PeTools开发(二)
2017-12-23 流沙团
功能: 主要实现 对PE头信息的读取
因为以前在命名行实现过对PE信息的读取, 这里只是 变成界面显示, 没啥技术要点
展示:
主要代码:
VOID SetPeInfoText(HWND hwndDlg,LPSTR lpszFile)
{
LPVOID pFileBuffer = NULL;
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
pFileBuffer = ReadPEFile(lpszFile);
if(!pFileBuffer)
{
//printf("文件读取失败\n");
MessageBox(0,TEXT("文件读取失败"),TEXT("失败"),0);
return;
}
//MZ标志
if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)
{
//printf("不是有效的MZ标志\n");
MessageBox(0,TEXT("不是有效的MZ标志"),TEXT("非PE文件"),0);
free(pFileBuffer);
return;
}
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
//判断是否是有效的PE
if(*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew))!=IMAGE_NT_SIGNATURE)
{
//printf("不是有效的PE标志\n");
MessageBox(0,TEXT("不是有效的PE标志"),TEXT("非PE文件"),0);
free(pFileBuffer);
return;
}
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
//NT头
HWND hSectionsNum = GetDlgItem(hwndDlg,IDC_EDIT_SECNUM);
TCHAR tSecNum[10];
sprintf(tSecNum,"%04X",pPEHeader->NumberOfSections);
SendMessage(hSectionsNum,WM_SETTEXT,0,(long)tSecNum);
HWND hTimeStamp = GetDlgItem(hwndDlg,IDC_EDIT_TIMESTAMP);
TCHAR tTimeStamp[10];
sprintf(tTimeStamp,"%08X",pPEHeader->TimeDateStamp);
SendMessage(hTimeStamp,WM_SETTEXT,0,(long)tTimeStamp);
HWND hSpecCode = GetDlgItem(hwndDlg,IDC_EDIT_SPECCODE);
TCHAR tSpecCode[10];
sprintf(tSpecCode,"%04X",pPEHeader->Characteristics);
SendMessage(hSpecCode,WM_SETTEXT,0,(long)tSpecCode);
HWND hOptionHead = GetDlgItem(hwndDlg,IDC_EDIT_OPTIONHEAD);
TCHAR tOptionHead[10];
sprintf(tOptionHead,"%04X",pPEHeader->SizeOfOptionalHeader);
SendMessage(hOptionHead,WM_SETTEXT,0,(long)tOptionHead);
//可选PE头
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
HWND hOEP = GetDlgItem(hwndDlg,IDC_EDIT_ENTRYPOINT);
TCHAR tOEP[10];
sprintf(tOEP,"%08X",pOptionHeader->AddressOfEntryPoint);
SendMessage(hOEP,WM_SETTEXT,0,(long)tOEP);
HWND hBaseAddress = GetDlgItem(hwndDlg,IDC_EDIT_BASEADDRESS);
TCHAR tBaseAddress[10];
sprintf(tBaseAddress,"%08X",pOptionHeader->ImageBase);
SendMessage(hBaseAddress,WM_SETTEXT,0,(long)tBaseAddress);
HWND hImageSize = GetDlgItem(hwndDlg,IDC_EDIT_IMAGESIZE);
TCHAR tImageSize[10];
sprintf(tImageSize,"%08X",pOptionHeader->SizeOfImage);
SendMessage(hImageSize,WM_SETTEXT,0,(long)tImageSize);
HWND hCodeBase = GetDlgItem(hwndDlg,IDC_EDIT_CODEBASE);
TCHAR tCodeBase[10];
sprintf(tCodeBase,"%08X",pOptionHeader->BaseOfCode);
SendMessage(hCodeBase,WM_SETTEXT,0,(long)tCodeBase);
HWND hDataBase = GetDlgItem(hwndDlg,IDC_EDIT_DATABASE);
TCHAR tDataBase[10];
sprintf(tDataBase,"%08X",pOptionHeader->BaseOfData);
SendMessage(hDataBase,WM_SETTEXT,0,(long)tDataBase);
HWND hMemAlign= GetDlgItem(hwndDlg,IDC_EDIT_MEM);
TCHAR tMemAlign[10];
sprintf(tMemAlign,"%08X",pOptionHeader->SectionAlignment);
SendMessage(hMemAlign,WM_SETTEXT,0,(long)tMemAlign);
HWND hFileAlign= GetDlgItem(hwndDlg,IDC_EDIT_FILE);
TCHAR tFileAlign[10];
sprintf(tFileAlign,"%08X",pOptionHeader->FileAlignment);
SendMessage(hFileAlign,WM_SETTEXT,0,(long)tFileAlign);
HWND hBZZ= GetDlgItem(hwndDlg,IDC_EDIT_BIAOZHIZI);
TCHAR tBZZ[10];
sprintf(tBZZ,"%04X",pOptionHeader->Magic);
SendMessage(hBZZ,WM_SETTEXT,0,(long)tBZZ);
/*
IDC_EDIT1_MENUNUM
*/
HWND hSubSystem = GetDlgItem(hwndDlg,IDC_EDIT_SUBSYSTEM);
TCHAR tSubSystem[10];
sprintf(tSubSystem,"%04X",pOptionHeader->Subsystem);
SendMessage(hSubSystem,WM_SETTEXT,0,(long)tSubSystem);
HWND hSizeHead = GetDlgItem(hwndDlg,IDC_EDIT_HEADSIZE);
TCHAR tSizeHead[10];
sprintf(tSizeHead,"%08X",pOptionHeader->SizeOfHeaders);
SendMessage(hSizeHead,WM_SETTEXT,0,(long)tSizeHead);
HWND hAddNum = GetDlgItem(hwndDlg,IDC_EDIT_ADDNUM);
TCHAR tAddNum[10];
sprintf(tAddNum,"%08X",pOptionHeader->CheckSum);
SendMessage(hAddNum,WM_SETTEXT,0,(long)tAddNum);
HWND hMenuNum = GetDlgItem(hwndDlg,IDC_EDIT_MENUNUM);
TCHAR tMenuNum[10];
sprintf(tMenuNum,"%08X",pOptionHeader->NumberOfRvaAndSizes);
SendMessage(hMenuNum,WM_SETTEXT,0,(long)tMenuNum);
free(pFileBuffer);
}
发表评论: