Просматриваем заголовок исполняемого файла

 
В Интернете можно найти достаточное количество информации о формате исполняемых файлов.
В данном примере мне хотелось бы показать Вам как можно получить данные из заголовка.
Для примера нужно создать консольное приложение, вот собственно код:

#include <iostream>
#include <windows.h>
#include <conio.h>
using namespace std;

#define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + ((PIMAGE_DOS_HEADER)a)->e_lfanew))

int main()
{
HANDLE hStd = GetStdHandle(STD_OUTPUT_HANDLE);SetConsoleTitle("[ViewHeader] Code by Lazy_elf");
HMODULE hMod = GetModuleHandle(NULL);
if(hMod)
{
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
//_IMAGE_DOS_HEADER
cout<<"---------------------------\n"<<"_IMAGE_DOS_HEADER:"<<endl<<"---------------------------"<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)hMod;
cout<<"Magic number "<<hex<<pDH->e_magic;

if
(pDH->e_magic == IMAGE_DOS_SIGNATURE){cout<<"(MZ)"<<endl;}else{cout<<"(not MZ)"<<endl;}
cout<<"Bytes on last page of file "<<pDH->e_cblp<<endl;
cout<<"Pages in file "<<pDH->e_cp<<endl;
cout<<"Relocations "<<pDH->e_crlc<<endl;
cout<<"Size of header in paragraphs "<<pDH->e_cparhdr<<endl;
cout<<"Minimum extra paragraphs needed "<<pDH->e_minalloc<<endl;
cout<<"Maximum extra paragraphs needed "<<pDH->e_maxalloc<<endl;
cout<<"Initial (relative) SS value "<<pDH->e_ss<<endl;
cout<<"Initial SP value "<<pDH->e_sp<<endl;
cout<<"Checksum "<<pDH->e_csum<<endl;
cout<<"Initial IP value "<<pDH->e_ip<<endl;
cout<<"Initial (relative) CS value "<<pDH->e_cs<<endl;
cout<<"File address of relocation table "<<pDH->e_lfarlc<<endl;
cout<<"Overlay number "<<pDH->e_ovno<<endl;
cout<<"Reserved words "<<pDH->e_res<<endl;
cout<<"OEM identifier (for e_oeminfo) "<<pDH->e_oemid<<endl;
cout<<"OEM information "<<pDH->e_oeminfo<<endl;
cout<<"Reserved words "<<pDH->e_res2<<endl;
cout<<"File address of new exe header "<<pDH->e_lfanew<<endl;
//_IMAGE_NT_HEADERS
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
cout<<"---------------------------\n"<<"_IMAGE_NT_HEADERS:"<<endl<<"---------------------------"<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
PIMAGE_NT_HEADERS pPEH = (PIMAGE_NT_HEADERS)NTSIGNATURE(pDH);
cout<<"Signature "<<pPEH->Signature;
if(pPEH->Signature == IMAGE_NT_SIGNATURE){cout<<"(PE)"<<endl;}else{cout<<"(not PE)"<<endl;}
IMAGE_FILE_HEADER iFH =(IMAGE_FILE_HEADER)pPEH->FileHeader;
cout<<"Machine "<<hex<<iFH.Machine<<endl;
cout<<"NumberOfSections "<<iFH.NumberOfSections<<endl;
cout<<"TimeDateStamp "<<iFH.TimeDateStamp<<endl;
cout<<"PointerToSymbolTable "<<iFH.PointerToSymbolTable<<endl;
cout<<"NumberOfSymbols "<<iFH.NumberOfSymbols<<endl;
cout<<"SizeOfOptionalHeader "<<iFH.SizeOfOptionalHeader<<endl;
cout<<"Characteristics "<<iFH.Characteristics<<endl;
//_IMAGE_OPTIONAL_HEADER
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
IMAGE_OPTIONAL_HEADER32 iOH = (IMAGE_OPTIONAL_HEADER32)pPEH->OptionalHeader;
cout<<"---------------------------\n"<<"_IMAGE_OPTIONAL_HEADER:"<<endl<<"---------------------------"<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
cout<<"// Standard fields."<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
cout<<"Magic "<<iOH.Magic<<endl;
cout<<"Major.Minor(LinkerVersion) "<<dec<<(
int)iOH.MajorLinkerVersion<<"."<<(int)iOH.MinorLinkerVersion<<endl;
cout<<"SizeOfCode "<<hex<<iOH.SizeOfCode<<endl;
cout<<"SizeOfInitializedData "<<iOH.SizeOfInitializedData<<endl;
cout<<"SizeOfUninitializedData "<<iOH.SizeOfUninitializedData<<endl;
cout<<"AddressOfEntryPoint "<<iOH.AddressOfEntryPoint<<endl;
cout<<"BaseOfCode "<<iOH.BaseOfCode<<endl;
cout<<"BaseOfData "<<iOH.BaseOfData<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
cout<<"// NT additional fields."<<endl;
SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
cout<<"ImageBase "<<iOH.ImageBase<<endl;
cout<<"SectionAlignment "<<iOH.SectionAlignment<<endl;
cout<<"FileAlignment "<<iOH.FileAlignment<<endl;
cout<<"Major.Minor(OS Version) "<<iOH.MajorOperatingSystemVersion<<"."<<iOH.MinorOperatingSystemVersion<<endl;
cout<<"Major.Minor(ImageVersion) "<<iOH.MajorImageVersion<<"."<<iOH.MinorImageVersion<<endl;
cout<<"Major.Minor(SubsystemVersion) "<<iOH.MajorSubsystemVersion<<"."<<iOH.MinorSubsystemVersion<<endl;
cout<<"Win32VersionValue "<<iOH.Win32VersionValue<<endl;
cout<<"SizeOfImage "<<iOH.SizeOfImage<<endl;
cout<<"SizeOfHeaders "<<iOH.SizeOfHeaders<<endl;
cout<<"CheckSum "<<iOH.CheckSum<<endl;
cout<<"Subsystem "<<iOH.Subsystem<<endl;
cout<<"DllCharacteristics "<<iOH.DllCharacteristics<<endl;
cout<<"SizeOfStackReserve "<<iOH.SizeOfStackReserve<<endl;
cout<<"SizeOfStackCommit "<<iOH.SizeOfStackCommit<<endl;
cout<<"SizeOfHeapReserve "<<iOH.SizeOfHeapReserve<<endl;
cout<<"SizeOfHeapCommit "<<iOH.SizeOfHeapCommit<<endl;
cout<<"LoaderFlags "<<iOH.LoaderFlags<<endl;
cout<<"NumberOfRvaAndSizes "<<iOH.NumberOfRvaAndSizes<<endl;
//_IMAGE_DATA_DIRECTORY
for(int i=0;i<=14;i++){
SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
if(i==0){cout<<"[IMAGE_DIRECTORY_ENTRY_EXPORT] ";}
if(i==1){cout<<"[IMAGE_DIRECTORY_ENTRY_IMPORT] ";}
if(i==2){cout<<"[IMAGE_DIRECTORY_ENTRY_RESOURCE] ";}
if(i==3){cout<<"[IMAGE_DIRECTORY_ENTRY_EXCEPTION] ";}
if(i==4){cout<<"[IMAGE_DIRECTORY_ENTRY_SECURITY] ";}
if(i==5){cout<<"[IMAGE_DIRECTORY_ENTRY_BASERELOC] ";}
if(i==6){cout<<"[IMAGE_DIRECTORY_ENTRY_DEBUG] ";}
if(i==7){cout<<"[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE] ";}
if(i==8){cout<<"[IMAGE_DIRECTORY_ENTRY_GLOBALPTR] ";}
if(i==9){cout<<"[IMAGE_DIRECTORY_ENTRY_TLS] ";}
if(i==10){cout<<"[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG] ";}
if(i==11){cout<<"[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT] ";}
if(i==12){cout<<"[IMAGE_DIRECTORY_ENTRY_IAT] ";}
if(i==13){cout<<"[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT] ";}
if(i==14){cout<<"[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]";}
SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
cout<<"[VirtualAddress|Size] "<<"["<<iOH.DataDirectory[i].VirtualAddress<<"|"<<iOH.DataDirectory[i].Size<<"]"<<endl;}
}
else{cout<<"Error load module..."<<endl;}
FreeLibrary(hMod);

cout<<"\nPress any key to continue"<<endl;
while (!getch());
return 0;
}
 
Следующая статья »