pe工具04-获取数据目录
Posted shiningarmor
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了pe工具04-获取数据目录相关的知识,希望对你有一定的参考价值。
要实现这样一个窗口,点击目录按钮弹出窗口,显示pe结构的目录项;
画一个窗口,然后解析pe的数据目录,将得到的值用sendmessage放入输入框即可;
没什么难度,但是数据太多麻烦;
实现代码:
//解析数据目录文件 BOOL getDirInfo(HWND hwndDlg){ LPVOID pFileBuffer = NULL; PIMAGE_DOS_HEADER pDosHeader = NULL; //dos头指针 PIMAGE_FILE_HEADER peHeader = NULL; //pe头指针 PIMAGE_OPTIONAL_HEADER32 opHeader = NULL; //可选pe头指针 PIMAGE_DATA_DIRECTORY dirHeader = NULL; //数据目录指针 //将文件读入内存 readPeFile(szFileName, &pFileBuffer); if(!pFileBuffer){ return FALSE; } //给pe头结构指针赋值 pDosHeader = (PIMAGE_DOS_HEADER) pFileBuffer; peHeader = (PIMAGE_FILE_HEADER)((DWORD)pFileBuffer + pDosHeader->e_lfanew + 4); opHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)peHeader + IMAGE_SIZEOF_FILE_HEADER); dirHeader = opHeader->DataDirectory; //给子窗口赋值 HWND hEXPORT = GetDlgItem(hwndDlg,IDC_ENTRY_EXPORT); TCHAR tEXPORT[10]={0}; sprintf(tEXPORT, "%08X", dirHeader[0].VirtualAddress); SendMessage(hEXPORT,WM_SETTEXT,0,(long)tEXPORT); HWND hEXPORT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_EXPORT_SZ); TCHAR tEXPORT_SZ[10]={0}; sprintf(tEXPORT_SZ, "%08X", dirHeader[0].Size); SendMessage(hEXPORT_SZ,WM_SETTEXT,0,(long)tEXPORT_SZ); HWND hIMPORT = GetDlgItem(hwndDlg,IDC_ENTRY_IMPORT); TCHAR tIMPORT[10]={0}; sprintf(tIMPORT, "%08X", dirHeader[1].VirtualAddress); SendMessage(hIMPORT,WM_SETTEXT,0,(long)tIMPORT); HWND hIMPORT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_IMPORT_SZ); TCHAR tIMPORT_SZ[10]={0}; sprintf(tIMPORT_SZ, "%08X", dirHeader[1].Size); SendMessage(hIMPORT_SZ,WM_SETTEXT,0,(long)tIMPORT_SZ); HWND hENTRY_RESOURCE = GetDlgItem(hwndDlg,IDC_ENTRY_RESOURCE); TCHAR tENTRY_RESOURCE[10]={0}; sprintf(tENTRY_RESOURCE, "%08X", dirHeader[2].VirtualAddress); SendMessage(hENTRY_RESOURCE,WM_SETTEXT,0,(long)tENTRY_RESOURCE); HWND hENTRY_RESOURCE_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_RESOURCE_SZ); TCHAR tENTRY_RESOURCE_SZ[10]={0}; sprintf(tENTRY_RESOURCE_SZ, "%08X", dirHeader[2].Size); SendMessage(hENTRY_RESOURCE_SZ,WM_SETTEXT,0,(long)tENTRY_RESOURCE_SZ); HWND hEXCEPTION = GetDlgItem(hwndDlg,IDC_ENTRY_EXCEPTION); TCHAR tEXCEPTION[10]={0}; sprintf(tEXCEPTION, "%08X", dirHeader[3].VirtualAddress); SendMessage(hEXCEPTION,WM_SETTEXT,0,(long)tEXCEPTION); HWND hEXCEPTION_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_EXCEPTION_SZ); TCHAR tEXCEPTION_SZ[10]={0}; sprintf(tEXCEPTION_SZ, "%08X", dirHeader[3].Size); SendMessage(hEXCEPTION_SZ,WM_SETTEXT,0,(long)tEXCEPTION_SZ); HWND hSECURITY = GetDlgItem(hwndDlg,IDC_ENTRY_SECURITY); TCHAR tSECURITY[10]={0}; sprintf(tSECURITY, "%08X", dirHeader[4].VirtualAddress); SendMessage(hSECURITY,WM_SETTEXT,0,(long)tSECURITY); HWND hSECURITY_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_SECURITY_SZ); TCHAR tSECURITY_SZ[10]={0}; sprintf(tSECURITY_SZ, "%08X", dirHeader[4].Size); SendMessage(hSECURITY_SZ,WM_SETTEXT,0,(long)tSECURITY_SZ); HWND hRELOC = GetDlgItem(hwndDlg,IDC_ENTRY_BASERELOC); TCHAR tRELOC[10]={0}; sprintf(tRELOC, "%08X", dirHeader[5].VirtualAddress); SendMessage(hRELOC,WM_SETTEXT,0,(long)tRELOC); HWND hRELOC_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_BASERELOC_SZ); TCHAR tRELOC_SZ[10]={0}; sprintf(tRELOC_SZ, "%08X", dirHeader[5].Size); SendMessage(hRELOC_SZ,WM_SETTEXT,0,(long)tRELOC_SZ); HWND hDEBUG = GetDlgItem(hwndDlg,IDC_ENTRY_DEBUG); TCHAR tDEBUG[10]={0}; sprintf(tDEBUG, "%08X", dirHeader[6].VirtualAddress); SendMessage(hDEBUG,WM_SETTEXT,0,(long)tDEBUG); HWND hDEBUG_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_DEBUG_SZ); TCHAR tDEBUG_SZ[10]={0}; sprintf(tDEBUG_SZ, "%08X", dirHeader[6].Size); SendMessage(hDEBUG_SZ,WM_SETTEXT,0,(long)tDEBUG_SZ); HWND hARCHITECTURE = GetDlgItem(hwndDlg,IDC_ENTRY_ARCHITECTURE); TCHAR tARCHITECTURE[10]={0}; sprintf(tARCHITECTURE, "%08X", dirHeader[7].VirtualAddress); SendMessage(hARCHITECTURE,WM_SETTEXT,0,(long)tARCHITECTURE); HWND hARCHITECTURE_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_ARCHITECTURE_SZ); TCHAR tARCHITECTURE_SZ[10]={0}; sprintf(tARCHITECTURE_SZ, "%08X", dirHeader[7].Size); SendMessage(hARCHITECTURE_SZ,WM_SETTEXT,0,(long)tARCHITECTURE_SZ); HWND hGLOBALPTR = GetDlgItem(hwndDlg,IDC_ENTRY_GLOBALPTR); TCHAR tGLOBALPTR[10]={0}; sprintf(tGLOBALPTR, "%08X", dirHeader[8].VirtualAddress); SendMessage(hGLOBALPTR,WM_SETTEXT,0,(long)tGLOBALPTR); HWND hGLOBALPTR_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_GLOBALPTR_SZ); TCHAR tGLOBALPTR_SZ[10]={0}; sprintf(tGLOBALPTR_SZ, "%08X", dirHeader[8].Size); SendMessage(hGLOBALPTR_SZ,WM_SETTEXT,0,(long)tGLOBALPTR_SZ); HWND hTLS = GetDlgItem(hwndDlg,IDC_ENTRY_TLS); TCHAR tTLS[10]={0}; sprintf(tTLS, "%08X", dirHeader[9].VirtualAddress); SendMessage(hTLS,WM_SETTEXT,0,(long)tTLS); HWND hTLS_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_TLS_SZ); TCHAR tTLS_SZ[10]={0}; sprintf(tTLS_SZ, "%08X", dirHeader[9].Size); SendMessage(hTLS_SZ,WM_SETTEXT,0,(long)tTLS_SZ); HWND hCONFIG = GetDlgItem(hwndDlg,IDC_ENTRY_LOAD_CONFIG); TCHAR tCONFIG[10]={0}; sprintf(tCONFIG, "%08X", dirHeader[10].VirtualAddress); SendMessage(hCONFIG,WM_SETTEXT,0,(long)tCONFIG); HWND hCONFIG_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_LOAD_CONFIG_SZ); TCHAR tCONFIG_SZ[10]={0}; sprintf(tCONFIG_SZ, "%08X", dirHeader[10].Size); SendMessage(hCONFIG_SZ,WM_SETTEXT,0,(long)tCONFIG_SZ); HWND hBOUND = GetDlgItem(hwndDlg,IDC_ENTRY_BOUND_IMPORT); TCHAR tBOUND[10]={0}; sprintf(tBOUND, "%08X", dirHeader[11].VirtualAddress); SendMessage(hBOUND,WM_SETTEXT,0,(long)tBOUND); HWND hBOUND_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_BOUND_IMPORT_SZ); TCHAR tBOUND_SZ[10]={0}; sprintf(tBOUND_SZ, "%08X", dirHeader[11].Size); SendMessage(hBOUND_SZ,WM_SETTEXT,0,(long)tBOUND_SZ); HWND hIAT = GetDlgItem(hwndDlg,IDC_ENTRY_IAT); TCHAR tIAT[10]={0}; sprintf(tIAT, "%08X", dirHeader[12].VirtualAddress); SendMessage(hIAT,WM_SETTEXT,0,(long)tIAT); HWND hIAT_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_IAT_SZ); TCHAR tIAT_SZ[10]={0}; sprintf(tIAT_SZ, "%08X", dirHeader[12].Size); SendMessage(hIAT_SZ,WM_SETTEXT,0,(long)tIAT_SZ); HWND hDELAY = GetDlgItem(hwndDlg,IDC_ENTRY_DELAY_IMPORT); TCHAR tDELAY[10]={0}; sprintf(tDELAY, "%08X", dirHeader[13].VirtualAddress); SendMessage(hDELAY,WM_SETTEXT,0,(long)tDELAY); HWND hDELAY_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_DELAY_IMPORT_SZ); TCHAR tDELAY_SZ[10]={0}; sprintf(tDELAY_SZ, "%08X", dirHeader[13].Size); SendMessage(hDELAY_SZ,WM_SETTEXT,0,(long)tDELAY_SZ); HWND hCOM = GetDlgItem(hwndDlg,IDC_ENTRY_COM_DESCRIPTOR); TCHAR tCOM[10]={0}; sprintf(tCOM, "%08X", dirHeader[14].VirtualAddress); SendMessage(hCOM,WM_SETTEXT,0,(long)tCOM); HWND hCOM_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_COM_DESCRIPTOR_SZ); TCHAR tCOM_SZ[10]={0}; sprintf(tCOM_SZ, "%08X", dirHeader[14].Size); SendMessage(hCOM_SZ,WM_SETTEXT,0,(long)tCOM_SZ); HWND hKEEP = GetDlgItem(hwndDlg,IDC_ENTRY_KEEP); TCHAR tKEEP[10]={0}; sprintf(tKEEP, "%08X", dirHeader[15].VirtualAddress); SendMessage(hKEEP,WM_SETTEXT,0,(long)tKEEP); HWND hKEEP_SZ = GetDlgItem(hwndDlg,IDC_ENTRY_KEEP_SZ); TCHAR tKEEP_SZ[10]={0}; sprintf(tKEEP_SZ, "%08X", dirHeader[15].Size); SendMessage(hKEEP_SZ,WM_SETTEXT,0,(long)tKEEP_SZ); free(pFileBuffer); return TRUE; }
以上是关于pe工具04-获取数据目录的主要内容,如果未能解决你的问题,请参考以下文章
Android 逆向使用 DB Browser 查看并修改 SQLite 数据库 ( 从 Android 应用数据目录中拷贝数据库文件 | 使用 DB Browser 工具查看数据块文件 )(代码片段