把不会的记下来就会了
#define _CRT_SECURE_NO_WARNINGS
#include<stdio.h>
#include<stdlib.h>
#include<malloc.h>
#include<windows.h>
#include<memory.h>
int GetFileszie(FILE* fptr);
char* ReadFilea(const char* Filepath);
void PrintNTHeaders() {
char* pFileBuffer = NULL;
PIMAGE_DOS_HEADER pDosHeader = NULL;//DOS头
PIMAGE_NT_HEADERS pNTHeader = NULL;//NT头
PIMAGE_FILE_HEADER pPEHeader = NULL;//标准PE头
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;//可选PE头
pFileBuffer = ReadFilea("C:\\Windows\\System32\\notepad.exe");
if (!pFileBuffer) {
printf("文件读取失败!\n");
return ;
}
if (*(short*)pFileBuffer != IMAGE_DOS_SIGNATURE) {
printf("不是有效的MZ标志!\n");
free(pFileBuffer);
return ;
}
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
printf("--------------------------DOC头--------------------------\n");
printf("e_magic:%X\n", pDosHeader->e_magic);
printf("e_lfanew:%X\n", pDosHeader->e_lfanew);
if (*(int*)(pFileBuffer + (pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE) {
printf("不是有效的PE标志\n");
free(pFileBuffer);
return;
}
pNTHeader = (PIMAGE_NT_HEADERS)(pFileBuffer + (pDosHeader->e_lfanew));
printf("--------------------------NT头--------------------------\n");
printf("Signature:%X\n", pNTHeader->Signature);
pPEHeader = (PIMAGE_FILE_HEADER)(pFileBuffer + (pDosHeader->e_lfanew) + 4);
printf("--------------------------标准PE头--------------------------\n");
printf("Machine:%X\n", pPEHeader->Machine);
printf("NumberOfSections:%X\n", pPEHeader->NumberOfSections);
printf("TimeDateStamp:%X\n", pPEHeader->TimeDateStamp);
printf("PointerToSymbolTable:%X\n", pPEHeader->PointerToSymbolTable);
printf("NumberOfSymbols:%X\n", pPEHeader->NumberOfSymbols);
printf("SizeOfOptionalHeader:%X\n", pPEHeader->SizeOfOptionalHeader);
printf("Characteristics:%X\n", pPEHeader->Characteristics);
printf("--------------------------可选PE头--------------------------\n");
pOptionHeader = PIMAGE_OPTIONAL_HEADER32(pFileBuffer + (pDosHeader->e_lfanew)+4 + IMAGE_SIZEOF_FILE_HEADER);
printf("Magic:%X\n", pOptionHeader->Magic);
printf("MajorLinkerVersion:%X\n", pOptionHeader->MajorLinkerVersion);
printf("MinorLinkerVersion:%X\n", pOptionHeader->MinorLinkerVersion);
printf("SizeOfCode:%X\n", pOptionHeader->SizeOfCode);
printf("SizeOfInitializedData:%X\n", pOptionHeader->SizeOfInitializedData);
printf("SizeOfUninitializedData:%X\n", pOptionHeader->SizeOfUninitializedData);
printf("AddressOfEntryPoint:%X\n", pOptionHeader->AddressOfEntryPoint);
printf("BaseOfCode:%X\n", pOptionHeader->BaseOfCode);
printf("BaseOfData:%X\n", pOptionHeader->BaseOfData);
printf("ImageBase:%X\n", pOptionHeader->ImageBase);
printf("SectionAlignment:%X\n", pOptionHeader->SectionAlignment);
printf("FileAlignment:%X\n", pOptionHeader->FileAlignment);
printf("MajorOperatingSystemVersion:%X\n", pOptionHeader->MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion:%X\n", pOptionHeader->MinorOperatingSystemVersion);
printf("MajorImageVersion:%X\n", pOptionHeader->MajorImageVersion);
printf("MinorImageVersion:%X\n", pOptionHeader->MinorImageVersion);
printf("MajorSubsystemVersion:%X\n", pOptionHeader->MajorSubsystemVersion);
printf("MinorSubsystemVersion:%X\n", pOptionHeader->MinorSubsystemVersion);
printf("Win32VersionValue:%X\n", pOptionHeader->Win32VersionValue);
printf("SizeOfImage:%X\n", pOptionHeader->SizeOfImage);
printf("SizeOfHeaders:%X\n", pOptionHeader->SizeOfHeaders);
printf("CheckSum:%X\n", pOptionHeader->CheckSum);
printf("Subsystem:%X\n", pOptionHeader->Subsystem);
printf("DllCharacteristics:%X\n", pOptionHeader->DllCharacteristics);
printf("SizeOfStackReserve:%X\n", pOptionHeader->SizeOfStackReserve);
printf("SizeOfStackCommit:%X\n", pOptionHeader->SizeOfStackCommit);
printf("SizeOfHeapReserve:%X\n", pOptionHeader->SizeOfHeapReserve);
printf("SizeOfHeapCommit:%X\n", pOptionHeader->SizeOfHeapCommit);
printf("LoaderFlags:%X\n", pOptionHeader->LoaderFlags);
printf("NumberOfRvaAndSizes:%X\n", pOptionHeader->NumberOfRvaAndSizes);
free(pFileBuffer);
pFileBuffer = NULL;
}
char* ReadFilea(const char *Filepath ) {
FILE* fptr = NULL;
fptr = fopen(Filepath,"rb");
if(!fptr) {
printf("打开失败!\n");
return NULL;
}
int filesize = 0;
filesize = GetFileszie(fptr);//获取文件大小
if(filesize == 0) {
printf("获取文件大小失败!\n");
return NULL;
}
char* FileBuffer = (char*)malloc(filesize);//申请一段动态空间
if(!FileBuffer) {
printf("开辟空间失败!\n");
return NULL;
}
size_t n = fread(FileBuffer, 1, filesize, fptr);//将文件内容读到内存中
if(!n) {
printf("读取数据失败!\n");
free(FileBuffer);
FileBuffer = NULL;
fclose(fptr);
return NULL;
}
fclose(fptr);
return FileBuffer;
}
int GetFileszie(FILE *fptr) {
//用fseek函数把位置指针移到文件尾,再用ftell函数获得这时位置指针距文件头的字节数,这个字节数就是文件的长度
int num = 0;
fseek(fptr, 0, SEEK_END);//把fp文件读写位置指针从SEEK_END开始后移0个字节. 相当于把指针放到了文件尾
num = ftell(fptr);//ftell 用于得到文件位置指针当前位置相对于文件首的偏移字节数
fseek(fptr, 0, SEEK_SET);//使用完毕后,要将文件指针指向文件开始
return num;
}
int main() {
PrintNTHeaders();
}
参考的白鸟✌
Whitebird0/drip-Reverse: 滴水逆向笔记 (github.com)
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 1666739907@qq.com