pe.cpp

原理：对Pe文件的.data节

// PE.cpp: implementation of the CPE class.
//
//////////////////////////////////////////////////////////////////////

#include "stdafx.h"
#include "PE.h""
#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
void CPE::OnInitPE(CString strfilename)
//初始化dosHeader,pImageBase,pNTHeader,pImageFileHeader,pImageOptionalHeader
{
	strfilename.Replace("\\","\\\\");
	hFile =::CreateFile(strfilename, GENERIC_READ|GENERIC_WRITE, 0, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	ASSERT(hFile);
	hFileMapping = ::CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
	ASSERT(hFileMapping);
	g_pMappedFileBase = (PBYTE)::MapViewOfFile(hFileMapping,FILE_MAP_WRITE,0,0,0);
	ASSERT(g_pMappedFileBase);
	dosHeader = (PIMAGE_DOS_HEADER)g_pMappedFileBase;//指向dosHeader的指针
	pImageBase = (PBYTE)dosHeader;//pImageBase等于dosHeader
    pNTHeader = MakePtr( PIMAGE_NT_HEADERS, dosHeader,
                                dosHeader->e_lfanew );//指向pNTHeader的指针
	pImageFileHeader=(PIMAGE_FILE_HEADER)&pNTHeader->FileHeader;//指向pImageFileHeader的指针
	pImageOptionalHeader=&pNTHeader->OptionalHeader;//指向pImageOptionalHeader的指针
	CalculateNumberOfSection();
}
CPE::CPE()
{
	
}

CPE::~CPE()
{

}
bool CPE::CheckIfValidPE()
{
	if(dosHeader->e_magic!=IMAGE_DOS_SIGNATURE)
	{
		AfxMessageBox("不是有效的PE文件格式");
        return false;
	}
	else
	{
	   ASSERT(pNTHeader);
	   if ( pNTHeader->Signature != IMAGE_NT_SIGNATURE )
         {
           AfxMessageBox("不是有效的PE文件格式");
           return false;
         }
	   else
	     {
		return true;
	     }
	}
}
void CPE::GetImportRVA()
{
	importsStartRVA=pImageOptionalHeader->DataDirectory[1].VirtualAddress;
}

void CPE::CalculateDelta()
{
	PIMAGE_SECTION_HEADER section=MakePtr(PIMAGE_SECTION_HEADER,pImageOptionalHeader,pImageFileHeader->SizeOfOptionalHeader);
	PIMAGE_SECTION_HEADER pSectionHdr=section;
	PIMAGE_SECTION_HEADER pSection;
	unsigned cSections=pImageFileHeader->NumberOfSections;//section的数目
	unsigned j;
	for ( j=0; cSections; j++, pSectionHdr++ )//cSection已定义
    {
		DWORD size = pSectionHdr->Misc.VirtualSize;
		if ( 0 == size )
			size = pSectionHdr->SizeOfRawData;
        if ( (importsStartRVA >= pSectionHdr->VirtualAddress) && 
             (importsStartRVA < (pSectionHdr->VirtualAddress + size)))
		{
			pSection=pSectionHdr;
		    break;
		}
    }
	delta = (UINT)(pSection->VirtualAddress-pSection->PointerToRawData);
	//ASSERT(delta);注意在pe文件中delta可以为0。
}
void CPE::GetImportDest()
{
	pImageBase = (PBYTE)dosHeader;
	DWORD rva=pImageOptionalHeader->DataDirectory[1].VirtualAddress;
	pImportDest = (PIMAGE_IMPORT_DESCRIPTOR)(PVOID)(pImageBase + rva - delta );
	ASSERT(pImportDest);
}
void CPE::GetEntryPoint()
{
	AddressOfEntryPoint=pImageOptionalHeader->AddressOfEntryPoint;
}
bool CPE::CheckifDLL()
{
	if((pNTHeader->FileHeader.Characteristics&IMAGE_FILE_DLL)==IMAGE_FILE_DLL)
	{
		return(TRUE);
	}
	return(FALSE);
}
void CPE::CalculateNumberOfSection()
{
	NumberOfSection=pImageFileHeader->NumberOfSections;
}

void CPE::CloseHandleOfPe()
{
   UnmapViewOfFile(g_pMappedFileBase);
   CloseHandle(hFileMapping);
   CloseHandle(hFile);
}
CString CPE::GetSectionName(PIMAGE_SECTION_HEADER pSection)
{
	CString SectionName=pSection->Name;
	return SectionName;
}
void CPE::GetPoniterToSection()
{
	pSection=MakePtr(PIMAGE_SECTION_HEADER,pImageOptionalHeader,pImageFileHeader->SizeOfOptionalHeader);
}