强制转换可能丢失值

100

101

102

103

104

105

106

107

108

109

// testpehead.cpp : 定义控制台应用程序的入口点。
//
 
#include "stdafx.h"
 
#include <stdio.h>
#include <windows.h>
#include <Commdlg.h>
 
int main(int argc, char* argv[])
{
    char szFilePath[MAX_PATH];//要分析的文件名及路径
    OPENFILENAME ofn;//定义结构，调用打开对话框选择要分析的文件及其保存路径
 
    HANDLE hFile;// 文件句柄
    HANDLE hMapping;// 映射文件句柄
    LPVOID ImageBase;// 映射基址
 
    PIMAGE_DOS_HEADER  pDH = NULL;//指向IMAGE_DOS结构的指针
    PIMAGE_NT_HEADERS  pNtH = NULL;//指向IMAGE_NT结构的指针
    PIMAGE_FILE_HEADER pFH = NULL;//指向IMAGE_FILE结构的指针
    PIMAGE_OPTIONAL_HEADER pOH = NULL;//指向IMAGE_OPTIONALE结构的指针
 
    //必要的初始换
    memset(szFilePath, 0, MAX_PATH);
    memset(&ofn, 0, sizeof(ofn));
    ofn.lStructSize = sizeof(ofn);
    ofn.hwndOwner = NULL;
    ofn.hInstance = GetModuleHandle(NULL);
    ofn.nMaxFile = MAX_PATH;
    ofn.lpstrInitialDir = L".";
    ofn.lpstrFile = (LPWSTR)szFilePath;
    ofn.lpstrTitle = L"选择 PE文件打开 by For";
    ofn.Flags = OFN_PATHMUSTEXIST | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
    ofn.lpstrFilter = L"*.exe\0*.exe\0";//过滤器
 
    if (!GetOpenFileName(&ofn))//调用打开对话框，选择要分析的文件
    {
        MessageBox(NULL, L"打开文件错误", NULL, MB_OK);
        return 0;
    }
 
    //选择要分析的文件后，经过3步打开并映射选择的文件到虚拟内存中
    //1.创建文件内核对象，其句柄保存于hFile，将文件在物理存储器的位置通告给操作系统
    hFile = CreateFile(ofn.lpstrFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
    if (!hFile)
    {
        MessageBox(NULL, L"打开文件错误", NULL, MB_OK);
        return 0;
    }
 
    //2.创建文件映射内核对象（分配虚拟内存），句柄保存于hFileMapping
    hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
    if (!hMapping)
    {
        CloseHandle(hFile);
        return FALSE;
    }
 
    //3.将文件数据映射到进程的地址空间，返回的映射基址保存在ImageBase中
    ImageBase = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
    if (!ImageBase)
    {
        CloseHandle(hMapping);
        CloseHandle(hFile);
        return FALSE;
    }
 
    //IMAGE_DOS Header结构指针
    pDH = (PIMAGE_DOS_HEADER)ImageBase;
    //IMAGE_NT Header结构指针
    pNtH = (PIMAGE_NT_HEADERS)((DWORD)pDH + pDH->e_lfanew);
    //IMAGE_File Header结构指针
    pFH = &pNtH->FileHeader;
    //IMAGE_Optional Header结构指针
    pOH = &pNtH->OptionalHeader;
 
    //输出各个结构中重要成员的取值
    printf("Dos header RVA:%08lX\n", pDH - ImageBase);
    printf("NT header RVA:%08lX\n", pDH->e_lfanew);
    printf("File header RVA:%08lX\n", pDH->e_lfanew + sizeof(pNtH->Signature));
    printf("Optional header RVA:%08lX\n", pDH->e_lfanew +
        sizeof(pNtH->Signature) + +sizeof(pNtH->FileHeader));
    printf("Section header RVA:%08lX\n",
        pDH->e_lfanew + sizeof(pNtH->Signature) +
        sizeof(pNtH->OptionalHeader) + sizeof(pNtH->FileHeader));
 
    printf("e_magic:            %04X   ASCII值为：%c%c\n",
        pDH->e_magic, pDH->e_magic % 256, pDH->e_magic / 256);
    printf("e_lfarlc:           %08X\n", pDH->e_lfarlc);
 
    printf("\n\nSignature:      %08X      ASCII值：%c%c00\n",
        pNtH->Signature, pNtH->Signature % 4096, pNtH->Signature / 256);
 
    printf("Machine:            %04X\n", pFH->Machine);
    printf("NumberOfSections:   %04X\n", pFH->NumberOfSections);
    printf("Characteristics:    %04X\n", pFH->Characteristics);
 
    printf("Magic:              %04X\n", pOH->Magic);
    printf("SizeOfCode:         %08X\n", pOH->SizeOfCode);
    printf("AddressOfEntryPoint:%08X\n", pOH->AddressOfEntryPoint);
    printf("ImageBase:          %08X\n", pOH->ImageBase);
    printf("SectionAlignment:   %08X\n", pOH->SectionAlignment);
    printf("FileAlignment:      %08X\n", pOH->FileAlignment);
    printf("SizeOfImage:        %08X\n", pOH->SizeOfImage);
 
    system("pause");
    return 0;
}ofn.lpstrFile = (LPWSTR)szFilePath;szFilePath值C<br><br><br>注：此方式是错误的获取方式