PE信息获取工具
2012-02-14 11:39
288 查看
用TC写了一个简单的PE信息获取工具(TC2.0编译通过)。在命令行下输入:命令 文件路径 即可查看PE文件的相关信息。
头文件:fstruct.h
同名头文件的实现:fstruct.c
主文件:sfile.c
头文件:fstruct.h
/*{ DOS 头部结构定义 }*/
#include<stdio.h>
#include<stdlib.h>
typedef unsigned short WORD;
typedef unsigned long LONG;
typedef unsigned long DWORD;
typedef char BYTE;
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
#define IMAGE_SIZEOF_SHORT_NAME 8
typedef struct _FIMAGE_DOS_HEADER
{
WORD e_magic; /* 魔术数字 ASCII字符MZ 0x00000000-0x00000001 */
WORD e_cblp; /* 文件最后页的字节数 0x00000002-0x00000003 */
WORD e_cp; /* 文件页数 0x00000004-0x00000005 */
WORD e_crlc; /* 重定位元素个数 0x00000006-0x00000007 */
WORD e_minalloc; /* 所需的最小附加段 0x0000000A-0x0000000B */
WORD e_maxalloc; /* 所需的最大附加段 0x0000000C-0x0000000D */
WORD e_ss; /* 初始的堆栈段(SS)相对偏移量值 0x0000000E-0x0000000F */
WORD e_sp; /* 初始的堆栈指针(SP)值 0x00000010-0x00000011 */
WORD e_csum; /* 校验和 0x00000012-0x00000013 */
WORD e_ip; /* 初始的指令指针(IP)值 0x00000014-0x00000015 */
WORD e_cs; /* 初始的代码段(CS)相对偏移量值 0x00000016-0x00000017 */
WORD e_lfarlc; /* 重定位表在文件中的偏移地址 0x00000018-0x00000019 */
WORD e_ovno; /* 覆盖号 0x0000001A-0x0000001B */
WORD e_res[4]; /* 保留字(一般都是为确保对齐而预留) 0x0000001C-0x00000023 */
WORD e_oemid; /* OEM 标识符(相对于 e_oeminfo) 0x00000024-0x00000025 */
WORD e_oeminfo; /* OEM 信息,即 e_oemid 的细节 0x00000026-0x00000027 */
WORD e_res2[10]; /* 保留字(一般都是为确保对齐而预留) 0x00000028-0x0000003B */
LONG e_lfanew; /* 新 exe 头在文件中的偏移地址 0x0000003C-0x0000003F */
} FIMAGE_DOS_HEADER, *FPIMAGE_DOS_HEADER;
/*文件头定义*/
typedef struct _FIMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} FIMAGE_FILE_HEADER, *FPIMAGE_FILE_HEADER;
typedef struct _FIMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
} FIMAGE_DATA_DIRECTORY,*FPIMAGE_DATA_DIRECTORY;
/*可选映像头*/
typedef struct _FIMAGE_OPTIONAL_HEADER {
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
FIMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} FIMAGE_OPTIONAL_HEADER32, *FPIMAGE_OPTIONAL_HEADER32;
/*PE Header定义*/
typedef struct _FIMAGE_NT_HEADERS { /*PE 头结构定义开始 */
DWORD Signature; /*签名(文件类型标志),文件中的偏移量由 DOS 头中的域 e_lfanew 来指定 */
FIMAGE_FILE_HEADER FileHeader; /*PE 文件头结构(占用20个字节) */
FIMAGE_OPTIONAL_HEADER32 OptionalHeader; /*可选头结构(占用224个字节) */
} FIMAGE_NT_HEADERS32, *FPIMAGE_NT_HEADERS32;
int f_dos_head (FILE * pf);
int f_file_head (FILE * pf,int v_offset);同名头文件的实现:fstruct.c
#include<stdio.h>
#include<stdlib.h>
#include "fstruct.h"
int f_dos_head(FILE * pf)
{
FPIMAGE_DOS_HEADER v_dos_head;
rewind(pf);
v_dos_head=(FPIMAGE_DOS_HEADER)malloc(sizeof(FIMAGE_DOS_HEADER));
if(v_dos_head==NULL)
{
printf("fail!");
return 0;
}
fread(&v_dos_head->e_magic,2,1,pf);
if(v_dos_head->e_magic == 0x5A4D)
{
fseek(pf,60L,SEEK_SET);
fread(&v_dos_head->e_lfanew,4,1,pf);
fseek(pf,v_dos_head->e_lfanew,SEEK_SET);
fread(&v_dos_head->e_magic,4,1,pf);
if(v_dos_head->e_magic == 0x4550)
{
return v_dos_head->e_lfanew;
}
else
{
printf("not PE header!");
return 0;
}
}
else
{
printf("not a DOS header!");
return 0;
}
}
int f_file_head(FILE * pf,int v_offset)
{
FPIMAGE_FILE_HEADER v_file_head;
FPIMAGE_OPTIONAL_HEADER32 v_optional_head;
v_file_head=(FPIMAGE_FILE_HEADER)malloc(sizeof(FIMAGE_FILE_HEADER));
v_optional_head=(FPIMAGE_OPTIONAL_HEADER32)malloc(sizeof(FIMAGE_OPTIONAL_HEADER32));
if(!v_file_head)
{
printf("fail!");
return 0;
}
rewind(pf);
if(!fseek(pf,v_offset+4,SEEK_SET))
{
if(fread(v_file_head,20L,1,pf)>0)
{
printf("Machine : %04XH\n",v_file_head->Machine);
printf("NumberOfSections : %04XH\n",v_file_head->NumberOfSections);
printf("TimeDateStamp : %08lXH\n",v_file_head->TimeDateStamp);
printf("PointerToSymbolTable : %08lXH\n",v_file_head->PointerToSymbolTable);
printf("NumberOfSymbols : %08lXH\n",v_file_head->NumberOfSymbols);
printf("SizeOfOptionalHeader : %04XH\n",v_file_head->SizeOfOptionalHeader);
printf("Characteristics : %04XH\n",v_file_head->Characteristics);
}
else
{
printf("fail!");
return 0;
}
if(v_optional_head==NULL)
{
printf("fail!");
return 0;
}
if(fread(v_optional_head,96L,1,pf)>0)
{
printf("Magic : %04XH\n",v_optional_head->Magic);
printf("MajorLinkerVersion : %02XH\n",v_optional_head->MajorLinkerVersion);
printf("MinorLinkerVersion : %02XH\n",v_optional_head->MinorLinkerVersion);
printf("SizeOfCode : %08lXH\n",v_optional_head->SizeOfCode);
printf("SizeOfInitializedData : %08lXH\n",v_optional_head->SizeOfInitializedData);
printf("SizeOfUninitializedData : %08lXH\n",v_optional_head->SizeOfUninitializedData);
printf("AddressOfEntryPoint : %08lXH\n",v_optional_head->AddressOfEntryPoint);
printf("BaseOfCode : %08lXH\n",v_optional_head->BaseOfCode);
printf("BaseOfData : %08lXH\n",v_optional_head->BaseOfData);
printf("ImageBase : %08lXH\n",v_optional_head->ImageBase);
printf("SectionAlignment : %08lXH\n",v_optional_head->SectionAlignment);
printf("FileAlignment : %08lXH\n",v_optional_head->FileAlignment);
printf("MajorOperatingSystemVersion : %04XH\n",v_optional_head->MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion : %04XH\n",v_optional_head->MinorOperatingSystemVersion);
printf("MajorImageVersion : %04XH\n",v_optional_head->MajorImageVersion);
printf("MinorImageVersion : %04XH\n",v_optional_head->MinorImageVersion);
printf("MajorSubsystemVersion : %04XH\n",v_optional_head->MajorSubsystemVersion);
printf("MinorSubsystemVersion : %04XH\n",v_optional_head->MinorSubsystemVersion);
printf("Win32VersionValue : %08lXH\n",v_optional_head->Win32VersionValue);
printf("SizeOfImage : %08lXH\n",v_optional_head->SizeOfImage);
printf("SizeOfHeaders : %08lXH\n",v_optional_head->SizeOfHeaders);
printf("CheckSum : %08lXH\n",v_optional_head->CheckSum);
printf("Subsystem : %04XH\n",v_optional_head->Subsystem);
printf("DllCharacteristics : %04XH\n",v_optional_head->DllCharacteristics);
printf("SizeOfStackReserve : %08lXH\n",v_optional_head->SizeOfStackReserve);
printf("SizeOfStackCommit : %08lXH\n",v_optional_head->SizeOfStackCommit);
printf("SizeOfHeapReserve : %08lXH\n",v_optional_head->SizeOfHeapReserve);
printf("SizeOfHeapCommit : %08lXH\n",v_optional_head->SizeOfHeapCommit);
printf("LoaderFlags : %08lXH\n",v_optional_head->LoaderFlags);
printf("NumberOfRvaAndSizes : %08lXH\n",v_optional_head->NumberOfRvaAndSizes);
}
else
{
printf("fail!");
return 0;
}
return 1;
}
else
{
printf("fail!");
return 0;
}
}主文件:sfile.c
#include<stdio.h>
#include<stdlib.h>
#include "fstruct.h"
int main(int argc,char *argv[])
{
FILE *pf;
if(argc>1)
{
pf=fopen(argv[1],"rb");
if(pf==NULL)
{
printf("fail\n");
return 0;
}
else
{
f_file_head(pf,f_dos_head(pf));
fclose(pf);
}
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- PE文件信息获取工具-PEINFO
- Android 常用开发工具类之 AppVersionUtil (获取应用版本信息工具)
- SNMP系统信息获取工具onesixtyone
- 获取IIS虚拟网站信息的工具
- 开源项目成熟度分析工具-利用github api获取代码库的信息
- Android ADB工具-操作手机和获取手设备信息(四)
- 微信公共平台接入之:网页授权(微信授权,微信access_token获取,获取微信用户信息),微信开发者工具使用,微信公众平台测试号申请接入
- 运用 Windows 工具获取 IPv6 配置信息
- python开发_platform_获取操作系统详细信息工具
- (总结)Linux下获取详细硬件信息的工具:Dmidecode命令详解
- SNMP系统信息获取工具onesixtyone
- PE信息获取 记录
- 运用 Windows 工具获取 IPv6 配置信息
- 使用 Diagwait 作为诊断工具,获取用于诊断 Oracle Clusterware 节点驱逐的更多信息 (文档 ID 1525761.1)
- 获取PE文件信息的封装
- python开发_platform_获取操作系统详细信息工具
- 运用 Windows 工具获取 IPv6 配置信息
- 自己写的一个PE文件FileVersionInfo类,可以轻松获取PE文件版本信息
- 获取apk信息工具(android SDK的aapt工具)
- pe文件解析:读取pe信息获取文件资源