流沙团
输出重定位表的信息
2017-11-14 流沙团


了解表结构,输出信息,一个函数的实现


void printDirectoryRelocTable(LPSTR lpszFile)

{

	LPVOID pFileBuffer = NULL;

	pFileBuffer= ReadPEFile(lpszFile);

	if(!pFileBuffer)

	{

		printf("文件读取失败\n");

		return;

	}



	PIMAGE_DOS_HEADER pDosHeader = NULL;

	PIMAGE_NT_HEADERS pNTHeader = NULL;

	PIMAGE_FILE_HEADER pPEHeader = NULL;

	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;

	PIMAGE_SECTION_HEADER pSectionHeader = NULL;

	PIMAGE_DATA_DIRECTORY DataDirectory=NULL;

	

	//Header信息

	pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;

	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);

	pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);

	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);

	pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);



	//定位Directory_Data;

	DataDirectory = pOptionHeader->DataDirectory;

	

	//重定位表



	printf("IMAGE_DIRECTORY_ENTRY_BASERELOC: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress,

		DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);



	//DWORD RVAToFileOffset(LPVOID pFileBuffer,DWORD dwRva)

	DWORD FoA = RVAToFileOffset(pFileBuffer,0x2df10);

	

	DWORD BaseReloc_Directory_Address = DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;

	DWORD BaseReloc_Directory_Size = DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;

	FoA = RVAToFileOffset(pFileBuffer,BaseReloc_Directory_Address);

	



	//定位到第一个重定位块

	PIMAGE_BASE_RELOCATION pRelocData = (PIMAGE_BASE_RELOCATION)((DWORD)pFileBuffer + FoA);

	

	//输出所有的标信息

	while(pRelocData->VirtualAddress||pRelocData->SizeOfBlock)

	{

		DWORD RelocVirtualAddress = pRelocData->VirtualAddress;

		DWORD RelocSize = pRelocData->SizeOfBlock;



		printf("VirtualSize: %x ,Size: %x , Number: %x  \n",RelocVirtualAddress,RelocSize,(RelocSize-8)/2);

		

		int k = (RelocSize-8)/2;

		PWORD pMyRelocAddress = NULL;

		pMyRelocAddress = (PWORD)((DWORD)pRelocData+8);

		

		for(int i=0;i<k;i++)

		{

			printf("第%x个 : 标志 : %x 偏移 : %x\n",i+1,pMyRelocAddress[i]&0xF000,(pMyRelocAddress[i]&0x0FFF)+RelocVirtualAddress);

		}

		pRelocData = (PIMAGE_BASE_RELOCATION)((DWORD)pRelocData + RelocSize);

	}



}


 



 

发表评论:
昵称

邮件地址 (选填)

个人主页 (选填)

内容