- #include "stdio.h"
- #include <WINDOWS.H>
- typedef BOOL (__stdcall *pSetFilePointerEx)(
- HANDLE hFile,
- LARGE_INTEGER liDistanceToMove,
- PLARGE_INTEGER lpNewFilePointer,
- DWORD dwMoveMethod);
- void ReadPeFile()
- {
- HANDLE hFile;
- HMODULE h;
- BOOL bStatus;
- ULONG uIndex;
- DWORD dwRetSize;
- LARGE_INTEGER FileOffset;
- IMAGE_DOS_HEADER ImageDosHeader;
- IMAGE_NT_HEADERS ImageNtHeader;
- IMAGE_SECTION_HEADER *pImageSectionHeader;
- pSetFilePointerEx SetFilePointerEx;
- hFile = CreateFile("c:\\NOTEPAD.EXE", GENERIC_ALL, FILE_SHARE_READ, NULL, OPEN_ALWAYS,
- FILE_ATTRIBUTE_NORMAL, NULL);
- if (hFile == INVALID_HANDLE_VALUE)
- {
- printf("CreateFile Failed!\n");
- return;
- }
- bStatus = ReadFile(hFile, &ImageDosHeader, sizeof(IMAGE_DOS_HEADER), &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- printf("read image_dos_header falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- }
-
- printf("e_magic:%s, e_lfanew:0x%X\n", &ImageDosHeader.e_magic, ImageDosHeader.e_lfanew);
- h = LoadLibrary("Kernel32.dll");
- if(!h)return;
-
- SetFilePointerEx=(pSetFilePointerEx)GetProcAddress(h,"SetFilePointerEx");
- FileOffset.QuadPart = ImageDosHeader.e_lfanew;
- bStatus = SetFilePointerEx(hFile, FileOffset, NULL, FILE_BEGIN);
- if (bStatus == FALSE)
- {
- printf("SetFilePointerEx falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- }
-
- bStatus = ReadFile(hFile, &ImageNtHeader, sizeof(IMAGE_NT_HEADERS), &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- printf("read image_nt_header falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- }
- printf("Signature:%s, NumberOfSections: %d\n", &ImageNtHeader.Signature, ImageNtHeader.FileHeader.NumberOfSections);
- FileOffset.QuadPart += sizeof(IMAGE_NT_HEADERS);
- bStatus = SetFilePointerEx(hFile, FileOffset, NULL, FILE_BEGIN);
- if (bStatus == FALSE)
- {
- printf("SetFilePointerEx falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- }
-
- pImageSectionHeader = (IMAGE_SECTION_HEADER *)malloc(sizeof(IMAGE_SECTION_HEADER) * ImageNtHeader.FileHeader.NumberOfSections);
- if (pImageSectionHeader == 0)
- {
- CloseHandle(hFile);
- return;
- }
- bStatus = ReadFile(hFile, pImageSectionHeader, sizeof(IMAGE_SECTION_HEADER) * ImageNtHeader.FileHeader.NumberOfSections, &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- printf("read IMAGE_SECTION_HEADER falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- }
- for (uIndex = 0; uIndex < ImageNtHeader.FileHeader.NumberOfSections; uIndex++)
- {
- printf("pImageSectionHeader[%d]:%s\n", uIndex, &pImageSectionHeader[uIndex].Name);
- }
- CloseHandle(hFile);
- free(pImageSectionHeader);
-
- }
- void ReadFileToMemory()
- {
- HANDLE hFile;
- HMODULE h;
- BOOL bStatus;
- ULONG uIndex;
- DWORD dwRetSize;
- DWORD FileAlign, VirtualAlign;
- DWORD VirtualSizeOfImage;
- PVOID pVirtualPoint;
- DWORD SectionVirtualAddr, SizeOfSection;
- DWORD PointerToRawData;
- LARGE_INTEGER FileOffset;
- IMAGE_DOS_HEADER ImageDosHeader;
- IMAGE_NT_HEADERS ImageNtHeader;
- IMAGE_SECTION_HEADER *pImageSectionHeader;
-
- pSetFilePointerEx SetFilePointerEx;
-
- hFile = CreateFile("c:\\NOTEPAD.EXE", GENERIC_ALL, FILE_SHARE_READ, NULL, OPEN_ALWAYS,
- FILE_ATTRIBUTE_NORMAL, NULL);
-
- if (hFile == INVALID_HANDLE_VALUE)
- {
- printf("CreateFile Failed!\n");
- return;
- }
-
- bStatus = ReadFile(hFile, &ImageDosHeader, sizeof(IMAGE_DOS_HEADER), &dwRetSize, NULL);
-
- if (bStatus == FALSE)
- {
- printf("read image_dos_header falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- return;
- }
-
- printf("e_magic:%s, e_lfanew:0x%X\n", &ImageDosHeader.e_magic, ImageDosHeader.e_lfanew);
-
-
- h = LoadLibrary("Kernel32.dll");
- if(!h)return;
-
- SetFilePointerEx=(pSetFilePointerEx)GetProcAddress(h,"SetFilePointerEx");
-
- FileOffset.QuadPart = ImageDosHeader.e_lfanew;
- bStatus = SetFilePointerEx(hFile, FileOffset, NULL, FILE_BEGIN);
- if (bStatus == FALSE)
- {
- printf("SetFilePointerEx falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- return;
- }
-
-
- bStatus = ReadFile(hFile, &ImageNtHeader, sizeof(IMAGE_NT_HEADERS), &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- printf("read image_nt_header falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- return;
- }
- printf("Signature:%s, NumberOfSections: %d\n", &ImageNtHeader.Signature, ImageNtHeader.FileHeader.NumberOfSections);
-
-
- FileOffset.QuadPart += sizeof(IMAGE_NT_HEADERS);
- bStatus = SetFilePointerEx(hFile, FileOffset, NULL, FILE_BEGIN);
- if (bStatus == FALSE)
- {
- printf("SetFilePointerEx falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- return;
- }
-
- pImageSectionHeader = (IMAGE_SECTION_HEADER *)malloc(sizeof(IMAGE_SECTION_HEADER) * ImageNtHeader.FileHeader.NumberOfSections);
- if (pImageSectionHeader == 0)
- {
- CloseHandle(hFile);
- return;
- }
- bStatus = ReadFile(hFile, pImageSectionHeader, sizeof(IMAGE_SECTION_HEADER) * ImageNtHeader.FileHeader.NumberOfSections, &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- printf("read IMAGE_SECTION_HEADER falied! :%d \n", GetLastError());
- CloseHandle(hFile);
- free(pImageSectionHeader);
- return;
- }
-
- for (uIndex = 0; uIndex < ImageNtHeader.FileHeader.NumberOfSections; uIndex++)
- {
- printf("pImageSectionHeader[%d]:%s\n", uIndex, &pImageSectionHeader[uIndex].Name);
- }
-
- FileAlign = ImageNtHeader.OptionalHeader.FileAlignment;
- VirtualAlign = ImageNtHeader.OptionalHeader.SectionAlignment;
- VirtualSizeOfImage = ImageNtHeader.OptionalHeader.SizeOfImage;
- pVirtualPoint = malloc(VirtualSizeOfImage);
- if (pVirtualPoint == 0)
- {
- CloseHandle(hFile);
- free(pImageSectionHeader);
- return;
- }
- memset(pVirtualPoint, 0, VirtualSizeOfImage);
- memcpy(pVirtualPoint, &ImageDosHeader, sizeof(IMAGE_DOS_HEADER));
- memcpy((PVOID)((LONG)pVirtualPoint + ImageDosHeader.e_lfanew), &ImageNtHeader,
- sizeof(IMAGE_NT_HEADERS));
- memcpy((PVOID)((LONG)pVirtualPoint + ImageDosHeader.e_lfanew + sizeof(IMAGE_NT_HEADERS)),
- pImageSectionHeader, sizeof(IMAGE_SECTION_HEADER) * ImageNtHeader.FileHeader.NumberOfSections);
-
- for (uIndex = 0; uIndex < ImageNtHeader.FileHeader.NumberOfSections; uIndex++)
- {
- SectionVirtualAddr = pImageSectionHeader[uIndex].VirtualAddress;
- SizeOfSection = pImageSectionHeader[uIndex].SizeOfRawData;
- PointerToRawData = pImageSectionHeader[uIndex].PointerToRawData;
- FileOffset.QuadPart = PointerToRawData;
- bStatus = SetFilePointerEx(hFile, FileOffset, NULL, FILE_BEGIN);
- if (bStatus == FALSE)
- {
- CloseHandle(hFile);
- free(pImageSectionHeader);
- free(pVirtualPoint);
- return;
- }
- bStatus = ReadFile(hFile, (PVOID)((DWORD)pVirtualPoint + SectionVirtualAddr),
- SizeOfSection, &dwRetSize, NULL);
- if (bStatus == FALSE)
- {
- CloseHandle(hFile);
- free(pImageSectionHeader);
- free(pVirtualPoint);
- return;
- }
- }
- printf("pVirtualPoint:0x%X\n", pVirtualPoint);
- getchar();
- getchar();
- CloseHandle(hFile);
- free(pImageSectionHeader);
- free(pVirtualPoint);
- }
- void main(int argc, char** argv)
- {
- ReadFileToMemory();
- }
复制代码 |