#include "stdafx.h"
#include <stdio.h>
#include <string.h>
#include <iostream.h>
#include <math.h>
#include <stdlib.h>
#define DWORD unsigned long
#define LPVOID void*
#define VOID void
#define WORD unsigned short
#define LONG long
#define BYTE unsigned char
#define PWORD short*
#define IMAGE_DOS_SIGNATURE 0x5A4D // MZ
#define IMAGE_OS2_SIGNATURE 0x454E // NE
#define IMAGE_OS2_SIGNATURE_LE 0x454C // LE
#define IMAGE_VXD_SIGNATURE 0x454C // LE
#define IMAGE_NT_SIGNATURE 0x00004550 // PE00
#define IMAGE_SIZEOF_FILE_HEADER 0x14
#define IMAGE_SIZEOF_SHORT_NAME 8
typedef struct _IMAGE_DOS_HEADER { // DOS .EXE header
WORD e_magic; // Magic number
WORD e_cblp; // Bytes on last page of file
WORD e_cp; // Pages in file
WORD e_crlc; // Relocations
WORD e_cparhdr; // Size of header in paragraphs
WORD e_minalloc; // Minimum extra paragraphs needed
WORD e_maxalloc; // Maximum extra paragraphs needed
WORD e_ss; // Initial (relative) SS value
WORD e_sp; // Initial SP value
WORD e_csum; // Checksum
WORD e_ip; // Initial IP value
WORD e_cs; // Initial (relative) CS value
WORD e_lfarlc; // File address of relocation table
WORD e_ovno; // Overlay number
WORD e_res[4]; // Reserved words
WORD e_oemid; // OEM identifier (for e_oeminfo)
WORD e_oeminfo; // OEM information; e_oemid specific
WORD e_res2[10]; // Reserved words
LONG e_lfanew; // File address of new exe header
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
typedef struct _IMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
typedef struct _IMAGE_OPTIONAL_HEADER {
//
// Standard fields.
//
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
//
// NT additional fields.
//
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
// IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER32, *PIMAGE_OPTIONAL_HEADER32;
typedef struct _IMAGE_NT_HEADERS {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
union {
DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLinenumbers;
WORD NumberOfRelocations;
WORD NumberOfLinenumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
void* ReadPEFile(char* LpszFile)
{
FILE *pFile=NULL;
DWORD fileSize=0;
LPVOID pFileBuffer=NULL;
pFile=fopen(LpszFile,"rb");
if(!pFile)
{
printf("无法打开EXE文件");
return NULL;
}
//读取文件
fseek(pFile,0,SEEK_END);
fileSize=ftell(pFile);
fseek(pFile,0,SEEK_SET);
//分配缓冲区
pFileBuffer=malloc(fileSize);
if(!pFileBuffer)
{
printf("分配缓冲区失败");
fclose(pFile);
return NULL;
}
//将文件数据读取到缓冲区
size_t n=fread(pFileBuffer,fileSize,1,pFile);
if(!n)
{
printf("读取文件到缓冲区失败");
free(pFileBuffer);
fclose(pFile);
return NULL;
}
fclose(pFile);
return pFileBuffer;
}
VOID PrintNTHeaders(char *path)
{
LPVOID pFileBuffer=NULL;
PIMAGE_DOS_HEADER pDosHeader=NULL;
PIMAGE_NT_HEADERS pNTHeader=NULL;
PIMAGE_FILE_HEADER pPEHeader=NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader=NULL;
PIMAGE_SECTION_HEADER pSectionHeader=NULL;
pFileBuffer=ReadPEFile(path);
if(!pFileBuffer)
{
printf("读取文件失败");
return ;
}
if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)
{
printf("不是MZ");
free(pFileBuffer);
return ;
}
pDosHeader=(PIMAGE_DOS_HEADER)pFileBuffer;
//打印doc头
printf("************doc************\n");
printf("MZ偏移: %x\n",pDosHeader->e_magic);
printf(" e_cblp; 文件最后页的字节数: %x\n",pDosHeader->e_cblp);
printf(" e_cp; 文件页数: %x\n",pDosHeader->e_cp);
printf(" e_crlc; 重定义元素个数: %x\n",pDosHeader->e_crlc);
printf(" e_cparhdr; 头部尺寸,以段落为单位: %x\n",pDosHeader->e_cparhdr);
printf(" ; 所需的最小附加段: %x\n",pDosHeader->e_minalloc);
printf(" ; 所需的最大附加段: %x\n",pDosHeader->e_maxalloc);
printf(" e_ss; // 初始的SS值(相对偏移量): %x\n",pDosHeader->e_ss);
printf(" e_sp; // 初始的SP值: %x\n",pDosHeader->e_sp);
printf(" e_csum; // 校验和: %x\n",pDosHeader->e_csum);
printf(" e_ip; // 初始的IP值: %x\n",pDosHeader->e_ip);
printf(" e_cs; // 初始的CS值(相对偏移量): %x\n",pDosHeader->e_cs);
printf(" e_lfarlc; // 重分配表文件地址: %x\n",pDosHeader->e_lfarlc);
printf(" e_ovno; // 覆盖号: %x\n",pDosHeader->e_ovno);
printf(" e_res[4]; // 保留字: %x\n",pDosHeader->e_res);
printf(" e_oemid; // OEM标识符(相对e_oeminfo): %x\n",pDosHeader->e_oemid);
printf(" e_oeminfo; // OEM信息: %x\n",pDosHeader->e_oeminfo);
printf(" e_res2[10]; // 保留字: %x\n",pDosHeader->e_res2[0]);
printf("PE偏移: %x\n",pDosHeader->e_lfanew);
pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pDosHeader+(pDosHeader->e_lfanew));
printf("************NT************\n");
printf("NTsignature: %x-%x\n",(DWORD)&(pNTHeader->Signature),pNTHeader->Signature);
printf("NT-FileHeader: %x\n",pNTHeader->FileHeader);
pPEHeader=(PIMAGE_FILE_HEADER)((DWORD)pNTHeader+0x4);
printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->Machine),pPEHeader->Machine);
printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->NumberOfSections),pPEHeader->NumberOfSections);
printf("WORD Machine: %x-%x\n",(DWORD)&(pPEHeader->SizeOfOptionalHeader),pPEHeader->SizeOfOptionalHeader);
pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
for(int i=0;i<pPEHeader->NumberOfSections;i++){
pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader+sizeof(_IMAGE_SECTION_HEADER)*i);
printf("************第%d节表************\n",i+1);
printf(" Name: %x-%x%x%x%x%x%x%x%x\n",
(DWORD)&(pSectionHeader->Name),
pSectionHeader->Name[0],
pSectionHeader->Name[1],
pSectionHeader->Name[2],
pSectionHeader->Name[3],
pSectionHeader->Name[4],
pSectionHeader->Name[5],
pSectionHeader->Name[6],
pSectionHeader->Name[7]);
printf(" Name: %x-------%s\n",(DWORD)&(pSectionHeader->Name),pSectionHeader->Name);
printf(" VirtualAddress: %x-------%x\n",(DWORD)&(pSectionHeader->VirtualAddress),pSectionHeader->VirtualAddress);
printf(" PointerToRawData: %x-------%x\n",(DWORD)&(pSectionHeader->PointerToRawData),pSectionHeader->PointerToRawData);
}
free(pFileBuffer);
}
int main(int argc, char* argv[])
{
char path[]="d:/firefox.exe";
PrintNTHeaders(path);
printf("Hello World!\n");
return 0;
}