOfImage);
    printf("SizeOfHeaders:0x%08x\n",myopt.SizeOfHeaders);
    printf("CheckSum:0x%08x\n",myopt.CheckSum);
    printf("Subsystem:0x%04x\n",myopt.Subsystem);
    printf("DllCharacteristics:0x%04x\n",myopt.DllCharacteristics);
    printf("SizeOfStackReserve:0x%016x\n",myopt.SizeOfStackReserve);
    printf("SizeOfStackCommit:0x%016x\n",myopt.SizeOfStackCommit);
    printf("SizeOfHeapReserve:0x%016x\n",myopt.SizeOfHeapReserve);
    printf("SizeOfHeapCommit:0x%016x\n",myopt.SizeOfHeapCommit);
    printf("LoaderFlags:0x%08x\n",myopt.LoaderFlags);
    printf("NumberOfRvaAndSizes:0x%08x\n",myopt.NumberOfRvaAndSizes);
    printf("...\n");
    fclose(fp);
    system("pause");
    return 0;
}

int main(int argc,char *argv[]){
    char path[100];
    printf("Input the path of file:\t");
    scanf("%s",path);
    printf("----------\n");
    func1(path);
    return 0;
}

運行結果

說明
包含了 DOS 頭和 NT 頭的主要標誌,但是不包含導入表導出表,以及節表的信息!這三個功能之後會單獨實現!

END

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Python與家國天下

豌豆花下貓 2019-02-24 22:22:40

windows下配置php

jason1982 2019-02-24 12:57:09

windows2003+CA+S3300+802.1X

qyh282110204 2019-02-23 14:05:36

win7如何以管理員身份登錄

wwtwwttc 2019-02-23 14:05:22

windows系統常用快捷鍵

LQ_112 2019-02-23 13:47:18

FIRST_MFC

youyou輝 2019-02-23 13:38:56

Antigen for exchange 部署+評測

coinking 2019-02-23 13:36:48

windows2003前言

starruning 2019-02-23 13:33:37

windows server 2008 登錄中 取消CTRL+ALT+DEL

菜鳥小苗 2019-02-23 13:31:29

windows server 2008中實現顆粒化的密碼策略

菜鳥小苗 2019-02-23 13:31:29

教你如何隱藏windows系統賬戶

幽鳴草 2019-02-23 13:28:10

linux下掛載windows NFS文件共享出錯

chefei0824 2019-02-23 13:27:20

win2000/xp自動關機技巧

hack_888 2019-02-23 13:24:59

xp中對文件加密

hack_888 2019-02-23 13:24:15

素數

LSIN 2019-02-24 16:45:09