1 #include<iostream> 2 #include<Windows.h> 3 using namespace std; 4 5 int main() 6 { 7 HANDLE hFile = CreateFile(L"E:\\Project_Sum\\CC++\\test\\test\\Thread_syn.exe", 8 GENERIC_READ | GENERIC_WRITE, 9 FILE_SHARE_READ, 10 NULL, 11 OPEN_EXISTING, 12 FILE_ATTRIBUTE_NORMAL, 13 NULL); 14 15 DWORD fileSize = GetFileSize(hFile,NULL); //获得文件大小的低两字节 16 char* fileBuff = new char[fileSize]; //创建缓冲区 17 DWORD realRead = 0; 18 BOOL ret = false; 19 20 PIMAGE_NT_HEADERS pNtHeaders = NULL; 21 ret = ReadFile(hFile, fileBuff, fileSize, &realRead, NULL); //拷贝文件的内容给缓冲区fileBuff 22 if (ret) 23 { 24 PIMAGE_DOS_HEADER pDosHeaders = (PIMAGE_DOS_HEADER)fileBuff; //得到DOS头结构体 25 if (pDosHeaders->e_magic != 0x5A4D) //访问DOS头结构体的e_magic内容来判断是否为PE文件 26 { 27 cout << "不是有效的PE文件" << endl; 28 delete[] fileBuff; //删除创建的空间 29 return 0; 30 } 31 cout << "是有效的PE文件" << endl; 32 cout <<"e_lfanew ="<< pDosHeaders->e_lfanew << endl; 33 //获得NT头 34 pNtHeaders = (PIMAGE_NT_HEADERS)(pDosHeaders->e_lfanew + (DWORD)fileBuff); 35 if (pNtHeaders->Signature != 0x4550) 36 { 37 cout << "不是有效的PE文件" << endl; 38 delete[] fileBuff; 39 return 0; 40 } 41 //获得文件头 42 PIMAGE_FILE_HEADER pFileHeader = NULL; 43 pFileHeader = &(pNtHeaders->FileHeader); 44 cout << "文件头时间戳" << pFileHeader->TimeDateStamp<< endl; 45 cout << "pFileHeader->Machine:" << pFileHeader->Machine << endl; 46 } 47 delete[] fileBuff; //删除创建的空间 48 CloseHandle(hFile); //删除句柄 49 return 0; 50 }