C语言编写控制台下PE分析工具(二)
2015-08-26 00:06
519 查看
五、输出数据目录表信息
由于数据目录数组中包含16个元素,所以循环16次,依次输出每个数据目录表的信息:
void ShowDataDirInfo(PMAP_FILE_STRUCT stMapFile)
{
char strTmp[9] = { 0 };
char data[16][50] = {
"Export Table:",
"Import Table:",
"Resource: ",
"Exception: ",
"Security: ",
"Relocation: ",
"Debug: ",
"Copyright: ",
"Globalptr: ",
"Tls Table: ",
"LoadConfig: ",
"IAT: ",
"Bound Import:",
"COM: ",
"Delay Import:",
"No Use: "
};
PIMAGE_OPTIONAL_HEADER pOH = nullptr;
pOH = GetOptionalHeader(stMapFile->ImageBase);
if (!pOH)
{
return;
}
printf("\n\n[Data Directory]\n");
printf("\t\t\t RVA\t\t\t Size\n");
for (int i = 0; i < 16; i++)
{
printf("%s\t\t%08lX\t\t%08lX\n", data[i], pOH->DataDirectory[i].VirtualAddress, pOH->DataDirectory[i].Size);
}
}
结果如下图所示:
六、输出区块表信息
首先获取指向第一个区块表的指针
PIMAGE_SECTION_HEADER GetFirstSectionHeader(LPVOID ImageBase)
{
if (!ImageBase)
{
return nullptr;
}
PIMAGE_NT_HEADERS pNH = nullptr;
PIMAGE_SECTION_HEADER pSH = nullptr;
pNH = GetNtHeaders(ImageBase);
if (!pNH)
{
return nullptr;
}
pSH = IMAGE_FIRST_SECTION(pNH);
return pSH;
}
然后根据IMAGE_FILE_HEADER中的SizeOfOptionalHeader判断区块表的数目,循环输出每一个区块表:
void ShowSectionHeaderInfo(PMAP_FILE_STRUCT stMapFile)
{
PIMAGE_FILE_HEADER pFH = nullptr;
PIMAGE_SECTION_HEADER pSH = nullptr;
pFH = GetFileHeader(stMapFile->ImageBase);
if (!pFH)
{
return;
}
WORD OptionalLength = pFH->SizeOfOptionalHeader;
PIMAGE_OPTIONAL_HEADER pOH = GetOptionalHeader(stMapFile->ImageBase);
pSH = (PIMAGE_SECTION_HEADER)((DWORD)pOH + OptionalLength);
printf("\n\n[Section Table]\n");
printf(" Name VAddress VSize RAddress RSize Flags\n");
for (int i = 0; i < pFH->NumberOfSections; i++)
{
printf("%s\t%08lX %08lX %08lX %08lX %08lX\n", pSH->Name, pSH->VirtualAddress, pSH->Misc,
pSH->PointerToRawData, pSH->SizeOfRawData, pSH->Characteristics);
pSH++;
}
}
结果如图所示:
主函数:
MAP_FILE_STRUCT stMapFile = { nullptr, nullptr, nullptr };
int main()
{
LPTSTR filePath = TEXT("D:\\PEInfo_example.exe");
UnLoadFile(&stMapFile);
if (!LoadFile(filePath, &stMapFile))
{
return -1;
}
if (!IsPEFile(stMapFile.ImageBase))
{
UnLoadFile(&stMapFile);
return -1;
}
ShowFileHeaderInfo(&stMapFile);
ShowDataDirInfo(&stMapFile);
ShowSectionHeaderInfo(&stMapFile);
UnLoadFile(&stMapFile);
return 0;
}
由于数据目录数组中包含16个元素,所以循环16次,依次输出每个数据目录表的信息:
void ShowDataDirInfo(PMAP_FILE_STRUCT stMapFile)
{
char strTmp[9] = { 0 };
char data[16][50] = {
"Export Table:",
"Import Table:",
"Resource: ",
"Exception: ",
"Security: ",
"Relocation: ",
"Debug: ",
"Copyright: ",
"Globalptr: ",
"Tls Table: ",
"LoadConfig: ",
"IAT: ",
"Bound Import:",
"COM: ",
"Delay Import:",
"No Use: "
};
PIMAGE_OPTIONAL_HEADER pOH = nullptr;
pOH = GetOptionalHeader(stMapFile->ImageBase);
if (!pOH)
{
return;
}
printf("\n\n[Data Directory]\n");
printf("\t\t\t RVA\t\t\t Size\n");
for (int i = 0; i < 16; i++)
{
printf("%s\t\t%08lX\t\t%08lX\n", data[i], pOH->DataDirectory[i].VirtualAddress, pOH->DataDirectory[i].Size);
}
}
结果如下图所示:
六、输出区块表信息
首先获取指向第一个区块表的指针
PIMAGE_SECTION_HEADER GetFirstSectionHeader(LPVOID ImageBase)
{
if (!ImageBase)
{
return nullptr;
}
PIMAGE_NT_HEADERS pNH = nullptr;
PIMAGE_SECTION_HEADER pSH = nullptr;
pNH = GetNtHeaders(ImageBase);
if (!pNH)
{
return nullptr;
}
pSH = IMAGE_FIRST_SECTION(pNH);
return pSH;
}
然后根据IMAGE_FILE_HEADER中的SizeOfOptionalHeader判断区块表的数目,循环输出每一个区块表:
void ShowSectionHeaderInfo(PMAP_FILE_STRUCT stMapFile)
{
PIMAGE_FILE_HEADER pFH = nullptr;
PIMAGE_SECTION_HEADER pSH = nullptr;
pFH = GetFileHeader(stMapFile->ImageBase);
if (!pFH)
{
return;
}
WORD OptionalLength = pFH->SizeOfOptionalHeader;
PIMAGE_OPTIONAL_HEADER pOH = GetOptionalHeader(stMapFile->ImageBase);
pSH = (PIMAGE_SECTION_HEADER)((DWORD)pOH + OptionalLength);
printf("\n\n[Section Table]\n");
printf(" Name VAddress VSize RAddress RSize Flags\n");
for (int i = 0; i < pFH->NumberOfSections; i++)
{
printf("%s\t%08lX %08lX %08lX %08lX %08lX\n", pSH->Name, pSH->VirtualAddress, pSH->Misc,
pSH->PointerToRawData, pSH->SizeOfRawData, pSH->Characteristics);
pSH++;
}
}
结果如图所示:
主函数:
MAP_FILE_STRUCT stMapFile = { nullptr, nullptr, nullptr };
int main()
{
LPTSTR filePath = TEXT("D:\\PEInfo_example.exe");
UnLoadFile(&stMapFile);
if (!LoadFile(filePath, &stMapFile))
{
return -1;
}
if (!IsPEFile(stMapFile.ImageBase))
{
UnLoadFile(&stMapFile);
return -1;
}
ShowFileHeaderInfo(&stMapFile);
ShowDataDirInfo(&stMapFile);
ShowSectionHeaderInfo(&stMapFile);
UnLoadFile(&stMapFile);
return 0;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何在C++中调用C程序?
- C++ 对象的内存布局(下)
- C++ 对象的内存布局(上)
- 异常安全的C++类
- C++ 单例模式
- C++ 之类型转换操作符
- c++ stringstream 进行字符串到整数的转换
- Item 11:赋值运算符的自赋值问题 Effective C++笔记
- Effective C++——条款1和条款2(第1章)
- 算法学习 - 最长公共子序列(LCS)C++实现
- C++实现两个已经排序的链表进行合并
- QLayout之addStretch
- c++ 纯虚函数与抽象类
- 【转载】C++创建对象的两种方法
- hdu2066 最短路 dijkstra
- c语言二维数组在子函数中的传址
- 在Windows下使用Dev-C++开发基于pthread.h的多线程程序【转】
- C++ 中超类化和子类化
- C语言实现二叉排序树
- c++中按位取反运算,类型转换,扩位