图解VC++版PE文件解析器源码分析
生活随笔
收集整理的這篇文章主要介紹了
图解VC++版PE文件解析器源码分析
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
該源碼下載自
http://download.csdn.net/download/witch_soya/4979587
1 Understand 分析的圖表
2 PE結(jié)構解析的主要代碼簡要分析
首先看下PE結(jié)構體的定義;與PE文件結(jié)構一致;
/************************************************************************/ /* 定義PE文件的結(jié)構體 2011-08-30 Wizard~ZL*/ /************************************************************************/ #ifndef _PESTRUCT_H_ #define _PESTRUCT_H_//PE文件最開始是一個 _IMAGE_DOS_HEADER 也就是MS_DOS struct stMS_DOS { WORD e_magic;//magic number DOS頭標記 00hWORD e_cblp; // Bytes on last page of file 02hWORD e_cp; //pages in file 04hWORD e_crlc;// Relocations 06hWORD e_cparhdr;// Size of header in paragraphs 08hWORD e_minalloc;// Minimum extra paragraphs needed 0ahWORD e_maxalloc;// Maximum extra paragraphs needed 0chWORD e_ss; // Initial (relative) SS value 0ehWORD e_sp; // Initial SPvalue 10hWORD e_csum;//check sum 12hWORD e_ip; //Initial IP value 14hWORD e_cs;// Initial (relative) CS value 16hWORD e_lfarlc;// File address of relocation table 18hWORD e_ovno; // Overlay number 1ahWORD e_res[4];// Reserved words 1chWORD e_oemid;// OEM identifier (for e_oeminfo) 24hWORD e_oeminfo;//OEM information; e_oemid specific 26hWORD e_res2[10];// Reserved words 28h long e_lfanew; //File address of new exe header 3ch **指向PE頭部 };//IMAGE_DOS_HEADER之后是一個 _IMAGE_NT_HEADERS struct stPE_HEADER {DWORD Signature; //定義PE標志信息 00h 在有效的PE文件中值是 00 00 45 50 /*映像文件頭 PE文件的基本信息IMAGE_FILE_HEADER 開始*/WORD Machine; // 04h WORD NumberOfSections; // 06h //pe文件中區(qū)塊的數(shù)量DWORD TimeDateStamp;// 08h //文件日期時間戳,指這個pe文件生成的時間,它的值是從1969年12月31日16:00:00以來的秒數(shù).DWORD PointerToSymbolTable;// 0ch //Coff調(diào)試符號表的偏移地址.DWORD NumberOfSymbols;// 10h //Coff符號表中符號的個數(shù). 這個域和前個域在release版本的程序里是0.WORD SizeOfOptionalHeader;//IMAGE_OPTON_HEADER大小 14h //IMAGE_OPTIONAL_HEADER32結(jié)構的大小(即多少字節(jié)).WORD Characteristics;// 16h //這個域描述pe文件的一些屬性信息,比如是否可執(zhí)行,是否是一個動態(tài)連接庫等/*IMAGE_FILE_HEADER 結(jié)束*///IMAGE_OPTIONAL_HEADER32 option_header;//這個IMAGE_OPTION_HEADER32結(jié)構放入PE_EXTHEADER中 };//映像可選頭 struct stPE_ExtHeader{/*_IMAGE_OPTIONAL_HEADER開始*/// Standard fields//Magic用來標記可執(zhí)行文件是Rom鏡像還是普通可執(zhí)行程序 如果是一般的可執(zhí)行程序則是010Bh 如果是PE32+ 即64位是 020BhWORD Magic;// 18h //幻數(shù),32位pe文件總為010bhBYTE MajorLinkerVersion;// 1ah //連接器主版本號BYTE MinorLinkerVersion;// 1bh //連接器副版本號DWORD SizeOfCode;// 1ch //代碼段總大小DWORD SizeOfInitializedData;// 20h //已初始化數(shù)據(jù)段總大小DWORD SizeOfUninitializedData;// 24h //未初始化數(shù)據(jù)段總大小DWORD AddressOfEntryPoint;// 28h //程序執(zhí)行入口地址(RVA)DWORD BaseOfCode;// 2ch //代碼段起始地址(RVA)DWORD BaseOfData;// 30h //數(shù)據(jù)段起始地址(RVA)// NT additional fields.DWORD ImageBase;// 34h //程序默認的裝入起始地址DWORD SectionAlignment;// 38h //內(nèi)存中區(qū)塊的對齊單位DWORD FileAlignment;// 3ch //文件中區(qū)塊的對齊單位WORD MajorOperatingSystemVersion;// 40h //所需操作系統(tǒng)主版本號WORD MinorOperatingSystemVersion;// 42h //所需操作系統(tǒng)副版本號WORD MajorImageVersion;// 44h //自定義主版本號WORD MinorImageVersion;// 46h //自定義副版本號WORD MajorSubsystemVersion;// 48h //所需子系統(tǒng)主版本號WORD MinorSubsystemVersion;// 4ah //所需子系統(tǒng)副版本號DWORD Win32VersionValue;// 4ch //總是0DWORD SizeOfImage;// 50h //pe文件在內(nèi)存中的映像總大小DWORD SizeOfHeaders;// 54h //從pe文件開始到節(jié)表(包含節(jié)表)的總大小DWORD CheckSum;// 58h //pe文件CRC校驗和WORD Subsystem;// 5ch //用戶界面使用的子系統(tǒng)類型WORD DllCharacteristics;// 5eh //為0DWORD SizeOfStackReserve;// 60h //為線程的棧初始保留的虛擬內(nèi)存的默認值DWORD SizeOfStackCommit;// 64h //為線程的棧初始提交的虛擬內(nèi)存的大小DWORD SizeOfHeapReserve;// 68h //為進程的堆保留的虛擬內(nèi)存的大小DWORD SizeOfHeapCommit;// 6ch //為進程的堆初始提交的虛擬內(nèi)存的大小DWORD LoaderFlags; // 70h //為0 DWORD NumberOfRvaAndSizes;// 74h //數(shù)據(jù)目錄結(jié)構數(shù)組的項數(shù),總為 00000010hIMAGE_DATA_DIRECTORY DataDirectory[16]; //78h /*_IMAGE_OPTIONAL_HEADER結(jié)束*/};struct stSECTION_HEADER{BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; // 00h 塊名,8個字節(jié)長 union {DWORD PhysicalAddress; // 08h obj文件中,區(qū)段的實際地址DWORD VirtualSize; // exe和dll文件中區(qū)段在文件中對齊前的大小} Misc;DWORD VirtualAddress; // 0ch 塊的RVA(相對虛擬地址) DWORD SizeOfRawData; // 10h 在文件中對齊后的大小 DWORD PointerToRawData; // 14h 在文件中的偏移 DWORD PointerToRelocations; // 18h 重定位的偏移(obj文件中使用)DWORD PointerToLinenumbers; // 1ch 行號表的偏移(調(diào)試用) WORD NumberOfRelocations; // 1eh 重定位項數(shù)目(obj文件中使用)WORD NumberOfLinenumbers; // 20h 行號表中行號的數(shù)目DWORD Characteristics; // 24h 塊屬性};struct stIMAGE_IMPORT_DESCRIPTOR {union {DWORD Characteristics; // 0 for terminating null import descriptorDWORD OriginalFirstThunk; // RVA to original unbound IAT (PIMAGE_THUNK_DATA)};DWORD TimeDateStamp; // 0 if not bound,// -1 if bound, and real date\time stamp// in IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT (new BIND)// O.W. date/time stamp of DLL bound to (Old BIND)DWORD ForwarderChain; // -1 if no forwardersDWORD Name;DWORD FirstThunk; // RVA to IAT (if bound this IAT has actual addresses)} ; struct stIMAGE_THUNK_DATA{union {PBYTE ForwarderString;PDWORD Function;DWORD Ordinal;PIMAGE_IMPORT_BY_NAME AddressOfData;} u1;} ;struct stIMAGE_IMPORT_BY_NAME {WORD Hint; //指出函數(shù)在所在的dll的輸出表中的序號BYTE Name[1]; //指出要輸入的函數(shù)的函數(shù)名};#endif看下PE解析的主要函數(shù);
void CPEToolDlg::OnBnClickedBtnbrowse() { WCHAR szFilter[] =L"可執(zhí)行文件|*.exe";CFileDialog fileDlg(TRUE,L"exe",NULL,OFN_HIDEREADONLY|OFN_OVERWRITEPROMPT,szFilter);if (fileDlg.DoModal()==IDOK){m_strfilePathNeme = fileDlg.GetPathName();}m_FilepathEdit.SetWindowText(m_strfilePathNeme);m_FilepathEdit.SetReadOnly(TRUE);if (m_strfilePathNeme == L""){MessageBox(L"請選擇可執(zhí)行文件!");return;}((CButton*)GetDlgItem(IDC_BTNDOSHEAD))->EnableWindow(TRUE);((CButton*)GetDlgItem(IDC_BTNPEHEAD))->EnableWindow(TRUE);((CButton*)GetDlgItem(IDC_BTNDIC))->EnableWindow(TRUE);((CButton*)GetDlgItem(IDC_BTNSEC))->EnableWindow(TRUE);((CButton*)GetDlgItem(IDC_BTN_IMPORTTABLE))->EnableWindow(TRUE);//開始解析PEParsePE(); }裝載PE文件,開始解析;通常的VC++打開文件對話框,過濾器為*.exe;
解析PE文件,首先判斷是否是有效的PE文件,然后解析NT頭,文件頭,節(jié)表;
解析NT頭;把對應內(nèi)容讀入 m_stPeHeader;
void CPEToolDlg::ParseImageOptionHeaders() {//讀取IMAGE_OPTION_HEADERfread(&m_stExtPeHeader,sizeof(stPE_ExtHeader),1,pFile);//幻數(shù)(魔數(shù))if (m_stExtPeHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC){MessageBox(L"不是Win32PE文件,因為幻數(shù)不等于0x010b\n");return ;}//解析輸入數(shù)據(jù)目錄//輸出表從PE頭處偏移78h 輸入表從PE頭處偏移80h//偏移到輸出表iLocation = m_stMsDos.e_lfanew;//PE頭iLocation += 0x78;fseek(pFile,iLocation,SEEK_SET);//第一個IMAGE_DATA_DIRECTORY是輸出表fread(&m_stExtPeHeader.DataDirectory[0].VirtualAddress,sizeof(DWORD),1,pFile); //輸出表的RVAfread(&m_stExtPeHeader.DataDirectory[0].Size,sizeof(DWORD),1,pFile);//輸出表大小//第二個IMAGE_DATA_DIRECTORY是輸入表fread(&m_stExtPeHeader.DataDirectory[1].VirtualAddress,sizeof(DWORD),1,pFile); //輸入表RVAfread(&m_stExtPeHeader.DataDirectory[1].Size,sizeof(DWORD),1,pFile);//輸入表大小//第三個是ResourceDirectoryfread(&m_stExtPeHeader.DataDirectory[2].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[2].Size,sizeof(DWORD),1,pFile);//第四個是ExceptionDirectoryfread(&m_stExtPeHeader.DataDirectory[3].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[3].Size,sizeof(DWORD),1,pFile);//第五個是SecurityDirectoryfread(&m_stExtPeHeader.DataDirectory[4].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[4].Size,sizeof(DWORD),1,pFile);//第六個是Base Relocation tablefread(&m_stExtPeHeader.DataDirectory[5].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[5].Size,sizeof(DWORD),1,pFile);//第7個是DebugDirectoryfread(&m_stExtPeHeader.DataDirectory[6].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[6].Size,sizeof(DWORD),1,pFile);//第8個是ArchitetureSpecificDatafread(&m_stExtPeHeader.DataDirectory[7].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[7].Size,sizeof(DWORD),1,pFile);//第9個是GlobalPtrfread(&m_stExtPeHeader.DataDirectory[8].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[8].Size,sizeof(DWORD),1,pFile);//第10個是TLSDirectoryfread(&m_stExtPeHeader.DataDirectory[9].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[9].Size,sizeof(DWORD),1,pFile);//第11個是LoadConfigationDirectoryfread(&m_stExtPeHeader.DataDirectory[10].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[10].Size,sizeof(DWORD),1,pFile);//第12個是BoundImportfread(&m_stExtPeHeader.DataDirectory[11].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[11].Size,sizeof(DWORD),1,pFile);//第13個是ImportAddressTablefread(&m_stExtPeHeader.DataDirectory[12].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[12].Size,sizeof(DWORD),1,pFile);//第14個是DelayImportDescriptorfread(&m_stExtPeHeader.DataDirectory[13].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[13].Size,sizeof(DWORD),1,pFile);//第15個是CLIHeaderfread(&m_stExtPeHeader.DataDirectory[14].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[14].Size,sizeof(DWORD),1,pFile);//第16個是Reservedfread(&m_stExtPeHeader.DataDirectory[15].VirtualAddress,sizeof(DWORD),1,pFile); fread(&m_stExtPeHeader.DataDirectory[15].Size,sizeof(DWORD),1,pFile);}
解析可選頭;逐個讀入數(shù)據(jù)目錄;
void CPEToolDlg::ParseSectionHeder() {//偏移到節(jié)表位置iLocation = m_stMsDos.e_lfanew + sizeof(stPE_HEADER) + m_stPeHeader.SizeOfOptionalHeader;//PE頭+PE頭的大小(IMAGE_FILE_HEADER)_+PE可選頭的大小(IMAGE_OPTION_HEADER)fseek(pFile,iLocation,SEEK_SET);for (WORD i=0;i<m_stPeHeader.NumberOfSections;i++){stSECTION_HEADER m_stSectionHeader; fread(&m_stSectionHeader,sizeof(stSECTION_HEADER),1,pFile);vct_SectionHeader.push_back(m_stSectionHeader);iLocation+=sizeof(stSECTION_HEADER);fseek(pFile,iLocation,SEEK_SET);memset(&m_stSectionHeader,0,sizeof(stSECTION_HEADER)); } }
解析節(jié)頭;讀入對應內(nèi)容到 m_stSectionHeader;
DWORD CPEToolDlg :: RVAtoFileOffset(int iThe_Section,const DWORD& RVAOffset) {DWORD dwFileOffset = 0;//傳入的RavOffset先要轉(zhuǎn)換成相對于節(jié)(比如.idata 或.text)的偏移RVA//第iThe_Section個節(jié)中DWORD dwVrk_TheSection = vct_SectionHeader.at(iThe_Section).VirtualAddress - vct_SectionHeader.at(iThe_Section).PointerToRawData;//虛擬地址和物理地址之間的差值dwFileOffset = RVAOffset - dwVrk_TheSection;return dwFileOffset; }
RVA轉(zhuǎn)換;
void CPEToolDlg::OnBnClickedBTN_DATADIC() {//數(shù)據(jù)目錄dlgDirectoryDate = new Cdialog1;dlgDirectoryDate->Create(IDD_DIALOG1,this); dlgDirectoryDate->OnInitCtrlList();dlgDirectoryDate->ShowWindow(SW_SHOW); //輸出可選頭里的數(shù)據(jù)目錄IMAGE_DATA_DIRECTORY//1導出表CString strExportSymbol,strExportSymbolSize;strExportSymbol.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[0].VirtualAddress,m_stExtPeHeader.DataDirectory[0].VirtualAddress);strExportSymbolSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[0].Size,m_stExtPeHeader.DataDirectory[0].Size);dlgDirectoryDate->AddToCtrlList(L"01 .edata 導出表",L"偏移"+strExportSymbol,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strExportSymbolSize);//2導入表CString strImportSymbol,strImportSymbolSize;strExportSymbol.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[1].VirtualAddress,m_stExtPeHeader.DataDirectory[1].VirtualAddress);strImportSymbolSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[1].Size,m_stExtPeHeader.DataDirectory[1].Size);dlgDirectoryDate->AddToCtrlList(L"02 .idata 導入表",L"偏移"+strExportSymbol,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strImportSymbolSize);//3資源表CString strResource,strResourceSize;strResource.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[2].VirtualAddress,m_stExtPeHeader.DataDirectory[2].VirtualAddress);strResourceSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[2].Size,m_stExtPeHeader.DataDirectory[2].Size);dlgDirectoryDate->AddToCtrlList(L"03 .rsrc 資源表",L"偏移"+strResource,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strResourceSize);//4異常表CString strException,strExceptionSize;strException.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[3].VirtualAddress,m_stExtPeHeader.DataDirectory[3].VirtualAddress);strExceptionSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[3].Size,m_stExtPeHeader.DataDirectory[3].Size);dlgDirectoryDate->AddToCtrlList(L"04 .pdata 異常表",L"偏移"+strException,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strExceptionSize);//5屬性證書表CString strSecurity,strSecuritySize;strSecurity.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[4].VirtualAddress,m_stExtPeHeader.DataDirectory[4].VirtualAddress);strSecuritySize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[4].Size,m_stExtPeHeader.DataDirectory[4].Size);dlgDirectoryDate->AddToCtrlList(L"05 .屬性證書表",L"偏移"+strSecurity,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strSecuritySize);//6 基址重定位表CString strBaseReloation,strBaseReloationSize;strBaseReloation.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[5].VirtualAddress,m_stExtPeHeader.DataDirectory[5].VirtualAddress);strBaseReloationSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[5].Size,m_stExtPeHeader.DataDirectory[5].Size);dlgDirectoryDate->AddToCtrlList(L"06 .reloc 基址重定位表",L"偏移"+strBaseReloation,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strBaseReloationSize);//7 調(diào)試目錄 CString strDebug,strDebugSize;strDebug.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[6].VirtualAddress,m_stExtPeHeader.DataDirectory[6].VirtualAddress);strSecuritySize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[6].Size,m_stExtPeHeader.DataDirectory[6].Size);dlgDirectoryDate->AddToCtrlList(L"07 .debug 調(diào)試目錄",L"偏移"+strDebug,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strSecuritySize);//8 指定結(jié)構數(shù)據(jù)CString strArchitectureData,strArchitectureDataSize;strArchitectureData.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[7].VirtualAddress,m_stExtPeHeader.DataDirectory[7].VirtualAddress);strArchitectureDataSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[7].Size,m_stExtPeHeader.DataDirectory[7].Size);dlgDirectoryDate->AddToCtrlList(L"08.(保留必須為0) 指定結(jié)構數(shù)據(jù)",L"偏移"+strArchitectureData,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strArchitectureDataSize);//9 全局指針CString strGlobalPtr,strGlobalPtrSize;strGlobalPtr.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[8].VirtualAddress,m_stExtPeHeader.DataDirectory[8].VirtualAddress);strGlobalPtrSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[8].Size,m_stExtPeHeader.DataDirectory[8].Size);dlgDirectoryDate->AddToCtrlList(L"09 .全局指針",L"偏移"+strGlobalPtr,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strGlobalPtrSize);//10 TLSCString strTLS,strTLSsize;strTLS.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[9].VirtualAddress,m_stExtPeHeader.DataDirectory[9].VirtualAddress);strTLSsize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[9].Size,m_stExtPeHeader.DataDirectory[9].Size);dlgDirectoryDate->AddToCtrlList(L"10 .tls TLS",L"偏移"+strTLS,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strTLSsize);//11 加載配置CString strLoadConfig,strLoadConfigSize;strLoadConfig.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[10].VirtualAddress,m_stExtPeHeader.DataDirectory[10].VirtualAddress);strLoadConfigSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[10].Size,m_stExtPeHeader.DataDirectory[10].Size);dlgDirectoryDate->AddToCtrlList(L"11.加載配置",L"偏移"+strLoadConfig,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strLoadConfigSize);//12 綁定導入表CString strBound,strBoundsize;strBound.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[11].VirtualAddress,m_stExtPeHeader.DataDirectory[11].VirtualAddress);strBoundsize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[11].Size,m_stExtPeHeader.DataDirectory[11].Size);dlgDirectoryDate->AddToCtrlList(L"12.綁定導入表",L"偏移"+strBound,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strBoundsize);//13 引入表地址CString strImportTableAddress,strImportTableAddressSize;strImportTableAddress.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[12].VirtualAddress,m_stExtPeHeader.DataDirectory[12].VirtualAddress);strImportTableAddressSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[12].Size,m_stExtPeHeader.DataDirectory[12].Size);dlgDirectoryDate->AddToCtrlList(L"13 .引入表地址",L"偏移"+strImportTableAddress,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strImportTableAddressSize);//14 延遲導入描述符CString strDelayImportTable,strDelayImportTableSize;strDelayImportTable.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[13].VirtualAddress,m_stExtPeHeader.DataDirectory[13].VirtualAddress);strDelayImportTableSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[13].Size,m_stExtPeHeader.DataDirectory[13].Size);dlgDirectoryDate->AddToCtrlList(L"14 .延遲導入表描述符",L"偏移"+strDelayImportTable,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strDelayImportTableSize);//15 CLIheaderCString strCLIheader,strCLIheaderSize;strCLIheader.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[14].VirtualAddress,m_stExtPeHeader.DataDirectory[14].VirtualAddress);strCLIheaderSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[14].Size,m_stExtPeHeader.DataDirectory[14].Size);dlgDirectoryDate->AddToCtrlList(L"15 .cormeta CLI HEADER",L"偏移"+strCLIheader,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strCLIheaderSize);//16 ReservedCString strReserved,strReservedSize;strReserved.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[15].VirtualAddress,m_stExtPeHeader.DataDirectory[15].VirtualAddress);strReservedSize.Format(L"0x%08x/%d(十進制)",m_stExtPeHeader.DataDirectory[15].Size,m_stExtPeHeader.DataDirectory[15].Size);dlgDirectoryDate->AddToCtrlList(L"15.保留值",L"偏移"+strReserved,L"IMAGE_OPTION_HEADER--IMAGE_DATA_DIRECTORY",L"偏移大小為:"+strReservedSize);}
輸出數(shù)據(jù)目錄;
把讀到的內(nèi)容格式化后,添加到列表控件;輸出其他項的代碼類似;
總結(jié)
以上是生活随笔為你收集整理的图解VC++版PE文件解析器源码分析的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 图解notepad++插件使用
- 下一篇: C++设计模式实例图解