PeTools开发(三)
2017-12-23 流沙团
节表的获取
知识点:
01 节表信息的读取
02 ListView的操作方法 (在这耽误了很久, 不太熟悉这里面的操作)
展示图:
关键代码:
//PE区段表
void SetPeSectionInfo(HWND hwndDlg,LPSTR lpszFile)
{
LPVOID pFileBuffer = NULL;
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
pFileBuffer= ReadPEFile(lpszFile);
if(!pFileBuffer)
{
printf("文件读取失败\n");
return;
}
//MZ标志
if(*((PWORD)pFileBuffer)!=IMAGE_DOS_SIGNATURE)
{
printf("不是有效的MZ标志\n");
free(pFileBuffer);
return;
}
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
//判断是否是有效的PE
if(*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew))!=IMAGE_NT_SIGNATURE)
{
printf("不是有效的PE标志\n");
free(pFileBuffer);
return;
}
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
//可选择PE头
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
//节表的信息(分别打印)
//确定节表的个数:
int Section_Number = pPEHeader->NumberOfSections;
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
//hListSection = GetDlgItem(hwndDlg,IDC_LIST_SECTION);
HWND hListModule = GetDlgItem(hwndDlg,IDC_LIST_SECTION);
ListView_DeleteAllItems(hListModule);
TCHAR TempStr[10]={0};
LVITEM lvi;
ZeroMemory(&lvi,sizeof(lvi));
lvi.mask = LVIF_TEXT | LVIF_STATE;
lvi.state = 0;
lvi.stateMask = 0;
for(int i=0;i<Section_Number;i++)
{
sprintf(TempStr,"%s",pSectionHeader->Name);
lvi.iItem =i;
lvi.pszText =TempStr;
lvi.cchTextMax=sizeof(TempStr);
ListView_InsertItem(hListModule,&lvi);
sprintf(TempStr,"%08x",pSectionHeader->VirtualAddress);
ListView_SetItemText(hListModule,i,1,TempStr);
sprintf(TempStr,"%08x",pSectionHeader->Misc.VirtualSize);
ListView_SetItemText(hListModule,i,2,TempStr);
sprintf(TempStr,"%08x",pSectionHeader->PointerToRawData);
ListView_SetItemText(hListModule,i,3,TempStr);
sprintf(TempStr,"%08x",pSectionHeader->SizeOfRawData);
ListView_SetItemText(hListModule,i,4,TempStr);
sprintf(TempStr,"%08x",pSectionHeader->Characteristics);
ListView_SetItemText(hListModule,i,5,TempStr);
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pSectionHeader+40);
}
//释放内存
free(pFileBuffer);
}
发表评论: