知识点:
01 PE结构中IMAGE_DATA_DIRECTORY 的详细解析步骤
[地址(RAW)范围:0x00000170 - 0x000001ef] [长度:80h] [数据目录表(16项,每个成员占8字节).]
[成员] [数据:RVA] [大小] [说明] [结构]
Export Table: 0x00000000 0x00000000 [ 导出表 ] [IMAGE_DIRECTORY_ENTRY_EXPORT]
Import Table: 0x00009D2C 0x000000B4 [ 导入表 ] [IMAGE_DIRECTORY_ENTRY_IMPORT]
Resources Table: 0x0000C000 0x00051070 [ 资源 ] [IMAGE_DIRECTORY_ENTRY_RESOURCE]
Exception Table: 0x00000000 0x00000000 [ 异常 ] [IMAGE_DIRECTORY_ENTRY_EXCEPTION]
Security Table: 0x00000000 0x00000000 [安全证书] [IMAGE_DIRECTORY_ENTRY_SECURITY]
Base relocation Table: 0x0005E000 0x000008E4 [重定位表] [IMAGE_DIRECTORY_ENTRY_BASERELOC]
Debug: 0x000091E0 0x0000001C [调试信息] [IMAGE_DIRECTORY_ENTRY_DEBUG]
Architecture(Copyrught): 0x00000000 0x00000000 [版权所有] [IMAGE_DIRECTORY_ENTRY_ARCHITECTURE(IMAGE_DIRECTORY_ENTRY_COPYRIGHT)]
Global Ptr: 0x00000000 0x00000000 [全局指针] [IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
Tread local storage(TLS): 0x00000000 0x00000000 [ TLS 表 ] [IMAGE_DIRECTORY_ENTRY_TLS]
Load configuration: 0x00009840 0x00000040 [加载配置] [IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
Bound Import: 0x00000000 0x00000000 [绑定导入] [IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
Import Address Table(IAT): 0x00009000 0x000001C4 [ IAT 表 ] [IMAGE_DIRECTORY_ENTRY_IAT]
Delay Import: 0x00000000 0x00000000 [延迟导入] [IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
COM descriptor: 0x00000000 0x00000000 [ COM ] [IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
保留: 0x00000000 0x00000000 [ 保留 ] [NULL]
02 编辑框的SendMessage
结果展示
详细实现代码(半夜 写的 眼睛都快花掉了..)
//初始化目录表信息
VOID SetDirectoryInfo(HWND hwndDlg,LPSTR lpszFile)
{
LPVOID pFileBuffer = NULL;
pFileBuffer= ReadPEFile(lpszFile);
if(!pFileBuffer)
{
//printf("文件读取失败\n");
MessageBox(0,TEXT("文件读取失败"),TEXT("读取文件错误"),0);
return;
}
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
PIMAGE_DATA_DIRECTORY DataDirectory=NULL;
//Header信息
pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
//定位Directory_Data;
DataDirectory = pOptionHeader->DataDirectory;
//IMAGE_DIRECTORY_ENTRY_EXPORT
//输出表
HWND hExportRva = GetDlgItem(hwndDlg,IDC_EDIT_EXPOER_RVA);
TCHAR tExporRva[10];
sprintf(tExporRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
SendMessage(hExportRva,WM_SETTEXT,0,(long)tExporRva);
HWND hExportSize = GetDlgItem(hwndDlg,IDC_EDIT_EXPOER_SIZE);
TCHAR tExportSize[10];
sprintf(tExportSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size);
SendMessage(hExportSize,WM_SETTEXT,0,(long)tExportSize);
//输入表
HWND hInputRva = GetDlgItem(hwndDlg,IDC_EDIT_INPUT_RVA);
TCHAR tInputRva[10];
sprintf(tInputRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
SendMessage(hInputRva,WM_SETTEXT,0,(long)tInputRva);
HWND hInputSize = GetDlgItem(hwndDlg,IDC_EDIT_INPUT_SIZE);
TCHAR tInputSize[10];
sprintf(tInputSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size);
SendMessage(hInputSize,WM_SETTEXT,0,(long)tInputSize);
//资源表
HWND hResRva = GetDlgItem(hwndDlg,IDC_EDIT_RES_RVA);
TCHAR tReRva[10];
sprintf(tReRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress);
SendMessage(hResRva,WM_SETTEXT,0,(long)tReRva);
HWND hResSize = GetDlgItem(hwndDlg,IDC_EDIT_RES_SIZE);
TCHAR tResSize[10];
sprintf(tResSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size);
SendMessage(hResSize,WM_SETTEXT,0,(long)tResSize);
//异常表
HWND hExceptionRva = GetDlgItem(hwndDlg,IDC_EDIT_EXCEPTION_RVA);
TCHAR tExceptionRva[10];
sprintf(tExceptionRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].VirtualAddress);
SendMessage(hExceptionRva,WM_SETTEXT,0,(long)tExceptionRva);
HWND hExceptionSize = GetDlgItem(hwndDlg,IDC_EDIT_EXCEPTION_SIZE);
TCHAR tExceptionSize[10];
sprintf(tExceptionSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].Size);
SendMessage(hExceptionSize,WM_SETTEXT,0,(long)tExceptionSize);
//安全
HWND hSecityRva = GetDlgItem(hwndDlg,IDC_EDIT_SECITY_RVA);
TCHAR tSecityRva[10];
sprintf(tSecityRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress);
SendMessage(hSecityRva,WM_SETTEXT,0,(long)tSecityRva);
HWND hSecitySize = GetDlgItem(hwndDlg,IDC_EDIT_SECITY_SIZE);
TCHAR tSecitySize[10];
sprintf(tSecitySize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size);
SendMessage(hSecitySize,WM_SETTEXT,0,(long)tSecitySize);
//重定位表
HWND hRelocRva = GetDlgItem(hwndDlg,IDC_EDIT_RELOC_RVA);
TCHAR tRelocRva[10];
sprintf(tRelocRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
SendMessage(hRelocRva,WM_SETTEXT,0,(long)tRelocRva);
HWND hRelocSize = GetDlgItem(hwndDlg,IDC_EDIT_RELOC_SIZE);
TCHAR tRelocSize[10];
sprintf(tRelocSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);
SendMessage(hRelocSize,WM_SETTEXT,0,(long)tRelocSize);
//调试
HWND hDebugRva = GetDlgItem(hwndDlg,IDC_EDIT_DEBUG_RVA);
TCHAR tDebugRva[10];
sprintf(tDebugRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress);
SendMessage(hDebugRva,WM_SETTEXT,0,(long)tDebugRva);
HWND hDebugSize = GetDlgItem(hwndDlg,IDC_EDIT_DEBUG_SIZE);
TCHAR tDebugSize[10];
sprintf(tDebugSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size);
SendMessage(hDebugSize,WM_SETTEXT,0,(long)tDebugSize);
//版权
HWND hCopyRightRva = GetDlgItem(hwndDlg,IDC_EDIT_COPYRIGHT_RVA);
TCHAR tCopyRightRva[10];
sprintf(tCopyRightRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].VirtualAddress);
SendMessage(hCopyRightRva,WM_SETTEXT,0,(long)tCopyRightRva);
HWND hCopyRightSize = GetDlgItem(hwndDlg,IDC_EDIT_COPYRIGHT_SIZE);
TCHAR tCopyRightSize[10];
sprintf(tCopyRightSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].Size);
SendMessage(hCopyRightSize,WM_SETTEXT,0,(long)tCopyRightSize);
//全局指针
HWND hGlobalPointRva = GetDlgItem(hwndDlg,IDC_EDIT_POINT_RVA);
TCHAR tGlobalPointRva[10];
sprintf(tGlobalPointRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].VirtualAddress);
SendMessage(hGlobalPointRva,WM_SETTEXT,0,(long)tGlobalPointRva);
HWND hGlobalPointSize = GetDlgItem(hwndDlg,IDC_EDIT_POINT_SIZE);
TCHAR tGlobalPointSize[10];
sprintf(tGlobalPointSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].Size);
SendMessage(hGlobalPointSize,WM_SETTEXT,0,(long)tGlobalPointSize);
//Tls
HWND hTlsRva = GetDlgItem(hwndDlg,IDC_EDIT_TLS_RVA);
TCHAR tTlsRva[10];
sprintf(tTlsRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress);
SendMessage(hTlsRva,WM_SETTEXT,0,(long)tTlsRva);
HWND hTlsize = GetDlgItem(hwndDlg,IDC_EDIT_TLS_SIZE);
TCHAR tTlsSize[10];
sprintf(tTlsSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size);
SendMessage(hTlsize,WM_SETTEXT,0,(long)tTlsSize);
//导入配置
HWND hConfigRva = GetDlgItem(hwndDlg,IDC_EDIT_LOADCONFIG_RVA);
TCHAR tConfigRva[10];
sprintf(tConfigRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress);
SendMessage(hConfigRva,WM_SETTEXT,0,(long)tConfigRva);
HWND hConfigsize = GetDlgItem(hwndDlg,IDC_EDIT_LOADCONFIG_SIZE);
TCHAR tConfigSize[10];
sprintf(tConfigSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size);
SendMessage(hConfigsize,WM_SETTEXT,0,(long)tConfigSize);
//绑定导入
HWND hBindRva = GetDlgItem(hwndDlg,IDC_EDIT_BINDIMPORT_RVA);
TCHAR tBindRva[10];
sprintf(tBindRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress);
SendMessage(hBindRva,WM_SETTEXT,0,(long)tBindRva);
HWND hBindsize = GetDlgItem(hwndDlg,IDC_EDIT_BINDIMPORT_SIZE);
TCHAR tBindSize[10];
sprintf(tBindSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size);
SendMessage(hBindsize,WM_SETTEXT,0,(long)tBindSize);
//IAT
HWND hIatRva = GetDlgItem(hwndDlg,IDC_EDIT_IAT_RVA);
TCHAR tIatRva[10];
sprintf(tIatRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress);
SendMessage(hIatRva,WM_SETTEXT,0,(long)tIatRva);
HWND hIatsize = GetDlgItem(hwndDlg,IDC_EDIT_IAT_SIZE);
TCHAR tIatSize[10];
sprintf(tIatSize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size);
SendMessage(hIatsize,WM_SETTEXT,0,(long)tIatSize);
//延迟导入
HWND hDelayRva = GetDlgItem(hwndDlg,IDC_EDIT_DELAY_IMPORT_RVA);
TCHAR tDelayRva[10];
sprintf(tDelayRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].VirtualAddress);
SendMessage(hDelayRva,WM_SETTEXT,0,(long)tDelayRva);
HWND hDelaysize = GetDlgItem(hwndDlg,IDC_EDIT_DELAY_IMPORT_SIZE);
TCHAR tDelaysize[10];
sprintf(tDelaysize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].Size);
SendMessage(hDelaysize,WM_SETTEXT,0,(long)tDelaysize);
//COM
HWND hCOMRva = GetDlgItem(hwndDlg,IDC_EDIT_COM_RVA);
TCHAR tCOMRva[10];
sprintf(tCOMRva,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress);
SendMessage(hCOMRva,WM_SETTEXT,0,(long)tCOMRva);
HWND hCOMsize = GetDlgItem(hwndDlg,IDC_EDIT_COM_SIZE);
TCHAR tCOMsize[10];
sprintf(tCOMsize,"%08X",DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size);
SendMessage(hCOMsize,WM_SETTEXT,0,(long)tCOMsize);
//保留
HWND hLeftRva = GetDlgItem(hwndDlg,IDC_EDIT_RETAIN_RVA);
TCHAR tLeftRva[10];
sprintf(tLeftRva,"%08X",DataDirectory[15].VirtualAddress);
SendMessage(hLeftRva,WM_SETTEXT,0,(long)tLeftRva);
HWND hLeftsize = GetDlgItem(hwndDlg,IDC_EDIT_RETAIN_SIZE);
TCHAR tLeftsize[10];
sprintf(tLeftsize,"%08X",DataDirectory[15].Size);
SendMessage(hLeftsize,WM_SETTEXT,0,(long)tLeftsize);
//释放内存
free(pFileBuffer);
}
0则评论给“PeTools开发(四)”