一、打印Sections信息。下面的程序打印出Windows_Graphics_Programming 1.1中第三個程序“Hello World Version 3:Create a Full-Screen Window"生成的可執行文件的Sections結構字節的信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#include<stdio.h>#include<windows.h>char *strPath="C:/c1_hwv3/Debug/c1_hwv3.exe";int main(){ IMAGE_DOS_HEADER myDosHeader; LONG e_lfanew; FILE *pFile; pFile=fopen(strPath,"rb+"); fread(&myDosHeader,sizeof(IMAGE_DOS_HEADER),1,pFile); e_lfanew=myDosHeader.e_lfanew; IMAGE_FILE_HEADER myFileHeader; int nSectionCount; fseek(pFile,(e_lfanew+sizeof(DWORD)),SEEK_SET); fread(&myFileHeader,sizeof(IMAGE_FILE_HEADER),1,pFile); nSectionCount=myFileHeader.NumberOfSections; IMAGE_SECTION_HEADER *pmySectionHeader= (IMAGE_SECTION_HEADER *)calloc(nSectionCount,sizeof(IMAGE_SECTION_HEADER)); fseek(pFile,(e_lfanew+sizeof(IMAGE_NT_HEADERS)),SEEK_SET); fread(pmySectionHeader,sizeof(IMAGE_SECTION_HEADER),nSectionCount,pFile); for(int i=0;i<nSectionCount;i++,pmySectionHeader++) { printf("Name: %s\n", pmySectionHeader->Name); printf("union_PhysicalAddress: %08x\n", pmySectionHeader->Misc.PhysicalAddress); printf("union_VirtualSize: %04x\n", pmySectionHeader->Misc.VirtualSize); printf("VirtualAddress: %08x\n", pmySectionHeader->VirtualAddress); printf("SizeOfRawData: %08x\n", pmySectionHeader->SizeOfRawData); printf("PointerToRawData: %04x\n", pmySectionHeader->PointerToRawData); printf("PointerToRelocations: %04x\n", pmySectionHeader->PointerToRelocations); printf("PointerToLinenumbers: %04x\n", pmySectionHeader->PointerToLinenumbers); printf("NumberOfRelocations: %04x\n", pmySectionHeader->NumberOfRelocations); printf("NumberOfLinenumbers: %04x\n", pmySectionHeader->NumberOfLinenumbers); printf("Charateristics: %04x\n", pmySectionHeader->Characteristics); }// pmySectionHeader-=m_nSectionCount; if(pmySectionHeader!=NULL) { free(pmySectionHeader); pmySectionHeader=NULL; } fclose(pFile); return 0;} |
運行程序打印出如下信息
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Name: .textunion_PhysicalAddress: 00022350union_VirtualSize: 22350VirtualAddress: 00001000SizeOfRawData: 00023000PointerToRawData: 1000PointerToRelocations: 0000PointerToLinenumbers: 0000NumberOfRelocations: 0000NumberOfLinenumbers: 0000Charateristics: 60000020Name: .rdataunion_PhysicalAddress: 00001615union_VirtualSize: 1615VirtualAddress: 00024000SizeOfRawData: 00002000PointerToRawData: 24000PointerToRelocations: 0000PointerToLinenumbers: 0000NumberOfRelocations: 0000NumberOfLinenumbers: 0000Charateristics: 40000040Name: .dataunion_PhysicalAddress: 00005650union_VirtualSize: 5650VirtualAddress: 00026000SizeOfRawData: 00004000PointerToRawData: 26000PointerToRelocations: 0000PointerToLinenumbers: 0000NumberOfRelocations: 0000NumberOfLinenumbers: 0000Charateristics: c0000040Name: .idataunion_PhysicalAddress: 00000b23union_VirtualSize: 0b23VirtualAddress: 0002c000SizeOfRawData: 00001000PointerToRawData: 2a000PointerToRelocations: 0000PointerToLinenumbers: 0000NumberOfRelocations: 0000NumberOfLinenumbers: 0000Charateristics: c0000040Name: .relocunion_PhysicalAddress: 00000f00union_VirtualSize: 0f00VirtualAddress: 0002d000SizeOfRawData: 00001000PointerToRawData: 2b000PointerToRelocations: 0000PointerToLinenumbers: 0000NumberOfRelocations: 0000NumberOfLinenumbers: 0000Charateristics: 42000040 |
pe文件結構圖:
時間,時間,會給我答案 time will give me the answer
再給大家分享一則
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#include <windows.h>#include <stdio.h>#define MAX_SECTION_NUM 16#define MAX_IMPDESC_NUM 64 HANDLE hHeap;PIMAGE_DOS_HEADER pDosHeader;PCHAR pDosStub;DWORD dwDosStubSize;DWORD dwDosStubOffset;PIMAGE_NT_HEADERS pNtHeaders;PIMAGE_FILE_HEADER pFileHeader;PIMAGE_OPTIONAL_HEADER32 pOptHeader;PIMAGE_SECTION_HEADER pSecHeaders;PIMAGE_SECTION_HEADER pSecHeader[MAX_SECTION_NUM];WORD wSecNum;PBYTE pSecData[MAX_SECTION_NUM];DWORD dwSecSize[MAX_SECTION_NUM];DWORD dwFileSize; { // 請在這里填入你的代碼 DWORD dwBase; dwBase = (DWORD)hd; pDosHeader = (PIMAGE_DOS_HEADER)dwBase; pNtHeaders = (PIMAGE_NT_HEADERS)(dwBase + pDosHeader->e_lfanew); pOptHeader = &(pNtHeaders->OptionalHeader); pFileHeader = &(pNtHeaders->FileHeader); printf("Address Of Entry Point: 0x%08x\n", pOptHeader->AddressOfEntryPoint); printf("ImageBase: 0x%08x\n", pOptHeader->ImageBase); printf("Number Of Sections: %d\n", pFileHeader->NumberOfSections); printf("Size Of Image: 0x%04x\n", pOptHeader->SizeOfImage); return;} int main(int argc, char *argv[]){ DWORD pid = 0; pid=atoi(argv[1]); HANDLE hd=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid); LPCSTR lpszFileName = "hello.exe"; LPCSTR lpszInjFileName = "hello_inj0.exe"; OutputPEInMem(hd); hHeap = GetProcessHeap(); if (! CopyPEFileToMem(lpszFileName)) { return 1; } return 0;} |
