简单PE文件读取

#include 
#include 
#include 
#include 

LPVOID ReadFile(LPSTR szFileName)
{
        FILE        *pFile = NULL;
        DWORD dwFileSize = 0;
        LPVOID        lpFileBuffer = NULL;

        pFile = fopen("I:chess.exe", "rb");
        if (!pFile)
        {
                printf("文件打开失败");
                return NULL;
        }
        //移动文件指针末尾 获取文件大小
        fseek(pFile, 0, 2);
        dwFileSize = ftell(pFile);
        fseek(pFile, 0, 0);
        //恢复文件指针 重新读取
        
        lpFileBuffer = malloc(dwFileSize);

        if (!lpFileBuffer)
        {
                printf("系统错误，分配内存错误");
                fclose(pFile);
                return NULL;
        }

        size_t n = fread(lpFileBuffer, dwFileSize, 1, pFile);

        if (!n)
        {
                printf("读取数据错误");
                free(lpFileBuffer);
                fclose(pFile);
                return NULL;
        }
        fclose(pFile);
        return lpFileBuffer;
}
void PrintNTHeaders()
{
        LPVOID pFileBuffer;
        PIMAGE_DOS_HEADER pDos_Header = NULL;
        PIMAGE_NT_HEADERS        pNT_Header = NULL;
        PIMAGE_FILE_HEADER        pFile_Hearder = NULL;
        PIMAGE_OPTIONAL_HEADER        pOptional_Header = NULL;
        PIMAGE_SECTION_HEADER        pSection_Header = NULL;
        char szSectionName[9] = { 0 };

        pFileBuffer = ReadFile("C:\\Users\\Administrator\\Desktop\\ICO取取取.exe");
        if (!pFileBuffer)
        {
                printf("读取失败");
                return ;
        }


        if (*((PWORD)pFileBuffer) !=                IMAGE_DOS_SIGNATURE)
        {
                printf("该文件非PE结构");
                free(pFileBuffer);
                return;
        }

        pDos_Header = (PIMAGE_DOS_HEADER)pFileBuffer;
        printf("********************DOC头********************\n");
        printf("MZ标志：%04x\n", pDos_Header->e_magic);
        printf("PE偏移：%08x\n", pDos_Header->e_lfanew);

        if (*((PDWORD)((DWORD)pFileBuffer + pDos_Header->e_lfanew)) != IMAGE_NT_SIGNATURE)
        {
                printf("不是有效的PE标志\n");
                free(pFileBuffer);
                return;
        }

        pNT_Header = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer + pDos_Header->e_lfanew);
        //打印NT头        
        printf("********************NT头********************\n");
        printf("NT：%08x\n", pNT_Header->Signature);
        pFile_Hearder = (PIMAGE_FILE_HEADER)(((DWORD)pNT_Header) + 4);
        printf("********************PE头********************\n");
        printf("PE：%04x\n", pFile_Hearder->Machine);
        printf("节的数量：%04x\n", pFile_Hearder->NumberOfSections);
        printf("SizeOfOptionalHeader：%04x\n", pFile_Hearder->SizeOfOptionalHeader);
        //可选PE头        
        pOptional_Header = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pFile_Hearder + IMAGE_SIZEOF_FILE_HEADER);
        printf("********************OPTIOIN_PE头********************\n");
        printf("OPTION_PE：%04x\n", pOptional_Header->Magic);

        
        pFile_Hearder->NumberOfSections;

        for (int x = 0; x < (40 * pFile_Hearder->NumberOfSections); x += 40)
        {
                pSection_Header = (PIMAGE_SECTION_HEADER)((DWORD)pFileBuffer + pDos_Header->e_lfanew + 24 + pFile_Hearder->SizeOfOptionalHeader + x);
                printf("********************Section_Header********************\n");
                memcpy(szSectionName, pSection_Header->Name, 8);
                szSectionName[8] = '\0';
                printf("%s\n", szSectionName);
                printf("%08x\n", pSection_Header->Misc);
                printf("%08x\n", pSection_Header->VirtualAddress);
                printf("%08x\n", pSection_Header->SizeOfRawData);
                printf("%08x\n", pSection_Header->PointerToRawData);
                printf("%08x\n", pSection_Header->PointerToRelocations);
                printf("%08x\n", pSection_Header->PointerToLinenumbers);
                printf("%04x\n", pSection_Header->NumberOfRelocations);
                printf("%04x\n", pSection_Header->NumberOfLinenumbers);
                printf("%08x\n", pSection_Header->Characteristics);
        }
        

        //释放内存        
        free(pFileBuffer);

}


int main()
{

        PrintNTHeaders();
        ReadFile("I:chess.exe");
        return 0;
}