PE信息获取工具
2012-02-14 11:39
288 查看
用TC写了一个简单的PE信息获取工具(TC2.0编译通过)。在命令行下输入:命令 文件路径 即可查看PE文件的相关信息。
头文件:fstruct.h
同名头文件的实现:fstruct.c
主文件:sfile.c
头文件:fstruct.h
/*{ DOS 头部结构定义 }*/ #include<stdio.h> #include<stdlib.h> typedef unsigned short WORD; typedef unsigned long LONG; typedef unsigned long DWORD; typedef char BYTE; #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 #define IMAGE_SIZEOF_SHORT_NAME 8 typedef struct _FIMAGE_DOS_HEADER { WORD e_magic; /* 魔术数字 ASCII字符MZ 0x00000000-0x00000001 */ WORD e_cblp; /* 文件最后页的字节数 0x00000002-0x00000003 */ WORD e_cp; /* 文件页数 0x00000004-0x00000005 */ WORD e_crlc; /* 重定位元素个数 0x00000006-0x00000007 */ WORD e_minalloc; /* 所需的最小附加段 0x0000000A-0x0000000B */ WORD e_maxalloc; /* 所需的最大附加段 0x0000000C-0x0000000D */ WORD e_ss; /* 初始的堆栈段(SS)相对偏移量值 0x0000000E-0x0000000F */ WORD e_sp; /* 初始的堆栈指针(SP)值 0x00000010-0x00000011 */ WORD e_csum; /* 校验和 0x00000012-0x00000013 */ WORD e_ip; /* 初始的指令指针(IP)值 0x00000014-0x00000015 */ WORD e_cs; /* 初始的代码段(CS)相对偏移量值 0x00000016-0x00000017 */ WORD e_lfarlc; /* 重定位表在文件中的偏移地址 0x00000018-0x00000019 */ WORD e_ovno; /* 覆盖号 0x0000001A-0x0000001B */ WORD e_res[4]; /* 保留字(一般都是为确保对齐而预留) 0x0000001C-0x00000023 */ WORD e_oemid; /* OEM 标识符(相对于 e_oeminfo) 0x00000024-0x00000025 */ WORD e_oeminfo; /* OEM 信息,即 e_oemid 的细节 0x00000026-0x00000027 */ WORD e_res2[10]; /* 保留字(一般都是为确保对齐而预留) 0x00000028-0x0000003B */ LONG e_lfanew; /* 新 exe 头在文件中的偏移地址 0x0000003C-0x0000003F */ } FIMAGE_DOS_HEADER, *FPIMAGE_DOS_HEADER; /*文件头定义*/ typedef struct _FIMAGE_FILE_HEADER { WORD Machine; WORD NumberOfSections; DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; WORD Characteristics; } FIMAGE_FILE_HEADER, *FPIMAGE_FILE_HEADER; typedef struct _FIMAGE_DATA_DIRECTORY { DWORD VirtualAddress; DWORD Size; } FIMAGE_DATA_DIRECTORY,*FPIMAGE_DATA_DIRECTORY; /*可选映像头*/ typedef struct _FIMAGE_OPTIONAL_HEADER { WORD Magic; BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; DWORD BaseOfCode; DWORD BaseOfData; DWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; DWORD SizeOfHeaders; DWORD CheckSum; WORD Subsystem; WORD DllCharacteristics; DWORD SizeOfStackReserve; DWORD SizeOfStackCommit; DWORD SizeOfHeapReserve; DWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; FIMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } FIMAGE_OPTIONAL_HEADER32, *FPIMAGE_OPTIONAL_HEADER32; /*PE Header定义*/ typedef struct _FIMAGE_NT_HEADERS { /*PE 头结构定义开始 */ DWORD Signature; /*签名(文件类型标志),文件中的偏移量由 DOS 头中的域 e_lfanew 来指定 */ FIMAGE_FILE_HEADER FileHeader; /*PE 文件头结构(占用20个字节) */ FIMAGE_OPTIONAL_HEADER32 OptionalHeader; /*可选头结构(占用224个字节) */ } FIMAGE_NT_HEADERS32, *FPIMAGE_NT_HEADERS32; int f_dos_head (FILE * pf); int f_file_head (FILE * pf,int v_offset);
同名头文件的实现:fstruct.c
#include<stdio.h> #include<stdlib.h> #include "fstruct.h" int f_dos_head(FILE * pf) { FPIMAGE_DOS_HEADER v_dos_head; rewind(pf); v_dos_head=(FPIMAGE_DOS_HEADER)malloc(sizeof(FIMAGE_DOS_HEADER)); if(v_dos_head==NULL) { printf("fail!"); return 0; } fread(&v_dos_head->e_magic,2,1,pf); if(v_dos_head->e_magic == 0x5A4D) { fseek(pf,60L,SEEK_SET); fread(&v_dos_head->e_lfanew,4,1,pf); fseek(pf,v_dos_head->e_lfanew,SEEK_SET); fread(&v_dos_head->e_magic,4,1,pf); if(v_dos_head->e_magic == 0x4550) { return v_dos_head->e_lfanew; } else { printf("not PE header!"); return 0; } } else { printf("not a DOS header!"); return 0; } } int f_file_head(FILE * pf,int v_offset) { FPIMAGE_FILE_HEADER v_file_head; FPIMAGE_OPTIONAL_HEADER32 v_optional_head; v_file_head=(FPIMAGE_FILE_HEADER)malloc(sizeof(FIMAGE_FILE_HEADER)); v_optional_head=(FPIMAGE_OPTIONAL_HEADER32)malloc(sizeof(FIMAGE_OPTIONAL_HEADER32)); if(!v_file_head) { printf("fail!"); return 0; } rewind(pf); if(!fseek(pf,v_offset+4,SEEK_SET)) { if(fread(v_file_head,20L,1,pf)>0) { printf("Machine : %04XH\n",v_file_head->Machine); printf("NumberOfSections : %04XH\n",v_file_head->NumberOfSections); printf("TimeDateStamp : %08lXH\n",v_file_head->TimeDateStamp); printf("PointerToSymbolTable : %08lXH\n",v_file_head->PointerToSymbolTable); printf("NumberOfSymbols : %08lXH\n",v_file_head->NumberOfSymbols); printf("SizeOfOptionalHeader : %04XH\n",v_file_head->SizeOfOptionalHeader); printf("Characteristics : %04XH\n",v_file_head->Characteristics); } else { printf("fail!"); return 0; } if(v_optional_head==NULL) { printf("fail!"); return 0; } if(fread(v_optional_head,96L,1,pf)>0) { printf("Magic : %04XH\n",v_optional_head->Magic); printf("MajorLinkerVersion : %02XH\n",v_optional_head->MajorLinkerVersion); printf("MinorLinkerVersion : %02XH\n",v_optional_head->MinorLinkerVersion); printf("SizeOfCode : %08lXH\n",v_optional_head->SizeOfCode); printf("SizeOfInitializedData : %08lXH\n",v_optional_head->SizeOfInitializedData); printf("SizeOfUninitializedData : %08lXH\n",v_optional_head->SizeOfUninitializedData); printf("AddressOfEntryPoint : %08lXH\n",v_optional_head->AddressOfEntryPoint); printf("BaseOfCode : %08lXH\n",v_optional_head->BaseOfCode); printf("BaseOfData : %08lXH\n",v_optional_head->BaseOfData); printf("ImageBase : %08lXH\n",v_optional_head->ImageBase); printf("SectionAlignment : %08lXH\n",v_optional_head->SectionAlignment); printf("FileAlignment : %08lXH\n",v_optional_head->FileAlignment); printf("MajorOperatingSystemVersion : %04XH\n",v_optional_head->MajorOperatingSystemVersion); printf("MinorOperatingSystemVersion : %04XH\n",v_optional_head->MinorOperatingSystemVersion); printf("MajorImageVersion : %04XH\n",v_optional_head->MajorImageVersion); printf("MinorImageVersion : %04XH\n",v_optional_head->MinorImageVersion); printf("MajorSubsystemVersion : %04XH\n",v_optional_head->MajorSubsystemVersion); printf("MinorSubsystemVersion : %04XH\n",v_optional_head->MinorSubsystemVersion); printf("Win32VersionValue : %08lXH\n",v_optional_head->Win32VersionValue); printf("SizeOfImage : %08lXH\n",v_optional_head->SizeOfImage); printf("SizeOfHeaders : %08lXH\n",v_optional_head->SizeOfHeaders); printf("CheckSum : %08lXH\n",v_optional_head->CheckSum); printf("Subsystem : %04XH\n",v_optional_head->Subsystem); printf("DllCharacteristics : %04XH\n",v_optional_head->DllCharacteristics); printf("SizeOfStackReserve : %08lXH\n",v_optional_head->SizeOfStackReserve); printf("SizeOfStackCommit : %08lXH\n",v_optional_head->SizeOfStackCommit); printf("SizeOfHeapReserve : %08lXH\n",v_optional_head->SizeOfHeapReserve); printf("SizeOfHeapCommit : %08lXH\n",v_optional_head->SizeOfHeapCommit); printf("LoaderFlags : %08lXH\n",v_optional_head->LoaderFlags); printf("NumberOfRvaAndSizes : %08lXH\n",v_optional_head->NumberOfRvaAndSizes); } else { printf("fail!"); return 0; } return 1; } else { printf("fail!"); return 0; } }
主文件:sfile.c
#include<stdio.h> #include<stdlib.h> #include "fstruct.h" int main(int argc,char *argv[]) { FILE *pf; if(argc>1) { pf=fopen(argv[1],"rb"); if(pf==NULL) { printf("fail\n"); return 0; } else { f_file_head(pf,f_dos_head(pf)); fclose(pf); } } }
相关文章推荐
- PE文件信息获取工具-PEINFO
- Android 常用开发工具类之 AppVersionUtil (获取应用版本信息工具)
- SNMP系统信息获取工具onesixtyone
- 获取IIS虚拟网站信息的工具
- 开源项目成熟度分析工具-利用github api获取代码库的信息
- Android ADB工具-操作手机和获取手设备信息(四)
- 微信公共平台接入之:网页授权(微信授权,微信access_token获取,获取微信用户信息),微信开发者工具使用,微信公众平台测试号申请接入
- 运用 Windows 工具获取 IPv6 配置信息
- python开发_platform_获取操作系统详细信息工具
- (总结)Linux下获取详细硬件信息的工具:Dmidecode命令详解
- SNMP系统信息获取工具onesixtyone
- PE信息获取 记录
- 运用 Windows 工具获取 IPv6 配置信息
- 使用 Diagwait 作为诊断工具,获取用于诊断 Oracle Clusterware 节点驱逐的更多信息 (文档 ID 1525761.1)
- 获取PE文件信息的封装
- python开发_platform_获取操作系统详细信息工具
- 运用 Windows 工具获取 IPv6 配置信息
- 自己写的一个PE文件FileVersionInfo类,可以轻松获取PE文件版本信息
- 获取apk信息工具(android SDK的aapt工具)
- pe文件解析:读取pe信息获取文件资源