// testpe.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//
#include <stdio.h>
#include <stdlib.h>
#include <Windows.h>
void pe_print()
{
IMAGE_DOS_HEADER myDosHeader;
IMAGE_FILE_HEADER myFileHeader;
int nSectionCount;//PE文件ection数目
LONG e_lfanew;//为DOS头部的偏移
FILE *fp;
if (fopen_s(&fp,"d:\\cmd.exe", "r")==0) //打开一个文件
{
printf("[+]成功打开了文件\n");
fread(&myDosHeader, sizeof(IMAGE_DOS_HEADER), 1, fp); //打开一个文件流,读取一个数据块
e_lfanew = myDosHeader.e_lfanew; //为DOS头部的偏移
fseek(fp, (e_lfanew + sizeof(DWORD)), SEEK_SET);
fread(&myFileHeader, sizeof(IMAGE_FILE_HEADER), 1, fp);
nSectionCount = myFileHeader.NumberOfSections;
IMAGE_SECTION_HEADER* pmySectionHeader = (IMAGE_SECTION_HEADER*)calloc(nSectionCount, sizeof(IMAGE_SECTION_HEADER));
fseek(fp, (e_lfanew + sizeof(IMAGE_NT_HEADERS)), SEEK_SET); //从文件起始位置偏移
fread(pmySectionHeader, sizeof(IMAGE_SECTION_HEADER), nSectionCount, fp);
int i = 0;
//printf("%d",nSectionCount);
for (i = 0; i < nSectionCount; i++, pmySectionHeader++)
{
printf("Name: %s\n", pmySectionHeader->Name);
printf("union_PhysicalAddress: %08x\n", pmySectionHeader->Misc.PhysicalAddress);
printf("union_VirtualSize: %04x\n", pmySectionHeader->Misc.VirtualSize);
printf("VirtualAddress: %08x\n", pmySectionHeader->VirtualAddress);
printf("SizeOfRawData: %08x\n", pmySectionHeader->SizeOfRawData);
printf("PointerToRawData: %04x\n", pmySectionHeader->PointerToRawData);
printf("PointerToRelocations: %04x\n", pmySectionHeader->PointerToRelocations);
printf("PointerToLinenumbers: %04x\n", pmySectionHeader->PointerToLinenumbers);
printf("NumberOfRelocations: %04x\n", pmySectionHeader->NumberOfRelocations);
printf("NumberOfLinenumbers: %04x\n", pmySectionHeader->NumberOfLinenumbers);
printf("Charateristics: %04x\n", pmySectionHeader->Characteristics);
}
if (pmySectionHeader != NULL) // 释放内存
{
free(pmySectionHeader);
pmySectionHeader = NULL;
}
fclose(fp);
}
else printf("[-]打开文件失败\n");
}
int main()
{
pe_print();
}
