数据目录

可选pe头结构中最后一个属性：_IMAGE_DATA_DIRECTORY DataDirectory[16]；用来表示数据目录

 

 

1、我们所了解的PE分为头和节，在每个节中，都包含了我们写的一些代码和数据，但还有一些非常重要                

的信息是编译器替我们加到PE文件中的，这些信息可能存在在任何可以利用的地方。                

                

2、这些信息之所以重要，是因为这些信息包含了诸如：                

PE程序的图标在哪里？                

用到了哪些系统提供的函数？                

为其他的程序提供哪些函数？                

                

3、编译器添加了这么多信息，那程序是如何找到这些信息的呢？                

答案就是：数据目录                

                

4、数据目录定位：                

可选PE头最后一个成员，就是数据目录.一共有16个:                

typedef struct _IMAGE_DATA_DIRECTORY {                

    DWORD   VirtualAddress;                //内存偏移

    DWORD   Size;                //大小

} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;                

                

#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16    

 

分别是：导出表、导入表、资源表、异常信息表、安全证书表、重定位表、调试信息表、版权所以表、全局指针表                

TLS表、加载配置表、绑定导入表、IAT表、延迟导入表、COM信息表 最后一个保留未使用。     

         

其中的size是参考值，可以修改而不影响程序；  

                

和程序运行时息息相关的表有：                

    导出表                

    导入表           35-数据目录     

    重定位表                

    IAT表                

 

 

输出数据目录：

 

 

#include "stdafx.h"

#include "PeTool.h"

 

 

#define SRC "C:\\Users\\Administrator\\Desktop\\TraceMe.exe"

#define DEST "C:\\Users\\Administrator\\Desktop\\copy1.exe"

 

 

void printDataDirectory(){

    //定义头结构指针

    PIMAGE_DOS_HEADER dosHeader = NULL;        //dos头指针

    PIMAGE_FILE_HEADER peHeader = NULL;        //pe头指针

    PIMAGE_OPTIONAL_HEADER32 opHeader = NULL;    //可选pe头指针

 

 

    //1.读取文件到缓冲区

    LPVOID pFileBuffer = NULL;

    DWORD fileSize = ReadPEFile(SRC, &pFileBuffer);

    if(!fileSize){

        printf("读取文件失败\n");

        return;

    }

    //2.初始化头指针

    dosHeader = (PIMAGE_DOS_HEADER) pFileBuffer;

    peHeader = (PIMAGE_FILE_HEADER) ((DWORD)dosHeader + dosHeader->e_lfanew + 4);

    opHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)peHeader + IMAGE_SIZEOF_FILE_HEADER);

    //3.输出数据目录信息

    PIMAGE_DATA_DIRECTORY DataDirectory = opHeader->DataDirectory;

    printf("IMAGE_DIRECTORY_ENTRY_EXPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size);

    

    printf("IMAGE_DIRECTORY_ENTRY_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_RESOURCE: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_EXCEPTION: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_SECURITY: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size);

    

    printf("IMAGE_DIRECTORY_ENTRY_BASERELOC: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_DEBUG: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_GLOBALPTR: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_TLS: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_IAT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].Size);

 

    printf("IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress,

        DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size);

}

 

int main(int argc, char* argv[])

{

    printDataDirectory();

    getchar();

}

结果：