简单PE文件读取
#include <stdio.h> #include <windows.h> #include <malloc.h> #include <stdlib.h> LPVOID ReadFile(LPSTR szFileName) { FILE *pFile = NULL; DWORD dwFileSize = 0; LPVOID lpFileBuffer = NULL; pFile = fopen("I:chess.exe", "rb"); if (!pFile) { printf("文件打开失败"); return NULL; } //移动文件指针末尾 获取文件大小 fseek(pFile, 0, 2); dwFileSize = ftell(pFile); fseek(pFile, 0, 0); //恢复文件指针 重新读取 lpFileBuffer = malloc(dwFileSize); if (!lpFileBuffer) { printf("系统错误,分配内存错误"); fclose(pFile); return NULL; } size_t n = fread(lpFileBuffer, dwFileSize, 1, pFile); if (!n) { printf("读取数据错误"); free(lpFileBuffer); fclose(pFile); return NULL; } fclose(pFile); return lpFileBuffer; } void PrintNTHeaders() { LPVOID pFileBuffer; PIMAGE_DOS_HEADER pDos_Header = NULL; PIMAGE_NT_HEADERS pNT_Header = NULL; PIMAGE_FILE_HEADER pFile_Hearder = NULL; PIMAGE_OPTIONAL_HEADER pOptional_Header = NULL; PIMAGE_SECTION_HEADER pSection_Header = NULL; char szSectionName[9] = { 0 }; pFileBuffer = ReadFile("C:\\Users\\Administrator\\Desktop\\ICO取取取.exe"); if (!pFileBuffer) { printf("读取失败"); return ; } if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE) { printf("该文件非PE结构"); free(pFileBuffer); return; } pDos_Header = (PIMAGE_DOS_HEADER)pFileBuffer; printf("********************DOC头********************\n"); printf("MZ标志:%04x\n", pDos_Header->e_magic); printf("PE偏移:%08x\n", pDos_Header->e_lfanew); if (*((PDWORD)((DWORD)pFileBuffer + pDos_Header->e_lfanew)) != IMAGE_NT_SIGNATURE) { printf("不是有效的PE标志\n"); free(pFileBuffer); return; } pNT_Header = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer + pDos_Header->e_lfanew); //打印NT头 printf("********************NT头********************\n"); printf("NT:%08x\n", pNT_Header->Signature); pFile_Hearder = (PIMAGE_FILE_HEADER)(((DWORD)pNT_Header) + 4); printf("********************PE头********************\n"); printf("PE:%04x\n", pFile_Hearder->Machine); printf("节的数量:%04x\n", pFile_Hearder->NumberOfSections); printf("SizeOfOptionalHeader:%04x\n", pFile_Hearder->SizeOfOptionalHeader); //可选PE头 pOptional_Header = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFile_Hearder + IMAGE_SIZEOF_FILE_HEADER); printf("********************OPTIOIN_PE头********************\n"); printf("OPTION_PE:%04x\n", pOptional_Header->Magic); pFile_Hearder->NumberOfSections; for (int x = 0; x < (40 * pFile_Hearder->NumberOfSections); x += 40) { pSection_Header = (PIMAGE_SECTION_HEADER)((DWORD)pFileBuffer + pDos_Header->e_lfanew + 24 + pFile_Hearder->SizeOfOptionalHeader + x); printf("********************Section_Header********************\n"); memcpy(szSectionName, pSection_Header->Name, 8); szSectionName[8] = '\0'; printf("%s\n", szSectionName); printf("%08x\n", pSection_Header->Misc); printf("%08x\n", pSection_Header->VirtualAddress); printf("%08x\n", pSection_Header->SizeOfRawData); printf("%08x\n", pSection_Header->PointerToRawData); printf("%08x\n", pSection_Header->PointerToRelocations); printf("%08x\n", pSection_Header->PointerToLinenumbers); printf("%04x\n", pSection_Header->NumberOfRelocations); printf("%04x\n", pSection_Header->NumberOfLinenumbers); printf("%08x\n", pSection_Header->Characteristics); } //释放内存 free(pFileBuffer); } int main() { PrintNTHeaders(); ReadFile("I:chess.exe"); return 0; }