|
|
/*
* ½üÈÕѧϰpeÎļþ¸ñʽ£¬Ð´ÁËÒ»¸ö¼òµ¥µÄ·ÖÎö³ÌÐò
* ¸öÈËÍøÕ¾£ºhttp://ggg82.126.com
* µç×ÓÓʼþ£ºggg82@163.com
* QQ:358416653
*
* ±¾³ÌÐòÔÚwin2000+vc6ƽ̨±àÒëͨ¹ý
* ѧϰ²Î¿¼£º¿´Ñ§ÂÛ̳
*/
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <conio.h>
void help()
{
printf("Usage:Pedir <exefile>\n");
printf("Press any key to exit this program.\n");
getch();
}
//IMAGE_DOS_SIGNATURE
int main(int argc,char *argv[])
{
IMAGE_DOS_HEADER *pDosHead;
IMAGE_NT_HEADERS *pPeHead;
IMAGE_SECTION_HEADER *pSectionHead;
HANDLE hFile,hMapping;
char *pBasePoint;
// char buffer[MAX_PATH];
int i;
if(argc<2)
{
help();
exit(1);
}
hFile=CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,0); //Create the File handle
if (hFile==INVALID_HANDLE_VALUE)
{ //test File Handle
GetLastError();
return 0;
}
if (!(hMapping=CreateFileMapping(hFile,0,PAGE_READONLY|SEC_COMMIT,0,0,0)))
{ //Create the File Map and test
CloseHandle(hFile);
return 0;
}
if (!(pBasePoint=MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0)))
{
CloseHandle(hFile);
CloseHandle(hMapping);
return 0;
} // GetShortPathName(argv[1],buffer,sizeof buffer);
//ÅжÏÊÇ·ñÊÇpeÎļþ
pDosHead=(IMAGE_DOS_HEADER *)pBasePoint;
if(IMAGE_DOS_SIGNATURE!=pDosHead->e_magic)
{
printf("DOSÎļþÍ·³ö´í£¡\n");
exit(1);
}
//ͨ¹ýDosÍ·ÕÒµ½peÍ·
pPeHead=(IMAGE_NT_HEADERS *)(pBasePoint+pDosHead->e_lfanew);
//ÅжÏpeÍ·
if(IMAGE_NT_SIGNATURE!=pPeHead->Signature)
{
printf("PEÎļþÍ·´íÎó£¡\n");
exit(1);
}
//Áгöpe fileheadµÄÐÅÏ¢
printf("ÔËÐÐƽ̨£º\t");
if(IMAGE_FILE_MACHINE_I386==pPeHead->FileHeader.Machine)
printf("%s\n","X86CPU");
else
printf("δ֪(%X)\n",pPeHead->FileHeader.Machine);
printf("½ÚÊýÄ¿£º\t%d\n",pPeHead->FileHeader.NumberOfSections);
printf("´´½¨Ê±¼ä£º\t%X\n",pPeHead->FileHeader.TimeDateStamp);
printf("PointerToSymbolTable:\t%X\n",pPeHead->FileHeader.PointerToSymbolTable);
printf("NumberOfSymbols:\t%X\n",pPeHead->FileHeader.NumberOfSymbols);
printf("SizeOfOptionalHeader:\t%X\n",pPeHead->FileHeader.SizeOfOptionalHeader);
printf("Characteristics:\t%X\n",pPeHead->FileHeader.Characteristics);
//ÁгöOptional HeaderÐÅÏ¢
printf("½øÈëµã£º\t%x\n",pPeHead->OptionalHeader.AddressOfEntryPoint);
printf("ÔØÈëµØÖ·£º\t%x\n",pPeHead->OptionalHeader.ImageBase);
printf("ÄÚ´æ¶ÔÆ룺\t%x\n",pPeHead->OptionalHeader.SectionAlignment);
printf("Îļþ¶ÔÆ룺\t%x\n",pPeHead->OptionalHeader.FileAlignment);
printf("MajorSubsystemVersion£º\t%x\n",pPeHead->OptionalHeader.MajorSubsystemVersion);
printf("MinorSubsystemVersion£º\t%x\n",pPeHead->OptionalHeader.MinorSubsystemVersion);
printf("Ó³Ïñ´óС£º\t%x\n",pPeHead->OptionalHeader.SizeOfImage);
printf("Í·´óС£º\t%x\n",pPeHead->OptionalHeader.SizeOfHeaders);
printf("½çÃ棺\t%x\n",pPeHead->OptionalHeader.Subsystem);
//DataDirectory
//Section Table
//fseetÓ¦¸Ã²»Óö¨Î»ÁË°É
for(i=0;i<pPeHead->FileHeader.NumberOfSections;i++)
{
int j;
pSectionHead=(IMAGE_SECTION_HEADER *)((char *)pPeHead+sizeof *pPeHead+i*sizeof *pSectionHead);
printf("\n½ÚÃû³Æ£º\t");
for(j=0;j<sizeof pSectionHead->Name;j++)
{
if(0==pSectionHead->Name[j])
break;
putchar(pSectionHead->Name[j]);
}
printf("\n±¾½ÚµÄRVA£º\t%X\n",pSectionHead->VirtualAddress);
printf("Ó³Éä³ß´ç£º\t%X\n",pSectionHead->SizeOfRawData);
printf("ÎļþÊý¾ÝÆ«ÒÆ£º\t%X\n",pSectionHead->PointerToRawData);
printf("½ÚÊôÐÔ£º\t%X\n",pSectionHead->Characteristics);
}
#define addr(rva) (void *)((char *)((char *)pBasePoint+pSectionHead->PointerToRawData)+((DWORD)(rva)-pSectionHead->VirtualAddress))
//µ¼Èë±í//±éÀú½Ú±í²éÕÒµ¼Èë±íµÄλÖÃ
for(i=0;i<pPeHead->FileHeader.NumberOfSections;i++)
{
IMAGE_DATA_DIRECTORY *pData=&pPeHead->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT];
pSectionHead=(IMAGE_SECTION_HEADER *)((char *)pPeHead+sizeof *pPeHead+i*sizeof *pSectionHead);
//²é¿´µ¼Èë±íÊÇ·ñÔڸýÚÄÚ
if(pData->VirtualAddress>=pSectionHead->VirtualAddress
&&pData->VirtualAddress+pData->Size<=pSectionHead->VirtualAddress+pSectionHead->SizeOfRawData)
{
//¶¨Î»µØÖ·
IMAGE_IMPORT_DESCRIPTOR *pImport=addr(pData->VirtualAddress);
while(pImport->Name)
{
IMAGE_THUNK_DATA *imThunk_data=addr(pImport->Characteristics);
//Êä³öÄ£¿éÃû³Æ
printf("\nµ¼ÈëÄ£¿é£º%s\n\n",(char *)addr(pImport->Name));
//Êä³öÒýÈ뺯Êý±í
while(imThunk_data->u1 .Ordinal)
{
if(IMAGE_SNAP_BY_ORDINAL(imThunk_data->u1.Ordinal))
{
printf("\tµ¼ÈëID£º\t%d\n",IMAGE_ORDINAL(imThunk_data->u1 .Ordinal ));
}
else
{
IMAGE_IMPORT_BY_NAME *imImport_Name=(IMAGE_IMPORT_BY_NAME *) addr(imThunk_data->u1.AddressOfData);
printf("\tµ¼È뺯Êý£º\t%s\n",(char *)imImport_Name->Name);
}
imThunk_data++;
}//*/
pImport++;
}
break;
}
}
//µ¼³ö±í//ºÍµ¼Èë±êʵÏÖ·½·¨ÀàËÆ
CloseHandle(hFile);
CloseHandle(hMapping);
return 0;
}ÿ
|
|
