1,編程思路:文件格式檢查-〉fileheader讀取-〉fileoptionheader讀取-〉數據目錄表讀取-〉區塊表讀取-〉輸出表-〉輸入表
第一步,文件格式檢查
dos頭, IMAGE_DOS_HEADER STRUCT
{
WORD e_magic
..........
DWORD e_lfanew //指向pe文件頭+3ch
}PIMAGE_DOS_HEADER ENDS
PIMAGE_DOS_HEADER pDH=NULL;
判斷pDH->e_magic=='MZ'並通過pDH->e_ifanew找到IMAGE_NT_HEADERS
IMAGE_NT_HEADERS STRUCT
{
DWORD Signature
IMAGE_FILE_HEADER FileHeader
IMAGE_OPTIONAL_HEADER32 OptionlHeader
}PIMAGE_NT_HEADERS ENDS
PIMAGE_NT_HEADERS pNTH=NULL;
檢測: pNTH->Signature=='PE';
第二部,FileHeader讀取
PIMAGE_NT_HEADERS GetNtHeaders(LPVOID ImageBase)
{
if( !IsPEFile(ImageBase) )
return NULL;
PIMAGE_NT_HEADERS pNTH;
PIM_DOS_HEADERS pDH;
pDH=(PIMAGE_DOS_HEADER)ImageBase;
pNTH=(PIMAGE_NT_HEADERS)( (DWORD)pDH+pDH->e_lfanew ) ;
return pNTH;
}
