// pe.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
#include "windows.h"
#include <iostream>
#include <string>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
int finn;
int hFilePointer;
string importshow;
unsigned long e_lfanew_assembly;
unsigned long OEP_assembly;
unsigned char * pOEP;
unsigned long * pNumberOfBytesRead_pOEP;
unsigned char * p_e_lfanew;
unsigned long * pNumberOfBytesRead_p_e_lfanew;
unsigned char * pBaseOfCode;
unsigned long * pNumberOfBytesRead_pBaseOfCode;
unsigned char * pBaseOfDate;
unsigned long * pNumberOfBytesRead_pBaseOfDate;
unsigned char * pImageBase;
unsigned long * pNumberOfBytesRead_pImageBase;
unsigned char * pSectionAlignment;
unsigned long * pNumberOfBytesRead_pSectionAlignment;
unsigned char * pFileAlignment;
unsigned long * pNumberOfBytesRead_pFileAlignment;
unsigned char * pSizeofImage;
unsigned long * pNumberOfBytesRead_pSizeofImage;
unsigned char * pSizeofHeaders;
unsigned long * pNumberOfBytesRead_pSizeofHeaders;
unsigned char * pCheckSum;
unsigned long * pNumberOfBytesRead_pCheckSum;
unsigned char * pSIZEexportRVA;
unsigned long * pNumberOfBytesRead_pSIZEexportRVA;
unsigned char * pRVAimport;
unsigned long * pNumberOfBytesRead_pRVAimport;
unsigned char * pSIZEimport;
unsigned long * pNumberOfBytesRead_pSIZEimport;
unsigned char * pimport;
unsigned long * pNumberOfBytesRead_pimport;
HANDLE hFile;
//打开文件,获得指定文件的句柄;
hFile=CreateFile(_T ("D:\\PEDIY\\CrackMe.exe"),GENERIC_READ|GENERIC_WRITE,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_SYSTEM,NULL);
//打开文件失败;
if (hFile==INVALID_HANDLE_VALUE)
{
cout<<"CREATEFILE ERROR! GetLastError()="<<GetLastError()<<endl;
return false;
}
///////////////////////////// 读取 e_lfanew 的值//////////////////////////////////////////
//移动文件指针到 e_lfanew (0x3c)处;
hFilePointer=SetFilePointer(hFile,0x3c,NULL,FILE_BEGIN);
//为 e_lfanew 的值申请空间;
p_e_lfanew = new unsigned char[5];
//为 实际读取的BYTES 的值申请空间;
pNumberOfBytesRead_p_e_lfanew= new unsigned long;
//读取 e_lfanew 的值
ReadFile(hFile,p_e_lfanew,4,pNumberOfBytesRead_p_e_lfanew,NULL);
/////////////////////////////读取 OEP 的值///////////////////////////////////////////////
e_lfanew_assembly = *(unsigned long*)p_e_lfanew+0x28;
//移动文件指针到 OEP 处;
hFilePointer=SetFilePointer(hFile,e_lfanew_assembly,NULL,FILE_BEGIN);
pOEP = new unsigned char[5];
pNumberOfBytesRead_pOEP = new unsigned long;
//读取 OEP 的值
ReadFile(hFile,pOEP,4,pNumberOfBytesRead_pOEP,NULL);
OEP_assembly=*(unsigned int*)pOEP;
/////////////////////////////////读取 BaseOfCode 的值///////////////////////////////////
pBaseOfCode = new unsigned char[5];
pNumberOfBytesRead_pBaseOfCode = new unsigned long;
ReadFile(hFile,pBaseOfCode,4,pNumberOfBytesRead_pBaseOfCode,NULL);
/////////////////////////////////读取 BaseOfDate 的值///////////////////////////////////
pBaseOfDate = new unsigned char[5];
pNumberOfBytesRead_pBaseOfDate = new unsigned long;
ReadFile(hFile,pBaseOfDate,4,pNumberOfBytesRead_pBaseOfDate,NULL);
/////////////////////////////////读取 ImageBase 的值///////////////////////////////////
pImageBase = new unsigned char[5];
pNumberOfBytesRead_pImageBase = new unsigned long;
ReadFile(hFile,pImageBase,4,pNumberOfBytesRead_pImageBase,NULL);
/////////////////////////////////读取 SectionAlignment 的值///////////////////////////////////
pSectionAlignment = new unsigned char[5];
pNumberOfBytesRead_pSectionAlignment = new unsigned long;
ReadFile(hFile,pSectionAlignment,4,pNumberOfBytesRead_pSectionAlignment,NULL);
/////////////////////////////////读取 FileAlignment 的值///////////////////////////////////
pFileAlignment = new unsigned char[5];
pNumberOfBytesRead_pFileAlignment = new unsigned long;
ReadFile(hFile,pFileAlignment,4,pNumberOfBytesRead_pFileAlignment,NULL);
/////////////////////////////////读取 SizeofImage 的值///////////////////////////////////
hFilePointer=SetFilePointer(hFile,0x10,NULL,FILE_CURRENT);
pSizeofImage = new unsigned char[5];
pNumberOfBytesRead_pSizeofImage = new unsigned long;
ReadFile(hFile,pSizeofImage,4,pNumberOfBytesRead_pSizeofImage,NULL);
/////////////////////////////////读取 SizeofHeaders 的值///////////////////////////////////
pSizeofHeaders = new unsigned char[5];
pNumberOfBytesRead_pSizeofHeaders = new unsigned long;
ReadFile(hFile,pSizeofHeaders,4,pNumberOfBytesRead_pSizeofHeaders,NULL);
/////////////////////////////////读取 CheckSum 的值///////////////////////////////////
pCheckSum = new unsigned char[5];
pNumberOfBytesRead_pCheckSum = new unsigned long;
ReadFile(hFile,pCheckSum,4,pNumberOfBytesRead_pCheckSum,NULL);
/////////////////////////////////读取 SIZEexportRVA 的值///////////////////////////////////
hFilePointer=SetFilePointer(hFile,0x1C,NULL,FILE_CURRENT);
pSIZEexportRVA = new unsigned char[9];
pNumberOfBytesRead_pSIZEexportRVA = new unsigned long;
ReadFile(hFile,pSIZEexportRVA,8,pNumberOfBytesRead_pSIZEexportRVA,NULL);
/////////////////////////////////读取 RVAimport 的值///////////////////////////////////
pRVAimport = new unsigned char[5];
pNumberOfBytesRead_pRVAimport= new unsigned long;
ReadFile(hFile,pRVAimport,4,pNumberOfBytesRead_pRVAimport,NULL);
/////////////////////////////////读取 SIZEimport 的值///////////////////////////////////
pSIZEimport = new unsigned char[5];
pNumberOfBytesRead_pSIZEimport= new unsigned long;
ReadFile(hFile,pSIZEimport,4,pNumberOfBytesRead_pSIZEimport,NULL);
/////////////////////////////////读取 import 的值///////////////////////////////////
pimport = new unsigned char[(*(unsigned int*)pSIZEimport)+1];
pNumberOfBytesRead_pimport = new unsigned long;
hFilePointer=SetFilePointer(hFile,(*(unsigned int*)pRVAimport),NULL,FILE_BEGIN);
ReadFile(hFile,pimport,(*(unsigned int*)pSIZEimport),pNumberOfBytesRead_pimport,NULL);
//importshow="Rocket Not Missile";
//*(string *)pimport;
/////////////////////////////////输出部分///////////////////////////////////
cout<<"################################################################################"<<endl;
cout<<" Rocket Not Missile "<<endl;
cout<<"################################################################################"<<endl;
cout<<" hFile = 0x"<<hFile<<endl;
cout<<"Address Of Entry Point = 0x"<<hex<<OEP_assembly<<endl;
cout<<" Base Of Code = 0x"<<hex<<*(unsigned int*)pBaseOfCode<<endl;
cout<<" Base Of Date = 0x"<<hex<<*(unsigned int*)pBaseOfDate<<endl;
cout<<" Image Base = 0x"<<hex<<*(unsigned int*)pImageBase<<endl;
cout<<" Section Alignment = 0x"<<hex<<*(unsigned int*)pSectionAlignment<<endl;
cout<<" File Alignment = 0x"<<hex<<*(unsigned int*)pFileAlignment<<endl;
cout<<" Size of Image = 0x"<<hex<<*(unsigned int*)pSizeofImage<<endl;
cout<<" Size of Headers = 0x"<<hex<<*(unsigned int*)pSizeofHeaders<<endl;
cout<<" Check Sum = 0x"<<hex<<*(unsigned int*)pCheckSum<<endl;
cout<<" RVA Size of export = 0x"<<hex<<*(unsigned int*)pSIZEexportRVA<<endl;
cout<<" RVA of import = 0x"<<hex<<*(unsigned int*)pRVAimport<<endl;
cout<<" SIZE of import = 0x"<<hex<<*(unsigned int*)pSIZEimport<<endl;
//cout<<" import = 0x"<<importshow<<endl;
cout<<"################################################################################"<<endl;
cout<<" EnjoyIT by:TheLongMarch "<<endl;
cout<<"################################################################################"<<endl;
delete p_e_lfanew;
delete pNumberOfBytesRead_p_e_lfanew;
delete pOEP;
delete pNumberOfBytesRead_pOEP;
delete pBaseOfCode;
delete pNumberOfBytesRead_pBaseOfCode;
delete pBaseOfDate;
delete pNumberOfBytesRead_pBaseOfDate;
delete pImageBase;
delete pNumberOfBytesRead_pImageBase;
delete pSectionAlignment;
delete pNumberOfBytesRead_pSectionAlignment;
delete pFileAlignment;
delete pNumberOfBytesRead_pFileAlignment;
delete pSizeofImage;
delete pNumberOfBytesRead_pSizeofImage;
delete pSizeofHeaders;
delete pNumberOfBytesRead_pSizeofHeaders;
delete pCheckSum;
delete pNumberOfBytesRead_pCheckSum;
delete pRVAimport;
delete pNumberOfBytesRead_pRVAimport;
delete pSIZEimport;
delete pNumberOfBytesRead_pSIZEimport;
delete pimport;
delete pNumberOfBytesRead_pimport;
CloseHandle(hFile);
cin>>finn;
return 0;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
