// 注意下图PE文件格式详解图中的
// IMAGE_NT_HEADERS------->OptionalHeader------>DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]字段
#include <windows.h> HANDLE hWriteFileHandle = NULL ; HANDLE hReadFileHandle = NULL ; HANDLE hFileMapping = NULL ; LPVOID lpVoidFileBaseAddress = NULL ; IMAGE_DOS_HEADER * lpidh_Dos_Header= NULL ; IMAGE_NT_HEADERS * lpinh_NTHeader= NULL ; #define RETURN_FAIL -1 #define RETURN_SUCC 1 typedef struct __DIGITAL_SIGNATURE_DATA_PARAM { DWORD dwVirtulAddress; DWORD dwSize; } SIGNATURE_DATA_PARAM,LPSIGNATURE_DATA_PARAM; #include <iostream> using namespace std; void UsingFuction() { cout<<"----------export cer from exe ------------>>"<<endl; cout<<"--EX:srcpath[*.exe] despath [*.cer]------->>"<<endl; cout<<"------------------------------------------>>"<<endl; } int main( int argc,char **argv) { switch (argc) { case 1: cout<<"help using usage -h"<<endl; break; case 2: { if (strcmp(argv[1],"-h")) { UsingFuction(); return RETURN_FAIL; } } break; case 3: cout<<"all argument is ok"<<endl; break; default: cout<<"argument is error"<<endl; break; } if (argc!=3) { UsingFuction(); return RETURN_FAIL; } TCHAR* lpcerFilePath=argv[2]; TCHAR* lpPeFilePath=argv[1]; hReadFileHandle = CreateFile(lpPeFilePath, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL , OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL ) ; if ( hReadFileHandle==INVALID_HANDLE_VALUE ) return RETURN_FAIL; hFileMapping = CreateFileMapping( hReadFileHandle, NULL , PAGE_READONLY, 0, 0, NULL ) ; if ( ! hFileMapping ) { CloseHandle( hReadFileHandle) ; return RETURN_FAIL; } lpVoidFileBaseAddress = MapViewOfFile( hFileMapping, FILE_MAP_READ, 0, 0, 0) ; if ( ! lpVoidFileBaseAddress ) { CloseHandle( hFileMapping) ; CloseHandle( hReadFileHandle) ; return RETURN_FAIL; } lpidh_Dos_Header = (IMAGE_DOS_HEADER* ) lpVoidFileBaseAddress; if ( lpidh_Dos_Header->e_magic!=IMAGE_DOS_SIGNATURE ) return RETURN_FAIL; lpinh_NTHeader=(IMAGE_NT_HEADERS*)((char*)lpVoidFileBaseAddress+lpidh_Dos_Header->e_lfanew) ; if ( lpinh_NTHeader->Signature!=IMAGE_NT_SIGNATURE ) return RETURN_FAIL; // SIGNATURE_DATA_PARAM sdp; sdp.dwVirtulAddress=lpinh_NTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress; sdp.dwSize=lpinh_NTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size; PBYTE pbBufferSignture=new byte[sdp.dwSize]; DWORD dwReadedSize=0; SetFilePointer(hReadFileHandle,sdp.dwVirtulAddress,0,FILE_BEGIN); ReadFile(hReadFileHandle,pbBufferSignture,sdp.dwSize,&dwReadedSize,NULL); // hWriteFileHandle = CreateFile(lpcerFilePath, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL , CREATE_ALWAYS, FILE_ATTRIBUTE_ARCHIVE, NULL ) ; if ( hWriteFileHandle==INVALID_HANDLE_VALUE ) return RETURN_FAIL; DWORD dwWritedSize=0; WriteFile(hWriteFileHandle,pbBufferSignture,dwReadedSize,&dwWritedSize,NULL); WriteFile(hWriteFileHandle,&sdp.dwSize,sizeof(sdp.dwSize),&dwWritedSize,NULL); delete pbBufferSignture; UnmapViewOfFile( lpVoidFileBaseAddress) ; CloseHandle( hFileMapping); CloseHandle( hReadFileHandle); CloseHandle(hWriteFileHandle); return RETURN_SUCC; }
PE文件格式详解图
PE文件数字签名信息读取存储及格式详解图之上(历史代码,贴出学习)
时间: 2024-09-29 19:09:13