#include <stdio.h>
#include <windows.h>
#include <malloc.h>
#include <stdlib.h>
LPVOID ReadFile(LPSTR szFileName)
{
FILE *pFile = NULL;
DWORD dwFileSize = 0;
LPVOID lpFileBuffer = NULL;
pFile = fopen("I:chess.exe", "rb");
if (!pFile)
{
printf("文件打开失败");
return NULL;
}
//移动文件指针末尾 获取文件大小
fseek(pFile, 0, 2);
dwFileSize = ftell(pFile);
fseek(pFile, 0, 0);
//恢复文件指针 重新读取
lpFileBuffer = malloc(dwFileSize);
if (!lpFileBuffer)
{
printf("系统错误,分配内存错误");
fclose(pFile);
return NULL;
}
size_t n = fread(lpFileBuffer, dwFileSize, 1, pFile);
if (!n)
{
printf("读取数据错误");
free(lpFileBuffer);
fclose(pFile);
return NULL;
}
fclose(pFile);
return lpFileBuffer;
}
void PrintNTHeaders()
{
LPVOID pFileBuffer;
PIMAGE_DOS_HEADER pDos_Header = NULL;
PIMAGE_NT_HEADERS pNT_Header = NULL;
PIMAGE_FILE_HEADER pFile_Hearder = NULL;
PIMAGE_OPTIONAL_HEADER pOptional_Header = NULL;
PIMAGE_SECTION_HEADER pSection_Header = NULL;
char szSectionName[9] = { 0 };
pFileBuffer = ReadFile("C:\\Users\\Administrator\\Desktop\\ICO取取取.exe");
if (!pFileBuffer)
{
printf("读取失败");
return ;
}
if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE)
{
printf("该文件非PE结构");
free(pFileBuffer);
return;
}
pDos_Header = (PIMAGE_DOS_HEADER)pFileBuffer;
printf("********************DOC头********************\n");
printf("MZ标志:%04x\n", pDos_Header->e_magic);
printf("PE偏移:%08x\n", pDos_Header->e_lfanew);
if (*((PDWORD)((DWORD)pFileBuffer + pDos_Header->e_lfanew)) != IMAGE_NT_SIGNATURE)
{
printf("不是有效的PE标志\n");
free(pFileBuffer);
return;
}
pNT_Header = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer + pDos_Header->e_lfanew);
//打印NT头
printf("********************NT头********************\n");
printf("NT:%08x\n", pNT_Header->Signature);
pFile_Hearder = (PIMAGE_FILE_HEADER)(((DWORD)pNT_Header) + 4);
printf("********************PE头********************\n");
printf("PE:%04x\n", pFile_Hearder->Machine);
printf("节的数量:%04x\n", pFile_Hearder->NumberOfSections);
printf("SizeOfOptionalHeader:%04x\n", pFile_Hearder->SizeOfOptionalHeader);
//可选PE头
pOptional_Header = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFile_Hearder + IMAGE_SIZEOF_FILE_HEADER);
printf("********************OPTIOIN_PE头********************\n");
printf("OPTION_PE:%04x\n", pOptional_Header->Magic);
pFile_Hearder->NumberOfSections;
for (int x = 0; x < (40 * pFile_Hearder->NumberOfSections); x += 40)
{
pSection_Header = (PIMAGE_SECTION_HEADER)((DWORD)pFileBuffer + pDos_Header->e_lfanew + 24 + pFile_Hearder->SizeOfOptionalHeader + x);
printf("********************Section_Header********************\n");
memcpy(szSectionName, pSection_Header->Name, 8);
szSectionName[8] = '\0';
printf("%s\n", szSectionName);
printf("%08x\n", pSection_Header->Misc);
printf("%08x\n", pSection_Header->VirtualAddress);
printf("%08x\n", pSection_Header->SizeOfRawData);
printf("%08x\n", pSection_Header->PointerToRawData);
printf("%08x\n", pSection_Header->PointerToRelocations);
printf("%08x\n", pSection_Header->PointerToLinenumbers);
printf("%04x\n", pSection_Header->NumberOfRelocations);
printf("%04x\n", pSection_Header->NumberOfLinenumbers);
printf("%08x\n", pSection_Header->Characteristics);
}
//释放内存
free(pFileBuffer);
}
int main()
{
PrintNTHeaders();
ReadFile("I:chess.exe");
return 0;
}
浙公网安备 33010602011771号