pe工具04-获取数据目录

Posted shiningarmor

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了pe工具04-获取数据目录相关的知识,希望对你有一定的参考价值。

要实现这样一个窗口,点击目录按钮弹出窗口,显示pe结构的目录项;

技术图片

 

 

画一个窗口,然后解析pe的数据目录,将得到的值用sendmessage放入输入框即可;

没什么难度,但是数据太多麻烦;

实现代码:

//解析数据目录文件
BOOL getDirInfo(HWND hwndDlg){
    LPVOID pFileBuffer = NULL;

    PIMAGE_DOS_HEADER pDosHeader = NULL;    //dos头指针
    PIMAGE_FILE_HEADER peHeader = NULL;        //pe头指针
    PIMAGE_OPTIONAL_HEADER32 opHeader = NULL;    //可选pe头指针
    PIMAGE_DATA_DIRECTORY dirHeader = NULL;        //数据目录指针

    //将文件读入内存
    readPeFile(szFileName, &pFileBuffer);

    if(!pFileBuffer){
        return FALSE;
    }
    
    //给pe头结构指针赋值
    pDosHeader = (PIMAGE_DOS_HEADER) pFileBuffer;    
    peHeader = (PIMAGE_FILE_HEADER)((DWORD)pFileBuffer + pDosHeader->e_lfanew + 4);
    opHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)peHeader + IMAGE_SIZEOF_FILE_HEADER);
    dirHeader = opHeader->DataDirectory;

    //给子窗口赋值
    HWND hEXPORT = GetDlgItem(hwndDlg,IDC_ENTRY_EXPORT);
    TCHAR tEXPORT[10]={0};
    sprintf(tEXPORT, "%08X", dirHeader[0].VirtualAddress);
    SendMessage(hEXPORT,WM_SETTEXT,0,(long)tEXPORT);

    HWND hEXPORT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_EXPORT_SZ);
    TCHAR tEXPORT_SZ[10]={0};
    sprintf(tEXPORT_SZ, "%08X", dirHeader[0].Size);
    SendMessage(hEXPORT_SZ,WM_SETTEXT,0,(long)tEXPORT_SZ);

    HWND hIMPORT = GetDlgItem(hwndDlg,IDC_ENTRY_IMPORT);
    TCHAR tIMPORT[10]={0};
    sprintf(tIMPORT, "%08X", dirHeader[1].VirtualAddress);
    SendMessage(hIMPORT,WM_SETTEXT,0,(long)tIMPORT);

    HWND hIMPORT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_IMPORT_SZ);
    TCHAR tIMPORT_SZ[10]={0};
    sprintf(tIMPORT_SZ, "%08X", dirHeader[1].Size);
    SendMessage(hIMPORT_SZ,WM_SETTEXT,0,(long)tIMPORT_SZ);

    HWND hENTRY_RESOURCE = GetDlgItem(hwndDlg,IDC_ENTRY_RESOURCE);
    TCHAR tENTRY_RESOURCE[10]={0};
    sprintf(tENTRY_RESOURCE, "%08X", dirHeader[2].VirtualAddress);
    SendMessage(hENTRY_RESOURCE,WM_SETTEXT,0,(long)tENTRY_RESOURCE);

    HWND hENTRY_RESOURCE_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_RESOURCE_SZ);
    TCHAR tENTRY_RESOURCE_SZ[10]={0};
    sprintf(tENTRY_RESOURCE_SZ, "%08X", dirHeader[2].Size);
    SendMessage(hENTRY_RESOURCE_SZ,WM_SETTEXT,0,(long)tENTRY_RESOURCE_SZ);

    HWND hEXCEPTION = GetDlgItem(hwndDlg,IDC_ENTRY_EXCEPTION);
    TCHAR tEXCEPTION[10]={0};
    sprintf(tEXCEPTION, "%08X", dirHeader[3].VirtualAddress);
    SendMessage(hEXCEPTION,WM_SETTEXT,0,(long)tEXCEPTION);

    HWND hEXCEPTION_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_EXCEPTION_SZ);
    TCHAR tEXCEPTION_SZ[10]={0};
    sprintf(tEXCEPTION_SZ, "%08X", dirHeader[3].Size);
    SendMessage(hEXCEPTION_SZ,WM_SETTEXT,0,(long)tEXCEPTION_SZ);

    HWND hSECURITY = GetDlgItem(hwndDlg,IDC_ENTRY_SECURITY);
    TCHAR tSECURITY[10]={0};
    sprintf(tSECURITY, "%08X", dirHeader[4].VirtualAddress);
    SendMessage(hSECURITY,WM_SETTEXT,0,(long)tSECURITY);

    HWND hSECURITY_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_SECURITY_SZ);
    TCHAR tSECURITY_SZ[10]={0};
    sprintf(tSECURITY_SZ, "%08X", dirHeader[4].Size);
    SendMessage(hSECURITY_SZ,WM_SETTEXT,0,(long)tSECURITY_SZ);

    HWND hRELOC = GetDlgItem(hwndDlg,IDC_ENTRY_BASERELOC);
    TCHAR tRELOC[10]={0};
    sprintf(tRELOC, "%08X", dirHeader[5].VirtualAddress);
    SendMessage(hRELOC,WM_SETTEXT,0,(long)tRELOC);

    HWND hRELOC_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_BASERELOC_SZ);
    TCHAR tRELOC_SZ[10]={0};
    sprintf(tRELOC_SZ, "%08X", dirHeader[5].Size);
    SendMessage(hRELOC_SZ,WM_SETTEXT,0,(long)tRELOC_SZ);
    
    HWND hDEBUG = GetDlgItem(hwndDlg,IDC_ENTRY_DEBUG);
    TCHAR tDEBUG[10]={0};
    sprintf(tDEBUG, "%08X", dirHeader[6].VirtualAddress);
    SendMessage(hDEBUG,WM_SETTEXT,0,(long)tDEBUG);

    HWND hDEBUG_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_DEBUG_SZ);
    TCHAR tDEBUG_SZ[10]={0};
    sprintf(tDEBUG_SZ, "%08X", dirHeader[6].Size);
    SendMessage(hDEBUG_SZ,WM_SETTEXT,0,(long)tDEBUG_SZ);

    HWND hARCHITECTURE = GetDlgItem(hwndDlg,IDC_ENTRY_ARCHITECTURE);
    TCHAR tARCHITECTURE[10]={0};
    sprintf(tARCHITECTURE, "%08X", dirHeader[7].VirtualAddress);
    SendMessage(hARCHITECTURE,WM_SETTEXT,0,(long)tARCHITECTURE);

    HWND hARCHITECTURE_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_ARCHITECTURE_SZ);
    TCHAR tARCHITECTURE_SZ[10]={0};
    sprintf(tARCHITECTURE_SZ, "%08X", dirHeader[7].Size);
    SendMessage(hARCHITECTURE_SZ,WM_SETTEXT,0,(long)tARCHITECTURE_SZ);

    HWND hGLOBALPTR = GetDlgItem(hwndDlg,IDC_ENTRY_GLOBALPTR);
    TCHAR tGLOBALPTR[10]={0};
    sprintf(tGLOBALPTR, "%08X", dirHeader[8].VirtualAddress);
    SendMessage(hGLOBALPTR,WM_SETTEXT,0,(long)tGLOBALPTR);

    HWND hGLOBALPTR_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_GLOBALPTR_SZ);
    TCHAR tGLOBALPTR_SZ[10]={0};
    sprintf(tGLOBALPTR_SZ, "%08X", dirHeader[8].Size);
    SendMessage(hGLOBALPTR_SZ,WM_SETTEXT,0,(long)tGLOBALPTR_SZ);

    HWND hTLS = GetDlgItem(hwndDlg,IDC_ENTRY_TLS);
    TCHAR tTLS[10]={0};
    sprintf(tTLS, "%08X", dirHeader[9].VirtualAddress);
    SendMessage(hTLS,WM_SETTEXT,0,(long)tTLS);

    HWND hTLS_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_TLS_SZ);
    TCHAR tTLS_SZ[10]={0};
    sprintf(tTLS_SZ, "%08X", dirHeader[9].Size);
    SendMessage(hTLS_SZ,WM_SETTEXT,0,(long)tTLS_SZ);

    HWND hCONFIG = GetDlgItem(hwndDlg,IDC_ENTRY_LOAD_CONFIG);
    TCHAR tCONFIG[10]={0};
    sprintf(tCONFIG, "%08X", dirHeader[10].VirtualAddress);
    SendMessage(hCONFIG,WM_SETTEXT,0,(long)tCONFIG);

    HWND hCONFIG_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_LOAD_CONFIG_SZ);
    TCHAR tCONFIG_SZ[10]={0};
    sprintf(tCONFIG_SZ, "%08X", dirHeader[10].Size);
    SendMessage(hCONFIG_SZ,WM_SETTEXT,0,(long)tCONFIG_SZ);

    HWND hBOUND = GetDlgItem(hwndDlg,IDC_ENTRY_BOUND_IMPORT);
    TCHAR tBOUND[10]={0};
    sprintf(tBOUND, "%08X", dirHeader[11].VirtualAddress);
    SendMessage(hBOUND,WM_SETTEXT,0,(long)tBOUND);

    HWND hBOUND_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_BOUND_IMPORT_SZ);
    TCHAR tBOUND_SZ[10]={0};
    sprintf(tBOUND_SZ, "%08X", dirHeader[11].Size);
    SendMessage(hBOUND_SZ,WM_SETTEXT,0,(long)tBOUND_SZ);

    HWND hIAT = GetDlgItem(hwndDlg,IDC_ENTRY_IAT);
    TCHAR tIAT[10]={0};
    sprintf(tIAT, "%08X", dirHeader[12].VirtualAddress);
    SendMessage(hIAT,WM_SETTEXT,0,(long)tIAT);

    HWND hIAT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_IAT_SZ);
    TCHAR tIAT_SZ[10]={0};
    sprintf(tIAT_SZ, "%08X", dirHeader[12].Size);
    SendMessage(hIAT_SZ,WM_SETTEXT,0,(long)tIAT_SZ);

    HWND hDELAY = GetDlgItem(hwndDlg,IDC_ENTRY_DELAY_IMPORT);
    TCHAR tDELAY[10]={0};
    sprintf(tDELAY, "%08X", dirHeader[13].VirtualAddress);
    SendMessage(hDELAY,WM_SETTEXT,0,(long)tDELAY);

    HWND hDELAY_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_DELAY_IMPORT_SZ);
    TCHAR tDELAY_SZ[10]={0};
    sprintf(tDELAY_SZ, "%08X", dirHeader[13].Size);
    SendMessage(hDELAY_SZ,WM_SETTEXT,0,(long)tDELAY_SZ);

    HWND hCOM = GetDlgItem(hwndDlg,IDC_ENTRY_COM_DESCRIPTOR);
    TCHAR tCOM[10]={0};
    sprintf(tCOM, "%08X", dirHeader[14].VirtualAddress);
    SendMessage(hCOM,WM_SETTEXT,0,(long)tCOM);

    HWND hCOM_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_COM_DESCRIPTOR_SZ);
    TCHAR tCOM_SZ[10]={0};
    sprintf(tCOM_SZ, "%08X", dirHeader[14].Size);
    SendMessage(hCOM_SZ,WM_SETTEXT,0,(long)tCOM_SZ);

    HWND hKEEP = GetDlgItem(hwndDlg,IDC_ENTRY_KEEP);
    TCHAR tKEEP[10]={0};
    sprintf(tKEEP, "%08X", dirHeader[15].VirtualAddress);
    SendMessage(hKEEP,WM_SETTEXT,0,(long)tKEEP);

    HWND hKEEP_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_KEEP_SZ);
    TCHAR tKEEP_SZ[10]={0};
    sprintf(tKEEP_SZ, "%08X", dirHeader[15].Size);
    SendMessage(hKEEP_SZ,WM_SETTEXT,0,(long)tKEEP_SZ);

    free(pFileBuffer);
    return TRUE;
}

以上是关于pe工具04-获取数据目录的主要内容,如果未能解决你的问题,请参考以下文章

Android 逆向使用 DB Browser 查看并修改 SQLite 数据库 ( 从 Android 应用数据目录中拷贝数据库文件 | 使用 DB Browser 工具查看数据块文件 )(代码片段

手写PE结构解析工具

python [片段]由LIEF转储PE表面信息

PE手动给PE文件添加一段代码MessageBoxA

病毒分析系列2 | 使用PE工具进行初步静态分析

常用python日期日志获取内容循环的代码片段