我试验过了,可以运行。实际上只要掌握了PE文件结构,这两种方法还是不难理解的。呵呵。。。。这两段代码是一本书上的(windows捆绑编程),我给搬过来,呵呵。。。
BOOL ReadOEPByFile(LPCSTR szFileName)
{
HANDLE hFile;
hFile = ::CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0);
if (INVALID_HANDLE_VALUE == hFile)
{
printf("can't open the file. /n");
return FALSE;
}
DWORD dwOEP;
DWORD cbRead;
IMAGE_DOS_HEADER dos_head[sizeof(IMAGE_DOS_HEADER )];
if(!ReadFile(hFile, dos_head, sizeof(IMAGE_DOS_HEADER), &cbRead, NULL))
{
printf("read image_dos_head failed/n");
CloseHandle(hFile);
return FALSE;
}
int nEntryPos = dos_head->e_lfanew + 40;
SetFilePointer(hFile, nEntryPos, NULL, FILE_BEGIN);
if(!ReadFile(hFile, &dwOEP, sizeof(dwOEP), &cbRead, NULL))
{
printf("read OEP failed/n");
CloseHandle(hFile);
return FALSE;
}
CloseHandle(hFile);
printf("OEP by file : %d/n", dwOEP);
return TRUE;
}
BOOL ReadOEPByMemory(LPCSTR szFileName)
{
HANDLE hFile;
HANDLE hMapping;
void* basepointer;
struct PE_HEAD_MAP
{
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header[6];
};
PE_HEAD_MAP* header;
hFile = ::CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0);
if (INVALID_HANDLE_VALUE == hFile)
{
printf("can't open the file. /n");
return FALSE;
}
hMapping = ::CreateFileMapping(hFile, NULL, PAGE_READONLY | SEC_COMMIT, 0, 0, 0);
if(!hMapping)
{
printf("mapping failed/n");
CloseHandle(hFile);
return FALSE;
}
basepointer = ::MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
if (!basepointer)
{
printf("MapViewOfFile failed/n");
CloseHandle(hFile);
CloseHandle(hMapping);
return FALSE;
}
IMAGE_DOS_HEADER* dos_head = (IMAGE_DOS_HEADER*)basepointer;
header = (PE_HEAD_MAP*)( (char*)dos_head + dos_head->e_lfanew );
DWORD dwOEP = header->opt_head.AddressOfEntryPoint;
::UnmapViewOfFile(basepointer);
CloseHandle(hFile);
CloseHandle(hMapping);
printf("OEP by memory : %d/n", dwOEP);
return TRUE;
}