-
-
[旧帖] 简单PE文件查看器(C++源码) 0.00雪花
-
发表于: 2010-12-11 11:38
-
//很简单的一个小程序,让大家见笑了,
#include<windows.h>
#include<string>
#include<Richedit.h>
#include"resource.h"
using namespace std;
CHAR szMsg[]="文件名:%s\n"
"运行平台: 0x%04X\n"
"节区数量: %d\n"
"文件标记: 0x%04X\n"
"建议装入地址: 0x%08X\n";
string strSection="----------------------------------------------------------------------------------------------------\n"\
"节区名称 节区大小 虚拟地址 Raw_尺寸 Raw_偏移 节区属性\n"\
"---------------------------------------------------------------------------------------------------\n";
string strFmtSection="%s %08X %08X %08X %08X %08X\n";
CHAR szFilter[]="PE Files \0*.exe;*.src;*.font;*.drv\0"
"All Files(*.*)\0 *.*\0\0";
DWORD hInstance;
HMODULE hRichEdit;
CHAR szFileName[MAX_PATH]={0};
HWND hwinMain;
INT_PTR CALLBACK DialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
);
void AppendInfo(LPSTR lpStr)
{
CHARRANGE cRang;
HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
int length=GetWindowTextLength(hWinEdit);
cRang.cpMax=length;
cRang.cpMin=length;
SendMessage(hWinEdit,EM_EXSETSEL,0,(LPARAM)&cRang);
SendMessage(hWinEdit,EM_REPLACESEL,FALSE,(LPARAM)lpStr);
CloseHandle(hWinEdit);
return;
}
void ProcessPeFile(HANDLE lpFile,LPVOID lpPeHead,DWORD dwSize)
{
int nSection;
CHAR szBuffer[1024]={0};
PIMAGE_NT_HEADERS pImghead=0;
PIMAGE_DOS_HEADER pImgDosHead;
PIMAGE_SECTION_HEADER pImgSecHead=0;
//检测PE文件DOS头
pImgDosHead=(PIMAGE_DOS_HEADER)lpPeHead;
if(pImgDosHead->e_magic!=IMAGE_DOS_SIGNATURE)
{
MessageBox(hwinMain,TEXT("This File not PE file!!"),TEXT("error"),MB_OK);
return;
}
lpPeHead=LPVOID((DWORD)lpPeHead+pImgDosHead->e_lfanew);
pImghead=(PIMAGE_NT_HEADERS)lpPeHead;
wsprintf(szBuffer,szMsg,szFileName,(pImghead->FileHeader).Machine,
(pImghead->FileHeader).NumberOfSections,pImghead->FileHeader.Characteristics,
pImghead->OptionalHeader.ImageBase);
HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
SetWindowText(hWinEdit,szBuffer);
AppendInfo(&strSection[0]);
//loop show section infomation every one
nSection=(pImghead->FileHeader).NumberOfSections;
lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_NT_HEADERS));
pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
for(int i=0;i<nSection;i++)
{
wsprintf(szBuffer,&strFmtSection[0],pImgSecHead->Name,pImgSecHead->Misc.VirtualSize,
pImgSecHead->VirtualAddress,pImgSecHead->SizeOfRawData,pImgSecHead->PointerToRawData,
pImgSecHead->Characteristics);
lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_SECTION_HEADER));
pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
AppendInfo(szBuffer);
}
CloseHandle(hWinEdit);
}
void OpenFile(HWND hwndDlg)
{
OPENFILENAME OpenFileName;
HANDLE hFile,hMapFile;
DWORD dwFileSize;
LPVOID lpMemory;
ZeroMemory(&OpenFileName,sizeof(OPENFILENAME));
OpenFileName.lStructSize=sizeof(OPENFILENAME);
OpenFileName.lpstrFilter=szFilter;
OpenFileName.hwndOwner=hwndDlg;
OpenFileName.nMaxFile=MAX_PATH;
OpenFileName.lpstrFile=szFileName;
OpenFileName.Flags=OFN_FILEMUSTEXIST;
if(!GetOpenFileName(&OpenFileName))
{
MessageBox(hwndDlg,TEXT("getopenfilename error"),TEXT("error"),MB_OK);
return;
}
//open file and create file mapping
hFile=CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,NULL);
if(INVALID_HANDLE_VALUE==hFile)
{
MessageBox(hwndDlg,TEXT("CreateFile error"),TEXT("error"),MB_OK);
return;
}
dwFileSize=GetFileSize(hFile,NULL);
hMapFile=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
lpMemory=MapViewOfFile(hMapFile,FILE_MAP_READ,0,0,0);
ProcessPeFile(hFile,lpMemory,dwFileSize);
UnmapViewOfFile(lpMemory);
CloseHandle(hMapFile);
CloseHandle(hFile);
}
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPreInstance,
LPSTR lpCmdLine,int nCmdShow)
{
hRichEdit=LoadLibrary(TEXT("RichEd20.dll"));
DialogBoxParam(hInstance,MAKEINTRESOURCE(IDD_DIALOG),NULL,(DLGPROC)DialogProc,NULL);
return 0;
}
INT_PTR CALLBACK DialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
)
{
switch(uMsg)
{
case WM_COMMAND:
if(LOWORD(wParam)==IDM_EXIT)
EndDialog(hwndDlg,NULL);
else if(LOWORD(wParam)==IDM_OPEN)
OpenFile(hwndDlg);
break;
case WM_CLOSE:
EndDialog(hwndDlg,NULL);
case WM_INITDIALOG:
hwinMain=hwndDlg;
}
return 0;
}
//res File
//Microsoft Developer Studio generated resource script.
//
#include "resrc1.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "resource.h"
#include "afxres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Chinese (中国) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
#pragma code_page(936)
#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
// Icon
//
// Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
ICO_MAIN ICON DISCARDABLE "main.ico"
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_DIALOG DIALOG DISCARDABLE 50, 50, 250, 140
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PE文件基本信息"
MENU IDM_MAIN
FONT 10, "System"
BEGIN
CONTROL "",IDC_INFO,"RichEdit20A",WS_BORDER | ES_READONLY|
WS_VSCROLL | WS_TABSTOP | 0x10c4,0,0,249,140
END
/////////////////////////////////////////////////////////////////////////////
//
// Menu
//
IDM_MAIN MENU DISCARDABLE
BEGIN
POPUP "文件(&F)"
BEGIN
MENUITEM "打开文件(&O)...", IDM_OPEN
MENUITEM SEPARATOR
MENUITEM "退出(&X)", IDM_EXIT
END
END
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE DISCARDABLE
BEGIN
"resrc1.h\0"
END
2 TEXTINCLUDE DISCARDABLE
BEGIN
"#include ""resource.h""\r\n"
"#include ""afxres.h""\r\n"
"\0"
END
3 TEXTINCLUDE DISCARDABLE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
#endif // Chinese (中国) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INV
//resource.h
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by Script3.rc
//
#define IDD_DIALOG 101
#define ICO_MAIN 1000
#define IDC_INFO 1001
#define IDM_MAIN 2000
#define IDM_OPEN 2001
#define IDM_EXIT 2002
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
#include<windows.h>
#include<string>
#include<Richedit.h>
#include"resource.h"
using namespace std;
CHAR szMsg[]="文件名:%s\n"
"运行平台: 0x%04X\n"
"节区数量: %d\n"
"文件标记: 0x%04X\n"
"建议装入地址: 0x%08X\n";
string strSection="----------------------------------------------------------------------------------------------------\n"\
"节区名称 节区大小 虚拟地址 Raw_尺寸 Raw_偏移 节区属性\n"\
"---------------------------------------------------------------------------------------------------\n";
string strFmtSection="%s %08X %08X %08X %08X %08X\n";
CHAR szFilter[]="PE Files \0*.exe;*.src;*.font;*.drv\0"
"All Files(*.*)\0 *.*\0\0";
DWORD hInstance;
HMODULE hRichEdit;
CHAR szFileName[MAX_PATH]={0};
HWND hwinMain;
INT_PTR CALLBACK DialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
);
void AppendInfo(LPSTR lpStr)
{
CHARRANGE cRang;
HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
int length=GetWindowTextLength(hWinEdit);
cRang.cpMax=length;
cRang.cpMin=length;
SendMessage(hWinEdit,EM_EXSETSEL,0,(LPARAM)&cRang);
SendMessage(hWinEdit,EM_REPLACESEL,FALSE,(LPARAM)lpStr);
CloseHandle(hWinEdit);
return;
}
void ProcessPeFile(HANDLE lpFile,LPVOID lpPeHead,DWORD dwSize)
{
int nSection;
CHAR szBuffer[1024]={0};
PIMAGE_NT_HEADERS pImghead=0;
PIMAGE_DOS_HEADER pImgDosHead;
PIMAGE_SECTION_HEADER pImgSecHead=0;
//检测PE文件DOS头
pImgDosHead=(PIMAGE_DOS_HEADER)lpPeHead;
if(pImgDosHead->e_magic!=IMAGE_DOS_SIGNATURE)
{
MessageBox(hwinMain,TEXT("This File not PE file!!"),TEXT("error"),MB_OK);
return;
}
lpPeHead=LPVOID((DWORD)lpPeHead+pImgDosHead->e_lfanew);
pImghead=(PIMAGE_NT_HEADERS)lpPeHead;
wsprintf(szBuffer,szMsg,szFileName,(pImghead->FileHeader).Machine,
(pImghead->FileHeader).NumberOfSections,pImghead->FileHeader.Characteristics,
pImghead->OptionalHeader.ImageBase);
HWND hWinEdit=GetDlgItem(hwinMain,IDC_INFO);
SetWindowText(hWinEdit,szBuffer);
AppendInfo(&strSection[0]);
//loop show section infomation every one
nSection=(pImghead->FileHeader).NumberOfSections;
lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_NT_HEADERS));
pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
for(int i=0;i<nSection;i++)
{
wsprintf(szBuffer,&strFmtSection[0],pImgSecHead->Name,pImgSecHead->Misc.VirtualSize,
pImgSecHead->VirtualAddress,pImgSecHead->SizeOfRawData,pImgSecHead->PointerToRawData,
pImgSecHead->Characteristics);
lpPeHead=LPVOID((DWORD)lpPeHead+sizeof(IMAGE_SECTION_HEADER));
pImgSecHead=(PIMAGE_SECTION_HEADER)lpPeHead;
AppendInfo(szBuffer);
}
CloseHandle(hWinEdit);
}
void OpenFile(HWND hwndDlg)
{
OPENFILENAME OpenFileName;
HANDLE hFile,hMapFile;
DWORD dwFileSize;
LPVOID lpMemory;
ZeroMemory(&OpenFileName,sizeof(OPENFILENAME));
OpenFileName.lStructSize=sizeof(OPENFILENAME);
OpenFileName.lpstrFilter=szFilter;
OpenFileName.hwndOwner=hwndDlg;
OpenFileName.nMaxFile=MAX_PATH;
OpenFileName.lpstrFile=szFileName;
OpenFileName.Flags=OFN_FILEMUSTEXIST;
if(!GetOpenFileName(&OpenFileName))
{
MessageBox(hwndDlg,TEXT("getopenfilename error"),TEXT("error"),MB_OK);
return;
}
//open file and create file mapping
hFile=CreateFile(szFileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,NULL);
if(INVALID_HANDLE_VALUE==hFile)
{
MessageBox(hwndDlg,TEXT("CreateFile error"),TEXT("error"),MB_OK);
return;
}
dwFileSize=GetFileSize(hFile,NULL);
hMapFile=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
lpMemory=MapViewOfFile(hMapFile,FILE_MAP_READ,0,0,0);
ProcessPeFile(hFile,lpMemory,dwFileSize);
UnmapViewOfFile(lpMemory);
CloseHandle(hMapFile);
CloseHandle(hFile);
}
int WINAPI WinMain(HINSTANCE hInstance,HINSTANCE hPreInstance,
LPSTR lpCmdLine,int nCmdShow)
{
hRichEdit=LoadLibrary(TEXT("RichEd20.dll"));
DialogBoxParam(hInstance,MAKEINTRESOURCE(IDD_DIALOG),NULL,(DLGPROC)DialogProc,NULL);
return 0;
}
INT_PTR CALLBACK DialogProc(
HWND hwndDlg, // handle to dialog box
UINT uMsg, // message
WPARAM wParam, // first message parameter
LPARAM lParam // second message parameter
)
{
switch(uMsg)
{
case WM_COMMAND:
if(LOWORD(wParam)==IDM_EXIT)
EndDialog(hwndDlg,NULL);
else if(LOWORD(wParam)==IDM_OPEN)
OpenFile(hwndDlg);
break;
case WM_CLOSE:
EndDialog(hwndDlg,NULL);
case WM_INITDIALOG:
hwinMain=hwndDlg;
}
return 0;
}
//res File
//Microsoft Developer Studio generated resource script.
//
#include "resrc1.h"
#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "resource.h"
#include "afxres.h"
/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
// Chinese (中国) resources
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
#ifdef _WIN32
LANGUAGE LANG_CHINESE, SUBLANG_CHINESE_SIMPLIFIED
#pragma code_page(936)
#endif //_WIN32
/////////////////////////////////////////////////////////////////////////////
//
// Icon
//
// Icon with lowest ID value placed first to ensure application icon
// remains consistent on all systems.
ICO_MAIN ICON DISCARDABLE "main.ico"
/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//
IDD_DIALOG DIALOG DISCARDABLE 50, 50, 250, 140
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PE文件基本信息"
MENU IDM_MAIN
FONT 10, "System"
BEGIN
CONTROL "",IDC_INFO,"RichEdit20A",WS_BORDER | ES_READONLY|
WS_VSCROLL | WS_TABSTOP | 0x10c4,0,0,249,140
END
/////////////////////////////////////////////////////////////////////////////
//
// Menu
//
IDM_MAIN MENU DISCARDABLE
BEGIN
POPUP "文件(&F)"
BEGIN
MENUITEM "打开文件(&O)...", IDM_OPEN
MENUITEM SEPARATOR
MENUITEM "退出(&X)", IDM_EXIT
END
END
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE DISCARDABLE
BEGIN
"resrc1.h\0"
END
2 TEXTINCLUDE DISCARDABLE
BEGIN
"#include ""resource.h""\r\n"
"#include ""afxres.h""\r\n"
"\0"
END
3 TEXTINCLUDE DISCARDABLE
BEGIN
"\r\n"
"\0"
END
#endif // APSTUDIO_INVOKED
#endif // Chinese (中国) resources
/////////////////////////////////////////////////////////////////////////////
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INV
//resource.h
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by Script3.rc
//
#define IDD_DIALOG 101
#define ICO_MAIN 1000
#define IDC_INFO 1001
#define IDM_MAIN 2000
#define IDM_OPEN 2001
#define IDM_EXIT 2002
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 102
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
