// 代码节空白添加.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include
#include
int FileBuffers(PVOID* FileBuffer){//传入的FileBuffer
LPVOID PtempBuffer;
FILE* f = fopen("C:\\Users\\Administrator\\Desktop\\PETool 1.0.0.5.exe","rb");
if(!f)
{
printf("文件打开失败\n");
return 0;
}
fseek(f,0,SEEK_END);
int file_size = ftell(f);
fseek(f,0,SEEK_SET);
PtempBuffer = malloc(file_size);
if(!PtempBuffer){
printf("malloc分配失败");
return 0;
}
size_t n = fread(PtempBuffer,file_size,1,f);
if(!n){
printf("内存分配失败");
return 0;
}
*FileBuffer = PtempBuffer;
PtempBuffer = NULL;
fclose(f);
return file_size;
}
int FileToImage(PVOID Filebuffer,PVOID* Imagebuffer){
//PE头信息
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader =NULL;
PIMAGE_OPTIONAL_HEADER PoptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
PVOID pTempImagebuffer = NULL; //临时的imagebuffer
if(!Filebuffer){
printf("读到内存的Filebuffer失效\n");
return 0;
}
if(*((PWORD)Filebuffer) != IMAGE_DOS_SIGNATURE){
printf("不含MZ标志,不是EXE文件\n");
return 0;
}
pDosHeader = (PIMAGE_DOS_HEADER)Filebuffer; //强制结构体类型转换pDosHeader
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)Filebuffer+pDosHeader->e_lfanew);//NT头开始的地方
if(*((PWORD)((DWORD)Filebuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE){//判断PE标识
printf("不是有效的PE标识\n");
}
pPEHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader+4);//PE标准头开始
PoptionHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pPEHeader+0X18);//PE可选头开始 IMAGE_SIZEOF_FILE_HEADER
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)PoptionHeader+pPEHeader->SizeOfOptionalHeader);//PE节表开始
//分配动态内存
pTempImagebuffer = malloc(PoptionHeader->SizeOfImage);
if(!pTempImagebuffer){
printf("pTempImagebuffer为NULL");
return 0;
}
//为临时的imagebuffer初始化
memset(pTempImagebuffer,0,PoptionHeader->SizeOfImage);
//copy头部
memcpy(pTempImagebuffer,pDosHeader,PoptionHeader->SizeOfHeaders);
//创建一个临时的PE节表
PIMAGE_SECTION_HEADER pTempSectionHeader = pSectionHeader;
for(DWORD i=0;iNumberOfSections;i++,pTempSectionHeader++){
//copy节从Filebuffer到临时的imagebuffer
//断点到这里有问题 各位师傅求解决
memcpy((void*)((DWORD)pTempImagebuffer+pTempSectionHeader->VirtualAddress)
,(void*)((DWORD)Filebuffer+pTempSectionHeader->PointerToRawData)
,pTempSectionHeader->SizeOfRawData);
}
*Imagebuffer = pTempImagebuffer;
pTempImagebuffer = NULL;
return PoptionHeader->SizeOfImage;
}
int main(int argc, char* argv[])
{
PVOID FileBuffer;
PVOID ImageBuffer;
int x = FileBuffers(&FileBuffer);
printf("FileBuffer分配大小为:%d个字节\n",x);
int y = FileToImage(FileBuffer,&ImageBuffer);
printf("大小为%d\n",y);
return 0;
}
 数组和指针作为实参和形参的问题)
![[转载] 湖北:星空团队——海燕计划](http://pic.xiahunao.cn/[转载] 湖北:星空团队——海燕计划)
之核心技术)
)
)
)
