15,471
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
jesterjy 2008-06-07
- 打赏
- 举报
有注释的。哈哈!
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header;
HANDLE hFile;
HANDLE hMapping;
void *basepointer;
// 打开文件.
if ((hFile = CreateFile(szFileName, GENERIC_READ,
FILE_SHARE_READ,0,OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN,0)) == INVALID_HANDLE_VALUE)
{
MessageBox("can't open file");
return FALSE;
}
// 创建内存映射文件.
if (!(hMapping = CreateFileMapping(hFile,0,PAGE_READONLY|SEC_COMMIT,0,0,0)))
{
MessageBox("mapping failed");
CloseHandle(hFile);
return FALSE;
}
// 把文件头映象存入baseointer.
if (!(basepointer = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0)))
{
MessageBox("view failed");
CloseHandle(hMapping);
CloseHandle(hFile);
return FALSE;
}
IMAGE_DOS_HEADER * dos_head =(IMAGE_DOS_HEADER *)basepointer;
// 得到PE文件头.
_head = (IMAGE_FILE_HEADER *)((char *)dos_head + dos_head->e_lfanew);
// 得到OEP地址.
DWORD dwOEP=header->opt_head.AddressOfEntryPoint;
// 清除内存映射和关闭文件.
UnmapViewOfFile(basepointer);
CloseHandle(hMapping);
CloseHandle(hFile);
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header;
HANDLE hFile;
HANDLE hMapping;
void *basepointer;
// 打开文件.
if ((hFile = CreateFile(szFileName, GENERIC_READ,
FILE_SHARE_READ,0,OPEN_EXISTING,
FILE_FLAG_SEQUENTIAL_SCAN,0)) == INVALID_HANDLE_VALUE)
{
MessageBox("can't open file");
return FALSE;
}
// 创建内存映射文件.
if (!(hMapping = CreateFileMapping(hFile,0,PAGE_READONLY|SEC_COMMIT,0,0,0)))
{
MessageBox("mapping failed");
CloseHandle(hFile);
return FALSE;
}
// 把文件头映象存入baseointer.
if (!(basepointer = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0)))
{
MessageBox("view failed");
CloseHandle(hMapping);
CloseHandle(hFile);
return FALSE;
}
IMAGE_DOS_HEADER * dos_head =(IMAGE_DOS_HEADER *)basepointer;
// 得到PE文件头.
_head = (IMAGE_FILE_HEADER *)((char *)dos_head + dos_head->e_lfanew);
// 得到OEP地址.
DWORD dwOEP=header->opt_head.AddressOfEntryPoint;
// 清除内存映射和关闭文件.
UnmapViewOfFile(basepointer);
CloseHandle(hMapping);
CloseHandle(hFile);
孤客天涯 2008-06-06
- 打赏
- 举报
樓主在研究病毒?
孤客天涯 2008-06-06
- 打赏
- 举报
if(file.Open(csFilename,CFile::modeReadWrite|CFile::shareDenyRead))
{
file.SeekToBegin();
file.Read(&dosHeader,sizeof(IMAGE_DOS_HEADER));
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Read(&ntHeader,sizeof(IMAGE_NT_HEADERS));
//记录原来的入口地址等
dwitImageBase = ntHeader.OptionalHeader.ImageBase ;
dwitImageEntryPoint = ntHeader.OptionalHeader.AddressOfEntryPoint;//入口地址
dwitImportTableEntryPoint = ntHeader.OptionalHeader.DataDirectory[1].VirtualAddress ;
{
file.SeekToBegin();
file.Read(&dosHeader,sizeof(IMAGE_DOS_HEADER));
file.Seek(dosHeader.e_lfanew,CFile::begin);
file.Read(&ntHeader,sizeof(IMAGE_NT_HEADERS));
//记录原来的入口地址等
dwitImageBase = ntHeader.OptionalHeader.ImageBase ;
dwitImageEntryPoint = ntHeader.OptionalHeader.AddressOfEntryPoint;//入口地址
dwitImportTableEntryPoint = ntHeader.OptionalHeader.DataDirectory[1].VirtualAddress ;
zhengq06 2008-06-06
- 打赏
- 举报
观注, 正好也在学习这个.
cnzdgs 2008-06-06
- 打赏
- 举报
GetModuleHandle返回的HMODULE就是程序的可执行文件装入内存的开始地址。
