C语言怎么获得进程的PE文件信息_C/C++

一、打印Sections信息。下面的程序打印出Windows_Graphics_Programming 1.1中第三个程序“Hello World Version 3:Create a Full-Screen Window"生成的可执行文件的Sections结构字节的信息

									#include<stdio.h>

									#include<windows.h>

									char *strPath="C:/c1_hwv3/Debug/c1_hwv3.exe";

									int main()

									{

									  IMAGE_DOS_HEADER myDosHeader;

									  LONG e_lfanew;

									  FILE *pFile;

									  pFile=fopen(strPath,"rb+");

									  fread(&myDosHeader,sizeof(IMAGE_DOS_HEADER),1,pFile);

									  e_lfanew=myDosHeader.e_lfanew;

									  IMAGE_FILE_HEADER myFileHeader;

									  int nSectionCount;

									  fseek(pFile,(e_lfanew+sizeof(DWORD)),SEEK_SET);

									  fread(&myFileHeader,sizeof(IMAGE_FILE_HEADER),1,pFile);

									  nSectionCount=myFileHeader.NumberOfSections;

									  IMAGE_SECTION_HEADER *pmySectionHeader=

									    (IMAGE_SECTION_HEADER *)calloc(nSectionCount,sizeof(IMAGE_SECTION_HEADER));

									  fseek(pFile,(e_lfanew+sizeof(IMAGE_NT_HEADERS)),SEEK_SET);

									  fread(pmySectionHeader,sizeof(IMAGE_SECTION_HEADER),nSectionCount,pFile);

									  for(int i=0;i<nSectionCount;i++,pmySectionHeader++)

									  {

									    printf("Name: %s\n", pmySectionHeader->Name);

									    printf("union_PhysicalAddress: %08x\n", pmySectionHeader->Misc.PhysicalAddress);

									    printf("union_VirtualSize: %04x\n", pmySectionHeader->Misc.VirtualSize);

									    printf("VirtualAddress: %08x\n", pmySectionHeader->VirtualAddress);

									    printf("SizeOfRawData: %08x\n", pmySectionHeader->SizeOfRawData);

									    printf("PointerToRawData: %04x\n", pmySectionHeader->PointerToRawData);

									    printf("PointerToRelocations: %04x\n", pmySectionHeader->PointerToRelocations);

									    printf("PointerToLinenumbers: %04x\n", pmySectionHeader->PointerToLinenumbers);

									    printf("NumberOfRelocations: %04x\n", pmySectionHeader->NumberOfRelocations);

									    printf("NumberOfLinenumbers: %04x\n", pmySectionHeader->NumberOfLinenumbers);

									    printf("Charateristics: %04x\n", pmySectionHeader->Characteristics);

									  }

									//  pmySectionHeader-=m_nSectionCount;

									  if(pmySectionHeader!=NULL)

									  {

									    free(pmySectionHeader);

									    pmySectionHeader=NULL;

									  }

									  fclose(pFile);

									  return 0;

									}

运行程序打印出如下信息

100

101

102

103

104

105

106

107

108

109

									Name: .text

									union_PhysicalAddress: 00022350

									union_VirtualSize: 22350

									VirtualAddress: 00001000

									SizeOfRawData: 00023000

									PointerToRawData: 1000

									PointerToRelocations: 0000

									PointerToLinenumbers: 0000

									NumberOfRelocations: 0000

									NumberOfLinenumbers: 0000

									Charateristics: 60000020

									Name: .rdata

									union_PhysicalAddress: 00001615

									union_VirtualSize: 1615

									VirtualAddress: 00024000

									SizeOfRawData: 00002000

									PointerToRawData: 24000

									PointerToRelocations: 0000

									PointerToLinenumbers: 0000

									NumberOfRelocations: 0000

									NumberOfLinenumbers: 0000

									Charateristics: 40000040

									Name: .data

									union_PhysicalAddress: 00005650

									union_VirtualSize: 5650

									VirtualAddress: 00026000

									SizeOfRawData: 00004000

									PointerToRawData: 26000

									PointerToRelocations: 0000

									PointerToLinenumbers: 0000

									NumberOfRelocations: 0000

									NumberOfLinenumbers: 0000

									Charateristics: c0000040

									Name: .idata

									union_PhysicalAddress: 00000b23

									union_VirtualSize: 0b23

									VirtualAddress: 0002c000

									SizeOfRawData: 00001000

									PointerToRawData: 2a000

									PointerToRelocations: 0000

									PointerToLinenumbers: 0000

									NumberOfRelocations: 0000

									NumberOfLinenumbers: 0000

									Charateristics: c0000040

									Name: .reloc

									union_PhysicalAddress: 00000f00

									union_VirtualSize: 0f00

									VirtualAddress: 0002d000

									SizeOfRawData: 00001000

									PointerToRawData: 2b000

									PointerToRelocations: 0000

									PointerToLinenumbers: 0000

									NumberOfRelocations: 0000

									NumberOfLinenumbers: 0000

									Charateristics: 42000040

pe文件结构图：

时间，时间，会给我答案 time will give me the answer

再给大家分享一则

									#include <windows.h>

									#include <stdio.h>

									#define MAX_SECTION_NUM  16

									#define MAX_IMPDESC_NUM  64

									HANDLE hHeap;

									PIMAGE_DOS_HEADER pDosHeader;

									PCHAR  pDosStub;

									DWORD  dwDosStubSize;

									DWORD  dwDosStubOffset;

									PIMAGE_NT_HEADERS      pNtHeaders;

									PIMAGE_FILE_HEADER     pFileHeader;

									PIMAGE_OPTIONAL_HEADER32  pOptHeader;

									PIMAGE_SECTION_HEADER  pSecHeaders;

									PIMAGE_SECTION_HEADER  pSecHeader[MAX_SECTION_NUM];

									WORD wSecNum;

									PBYTE pSecData[MAX_SECTION_NUM];

									DWORD dwSecSize[MAX_SECTION_NUM];

									DWORD dwFileSize;

									void OutputPEInMem(HANDLE hd)

									{

									  // 请在这里填入你的代码

									  DWORD             dwBase;

									  dwBase = (DWORD)hd;

									  pDosHeader = (PIMAGE_DOS_HEADER)dwBase;

									  pNtHeaders = (PIMAGE_NT_HEADERS)(dwBase + pDosHeader->e_lfanew);

									  pOptHeader = &(pNtHeaders->OptionalHeader);

									  pFileHeader = &(pNtHeaders->FileHeader);

									  printf("Address Of Entry Point: 0x%08x\n", pOptHeader->AddressOfEntryPoint);

									  printf("ImageBase: 0x%08x\n", pOptHeader->ImageBase);

									  printf("Number Of Sections: %d\n", pFileHeader->NumberOfSections);

									  printf("Size Of Image: 0x%04x\n", pOptHeader->SizeOfImage);

									  return;

									}

									int main(int argc, char *argv[])

									{

									  DWORD pid = 0;

									  pid=atoi(argv[1]);

									  HANDLE hd=OpenProcess(PROCESS_ALL_ACCESS,FALSE,pid);

									  LPCSTR lpszFileName = "hello.exe";

									  LPCSTR lpszInjFileName = "hello_inj0.exe";

									  OutputPEInMem(hd);

									  hHeap = GetProcessHeap();

									  if (! CopyPEFileToMem(lpszFileName)) {

									    return 1;

									  }

									  return 0;

									}