📄 pe.c
字号:
#include "pe.h"
/* Global Variables */
int sectionNumber = 0;
FILE *OpenPEFile(const char *fileName)
{
FILE *peFile;
if((peFile = fopen(fileName, "rb")) == NULL)
{
printf("Can not open pe file!\n");
exit(1);
}
return peFile;
}
void ClosePEFile(FILE *peFile)
{
fclose(peFile);
}
void ReadDosHeader(FILE *peFile, PIMAGE_DOS_HEADER dosHeader)
{
fseek(peFile, 0, SEEK_SET);
fread(dosHeader, sizeof(IMAGE_DOS_HEADER), 1, peFile);
if(feof(peFile) || ferror(peFile))
{
printf("Read PE File Error while Reading DOS Header!\n");
exit(1);
}
}
void PrintDosHeader(IMAGE_DOS_HEADER dosHeader)
{
int i;
/* print Magic Number which should be "MZ" */
if(dosHeader.MagicNumber != IMAGE_DOS_SIGNATURE)
{
printf("Unkown DOS Stub!\n");
exit(1);
}
printf("DOS Header Magic Number: \t%04X\t\t\"%c%c\"\n",
dosHeader.MagicNumber,
dosHeader.MagicNumber & 0x00FF,
(dosHeader.MagicNumber & 0xFF00) >> 8);
/* print Bytes on last page of file */
printf("Bytes on last page of file: \t%04X\n",
dosHeader.BytesLPF);
/* print Pages in file */
printf("Pages in file: \t%04X\n",
dosHeader.Pages);
/* print Relocations */
printf("Relocations: \t%04X\n",
dosHeader.Relocations);
/* print Size of header in paragraphs */
printf("Size of header in paragraphs: \t%04X\n",
dosHeader.HeaderSize);
/* print Minimum extra paragraphs needed */
printf("Minimun extra paragraphs needed: \t%04X\n",
dosHeader.MinParagraphs);
/* print Maxmum extra paragraphs needed */
printf("Maximum extra paragraphs needed: \t%04X\n",
dosHeader.MaxParagraphs);
/* print Initial (relative) SS value */
printf("Initial (relative) SS: \t%04X\n",
dosHeader.RegisterSS);
/* print Initial SP value */
printf("Initial SP: \t%04X\n",
dosHeader.RegisterSP);
/* print Checksum */
printf("Checksum: \t%04X\n",
dosHeader.Checksum);
/* print Initial IP value */
printf("Initial IP value: \t%04X\n",
dosHeader.RegisterIP);
/* print Initial (relative) CS value */
printf("Initial (relative) CS value: \t%04X\n",
dosHeader.RegisterCS);
/* print File Address of relocation table */
printf("File Address of relocation table: \t%04X\n",
dosHeader.RelocationTable);
/* print Overlay number */
printf("Overlay number: \t%04X\n",
dosHeader.OverlayNumber);
/* print Reserved words */
printf("Reserved words: (4 words) \t");
for(i = 0; i < 4; i++)
{
printf("%04X\n", dosHeader.Reserved[i]);
printf("%s", i < 3 ? " \t"
: "");
}
/* print OEM identifier */
printf("OEM identifier: \t%04X\n",
dosHeader.OEMIdentifier);
/* print OEM information */
printf("OEM information: \t%04X\n",
dosHeader.OEMInformation);
/* print Reserved words 2 */
printf("Reserved words: (10 words) \t");
for(i = 0; i < 10; i++)
{
printf("%04X\n", dosHeader.Reserved2[i]);
printf("%s", i < 9 ? " \t"
: "");
}
/* print address of new exe header */
printf("Address of new exe header: (PE Header) \t%04X\n",
dosHeader.PEHeader);
}
void ReadFileHeader(FILE *peFile, PIMAGE_FILE_HEADER fileHeader, DWORD fileAddress)
{
fseek(peFile, fileAddress, SEEK_SET);
fread(fileHeader, sizeof(IMAGE_FILE_HEADER), 1, peFile);
}
void PrintFileHeader(IMAGE_FILE_HEADER fileHeader)
{
int i;
/* Print Machine (CPU Indentifer )*/
printf("This file must to run on : \t%04X\t",
fileHeader.Machine);
switch(fileHeader.Machine)
{
case IMAGE_FILE_MACHINE_UNKNOWN :
{
printf("\tUnknow CPU Type\n");
break;
}
case IMAGE_FILE_MACHINE_I386 :
{
printf("\tIntel 386\n");
break;
}
case IMAGE_FILE_MACHINE_R3000 :
{
printf("\tMIPS Litte-Endian\n");
break;
}
case 0x160 :
{
printf("\tMIPS Big-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_R4000 :
{
printf("\tMIPS Litte-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_R10000 :
{
printf("\tMIPS Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_WCEMIPSV2 :
{
printf("\tMIPS Little-Endian WCE v2\n");
break;
}
case IMAGE_FILE_MACHINE_ALPHA :
{
printf("\tAlpha AXP\n");
break;
}
case IMAGE_FILE_MACHINE_POWERPC :
{
printf("\tIBM PowerPC Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_SH3 :
{
printf("\tSH3 Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_SH3E :
{
printf("\tSH3E Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_SH4 :
{
printf("\tSH4 Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_ARM :
{
printf("\tARM Little-Endian\n");
break;
}
case IMAGE_FILE_MACHINE_THUMB :
{
printf("\tTHUMB\n");
break;
}
case IMAGE_FILE_MACHINE_IA64 :
{
printf("\tIntel 64\n");
break;
}
case IMAGE_FILE_MACHINE_MIPS16 :
{
printf("\tMIPS\n");
break;
}
case IMAGE_FILE_MACHINE_MIPSFPU :
{
printf("\tMIPS\n");
break;
}
case IMAGE_FILE_MACHINE_MIPSFPU16 :
{
printf("\tMIPS\n");
break;
}
case IMAGE_FILE_MACHINE_ALPHA64 :
{
printf("\tALPHA64\n");
break;
}
default :
{
printf("\tUndefined\n");
}
}
/* Print Number of Sections */
printf("Sections Numbers of this file: \t%04X\t",
fileHeader.NumberOfSections);
printf("\t%d\n",
fileHeader.NumberOfSections);
/* Print time then linker create this file */
printf("Created Time: \t%08X",
fileHeader.TimeDateStamp);
printf("\n");
// printf("\t%-20.20s", asctime(gmtime((time_t *)(&(fileHeader.TimeDateStamp)))));
/* Print Pointer to Symbol Table */
printf("File Address of SymbolTable : \t%08X\n",
fileHeader.PointerToSymbolTable);
/* Print Number of Symbols */
printf("Number of Symbols : \t%08X",
fileHeader.NumberOfSymbols);
printf("\t%d\n",
fileHeader.NumberOfSymbols);
/* Print Size of Optional Header */
printf("Size of Optional Header : \t%04X\t",
fileHeader.SizeOfOptionalHeader);
printf("\t%d bytes\n",
fileHeader.SizeOfOptionalHeader);
/* Print Characteristics of this file */
printf("Characteristics : \t%04X\t\t",
fileHeader.Characteristics);
for(i = 0; i < 16; i++)
{
printf("%c", ((fileHeader.Characteristics << i) & 0x8000) ? '1' : '0');
}
printf("\n");
printf(" \t%04X\t%s\n",
IMAGE_FILE_RELOCS_STRIPPED,
(fileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED) ?
" (1)\tNo Relocation Info" :
" (0)\tHas Relocation Info");
printf(" \t%04X\t%s\n",
IMAGE_FILE_EXECUTABLE_IMAGE,
(fileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) ?
" (1)\tExecutable" :
" (0)\tLinker Error");
printf(" \t%04X\t%s\n",
IMAGE_FILE_LINE_NUMS_STRIPPED,
(fileHeader.Characteristics & IMAGE_FILE_LINE_NUMS_STRIPPED) ?
" (1)\tCOFF Line Num Removed" :
" (0)\tCOFF LIne Num Keeped");
printf(" \t%04X\t%s\n",
IMAGE_FILE_LOCAL_SYMS_STRIPPED,
(fileHeader.Characteristics & IMAGE_FILE_LOCAL_SYMS_STRIPPED) ?
" (1)\tLocal Symbols Removed" :
" (0)\tLocal Symbols Keeped");
printf(" \t%04X\t%s\n",
IMAGE_FILE_AGGRESSIVE_WS_TRIM,
(fileHeader.Characteristics & IMAGE_FILE_AGGRESSIVE_WS_TRIM) ?
" (1)\tObsolete Bit (Set)" :
" (0)\tObsolete Bit (Clear)");
printf(" \t%04X\t%s\n",
IMAGE_FILE_LARGE_ADDRESS_AWARE,
(fileHeader.Characteristics & IMAGE_FILE_LARGE_ADDRESS_AWARE) ?
" (1)\tAddress > 2GB Useable" :
" (0)\tAddress > 2GB Unuseable");
printf(" \t%04X\t%s\n",
IMAGE_FILE_RESERVED,
(fileHeader.Characteristics & IMAGE_FILE_RESERVED) ?
" (1)\tReserved (Set)" :
" (0)\tReserved (Clear)");
printf(" \t%04X\t%s\n",
IMAGE_FILE_BYTES_REVERSED_LO,
(fileHeader.Characteristics & IMAGE_FILE_BYTES_REVERSED_LO) ?
" (1)\tLittle-Endian" :
" (0)\tLittle_Endian Unused?");
printf(" \t%04X\t%s\n",
IMAGE_FILE_32BIT_MACHINE,
(fileHeader.Characteristics & IMAGE_FILE_32BIT_MACHINE) ?
" (1)\t32-Bits System" :
" (0)\tNone-32-Bits System");
printf(" \t%04X\t%s\n",
IMAGE_FILE_DEBUG_STRIPPED,
(fileHeader.Characteristics & IMAGE_FILE_DEBUG_STRIPPED) ?
" (1)\tDebug Info Removed" :
" (0)\tDebug Info Keeped");
printf(" \t%04X\t%s\n",
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP,
(fileHeader.Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) ?
" (1)\tFile on Removable Media" :
" (0)\tFile on Fix Disk?");
printf(" \t%04X\t%s\n",
IMAGE_FILE_NET_RUN_FROM_SWAP,
(fileHeader.Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP) ?
" (1)\tFile on Network" :
" (0)\tFile on Fix Disk?");
printf(" \t%04X\t%s\n",
IMAGE_FILE_SYSTEM,
(fileHeader.Characteristics & IMAGE_FILE_SYSTEM) ?
" (1)\tSystem File" :
" (0)\tUser File");
printf(" \t%04X\t%s\n",
IMAGE_FILE_DLL,
(fileHeader.Characteristics & IMAGE_FILE_DLL) ?
" (1)\tDll File" :
" (0)\tNone-Dll File");
printf(" \t%04X\t%s\n",
IMAGE_FILE_UP_SYSTEM_ONLY,
(fileHeader.Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY) ?
" (1)\tSingle CPU Only" :
" (0)\tNone Single CPU Only");
printf(" \t%04X\t%s\n",
IMAGE_FILE_BYTES_REVERSED_HI,
(fileHeader.Characteristics & IMAGE_FILE_BYTES_REVERSED_HI) ?
" (1)\tBig-Endian" :
" (0)\tBig-Endian Unused?");
}
void ReadOptionalHeader(FILE *peFile, PIMAGE_OPTIONAL_HEADER optionalHeader, DWORD fileAddress)
{
fseek(peFile, fileAddress, SEEK_SET);
fread(optionalHeader, sizeof(IMAGE_OPTIONAL_HEADER), 1, peFile);
}
void PrintOptionalHeader(IMAGE_OPTIONAL_HEADER optionalHeader)
{
int i;
/* Print Magic Word */
printf("Optional Header Magic Number : \t%04X\t",
optionalHeader.Magic);
switch(optionalHeader.Magic)
{
case IMAGE_NT_OPTIONAL_HDR32_MAGIC :
{
printf("\tA Normal PE32\n");
break;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -