📄 pe.c
字号:
case IMAGE_NT_OPTIONAL_HDR64_MAGIC :
{
printf("\tPE32+ Image");
break;
}
case IMAGE_ROM_OPTIONAL_HDR_MAGIC :
{
printf("\tA ROM Image");
break;
}
default :
{
printf("\tUndefined\n");
break;
}
}
/* Print Linker Version */
printf("Linker Version : \t%02X%02X\t",
optionalHeader.MajorLinkerVersion,
optionalHeader.MinorLinkerVersion);
printf("\tVersion %d.%d\n",
optionalHeader.MajorLinkerVersion,
optionalHeader.MinorLinkerVersion);
/* Print Size of code Section (size of .text section) */
printf("Size of Code (.text) : \t%08X",
optionalHeader.SizeOfCode);
printf("\t%d bytes\n",
optionalHeader.SizeOfCode);
/* Print size of Initialized Data */
printf("Size of Initialized Data : \t%08X",
optionalHeader.SizeOfInitializedData);
printf("\t%d bytes\n",
optionalHeader.SizeOfInitializedData);
/* Print size of Uninitialized Data */
printf("Size of Uninitialized Data (.bss): \t%08X",
optionalHeader.SizeOfUninitializedData);
printf("\t%d bytes\n",
optionalHeader.SizeOfUninitializedData);
/* Print Address of Entry Point */
printf("Address of Entry Point : (RAV) \t%08X\n",
optionalHeader.AddressOfEntryPoint);
/* Base of Code */
printf("Where Code section Begins : (RAV) \t%08X",
optionalHeader.BaseOfCode);
printf("\t%dKB\n",
(optionalHeader.BaseOfCode >> 10));
/* Base of Data */
printf("Where Data Section Begins : (RAV) \t%08X",
optionalHeader.BaseOfData);
printf("\t%dKB\n",
optionalHeader.BaseOfData >> 10);
/* Print Assummed Address where image to be loaded */
printf("Image Base : \t%08X\n",
optionalHeader.ImageBase);
/* Print Section Alignment */
printf("Section Alignmnet : \t%08X",
optionalHeader.SectionAlignment);
printf("\t%dKB\n",
optionalHeader.SectionAlignment >> 10);
/* Print File Alignment */
printf("File Alignment : \t%08X",
optionalHeader.FileAlignment);
printf("\t%d bytes\n",
optionalHeader.FileAlignment);
/* Print Operation System Version */
printf("Operation System Version : \t%04X%04X",
optionalHeader.MajorOSVersion,
optionalHeader.MinorOSVersion);
printf("\tVersion %d.%d\n",
optionalHeader.MajorOSVersion,
optionalHeader.MinorOSVersion);
/* Print Image Version */
printf("File Version : \t%04X%04X",
optionalHeader.MajorImageVersion,
optionalHeader.MinorImageVersion);
printf("\tVersion %d.%d\n",
optionalHeader.MajorImageVersion,
optionalHeader.MinorImageVersion);
/* Print Sub System Version */
printf("Sub System Version : \t%04X%04X",
optionalHeader.MajorSubsystemVersion,
optionalHeader.MinorSubsystemVersion);
printf("\tVersion %d.%d\n",
optionalHeader.MajorSubsystemVersion,
optionalHeader.MinorSubsystemVersion);
/* Reserved */
printf("Reserved : \t%08X\n",
optionalHeader.Reserved);
/* Print Size of Image */
printf("Size of Image : \t%08X",
optionalHeader.SizeOfImage);
printf("\t%dKB\n",
optionalHeader.SizeOfImage >> 10);
/* Print Size of Headers */
printf("Size of ( Headers + section tables) : \t%08X",
optionalHeader.SizeOfHeaders);
printf("\t%dKB\n",
optionalHeader.SizeOfHeaders >> 10);
/* Print Check Sum */
printf("Check Sum : \t%08X\n",
optionalHeader.CheckSum);
/* Print Sub System needed */
printf("Sub System Needed : \t%04X\t",
optionalHeader.Subsystem);
switch(optionalHeader.Subsystem)
{
case IMAGE_SUBSYSTEM_UNKNOWN :
{
printf("\tUnknown\n");
break;
}
case IMAGE_SUBSYSTEM_NATIVE :
{
printf("\tNo Need SubSys\n");
break;
}
case IMAGE_SUBSYSTEM_WINDOWS_GUI :
{
printf("\tWindows GUI\n");
break;
}
case IMAGE_SUBSYSTEM_WINDOWS_CUI :
{
printf("\tWindows Console\n");
break;
}
case IMAGE_SUBSYSTEM_OS2_CUI :
{
printf("\tOS/2 Console\n");
break;
}
case IMAGE_SUBSYSTEM_POSIX_CUI :
{
printf("\tPosix Console\n");
break;
}
case IMAGE_SUBSYSTEM_WINDOWS_CE_GUI :
{
printf("\tWindows CE\n");
break;
}
case IMAGE_SUBSYSTEM_EFI_APPLICATION :
{
printf("\tEFI Application\n");
break;
}
case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER :
{
printf("\tEFI Bootable Driver\n");
break;
}
case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER :
{
printf("\tEFI Runtime driver\n");
break;
}
case IMAGE_SUBSYSTEM_EFI_ROM :
{
printf("\tEFI ROM\n");
break;
}
case IMAGE_SUBSYSTEM_XBOX :
{
printf("\tXBOX\n");
break;
}
default :
{
printf("\tUndefined\n");
break;
}
}
/* Print Dll Characteristics */
printf("Dll Characteristics : \t%04X\t",
optionalHeader.DllCharacteristics);
switch(optionalHeader.DllCharacteristics)
{
case IMAGE_DLLCHARACTERISTICS_RESERVE1 :
{
printf("\tReserve1 Must be Zero\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_RESERVE2 :
{
printf("\tReserve2 Must be Zero\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_RESERVE3 :
{
printf("\tReserve3 Must be Zero\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_RESERVE4 :
{
printf("\tReserve4 Must be Zero\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE :
{
printf("\tDll Can be Relocated\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY :
{
printf("\tCode Intergrity Check\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_NX_COMPAT :
{
printf("\tNX Capatable\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_NO_ISOLATION :
{
printf("\tImage Isolatable\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_NO_SEH :
{
printf("\tCan't Use SEH\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_NO_BIND :
{
printf("\tImage Can't Binded\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_RESERVE5 :
{
printf("\tReserved5 Must be Zero\n");
break;
}
case IMAGE_DLLCHARACTERISTICS_WDM_DRIVER :
{
printf("\tDirvers (WDM)");
break;
}
case IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE :
{
printf("\tCan Use On Termial Server\n");
break;
}
default :
{
printf("\tUndefined\n");
break;
}
}
/* Print Size of StackReserve */
printf("Size of Stack Reserve : \t%08X",
optionalHeader.SizeOfStackReserve);
printf("\t%dMB\n",
optionalHeader.SizeOfStackReserve >> 20);
/* Print Size of Stack Commite */
printf("Size of Stack Commit : \t%08X",
optionalHeader.SizeOfStackCommit);
printf("\t%dKB\n",
optionalHeader.SizeOfStackCommit >> 10);
/* Print Size of Heap Reserve */
printf("Size of Heap Reserve : \t%08X",
optionalHeader.SizeOfHeapReserve);
printf("\t%dMB\n",
optionalHeader.SizeOfHeapReserve >> 20);
/* Print Size of Heap Commit */
printf("Size of Heap Commit : \t%08X",
optionalHeader.SizeOfHeapCommit);
printf("\t%dKB\n",
optionalHeader.SizeOfHeapCommit >> 10);
/* Print Loader Flags */
printf("Loader Flags : \t%08X",
optionalHeader.LoaderFlags);
printf("\tMust to be ZERO\n");
/* Print Number of Data Directories */
printf("Number of Data Directories : \t%08X",
optionalHeader.NumberOfRvaAndSizes);
printf("\t%d\n",
optionalHeader.NumberOfRvaAndSizes);
/* Print Data Directories */
printf("Data Directories :\n");
printf("Discription \tRAV\t\tSize(bytes)\n");
printf("-------------------------------------------------------------------\n");
for(i = 0; i < optionalHeader.NumberOfRvaAndSizes; i++)
{
switch(i)
{
case IMAGE_DIRECTORY_ENTRY_EXPORT :
{
printf("%02d: Export Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_IMPORT :
{
printf("%02d: Import Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_RESOURCE :
{
printf("%02d: Resource Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_EXCEPTION :
{
printf("%02d: Exception Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_CERTIFICATE :
{
printf("%02d: Certificate Table(File Ptr) \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_BASE_RELOCATION :
{
printf("%02d: Base Relocation Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_DEBUG :
{
printf("%02d: Debug \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_ARCHITECTURE :
{
printf("%02d: Architecture \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_GLOBALPTR :
{
printf("%02d: Global Ptr \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_TLS :
{
printf("%02d: TLS Table \t%08X\t%-8d\n",
i,
optionalHeader.DataDirectory[i].VirtualAddress,
optionalHeader.DataDirectory[i].Size);
break;
}
case IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG :
{
printf("%02d: Load Config Table \t%08X\t%-8d\n",
i,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -