Loading... ``` #include <iostream> #include <Windows.h> #define path L"C:\\Users\\Administrator\\source\\repos\\测试\\Debug\\测试.exe" char* buf; PIMAGE_DOS_HEADER GET_DOS(char* buf); PIMAGE_NT_HEADERS GET_NT(char* buf); BOOL IS_PEFILE(char* buf); BOOL IS_PEFILE(char* buf) { if (GET_DOS(buf)->e_magic == IMAGE_DOS_SIGNATURE && GET_NT(buf)->Signature == IMAGE_NT_SIGNATURE) { printf("是PE文件\n"); return TRUE; } else { printf("不是PE文件\n"); return FALSE; } } PIMAGE_DOS_HEADER GET_DOS(char* buf) { return PIMAGE_DOS_HEADER(buf); } PIMAGE_NT_HEADERS GET_NT(char* buf) { return (PIMAGE_NT_HEADERS)(GET_DOS(buf)->e_lfanew+buf); } PIMAGE_SECTION_HEADER GET_SECTION(char* buf) { PIMAGE_NT_HEADERS pNt = GET_NT(buf); return IMAGE_FIRST_SECTION(pNt); }; //枚举区段表 BOOL EnumSection(char* buf) { PIMAGE_SECTION_HEADER pSection = GET_SECTION(buf); //解析 for (int i = 0;i < GET_NT(buf)->FileHeader.NumberOfSections;i++) { printf("【区块NAME 】IMAMEG_NAME:%s\n", pSection[i].Name); printf("【装载到内存RVA 】VirtualAddress:0x%08X\n", pSection[i].VirtualAddress); printf("【装载到内存大小 】SizeofRawData:0x%d\n", pSection[i].SizeOfRawData); printf("【在磁盘文件中RVA 】PointerToRawData:0x%08X\n", pSection[i].PointerToRawData); printf("【属性 】Characteristice:0x%08X\n\n", pSection[i].Characteristics); } return TRUE; } int main() { DWORD dwrealSize; // 打开文件获取句柄 HANDLE hFile = CreateFile(path, GENERIC_ALL, NULL, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); //获取文件大小 DWORD dwFileSize = GetFileSize(hFile, NULL); //申请空间并初始化 buf = new char[dwFileSize] {0}; //读取文件 ReadFile(hFile, buf, dwFileSize, &dwrealSize, NULL); //判断是否是PE文件 IS_PEFILE(buf); EnumSection(buf); CloseHandle(hFile); delete[] buf; } ``` ![image.png](http://www.irohane.top/usr/uploads/2021/02/2064025145.png) 最后修改:2021 年 02 月 28 日 © 允许规范转载 赞 0 如果觉得我的文章对你有用,请随意赞赏