PE操作 C

#include <stdio.h>
#include <Windows.h>
#include <stdlib.h>

char* ReadPeFile(char* filePath)
{
    FILE* file = NULL;
    DWORD size = 0;
    char* fileBuffer = NULL;
    
    file = fopen(filePath,"rb");
    if (!file)
    {
        puts("--------------------------------OpenFile Error!-------------------------------------------");
        return NULL;
    }

    fseek(file,0L,SEEK_END);
    size = ftell(file);
    fseek(file,0L,SEEK_SET);
    

    fileBuffer = (char*)malloc(size);
    if (!fileBuffer)
    {
        puts("--------------------------------Malloc Buffer Error!-------------------------------------------");
        fclose(file);
        return NULL;
    }

    size_t a = fread(fileBuffer,size,1,file);
    if (!a)
    {
        puts("--------------------------------ReadFile Error!-------------------------------------------");
        fclose(file);
        free(fileBuffer);
        fileBuffer = NULL;
        return NULL;
    }

    return fileBuffer;
}


VOID PrintPEHeaders()
{
    char* filePath = "D:\\网易云音乐PC版\\cloudmusic.exe";
    char* fileBuffer = NULL;
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_NT_HEADERS pNTHeaders = NULL;
    PIMAGE_FILE_HEADER pPeHEader = NULL;
    PIMAGE_OPTIONAL_HEADER pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;

    fileBuffer = ReadPeFile(filePath);
    if (!fileBuffer)
    {
        puts("操作失败!");
        exit(1);
    }

    pDosHeader = (PIMAGE_DOS_HEADER)fileBuffer;
    if (*((PWORD)pDosHeader) != IMAGE_DOS_SIGNATURE)
    {
        puts("exe Error");
        free(fileBuffer);
        fileBuffer = NULL;
        exit(1);
    }
    printf("--------------------DOS------------------------------------\n");
    printf("MZ::%x        PE偏移量::%x\n",pDosHeader->e_magic, pDosHeader->e_lfanew);

    //pe
    if (*((PDWORD)((DWORD)pDosHeader + pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE)
    {
        puts("PE error");
        free(fileBuffer);
        fileBuffer = NULL;
        exit(1);
    }
    pNTHeaders = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew);
    printf("--------------------NT------------------------------------\n");
    printf("PE::%x", pNTHeaders->Signature);

    pPeHEader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeaders + 4);
    printf("--------------------PE------------------------------------\n");
    printf("CPU::%x    %x", pPeHEader->Machine,pNTHeaders->OptionalHeader.CheckSum);
}

int main(void)
{
    PrintPEHeaders();

    return 0;
}

节表

#define _CRT_SECURE_NO_WARNINGS
#include <stdio.h>
#include <Windows.h>

void FreeBuffer(char** fileBuffer)
{
    free(*fileBuffer);
    *fileBuffer = NULL;
}
char* ReadPeFile(char* filePath)
{
    char* filebuffer = NULL;
    FILE* file = NULL;
    DWORD size = 0;
    
    file = fopen(filePath,"rb");
    if (!file)
    {
        puts("OpenFile Error:::");
        return NULL;
    }

    fseek(file,0L,SEEK_END);
    size = ftell(file);
    fseek(file,0L,SEEK_SET);

    filebuffer = (char*)malloc(size);
    if (!filebuffer)
    {
        puts("Malloc buffer Error:::");
        fclose(file);
        return NULL;
    }

    size_t a = fread(filebuffer,size,1,file);
    if (!a)
    {
        puts("Read File Error");
        fclose(file);
        FreeBuffer(&filebuffer);
        return NULL;
    }

    return filebuffer;
}


void printPE()
{
    char* filePath = "C:\\Windows\\System32\\notepad.exe";
    char* fileBuffer = NULL;

    PIMAGE_DOS_HEADER  pDosHeader = NULL;
    PIMAGE_NT_HEADERS pNTHeaders = NULL;
    PIMAGE_FILE_HEADER pPeHeader = NULL;
    PIMAGE_OPTIONAL_HEADER pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;

    fileBuffer = ReadPeFile(filePath);
    if (!fileBuffer)
    {
        puts("Error!");
        exit(1);
    }

    //MZ
    pDosHeader = (PIMAGE_DOS_HEADER)fileBuffer;
    if (*((PWORD)pDosHeader) != IMAGE_DOS_SIGNATURE)
    {
        puts("Not exe! Error");
        FreeBuffer(&fileBuffer);
        exit(1);
    }
    //PE
    if ( *((PDWORD)((DWORD)pDosHeader+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE )
    {
        puts("Not PE Error");
        FreeBuffer(&fileBuffer);
        exit(1);
    }
    pNTHeaders = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew);
    
    pPeHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeaders + 4);
    int sizeOption = pPeHeader->SizeOfOptionalHeader;
    
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pPeHeader + IMAGE_SIZEOF_FILE_HEADER);

    pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+ sizeOption);

    BYTE name[9] = {0};
    int i;
    int j;

    for (i = 0; i < pPeHeader->NumberOfSections; i++)
    {
        for (j = 0; j < 9; j++)
        {
            name[j] = (pSectionHeader->Name)[j];

        }
        printf("Name:%s    BufferMove:%x    Buffer:%x     FileMove:%x  File:%x  标志:%x\n", name, pSectionHeader->VirtualAddress, pSectionHeader->Misc, 
            pSectionHeader->PointerToRawData, pSectionHeader->SizeOfRawData, pSectionHeader->Characteristics);
        pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)(pSectionHeader) + 40);
    }
    
    FreeBuffer(&fileBuffer);

}


int main()
{

    printPE();
    return 0;
}

posted @ 2018-08-24 08:59 LifeOverflow 阅读(60) 评论(0) 收藏举报

刷新页面返回顶部

SeraphGabriel

PE操作 C

公告