#include<stdio.h>
#include<string.h>
#include<windows.h>
char FileName[100]={0};
void PrintNTHeaders();
LPVOID ReadPEFile();
int main()
{
printf("Please input: (for example: D:/user/Desktop/PE文件对齐、内存对齐/解析pe头文件/实验.exe )\n");
gets(FileName);
PrintNTHeaders();
puts(FileName);
return 0;
}
void PrintNTHeaders()
{
LPVOID pFileBuffer = NULL;//文件缓冲区
PIMAGE_DOS_HEADER pDosHeader = NULL;//DOS头
PIMAGE_NT_HEADERS32 pNTHeader = NULL;//NT头
PIMAGE_FILE_HEADER pFileHeader =NULL;//文件头
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;//可选头
PIMAGE_SECTION_HEADER pSectionHeader = NULL;//节表头
size_t i;//循环打印 节区头
size_t j;
//读取文件进缓冲区
pFileBuffer = ReadPEFile();
if(!pFileBuffer)
{
printf("file read failure!\n");
return ;
}
//判断是否有效的MZ标志
if(*(PWORD)pFileBuffer != IMAGE_DOS_SIGNATURE)
{
printf("not a void 'MZ' flag!\n");
free(pFileBuffer);
return ;
}
//打印DOC头
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
printf("\n*****************DOC Header*******************\n");
printf("'MZ' Flag: %x\n",pDosHeader->e_magic);
printf("PE Offset: %x\n",pDosHeader->e_lfanew);
//判断是否有效的PE标志
if( *((PDWORD)((DWORD)pFileBuffer + pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE )
{
printf("not a void PE flag\n");
free(pFileBuffer);
return ;
}
//打印NT头
pNTHeader = (PIMAGE_NT_HEADERS32)((DWORD)pFileBuffer + pDosHeader->e_lfanew );//DWORD强转 很重要
printf("\n**********************************************************************\n");
printf("\n********************************NT Header*****************************\n");
printf("NT Flag: %x\n",pNTHeader->Signature);
//打印PE文件头
pFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader+4);//DWORD强转 很重要
printf("*************************File Header****************\n");
printf("Machine: %x\n",pFileHeader->Machine );
printf("NumberOfSections: %x\n",pFileHeader->NumberOfSections );
printf("TimeDateStamp: %x\n",pFileHeader->TimeDateStamp );
printf("PointerToSymbolTable: %x\n",pFileHeader->PointerToSymbolTable );
printf("NumberOfSymbols: %x\n",pFileHeader->NumberOfSymbols );
printf("SizeOfOptionalHeader: %x\n",pFileHeader->SizeOfOptionalHeader );
printf("Characteristics: %x\n",pFileHeader->Characteristics );
//打印PE 可选头
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFileHeader+IMAGE_SIZEOF_FILE_HEADER);//DWORD强转 很重要
printf("***********************Optional Header******************\n");
printf("Magic: %x\n",pOptionHeader->Magic);
printf("MajorLinkerVersion: %x\n",pOptionHeader->MajorLinkerVersion);
printf("MinorLinkerVersion: %x\n",pOptionHeader->MinorLinkerVersion);
printf("SizeOfCode: %x\n",pOptionHeader->SizeOfCode);
printf("SizeOfInitializedData: %x\n",pOptionHeader->SizeOfInitializedData);
printf("SizeOfUninitializedData: %x\n",pOptionHeader->SizeOfUninitializedData);
printf("AddressOfEntryPoint: %x\n",pOptionHeader->AddressOfEntryPoint);
printf("BaseOfCode: %x\n",pOptionHeader->BaseOfCode);
printf("BaseOfData: %x\n",pOptionHeader->BaseOfData);
printf("ImageBase: %x\n",pOptionHeader->ImageBase);
printf("SectionAlignment: %x\n",pOptionHeader->SectionAlignment);
printf("FileAlignment: %x\n",pOptionHeader->FileAlignment);
printf("MajorOperatingSystemVersion: %x\n",pOptionHeader->MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion: %x\n",pOptionHeader->MinorOperatingSystemVersion);
printf("MajorImageVersion: %x\n",pOptionHeader->MajorImageVersion);
printf("MinorImageVersion: %x\n",pOptionHeader->MinorImageVersion);
printf("MajorSubsystemVersion: %x\n",pOptionHeader->MajorSubsystemVersion);
printf("MinorSubsystemVersion: %x\n",pOptionHeader->MinorSubsystemVersion);
printf("Win32VersionValue: %x\n",pOptionHeader->Win32VersionValue);
printf("SizeOfImage: %x\n",pOptionHeader->SizeOfImage);
printf("SizeOfHeaders: %x\n",pOptionHeader->SizeOfHeaders);
printf("CheckSum: %x\n",pOptionHeader->CheckSum);
printf("Subsystem: %x\n",pOptionHeader->Subsystem);
printf("DllCharacteristics: %x\n",pOptionHeader->DllCharacteristics);
printf("SizeOfStackReserve: %x\n",pOptionHeader->SizeOfStackReserve);
printf("SizeOfStackCommit: %x\n",pOptionHeader->SizeOfStackCommit);
printf("SizeOfHeapReserve: %x\n",pOptionHeader->SizeOfHeapReserve);
printf("SizeOfHeapCommit: %x\n",pOptionHeader->SizeOfHeapCommit);
printf("LoaderFlags: %x\n",pOptionHeader->LoaderFlags);
printf("NumberOfRvaAndSizes: %x\n",pOptionHeader->NumberOfRvaAndSizes);
//打印节表
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader + pFileHeader->SizeOfOptionalHeader );//DWORD强转 很重要
printf("\n***************************************************************\n\n");
printf("***********************Section Header****************************\n");
for(i = pFileHeader->NumberOfSections ; i>0 ; i--)
{
printf("Name: ");
for(j=0 ; j<IMAGE_SIZEOF_SHORT_NAME ; j++)
printf("%c",pSectionHeader->Name[j]);
printf("\n");
// printf("VirtualSize(Misc): %x\n",pSectionHeader->Misc.VirtualSize );
printf("VirtualAddress: %x\n",pSectionHeader->VirtualAddress );
printf("SizeOfRawData: %x\n",pSectionHeader->SizeOfRawData);
printf("PointerToRawData: %x\n",pSectionHeader->PointerToRawData);
printf("PointerToRelocations: %x\n",pSectionHeader->PointerToRelocations);
printf("PointerToLinenumbers: %x\n",pSectionHeader->PointerToLinenumbers);
printf("NumberOfRelocations: %x\n",pSectionHeader->NumberOfRelocations);
printf("NumberOfLinenumbers: %x\n",pSectionHeader->NumberOfLinenumbers);
printf("Characteristics: %x\n",pSectionHeader->Characteristics);
pSectionHeader = (PIMAGE_SECTION_HEADER)( (DWORD)pSectionHeader + IMAGE_SIZEOF_SECTION_HEADER );
printf("\n");
}
//释放内存
free(pFileBuffer);
}
LPVOID ReadPEFile()
{
FILE* pFile = NULL;
DWORD FileSize = 0;
LPVOID pFileBuffer = 0;
size_t flag = 0;
// size_t i ;
//打开文件
pFile = fopen(FileName , "rb");
if(!pFile)
{
printf("open file failure!\n");
return NULL;
}
//读取文件大小
fseek(pFile , 0, SEEK_END);
FileSize = ftell(pFile);
fseek(pFile , 0 , SEEK_SET);
//分配缓冲区
pFileBuffer = malloc(FileSize);
if(!pFileBuffer)
{
printf("allocation space failure!\n");
fclose(pFile);
return NULL;
}
//将文件数据读取到缓冲区
flag = fread(pFileBuffer , FileSize , 1 , pFile);
if(!flag)
{
printf("read data failure!\n");
fclose(pFile);
free(pFile);
return NULL;
}
/*输出16进制数据
for(i=0 ; i<FileSize;i++)
{
printf("%x",*((byte*)pFileBuffer+i));
}
*/
//关闭文件
fclose(pFile);
//返回指针 指向文件数据
return pFileBuffer;
}
标签:逆向,PIMAGE,pFileBuffer,pSectionHeader,pFileHeader,printf,pOptionHeader,解析,PE From: https://www.cnblogs.com/nish1hundun/p/17381106.html