// petool.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <stdlib.h>
#include <windows.h>
FILE *fp;
IMAGE_DOS_HEADER myDosHeader;
IMAGE_FILE_HEADER myFileHeader;
IMAGE_OPTIONAL_HEADER myOptionHeader;
IMAGE_DATA_DIRECTORY myDataDir[16];
char szname[][50]={
"IMAGE_DIRECTORY_ENTRY_EXPORT",
"IMAGE_DIRECTORY_ENTRY_IMPORT" ,
"IMAGE_DIRECTORY_ENTRY_RESOURCE" ,
"IMAGE_DIRECTORY_ENTRY_EXCEPTION" ,
"IMAGE_DIRECTORY_ENTRY_SECURITY" ,
"IMAGE_DIRECTORY_ENTRY_BASERELOC ",
"IMAGE_DIRECTORY_ENTRY_DEBUG" ,
"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE ",
"IMAGE_DIRECTORY_ENTRY_GLOBALPTR" ,
"IMAGE_DIRECTORY_ENTRY_TLS" ,
"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG" ,
"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT" ,
"IMAGE_DIRECTORY_ENTRY_IAT",
"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT" ,
"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
"Reserved"};
void ShowDosHeader();
void ShowDosStub();
void ShowFileHeader();
void ShowOptionHeader();
void ShowDatadir();
int main(int argc, char* argv[])
{
printf("欢迎使用PEViewTool\r\n");
puts("请输入一个路径:");
char cfilepath[MAX_PATH]={0};
scanf("%s",&cfilepath);
fflush(stdin);
fp=fopen(cfilepath,"rb");
if (fp==NULL)
{
printf("打开文件失败\r\n");
return -1;
}
//读取pe头
fread(&myDosHeader,sizeof(myDosHeader),1,fp);
//找到pe的标志
fseek(fp,myDosHeader.e_lfanew,SEEK_SET);
fread(&lSig,4,1,fp);
if (myDosHeader.e_magic==IMAGE_DOS_SIGNATURE&&lSig==IMAGE_NT_SIGNATURE)
{
printf("正确有效pe文件\r\n");
ShowDosHeader();
ShowDosStub();
//定位FileHeader
fseek(fp,myDosHeader.e_lfanew+sizeof(lSig),SEEK_SET);
fread(&myFileHeader,sizeof(myFileHeader),1,fp);
ShowFileHeader();
//IMAGE_OPTIONAL_HEADER
fseek(fp,myDosHeader.e_lfanew+sizeof(lSig)+sizeof(myFileHeader),SEEK_SET);
fread(&myOptionHeader,sizeof(myOptionHeader),1,fp);
ShowOptionHeader();
}
else
{
printf("不是有效率的pe\r\n");
}
return 0;
}
//dos头显示
void ShowDosHeader()
{
printf("IMAGE_DOS_HEADER:\r\n");
printf("e_magic : %04X\r\n",myDosHeader.e_magic);
printf("e_cblp : %04x\r\n",myDosHeader.e_cblp);
printf("e_cp : %04X\r\n",myDosHeader.e_cp);
printf("e_crlc : %04X\r\n",myDosHeader.e_crlc);
printf("e_cparhdr : %04X\r\n",myDosHeader.e_cparhdr);
printf("e_minalloc: %04X\r\n",myDosHeader.e_minalloc);
printf("e_maXalloc: %04X\r\n",myDosHeader.e_maxalloc);
printf("e_ss : %04X\r\n",myDosHeader.e_ss);
printf("e_sp : %04X\r\n",myDosHeader.e_sp);
printf("e_csum : %04X\r\n",myDosHeader.e_csum);
printf("e_ip : %04X\r\n",myDosHeader.e_ip);
printf("e_cs : %04X\r\n",myDosHeader.e_cs);
printf("e_lfarlc : %04X\r\n",myDosHeader.e_lfarlc);
printf("e_ovno : %04X\r\n",myDosHeader.e_ovno);
printf("e_res[0] : %04X\r\n",myDosHeader.e_res[0]);
printf("e_res[1] : %04X\r\n",myDosHeader.e_res[1]);
printf("e_res[2] : %04X\r\n",myDosHeader.e_res[2]);
printf("e_res[3] : %04X\r\n",myDosHeader.e_res[3]);
printf("e_oemid : %04X\r\n",myDosHeader.e_oemid);
printf("e_oeminfo : %04X\r\n",myDosHeader.e_oeminfo);
for (int i=0;i<10;i++)
{
printf("e_res2[%d] : %04X\r\n",i,myDosHeader.e_res2[i]);
}
printf("e_lfanew : %08X\r\n",myDosHeader.e_lfanew);
puts("-------------------------------------------");
}
//Dos_stub 显示
void ShowDosStub()
{
printf("DOS_Stub:\r\n");
int nSize=myDosHeader.e_lfanew-0x40;
printf("DOS_Stub size %d:\r\n",nSize);
unsigned char nBuf[1000]={0};
fseek(fp,64,SEEK_SET);
fread(nBuf,nSize,1,fp);
printf("DOS_Stub data begin:\r\n");
for(int i=0;i<nSize;i++)
{
printf("%X",nBuf[i]);
}
puts("");
printf("DOS_Stub data end:\r\n");
puts("-------------------------------------------");
}
//文件头显示
void ShowFileHeader()
{
printf("IMAGE_FILE_HEADER Begin:\r\n");
printf("Signature : %p\r\n",lSig);
printf("Machine : %04X\r\n",myFileHeader.Machine);
printf("NumberOfSections : %04X\r\n",myFileHeader.NumberOfSections);
printf("TimeDateStamp : %08X\r\n",myFileHeader.TimeDateStamp);
printf("PointerToSymbolTable : %08X\r\n",myFileHeader.PointerToSymbolTable);
printf("NumberOfSymbols : %08X\r\n",myFileHeader.NumberOfSymbols);
printf("SizeOfOptionalHeader : %04X\r\n",myFileHeader.SizeOfOptionalHeader);
printf("Characteristics : %04X\r\n",myFileHeader.Characteristics);
printf("IMAGE_FILE_HEADER End:\r\n");
puts("-------------------------------------------");
}
//可选头显示
void ShowOptionHeader()
{
printf("myOptionHeader Begin:\r\n");
printf("Magic : %04X\r\n",myOptionHeader.Magic);
printf("MajorLinkerVersion : %02X\r\n",myOptionHeader.MajorLinkerVersion);
printf("MinorLinkerVersion : %02X\r\n",myOptionHeader.MinorLinkerVersion);
printf("SizeOfCode : %p\r\n",myOptionHeader.SizeOfCode);
printf("SizeOfInitializedData : %08X\r\n",myOptionHeader.SizeOfInitializedData);
printf("SizeOfUninitializedData : %08X\r\n",myOptionHeader.SizeOfUninitializedData);
printf("AddressOfEntryPoint : %08X\r\n",myOptionHeader.AddressOfEntryPoint);
printf("BaseOfData : %08X\r\n",myOptionHeader.BaseOfData);
printf("ImageBase : %08X\r\n",myOptionHeader.ImageBase);
printf("SectionAlignment : %08X\r\n",myOptionHeader.SectionAlignment);
printf("FileAlignment : %08X\r\n",myOptionHeader.FileAlignment);
printf("MajorOperatingSystemVersion : %04X\r\n",myOptionHeader.MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion : %04X\r\n",myOptionHeader.MinorOperatingSystemVersion);
printf("MajorImageVersion : %04X\r\n",myOptionHeader.MajorImageVersion);
printf("MinorImageVersion : %04X\r\n",myOptionHeader.MinorImageVersion);
printf("MajorSubsystemVersion : %04X\r\n",myOptionHeader.MajorSubsystemVersion);
printf("MinorSubsystemVersion : %04X\r\n",myOptionHeader.MinorSubsystemVersion);
printf("Win32VersionValue : %p\r\n",myOptionHeader.Win32VersionValue);
printf("SizeOfImage : %p\r\n",myOptionHeader.SizeOfImage);
printf("SizeOfHeaders : %p\r\n",myOptionHeader.SizeOfHeaders);
printf("CheckSum : %p\r\n",myOptionHeader.CheckSum);
printf("Subsystem : %04X\r\n",myOptionHeader.Subsystem);
printf("DllCharacteristics : %04X\r\n",myOptionHeader.DllCharacteristics);
printf("SizeOfStackReserve : %p\r\n",myOptionHeader.SizeOfStackReserve);
printf("SizeOfStackCommit : %p\r\n",myOptionHeader.SizeOfStackCommit);
printf("SizeOfHeapCommit : %p\r\n",myOptionHeader.SizeOfHeapCommit);
printf("LoaderFlags : %p\r\n",myOptionHeader.LoaderFlags );
printf("NumberOfRvaAndSizes : %p\r\n",myOptionHeader.NumberOfRvaAndSizes);
puts("-------------------------------------------");
//文件字节定位
int nresult=ftell(fp)-0x80;
fseek(fp,nresult,SEEK_SET);
fread(&myDataDir,sizeof(myDataDir),1,fp);
ShowDatadir();
}
void ShowDatadir()
{
printf("IMAGE_DATA_DIRECTORY Begin:\r\n");
for (int i=0;i<16;i++)
{
printf("\t%s:\t\r\n\t\tVirtualAddress:%p, Size:%p\r\n",szname[i],myDataDir[i].VirtualAddress,myDataDir[i].Size);
}
printf("IMAGE_DATA_DIRECTORY End:\r\n");
puts("-------------------------------------------");
fclose(fp);
}
就是一个简单pe格式查看各各节区没有列举出来