c++ - 如何使用 C++ 和 Window.h 解析 EXE 文件并从 IMAGE_DOS_HEADER 结构中获取数据？

Question

我正在尝试在 Windows 中解析 PE 文件并从该结构中获取数据

我写了这段代码，它从 exe 文件中读取字节。

 #include <Windows.h>
    
    int main()
    {
        // open the file for binary reading
        std::ifstream file;
            file.open("D:/SomeProgram.exe", ios_base::binary);
    
        if (!file.is_open())
            return 1;
    
        // get the length of the file
        file.seekg(0, ios::end);
        size_t fileSize = file.tellg();
        file.seekg(0, ios::beg);
    
        // create a vector to hold all the bytes in the file
        std::vector<byte> data(fileSize, 0);
    
        // read the file
        file.read(reinterpret_cast<char*>(&data[0]), fileSize);

我不知道如何获取包含e_magic、e_cbip、e_cp ....和最重要的e_ifanew。 我知道，这个结构 IMAGE_DOS_HEADER 存储在 Windows.h 中，但我不知道如何使用它从任何 exe 文件中获取字段。

Answer 1

查找以下过程以从不同的 header 获取数据:

LPCSTR fileName; //exe file to parse
HANDLE hFile; 
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
PIMAGE_NT_HEADERS peHeader;

hFile = CreateFileA(fileName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);

if(hFile==INVALID_HANDLE_VALUE)
{
    printf("\n CreateFile failed in read mode \n");
    return 1;
}

hFileMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);

if(hFileMapping==0)
{
    printf("\n CreateFileMapping failed \n");
    CloseHandle(hFile);
    return 1;
}

lpFileBase = MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0);

if(lpFileBase==0)
{
    printf("\n MapViewOfFile failed \n");
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    return 1;
}

dosHeader = (PIMAGE_DOS_HEADER) lpFileBase;  //pointer to dos headers

if(dosHeader->e_magic==IMAGE_DOS_SIGNATURE)
{
    //if it is executable file print different fileds of structure
    //dosHeader->e_lfanew : RVA for PE Header
    printf("\n DOS Signature (MZ) Matched");

    //pointer to PE/NT header
    peHeader = (PIMAGE_NT_HEADERS) ((u_char*)dosHeader+dosHeader->e_lfanew);

    if(peHeader->Signature==IMAGE_NT_SIGNATURE)
    {
        printf("\n PE Signature (PE) Matched \n");
        //important fileds
        //peHeader->FileHeader : Refrence to FileHeader
        //peHeader->OptionalHeader :  Refrence to Optional Header
        // lots of imprtant fileds are present in File header and Optional header to retrive code/data/different sections address of exe

    }

    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    return 0;
}
else
{
    printf("\n DOS Signature (MZ) Not Matched \n");
    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    return 1;
}