PE-INFO

PEInfo:（目标）
(1).独立开发PE分析和修改工具, 并将包含代码的节内容反汇编显示出来.

http://www.anqn.com/jiamijiemi/gongjujiqiao/2008-11-04/a09103385.shtml
(2).运用进程调试知识, 显示目标程序所运行的指令序列.

 

(1):

pe分析
#include <windos.h>
int main(int argc ,char* argv[])
     {
        if (argc<2)return 1;
        char* pFileName=argv[1];
            if(pFileName)
               { FILE * filept=fopen(pFileName,"r");
                  IMAGE_DOS_HEADER dosHdr;
                  IMAGE_NT_HEADER    ntHdr;
                  if(filept)
                    { fread(&dosHdr,sizeof(IMAGE_DOS_HEADER,1,filept);//read dos header
                       fseek(fliept,dosHdr.e_lfanew,SEEK_SET);  //seek to nt header
                       fread(&ntHdr,sizeof(IMAGE_NT_HEADER,1,filept); //read from nt header
                       if ((dosHdr.e_magic==IMAGE_DOS_SIGNATURE)&&(ntHdr.sinature==IMAGE_NT_SIGNATURE ))
   //two of pe fields should be.
                           printf("%s is PE /n",pFileName);
                      else
                           printf("%s is not PE /n",pFileName);
                    }
                 else
                 printf("open  %s error ./n",pFileName);
              }              
     return 0;
     }

 (2)

PE修改

a.使用pe_editor工具来通过添加新节来修改pe文件。

b. c++编程实现修改pe文件