Hallo,
ich habe einen evtl seltenen Quellcode gefunden, mit dem man die Header einer PE Datei auslesen kann:
DOS-, NT- und Sectionheader.
Ich habe den Code nur auf das Auslesen der Header gekürzt, Credits gehen an w!cKed
ich habe einen evtl seltenen Quellcode gefunden, mit dem man die Header einer PE Datei auslesen kann:
DOS-, NT- und Sectionheader.
Ich habe den Code nur auf das Auslesen der Header gekürzt, Credits gehen an w!cKed
VB.NET-Quellcode
- 'all crediz to w!cKed
- Imports System.IO
- Imports System.Runtime.InteropServices
- Class PE_Header
- #Region "Structures"
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_DOS_HEADER
- Public e_magic As UInt16
- Public e_cblp As UInt16
- Public e_cp As UInt16
- Public e_crlc As UInt16
- Public e_cparhdr As UInt16
- Public e_minalloc As UInt16
- Public e_maxalloc As UInt16
- Public e_ss As UInt16
- Public e_sp As UInt16
- Public e_csum As UInt16
- Public e_ip As UInt16
- Public e_cs As UInt16
- Public e_lfarlc As UInt16
- Public e_ovno As UInt16
- <MarshalAs(UnmanagedType.ByValArray, SizeConst:=4)> _
- Public e_res1 As UInt16()
- Public e_oemid As UInt16
- Public e_oeminfo As UInt16
- <MarshalAs(UnmanagedType.ByValArray, SizeConst:=10)> _
- Public e_res2 As UInt16()
- Public e_lfanew As Int32
- End Structure
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_FILE_HEADER
- Public Machine As UInt16
- Public NumberOfSections As UInt16
- Public TimeDateStamp As UInt32
- Public PointerToSymbolTable As UInt32
- Public NumberOfSymbols As UInt32
- Public SizeOfOptionalHeader As UInt16
- Public Characteristics As UInt16
- End Structure
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_DATA_DIRECTORY
- Public VirtualAddress As UInt32
- Public Size As UInt32
- End Structure
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_OPTIONAL_HEADER32
- Public Magic As UInt16
- Public MajorLinkerVersion As [Byte]
- Public MinorLinkerVersion As [Byte]
- Public SizeOfCode As UInt32
- Public SizeOfInitializedData As UInt32
- Public SizeOfUninitializedData As UInt32
- Public AddressOfEntryPoint As UInt32
- Public BaseOfCode As UInt32
- Public BaseOfData As UInt32
- Public ImageBase As UInt32
- Public SectionAlignment As UInt32
- Public FileAlignment As UInt32
- Public MajorOperatingSystemVersion As UInt16
- Public MinorOperatingSystemVersion As UInt16
- Public MajorImageVersion As UInt16
- Public MinorImageVersion As UInt16
- Public MajorSubsystemVersion As UInt16
- Public MinorSubsystemVersion As UInt16
- Public Win32VersionValue As UInt32
- Public SizeOfImage As UInt32
- Public SizeOfHeaders As UInt32
- Public CheckSum As UInt32
- Public Subsystem As UInt16
- Public DllCharacteristics As UInt16
- Public SizeOfStackReserve As UInt32
- Public SizeOfStackCommit As UInt32
- Public SizeOfHeapReserve As UInt32
- Public SizeOfHeapCommit As UInt32
- Public LoaderFlags As UInt32
- Public NumberOfRvaAndSizes As UInt32
- <MarshalAs(UnmanagedType.ByValArray, SizeConst:=16)> _
- Public DataDirectory As IMAGE_DATA_DIRECTORY()
- End Structure
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_NT_HEADERS
- Public Signature As UInt32
- Public FileHeader As IMAGE_FILE_HEADER
- Public OptionalHeader As IMAGE_OPTIONAL_HEADER32
- End Structure
- <StructLayout(LayoutKind.Sequential)> _
- Private Structure IMAGE_SECTION_HEADER
- <MarshalAs(UnmanagedType.ByValArray, SizeConst:=8)> _
- Public Name As Byte()
- Public VirtualSize As UIntPtr
- Public VirtualAddress As UInteger
- Public SizeOfRawData As UInteger
- Public PointerToRawData As UInteger
- Public PointerToRelocations As UInteger
- Public PointerToLinenumbers As UInteger
- Public NumberOfRelocations As Short
- Public NumberOfLinenumbers As Short
- Public Characteristics As UInteger
- End Structure
- #End Region
- Public Function Get_PE_Header(ByVal sFilePath As String) As Boolean
- Dim DHD As New IMAGE_DOS_HEADER()
- Dim NHD As New IMAGE_NT_HEADERS()
- Dim SHD As New IMAGE_SECTION_HEADER()
- Dim iPointer As Integer = 0
- Dim lLastSectPos As Long = 0
- Dim lSize As Long = 0
- Dim lAlign As Long = 0
- Dim lDataSize As Long = 0
- Dim fBytes As Byte() = New Byte(-1) {}
- Try
- Dim bReader As New BinaryReader(New FileStream(sFilePath, FileMode.Open, FileAccess.Read))
- fBytes = bReader.ReadBytes(CInt(bReader.BaseStream.Length))
- bReader.Close()
- Catch
- End Try
- If fBytes.Length <= 0 Then
- Return False
- End If
- Dim gHandle As GCHandle = GCHandle.Alloc(fBytes, GCHandleType.Pinned)
- iPointer = gHandle.AddrOfPinnedObject().ToInt32()
- 'IMAGE_DOS_HEADER
- DHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer), GetType(IMAGE_DOS_HEADER)), IMAGE_DOS_HEADER)
- 'IMAGE_NT_HEADERS
- NHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer + DHD.e_lfanew), GetType(IMAGE_NT_HEADERS)), IMAGE_NT_HEADERS)
- If NHD.Signature <> 17744 OrElse DHD.e_magic <> 23117 Then
- Return False
- End If
- lLastSectPos = DHD.e_lfanew + Marshal.SizeOf(New IMAGE_NT_HEADERS()) + (NHD.FileHeader.NumberOfSections - 1) * Marshal.SizeOf(New IMAGE_SECTION_HEADER())
- 'IMAGE_SECTION_HEADER
- SHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer + lLastSectPos), GetType(IMAGE_SECTION_HEADER)), IMAGE_SECTION_HEADER)
- Return True
- End Function
- End Class
Für ein Mindestmaß an Rechtschreibung, Interpunktion und Majuskeln!
