获取PE文件的OEP值 (源码)
2007-06-05 17:19
260 查看
两种方法读取PE文件的OEP值:一是 直接读取文件,二是 通过内存映射。
#include "stdafx.h"
#include <afx.h>
//-------------------------------
//read the file of .exe get the OEP (Original Entry Point)
//-------------------------------
BOOL ReadOPEbyFile(LPCSTR szFileName)
{
HANDLE hFile;
if ((hFile = CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0))==INVALID_HANDLE_VALUE)
{
printf("Can't open the file");
return FALSE;
}
DWORD dwOEP,cbRead;
IMAGE_DOS_HEADER dos_head[sizeof(IMAGE_DOS_HEADER)];
if (!ReadFile(hFile,dos_head,sizeof(IMAGE_DOS_HEADER),&cbRead,NULL))
{
printf("Read image_dos_header failed ./n");
CloseHandle(hFile);
return FALSE;
}
int nEntryPos = dos_head->e_lfanew+40;
SetFilePointer(hFile,nEntryPos,NULL,FILE_BEGIN);
if (!ReadFile(hFile,&dwOEP,sizeof(dwOEP),&cbRead,NULL)) {
printf("Read OEP failed ./n");
CloseHandle(hFile);
return FALSE;
}
CloseHandle(hFile);
printf("OEP by file: %d/n",dwOEP);
return TRUE;
}
//-----------------------------------------
//fileMapping get the OEP
//-----------------------------------------
BOOL ReadOEPbyMemory(LPCSTR szFileName)
{
struct PE_HEADER_MAP
{
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header[6];
}*header;
HANDLE hFile;
HANDLE hMapping;
void *basepointer;
//open the file
if ((hFile = CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0))==INVALID_HANDLE_VALUE) {
printf("Can't open the file");
return FALSE;
}
if (!(hMapping = CreateFileMapping(hFile,0,PAGE_READONLY|SEC_COMMIT,0,0,0))) {
printf("Mapping failed./n");
CloseHandle(hFile);
return FALSE;
}
if (!(basepointer = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0)))
{
printf("View failed./n");
CloseHandle(hMapping);
CloseHandle(hFile);
return FALSE;
}
IMAGE_DOS_HEADER *dos_head = (IMAGE_DOS_HEADER *)basepointer;
header = (PE_HEADER_MAP *)((char *)dos_head+dos_head->e_lfanew);
DWORD dwOEP = header->opt_head.AddressOfEntryPoint;
UnmapViewOfFile(basepointer);
CloseHandle(hMapping);
CloseHandle(hFile);
printf("OEP by memory :%d/n",dwOEP);
return TRUE;
}
int main(int argc, char* argv[])
{
printf("Hello World!/n");
ReadOPEbyFile("D://jp.exe");
ReadOEPbyMemory("D://jp.exe");
return 0;
}
#include "stdafx.h"
#include <afx.h>
//-------------------------------
//read the file of .exe get the OEP (Original Entry Point)
//-------------------------------
BOOL ReadOPEbyFile(LPCSTR szFileName)
{
HANDLE hFile;
if ((hFile = CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0))==INVALID_HANDLE_VALUE)
{
printf("Can't open the file");
return FALSE;
}
DWORD dwOEP,cbRead;
IMAGE_DOS_HEADER dos_head[sizeof(IMAGE_DOS_HEADER)];
if (!ReadFile(hFile,dos_head,sizeof(IMAGE_DOS_HEADER),&cbRead,NULL))
{
printf("Read image_dos_header failed ./n");
CloseHandle(hFile);
return FALSE;
}
int nEntryPos = dos_head->e_lfanew+40;
SetFilePointer(hFile,nEntryPos,NULL,FILE_BEGIN);
if (!ReadFile(hFile,&dwOEP,sizeof(dwOEP),&cbRead,NULL)) {
printf("Read OEP failed ./n");
CloseHandle(hFile);
return FALSE;
}
CloseHandle(hFile);
printf("OEP by file: %d/n",dwOEP);
return TRUE;
}
//-----------------------------------------
//fileMapping get the OEP
//-----------------------------------------
BOOL ReadOEPbyMemory(LPCSTR szFileName)
{
struct PE_HEADER_MAP
{
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header[6];
}*header;
HANDLE hFile;
HANDLE hMapping;
void *basepointer;
//open the file
if ((hFile = CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_FLAG_SEQUENTIAL_SCAN,0))==INVALID_HANDLE_VALUE) {
printf("Can't open the file");
return FALSE;
}
if (!(hMapping = CreateFileMapping(hFile,0,PAGE_READONLY|SEC_COMMIT,0,0,0))) {
printf("Mapping failed./n");
CloseHandle(hFile);
return FALSE;
}
if (!(basepointer = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0)))
{
printf("View failed./n");
CloseHandle(hMapping);
CloseHandle(hFile);
return FALSE;
}
IMAGE_DOS_HEADER *dos_head = (IMAGE_DOS_HEADER *)basepointer;
header = (PE_HEADER_MAP *)((char *)dos_head+dos_head->e_lfanew);
DWORD dwOEP = header->opt_head.AddressOfEntryPoint;
UnmapViewOfFile(basepointer);
CloseHandle(hMapping);
CloseHandle(hFile);
printf("OEP by memory :%d/n",dwOEP);
return TRUE;
}
int main(int argc, char* argv[])
{
printf("Hello World!/n");
ReadOPEbyFile("D://jp.exe");
ReadOEPbyMemory("D://jp.exe");
return 0;
}
相关文章推荐
- 获取PE文件的导出函数列表
- 根据PE文件格式获取LoadLibraryA()/GetProcAddress()地址
- 获取PE文件的区段表
- 获取pe文件的文件类型
- 获取PE文件的导出函数
- 根据PE文件格式获取LoadLibraryA()
- Java源码——使用JFileChooser获取文件及目录信息(Obtain file and directory information)
- Python获取网页源码并保存为文件Demo
- 根据PE文件格式获取LoadLibraryA()/GetProcAddress()地址
- 修改PE文件的入口函数OEP
- 使用getCurrentPosition方法实时获取当前Geolocation信息(附源码文件)--html5、JavaScript
- 自己写的一个PE文件FileVersionInfo类,可以轻松获取PE文件版本信息
- C语言编程获取PE文件File_Header内容
- 深入解析PE文件结构之导出表获取
- mybatis源码学习之执行过程分析(4)——映射文件中sql的获取和sql语句的执行
- PE文件信息获取工具-PEINFO
- 深入解析PE文件结构之导出表获取
- Windows Pe 第三章 PE头文件-EX-相关编程-1(PE头内容获取)
- hibernate3.0源码分析:配置文件的获取
- 怎样获取exe,dll,ocx等PE文件的版本号