1、编写程序读取一个.exe文件,输出所有的PE头信息. 

#include<stdio.h>
#include<windows.h>
#pragma warning(disable:4996)
int main()
{
    PIMAGE_DOS_HEADER PDOS_HEADER = NULL;
    PIMAGE_NT_HEADERS PNT_HEADER = NULL;
    PIMAGE_FILE_HEADER PFILE_HEADER = NULL;
    PIMAGE_OPTIONAL_HEADER POPTIONAL_HEADER = NULL;
    //上面这四个结构体包含在头文件windows.h中,
    FILE* p = NULL;
    p = fopen("c:\\windows\\system32\\notepad.exe","rb");
    if (p == NULL)
        printf("读取失败");
    fseek(p, 0L, SEEK_END);
    int length;
    length = ftell(p);
    fseek(p, 0L, SEEK_SET);
    char* str = (char*)calloc(length + 1, sizeof(char));
    fread(str, length, sizeof(char), p);
    PDOS_HEADER = (PIMAGE_DOS_HEADER)str;//获取DOS头
    printf("DOS头:\n");
    printf("E_magic:%x\n", PDOS_HEADER->e_magic);
    printf("E_lfanew:%x\n", PDOS_HEADER->e_lfanew);
    PNT_HEADER = (PIMAGE_NT_HEADERS)(str+PDOS_HEADER->e_lfanew);//获取NT头
    printf("NT头:\n");
    printf("Signature:%\n", PNT_HEADER->Signature);
    PFILE_HEADER = (PIMAGE_FILE_HEADER)(str + PDOS_HEADER->e_lfanew + 4);//获取FILE头,至于为什么此处要+4,以及下面要加24,看下图。
    printf("FILE头:%x\n");
    printf("Machine:%x\n", PFILE_HEADER->Machine);
    printf("NumberOfSections:%x\n", PFILE_HEADER->NumberOfSections);
    printf("TimeDateStamp:%x\n", PFILE_HEADER->TimeDateStamp);
    printf("SizeOfOptionaHeader:%x\n", PFILE_HEADER->SizeOfOptionalHeader);
    printf("Characteristics:%x\n", PFILE_HEADER->Characteristics);
    printf("Optinal头:\n");
    POPTIONAL_HEADER = (PIMAGE_OPTIONAL_HEADER)(str + PDOS_HEADER->e_lfanew + 24);//获取OPTIONAL头
    printf("Magic:%x\n", POPTIONAL_HEADER->Magic);
    printf("SizeOfCode:%x\n", POPTIONAL_HEADER->SizeOfCode);
    printf("SizeOfInitializedData:%x\n", POPTIONAL_HEADER->SizeOfInitializedData);
    printf("SizeOfUninitializedData:%x\n", POPTIONAL_HEADER->SizeOfUninitializedData);
    printf("AddressOfEntryPoint:%x\n", POPTIONAL_HEADER->AddressOfEntryPoint);
    printf("BaseOfCode:%x\n", POPTIONAL_HEADER->BaseOfCode);
    printf("BaseOfData:%x\n", POPTIONAL_HEADER->BaseOfData);
    printf("ImageBase:%x\n", POPTIONAL_HEADER->ImageBase);
    printf("SectionAlignment:%x\n", POPTIONAL_HEADER->SectionAlignment);
    printf("FileAlignment:%x\n", POPTIONAL_HEADER->FileAlignment);
    printf("SizeOfImage:%x\n", POPTIONAL_HEADER->SizeOfImage);
    printf("SizeOfHeaders:%x\n", POPTIONAL_HEADER->SizeOfHeaders);
    printf("CheckSum:%x\n", POPTIONAL_HEADER->CheckSum);
    printf("SizeOfStackReserve:%x\n", POPTIONAL_HEADER->SizeOfStackReserve);
    printf("SizeOfStackCommit:%x\n", POPTIONAL_HEADER->SizeOfStackCommit);
    printf("SizeOfHeapReserve:%x\n", POPTIONAL_HEADER->SizeOfHeapReserve);
    printf("SizeOfHeapCommit:%x\n", POPTIONAL_HEADER->SizeOfHeapReserve);
    free(str);
    fclose(p);
    return 0;
}
最后修改:2020 年 10 月 19 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏