Перейти к содержимому

Просматриваем заголовок исполняемого файла

Просматриваем заголовок исполняемого файла. В Интернете можно найти достаточное количество информации о формате исполняемых файлов. В данном примере мне хотелось бы показать Вам как можно получить данные из заголовка. Для примера нужно создать консольное приложение, вот собственно код:

#include <iostream>
#include <windows.h>
#include <conio.h>
using namespace std;
 
#define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + ((PIMAGE_DOS_HEADER)a)->e_lfanew))
 
int main()
{
        HANDLE hStd = GetStdHandle(STD_OUTPUT_HANDLE);SetConsoleTitle("[ViewHeader] Code by Lazy_elf");
        HMODULE hMod = GetModuleHandle(NULL);
        if(hMod)
        {
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                //_IMAGE_DOS_HEADER
                cout<<"---------------------------\n"<<"_IMAGE_DOS_HEADER:"<<endl<<"---------------------------"<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                PIMAGE_DOS_HEADER pDH = (PIMAGE_DOS_HEADER)hMod;
                cout<<"Magic number                     "<<hex<<pDH->e_magic;if(pDH->e_magic == IMAGE_DOS_SIGNATURE){cout<<"(MZ)"<<endl;}else{cout<<"(not MZ)"<<endl;}
                cout<<"Bytes on last page of file       "<<pDH->e_cblp<<endl;
                cout<<"Pages in file                    "<<pDH->e_cp<<endl;
                cout<<"Relocations                      "<<pDH->e_crlc<<endl;
                cout<<"Size of header in paragraphs     "<<pDH->e_cparhdr<<endl;
                cout<<"Minimum extra paragraphs needed  "<<pDH->e_minalloc<<endl;
                cout<<"Maximum extra paragraphs needed  "<<pDH->e_maxalloc<<endl;
                cout<<"Initial (relative) SS value      "<<pDH->e_ss<<endl;
                cout<<"Initial SP value                 "<<pDH->e_sp<<endl;
                cout<<"Checksum                         "<<pDH->e_csum<<endl;
                cout<<"Initial IP value                 "<<pDH->e_ip<<endl;
                cout<<"Initial (relative) CS value      "<<pDH->e_cs<<endl;
                cout<<"File address of relocation table "<<pDH->e_lfarlc<<endl;
                cout<<"Overlay number                   "<<pDH->e_ovno<<endl;
                cout<<"Reserved words                   "<<pDH->e_res<<endl;
                cout<<"OEM identifier (for e_oeminfo)   "<<pDH->e_oemid<<endl;
                cout<<"OEM information                  "<<pDH->e_oeminfo<<endl;
                cout<<"Reserved words                   "<<pDH->e_res2<<endl;
                cout<<"File address of new exe header   "<<pDH->e_lfanew<<endl;
                //_IMAGE_NT_HEADERS
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                cout<<"---------------------------\n"<<"_IMAGE_NT_HEADERS:"<<endl<<"---------------------------"<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                PIMAGE_NT_HEADERS pPEH = (PIMAGE_NT_HEADERS)NTSIGNATURE(pDH);
                cout<<"Signature                        "<<pPEH->Signature;if(pPEH->Signature == IMAGE_NT_SIGNATURE){cout<<"(PE)"<<endl;}else{cout<<"(not PE)"<<endl;}
                IMAGE_FILE_HEADER iFH =(IMAGE_FILE_HEADER)pPEH->FileHeader;
                cout<<"Machine                          "<<hex<<iFH.Machine<<endl;
                cout<<"NumberOfSections                 "<<iFH.NumberOfSections<<endl;
                cout<<"TimeDateStamp                    "<<iFH.TimeDateStamp<<endl;
                cout<<"PointerToSymbolTable             "<<iFH.PointerToSymbolTable<<endl;
                cout<<"NumberOfSymbols                  "<<iFH.NumberOfSymbols<<endl;
                cout<<"SizeOfOptionalHeader             "<<iFH.SizeOfOptionalHeader<<endl;
                cout<<"Characteristics                  "<<iFH.Characteristics<<endl;
                //_IMAGE_OPTIONAL_HEADER
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                IMAGE_OPTIONAL_HEADER32 iOH = (IMAGE_OPTIONAL_HEADER32)pPEH->OptionalHeader;
                cout<<"---------------------------\n"<<"_IMAGE_OPTIONAL_HEADER:"<<endl<<"---------------------------"<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
                cout<<"// Standard fields."<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                cout<<"Magic                            "<<iOH.Magic<<endl;
                cout<<"Major.Minor(LinkerVersion)       "<<dec<<(int)iOH.MajorLinkerVersion<<"."<<(int)iOH.MinorLinkerVersion<<endl;
                cout<<"SizeOfCode                       "<<hex<<iOH.SizeOfCode<<endl;
                cout<<"SizeOfInitializedData            "<<iOH.SizeOfInitializedData<<endl;
                cout<<"SizeOfUninitializedData          "<<iOH.SizeOfUninitializedData<<endl;
                cout<<"AddressOfEntryPoint              "<<iOH.AddressOfEntryPoint<<endl;
                cout<<"BaseOfCode                       "<<iOH.BaseOfCode<<endl;
                cout<<"BaseOfData                       "<<iOH.BaseOfData<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
                cout<<"// NT additional fields."<<endl;
                SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                cout<<"ImageBase                        "<<iOH.ImageBase<<endl;
                cout<<"SectionAlignment                 "<<iOH.SectionAlignment<<endl;
                cout<<"FileAlignment                    "<<iOH.FileAlignment<<endl;
                cout<<"Major.Minor(OS Version)          "<<iOH.MajorOperatingSystemVersion<<"."<<iOH.MinorOperatingSystemVersion<<endl;
                cout<<"Major.Minor(ImageVersion)        "<<iOH.MajorImageVersion<<"."<<iOH.MinorImageVersion<<endl;
                cout<<"Major.Minor(SubsystemVersion)    "<<iOH.MajorSubsystemVersion<<"."<<iOH.MinorSubsystemVersion<<endl;
                cout<<"Win32VersionValue                "<<iOH.Win32VersionValue<<endl;
                cout<<"SizeOfImage                      "<<iOH.SizeOfImage<<endl;
                cout<<"SizeOfHeaders                    "<<iOH.SizeOfHeaders<<endl;
                cout<<"CheckSum                         "<<iOH.CheckSum<<endl;
                cout<<"Subsystem                        "<<iOH.Subsystem<<endl;
                cout<<"DllCharacteristics               "<<iOH.DllCharacteristics<<endl;
                cout<<"SizeOfStackReserve               "<<iOH.SizeOfStackReserve<<endl;
                cout<<"SizeOfStackCommit                "<<iOH.SizeOfStackCommit<<endl;
                cout<<"SizeOfHeapReserve                "<<iOH.SizeOfHeapReserve<<endl;
                cout<<"SizeOfHeapCommit                 "<<iOH.SizeOfHeapCommit<<endl;
                cout<<"LoaderFlags                      "<<iOH.LoaderFlags<<endl;
                cout<<"NumberOfRvaAndSizes              "<<iOH.NumberOfRvaAndSizes<<endl;
                //_IMAGE_DATA_DIRECTORY
                for(int i=0;i<=14;i++){
                SetConsoleTextAttribute(hStd,FOREGROUND_INTENSITY|FOREGROUND_GREEN);
                if(i==0){cout<<"[IMAGE_DIRECTORY_ENTRY_EXPORT]        ";}
                if(i==1){cout<<"[IMAGE_DIRECTORY_ENTRY_IMPORT]        ";}
                if(i==2){cout<<"[IMAGE_DIRECTORY_ENTRY_RESOURCE]      ";}
                if(i==3){cout<<"[IMAGE_DIRECTORY_ENTRY_EXCEPTION]     ";}
                if(i==4){cout<<"[IMAGE_DIRECTORY_ENTRY_SECURITY]      ";}
                if(i==5){cout<<"[IMAGE_DIRECTORY_ENTRY_BASERELOC]     ";}
                if(i==6){cout<<"[IMAGE_DIRECTORY_ENTRY_DEBUG]         ";}
                if(i==7){cout<<"[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE]  ";}
                if(i==8){cout<<"[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]     ";}
                if(i==9){cout<<"[IMAGE_DIRECTORY_ENTRY_TLS]           ";}
                if(i==10){cout<<"[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]   ";}
                if(i==11){cout<<"[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]  ";}
                if(i==12){cout<<"[IMAGE_DIRECTORY_ENTRY_IAT]           ";}
                if(i==13){cout<<"[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]  ";}
                if(i==14){cout<<"[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]";}
                SetConsoleTextAttribute(hStd,FOREGROUND_RED|FOREGROUND_GREEN|FOREGROUND_BLUE);
                cout<<"[VirtualAddress|Size]   "<<"["<<iOH.DataDirectory[i].VirtualAddress<<"|"<<iOH.DataDirectory[i].Size<<"]"<<endl;}
        }else{cout<<"Error load module..."<<endl;}
        FreeLibrary(hMod);
        
        cout<<"\nPress any key to continue"<<endl;
        while (!getch());
        return 0;
}

Результат работы программы:
Просматриваем заголовок исполняемого файла

Метки: