读取PE文件头的一段小程序
2010-03-29 16:31
423 查看
给自己定一个目标,要实现一个能复制自己的小程序,所以,首先,要认真学习PE文件结构,一下的程序读取一个EXE文件的文件头信息
代码
#include <iostream.h>
#include <windows.h>
void main()
{
HANDLE hFile;
hFile = CreateFile("c:\\notepad.exe",GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
cout<<"error"<<endl;#include <iostream.h>
#include <windows.h>
void main()
{
HANDLE hFile;
hFile = CreateFile("c:\\notepad.exe",GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
cout<<"error"<<endl;
return;
}
// 读写PE文件
DWORD fp;
BOOL rs;
BYTE buff[1024];
DWORD number;
fp=::SetFilePointer(hFile,0,NULL,FILE_BEGIN);//将文件读写指针移动到文件头
//读取DOS文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_DOS_HEADER),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_DOS_HEADER *mydosheader;
mydosheader=(_IMAGE_DOS_HEADER *)buff;
cout<<"PE header offset:"<<hex<<mydosheader->e_lfanew<<endl;//输出PE文件头的偏移
//将文件读写指针移动到PE文件头位置
fp=::SetFilePointer(hFile,mydosheader->e_lfanew,NULL,FILE_BEGIN);
//读取PE文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_NT_HEADERS),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_NT_HEADERS *mypeheader;
mypeheader=(_IMAGE_NT_HEADERS*)buff;
cout<<"PE magic:"<<hex<<mypeheader->Signature<<endl;//输出PE文件头标识
//输出PE文件_IMAGE_FILE_HEADER信息
cout<<"machine:"<<hex<<mypeheader->FileHeader.Machine<<endl;
cout<<"numberofsection:"<<hex<<mypeheader->FileHeader.NumberOfSections<<endl;
cout<<"TimeDateStamp:"<<hex<<mypeheader->FileHeader.TimeDateStamp<<endl;
cout<<"SizeOfOptionalHeader:"<<hex<<mypeheader->FileHeader.SizeOfOptionalHeader<<endl;
cout<<"Characteristics:"<<hex<<mypeheader->FileHeader.Characteristics<<endl;
//输出PE文件IMAGE_OPTIONAL_HEADER32信息
cout<<"AddressOfEntryPoint:"<<hex<<mypeheader->OptionalHeader.AddressOfEntryPoint<<endl;
cout<<"ImageBase:"<<hex<<mypeheader->OptionalHeader.ImageBase<<endl;
cout<<"SectionAlignment:"<<hex<<mypeheader->OptionalHeader.SectionAlignment<<endl;
cout<<"FileAlignment:"<<hex<<mypeheader->OptionalHeader.FileAlignment<<endl;
//输出PE文件IMAGE_DATA_DIRECTORY信息
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].Size<<endl;
cout<<"noname RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].VirtualAddress<<endl;
cout<<"noname size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].Size<<endl;
}
return;
}
// 读写PE文件
DWORD fp;
BOOL rs;
BYTE buff[1024];
DWORD number;
fp=::SetFilePointer(hFile,0,NULL,FILE_BEGIN);//将文件读写指针移动到文件头
//读取DOS文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_DOS_HEADER),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_DOS_HEADER *mydosheader;
mydosheader=(_IMAGE_DOS_HEADER *)buff;
cout<<"PE header offset:"<<hex<<mydosheader->e_lfanew<<endl;//输出PE文件头的偏移
//将文件读写指针移动到PE文件头位置
fp=::SetFilePointer(hFile,mydosheader->e_lfanew,NULL,FILE_BEGIN);
//读取PE文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_NT_HEADERS),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_NT_HEADERS *mypeheader;
mypeheader=(_IMAGE_NT_HEADERS*)buff;
cout<<"PE magic:"<<hex<<mypeheader->Signature<<endl;//输出PE文件头标识
//输出PE文件_IMAGE_FILE_HEADER信息
cout<<"machine:"<<hex<<mypeheader->FileHeader.Machine<<endl;
cout<<"numberofsection:"<<hex<<mypeheader->FileHeader.NumberOfSections<<endl;
cout<<"TimeDateStamp:"<<hex<<mypeheader->FileHeader.TimeDateStamp<<endl;
cout<<"SizeOfOptionalHeader:"<<hex<<mypeheader->FileHeader.SizeOfOptionalHeader<<endl;
cout<<"Characteristics:"<<hex<<mypeheader->FileHeader.Characteristics<<endl;
//输出PE文件IMAGE_OPTIONAL_HEADER32信息
cout<<"AddressOfEntryPoint:"<<hex<<mypeheader->OptionalHeader.AddressOfEntryPoint<<endl;
cout<<"ImageBase:"<<hex<<mypeheader->OptionalHeader.ImageBase<<endl;
cout<<"SectionAlignment:"<<hex<<mypeheader->OptionalHeader.SectionAlignment<<endl;
cout<<"FileAlignment:"<<hex<<mypeheader->OptionalHeader.FileAlignment<<endl;
//输出PE文件IMAGE_DATA_DIRECTORY信息
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].Size<<endl;
cout<<"noname RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].VirtualAddress<<endl;
cout<<"noname size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].Size<<endl;
}
代码
#include <iostream.h>
#include <windows.h>
void main()
{
HANDLE hFile;
hFile = CreateFile("c:\\notepad.exe",GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
cout<<"error"<<endl;#include <iostream.h>
#include <windows.h>
void main()
{
HANDLE hFile;
hFile = CreateFile("c:\\notepad.exe",GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
cout<<"error"<<endl;
return;
}
// 读写PE文件
DWORD fp;
BOOL rs;
BYTE buff[1024];
DWORD number;
fp=::SetFilePointer(hFile,0,NULL,FILE_BEGIN);//将文件读写指针移动到文件头
//读取DOS文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_DOS_HEADER),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_DOS_HEADER *mydosheader;
mydosheader=(_IMAGE_DOS_HEADER *)buff;
cout<<"PE header offset:"<<hex<<mydosheader->e_lfanew<<endl;//输出PE文件头的偏移
//将文件读写指针移动到PE文件头位置
fp=::SetFilePointer(hFile,mydosheader->e_lfanew,NULL,FILE_BEGIN);
//读取PE文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_NT_HEADERS),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_NT_HEADERS *mypeheader;
mypeheader=(_IMAGE_NT_HEADERS*)buff;
cout<<"PE magic:"<<hex<<mypeheader->Signature<<endl;//输出PE文件头标识
//输出PE文件_IMAGE_FILE_HEADER信息
cout<<"machine:"<<hex<<mypeheader->FileHeader.Machine<<endl;
cout<<"numberofsection:"<<hex<<mypeheader->FileHeader.NumberOfSections<<endl;
cout<<"TimeDateStamp:"<<hex<<mypeheader->FileHeader.TimeDateStamp<<endl;
cout<<"SizeOfOptionalHeader:"<<hex<<mypeheader->FileHeader.SizeOfOptionalHeader<<endl;
cout<<"Characteristics:"<<hex<<mypeheader->FileHeader.Characteristics<<endl;
//输出PE文件IMAGE_OPTIONAL_HEADER32信息
cout<<"AddressOfEntryPoint:"<<hex<<mypeheader->OptionalHeader.AddressOfEntryPoint<<endl;
cout<<"ImageBase:"<<hex<<mypeheader->OptionalHeader.ImageBase<<endl;
cout<<"SectionAlignment:"<<hex<<mypeheader->OptionalHeader.SectionAlignment<<endl;
cout<<"FileAlignment:"<<hex<<mypeheader->OptionalHeader.FileAlignment<<endl;
//输出PE文件IMAGE_DATA_DIRECTORY信息
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].Size<<endl;
cout<<"noname RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].VirtualAddress<<endl;
cout<<"noname size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].Size<<endl;
}
return;
}
// 读写PE文件
DWORD fp;
BOOL rs;
BYTE buff[1024];
DWORD number;
fp=::SetFilePointer(hFile,0,NULL,FILE_BEGIN);//将文件读写指针移动到文件头
//读取DOS文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_DOS_HEADER),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_DOS_HEADER *mydosheader;
mydosheader=(_IMAGE_DOS_HEADER *)buff;
cout<<"PE header offset:"<<hex<<mydosheader->e_lfanew<<endl;//输出PE文件头的偏移
//将文件读写指针移动到PE文件头位置
fp=::SetFilePointer(hFile,mydosheader->e_lfanew,NULL,FILE_BEGIN);
//读取PE文件头
rs=::ReadFile(hFile,buff,sizeof(_IMAGE_NT_HEADERS),&number,NULL);
if(rs==false)
{
cout<<"error"<<endl;
return;
}
_IMAGE_NT_HEADERS *mypeheader;
mypeheader=(_IMAGE_NT_HEADERS*)buff;
cout<<"PE magic:"<<hex<<mypeheader->Signature<<endl;//输出PE文件头标识
//输出PE文件_IMAGE_FILE_HEADER信息
cout<<"machine:"<<hex<<mypeheader->FileHeader.Machine<<endl;
cout<<"numberofsection:"<<hex<<mypeheader->FileHeader.NumberOfSections<<endl;
cout<<"TimeDateStamp:"<<hex<<mypeheader->FileHeader.TimeDateStamp<<endl;
cout<<"SizeOfOptionalHeader:"<<hex<<mypeheader->FileHeader.SizeOfOptionalHeader<<endl;
cout<<"Characteristics:"<<hex<<mypeheader->FileHeader.Characteristics<<endl;
//输出PE文件IMAGE_OPTIONAL_HEADER32信息
cout<<"AddressOfEntryPoint:"<<hex<<mypeheader->OptionalHeader.AddressOfEntryPoint<<endl;
cout<<"ImageBase:"<<hex<<mypeheader->OptionalHeader.ImageBase<<endl;
cout<<"SectionAlignment:"<<hex<<mypeheader->OptionalHeader.SectionAlignment<<endl;
cout<<"FileAlignment:"<<hex<<mypeheader->OptionalHeader.FileAlignment<<endl;
//输出PE文件IMAGE_DATA_DIRECTORY信息
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_TLS size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_IAT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].Size<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].VirtualAddress<<endl;
cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].Size<<endl;
cout<<"noname RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].VirtualAddress<<endl;
cout<<"noname size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].Size<<endl;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- PE程序壳编写学习过程(一)PE文件的读取
- 一段可以在UNIX下,读取当前目录下所有文件(包括子目录中的文件)的文件名的程序
- VC读取PE文件的OEP(程序入口)
- VC中改变PE文件中Dos Stub程序(显示This program cannot be run in DOS mode)那一段程序.
- 在Silverlight 程序中读取服务器端的XML格式文件
- 读取二进制文件程序
- c# 读取其他程序正打开的文件的时“正由另一进程使用,因此该进程无法访问该文件。"的问题解决方法
- 在安装Office 2003时出现"安装程序无法读取文件"错误
- Java解析ELF文件:使用Java读取文件头部、节区头部表、程序头部表
- 一段用ASP查看ASP文件源码的程序.
- 读取【程序名称.exe.config】配置文件
- 【转】一段仿真PE加载器行为的程序
- 读取siftgeo格式文件的matlab程序
- c程序按行读取文件
- 读取PE文件的导入表
- 文件链接读取程序
- Java程序中的配置文件的存放和读取
- opencv程序十三:读取摄像头或视频文件
- 通过Spark程序读取CSV文件存储到ES
- 通过自定义文件启动程序并读取