Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Tags
- rfc5508
- packet filter
- vtable
- LOB
- edge trigger
- 취약점
- Compiler
- .net core 7
- 풀이
- mvwin
- doupdate
- ncurses
- epoll_wait
- NAPT
- 어셈블리어
- iptables
- wrefresh
- packet flow
- BOF
- cbpf
- level trigger
- DOCKER-USER
- ioctl
- architecture
- wnourefresh
- Docker
- epoll
- REDIS
- C언어
- .nret core 배포
Archives
- Today
- Total
Tuuna Computer Science
[C 언어] PE View tool 제작하기 (노가다 소스코드) 본문
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | /* PeView 만들기 */ #include <stdio.h> #include <string.h> //#include <winsock2.h> #include <windows.h> #include <winnt.h> //#pragma comment(lib,"ws2_32") int main(void) { int start_section; // 섹션의 시작점을 받기위한 변수 int tmp; //다음 시작 번지를 담음 int index = 0; //배열의 index long long int value[100];//파일내의 16진수값을 받기 위해 char* IMAGE_DOS_HEADER[2] = { "Signature","e_lfanew" }; char str[100] = { 0, }; //각 파일의 MZ나 PE등 특수한 문자를 받기 위해 char filename[20]; FILE* fp; printf("input your file! : "); scanf("%s", filename); //fgets(filename,20, stdin); fp = fopen(filename, "rt"); if (fp == NULL) { printf("ERROR\n"); exit(1); } //파일을 text형식으로 불렀을 때 문자열만 나옴 이거를 16진수로 변환해야 하는데 fseek(fp, 0, SEEK_SET); //처음 위치에 포인터 놓기 printf("====================IMAGE_DOS_HEADER====================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); for (int i = 0; i <= 0x3C; i += 2) { fseek(fp, i, SEEK_SET); if (i == 0x0 || i == 0x3C) { if (i == 0x3C) { fread(value, 4, 1, fp); printf(" 0x%X\t %.4X\t\t %s\n", i, *value, IMAGE_DOS_HEADER[index]); break; } fread(str, 2, 1, fp); printf(" 0x%X\t %X%X\t\t %s ==> %s\n", i, *(str + 1), *str, IMAGE_DOS_HEADER[index], str); index += 1; } else { continue; } } /*setting fseek value!*/ tmp = *value; //NT_HEADER의 위치를 넘김 //printf("%x\n",tmp); printf("\n===================MS-DOS Stub Program====================\n"); printf("[pFile]\t[Raw Data]\t\t\t\t[Value]\n"); int stub_index = 0; for (int i = 0x40; i<tmp; i = i + 0x8) { if (i % 0x10 == 0) { printf("0x%X\t", i); } fseek(fp, i, SEEK_SET); fread(value, 8, 1, fp); fread(str, 16, 1, fp); printf("%llX ", *value); stub_index += 1; if (stub_index % 2 == 0) { printf(" %s\n", str); } } printf("\n===================IMAGE_NT_HEADER===================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); fseek(fp, tmp, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s ==> %s\n", tmp, *value, "Signature", value); printf("\n===================IMAGE_FILE_HEADER===================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); fseek(fp, tmp + 4, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 4, *value, "Machine"); fseek(fp, tmp + 6, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 6, *value, "Number of Section"); fseek(fp, tmp + 20, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 20, *value, "Size of Optional Header"); fseek(fp, tmp + 22, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 22, *value, "Characteristics"); printf("\n===================IMAGE_OPTIONAL_HEADER===================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); /*setting fseek value!*/ tmp = tmp + 24; fseek(fp, tmp, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp, *value, "Magic"); fseek(fp, tmp + 16, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 16, *value, "Address of Entry Point"); fseek(fp, tmp + 20, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 20, *value, "Base of Code"); fseek(fp, tmp + 28, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 28, *value, "Image Base"); fseek(fp, tmp + 32, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 32, *value, "Section Alignment"); fseek(fp, tmp + 36, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 36, *value, "File Alignemnt"); fseek(fp, tmp + 56, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 56, *value, "Size of Image"); fseek(fp, tmp + 60, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 60, *value, "Size Of Header"); fseek(fp, tmp + 68, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 68, *value, "Subsystem"); fseek(fp, tmp + 92, SEEK_SET); fread(value, 2, 1, fp); printf("0x%X\t%.4X\t\t %s\n", tmp + 92, *value, "Number of Data Directories"); start_section = *value; tmp = tmp + 94 + (start_section * 8) + 10; //tmp는 text_section이다. printf("\n===================IMAGE_SRCTION_HEADER .text===================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); fseek(fp, tmp, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp, *value, "Virtual Size"); fseek(fp, tmp + 4, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 4, *value, "Virtual Address(RVA)"); fseek(fp, tmp + 8, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 8, *value, "Size of Raw Data"); fseek(fp, tmp + 12, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 12, *value, "Pointer to Raw Data"); tmp = tmp + 16 + 28 + 8 - 0xC; //setting section data header printf("\n===================IMAGE_SRCTION_HEADER .data===================\n"); printf("[pFile]\t[Data]\t\t[Description]\n"); //수정 tmp포인터를 다시받자 +28 fseek(fp, tmp, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp, *value, "Virtual Size"); fseek(fp, tmp + 4, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 4, *value, "Virtual Address(RVA)"); fseek(fp, tmp + 8, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 8, *value, "Size of Raw Data"); fseek(fp, tmp + 12, SEEK_SET); fread(value, 4, 1, fp); printf("0x%X\t%.8X\t %s\n", tmp + 12, *value, "Pointer to Raw Data"); getchar(); //각 각의 Pointer to Raw값을 통해 헥스덤프를 뜨자 return 0; //Number of Data Directories값을 통해 text섹션의 값을 알려나 ㅋ 더해보자 값을 얻고 } //일단 한 번 출력해보면서 값을 비교하자 일단 헤더는 동일하네 /* 이제 실행파일의 덤프를 뜰 수 있게 해보자 음 */ MY_PE_VIEW.cpp MY_PE_VIEW.exe | cs |
'C language' 카테고리의 다른 글
| [C Language] 배열없이 문자열의 빈도수 구하기 (0) | 2018.10.26 |
|---|---|
| 배열을 대상으로 만든 여러 사용자 정의 함수 (헤더파일 제작) (0) | 2018.10.26 |
| Logic_Game1 Aegis Royale ~ , ~ (0) | 2018.08.18 |
| [ C 언어 ] 포인터 처음 배울 때 보면 좋은 예제 (0) | 2018.08.05 |
| [ C 언어 ] 포인터를 사용해야 하는 이유 (0) | 2018.08.05 |
'C language' Related Articles
more
Comments