读取PE文件头的一段小程序

时间:2020-12-12 10:01:50
给自己定一个目标,要实现一个能复制自己的小程序,所以,首先,要认真学习PE文件结构,一下的程序读取一个EXE文件的文件头信息
读取PE文件头的一段小程序读取PE文件头的一段小程序代码
#include  < iostream.h >
#include  < windows.h >
void  main()
{
    HANDLE hFile;
    hFile  =  CreateFile( " c:\\notepad.exe " ,GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
     if (hFile == INVALID_HANDLE_VALUE)
    {
        cout << " error " << endl;#include <iostream.h>
#include <windows.h>
void main()
{
 HANDLE hFile;
    hFile = CreateFile("c:\\notepad.exe",GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
 if(hFile==INVALID_HANDLE_VALUE)
 {
  cout<<"error"<<endl;
  return;
 }
//  读写PE文件
 DWORD fp;
 BOOL rs;
 BYTE buff[1024];
 DWORD number;
 fp=::SetFilePointer(hFile,0,NULL,FILE_BEGIN);//将文件读写指针移动到文件头
 //读取DOS文件头
 rs=::ReadFile(hFile,buff,sizeof(_IMAGE_DOS_HEADER),&number,NULL);
 if(rs==false)
 {
  cout<<"error"<<endl;
  return;
 }
 _IMAGE_DOS_HEADER *mydosheader;
 mydosheader=(_IMAGE_DOS_HEADER *)buff;
 cout<<"PE header offset:"<<hex<<mydosheader->e_lfanew<<endl;//输出PE文件头的偏移
 //将文件读写指针移动到PE文件头位置
 fp=::SetFilePointer(hFile,mydosheader->e_lfanew,NULL,FILE_BEGIN);
 //读取PE文件头
 rs=::ReadFile(hFile,buff,sizeof(_IMAGE_NT_HEADERS),&number,NULL);
 if(rs==false)
 {
  cout<<"error"<<endl;
  return;
 }
 _IMAGE_NT_HEADERS *mypeheader;
 mypeheader=(_IMAGE_NT_HEADERS*)buff;
 cout<<"PE magic:"<<hex<<mypeheader->Signature<<endl;//输出PE文件头标识
 //输出PE文件_IMAGE_FILE_HEADER信息
 cout<<"machine:"<<hex<<mypeheader->FileHeader.Machine<<endl;
 cout<<"numberofsection:"<<hex<<mypeheader->FileHeader.NumberOfSections<<endl;
 cout<<"TimeDateStamp:"<<hex<<mypeheader->FileHeader.TimeDateStamp<<endl;
 cout<<"SizeOfOptionalHeader:"<<hex<<mypeheader->FileHeader.SizeOfOptionalHeader<<endl;
 cout<<"Characteristics:"<<hex<<mypeheader->FileHeader.Characteristics<<endl;
 //输出PE文件IMAGE_OPTIONAL_HEADER32信息
 cout<<"AddressOfEntryPoint:"<<hex<<mypeheader->OptionalHeader.AddressOfEntryPoint<<endl;
 cout<<"ImageBase:"<<hex<<mypeheader->OptionalHeader.ImageBase<<endl;
 cout<<"SectionAlignment:"<<hex<<mypeheader->OptionalHeader.SectionAlignment<<endl;
 cout<<"FileAlignment:"<<hex<<mypeheader->OptionalHeader.FileAlignment<<endl;
 //输出PE文件IMAGE_DATA_DIRECTORY信息
 cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_EXPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[0].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[1].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_RESOURCE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[2].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_EXCEPTION size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[3].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_SECURITY size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[4].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_BASERELOC size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[5].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_DEBUG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[6].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[7].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_GLOBALPTR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[8].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_TLS RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_TLS size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[9].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[10].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[11].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_IAT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_IAT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[12].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[13].Size<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].VirtualAddress<<endl;
 cout<<"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[14].Size<<endl;
 cout<<"noname RVA:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].VirtualAddress<<endl;
 cout<<"noname size:"<<hex<<mypeheader->OptionalHeader.DataDirectory[15].Size<<endl;
}
         return ;
    }
 //   读写PE文件
    DWORD fp;
    BOOL rs;
    BYTE buff[ 1024 ];
    DWORD number;
    fp = ::SetFilePointer(hFile, 0 ,NULL,FILE_BEGIN); // 将文件读写指针移动到文件头
     // 读取DOS文件头
    rs = ::ReadFile(hFile,buff, sizeof (_IMAGE_DOS_HEADER), & number,NULL);
     if (rs == false )
    {
        cout << " error " << endl;
         return ;
    }
    _IMAGE_DOS_HEADER  * mydosheader;
    mydosheader = (_IMAGE_DOS_HEADER  * )buff;
    cout << " PE header offset: " << hex << mydosheader -> e_lfanew << endl; // 输出PE文件头的偏移
     // 将文件读写指针移动到PE文件头位置
    fp = ::SetFilePointer(hFile,mydosheader -> e_lfanew,NULL,FILE_BEGIN);
     // 读取PE文件头
    rs = ::ReadFile(hFile,buff, sizeof (_IMAGE_NT_HEADERS), & number,NULL);
     if (rs == false )
    {
        cout << " error " << endl;
         return ;
    }
    _IMAGE_NT_HEADERS  * mypeheader;
    mypeheader = (_IMAGE_NT_HEADERS * )buff;
    cout << " PE magic: " << hex << mypeheader -> Signature << endl; // 输出PE文件头标识
     // 输出PE文件_IMAGE_FILE_HEADER信息
    cout << " machine: " << hex << mypeheader -> FileHeader.Machine << endl;
    cout << " numberofsection: " << hex << mypeheader -> FileHeader.NumberOfSections << endl;
    cout << " TimeDateStamp: " << hex << mypeheader -> FileHeader.TimeDateStamp << endl;
    cout << " SizeOfOptionalHeader: " << hex << mypeheader -> FileHeader.SizeOfOptionalHeader << endl;
    cout << " Characteristics: " << hex << mypeheader -> FileHeader.Characteristics << endl;
     // 输出PE文件IMAGE_OPTIONAL_HEADER32信息
    cout << " AddressOfEntryPoint: " << hex << mypeheader -> OptionalHeader.AddressOfEntryPoint << endl;
    cout << " ImageBase: " << hex << mypeheader -> OptionalHeader.ImageBase << endl;
    cout << " SectionAlignment: " << hex << mypeheader -> OptionalHeader.SectionAlignment << endl;
    cout << " FileAlignment: " << hex << mypeheader -> OptionalHeader.FileAlignment << endl;
     // 输出PE文件IMAGE_DATA_DIRECTORY信息
    cout << " IMAGE_DIRECTORY_ENTRY_EXPORT RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 0 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_EXPORT size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 0 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_IMPORT RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 1 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_IMPORT size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 1 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_RESOURCE RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 2 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_RESOURCE size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 2 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_EXCEPTION RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 3 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_EXCEPTION size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 3 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_SECURITY RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 4 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_SECURITY size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 4 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_BASERELOC RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 5 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_BASERELOC size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 5 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_DEBUG RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 6 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_DEBUG size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 6 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_ARCHITECTURE RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 7 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_ARCHITECTURE size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 7 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_GLOBALPTR RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 8 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_GLOBALPTR size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 8 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_TLS RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 9 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_TLS size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 9 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 10 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 10 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 11 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 11 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_IAT RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 12 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_IAT size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 12 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 13 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 13 ].Size << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 14 ].VirtualAddress << endl;
    cout << " IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 14 ].Size << endl;
    cout << " noname RVA: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 15 ].VirtualAddress << endl;
    cout << " noname size: " << hex << mypeheader -> OptionalHeader.DataDirectory[ 15 ].Size << endl;
}

 

标签:

相关文章