1 void Funcation4()
2 {
3 char* file_buffer;
4 long file_size = 0;
5 FILE* fp;
6 fp = fopen("notepad-32bit.exe", "rb");
7 fseek(fp, 0, SEEK_END);
8 file_size = ftell(fp);
9 printf("文件大小为:%d字节\n", file_size);
10 //这里重新指向开头
11 rewind(fp);
12 //申请内存空间
13 file_buffer = (char*)malloc(file_size);
14 printf("file_buffer:%x\n", file_buffer);
15 //初始化内存空间
16 memset(file_buffer, 0, file_size);
17 //将文件读入内存中
18 fread(file_buffer, file_size, 1, fp);
19 //这里是用windows.h头文件,使用了Windows.h之后才有下面的内容,定义一个结构体指向那块内存
20 //这个就是DOS头获取的方式?
21 PIMAGE_DOS_HEADER Dos = (PIMAGE_DOS_HEADER)file_buffer;
22 printf("DOS:%x\n", Dos);
23 printf("********************DOS头********************\n");
24 printf("MZ标识---E_magic:%x\n", Dos->e_magic);
25 printf("PE偏移---e_lfarlc:%x\n", Dos->e_lfarlc);
26 //打印NT头内容
27 //判断是否是有效的PE文件
28 if (*((PDWORD)((DWORD)file_buffer + Dos->e_lfanew)) != IMAGE_NT_SIGNATURE)
29 {
30 printf("不是有效的PE标志\n");
31 free(file_buffer);
32 return;
33 }
34 //获取NT头位置,这句话主要解释下这里:file_buffer(DOS初始位置) + Dos->e_lfanew,file_buffer + Dos->e_lfanew就是NT开始位置
35 printf("********************NT头********************\n");
36 PIMAGE_NT_HEADERS Nt = (PIMAGE_NT_HEADERS)(file_buffer + Dos->e_lfanew);
37 printf("nt:%x\n", file_buffer + Dos->e_lfanew);
38 printf("nt--Signature:%x\n", Nt->Signature);
39 //nt指向fileheader
40 printf("nt--FileHeader:%x\n", Nt->FileHeader);
41 //nt指向OptionalHeader
42 printf("nt--OptionalHeader:%x\n", Nt->OptionalHeader);
43 //这里加4个字节越过nt--Signature,得到machine的位置
44 printf("********************File_header********************\n");
45 PIMAGE_FILE_HEADER File_header = (PIMAGE_FILE_HEADER)(file_buffer + Dos->e_lfanew + 4);
46 printf("File_header---Machine:%x\n", File_header->Machine);
47 printf("File_header---NumberOfSections:%x\n", File_header->NumberOfSections);
48 printf("File_header---TimeDateStamp:%x\n", File_header->TimeDateStamp);
49 printf("File_header---SizeOfOptionalHeader:%x\n", File_header->SizeOfOptionalHeader);
50 printf("File_header---Characteristics:%x\n", File_header->Characteristics);
51 //这里在fileheader 的基础上越过20个字节得到Option_header
52 printf("********************Option_header********************\n");
53 PIMAGE_OPTIONAL_HEADER Option_header = (PIMAGE_OPTIONAL_HEADER)(file_buffer + Dos->e_lfanew + 4 + 20);
54 printf("Option_header---Magic:%x\n", Option_header->Magic);
55 printf("Option_header---SizeOfCode:%x\n", Option_header->SizeOfCode);
56 printf("Option_header---SizeOfInitializedData:%x\n", Option_header->SizeOfInitializedData);
57 printf("Option_header---AddressOfEntryPoint:%x\n", Option_header->AddressOfEntryPoint);
58 printf("Option_header---BaseOfCode:%x\n", Option_header->BaseOfCode);
59 printf("Option_header---BaseOfData:%x\n", Option_header->BaseOfData);
60 printf("Option_header---ImageBase:%x\n", Option_header->ImageBase);
61 printf("Option_header---SectionAlignment:%x\n", Option_header->SectionAlignment);
62 printf("Option_header---FileAlignment:%x\n", Option_header->FileAlignment);
63 printf("Option_header---SizeOfHeaders:%x\n", Option_header->SizeOfHeaders);
64 printf("Option_header---CheckSum:%x\n", Option_header->CheckSum);
65 printf("Option_header---SizeOfStackReserve:%x\n", Option_header->SizeOfStackReserve);
66 printf("Option_header---SizeOfStackCommit:%x\n", Option_header->SizeOfStackCommit);
67 printf("Option_header---SizeOfHeapReserve:%x\n", Option_header->SizeOfHeapReserve);
68 printf("Option_header---SizeOfHeapCommit:%x\n", Option_header->SizeOfHeapCommit);
69 printf("Option_header---NumberOfRvaAndSizes:%x\n", Option_header->NumberOfRvaAndSizes);
70 free(file_buffer);
71 }
72 ///20221120获取pe文件结构
73
74 int main(void)
75 {
76 Funcation4();
77 return 0;
78 }
标签:Option,buffer,PE,C语言,---,header,file,printf,解析 From: https://www.cnblogs.com/0x200/p/16908203.html