• C语言编程获取PE文件Section_Header

    #include <windows.h>
#include <stdio.h>
#include <tchar.h>

void viewImageSectionHeaderCharacteristics(DWORD);

int _tmain(int argc, TCHAR *argv[])
{
	PIMAGE_DOS_HEADER pImageDosHeader;
	PIMAGE_NT_HEADERS pImageNTHeaders;
	PIMAGE_SECTION_HEADER pImageSectionHeader;
	HANDLE hFile;
	HANDLE hMapObject;
	PUCHAR uFileMap;
	DWORD dwCount;

	if (argc < 2)
		return (-1);

	if (!(hFile = CreateFile(argv[1], GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0)))
		return (-1);

	if (!(hMapObject = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL)))
		return (-1);

	if (!(uFileMap = MapViewOfFile(hMapObject, FILE_MAP_READ, 0, 0, 0)))
		return (-1);

	pImageDosHeader = (PIMAGE_DOS_HEADER) uFileMap ;
	if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
		return (-1);

	pImageNTHeaders = (PIMAGE_NT_HEADERS) ((PUCHAR) uFileMap + pImageDosHeader->e_lfanew);
	if (pImageNTHeaders->Signature != IMAGE_NT_SIGNATURE)
		return (-1);
	pImageSectionHeader = (PIMAGE_SECTION_HEADER) ((DWORD) pImageNTHeaders + sizeof (IMAGE_NT_HEADERS));
	for (dwCount = 0; dwCount != pImageNTHeaders->FileHeader.NumberOfSections; dwCount++) {
		printf("Name:                   %s
", pImageSectionHeader->Name);
		printf("Misc:                   %08X
", pImageSectionHeader->Misc);
		printf("VirtualAddress:         %08X
", pImageSectionHeader->VirtualAddress);
		printf("SizeOfRawData:          %08X
", pImageSectionHeader->SizeOfRawData);
		printf("PointerToRawData:       %08X
", pImageSectionHeader->PointerToRawData);
		printf("PointerToRelocations:   %08X
", pImageSectionHeader->PointerToRelocations);
		printf("PointerToLinenumbers:   %08X
", pImageSectionHeader->PointerToLinenumbers);
		printf("NumberOfRelocations:    %04X
", pImageSectionHeader->NumberOfRelocations);
		printf("NumberOfLinenumbers:    %04X
", pImageSectionHeader->NumberOfLinenumbers);
		printf("Characteristics:        %08X", pImageSectionHeader->Characteristics);
		viewImageSectionHeaderCharacteristics(pImageSectionHeader->Characteristics);
		printf("
");
		pImageSectionHeader = (PIMAGE_SECTION_HEADER) ((DWORD) pImageSectionHeader + sizeof (IMAGE_SECTION_HEADER));
	}
	UnmapViewOfFile(uFileMap);
	CloseHandle(hMapObject);
	CloseHandle(hFile);
	return (0);
}

void	viewImageSectionHeaderCharacteristics(DWORD dwCharacteristics)
{
	BYTE	szCharacteristics[100];

	memset(szCharacteristics, 0, 100);
	szCharacteristics[0] = '(';
	if (dwCharacteristics & IMAGE_SCN_CNT_CODE)
		strcat(szCharacteristics, "CODE|");
	if (dwCharacteristics & IMAGE_SCN_CNT_INITIALIZED_DATA)
		strcat(szCharacteristics, "INITIALIZED_DATA|");
	if (dwCharacteristics & IMAGE_SCN_CNT_UNINITIALIZED_DATA)
		strcat(szCharacteristics, "UNINITIALIZED_DATA|");
	if (dwCharacteristics & IMAGE_SCN_LNK_OTHER)
		strcat(szCharacteristics, "LNK_OTHER|");
	if (dwCharacteristics & IMAGE_SCN_LNK_INFO)
		strcat(szCharacteristics, "LNK_INFO|");
	if (dwCharacteristics & IMAGE_SCN_LNK_REMOVE)
		strcat(szCharacteristics, "LNK_REMOVE|");
	if (dwCharacteristics & IMAGE_SCN_LNK_COMDAT)
		strcat(szCharacteristics, "LNK_COMDAT|");
	if (dwCharacteristics & IMAGE_SCN_MEM_FARDATA)
		strcat(szCharacteristics, "MEM_FARDATA|");
	if (dwCharacteristics & IMAGE_SCN_MEM_PURGEABLE)
		strcat(szCharacteristics, "MEM_PURGEABLE|");
	if (dwCharacteristics & IMAGE_SCN_MEM_16BIT)
		strcat(szCharacteristics, "MEM_16BIT|");
	if (dwCharacteristics & IMAGE_SCN_MEM_LOCKED)
		strcat(szCharacteristics, "MEM_LOCKED|");
	if (dwCharacteristics & IMAGE_SCN_MEM_PRELOAD)
		strcat(szCharacteristics, "MEM_PRELOAD|");
	if (dwCharacteristics & IMAGE_SCN_LNK_NRELOC_OVFL)
		strcat(szCharacteristics, "LNK_NRELOC_OVFL|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_DISCARDABLE)
		strcat(szCharacteristics, "MEM_DISCARDABLE|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_NOT_CACHED)
		strcat(szCharacteristics, "MEM_NOT_CACHED|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_NOT_PAGED)
		strcat(szCharacteristics, "MEM_NOT_PAGED|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_SHARED)
		strcat(szCharacteristics, "MEM_SHARED|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_EXECUTE)
		strcat(szCharacteristics, "MEM_EXECUTE|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_READ)
		strcat(szCharacteristics, "MEM_READ|");  
	if (dwCharacteristics & IMAGE_SCN_MEM_WRITE)
		strcat(szCharacteristics, "MEM_WRITE|");    
	szCharacteristics[strlen(szCharacteristics) - 1] = ')';
	szCharacteristics[strlen(szCharacteristics)] = '';
	printf(" %s
", szCharacteristics);
}

  • 相关阅读:
    Python操作Redis的实例(七)
    Python操作Redis(六)
    Redis的数据类型之set集合,zset有序集合类型操作 (五)
    Redis的数据类型之list列表类型操作 (四)
    Redis的数据类型之hash哈希类型操作 (三)
    Redis的数据类型之String字符串类型操作(二)
    Redis基础介绍以及编译安装过程(一)
    python操作IP---IPy模块
    安装cnpm报错
    vue-cli · Failed to download repo vuejs-templates/webpack: connect ECONNREF
  • 原文地址:https://www.cnblogs.com/AlexanderZhao/p/12878956.html
Copyright © 2020-2023  润新知