简单PE类代码

三个文件分别是类定义文件pefile.h;类实现文件pefile.cpp;类调用文件petype.cpp.
#ifndef PE_FILE_H
#define PE_FILE_H
#include "windows.h"

#define ISMZHEADER            (*(WORD*)File_memory == 0x5a4d)
#define ISPEHEADER            (*(WORD*)((BYTE*)File_memory + *(DWORD*)((BYTE*)File_memory + 0x3c)) == 0x4550)
#define ISPE32MAGIC            (*(WORD*)((BYTE*)File_memory + *(DWORD*)((BYTE*)File_memory + 0x3c) + sizeof(IMAGE_FILE_HEADER) + 4) == 0x10b)
#define ISPE64MAGIC            (*(WORD*)((BYTE*)File_memory + *(DWORD*)((BYTE*)File_memory + 0x3c) + sizeof(IMAGE_FILE_HEADER) + 4) == 0x20b)
#define ISPEROMMAGIC        (*(WORD*)((BYTE*)File_memory + *(DWORD*)((BYTE*)File_memory + 0x3c) + sizeof(IMAGE_FILE_HEADER) + 4) == 0x107)


#define X_PE_32                32
#define X_PE_64                64

#define    READ_ERRO            0x0
#define    NOT_PE_FILE            0x200
#define    PE_FILE                0x100
#define    PE64_FILE            0x40
#define    PE32_FILE            0x20
#define    ROM_IMAGE            0x10
#define    EXE_FILE            0x8
#define    DLL_FILE            0x4
#define    SYS_FILE            0x2
#define    OTHER_FILE            0x1

typedef struct X_IMAGE_NT_HEADERS32 {
    DWORD Signature;
    IMAGE_FILE_HEADER FileHeader;
    IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} MX_IMAGE_NT_HEADERS32;

typedef struct X_IMAGE_NT_HEADERS64 {
    DWORD Signature;
    IMAGE_FILE_HEADER FileHeader;
    IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} MX_IMAGE_NT_HEADERS64;

typedef struct X_IMAGE_NT_HEADERS {
    DWORD systembit;
    union {
        MX_IMAGE_NT_HEADERS32* Ntheader32;
        MX_IMAGE_NT_HEADERS64* Ntheader64;
    };
} MX_IMAGE_NT_HEADERS;

typedef struct X_IMPORT_FUNCTION {
    union{
        DWORD Flag32;
        UINT64 Flag64;
    }uf;
    union {
        DWORD* FunOrdinal32;
        UINT64* FunOrdinal64;
        char* FunName;
    }ud;
} MX_IMPORT_FUNCTION;

typedef struct X_EXPORT_FUNCTION {
    DWORD Flag;
    union {
        DWORD FunOrdinal;
        char* FunName;
    }ud;
} MX_EXPORT_FUNCTION;

typedef struct X_RESOURCE_TYPE {
    DWORD Flag;
    union {
        DWORD ResourceID;
        char* ResourceName;
    }u;
} MX_RESOURCE_TYPE;


class XPEFILE
{
public:
    XPEFILE(char* lpFileName);
    virtual ~XPEFILE();
    int GetType();
    int GetSize();
    IMAGE_DOS_HEADER* GetDosHeader();
    IMAGE_FILE_HEADER* GetFileHeader();
    VOID GetNTHeader(MX_IMAGE_NT_HEADERS* ntheader);
    IMAGE_SECTION_HEADER* GetSectionInfo();
    int Rva2Raw(DWORD* lpaddress);
    int Raw2Rva(DWORD* lpaddress);
    int CheckImportDll(char* dllname);
    int CheckImportFun(char* dllname, MX_IMPORT_FUNCTION* importfun);
    int CheckExportFun(MX_EXPORT_FUNCTION* exportfun);
    IMAGE_RESOURCE_DATA_ENTRY* GetFileResource(MX_RESOURCE_TYPE* resourcetype1, MX_RESOURCE_TYPE* resourcetype2);
    

private:
    void* File_memory;
    int File_size;
    int File_type;
};

#endif
pefile.h

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode