gpt4 book ai didi

c - 确定 MZ exe 结束位置和 LE/LX/PE 开始位置

转载 作者:行者123 更新时间:2023-12-03 02:02:16 24 4
gpt4 key购买 nike

我想知道确定 EXE 文件的 MZ 部分结束位置以及附加的扩展可执行文件开始位置(可以是 PE/LE/LX/NE/COFF 等...)的最佳方法是什么。

我找到了这个网站:http://www.delorie.com/djgpp/doc/exe/它试图解释它,但我从未得到预期的结果。我总是会得到超出实际 PE 或 LX 起始偏移量的偏移量。

// LXInfo.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

struct EXE {
unsigned short signature; /* == 0x5a4D */
unsigned short bytes_in_last_block;
unsigned short blocks_in_file;
unsigned short num_relocs;
unsigned short header_paragraphs;
unsigned short min_extra_paragraphs;
unsigned short max_extra_paragraphs;
unsigned short ss;
unsigned short sp;
unsigned short checksum;
unsigned short ip;
unsigned short cs;
unsigned short reloc_table_offset;
unsigned short overlay_number;
};

struct EXE_RELOC {
unsigned short offset;
unsigned short segment;
};


int _tmain(int argc, _TCHAR* argv[])
{
struct EXE header1;
char sFile[]="c:\\register.dll";
unsigned int extra_data_start;
char test;
FILE *fp;
fp = fopen(sFile, "rb");
fread(&header1,sizeof(struct EXE),1,fp);

//read the header
printf("EXE Signature: %x \n", header1.signature);
printf("Bytes in last block: %08x \n", header1.bytes_in_last_block);
printf("Blocks in file: %08x \n", header1.blocks_in_file);
printf("Number of relocations: %08x \n", header1.num_relocs);
printf("Header paragraphs: %08x \n", header1.header_paragraphs);
printf("Min. extra paragraphs: %08x \n", header1.min_extra_paragraphs);
printf("Max. extra paragraphs: %08x \n", header1.max_extra_paragraphs);
printf("Initial SS value: %08x \n", header1.ss);
printf("Initial SP value: %08x \n", header1.sp);
printf("Checksum value: %08x \n", header1.checksum);
printf("Initial CS value: %08x \n", header1.cs);
printf("Initial IP value: %08x \n", header1.ip);
printf("Relocation table offset: %08x \n", header1.reloc_table_offset);
printf("Overlay number: %x \n", header1.overlay_number);
printf("\n");
printf("Start of EXE data: %08x \n", header1.header_paragraphs * 16L);

//calculate end of MZ EXE, according to Delorie
extra_data_start = header1.blocks_in_file * 512L;
if (header1.bytes_in_last_block)
extra_data_start -= (512 - header1.bytes_in_last_block);

printf("End of EXE data: %08x \n", extra_data_start);

// let's read the first two bytes after the MZ EXE data. This should give us a P and E on windows, or L and X on OS/2...
fseek(fp,extra_data_start,SEEK_SET);
fread(&test,1,1,fp);
printf("test char: %c \n", test);
fread(&test,1,1,fp);
printf("test char: %c \n", test);

fclose(fp);
getch();
return 0;
}

最佳答案

阅读以下文章:An In-Depth Look into the Win32 Portable Executable File Format .
您还应该阅读 The Portable Executable File Format

例如,要获取 IMAGE_NT_HEADERS 的偏移量,您可以这样做:

IMAGE_DOS_HEADER* pdos = (IMAGE_DOS_HEADER*)peBuffer; 
IMAGE_NT_HEADERS* pnt = (IMAGE_NT_HEADERS*)((DWORD)pdos + pdos->e_lfanew);

关于c - 确定 MZ exe 结束位置和 LE/LX/PE 开始位置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8650538/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com