#include<stdio.h>
#include<Windows.h>
#include<fcntl.h>
#include<malloc.h>
#include<winnt.h>
void* fileBuf = NULL;
IMAGE_DOS_HEADER* DosHeader = NULL;
IMAGE_NT_HEADERS32* NT_HEADERS32 = NULL;
//拷贝可执行文件到内存,并获得开始的内存地址
void CopyFileToMemory(char* filename)
{
int file = open(filename,O_RDONLY);
SSIZE_T fileLength = lseek(file, 0L, SEEK_END);
if (fileLength == 0)
{
printf("获取文件长度失败\n");
exit(1);
}
fileBuf = (void*)malloc(fileLength);
if (fileBuf == NULL)
{
printf("分配内存失败\n");
exit(1);
}
//初始化,防止垃圾数据
memset(fileBuf, 0, fileLength);
lseek(file, 0L, SEEK_SET);
fileLength = read(file, fileBuf, fileLength);
if (fileLength == 0)
{
printf("写入文件到内存失败\n");
exit(1);
}
//关闭文件
close(file);
DosHeader = (IMAGE_DOS_HEADER*)fileBuf;
NT_HEADERS32 = (IMAGE_NT_HEADERS32*)((char *)fileBuf + DosHeader->e_lfanew);
}
void distory()
{
free(fileBuf);
}
int main(int argc, char* argv[])
{
CopyFileToMemory("C://CRACKME.EXE");
printf("e_lfanew is %x\n", DosHeader->e_lfanew);
printf("NT_HEADERS32 is %x\n", NT_HEADERS32->Signature);
printf("SectionsNumber is %d\n", NT_HEADERS32->FileHeader.NumberOfSections);
distory();
return 0;
}
网友评论