首页
社区
课程
招聘
[旧帖] 简单PE文件查看器(C++源码) 0.00雪花
发表于: 2010-12-11 11:38 1688

[旧帖] 简单PE文件查看器(C++源码) 0.00雪花

2010-12-11 11:38
1688
//很简单的一个小程序,让大家见笑了,

#include<windows.h>
#include<string>
#include<Richedit.h>
#include"resource.h"

using namespace std;

CHAR  szMsg[]="文件名:%s\n"
   "运行平台:          0x%04X\n"
   "节区数量:          %d\n"
   "文件标记:          0x%04X\n"
   "建议装入地址:        0x%08X\n";
string strSection="----------------------------------------------------------------------------------------------------\n"\
      "节区名称  节区大小  虚拟地址  Raw_尺寸  Raw_偏移  节区属性\n"\
      "---------------------------------------------------------------------------------------------------\n";
string strFmtSection="%s  %08X  %08X  %08X  %08X  %08X\n";

CHAR szFilter[]="PE Files \0*.exe;*.src;*.font;*.drv\0"
     "All Files(*.*)\0 *.*\0\0";
DWORD hInstance;
HMODULE  hRichEdit;
CHAR szFileName[MAX_PATH]={0};
HWND hwinMain;

INT_PTR CALLBACK DialogProc(
  HWND hwndDlg,  // handle to dialog box
  UINT uMsg,     // message
  WPARAM wParam, // first message parameter
  LPARAM lParam  // second message parameter
);
void AppendInfo(LPSTR lpStr)
{
CHARRANGE cRang;
HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
int length=GetWindowTextLength(hWinEdit);
cRang.cpMax=length;
cRang.cpMin=length;
SendMessage(hWinEdit,EM_EXSETSEL,0,(LPARAM)&cRang);
SendMessage(hWinEdit,EM_REPLACESEL,FALSE,(LPARAM)lpStr);
CloseHandle(hWinEdit);
return;
}
void ProcessPeFile(HANDLE lpFile,LPVOID lpPeHead,DWORD dwSize)
{
int nSection;
CHAR szBuffer[1024]={0};
PIMAGE_NT_HEADERS pImghead=0;
PIMAGE_DOS_HEADER pImgDosHead;
PIMAGE_SECTION_HEADER pImgSecHead=0;
//检测PE文件DOS头
pImgDosHead=(PIMAGE_DOS_HEADER)lpPeHead;
if(pImgDosHead->e_magic!=IMAGE_DOS_SIGNATURE)
{
  MessageBox(hwinMain,TEXT("This File not PE file!!"),TEXT("error"),MB_OK);
  return;
}
lpPeHead=LPVOID((DWORD)lpPeHead+pImgDosHead->e_lfanew);
pImghead=(PIMAGE_NT_HEADERS)lpPeHead;

wsprintf(szBuffer,szMsg,szFileName,(pImghead->FileHeader).Machine,
    (pImghead->FileHeader).NumberOfSections,pImghead->FileHeader.Characteristics,
    pImghead->OptionalHeader.ImageBase);

HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
SetWindowText(hWinEdit,szBuffer);
AppendInfo(&strSection[0]);

//loop show section infomation every one
nSection=(pImghead->FileHeader).NumberOfSections;

lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_NT_HEADERS));
pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
for(int i=0;i<nSection;i++)
{
  wsprintf(szBuffer,&strFmtSection[0],pImgSecHead->Name,pImgSecHead->Misc.VirtualSize,
    pImgSecHead->VirtualAddress,pImgSecHead->SizeOfRawData,pImgSecHead->PointerToRawData,
    pImgSecHead->Characteristics);
  lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_SECTION_HEADER));
  pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
  AppendInfo(szBuffer);
  
}
CloseHandle(hWinEdit);
}
void OpenFile(HWND hwndDlg)
{
OPENFILENAME OpenFileName;
HANDLE hFile,hMapFile;
DWORD dwFileSize;
LPVOID lpMemory;
ZeroMemory(&OpenFileName,sizeof(OPENFILENAME));

OpenFileName.lStructSize=sizeof(OPENFILENAME);
OpenFileName.lpstrFilter=szFilter;
OpenFileName.hwndOwner=hwndDlg;
OpenFileName.nMaxFile=MAX_PATH;
OpenFileName.lpstrFile=szFileName;
OpenFileName.Flags=OFN_FILEMUSTEXIST;

if(!GetOpenFileName(&OpenFileName))
{
MessageBox(hwndDlg,TEXT("getopenfilename error"),TEXT("error"),MB_OK);
  return;
}

//open file and create file mapping
hFile=CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,
    NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,NULL);
if(INVALID_HANDLE_VALUE==hFile)
{
  MessageBox(hwndDlg,TEXT("CreateFile error"),TEXT("error"),MB_OK);
  return;
}
dwFileSize=GetFileSize(hFile,NULL);
hMapFile=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
lpMemory=MapViewOfFile(hMapFile,FILE_MAP_READ,0,0,0);

ProcessPeFile(hFile,lpMemory,dwFileSize);

UnmapViewOfFile(lpMemory);
CloseHandle(hMapFile);
CloseHandle(hFile);
}
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPreInstance,
       LPSTR lpCmdLine,int nCmdShow)
{
hRichEdit=LoadLibrary(TEXT("RichEd20.dll"));
DialogBoxParam(hInstance,MAKEINTRESOURCE(IDD_DIALOG),NULL,(DLGPROC)DialogProc,NULL);
return 0;
}

INT_PTR CALLBACK DialogProc(
  HWND hwndDlg,  // handle to dialog box
  UINT uMsg,     // message
  WPARAM wParam, // first message parameter
  LPARAM lParam  // second message parameter
)
{
switch(uMsg)
{
case WM_COMMAND:
  if(LOWORD(wParam)==IDM_EXIT)
   EndDialog(hwndDlg,NULL);
  else if(LOWORD(wParam)==IDM_OPEN)
   OpenFile(hwndDlg);
  break;
case WM_CLOSE:
  EndDialog(hwndDlg,NULL);
case WM_INITDIALOG:
  hwinMain=hwndDlg;
}
return 0;
}

//res File

//Microsoft Developer Studio generated resource script.
//
#include "resrc1.h"

#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "resource.h"
#include "afxres.h"

/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS

/////////////////////////////////////////////////////////////////////////////
// Chinese (中国) resources

#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
#pragma code_page(936)
#endif //_WIN32

/////////////////////////////////////////////////////////////////////////////
//
// Icon
//

// Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
ICO_MAIN                ICON    DISCARDABLE     "main.ico"

/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//

IDD_DIALOG DIALOG DISCARDABLE  50, 50, 250, 140
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PE文件基本信息"
MENU IDM_MAIN
FONT 10, "System"
BEGIN
    CONTROL         "",IDC_INFO,"RichEdit20A",WS_BORDER | ES_READONLY|
                    WS_VSCROLL | WS_TABSTOP | 0x10c4,0,0,249,140
END

/////////////////////////////////////////////////////////////////////////////
//
// Menu
//

IDM_MAIN MENU DISCARDABLE
BEGIN
    POPUP "文件(&F)"
    BEGIN
        MENUITEM "打开文件(&O)...",             IDM_OPEN
        MENUITEM SEPARATOR
        MENUITEM "退出(&X)",                    IDM_EXIT
    END
END

#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//

1 TEXTINCLUDE DISCARDABLE
BEGIN
    "resrc1.h\0"
END

2 TEXTINCLUDE DISCARDABLE
BEGIN
    "#include ""resource.h""\r\n"
    "#include ""afxres.h""\r\n"
    "\0"
END

3 TEXTINCLUDE DISCARDABLE
BEGIN
    "\r\n"
    "\0"
END

#endif    // APSTUDIO_INVOKED

#endif    // Chinese (中国) resources
/////////////////////////////////////////////////////////////////////////////

#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//

/////////////////////////////////////////////////////////////////////////////
#endif    // not APSTUDIO_INV

//resource.h

//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by Script3.rc
//
#define IDD_DIALOG                      101

#define ICO_MAIN 1000
#define IDC_INFO 1001
#define IDM_MAIN 2000
#define IDM_OPEN 2001
#define IDM_EXIT 2002
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE        102
#define _APS_NEXT_COMMAND_VALUE         40001
#define _APS_NEXT_CONTROL_VALUE         1000
#define _APS_NEXT_SYMED_VALUE           101
#endif
#endif

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (4)
雪    币: 544
活跃值: (55)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
2
怎么没有输入表,输出表的信息
2010-12-11 12:02
0
雪    币: 207
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
在没感觉没有写完整呢?
2010-12-11 17:31
0
雪    币: 15
活跃值: (48)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
...........
如果是c语言 就ok了~~
这玩意  我看到了 就想到命令行编译~~cl.exe a.cpp
2010-12-11 18:30
0
雪    币: 15
活跃值: (48)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
建议 还是打个包 ,上传到 115网盘上吧....
2010-12-11 18:35
0
游客
登录 | 注册 方可回帖
返回
//