PE文件解析器中打印PE文件的函数

最新推荐文章于 2024-08-21 18:16:36 发布

网安小白001

最新推荐文章于 2024-08-21 18:16:36 发布

阅读量327

点赞数 9

文章标签： c++

本文链接：https://blog.csdn.net/EVANGELION_01a/article/details/135993730

版权

这篇文章详细介绍了如何在C++中使用voidPrintPEFile函数，展示了如何遍历并打印PE文件的DOS头部、PE头部、NT头部、节表等关键部分，包括操作系统版本信息。

摘要由CSDN通过智能技术生成

void PrintPEFile(PVOID pImageBuffer)
{
	PIMAGE_DOS_HEADER pDosHeader=(PIMAGE_DOS_HEADER)pImageBuffer;
	PIMAGE_FILE_HEADER pPEHeader=(PIMAGE_FILE_HEADER)pDosHeader+(DWORD)pDosHeader->e_lfanew+4;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader=(PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+sizeof(IMAGE_FILE_HEADER));
	PIMAGE_NT_HEADERS pNTHeader=(PIMAGE_NT_HEADERS)((DWORD)pImageBuffer+pDosHeader->e_lfanew);;
	PIMAGE_SECTION_HEADER pSectionHeader=(PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
	//打印头
	cout << hex << "-----------IMAGE_DOS_HEADER_BASE---------" << endl;
	cout << hex << "|-e_magic                           = " << pDosHeader->e_magic << endl;
	cout << hex << "|-e_lfanew                          = " << pDosHeader->e_lfanew << endl;
	cout << hex << "|" << endl;
	cout << hex << "|------------------IMAGE_NT_HEADERS_BASE-----------------" << endl;
	cout << hex << "|-signature                         = " << IMAGE_NT_SIGNATURE << endl;
	cout << hex << "|" << endl;
	cout << hex << "|---------IMAGE_FILE_HEADER_BASE---------" << endl;
	cout << hex << "||-Machine                          = " << pPEHeader->Machine << endl;
	cout << hex << "||-NumberOfSections                 = " << pPEHeader->NumberOfSections << endl;
	cout << hex << "||-TimeDataStamp                    = " << pPEHeader->TimeDateStamp << endl;
	cout << hex << "||-PointerToSymbolicTable           = " << pPEHeader->PointerToSymbolTable << endl;
	cout << hex << "||-NumberOfSymbols                  = " << pPEHeader->NumberOfSymbols << endl;
	cout << hex << "||-SizeOfOptionalHeader             = " << pPEHeader->SizeOfOptionalHeader << endl;
	cout << hex << "||-Characteristics                  = " << pPEHeader->Characteristics << endl;
	cout << hex << "||" << endl;
	cout << hex << "||-----------IMAGE_OPTIONAL_HEADER---------" << endl;
	cout << hex << "||-Magic                            = " << pOptionHeader->Magic << endl;
	printf("||-MajorLinkerVersion               = %x\n", pOptionHeader->MajorLinkerVersion);
	printf("||-MinorLinkerVersion               = %x\n", pOptionHeader->MinorLinkerVersion);
	cout << hex << "||-SizeOfCode                       = " << pOptionHeader->SizeOfCode << endl;
	cout << hex << "||-SizeOfInitializedData            = " << pOptionHeader->SizeOfInitializedData << endl;
	cout << hex << "||-SizeOfUninitializedData          = " << pOptionHeader->SizeOfUninitializedData << endl;
	cout << hex << "||-AddressOfEntryPoint              = " << pOptionHeader->AddressOfEntryPoint << endl;
	cout << hex << "||-BaseOfCode                       = " << pOptionHeader->BaseOfCode << endl;
	cout << hex << "||-BaseOfData                       = " << pOptionHeader->BaseOfData << endl;
	cout << hex << "||" << endl;
	cout << hex << "||-----------NT 结构增加的领域---------" << endl;
	cout << hex << "||-ImageBase                        = " << pOptionHeader->ImageBase << endl;
	cout << hex << "||-SectionAlignment                 = " << pOptionHeader->SectionAlignment << endl;
	cout << hex << "||-FileAlignment                    = " << pOptionHeader->FileAlignment << endl;
	cout << hex << "||-MajorOperatingSystemVersion      = " << pOptionHeader->MajorOperatingSystemVersion << endl;
	cout << hex << "||-MinorOperatingSystemVersion      = " << pOptionHeader->MinorOperatingSystemVersion << endl;
	cout << hex << "||-MajorImageVersion                = " << pOptionHeader->MajorImageVersion << endl;
	cout << hex << "||-MinorImageVersion                = " << pOptionHeader->MinorImageVersion << endl;
	cout << hex << "||-MajorSubsystemVersion            = " << pOptionHeader->MajorSubsystemVersion << endl;
	cout << hex << "||-MinorSubsystemVersion            = " << pOptionHeader->MinorSubsystemVersion << endl;
	cout << hex << "||-Win32VersionValue                = " << pOptionHeader->Win32VersionValue << endl;
	cout << hex << "||-SizeOfImage                      = " << pOptionHeader->SizeOfImage << endl;
	cout << hex << "||-SizeOfHeaders                    = " << pOptionHeader->SizeOfHeaders << endl;
	cout << hex << "||-CheckSum                         = " << pOptionHeader->CheckSum << endl;
	cout << hex << "||-Subsystem                        = " << pOptionHeader->Subsystem << endl;
	cout << hex << "||-DllCharacteristics               = " << pOptionHeader->DllCharacteristics << endl;
	cout << hex << "||-SizeOfStackReserve               = " << pOptionHeader->SizeOfStackReserve << endl;
	cout << hex << "||-SizeOfStackCommit                = " << pOptionHeader->SizeOfStackCommit << endl;
	cout << hex << "||-SizeOfHeapReserve                = " << pOptionHeader->SizeOfHeapReserve << endl;
	cout << hex << "||-SizeOfHeapCommit                 = " << pOptionHeader->SizeOfHeapCommit << endl;
	cout << hex << "||-LoaderFlags                      = " << pOptionHeader->LoaderFlags << endl;
	cout << hex << "||-NumberOfRvaAndSizes              = " << pOptionHeader->NumberOfRvaAndSizes << endl;
	cout << hex << "|" << endl;
	cout << hex << "|-------PE结构大小----------------------" << endl;
	cout << hex << "|-sizeof(IMAGE_DOS_HEADER)          = " << sizeof(IMAGE_DOS_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_FILE_HEADER)         = " << sizeof(IMAGE_FILE_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_OPTIONAL_HEADER)     = " << sizeof(IMAGE_OPTIONAL_HEADER) << endl;
	cout << hex << "|-realSizeof(IMAGE_OPTIONAL_HEADER) = " << sizeof(IMAGE_OPTIONAL_HEADER) << endl;
	cout << hex << "|-sizeof(IMAGE_NT_HEADERS)          = " << sizeof(IMAGE_NT_HEADERS) << endl;
	cout << hex << "|" << endl;
	cout << hex << "|-------文件中PE头基址----------------------" << endl;
	cout << hex << "|-IMAGE_DOS_HEADER_BASE             = " << (void*)((BYTE*)pDosHeader - (BYTE*)pDosHeader) << endl;
	cout << hex << "|-IMAGE_NT_HEADERS_BASE             = " << (void*)((BYTE*)pNTHeader - (BYTE*)pDosHeader) << endl;
	cout << hex << "|-IMAGE_FILE_HEADER_BASE            = " << (void*)((BYTE*)pPEHeader - (BYTE*)pDosHeader) << endl;
	cout << hex << "|-IMAGE_OPTIONAL_HEADER_BASE        = " << (void*)((BYTE*)pOptionHeader - (BYTE*)pDosHeader) << endl;
	cout << hex << "|" << endl;
	//打印节表
	for(int i=0;i<pPEHeader->NumberOfSections;i++)
	{
		void* position=pSectionHeader+i*IMAGE_SIZEOF_SECTION_HEADER;
		cout << hex << "|----------------------------------------" << endl;
	    cout << hex << "|---------------节表" << i + 1 << "--------------" << endl;
	    cout << hex << "||-SectionName               = " << pSectionHeader->Name << endl;
	    cout << hex << "||-BaseAddress               = " << (void*)((char*)position - (char*)pDosHeader) << endl;
	    cout << hex << "||-MemoryBaseAddress         = " << (void*)(char*)position << endl;
	    printf("||-VirtualSize               = %x\n", pSectionHeader->Misc);
	    cout << hex << "||-VirtualAddress            = " << pSectionHeader->VirtualAddress << endl;
	    cout << hex << "||-SizeOfRawData             = " << pSectionHeader->SizeOfRawData << endl;
	    cout << hex << "||-PointerToRawData          = " << pSectionHeader->PointerToRawData << endl;
	    cout << hex << "||-PointerToRelocations      = " << pSectionHeader->PointerToRelocations << endl;
	    cout << hex << "||-PointerToLinenumbers      = " << pSectionHeader->PointerToLinenumbers << endl;
	    cout << hex << "||-NumberOfRelocation        = " << pSectionHeader->NumberOfRelocations << endl;
	    cout << hex << "||-NumberOfLinenumbers       = " << pSectionHeader->NumberOfLinenumbers << endl;
	    cout << hex << "||-Characteristics           = " << pSectionHeader->Characteristics << endl;
	}
}

由于使用了cout、hex函数，所以需要调用头文件<iostream>。