PE查看器-不知道能不能用,大家试试
代码如下#include <stdio.h>
#include <stdlib.h>
typedef int DWORD;
int main()
{
char dos_header;
char image_header;
char optional_header;
FILE* fp = NULL;
DWORD fileSize = 0;
char* fileBuffer = NULL;
fp = fopen("第29课笔记.exe","rb"); //把这个“第29课笔记”改成自己要分析的EXE程序的名字。
int address = fp;
fseek(fp,0L,SEEK_END);
fileSize = ftell(fp);
fseek(fp,0L,0);
fileBuffer = (char*)malloc(fileSize);
if(!fileBuffer)
{
printf("缓冲区分配失败!");
}
fread(fileBuffer,fileSize,1,fp);
int i;
int d;
fseek(fp,0L,0);
for(i=0;i<98;i++)
{
optional_header = 0x00;
}
fseek(fp,0L,0);
for(i=0;i<64;i++)
{
dos_header = (char)fileBuffer;
}
int address_for_NT_header = dos_header*0x1000000 + dos_header*0x10000 + dos_header*0x100 + dos_header;
printf("%x\n",address_for_NT_header);
int size_of_optional_header;
int number_of_rva_and_sizes;
int address_of_sections_header;
for(i=0;i<20;i++)
{
image_header = (char)fileBuffer;
if(i == 17)
{
size_of_optional_header = (char)fileBuffer*0x100 + (char)fileBuffer;
}
}
for(i=0;i<size_of_optional_header;i++)
{
optional_header = (char)fileBuffer;
if(i == 98)
{
number_of_rva_and_sizes = (char)(fileBuffer*0x100)+(char)fileBuffer;
}
}
address_of_sections_header = address_for_NT_header+1+20+244;
char section_header;
for(i=0;i<(40*number_of_rva_and_sizes);i++)
{
section_header = (char)fileBuffer;
}
printf("e_magic:%02x%02x\n",dos_header,dos_header);
printf("e_cblp:%02x%02x\n",dos_header,dos_header);
printf("e_cp:%02x%02x\n",dos_header,dos_header);
printf("e_crlc:%02x%02x\n",dos_header,dos_header);
printf("e_cparhdr:%02x%02x\n",dos_header,dos_header);
printf("e_minalloc:%02x%02x\n",dos_header,dos_header);
printf("e_maxalloc:%02x%02x\n",dos_header,dos_header);
printf("e_ss:%02x%02x\n",dos_header,dos_header);
printf("e_sp:%02x%02x\n",dos_header,dos_header);
printf("e_csum:%02x%02x\n",dos_header,dos_header);
printf("e_ip:%02x%02x\n",dos_header,dos_header);
printf("e_cs:%02x%02x\n",dos_header,dos_header);
printf("e_lfarlc:%02x%02x\n",dos_header,dos_header);
printf("e_ovno:%02x%02x\n",dos_header,dos_header);
printf("e_res:%02x%02x %02x%02x %02x%02x %02x%02x\n",dos_header,dos_header,dos_header,dos_header,dos_header,dos_header,dos_header,dos_header);
printf("e_oemid:%02x%02x\n",dos_header,dos_header);
printf("e_oeminfo:%02x%02x\n",dos_header,dos_header);
printf("e_res2:0000 0000 0000 0000 0000 0000 0000 0000 0000 0000\n");
printf("e_lfanew:%02x%02x%02x%02x\n",dos_header,dos_header,dos_header,dos_header);
printf("Machine:%02x%02x\n",image_header,image_header);
printf("NumberOfSections:%02x%02x\n",image_header,image_header);
printf("TimeDateStamp:%02x%02x%02x%02x\n",image_header,image_header,image_header,image_header);
printf("PointerToSymbolTable:%02x%02x%02x%02x\n",image_header,image_header,image_header,image_header);
printf("NumberOfSymbols:%02x%02x%02x%02x\n",image_header,image_header,image_header,image_header);
printf("SizeOfOptionalHeader:%02x%02x\n",image_header,image_header);
printf("Characteristics:%02x%02x\n",image_header,image_header);
printf("Magic:%02x%02x",optional_header,optional_header);
printf("MajorLinkerVersion:%02x",optional_header);
printf("MinorLinkerVersion:%02x",optional_header);
printf("SizeOfCode:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("SizeOfInitializedData:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("SizeOfUninitializedData:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("AddressOfEntryPoint:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("BaseOfCode:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("BaseOfData:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("ImageBase:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("SectionAlignment:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header);
printf("FileAlignment:%02x%02x%02x%02x",optional_header,optional_header,optional_header,optional_header,optional_header);
printf("MajorOperatingSystemVersion:%02x%02x",optional_header,optional_header);
printf("MinorOperatingSystmeVersion:%02x%02x",optional_header,optional_header);
printf("MajorImageVersion:%02x%02x",optional_header,optional_header);
printf("MinorImageVersion:%02x%02x",optional_header,optional_header);
printf("MajorSubsystemVersion:%02x%02x",optional_header,optional_header);
printf("misc:%02x%02x%02x%02x",section_header,section_header,section_header,section_header);
printf("virtualAddress:%02x%02x%02x%02x",section_header,section_header,section_header,section_header);
printf("SizeOfRawData:%02x%02x%02x%02x",section_header,section_header,section_header,section_header);
printf("pointerToRawData:%02x%02x%02x%02x",section_header,section_header,section_header,section_header);
printf("Characteristics:%02x%02x%02x%02x",section_header,section_header,section_header,section_header,section_header);
getchar();
return 0;
} 大家都没回就代表我的代码可以用咯?
页:
[1]