2017-12-19 5 views

답변

0

exe의 각 섹션에 액세스 하시겠습니까? 그렇다면 다음 방법을 찾으십시오.

#include<windows.h> 
#include<stdio.h> 

int main() 
{ 
    LPCSTR fileName="inputFile.exe"; 
    HANDLE hFile; 
    HANDLE hFileMapping; 
    LPVOID lpFileBase; 
    PIMAGE_DOS_HEADER dosHeader; 
    PIMAGE_NT_HEADERS peHeader; 
    PIMAGE_SECTION_HEADER sectionHeader; 

    hFile = CreateFileA(fileName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0); 

    if(hFile==INVALID_HANDLE_VALUE) 
    { 
     printf("\n CreateFile failed \n"); 
     return 1; 
    } 

    hFileMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL); 

    if(hFileMapping==0) 
    { 
     printf("\n CreateFileMapping failed \n"); 
     CloseHandle(hFile); 
     return 1; 
    } 

    lpFileBase = MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0); 

    if(lpFileBase==0) 
    { 
     printf("\n MapViewOfFile failed \n"); 
     CloseHandle(hFileMapping); 
     CloseHandle(hFile); 
     return 1; 
    } 

    dosHeader = (PIMAGE_DOS_HEADER) lpFileBase; 
    if(dosHeader->e_magic==IMAGE_DOS_SIGNATURE) 
    { 
     printf("\n DOS Signature (MZ) Matched \n"); 

     peHeader = (PIMAGE_NT_HEADERS) ((u_char*)dosHeader+dosHeader->e_lfanew); 
     if(peHeader->Signature==IMAGE_NT_SIGNATURE) 
     { 
      printf("\n PE Signature (PE) Matched \n"); 
      //once found valid exe or dll 

      //go to first section 
      sectionHeader = IMAGE_FIRST_SECTION(peHeader); 
      UINT nSectionCount = peHeader->FileHeader.NumberOfSections; 

      //No of sections 
      printf("\n No of sections : %d \n",nSectionCount); 

      //sectionHeader contains address of first section 
      //traverse each section by below way 
      for(UINT i=0; i<nSectionCount; ++i, ++sectionHeader) 
      { 
       //section information 
      } 
     } 
     else 
     { 
      return 1; 
     } 
    } 
    else 
    { 
     return 1; 
    } 
    return 0; 
} 
+0

디스크에서 읽는 대신 자체 메모리에서 섹션을 읽는 것이 더 효율적이며 더 쉬울 것입니다 – user2073973

+0

user2073973 자체 메모리에서 읽는 방법은 무엇입니까? – 9090

+0

가상 주소를 원할 경우이 기능 [ImageRvaToVa] (https://msdn.microsoft.com/en-us/library/ms680218(VS.85).aspx) –