ffer(0),L"r+");
fread_s(&m_stMsDos.e_magic,sizeof(DWORD),sizeof(DWORD),1,pFile);
if (m_stMsDos.e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(L"不是有效的PE文件,因为emagic的值不为0x5A4D\n");
return ;
}
//解析 IMAGE_NT_HEADERS
ParseImageNTHeaders();
//解析_IMAGE_OPTION_HEADERS32
ParseImageOptionHeaders();
//解析节表
ParseSectionHeder();
}
解析PE文件,首先判断是否是有效的PE文件,然后解析NT头,文件头,节表;
void CPEToolDlg::ParseImageNTHeaders()
{
//文件偏移到3C处,获得e_lfanew的值 读取IMAGE_NT_HEADERS
fseek(pFile,0x3c,SEEK_SET);
fread_s(&m_stMsDos.e_lfanew,sizeof(DWORD),sizeof(DWORD),1,pFile);
if (m_stMsDos.e_lfanew == 0 )
{
MessageBox(L"获取IMAGE_NT_HEADERS的偏移位置失败!\n");
return ;
}
fseek(pFile,m_stMsDos.e_lfanew,SEEK_SET);
fread(&m_stPeHeader,sizeof(stPE_HEADER),1,pFile);
if (m_stPeHeader.Signature != IMAGE_NT_SIGNATURE)
{
MessageBox(L"不是有效的PE文件,因为Signature值不等于0x00004550(即是ASCII的'PE')");
return;
}
}
解析NT头;把对应内容读入m_stPeHeader;
void CPEToolDlg::ParseImageOptionHeaders()
{
//读取IMAGE_OPTION_HEADER
fread(&m_stExtPeHeader,sizeof(stPE_ExtHeader),1,pFile);
//幻数(魔数)
if (m_stExtPeHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC)
{
MessageBox(L"不是Win32PE文件,因为幻数不等于0x010b\n");
return ;
}
//解析输入数据目录
//输出表从PE头处偏移78h 输入表从PE头处偏移80h
//偏移到输出表
iLocation = m_stMsDos.e_lfanew;//PE头
iLocation += 0x78;
fseek(pFile,iLocation,SEEK_SET);
//第一个IMAGE_DATA_DIRECTORY是输出表
fread(&m_stExtPeHeader.DataDirectory[0].VirtualAddress,sizeof(DWORD),1,pFile); //输出表的RVA
fread(&m_stExtPeHeader.DataDirectory[0].Size,sizeof(DWORD),1,pFile);//输出表大小
//第二个IMAGE_DATA_DIRECTORY是输入表
fread(&m_stExtPeHeader.DataDirectory[1].VirtualAddress,sizeof(DWORD),1,pFile); //输入表RVA
fread(&m_stExtPeHeader.DataDirectory[1].Size,sizeof(DWORD),1,pFile);//输入表大小
//第三个是ResourceDirectory
fread(&m_stExtPeHeader.DataDirectory[2].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[2].Size,sizeof(DWORD),1,pFile);
//第四个是ExceptionDirectory
fread(&m_stExtPeHeader.DataDirectory[3].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[3].Size,sizeof(DWORD),1,pFile);
//第五个是SecurityDirectory
fread(&m_stExtPeHeader.DataDirectory[4].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[4].Size,sizeof(DWORD),1,pFile);
//第六个是Base Relocation table
fread(&m_stExtPeHeader.DataDirectory[5].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[5].Size,sizeof(DWORD),1,pFile);
//第7个是DebugDirectory
fread(&m_stExtPeHeader.DataDirectory[6].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[6].Size,sizeof(DWORD),1,pFile);
//第8个是ArchitetureSpecificData
fread(&m_stExtPeHeader.DataDirectory[7].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[7].Size,sizeof(DWORD),1,pFile);
//第9个是GlobalPtr
fread(&m_stExtPeHeader.DataDirectory[8].VirtualAddress,sizeof(DWORD),1,pFile);
fread(&m_stExtPeHeader.DataDirectory[8].Size,si