📄 pe.h
字号:
#ifndef PE_H
#define PE_H
#include <stdio.h>
#include <time.h>
#define IMAGE_DOS_SIGNATURE 0x5A4D /* "MZ" */
#define IMAGE_NT_SIGNATURE 0x00004550 /* "PE\0\0" */
/* CPU Indentifers */
#define IMAGE_FILE_MACHINE_UNKNOWN 0
#define IMAGE_FILE_MACHINE_I386 0x014C /* Intel 386 */
#define IMAGE_FILE_MACHINE_R3000 0x0162 /* MIPS little-endian */
#define IMAGE_FILE_MACHINE_R3000 0x0162 /* MIPS little-endian, 0x160 big-endian */
#define IMAGE_FILE_MACHINE_R4000 0x0166 /* MIPS little-endian */
#define IMAGE_FILE_MACHINE_R10000 0x0168 /* MIPS little-endian */
#define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 /* MIPS little-endian WCE v2 */
#define IMAGE_FILE_MACHINE_ALPHA 0x0184 /* Alpha_AXP */
#define IMAGE_FILE_MACHINE_POWERPC 0x01F0 /* IBM PowerPC Little-Endian */
#define IMAGE_FILE_MACHINE_SH3 0x01a2 /* SH3 little-endian */
#define IMAGE_FILE_MACHINE_SH3E 0x01a4 /* SH3E little-endian */
#define IMAGE_FILE_MACHINE_SH4 0x01a6 /* SH4 little-endian */
#define IMAGE_FILE_MACHINE_ARM 0x01c0 /* ARM Little-Endian */
#define IMAGE_FILE_MACHINE_THUMB 0x01c2 /* */
#define IMAGE_FILE_MACHINE_IA64 0x0200 /* Intel 64 */
#define IMAGE_FILE_MACHINE_MIPS16 0x0266 /* MIPS */
#define IMAGE_FILE_MACHINE_MIPSFPU 0x0366 /* MIPS */
#define IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 /* MIPS */
#define IMAGE_FILE_MACHINE_ALPHA64 0x0284 /* ALPHA64 */
#define IMAGE_FILE_MACHINE_AXP64 IMAGE_FILE_MACHINE_ALPHA64
/* File Header Characteristics */
#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 /* If set then this image must be loaded to the image base */
#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 /* A executable exe file */
#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 /* COFF line number has been removed */
#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 /* Local symbols has been removed in COFF symbol table */
#define IMAGE_FILE_AGGRESSIVE_WS_TRIM 0x0010 /* obsolete */
#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 /* Address > 2GB can be manipulated */
#define IMAGE_FILE_RESERVED 0x0040 /* Reserved */
#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 /* Little-Endian obsolete */
#define IMAGE_FILE_32BIT_MACHINE 0x0100 /* 32 bits system */
#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 /* DEBUG Information has been removed */
#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x400 /* If this Image on a removable median then load and copy */
#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 /* If this image on network then load and copy to swap file */
#define IMAGE_FILE_SYSTEM 0x1000 /* This image is a system rather than a user file */
#define IMAGE_FILE_DLL 0x2000 /* A Dll rahter than Exe File */
#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 /* Single CPU Only */
#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 /* Big-Endian */
/* Optional Header Magic Number */
#define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10B /* Normal Executable Image */
#define IMAGE_NT_OPTIONAL_HDR64_MAGIC 0x20B /* PE32+ Image */
#define IMAGE_ROM_OPTIONAL_HDR_MAGIC 0x107 /* A ROM Image */
/* Sub System */
#define IMAGE_SUBSYSTEM_UNKNOWN 0 /* Unknown subsystem */
#define IMAGE_SUBSYSTEM_NATIVE 1 /* Image doesn't require a subsystem */
#define IMAGE_SUBSYSTEM_WINDOWS_GUI 2 /* Image runs in the Windows GUI subsystem */
#define IMAGE_SUBSYSTEM_WINDOWS_CUI 3 /* Image runs in the Windows character subsystem */
#define IMAGE_SUBSYSTEM_OS2_CUI 5 /* Image runs in the OS/2 character subsystem */
#define IMAGE_SUBSYSTEM_POSIX_CUI 7 /* Image runs in the Posix character subsystem */
#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 /* Image runs in the Windows CE subsystem */
#define IMAGE_SUBSYSTEM_EFI_APPLICATION 10 /* EFI Application */
#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 /* Bootable EFI Driver */
#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 /* Runtime EFI Driver */
#define IMAGE_SUBSYSTEM_EFI_ROM 13 /* EFI ROM */
#define IMAGE_SUBSYSTEM_XBOX 14 /* XBOX */
/* Dll Characteristics Entries */
#define IMAGE_DLLCHARACTERISTICS_RESERVE1 0x0001 /* Reserved1 */
#define IMAGE_DLLCHARACTERISTICS_RESERVE2 0x0002 /* Reserved2 */
#define IMAGE_DLLCHARACTERISTICS_RESERVE3 0x0004 /* Reserved3 */
#define IMAGE_DLLCHARACTERISTICS_RESERVE4 0x0008 /* Reserved4 */
#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 /* Dll Can be Relocated */
#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080 /* Code Integrity Check */
#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 /* Image campatable with NX */
#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION 0x0200 /* Can be Isolated */
#define IMAGE_DLLCHARACTERISTICS_NO_SEH 0x0400 /* Can't Use SEH */
#define IMAGE_DLLCHARACTERISTICS_NO_BIND 0x0800 /* No Binding */
#define IMAGE_DLLCHARACTERISTICS_RESERVE5 0x1000 /* Reserved 5 Must be Zero */
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER 0x2000 /* WDM Driver */
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000 /* Can be used on Termial server */
/* Data Directory Entries */
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16 /* Number of Directory Entries */
#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 /* Export Directory */
#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 /* Import Directory */
#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 /* Resource Directory */
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 /* Exception Directory */
#define IMAGE_DIRECTORY_ENTRY_CERTIFICATE 4 /* Certificate, FilePtr not RAV */
#define IMAGE_DIRECTORY_ENTRY_BASE_RELOCATION 5 /* Base Relocation Directory */
#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 /* Debug Directory */
#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 /* Architecture must be zero */
#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 /* RAV of Global Prt Must be Zero */
#define IMAGE_DIRECTORY_ENTRY_TLS 9 /* TLS Table of Line Thread table */
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 /* Load Config Directory */
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 /* Bound Import Directory */
#define IMAGE_DIRECTORY_ENTRY_IAT 12 /* Import Address Diretory */
#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 /* Delay Import Directory */
#define IMAGE_DIRECTORY_ENTRY_CLR_RUNTIME 14 /* CLR Runtime Directory */
#define IMAGE_DIRECTORY_ENTRY_RESERVE 15 /* Reserved Must be Zero */
/* Section Header */
#define IMAGE_SIZEOF_SHORT_NAME 8 /* Section Name Size */
typedef char BYTE;
typedef unsigned int DWORD;
typedef unsigned short WORD;
typedef unsigned long LONG;
typedef struct _IMAGE_DOS_HEADER
{
WORD MagicNumber; /* Magic Number must be "MZ" */
WORD BytesLPF; /* Byte on last page of file */
WORD Pages; /* Pages in file */
WORD Relocations; /* Relocations */
WORD HeaderSize; /* Size of header in paragraphs */
WORD MinParagraphs; /* Minimum extra paragraphs needed */
WORD MaxParagraphs; /* Maximum extra paragraphs needed */
WORD RegisterSS; /* Initial (relative) SS value */
WORD RegisterSP; /* Initial SP value */
WORD Checksum; /* CheckSum */
WORD RegisterIP; /* Initial IP value */
WORD RegisterCS; /* Initial (relative) CS value */
WORD RelocationTable; /* File address of relocation table */
WORD OverlayNumber; /* Overlay Number */
WORD Reserved[4]; /* Reserved words */
WORD OEMIdentifier; /* OEM indentifier */
WORD OEMInformation; /* OEM information */
WORD Reserved2[10]; /* Reserved words */
WORD PEHeader; /* File Address of new exe header */
} IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
typedef struct _IMAGE_FILE_HEADER
{
WORD Machine; /* CPU Indentifer */
WORD NumberOfSections; /* Number of sections */
DWORD TimeDateStamp; /* Time linker create this file */
DWORD PointerToSymbolTable; /* Pointer to Symbol Table */
DWORD NumberOfSymbols; /* Number of Symbols */
WORD SizeOfOptionalHeader; /* Size of Optional Header */
WORD Characteristics; /* Some Important characteristics */
} IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
typedef struct _IMAGE_DATA_DIRECTORY
{
DWORD VirtualAddress; /* RAV To the ImageBase */
WORD Size; /* Table Size bytes */
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRCETORY;
typedef struct _IMAGE_OPTIONAL_HEADER
{
WORD Magic; /* State of the image */
BYTE MajorLinkerVersion; /* Major linker version */
BYTE MinorLinkerVersion; /* Minor linker version */
DWORD SizeOfCode; /* Size of code sections */
DWORD SizeOfInitializedData; /* Size of initialized data */
DWORD SizeOfUninitializedData; /* Uninitialized data size */
DWORD AddressOfEntryPoint; /* RVA image execute from */
DWORD BaseOfCode; /* RVA of code section */
DWORD BaseOfData; /* RVA of data section */
DWORD ImageBase; /* where image assumed to be loaded */
DWORD SectionAlignment; /* Alignment of image in RAM */
DWORD FileAlignment; /* Alignmnet of image in FILE */
WORD MajorOSVersion; /* Major version of OS */
WORD MinorOSVersion; /* Minor version of OS */
WORD MajorImageVersion; /* Major version of Image */
WORD MinorImageVersion; /* Minor version of Image */
WORD MajorSubsystemVersion; /* Major version of Subsystem */
WORD MinorSubsystemVersion; /* Minor version of Subsystem */
DWORD Reserved; /* Reserved */
DWORD SizeOfImage; /* Size of image form Imagebase */
DWORD SizeOfHeaders; /* Size of PE Header and section tables */
DWORD CheckSum; /* CRC checksum */
WORD Subsystem; /* Which subsystem needed */
WORD DllCharacteristics; /* When DllMain to be called */
DWORD SizeOfStackReserve; /* Not all will be committed */
DWORD SizeOfStackCommit; /* Statck committed */
DWORD SizeOfHeapReserve; /* Not all will be committed */
DWORD SizeOfHeapCommit; /* Heap committed */
DWORD LoaderFlags; /* Debuging associated */
DWORD NumberOfRvaAndSizes; /* Number of data directories */
/* Data Directory Entries */
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
} IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;
typedef struct _IMAGE_NT_HEADERS
{
DWORD PESignature; /* "PE\0\0" signature */
IMAGE_FILE_HEADER FileHeader; /* File Header */
IMAGE_OPTIONAL_HEADER OptionalHeader; /* Optional Header */
} IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
typedef struct _IMAGE_SECTION_HEADER
{
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
union _MISC_ADDRESS_SIZE
{
DWORD PhysicalAddress;
DWORD VirtualSize;
} Misc;
DWORD VirtualAddress;
DWORD SizeOfRawData;
DWORD PointerToRawData;
DWORD PointerToRelocations;
DWORD PointerToLineNumbers;
WORD NumberOfRelocations;
WORD NumberOfLineNumbers;
DWORD Characteristics;
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_IMPORT_DISCRIPTOR
{
union _IMPORT_RVA_CHARACTORISTISC
{
DWORD Characteristics;
DWORD OriginalFirstThunk;
} ImportRVACharacteristics;
DWORD TimeDateStamp;
DWORD ForwarderChain;
DWORD Name;
DWORD FirstThunk;
} IMAGE_IMPORT_DISCRIPTOR, *PIMAGE_IMPORT_DISCRIPTOR;
typedef struct _IMAGE_THUNK_DATA
{
union _INDEX_NANE
{
DWORD Ordinal;
DWORD NameTable;
} OrdinalName;
} IMAGE_THUNK_DATA, *PIMAGE_THUNK_DATA;
typedef struct _IMAGE_IMPRT_BY_NAME
{
WORD Hint;
BYTE Name;
} IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME;
typedef struct _IMAGE_EXPORT_DISCRIPTOR
{
DWORD Characteristics; /* Always Zero */
DWORD TimeDateStamp; /* Time When Export Table Created */
WORD MajorVersion; /* Export Table Version 0*/
WORD MinorVersion; /* Export Table Version 0*/
DWORD Name; /* Dll Name RVA */
DWORD Base; /* Emport Index Begin Number */
DWORD NumberOfFunctions; /* Number of Export Functions */
DWORD NumberOfNames; /* Number of Export Functions By Name */
DWORD AddressOfFunctions; /* Export Functions RVA Array */
DWORD AddressOfNames; /* Export Functions Name RVA Array */
DWORD AddressOfNameOrdinals; /* Index Of Name in Function RVA Array */
} IMAGE_EXPORT_DISCRIPTOR, *PIMAGE_EXPORT_DISCRIPTOR;
FILE *OpenPEFile(const char *fileName);
void ClosePEFile(FILE *peFile);
void ReadDosHeader(FILE *peFile, PIMAGE_DOS_HEADER dosHeader);
void PrintDosHeader(IMAGE_DOS_HEADER dosHeader);
void ReadFileHeader(FILE *peFile, PIMAGE_FILE_HEADER fileHeader, DWORD fileAddress);
void PrintFileHeader(IMAGE_FILE_HEADER fileHeader);
void ReadOptionalHeader(FILE *peFile, PIMAGE_OPTIONAL_HEADER optionalHeader, DWORD fileAddress);
void PrintOptionalHeader(IMAGE_OPTIONAL_HEADER optionalHeader);
void ReadPEHeader(FILE *peFile, PIMAGE_NT_HEADERS peHeader, DWORD fileAddress);
void PrintPEHeader(IMAGE_NT_HEADERS peHeader);
void ReadSectionTable(FILE *peFile, PIMAGE_SECTION_HEADER sectionTable, DWORD fileAddress, int sectionNumber);
void PrintSectionTable(PIMAGE_SECTION_HEADER sectionTable, int sectionNumber);
DWORD RVAToFileOffset(DWORD RVA, PIMAGE_SECTION_HEADER sectionTable);
void PrintImportTable(FILE *peFile, DWORD ImportRVA, PIMAGE_SECTION_HEADER sectionTable, PIMAGE_IMPORT_DISCRIPTOR importTable);
void PrintExportTable(FILE *peFile, DWORD ExportRVA, PIMAGE_SECTION_HEADER sectionTable, PIMAGE_EXPORT_DISCRIPTOR exportTable);
#endif⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -