// MyTestPE.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include <windows.h>
#include "winnt.h"
#include <tchar.h>
#include <iostream>
#include <string>
using namespace std;
//本程序实现打印出PE文件的段信息
/
PIMAGE_DOS_HEADER pDosHeader;
PIMAGE_NT_HEADERS pPEHeader;
PIMAGE_SECTION_HEADER pSectionHeader;
PIMAGE_DATA_DIRECTORY pDataDirectory;
PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
PIMAGE_EXPORT_DIRECTORY pExportDirectory;
PIMAGE_THUNK_DATA pThunkData;
PIMAGE_IMPORT_BY_NAME pImportByName;
//定义了文件结构
int size =1024;
DWORD dwBytesRead=1024;
void GetInfo(string FileName)
{
HANDLE h_File;
char* pbuff = new char[size];
//(LPCTSTR )FileName.c_str(),_T("d://in.txt")
h_File = CreateFile(_T("d://reverseMe.exe"),GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); //文件名的转化不懂
if (h_File==INVALID_HANDLE_VALUE) //这里这样传文件名和路径的时候打开出错,先写死了在说
{
cout<<"打开文件失败!";
system("pause");
return ;
}
else cout<<"文件成功打开!"<<endl;
if (ReadFile(h_File,pbuff,size,&dwBytesRead,NULL))
{
cout<<"读取文件成功!"<<endl;
}
else
{
CloseHandle(h_File); //必须要文件关闭句柄
cout<<endl<<"成功关闭了文件的句柄!";
system("pause");
return;
}
//
//这里放置真正的分析程序;
pDosHeader = PIMAGE_DOS_HEADER(pbuff);
if ( pDosHeader->e_magic==IMAGE_DOS_SIGNATURE) //验证DOS头部的正确性。
{
cout<<"DOS 头部正确!"<<endl;
pPEHeader=(PIMAGE_NT_HEADERS)(pbuff+pDosHeader->e_lfanew);
if( pPEHeader->Signature==IMAGE_NT_SIGNATURE)
{
cout<<"此文件为PE文件!"<<endl;
cout<<"PE文件块数:"<<pPEHeader->FileHeader.NumberOfSections<<endl;
cout<<"文件信息标志:"<<pPEHeader->FileHeader.Characteristics<<endl;
cout<<"程序入口地址:"<<pPEHeader->OptionalHeader.AddressOfEntryPoint<<endl;
cout<<"文件创建时间:"<<pPEHeader->FileHeader.TimeDateStamp<<endl;
}
else
{
cout<<"不为PE文件!"<<endl;
CloseHandle(h_File); //必须要文件关闭句柄
cout<<endl<<"成功关闭了文件的句柄!";
system("pause");
return;
}
}
else
{
cout<<"DOS 头部不正确"<<endl;
CloseHandle(h_File); //必须要文件关闭句柄
cout<<endl<<"成功关闭了文件的句柄!";
system("pause");
return;
}
//
CloseHandle(h_File); //必须要文件关闭句柄
cout<<endl<<"成功关闭了文件的句柄!";
}
int main()
{
string FileName_in;
//cout<<"请输入要分析文件的完整路径:";
//cin>>FileName_in;
GetInfo(FileName_in); //将要打开的文件的路径传过去
return 0;
}