#include <stdio.h>
#include <stdlib.h>
typedef int DWORD;
int main()
{
char dos_header[64];
char image_header[20];
char optional_header[98];
FILE* fp = NULL;
DWORD fileSize = 0;
char* fileBuffer = NULL;
fp = fopen("第29课笔记.exe","rb"); //把这个“第29课笔记”改成自己要分析的EXE程序的名字。
int address = fp;
fseek(fp,0L,SEEK_END);
fileSize = ftell(fp);
fseek(fp,0L,0);
fileBuffer = (char*)malloc(fileSize);
if(!fileBuffer)
{
printf("缓冲区分配失败!");
}
fread(fileBuffer,fileSize,1,fp);
int i;
int d;
fseek(fp,0L,0);
for(i=0;i<98;i++)
{
optional_header[i] = 0x00;
}
fseek(fp,0L,0);
for(i=0;i<64;i++)
{
dos_header[i] = (char)fileBuffer[i];
}
int address_for_NT_header = dos_header[63]*0x1000000 + dos_header[62]*0x10000 + dos_header[61]*0x100 + dos_header[60];
printf("%x\n",address_for_NT_header);
int size_of_optional_header;
int number_of_rva_and_sizes;
int address_of_sections_header;
for(i=0;i<20;i++)
{
image_header[i] = (char)fileBuffer[i+address_for_NT_header+1];
if(i == 17)
{
size_of_optional_header = (char)fileBuffer[i+address_for_NT_header+1]*0x100 + (char)fileBuffer[i+address_for_NT_header+1-1];
}
}
for(i=0;i<size_of_optional_header;i++)
{
optional_header[i] = (char)fileBuffer[address_for_NT_header+i+1+20];
if(i == 98)
{
number_of_rva_and_sizes = (char)(fileBuffer[address_for_NT_header+i+1+20]*0x100)+(char)fileBuffer[address_for_NT_header+i+20];
}
}
address_of_sections_header = address_for_NT_header+1+20+244;
char section_header[40*number_of_rva_and_sizes];
for(i=0;i<(40*number_of_rva_and_sizes);i++)
{
section_header[i] = (char)fileBuffer[address_of_sections_header+i];
}
printf("e_magic:%02x%02x\n",dos_header[1],dos_header[0]);
printf("e_cblp:%02x%02x\n",dos_header[3],dos_header[2]);
printf("e_cp:%02x%02x\n",dos_header[5],dos_header[4]);
printf("e_crlc:%02x%02x\n",dos_header[7],dos_header[6]);
printf("e_cparhdr:%02x%02x\n",dos_header[9],dos_header[8]);
printf("e_minalloc:%02x%02x\n",dos_header[11],dos_header[10]);
printf("e_maxalloc:%02x%02x\n",dos_header[13],dos_header[12]);
printf("e_ss:%02x%02x\n",dos_header[15],dos_header[14]);
printf("e_sp:%02x%02x\n",dos_header[17],dos_header[16]);
printf("e_csum:%02x%02x\n",dos_header[19],dos_header[18]);
printf("e_ip:%02x%02x\n",dos_header[21],dos_header[20]);
printf("e_cs:%02x%02x\n",dos_header[23],dos_header[22]);
printf("e_lfarlc:%02x%02x\n",dos_header[25],dos_header[24]);
printf("e_ovno:%02x%02x\n",dos_header[27],dos_header[26]);
printf("e_res:%02x%02x %02x%02x %02x%02x %02x%02x\n",dos_header[29],dos_header[28],dos_header[31],dos_header[30],dos_header[33],dos_header[32],dos_header[35],dos_header[34]);
printf("e_oemid:%02x%02x\n",dos_header[37],dos_header[36]);
printf("e_oeminfo:%02x%02x\n",dos_header[39],dos_header[38]);
printf("e_res2:0000 0000 0000 0000 0000 0000 0000 0000 0000 0000\n");
printf("e_lfanew:%02x%02x%02x%02x\n",dos_header[63],dos_header[62],dos_header[61],dos_header[60]);
printf("Machine:%02x%02x\n",image_header[1],image_header[0]);
printf("NumberOfSections:%02x%02x\n",image_header[3],image_header[2]);
printf("TimeDateStamp:%02x%02x%02x%02x\n",image_header[7],image_header[6],image_header[5],image_header[4]);
printf("PointerToSymbolTable:%02x%02x%02x%02x\n",image_header[11],image_header[10],image_header[9],image_header[8]);
printf("NumberOfSymbols:%02x%02x%02x%02x\n",image_header[15],image_header[14],image_header[13],image_header[12]);
printf("SizeOfOptionalHeader:%02x%02x\n",image_header[17],image_header[16]);
printf("Characteristics:%02x%02x\n",image_header[19],image_header[18]);
printf("Magic:%02x%02x",optional_header[1],optional_header[0]);
printf("MajorLinkerVersion:%02x",optional_header[2]);
printf("MinorLinkerVersion:%02x",optional_header[3]);
printf("SizeOfCode:%02x%02x%02x%02x",optional_header[7],optional_header[6],optional_header[5],optional_header[4]);
printf("SizeOfInitializedData:%02x%02x%02x%02x",optional_header[11],optional_header[10],optional_header[9],optional_header[8]);
printf("SizeOfUninitializedData:%02x%02x%02x%02x",optional_header[15],optional_header[14],optional_header[13],optional_header[12]);
printf("AddressOfEntryPoint:%02x%02x%02x%02x",optional_header[19],optional_header[18],optional_header[17],optional_header[16]);
printf("BaseOfCode:%02x%02x%02x%02x",optional_header[23],optional_header[22],optional_header[21],optional_header[20]);
printf("BaseOfData:%02x%02x%02x%02x",optional_header[27],optional_header[26],optional_header[25],optional_header[24]);
printf("ImageBase:%02x%02x%02x%02x",optional_header[31],optional_header[30],optional_header[29],optional_header[28]);
printf("SectionAlignment:%02x%02x%02x%02x",optional_header[35],optional_header[34],optional_header[33],optional_header[32]);
printf("FileAlignment:%02x%02x%02x%02x",optional_header[39],optional_header[38],optional_header[37],optional_header[36],optional_header[35]);
printf("MajorOperatingSystemVersion:%02x%02x",optional_header[41],optional_header[40]);
printf("MinorOperatingSystmeVersion:%02x%02x",optional_header[43],optional_header[42]);
printf("MajorImageVersion:%02x%02x",optional_header[45],optional_header[44]);
printf("MinorImageVersion:%02x%02x",optional_header[47],optional_header[46]);
printf("MajorSubsystemVersion:%02x%02x",optional_header[49],optional_header[48]);
printf("misc:%02x%02x%02x%02x",section_header[11],section_header[10],section_header[9],section_header[8]);
printf("virtualAddress:%02x%02x%02x%02x",section_header[15],section_header[14],section_header[13],section_header[12]);
printf("SizeOfRawData:%02x%02x%02x%02x",section_header[19],section_header[18],section_header[17],section_header[16]);
printf("pointerToRawData:%02x%02x%02x%02x",section_header[23],section_header[22],section_header[21],section_header[20]);
printf("Characteristics:%02x%02x%02x%02x",section_header[39],section_header[37],section_header[36],section_header[35],section_header[34]);
getchar();
return 0;
}
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2017-8-3 15:13:55
置顶卡
千斤顶
显身卡
楼主