-
05_03_PE구조 그냥 출력_함수사용프로그래밍/PEViewer 2019. 12. 23. 02:30
함수사용
#include <stdio.h> #include <Windows.h> #include <winnt.h> #include <iostream> BOOL SelectFile(char* fileName); void PrintRaw(void* pBase, int start, int end); void Rawdata(HANDLE fp, void* pBase); void DosHeader(IMAGE_DOS_HEADER* pDos); void DosStub(IMAGE_DOS_HEADER* pDos, void* pBase); void IMG_NT_HEADER(IMAGE_NT_HEADERS* pNt); void IMG_Section(IMAGE_SECTION_HEADER* pSection, IMAGE_FILE_HEADER* pFh); void Section_main(void* pBase, IMAGE_SECTION_HEADER* pSection, IMAGE_FILE_HEADER* pFh); int main(void) { IMAGE_DOS_HEADER* pDos; IMAGE_NT_HEADERS* pNt; IMAGE_FILE_HEADER* pFh; IMAGE_SECTION_HEADER* pSection; char FileName[MAX_PATH] = { 0, }; SelectFile(FileName); HANDLE hfile = CreateFile(FileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); HANDLE hMap = CreateFileMapping(hfile, 0, PAGE_READONLY, 0, 0, 0); void* pBase = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0); /* (BYTE *)는 그 주소와 상수를 더하기 위해 필요함 */ pDos = (IMAGE_DOS_HEADER*)pBase; pNt = (IMAGE_NT_HEADERS*)(pDos->e_lfanew + (BYTE*)pDos); pFh = (IMAGE_FILE_HEADER*)((BYTE *)pNt + 0x4); pSection = (IMAGE_SECTION_HEADER*)((BYTE *)pNt + 0x18 + pFh->SizeOfOptionalHeader); //Rawdata(hfile, pBase); //전체 바이너리 출력 //DosHeader(pDos); //DOS 헤더 정렬 (IMAGE_DOS_HEADER) //printf("\n"); //DosStub(pDos, pBase); // Dos헤더의 MS-Dos Stub 출력 //IMG_NT_HEADER(pNt); //IMG_Section(pSection, pFh); Section_main(pBase, pSection, pFh); UnmapViewOfFile(pBase); return 0; } BOOL SelectFile(char* fileName) { OPENFILENAME of = { 0, }; of.lStructSize = sizeof(of); of.lpstrInitialDir = "."; of.lpstrFile = fileName; of.nMaxFile = MAX_PATH; of.lpstrFilter = "모든파일(*.*)\0*.*\0exe파일(*.exe)\0*.exe\0dll파일(*.dll)\0*.dll\0"; if (GetOpenFileName(&of)) { printf("[%s]파일을 선택하셨습니다.\n", fileName); return TRUE; } else { printf("아무것도 선택을 안하셨습니다.\n"); return FALSE; } } void PrintRaw(void* pBase, int start, int end ) { BYTE* pStr = (BYTE*)pBase; int pfile = start; int calc = 0; for (int i = start/16; i < (end / 16); i++) { printf("%.9x", pfile + calc); for (int n = 0; n < 16; n++) { if ((n % 8) == 0) printf(" "); printf(" %02x", *(pStr + pfile + calc)); calc++; } calc -= 0x10; for (int j = 0; j < 16; j++) { if ((*(pStr + pfile + calc) >= 33 && *(pStr + pfile + calc) <= 126)) printf(" %c", *(pStr + pfile + calc)); //printf(" %02x", *(pStr + i)); else printf(" ."); calc++; } printf("\n"); } } void Rawdata(HANDLE fp, void* pBase) { BYTE* pStr = (BYTE*)pBase; int fsize = GetFileSize(fp, NULL); int pfile = 0x00; int total = 0; int total2 = 0; printf("Data\n"); PrintRaw(pBase, pfile, fsize); } void DosHeader(IMAGE_DOS_HEADER* pDos) { /*pFile = (IMAGE_FILE_HEADER*)((BYTE*)pNt + 4); pOption = (IMAGE_OPTIONAL_HEADER*)((BYTE*)pNt + 0x18);*/ /*printf("-------------- IMAGE_DOS_HEADER --------------\n\n"); printf("RVA Data Description\n"); printf("000000000 %04x Signature\n", (pDos->e_magic)); printf("000000002 %04x Bytes on Last Page of File\n", (pDos->e_cblp)); printf("000000004 %04x Pages in File\n", (pDos->e_cp)); printf("000000006 %04x Relocation\n", (pDos->e_crlc)); printf("000000008 %04x Size of Header in Paragraphs\n", (pDos->e_cparhdr)); printf("00000000A %04x Minimun Extra Paragraphs\n", (pDos->e_minalloc)); printf("00000000C %04x Maximun Extra Paragraphs\n", (pDos->e_maxalloc)); printf("00000000E %04x Initial (relative) SS\n", (pDos->e_ss)); printf("000000010 %04x Initial SP\n", (pDos->e_sp)); printf("000000012 %04x Checksum\n", (pDos->e_csum)); printf("000000014 %04x Initial IP\n", (pDos->e_ip)); printf("000000016 %04x Initial (relative) CS\n", (pDos->e_cs)); printf("000000018 %04x Offset to Relocation Table\n", (pDos->e_lfarlc)); printf("00000001A %04x Overlay Number\n", (pDos->e_ovno)); printf("00000001C %04x Reserved\n", (pDos->e_res[0])); printf("00000001E %04x Reserved\n", (pDos->e_res[1])); printf("000000020 %04x Reserved\n", (pDos->e_res[2])); printf("000000022 %04x Reserved\n", (pDos->e_res[3])); printf("000000024 %04x OEM Identifier\n", (pDos->e_oemid)); printf("000000026 %04x OEM Infomation\n", (pDos->e_oeminfo)); printf("000000028 %04x Reserved\n", (pDos->e_res2[0])); printf("00000002A %04x Reserved\n", (pDos->e_res2[1])); printf("00000002C %04x Reserved\n", (pDos->e_res2[2])); printf("00000002E %04x Reserved\n", (pDos->e_res2[3])); printf("000000030 %04x Reserved\n", (pDos->e_res2[4])); printf("000000032 %04x Reserved\n", (pDos->e_res2[5])); printf("000000034 %04x Reserved\n", (pDos->e_res2[6])); printf("000000036 %04x Reserved\n", (pDos->e_res2[7])); printf("000000038 %04x Reserved\n", (pDos->e_res2[8])); printf("00000003A %04x Reserved\n", (pDos->e_res2[9])); printf("00000003C %08x Offset to New EXE Header\n\n", (pDos->e_lfanew));*/ printf("************Dos Header*************\n"); printf("%.4x ", pDos->e_magic); printf("%.4x ", pDos->e_cblp); printf("%.4x ", pDos->e_cp); printf("%.4x ", pDos->e_crlc); printf("%.4x ", pDos->e_cparhdr); printf("%.4x ", pDos->e_minalloc); printf("%.4x ", pDos->e_maxalloc); printf("%.4x ", pDos->e_ss); printf("%.4x ", pDos->e_sp); printf("%.4x ", pDos->e_ip); printf("%.4x ", pDos->e_cs); printf("%.4x ", pDos->e_lfarlc); printf("%.4x ", pDos->e_ovno); printf("%.4x ", pDos->e_res[4]); printf("%.4x ", pDos->e_oemid); printf("%.4x ", pDos->e_oeminfo); printf("%.4x ", pDos->e_res2[10]); printf("%.4x ", pDos->e_lfanew); } void DosStub(IMAGE_DOS_HEADER* pDos, void* pBase) { printf("---------------- MS_DOS_STUB -----------------\n\n"); int start = 0x40; int end = pDos->e_lfanew; PrintRaw(pBase, start, end); } void IMG_NT_HEADER(IMAGE_NT_HEADERS* pNt) { IMAGE_FILE_HEADER* pFile; IMAGE_OPTIONAL_HEADER* pOption; IMAGE_DATA_DIRECTORY* pData; pFile = (IMAGE_FILE_HEADER*)((BYTE*)pNt + 4); pOption = (IMAGE_OPTIONAL_HEADER*)((BYTE*)pNt + 0x18); pData = (IMAGE_DATA_DIRECTORY*)(((BYTE*)pOption + pFile->SizeOfOptionalHeader) - 8); printf("***Image_Nt_Header-> Image_File_Header***\n"); printf("%.4x | Machine\n", pFile->Machine); printf("%.4x | NumberOfSections\n", pFile->NumberOfSections); printf("%.4x | TimeDateStamp\n", pFile->TimeDateStamp); printf("%.4x | PointerToSymbolTable\n", pFile->PointerToSymbolTable); printf("%.4x | NumberOfSymbols\n", pFile->NumberOfSymbols); printf("%.4x | SizeOfOptionalHeader\n", pFile->SizeOfOptionalHeader); printf("%.4x | Characteristics\n", pFile->Characteristics); printf("***Image_Nt_Header->Image_Optional_Header***\n"); printf("Standard field\n"); printf("%4x \n", pOption->Magic); printf("%4x \n", pOption->MajorLinkerVersion); printf("%4x \n", pOption->MinorLinkerVersion); printf("%4x \n", pOption->SizeOfCode); printf("%4x \n", pOption->SizeOfInitializedData); printf("%4x \n", pOption->SizeOfUninitializedData); printf("%4x \n", pOption->AddressOfEntryPoint); printf("%4x \n", pOption->BaseOfCode); printf("%4x \n", pOption->BaseOfData); printf("Optional field\n"); printf("%4x \n", pOption->ImageBase); printf("%4x \n", pOption->SectionAlignment); printf("%4x \n", pOption->FileAlignment); printf("%4x \n", pOption->MajorOperatingSystemVersion); printf("%4x \n", pOption->MinorOperatingSystemVersion); printf("%4x \n", pOption->MajorImageVersion); printf("%4x \n", pOption->MinorImageVersion); printf("%4x \n", pOption->MajorSubsystemVersion); printf("%4x \n", pOption->MinorSubsystemVersion); printf("%4x \n", pOption->Win32VersionValue); printf("%4x \n", pOption->SizeOfImage); printf("%4x \n", pOption->SizeOfHeaders); printf("%4x \n", pOption->CheckSum); printf("%4x \n", pOption->Subsystem); printf("%4x \n", pOption->DllCharacteristics); printf("%4x \n", pOption->SizeOfStackReserve); printf("%4x \n", pOption->SizeOfStackCommit); printf("%4x \n", pOption->SizeOfHeapReserve); printf("%4x \n", pOption->SizeOfHeapCommit); printf("%4x \n", pOption->LoaderFlags); printf("%4x \n", pOption->NumberOfRvaAndSizes); printf("***image_data_directory***\n"); printf("%x \n", pFile->SizeOfOptionalHeader); /* printf("%4x \n", ); printf("%4x \n", );*/ printf("******************DATADIRECTORY*******************\n"); for (int i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++) { if (i == IMAGE_DIRECTORY_ENTRY_EXPORT) { printf("-----------------EXPORT Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_IMPORT) { printf("-----------------IMPORT Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_RESOURCE) { printf("-----------------RESOURCE Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_EXCEPTION) { printf("-----------------EXCEPTION Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_SECURITY) { printf("-----------------SECURITY Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_BASERELOC) { printf("-----------------BASERELOC Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_DEBUG) { printf("-----------------DEBUG Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_ARCHITECTURE) { printf("-----------------ARCHITECTURE Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_GLOBALPTR) { printf("-----------------GLOBALPTR Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_TLS) { printf("-----------------TLS Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG) { printf("-----------------LOAD_CONFIG Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT) { printf("-----------------BOUND_IMPORT Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_IAT) { printf("-----------------IAT Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT) { printf("-----------------DELAY_IMPORT Table------------------ \n"); printf("%d \n", i); } else if (i == IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR) { printf("-----------------CLI Table------------------ \n"); printf("%d \n", i); } else printf("-----------------------------------------------------\n"); printf("Virtual Address : 0x%08X\n", pOption->DataDirectory[i].VirtualAddress); printf("Virtual Size : 0x%08X\n", pOption->DataDirectory[i].Size); } } void IMG_Section(IMAGE_SECTION_HEADER* pSection, IMAGE_FILE_HEADER* pFh) { printf("Section header : "); //printf("%d", (BYTE *)pFh->NumberOfSections); for (int i = 0; i < pFh->NumberOfSections; i++) { for (int n = 0; n < 8; n++) { printf("%x ", *(pSection->Name + n)); } printf("%x\n", pSection->Misc.VirtualSize); printf("%x\n", pSection->VirtualAddress); printf("%x\n", pSection->SizeOfRawData); printf("%x\n", pSection->PointerToRawData); printf("%x\n", pSection->PointerToRelocations); printf("%x\n", pSection->PointerToLinenumbers); printf("%x\n", pSection->NumberOfRelocations); printf("%x\n", pSection->NumberOfLinenumbers); printf("%x\n", pSection->Characteristics); printf("---------------------\n"); pSection = (IMAGE_SECTION_HEADER *)((BYTE *)pSection + 40); } } void Section_main(void* pBase, IMAGE_SECTION_HEADER* pSection, IMAGE_FILE_HEADER* pFh) { int no, size; /*for (int i = 0; i < pFh->NumberOfSections; i++) { }*/ for (int i = 0; i < pFh->NumberOfSections; i++) { no = pSection->PointerToRawData; size = pSection->SizeOfRawData; PrintRaw(pBase, no, size + no); printf("-----------------------------------------------\n"); pSection = (IMAGE_SECTION_HEADER*)((BYTE*)pSection + 40); } }'프로그래밍 > PEViewer' 카테고리의 다른 글
08_C#연동 (0) 2019.12.23 05_02_PE구조정리_32bit_Console (0) 2019.12.23 07_C#_DLL 사용법 (0) 2019.12.23 06_DLL 제작 및 사용 (0) 2019.12.22 05_PE구조 출력 (0) 2019.12.18 댓글