1 #define _CRT_SECURE_NO_WARNINGS
2 #include<stdio.h>
3 #include<stdlib.h>
4 #include<string.h>
5
6 typedef unsigned char BYTE;
7 typedef unsigned short WORD;
8 typedef unsigned int DWORD;
9
10 #define IMAGE_SIZEOF_SHORT_NAME 8
11 typedef struct _Section_Header
12 {
13 BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
14 union
15 {
16 DWORD Physical_Address;
17 DWORD Virtual_Size;
18 }Misc;
19 DWORD Virtual_Address;
20 DWORD SizeOfRawData;
21 DWORD PointerToRawData;
22 DWORD PointerToRelocations;
23 DWORD PointerToLinenumbers;
24 WORD NumberOfRelocations;
25 WORD NumberOfLinenumbers;
26 DWORD Characteristics;
27
28 }Section_Header;
29
30 typedef struct _PE_Information
31 {
32 DWORD Dos_Header_e_lfanew;
33 WORD File_Header_NumberOfSections;
34 WORD File_Header_SizeOfOptionHeader;
35 DWORD Option_Header_SectionAlignment;
36 DWORD Option_Header_FileAlignment;
37 DWORD Option_Header_SizeOfImage;
38 DWORD Option_Header_SizeOfHeaders;
39 DWORD File_Header_Offset;
40 DWORD Optional_Header_Offset;
41 DWORD Section_Header_Offset;
42 Section_Header* PSection = (Section_Header*)malloc(sizeof(Section_Header) * File_Header_NumberOfSections);
43
44 }PE_Information;
45
46 typedef struct _Rva_And_Raw
47 {
48 DWORD Raw;
49 DWORD Rva;
50 }Rva_And_Raw;
51
52 //读取文件长度
53 int File_Lenth(FILE* p)
54 {
55 fseek(p, 0, SEEK_END);
56 int len = ftell(p);
57 fseek(p, 0, SEEK_SET);
58 return len;
59 }
60
61 //生成文件缓冲区
62 char* File_Read(const char* p, int& length)
63 {
64 //文件指针
65 FILE* pf = fopen(p, "rb");
66
67 //获得文件长度
68 length = File_Lenth(pf);
69
70 //分配FileBuffer的空间
71 char* pt = (char*)malloc(sizeof(char) * length);
72
73 //读入到空间中
74 fread(pt, length, 1, pf);
75
76 fclose(pf);
77 return pt;
78 }
79
80 //读取PE_Header的数据
81 void Get_PE_Information(PE_Information* PE,char* pt)
82 {
83 memcpy(&PE->Dos_Header_e_lfanew, pt + 0x3C, 4);
84
85 PE->File_Header_Offset = PE->Dos_Header_e_lfanew + 4;
86
87 memcpy(&PE->File_Header_NumberOfSections, pt + PE->File_Header_Offset + 2, 2);
88
89 memcpy(&PE->File_Header_SizeOfOptionHeader, pt + PE->File_Header_Offset + 0x10, 2);
90
91 PE->Optional_Header_Offset = PE->File_Header_Offset + 0x14;
92
93 PE->Section_Header_Offset = PE->Optional_Header_Offset + PE->File_Header_SizeOfOptionHeader;
94
95 memcpy(&PE->Option_Header_FileAlignment, pt + PE->Optional_Header_Offset + 0x24, 4);
96
97 memcpy(&PE->Option_Header_SectionAlignment, pt + PE->Optional_Header_Offset + 0x20, 4);
98
99 memcpy(&PE->Option_Header_SizeOfHeaders, pt + PE->Optional_Header_Offset + 0x3c, 4);
100
101 memcpy(&PE->Option_Header_SizeOfImage, pt + PE->Optional_Header_Offset + 0x38, 4);
102
103 memcpy(PE->PSection, pt + PE->Section_Header_Offset, sizeof(Section_Header) * PE->File_Header_NumberOfSections);
104
105 }
106
107 //创建ImageBuffer
108 char* Image_Read(char* pt,PE_Information PE)
109 {
110 //申请ImageBuffer的空间
111 char* pi = (char*)malloc(PE.Option_Header_SizeOfImage);
112
113 //填充0
114 memset(pi, 0, PE.Option_Header_SizeOfImage);
115
116 //复制头
117 memcpy(pi, pt, PE.Option_Header_SizeOfHeaders);
118
119 //复制节区
120 for (int i = 0; i < PE.File_Header_NumberOfSections; i++)
121 {
122 memcpy(pi + PE.PSection[i].Virtual_Address, pt + PE.PSection[i].PointerToRawData, PE.PSection[i].SizeOfRawData);
123 }
124
125 return pi;
126 }
127 int main()
128 {
129 int length;
130 char* pt = File_Read("C:/Windows/System32/notepad.exe", length);
131
132 PE_Information PE;
133
134 Get_PE_Information(&PE, pt);
135
136 char* pi = Image_Read(pt, PE);
137
138 return 0;
139
140 }
浙公网安备 33010602011771号