滴水逆向-打印数据目录

核心代码部分

//简单打印可选PE头的数据目录

VOID FileBufferPrintDataDirectory(IN LPVOID pFileBuffer)
{
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_NT_HEADERS pNTHeader = NULL;
    PIMAGE_FILE_HEADER pPEHeader = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;
    PIMAGE_DATA_DIRECTORY pDataDirectory = NULL;

    if (pFileBuffer == NULL)
    {
        printf("FileBuffer 获取失败!
");
        return;
    }

    //判断是否是有效的MZ标志
    if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE)
    {
        printf("无效的MZ标识
");
        return;
    }
    pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;

    //判断是否是有效的PE标志
    if (*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE)
    {
        printf("无效的PE标记
");
        return;
    }
    //定位NT头
    pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
    pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
    //	pDataDirectory = PIMAGE_DATA_DIRECTORY((&pOptionHeader->NumberOfRvaAndSizes + 1));
    pDataDirectory = pOptionHeader->DataDirectory;
    printf("		 RVA		 大小
");

    //打印相关信息测试
    //#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16

    //下面是一种粗糙的遍历写法；
    /*
    for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++,pDataDirectory++)
    {
        printf("%#08X 
",pDataDirectory->VirtualAddress);
        printf("%#08X 
",pDataDirectory->Size);
    }
    */

    for (DWORD i = 0; i< IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
    {
       DirectoryString(i);
       printf("%08X	%08X
",pDataDirectory[i].VirtualAddress,pDataDirectory[i].Size);
    }
    
    return;
}

VOID DirectoryString(DWORD dwIndex)
{
    switch(dwIndex)
    {
    case 0:
        printf("输出表:		");
        break;
    case 1:
        printf("输入表:		");
        break;
    case 2:
        printf("资源:		");
        break;
    case 3:
        printf("异常:		");
        break;
    case 4:
        printf("安全:		");
        break;
    case 5:
        printf("重定位:		");
        break;
    case 6:
        printf("调试:		");
        break;
    case 7:
        printf("版权:		");
        break;
    case 8:
        printf("全局指针:	");
        break;
    case 9:
        printf("TLS表:		");
        break;
    case 10:
        printf("载入配置:	");
        break;
    case 11:
        printf("输入范围:	");
        break;
    case 12:
        printf("IAT:		");
        break;
    case 13:
        printf("延时输入	");
        break;
    case 14:
        printf("COM:		");
        break;
    case 15:
        printf("保留:		");
        break;
    }
}

上述代码定义好头文件，然后在main入口调用即可，下面是执行后的效果；