1 #include<windows.h> 2 #include<RichEdit.h> 3 #include "resource.h" 4 5 6 7 BOOL CALLBACK DlgProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam); 8 9 //Pe文件处理函数声明 10 11 BOOL IsPeFile(LPVOID ImageBase); 12 PIMAGE_NT_HEADERS GetNtHeader(LPVOID ImageBase); 13 PIMAGE_FILE_HEADER WINAPI GetFileHeader(LPVOID Imagebase); 14 PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase); 15 16 int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowcmd) 17 { 18 DialogBox(hInstance, MAKEINTRESOURCE(IDD_DIALOG), NULL, DlgProc); 19 20 return 0; 21 } 22 23 24 BOOL CALLBACK DlgProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) 25 { 26 27 28 OPENFILENAME FileName = { 0,0,0 }, *lpFileName = &FileName; 29 HANDLE hFile, hFileMap; 30 TCHAR szPe[] = "\"PE File(*.exe)\" \0*.exe;*.dll;*.scr;*.fon;*.drv;\0\"*.All File(*.*) \0*.*\0\0"; 31 TCHAR szFileName[256] = { "" }; 32 33 LPVOID lpMemory; 34 35 TCHAR Buff[16]; 36 PIMAGE_FILE_HEADER pFileHeader = NULL; 37 PIMAGE_OPTIONAL_HEADER pOptionHeader = NULL; 38 39 switch (message) 40 { 41 case WM_INITDIALOG: 42 break; 43 case WM_CLOSE: 44 45 EndDialog(hDlg, NULL); 46 break; 47 48 case WM_COMMAND: 49 switch (LOWORD(wParam)) 50 { 51 case IDM_OPEN: 52 FileName.hInstance = (HINSTANCE)hDlg; 53 FileName.hwndOwner = hDlg; 54 FileName.lStructSize = sizeof(OPENFILENAME); 55 FileName.lpstrFilter = szPe; 56 FileName.lpstrFile = szFileName; 57 FileName.Flags = OFN_FILEMUSTEXIST || OFN_PATHMUSTEXIST; 58 FileName.nMaxFile = sizeof(szFileName); 59 60 61 if (!GetOpenFileName(lpFileName)) 62 { 63 MessageBox(hDlg, "GetOpenFileName 调用失败", "ERROR", NULL); 64 break; 65 } 66 67 SetDlgItemText(hDlg, IDC_FILENAME, szFileName); 68 69 hFile = CreateFile(FileName.lpstrFile, // open pe file 70 71 GENERIC_READ, // open for reading 72 73 FILE_SHARE_READ || FILE_SHARE_WRITE, // share for reading 74 75 NULL, // no security 76 77 OPEN_EXISTING, // existing file only 78 79 FILE_ATTRIBUTE_NORMAL, // normal file 80 81 NULL); // no attr. template 82 83 84 if (hFile == INVALID_HANDLE_VALUE) 85 { 86 MessageBox(hDlg, "Could not open file.", "ERROR", MB_ICONERROR); 87 break;// process error 88 89 } 90 91 if (GetFileSize(hFile, NULL) != 0) 92 { 93 hFileMap = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); 94 if (hFileMap != 0) 95 { 96 lpMemory = MapViewOfFile(hFileMap, FILE_MAP_READ, NULL, NULL, NULL); 97 } 98 } 99 100 if (IsPeFile(lpMemory)) 101 { 102 103 pFileHeader = GetFileHeader(lpMemory); 104 pOptionHeader = GetOptionalHeader(lpMemory); 105 if (!(pFileHeader&&pOptionHeader)) 106 { 107 MessageBox(hDlg, "获取文件头指针失败", "PEINFO", MB_ICONERROR); 108 break; 109 } 110 else 111 { 112 wsprintf(Buff, "%04lX", pFileHeader->Machine); 113 SetDlgItemText(hDlg, IDC_MACHINE, Buff); 114 115 wsprintf(Buff, "%04lX", pFileHeader->NumberOfSections); 116 SetDlgItemText(hDlg, IDC_NUMSECTION, Buff); 117 118 wsprintf(Buff, "%04lX", pOptionHeader->Magic); 119 SetDlgItemText(hDlg, IDC_MAGIC, Buff); 120 121 wsprintf(Buff, "%08lX", pOptionHeader->AddressOfEntryPoint); 122 SetDlgItemText(hDlg, IDC_ENTERPOINT, Buff); 123 124 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[0].VirtualAddress); 125 SetDlgItemText(hDlg, IDC_EDIT_RVA_EXPORT, Buff); 126 127 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[0].Size); 128 SetDlgItemText(hDlg, IDC_EDIT_SIZE_EXPORT, Buff); 129 130 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[1].VirtualAddress); 131 SetDlgItemText(hDlg, IDC_EDIT_RVA_IMPORT, Buff); 132 133 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[1].Size); 134 SetDlgItemText(hDlg, IDC_EDIT_SIZE_IMPORT, Buff); 135 136 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[2].VirtualAddress); 137 SetDlgItemText(hDlg, IDC_EDIT_RVA_RES, Buff); 138 139 wsprintf(Buff, "%08lX", pOptionHeader->DataDirectory[2].Size); 140 SetDlgItemText(hDlg, IDC_EDIT_SIZE_RES, Buff); 141 142 143 144 } 145 146 147 } 148 else 149 { 150 MessageBox(hDlg, "你选择的不是PE文件", "error", MB_ICONERROR); 151 UnmapViewOfFile(lpMemory); 152 CloseHandle(hFileMap); 153 CloseHandle(hFile); 154 } 155 UnmapViewOfFile(lpMemory); 156 CloseHandle(hFileMap); 157 CloseHandle(hFile); 158 159 break; 160 161 162 } 163 164 165 } 166 return FALSE; 167 } 168 169 BOOL IsPeFile(LPVOID ImageBase) //判断是否是PE文件结构 170 171 { 172 PIMAGE_DOS_HEADER pDosHeader = NULL; 173 PIMAGE_NT_HEADERS pNtHeader = NULL; 174 175 if (!ImageBase) 176 return FALSE; 177 pDosHeader = (PIMAGE_DOS_HEADER)ImageBase; 178 if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) 179 return FALSE; 180 pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader + pDosHeader->e_lfanew); 181 if (pNtHeader->Signature != IMAGE_NT_SIGNATURE ) 182 return FALSE; 183 return TRUE; 184 } 185 186 //FileHeader 内容的读取 187 188 189 PIMAGE_NT_HEADERS GetNtHeader(LPVOID ImageBase) //获取NT结构指针 190 191 { 192 PIMAGE_DOS_HEADER pDosHeader = NULL; 193 PIMAGE_NT_HEADERS pNtHeader = NULL; 194 195 if (!IsPeFile(ImageBase)) 196 return NULL; 197 pDosHeader = (PIMAGE_DOS_HEADER)ImageBase; 198 pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader + pDosHeader->e_lfanew); 199 return pNtHeader; 200 } 201 202 PIMAGE_FILE_HEADER WINAPI GetFileHeader(LPVOID Imagebase) 203 { 204 PIMAGE_FILE_HEADER pFileHeader; 205 PIMAGE_NT_HEADERS pNtHeader = NULL; 206 pNtHeader = GetNtHeader(Imagebase); 207 if (!pNtHeader) 208 return NULL; 209 pFileHeader = &pNtHeader->FileHeader; 210 return pFileHeader; 211 } 212 213 PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase) 214 { 215 PIMAGE_OPTIONAL_HEADER pOptionHeader = NULL; 216 PIMAGE_NT_HEADERS pNtHeader = NULL; 217 pNtHeader = GetNtHeader(ImageBase); 218 if (!pNtHeader) 219 return NULL; 220 pOptionHeader = &pNtHeader->OptionalHeader; 221 return pOptionHeader; 222 }