生活随笔
收集整理的這篇文章主要介紹了
PE文件数字签名信息读取存储及格式具体解释图之上(历史代码,贴出学习)
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
// 注意下圖PE文件格式具體解釋圖中的
// IMAGE_NT_HEADERS------->OptionalHeader------>DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY]字段
#include <windows.h>
HANDLE hWriteFileHandle = NULL ;
HANDLE hReadFileHandle = NULL ;
HANDLE hFileMapping = NULL ;
LPVOID lpVoidFileBaseAddress = NULL ;
IMAGE_DOS_HEADER * lpidh_Dos_Header= NULL ;
IMAGE_NT_HEADERS * lpinh_NTHeader= NULL ; #define RETURN_FAIL -1
#define RETURN_SUCC 1typedef struct __DIGITAL_SIGNATURE_DATA_PARAM
{DWORD dwVirtulAddress;DWORD dwSize;
}SIGNATURE_DATA_PARAM,LPSIGNATURE_DATA_PARAM;#include <iostream>
using namespace std;void UsingFuction()
{cout<<"----------export cer from exe ------------>>"<<endl;cout<<"--EX:srcpath[*.exe] despath [*.cer]------->>"<<endl;cout<<"------------------------------------------>>"<<endl;
}
int main( int argc,char **argv)
{ switch (argc){case 1:cout<<"help using usage -h"<<endl;break;case 2:{if (strcmp(argv[1],"-h")){UsingFuction();return RETURN_FAIL;}}break;case 3:cout<<"all argument is ok"<<endl;break;default:cout<<"argument is error"<<endl;break;}if (argc!=3){UsingFuction();return RETURN_FAIL;}TCHAR* lpcerFilePath=argv[2];TCHAR* lpPeFilePath=argv[1];hReadFileHandle = CreateFile(lpPeFilePath, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL , OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, NULL ) ; if ( hReadFileHandle==INVALID_HANDLE_VALUE ) return RETURN_FAIL; hFileMapping = CreateFileMapping( hReadFileHandle, NULL , PAGE_READONLY, 0, 0, NULL ) ; if ( ! hFileMapping ) { CloseHandle( hReadFileHandle) ; return RETURN_FAIL; } lpVoidFileBaseAddress = MapViewOfFile( hFileMapping, FILE_MAP_READ, 0, 0, 0) ; if ( ! lpVoidFileBaseAddress ) { CloseHandle( hFileMapping) ; CloseHandle( hReadFileHandle) ; return RETURN_FAIL; } lpidh_Dos_Header = (IMAGE_DOS_HEADER* ) lpVoidFileBaseAddress; if ( lpidh_Dos_Header->e_magic!=IMAGE_DOS_SIGNATURE ) return RETURN_FAIL; lpinh_NTHeader=(IMAGE_NT_HEADERS*)((char*)lpVoidFileBaseAddress+lpidh_Dos_Header->e_lfanew) ; if ( lpinh_NTHeader->Signature!=IMAGE_NT_SIGNATURE ) return RETURN_FAIL; //SIGNATURE_DATA_PARAM sdp;sdp.dwVirtulAddress=lpinh_NTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress;sdp.dwSize=lpinh_NTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size;PBYTE pbBufferSignture=new byte[sdp.dwSize];DWORD dwReadedSize=0;SetFilePointer(hReadFileHandle,sdp.dwVirtulAddress,0,FILE_BEGIN);ReadFile(hReadFileHandle,pbBufferSignture,sdp.dwSize,&dwReadedSize,NULL);//hWriteFileHandle = CreateFile(lpcerFilePath, GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL ,CREATE_ALWAYS, FILE_ATTRIBUTE_ARCHIVE, NULL ) ; if ( hWriteFileHandle==INVALID_HANDLE_VALUE ) return RETURN_FAIL; DWORD dwWritedSize=0;WriteFile(hWriteFileHandle,pbBufferSignture,dwReadedSize,&dwWritedSize,NULL);WriteFile(hWriteFileHandle,&sdp.dwSize,sizeof(sdp.dwSize),&dwWritedSize,NULL);delete pbBufferSignture;UnmapViewOfFile( lpVoidFileBaseAddress) ; CloseHandle( hFileMapping); CloseHandle( hReadFileHandle); CloseHandle(hWriteFileHandle);return RETURN_SUCC;
}
PE文件格式具體解釋圖
轉(zhuǎn)載于:https://www.cnblogs.com/mengfanrong/p/5349251.html
總結(jié)
以上是生活随笔為你收集整理的PE文件数字签名信息读取存储及格式具体解释图之上(历史代码,贴出学习)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。
