C语言读取PE文件信息(1)
接下来的内容来源于对该博客文章http://www.pediy.com/kssd/pediy06/pediy7006.htm的解析。
一、打印Sections信息。下面的程序打印出Windows_Graphics_Programming 1.1中第三个程序“Hello World Version 3:Create a Full-Screen Window"生成的可执行文件的Sections结构字节的信息
1 #include<stdio.h> 2 #include<windows.h> 3 4 char *strPath="C:/c1_hwv3/Debug/c1_hwv3.exe"; 5 6 int main() 7 { 8 IMAGE_DOS_HEADER myDosHeader; 9 LONG e_lfanew; 10 FILE *pFile; 11 pFile=fopen(strPath,"rb+"); 12 13 fread(&myDosHeader,sizeof(IMAGE_DOS_HEADER),1,pFile); 14 e_lfanew=myDosHeader.e_lfanew; 15 16 IMAGE_FILE_HEADER myFileHeader; 17 int nSectionCount; 18 19 fseek(pFile,(e_lfanew+sizeof(DWORD)),SEEK_SET); 20 fread(&myFileHeader,sizeof(IMAGE_FILE_HEADER),1,pFile); 21 nSectionCount=myFileHeader.NumberOfSections; 22 23 IMAGE_SECTION_HEADER *pmySectionHeader= 24 (IMAGE_SECTION_HEADER *)calloc(nSectionCount,sizeof(IMAGE_SECTION_HEADER)); 25 fseek(pFile,(e_lfanew+sizeof(IMAGE_NT_HEADERS)),SEEK_SET); 26 fread(pmySectionHeader,sizeof(IMAGE_SECTION_HEADER),nSectionCount,pFile); 27 28 for(int i=0;i<nSectionCount;i++,pmySectionHeader++) 29 { 30 printf("Name: %s\n", pmySectionHeader->Name); 31 printf("union_PhysicalAddress: %08x\n", pmySectionHeader->Misc.PhysicalAddress); 32 printf("union_VirtualSize: %04x\n", pmySectionHeader->Misc.VirtualSize); 33 printf("VirtualAddress: %08x\n", pmySectionHeader->VirtualAddress); 34 printf("SizeOfRawData: %08x\n", pmySectionHeader->SizeOfRawData); 35 printf("PointerToRawData: %04x\n", pmySectionHeader->PointerToRawData); 36 printf("PointerToRelocations: %04x\n", pmySectionHeader->PointerToRelocations); 37 printf("PointerToLinenumbers: %04x\n", pmySectionHeader->PointerToLinenumbers); 38 printf("NumberOfRelocations: %04x\n", pmySectionHeader->NumberOfRelocations); 39 printf("NumberOfLinenumbers: %04x\n", pmySectionHeader->NumberOfLinenumbers); 40 printf("Charateristics: %04x\n", pmySectionHeader->Characteristics); 41 } 42 // pmySectionHeader-=m_nSectionCount; 43 44 if(pmySectionHeader!=NULL) 45 { 46 free(pmySectionHeader); 47 pmySectionHeader=NULL; 48 } 49 50 fclose(pFile); 51 return 0; 52 }
运行程序打印出如下信息
|
Name: .text union_PhysicalAddress: 00022350 union_VirtualSize: 22350 VirtualAddress: 00001000 SizeOfRawData: 00023000 PointerToRawData: 1000 PointerToRelocations: 0000 PointerToLinenumbers: 0000 NumberOfRelocations: 0000 NumberOfLinenumbers: 0000 Charateristics: 60000020 Name: .rdata union_PhysicalAddress: 00001615 union_VirtualSize: 1615 VirtualAddress: 00024000 SizeOfRawData: 00002000 PointerToRawData: 24000 PointerToRelocations: 0000 PointerToLinenumbers: 0000 NumberOfRelocations: 0000 NumberOfLinenumbers: 0000 Charateristics: 40000040 Name: .data union_PhysicalAddress: 00005650 union_VirtualSize: 5650 VirtualAddress: 00026000 SizeOfRawData: 00004000 PointerToRawData: 26000 PointerToRelocations: 0000 PointerToLinenumbers: 0000 NumberOfRelocations: 0000 NumberOfLinenumbers: 0000 Charateristics: c0000040 Name: .idata union_PhysicalAddress: 00000b23 union_VirtualSize: 0b23 VirtualAddress: 0002c000 SizeOfRawData: 00001000 PointerToRawData: 2a000 PointerToRelocations: 0000 PointerToLinenumbers: 0000 NumberOfRelocations: 0000 NumberOfLinenumbers: 0000 Charateristics: c0000040 Name: .reloc union_PhysicalAddress: 00000f00 union_VirtualSize: 0f00 VirtualAddress: 0002d000 SizeOfRawData: 00001000 PointerToRawData: 2b000 PointerToRelocations: 0000 PointerToLinenumbers: 0000 NumberOfRelocations: 0000 NumberOfLinenumbers: 0000 Charateristics: 42000040 |
pe文件结构图: