核心代码部分
//简单打印可选PE头的数据目录
VOID FileBufferPrintDataDirectory(IN LPVOID pFileBuffer)
{
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
PIMAGE_DATA_DIRECTORY pDataDirectory = NULL;
if (pFileBuffer == NULL)
{
printf("FileBuffer 获取失败!
");
return;
}
//判断是否是有效的MZ标志
if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE)
{
printf("无效的MZ标识
");
return;
}
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
//判断是否是有效的PE标志
if (*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE)
{
printf("无效的PE标记
");
return;
}
//定位NT头
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
// pDataDirectory = PIMAGE_DATA_DIRECTORY((&pOptionHeader->NumberOfRvaAndSizes + 1));
pDataDirectory = pOptionHeader->DataDirectory;
printf(" RVA 大小
");
//打印相关信息测试
//#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
//下面是一种粗糙的遍历写法;
/*
for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++,pDataDirectory++)
{
printf("%#08X
",pDataDirectory->VirtualAddress);
printf("%#08X
",pDataDirectory->Size);
}
*/
for (DWORD i = 0; i< IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++)
{
DirectoryString(i);
printf("%08X %08X
",pDataDirectory[i].VirtualAddress,pDataDirectory[i].Size);
}
return;
}
VOID DirectoryString(DWORD dwIndex)
{
switch(dwIndex)
{
case 0:
printf("输出表: ");
break;
case 1:
printf("输入表: ");
break;
case 2:
printf("资源: ");
break;
case 3:
printf("异常: ");
break;
case 4:
printf("安全: ");
break;
case 5:
printf("重定位: ");
break;
case 6:
printf("调试: ");
break;
case 7:
printf("版权: ");
break;
case 8:
printf("全局指针: ");
break;
case 9:
printf("TLS表: ");
break;
case 10:
printf("载入配置: ");
break;
case 11:
printf("输入范围: ");
break;
case 12:
printf("IAT: ");
break;
case 13:
printf("延时输入 ");
break;
case 14:
printf("COM: ");
break;
case 15:
printf("保留: ");
break;
}
}
上述代码定义好头文件,然后在main入口调用即可,下面是执行后的效果;