输出所有的PE头信息(notepad) 

#include "stdafx.h"
#include<windows.h>
#include<malloc.h>
#include<stdio.h>
#include<winnt.h>


LPVOID ReadPEfile(LPSTR file)
{
    FILE *pFile =NULL;
    DWORD fileSize=0;
    LPVOID pFileBuffer=NULL;
    //open file

    pFile=fopen(file,"rb");

    if(!pFile)
    {
        printf("wu fa da kai EXE");
        return NULL;
    }

    //file size

    fseek(pFile,0,SEEK_END);

    fileSize=ftell(pFile);

    fseek(pFile,0,SEEK_SET);

    //malloc 

    pFileBuffer=malloc(fileSize);

    if(!pFileBuffer)
    {
        printf("molloc error");
        fclose(pFile);
        return NULL;
    }

    //rewirte

    size_t n=fread(pFileBuffer,fileSize,1,pFile);

    if(!n)
    {
        printf("read error");
        free(pFileBuffer);
        fclose(pFile);
        return NULL;
    }

    //close file

    fclose(pFile);
    return pFileBuffer;


}



int main(int argc, char* argv[])
{
    LPVOID pFileBuffer = NULL;
    PIMAGE_DOS_HEADER pDosHeader=NULL;
    PIMAGE_NT_HEADERS pNTHeader= NULL;
    PIMAGE_FILE_HEADER pPEHeader=NULL;
    PIMAGE_OPTIONAL_HEADER pOptionHeader=NULL;
    PIMAGE_SECTION_HEADER pSectionHeader=NULL;

    pFileBuffer=ReadPEfile("C://WINDOWS//system32/notepad.exe");

    if(!pFileBuffer)
    {
        
        printf("du qu error!");
        return 0;
    }

    if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)
    {
        printf("不是有效的MZ标志\n");
        free(pFileBuffer);
        return 0 ;
    }

    pDosHeader=(PIMAGE_DOS_HEADER)pFileBuffer;

    //打印DOC头

    printf("********************DOC头********************\n");

    printf("MZ标志:%x \n",pDosHeader->e_magic);
    printf("PE偏移:%x\n",pDosHeader->e_lfanew);

    ////判断是否是有效的PE标志

    if(*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew))!=IMAGE_NT_SIGNATURE)
    {
        printf("不是有效的PE标志\n");
        free(pFileBuffer);
        return 0 ;
    }
    pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
    //打印NT头

    printf("********************NT头********************\n");

    printf("NT:%x\n",pNTHeader->Signature);

    pPEHeader=(PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);

    printf("********************标准PE头********************\n");

    printf("PE: %x\n",pPEHeader->Machine);

    printf("节的数量:%x\n",pPEHeader->NumberOfSections);

    printf("可选PE头的大小:%x\n",pPEHeader->SizeOfOptionalHeader);

    //可选PE头    

    pOptionHeader= (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);


    printf("********************OPTIOIN_PE头********************\n");

    printf("OPTION_PE:%x\n",pOptionHeader->Magic);

    //释放内存

    free(pFileBuffer);

    int a;
    scanf("%d",&a);


}

 

posted @ 2023-03-16 15:22  摸鱼小曹  阅读(23)  评论(0编辑  收藏  举报