Loading... ```cpp void AnalyzeNTHeader(char* lpImage) { //找到NT头 PIMAGE_DOS_HEADER pDos = (PIMAGE_DOS_HEADER)lpImage; PIMAGE_NT_HEADERS pNt = (PIMAGE_NT_HEADERS)(pDos->e_lfanew + lpImage); PIMAGE_FILE_HEADER pFileHeader = &pNt->FileHeader; PIMAGE_OPTIONAL_HEADER pOption = &pNt->OptionalHeader; //开始解析文件头 printf("运行平台%x\n", pFileHeader->Machine); printf("区段数量%x\n", pFileHeader->NumberOfSections); printf("扩展头大小%x\n", pFileHeader->SizeOfOptionalHeader); printf("时间戳%x\n", pFileHeader->TimeDateStamp); printf("属性:%x\n", pFileHeader->Characteristics); //解析扩展头 } //打开文件 HANDLE hFile = CreateFile(PATH, GENERIC_ALL, NULL, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); //获取文件大小 DWORD dwFileSize = GetFileSize(hFile, NULL); //申请空间 char* buf = new char[dwFileSize] {0}; //读取文件 //实际写入的大小 DWORD dwRealSize = 0; ReadFile(hFile, buf, dwFileSize, &dwRealSize, NULL); //判断是不是PE文件 if (IsPe_FIle(buf) == TRUE) { printf("这是PE文件"); } else { printf("这不是PE文件"); } //解析文件头 AnalyzeNTHeader(buf) ``` 最后修改:2020 年 12 月 27 日 © 允许规范转载 赞 1 如果觉得我的文章对你有用,请随意赞赏