控制臺程序,打印pe頭信息-創(chuàng)新互聯(lián)

#include "stdafx.h"

創(chuàng)新互聯(lián)建站是一家專業(yè)提供元謀企業(yè)網(wǎng)站建設(shè),專注與成都網(wǎng)站建設(shè)、成都做網(wǎng)站、HTML5、小程序制作等業(yè)務(wù)。10年已為元謀眾多企業(yè)、政府機構(gòu)等服務(wù)。創(chuàng)新互聯(lián)專業(yè)的建站公司優(yōu)惠進行中。

#include <stdio.h>

#include <string.h>

#include <iostream.h>

#include <math.h>

#include <stdlib.h>

#define DWORD unsigned long

#define LPVOID void*

#define VOID void

#define WORD unsigned short

#define LONG long

#define BYTE unsigned char

#define PWORD short*

#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ

#define IMAGE_OS2_SIGNATURE 0x454E // NE

#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE

#define IMAGE_VXD_SIGNATURE 0x454C // LE

#define IMAGE_NT_SIGNATURE 0x00004550 // PE00

#define IMAGE_SIZEOF_FILE_HEADER 0x14

#define IMAGE_SIZEOF_SHORT_NAME 8

typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header

WORD e_magic; // Magic number

WORD e_cblp; // Bytes on last page of file

WORD e_cp; // Pages in file

WORD e_crlc; // Relocations

WORD e_cparhdr; // Size of header in paragraphs

WORD e_minalloc; // Minimum extra paragraphs needed

WORD e_maxalloc; // Maximum extra paragraphs needed

WORD e_ss; // Initial (relative) SS value

WORD e_sp; // Initial SP value

WORD e_csum; // Checksum

WORD e_ip; // Initial IP value

WORD e_cs; // Initial (relative) CS value

WORD e_lfarlc; // File address of relocation table

WORD e_ovno; // Overlay number

WORD e_res[4]; // Reserved words

WORD e_oemid; // OEM identifier (for e_oeminfo)

WORD e_oeminfo; // OEM information; e_oemid specific

WORD e_res2[10]; // Reserved words

LONG e_lfanew; // File address of new exe header

} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;

typedef struct _IMAGE_FILE_HEADER {

WORD Machine;

WORD NumberOfSections;

DWORD TimeDateStamp;

DWORD PointerToSymbolTable;

DWORD NumberOfSymbols;

WORD SizeOfOptionalHeader;

WORD Characteristics;

} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;

typedef struct _IMAGE_OPTIONAL_HEADER {

// Standard fields.

WORD Magic;

BYTE MajorLinkerVersion;

BYTE MinorLinkerVersion;

DWORD SizeOfCode;

DWORD SizeOfInitializedData;

DWORD SizeOfUninitializedData;

DWORD AddressOfEntryPoint;

DWORD BaseOfCode;

DWORD BaseOfData;

// NT additional fields.

DWORD ImageBase;

DWORD SectionAlignment;

DWORD FileAlignment;

WORD MajorOperatingSystemVersion;

WORD MinorOperatingSystemVersion;

WORD MajorImageVersion;

WORD MinorImageVersion;

WORD MajorSubsystemVersion;

WORD MinorSubsystemVersion;

DWORD Win32VersionValue;

DWORD SizeOfImage;

DWORD SizeOfHeaders;

DWORD CheckSum;

WORD Subsystem;

WORD DllCharacteristics;

DWORD SizeOfStackReserve;

DWORD SizeOfStackCommit;

DWORD SizeOfHeapReserve;

DWORD SizeOfHeapCommit;

DWORD LoaderFlags;

DWORD NumberOfRvaAndSizes;

// IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];

} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;

typedef struct _IMAGE_NT_HEADERS {

DWORD Signature;

IMAGE_FILE_HEADER FileHeader;

IMAGE_OPTIONAL_HEADER32 OptionalHeader;

} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;

typedef struct _IMAGE_SECTION_HEADER {

BYTE Name[IMAGE_SIZEOF_SHORT_NAME];

union {

DWORD PhysicalAddress;

DWORD VirtualSize;

} Misc;

DWORD VirtualAddress;

DWORD SizeOfRawData;

DWORD PointerToRawData;

DWORD PointerToRelocations;

DWORD PointerToLinenumbers;

WORD NumberOfRelocations;

WORD NumberOfLinenumbers;

DWORD Characteristics;

} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;

void* ReadPEFile(char* LpszFile)

{

FILE *pFile=NULL;

DWORD fileSize=0;

LPVOID pFileBuffer=NULL;

pFile=fopen(LpszFile,"rb");

if(!pFile)

{

printf("無法打開EXE文件");

return NULL;

}

//讀取文件

fseek(pFile,0,SEEK_END);

fileSize=ftell(pFile);

fseek(pFile,0,SEEK_SET);

//分配緩沖區(qū)

pFileBuffer=malloc(fileSize);

if(!pFileBuffer)

{

printf("分配緩沖區(qū)失敗");

fclose(pFile);

return NULL;

}

//將文件數(shù)據(jù)讀取到緩沖區(qū)

size_t n=fread(pFileBuffer,fileSize,1,pFile);

if(!n)

{

printf("讀取文件到緩沖區(qū)失敗");

free(pFileBuffer);

fclose(pFile);

return NULL;

}

fclose(pFile);

return pFileBuffer;

}

VOID PrintNTHeaders(char *path)

{

LPVOID pFileBuffer=NULL;

PIMAGE_DOS_HEADER pDosHeader=NULL;

PIMAGE_NT_HEADERS pNTHeader=NULL;

PIMAGE_FILE_HEADER pPEHeader=NULL;

PIMAGE_OPTIONAL_HEADER32 pOptionHeader=NULL;

PIMAGE_SECTION_HEADER pSectionHeader=NULL;

pFileBuffer=ReadPEFile(path);

if(!pFileBuffer)

{

printf("讀取文件失敗");

return ;

}

if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)

{

printf("不是MZ");

free(pFileBuffer);

return ;

}

pDosHeader=(PIMAGE_DOS_HEADER)pFileBuffer;

//打印doc頭

printf("************doc************\n");

printf("MZ偏移: %x\n",pDosHeader->e_magic);

printf(" e_cblp; 文件最后頁的字節(jié)數(shù): %x\n",pDosHeader->e_cblp);

printf(" e_cp; 文件頁數(shù): %x\n",pDosHeader->e_cp);

printf(" e_crlc; 重定義元素個數(shù): %x\n",pDosHeader->e_crlc);

printf(" e_cparhdr; 頭部尺寸，以段落為單位: %x\n",pDosHeader->e_cparhdr);

printf(" ; 所需的最小附加段: %x\n",pDosHeader->e_minalloc);

printf(" ; 所需的大附加段: %x\n",pDosHeader->e_maxalloc);

printf(" e_ss; // 初始的SS值（相對偏移量）: %x\n",pDosHeader->e_ss);

printf(" e_sp; // 初始的SP值: %x\n",pDosHeader->e_sp);

printf(" e_csum; // 校驗和: %x\n",pDosHeader->e_csum);

printf(" e_ip; // 初始的IP值: %x\n",pDosHeader->e_ip);

printf(" e_cs; // 初始的CS值（相對偏移量）: %x\n",pDosHeader->e_cs);

printf(" e_lfarlc; // 重分配表文件地址: %x\n",pDosHeader->e_lfarlc);

printf(" e_ovno; // 覆蓋號: %x\n",pDosHeader->e_ovno);

printf(" e_res[4]; // 保留字: %x\n",pDosHeader->e_res);

printf(" e_oemid; // OEM標識符（相對e_oeminfo）: %x\n",pDosHeader->e_oemid);

printf(" e_oeminfo; // OEM信息: %x\n",pDosHeader->e_oeminfo);

printf(" e_res2[10]; // 保留字: %x\n",pDosHeader->e_res2[0]);

printf("PE偏移: %x\n",pDosHeader->e_lfanew);

pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pDosHeader+(pDosHeader->e_lfanew));

printf("************NT************\n");

printf("NTsignature: %x-%x\n",(DWORD)&(pNTHeader->Signature),pNTHeader->Signature);

printf("NT-FileHeader: %x\n",pNTHeader->FileHeader);

pPEHeader=(PIMAGE_FILE_HEADER)((DWORD)pNTHeader+0x4);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->Machine),pPEHeader->Machine);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->NumberOfSections),pPEHeader->NumberOfSections);

printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->SizeOfOptionalHeader),pPEHeader->SizeOfOptionalHeader);

pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);

for(int i=0;i<pPEHeader->NumberOfSections;i++){

pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader+sizeof(_IMAGE_SECTION_HEADER)*i);

printf("************第%d節(jié)表************\n",i+1);

printf(" Name: %x-%x%x%x%x%x%x%x%x\n",

(DWORD)&(pSectionHeader->Name),

pSectionHeader->Name[0],

pSectionHeader->Name[1],

pSectionHeader->Name[2],

pSectionHeader->Name[3],

pSectionHeader->Name[4],

pSectionHeader->Name[5],

pSectionHeader->Name[6],

pSectionHeader->Name[7]);

printf(" Name: %x-------%s\n",(DWORD)&(pSectionHeader->Name),pSectionHeader->Name);

printf(" VirtualAddress: %x-------%x\n",(DWORD)&(pSectionHeader->VirtualAddress),pSectionHeader->VirtualAddress);

printf(" PointerToRawData: %x-------%x\n",(DWORD)&(pSectionHeader->PointerToRawData),pSectionHeader->PointerToRawData);

}

free(pFileBuffer);

}

int main(int argc, char* argv[])

{

char path[]="d:/firefox.exe";

PrintNTHeaders(path);

printf("Hello World!\n");

return 0;

}

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機、免備案服務(wù)器”等云主機租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價比高”等特點與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

標題名稱：控制臺程序,打印pe頭信息-創(chuàng)新互聯(lián)
當前鏈接：http://www.rwnh.cn/article46/ccejeg.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供虛擬主機、建站公司、域名注冊、網(wǎng)站策劃、網(wǎng)站設(shè)計公司、網(wǎng)站設(shè)計

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容

中文字幕日韩精品一区二区免费_精品一区二区三区国产精品无卡在_国精品无码专区一区二区三区_国产αv三级中文在线

控制臺程序,打印pe頭信息-創(chuàng)新互聯(lián)