PeTools开发(二)

A- A+
流沙团 C/C++ 4114View 0

功能: 主要实现 对PE头信息的读取

因为以前在命名行实现过对PE信息的读取, 这里只是 变成界面显示, 没啥技术要点


展示:

Pe2.jpg


主要代码:

view source
print?
001VOID SetPeInfoText(HWND hwndDlg,LPSTR lpszFile)
002{
003     
004 
005    LPVOID pFileBuffer = NULL;
006    PIMAGE_DOS_HEADER pDosHeader = NULL;
007    PIMAGE_NT_HEADERS pNTHeader = NULL;
008    PIMAGE_FILE_HEADER pPEHeader = NULL;
009    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
010    PIMAGE_SECTION_HEADER pSectionHeader = NULL;
011     
012 
013    pFileBuffer = ReadPEFile(lpszFile);
014    if(!pFileBuffer)
015    {
016        //printf("文件读取失败\n");
017        MessageBox(0,TEXT("文件读取失败"),TEXT("失败"),0);
018        return;
019    }
020 
021    //MZ标志
022    if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)
023    {
024        //printf("不是有效的MZ标志\n");
025        MessageBox(0,TEXT("不是有效的MZ标志"),TEXT("非PE文件"),0);
026        free(pFileBuffer);
027        return;
028    }
029    pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
030     
031    //判断是否是有效的PE
032    if(*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew))!=IMAGE_NT_SIGNATURE)
033    {
034        //printf("不是有效的PE标志\n");
035        MessageBox(0,TEXT("不是有效的PE标志"),TEXT("非PE文件"),0);
036        free(pFileBuffer);
037        return;
038    }
039 
040    pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
041    pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
042    //NT头
043     
044    HWND hSectionsNum = GetDlgItem(hwndDlg,IDC_EDIT_SECNUM);
045    TCHAR tSecNum[10];
046    sprintf(tSecNum,"%04X",pPEHeader->NumberOfSections);
047    SendMessage(hSectionsNum,WM_SETTEXT,0,(long)tSecNum);
048 
049    HWND hTimeStamp = GetDlgItem(hwndDlg,IDC_EDIT_TIMESTAMP);
050    TCHAR tTimeStamp[10];
051    sprintf(tTimeStamp,"%08X",pPEHeader->TimeDateStamp);
052    SendMessage(hTimeStamp,WM_SETTEXT,0,(long)tTimeStamp);
053     
054    HWND hSpecCode = GetDlgItem(hwndDlg,IDC_EDIT_SPECCODE);
055    TCHAR tSpecCode[10];
056    sprintf(tSpecCode,"%04X",pPEHeader->Characteristics);
057    SendMessage(hSpecCode,WM_SETTEXT,0,(long)tSpecCode);
058 
059     
060    HWND hOptionHead = GetDlgItem(hwndDlg,IDC_EDIT_OPTIONHEAD);
061    TCHAR tOptionHead[10];
062    sprintf(tOptionHead,"%04X",pPEHeader->SizeOfOptionalHeader);
063    SendMessage(hOptionHead,WM_SETTEXT,0,(long)tOptionHead);
064     
065 
066    //可选PE头
067    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
068     
069    HWND hOEP = GetDlgItem(hwndDlg,IDC_EDIT_ENTRYPOINT);
070    TCHAR tOEP[10];
071    sprintf(tOEP,"%08X",pOptionHeader->AddressOfEntryPoint);
072    SendMessage(hOEP,WM_SETTEXT,0,(long)tOEP);
073     
074    HWND hBaseAddress = GetDlgItem(hwndDlg,IDC_EDIT_BASEADDRESS);
075    TCHAR tBaseAddress[10];
076    sprintf(tBaseAddress,"%08X",pOptionHeader->ImageBase);
077    SendMessage(hBaseAddress,WM_SETTEXT,0,(long)tBaseAddress);
078     
079    HWND hImageSize = GetDlgItem(hwndDlg,IDC_EDIT_IMAGESIZE);
080    TCHAR tImageSize[10];
081    sprintf(tImageSize,"%08X",pOptionHeader->SizeOfImage);
082    SendMessage(hImageSize,WM_SETTEXT,0,(long)tImageSize);
083     
084    HWND hCodeBase = GetDlgItem(hwndDlg,IDC_EDIT_CODEBASE);
085    TCHAR tCodeBase[10];
086    sprintf(tCodeBase,"%08X",pOptionHeader->BaseOfCode);
087    SendMessage(hCodeBase,WM_SETTEXT,0,(long)tCodeBase);
088     
089    HWND hDataBase = GetDlgItem(hwndDlg,IDC_EDIT_DATABASE);
090    TCHAR tDataBase[10];
091    sprintf(tDataBase,"%08X",pOptionHeader->BaseOfData);
092    SendMessage(hDataBase,WM_SETTEXT,0,(long)tDataBase);
093     
094    HWND hMemAlign= GetDlgItem(hwndDlg,IDC_EDIT_MEM);
095    TCHAR tMemAlign[10];
096    sprintf(tMemAlign,"%08X",pOptionHeader->SectionAlignment);
097    SendMessage(hMemAlign,WM_SETTEXT,0,(long)tMemAlign);
098 
099    HWND hFileAlign= GetDlgItem(hwndDlg,IDC_EDIT_FILE);
100    TCHAR tFileAlign[10];
101    sprintf(tFileAlign,"%08X",pOptionHeader->FileAlignment);
102    SendMessage(hFileAlign,WM_SETTEXT,0,(long)tFileAlign);
103 
104    HWND hBZZ= GetDlgItem(hwndDlg,IDC_EDIT_BIAOZHIZI);
105    TCHAR tBZZ[10];
106    sprintf(tBZZ,"%04X",pOptionHeader->Magic);
107    SendMessage(hBZZ,WM_SETTEXT,0,(long)tBZZ);
108     
109    /*
110    IDC_EDIT1_MENUNUM
111    */
112     
113    HWND hSubSystem = GetDlgItem(hwndDlg,IDC_EDIT_SUBSYSTEM);
114    TCHAR tSubSystem[10];
115    sprintf(tSubSystem,"%04X",pOptionHeader->Subsystem);
116    SendMessage(hSubSystem,WM_SETTEXT,0,(long)tSubSystem);
117 
118    HWND hSizeHead = GetDlgItem(hwndDlg,IDC_EDIT_HEADSIZE);
119    TCHAR tSizeHead[10];
120    sprintf(tSizeHead,"%08X",pOptionHeader->SizeOfHeaders);
121    SendMessage(hSizeHead,WM_SETTEXT,0,(long)tSizeHead);
122 
123    HWND hAddNum = GetDlgItem(hwndDlg,IDC_EDIT_ADDNUM);
124    TCHAR tAddNum[10];
125    sprintf(tAddNum,"%08X",pOptionHeader->CheckSum);
126    SendMessage(hAddNum,WM_SETTEXT,0,(long)tAddNum);
127 
128    HWND hMenuNum = GetDlgItem(hwndDlg,IDC_EDIT_MENUNUM);
129    TCHAR tMenuNum[10];
130    sprintf(tMenuNum,"%08X",pOptionHeader->NumberOfRvaAndSizes);
131    SendMessage(hMenuNum,WM_SETTEXT,0,(long)tMenuNum);
132 
133     
134    free(pFileBuffer); 
135}


原文链接: PeTools开发(二) 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( http://www.gyarmy.com/?post=339 )

发表评论

0则评论给“PeTools开发(二)”