论坛 › 汇编语言交流 › PE window程序1 老弟们加油哦

maikehong 发表于 2023-8-8 23:04:57

PE window程序1 老弟们加油哦

本帖最后由 maikehong 于 2023-8-8 23:09 编辑

char* Base_memset(FILE * pFile ){
        char * buffer;
        int nFileLength = 0;

        fseek(pFile,0,SEEK_END);
        nFileLength = ftell(pFile);
        rewind(pFile);

        int imageLength = nFileLength * sizeof(char)+1;
        buffer = (char *)malloc(imageLength);
        memset(buffer,0,nFileLength * sizeof(char)+1);

        fread(buffer,1,imageLength,pFile);
       
        return buffer;
}

PIMAGE_DOS_HEADER DOS_tou(FILE * pFile){
       
        char * buffer = Base_memset(pFile);
       
        PIMAGE_DOS_HEADER ReadDosHeader = (PIMAGE_DOS_HEADER)buffer;
        cout<< "DOS_e_magic:\t"<<hex<< ReadDosHeader->e_magic<<endl;
        cout<<"DOS_e_lfanew:\t"<<hex<< ReadDosHeader->e_lfanew<<endl;

/*
        if (buffer != NULL)          // 释放内存                        ==========这里的注释是因为 这个子函数要被调用，如果释放内存了，buffer 清空了会报错
        {
                free(buffer);
                buffer = NULL;
        }
        // 最后不要忘记关闭文件
        fclose(pFile);
*/

        return ReadDosHeader;
}

void PE_tou(FILE * pFile, PIMAGE_DOS_HEADER ReadDosHeader){
       
        char * buffer = Base_memset(pFile);
        PIMAGE_NT_HEADERS ReadNTHeader;
        ReadNTHeader = (PIMAGE_NT_HEADERS)(buffer + ReadDosHeader->e_lfanew);

        cout<<endl<<"==================PE_Signature标识================="<<endl;

        cout<<"PE_biaozhi标志:\t"<<hex<<ReadNTHeader->Signature<<endl;

        cout<<endl<<"==================PE_FileHeader标准头================="<<endl;

        cout<<"PE_Machine_CPU:\t"<<hex<<ReadNTHeader->FileHeader.Machine<<endl;
        cout<<"PE_NumberOfSections区段数:\t\t"<<hex<<ReadNTHeader->FileHeader.NumberOfSections<<endl;
        cout<<"PE_SizeOfOptionalHeader扩展头大小:\t"<<hex<<ReadNTHeader->FileHeader.SizeOfOptionalHeader<<endl;
        cout<<"PE_Characteristics 文件属性 :\t\t"<<hex<<ReadNTHeader->FileHeader.Characteristics<<endl;

        cout<<endl<<"==================PE_OptionalHeader扩展头================="<<endl;
       
        cout<<"PE_Magic 32/64:\t\t\t\t"<<hex<<ReadNTHeader->OptionalHeader.Magic<<endl;
        cout<<"PE_AddressOfEntryPoint入口:\t\t"<<hex<<ReadNTHeader->OptionalHeader.AddressOfEntryPoint<<endl;
        cout<<"PE_ImageBase 内存基址:\t\t\t"<<hex<<ReadNTHeader->OptionalHeader.ImageBase<<endl;

        cout<<"PE_SectionAlignment内齐大小:\t\t"<<hex<<ReadNTHeader->OptionalHeader.SectionAlignment<<endl;
        cout<<"PE_FileAlignment 文齐大小:\t\t"<<hex<<ReadNTHeader->OptionalHeader.FileAlignment<<endl;
        cout<<"PE_SizeOfImage 内总大小:\t\t"<<hex<<ReadNTHeader->OptionalHeader.SizeOfImage<<endl;
        cout<<"PE_SizeOfHeaders 文所头+节表大小:\t"<<hex<<ReadNTHeader->OptionalHeader.SizeOfHeaders<<endl;

        cout<<"PE_CheckSum 校验和:\t\t"<<hex<<ReadNTHeader->OptionalHeader.CheckSum<<endl;
        cout<<"PE_NumberOfRvaAndSizes 子结构体数组:\t"<<hex<<ReadNTHeader->OptionalHeader.NumberOfRvaAndSizes<<endl;



        if (buffer != NULL)          // 释放内存

        {
                free(buffer);
                buffer = NULL;
        }
        // 最后不要忘记关闭文件
        fclose(pFile);
}

int main(){
        FILE * pFile = NULL;
        pFile = fopen("mfc001.exe","r+b");

        PIMAGE_DOS_HEADER ReadDosHeader = DOS_tou2(pFile);
        PE_tou( pFile, ReadDosHeader);

        return 0;
}

查看完整版本: PE window程序1 老弟们加油哦