1

好的,我想做的是打印 PE 可执行文件的一部分的所有数据:

#include<stdio.h>
#include<Windows.h>
int dth(int dec)
{
    return 0;
}

int main()
{
    IMAGE_NT_HEADERS peHead;
    IMAGE_DOS_HEADER dosMZ;
    IMAGE_SECTION_HEADER *secHead;
    unsigned long d;
    char file[]=".\\test.exe";
    HANDLE host;
    int i=0;
    printf("\nScanning %s :-",file);
    if((host=CreateFileA(file,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL))==INVALID_HANDLE_VALUE)
    {
        printf("\nFile OPEN Error");
        return 0;
    }
    if(!ReadFile(host,(void*)&dosMZ,sizeof(dosMZ),&d,NULL))
    {
        printf("\nRead Fail");
        return 0;
    }
    if(!(dosMZ.e_magic==IMAGE_DOS_SIGNATURE))
    {
        printf("\nNot a Valid PE");
        return 0;
    }
    printf("\nDos Signature Found");
    SetFilePointer(host,dosMZ.e_lfanew,NULL,FILE_BEGIN);
    if(!ReadFile(host,(void*)&peHead,sizeof(peHead),&d,NULL))
    {
        printf("\nRead Fail");
        return 0;
    }
    if(!(peHead.Signature==IMAGE_NT_SIGNATURE))
    {
        printf("\nNot Valid PE");
        return 0;
    }
    printf("\nPe Signature Found");
    printf("\nMachine to be Executed on: %x   ;Intelx86 for 0x14c",peHead.FileHeader.Machine);
    printf("\nNumber of Sections : %d",peHead.FileHeader.NumberOfSections);
    if(peHead.FileHeader.Characteristics==0x10f)
        printf("\nCharachteristics : Executable File");
    else
        printf("\nCharachteristics : DLL File");
    printf("\nReading Sections :");
    printf("%d",peHead.OptionalHeader.SizeOfHeaders);

    secHead=(IMAGE_SECTION_HEADER*)GlobalAlloc(GMEM_FIXED,sizeof(IMAGE_SECTION_HEADER)*peHead.FileHeader.NumberOfSections);
    ReadFile(host,(void*)secHead,sizeof(IMAGE_SECTION_HEADER)*peHead.FileHeader.NumberOfSections,&d,NULL);
    for(i=0;i<peHead.FileHeader.NumberOfSections;i++)
    {
        printf("\n Section Name : %s",secHead[i].Name);
        printf("\n RVA          : %x",secHead[i].VirtualAddress);
        printf("\n Pointer to Raw Data : %x",secHead[i].PointerToRawData);
        printf("\n Size of Data : %x",secHead[i].SizeOfRawData);
    }

    printf("\nPrinting opcodes of code Section:\n\n");

    SetFilePointer(host,(int)secHead[1].PointerToRawData,NULL,FILE_BEGIN);

    char ab;
    for(i=0;i<=(secHead[1].SizeOfRawData);i++)
    {
        ReadFile(host,&ab,1,&d,NULL);
        printf("%c",ab);
    }
    printf("%d\n,%d",i);
    CloseHandle(host);
    return 0;
}

当将指针设置为必须将文件指针设置为文件位置的部分setfilepointer开头时,会发生错误,而不是指向位置。我在用 ollydbg 调试问题后发现了这一点。.text409616384

任何人都可以告诉我怎么了?

4

0 回答 0