Birkaç dizinleri taramak ve bulunan yürütülebilir hakkında bilgi ayıklar bir yazılım oluşturmak zorunda C++

Question

kullanarak bir Windows çalıştırılabilir (.exe) hakkında bilgi almak için nasıl.

iki şey yapmak gerekir: Belirli bir dosya (.exe, .dll ve benzeri) bir çalıştırılabilir ise

• belirleme - uzantısını kontrol edilmesi muhtemelen yeterince iyi değil.
• Bu yürütülebilir dosya hakkında bilgi edinin (şirket adı, ürün adı, vb.).

Bunu daha önce hiç yapmadım ve bu nedenle bunu yapmak için bir Windows API (veya hafif C/C++ kitaplığı) bulunup bulunmadığının veya hatta mümkün olup olmadığının farkında değilim. Sanırım öyle, çünkü explorer.exe bunu yapıyor.

siz doğru yönde bana gelin bir şey biliyor musunuz?

Yardımlarınız için çok teşekkür ederim. istediğiniz kadar

Answer 1

Sen PE File Format kadarını doğrulayabilir. İsterseniz, PE file signature için de kontrol edebilirsiniz. Daha sonra şirket adı, ürün adı, sürüm numarası vb. Almak için File Version API'u kullanabilirsiniz.

Answer 2

İkinci görev için this CodeProject article which wraps the file version API bulabilirsiniz. Bir dosyanın yürütülebilir olduğunu kontrol etmek için muhtemelen PE headers'u ayrıştırmak istersiniz.

Answer 3

değil tüm yürütülebilir PE dosyalar şunlardır: örneğin toplu/komut dosyaları çalıştırılabilir (duygusu) şunlardır DOS formatlı yürütülebilir gibi.

Answer 4

kontrol bu kod ve ur ihtiyaçlarına göre modifiye ....

/* 


        Program to dump the PE,DOS headers and Hex Dump of particular section 
                     Sat 03/24/2007 
                      by 
                    K.Vineel Kumar Reddy 
                     In VC++ 6.0 


        ref : http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx 
        tools used : Hiew 



        BRIEF VIEW OF PE FILE 

       .----------------------. 
       |      | 
       | Other stuff not | 
       | touched in this | 
       | program   | 
       |      | 
       |----------------------| 
       |      | 
       | Various Section like | 
       |  .....   | 
       |  .....   | 
     .------>|  .reloc   | 
     | .---->|  .idata   | 
     | | .-->|  .data   | 
     | | | .>|  .text   | 
     | | | | |----------------------| 
     '-|-|-|-|      | <--- Each entry in section table have pointer 
      '-|-|-|   Section  |  offsets to actual sections 
      '-|-|  Header or Table | 
       '-|      |  ---.----------------. 
       |----------------------|-----/ | PE Optional | 1) ImageBase 
       |      |   | Header  | 
       |      |   |    | 
       |  NT Headers |   |----------------| 
       |      |   |  COFF/PE | 1) NumberOfSections 
       |      |   | Header Info | 2) SizeOfOptionalHeader 
       |----------------------|----- |----------------| 
       |   UNUSED  |  \ | PE Signature | 
       |----------------------|  ---'----------------' 
       |  MS-DOS stub  | 
       |----------------------| 
       |   UNUSED  | 
       |----------------------| 
       |  MS-DOS Header | <-- Here at 0x3c location we have the offset of NT Header 
       '----------------------' 


Structres related to these exe headers 
-------------------------------------- 
1) MS-DOS Header ---> IMAGE_DOS_HEADER 
2) NT Header  ---> IMAGE_NT_HEADERS --->contain 
              --->IMAGE_FILE_HEADER dealing with COFF/PE Header 
              --->IMAGE_OPTIONAL_HEADER dealing with Optional PE Header 

3) Section Table ---> IMAGE_SECTION_HEADER 

Key Points 
---------- 

    dosHeader = Memory mapped base address 
    ntHeader = (IMAGE_NT_HEADER)((DWORD)dosHeader + dosHeader->e_lfanew) 
    sectionHeader = (IMAGE_SECTION_HEADER)((DWORD)ntHeader + OFFSET(OptionalHeader) + sizeof(OptionalHeader)) 
    each section = (char *)((DWORD)dosHeader + sectionHeader.PointerToRawData) 


                     ASCII ART by 
                     Vineel :) 

*/ 









#include<stdio.h> 
#include<windows.h> 
#include<time.h> 
#include<tchar.h> 

void Help() 
{ 
    printf("\nUsage \ntest <path to exe file> [ -h <section> ]\n"); 
} 
void HexDump(char * p ,int size,int secAddress) 
{ 
    int i=1,temp=0; 
    wchar_t buf[18];  //Buffer to store the character dump displayed at the right side 
    printf("\n\n%x: |",secAddress); 

    buf[temp] = ' ' ; //initial space 
    buf[temp+16] = ' ' ; //final space 
    buf[temp+17] = 0 ; //End of buf 
    temp++;    //temp = 1; 
    for(; i <= size ; i++, p++,temp++) 
    { 
     buf[temp] = !iswcntrl((*p)&0xff)? (*p)&0xff :'.'; 
     printf("%-3.2x",(*p)&0xff); 

     if(i%16 == 0){ //print the chracter dump to the right  
      _putws(buf); 
      if(i+1<=size)printf("%x: ",secAddress+=16); 
      temp=0; 
     } 
     if(i%4==0)printf("|"); 
    } 
    if(i%16!=0){ 
     buf[temp]=0; 
     for(;i%16!=0;i++) 
      printf("%-3.2c",' '); 
     _putws(buf); 
    } 
} 

main(int argc , char ** argv){ 

    int i=0; 
    HANDLE hMapObject,hFile;   //File Mapping Object 
    LPVOID lpBase;      //Pointer to the base memory of mapped file 
    PIMAGE_DOS_HEADER dosHeader;  //Pointer to DOS Header 
    PIMAGE_NT_HEADERS ntHeader;   //Pointer to NT Header 
    IMAGE_FILE_HEADER header;   //Pointer to image file header of NT Header 
    IMAGE_OPTIONAL_HEADER opHeader;  //Optional Header of PE files present in NT Header structure 
    PIMAGE_SECTION_HEADER pSecHeader; //Section Header or Section Table Header 
    if(argc>1){ 

     //Open the Exe File 
     hFile = CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); 
     if(hFile == INVALID_HANDLE_VALUE){printf("\nERROR : Could not open the file specified\n"); goto info;}; 

     //Mapping Given EXE file to Memory 
     hMapObject = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL); 
     lpBase = MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0); 

     //Get the DOS Header Base 
     dosHeader = (PIMAGE_DOS_HEADER)lpBase;// 0x04000000 

     //Check for Valid DOS file 
     if(dosHeader->e_magic == IMAGE_DOS_SIGNATURE){ 
      //Dump the Dos Header info 
      printf("\nValid Dos Exe File\n------------------\n"); 
      printf("\nDumping DOS Header Info....\n---------------------------"); 
      printf("\n%-36s%s ","Magic number : ",dosHeader->e_magic==0x5a4d?"MZ(Mark Zbikowski)":"-"); 
      printf("\n%-36s%#x","Bytes on last page of file :",dosHeader->e_cblp); 
      printf("\n%-36s%#x","Pages in file : ",dosHeader->e_cp); 
      printf("\n%-36s%#x","Relocation : ",dosHeader->e_crlc); 
      printf("\n%-36s%#x","Size of header in paragraphs : ",dosHeader->e_cparhdr); 
      printf("\n%-36s%#x","Minimum extra paragraphs needed : ",dosHeader->e_minalloc); 
      printf("\n%-36s%#x","Maximum extra paragraphs needed : ",dosHeader->e_maxalloc); 
      printf("\n%-36s%#x","Initial (relative) SS value : ",dosHeader->e_ss); 
      printf("\n%-36s%#x","Initial SP value : ",dosHeader->e_sp); 
      printf("\n%-36s%#x","Checksum : ",dosHeader->e_csum); 
      printf("\n%-36s%#x","Initial IP value : ",dosHeader->e_ip); 
      printf("\n%-36s%#x","Initial (relative) CS value : ",dosHeader->e_cs); 
      printf("\n%-36s%#x","File address of relocation table : ",dosHeader->e_lfarlc); 
      printf("\n%-36s%#x","Overlay number : ",dosHeader->e_ovno); 
      printf("\n%-36s%#x","OEM identifier : ",dosHeader->e_oemid); 
      printf("\n%-36s%#x","OEM information(e_oemid specific) :",dosHeader->e_oeminfo); 
      printf("\n%-36s%#x","RVA address of PE header : ",dosHeader->e_lfanew); 
      printf("\n===============================================================================\n"); 
     } 
     else { 
      printf("\nGiven File is not a valid DOS file\n"); 
      goto end; 
     } 

     //Offset of NT Header is found at 0x3c location in DOS header specified by e_lfanew 
     //Get the Base of NT Header(PE Header) = dosHeader + RVA address of PE header 
     ntHeader = (PIMAGE_NT_HEADERS)((DWORD)(dosHeader) + (dosHeader->e_lfanew)); 
     //Identify for valid PE file 
     if(ntHeader->Signature == IMAGE_NT_SIGNATURE){ 
      printf("\nValid PE file \n-------------\n"); 

      //Dump NT Header Info.... 
      printf("\nDumping COFF/PE Header Info....\n--------------------------------"); 
      printf("\n%-36s%s","Signature :","PE"); 


      //Get the IMAGE FILE HEADER Structure 
      header = ntHeader->FileHeader; 

      //Determine Machine Architechture 
      printf("\n%-36s","Machine Architechture :"); 
      switch(header.Machine){ //Only few are determined (for remaining refer to the above specification) 
      case 0x0: printf("All "); break; 
      case 0x14d: printf("Intel i860"); break; 
      case 0x14c: printf("Intel i386,i486,i586"); break; 
      case 0x200: printf("Intel Itanium processor"); break; 
      case 0x8664: printf("AMD x64"); break; 
      case 0x162: printf("MIPS R3000"); break; 
      case 0x166: printf("MIPS R4000"); break; 
      case 0x183: printf("DEC Alpha AXP"); break; 
      default:  printf("Not Found"); break; 
      } 
      //Determine the characteristics of the given file 
      printf("\n%-36s","Characteristics : "); 
      if((header.Characteristics&0x0002) == 0x0002) printf("Executable Image ,"); 
      if((header.Characteristics&0x0020) == 0x0020) printf("Application can address > 2GB ,"); 
      if((header.Characteristics&0x1000) == 0x1000) printf("System file (Kernel Mode Driver(I think)) ,"); 
      if((header.Characteristics&0x2000) == 0x2000) printf("Dll file ,"); 
      if((header.Characteristics&0x4000) == 0x4000) printf("Application runs only in Uniprocessor ,"); 


      printf("\n%-36s%s","Time Stamp :",ctime(&(header.TimeDateStamp)));   //Determine Time Stamp 
      printf("%-36s%d","No.sections(size) :",header.NumberOfSections);   //Determine number of sections 
      printf("\n%-36s%d","No.entries in symbol table :",header.NumberOfSymbols); 
      printf("\n%-36s%d","Size of optional header :",header.SizeOfOptionalHeader); 

      printf("\n\nDumping PE Optional Header Info....\n-----------------------------------"); 
      //Info about Optional Header 
      opHeader = ntHeader->OptionalHeader; 
      //printf("\n\nInfo of optional Header\n-----------------------"); 
      printf("\n%-36s%#x","Address of Entry Point : ",opHeader.AddressOfEntryPoint); 
      printf("\n%-36s%#x","Base Address of the Image : ",opHeader.ImageBase); 
      printf("\n%-36s%s","SubSystem type : ", 
       opHeader.Subsystem==1?"Device Driver(Native windows Process)": 
      opHeader.Subsystem==2?"Windows GUI": 
      opHeader.Subsystem==3?"Windows CLI": 
      opHeader.Subsystem==9?"Windows CE GUI": 
      "Unknown" 
       ); 
      printf("\n%-36s%s","Given file is a : ",opHeader.Magic==0x20b?"PE32+(64)":"PE32"); 
      printf("\n%-36s%d","Size of code segment(.text) : ",opHeader.SizeOfCode); 
      printf("\n%-36s%#x","Base address of code segment(RVA) :",opHeader.BaseOfCode); 
      printf("\n%-36s%d","Size of Initialized data : ",opHeader.SizeOfInitializedData); 
      printf("\n%-36s%#x","Base address of data segment(RVA) :",opHeader.BaseOfData); 
      printf("\n%-36s%#x","Section Alignment :",opHeader.SectionAlignment); 
      printf("\n%-36s%d","Major Linker Version : ",opHeader.MajorLinkerVersion); 
      printf("\n%-36s%d","Minor Linker Version : ",opHeader.MinorLinkerVersion);    



      printf("\n\nDumping Sections Header Info....\n--------------------------------"); 

      //Retrive a pointer to First Section Header(or Section Table Entry) 


      for(pSecHeader = IMAGE_FIRST_SECTION(ntHeader),i=0;i<ntHeader->FileHeader.NumberOfSections;i++,pSecHeader++){ 
       printf("\n\nSection Info (%d of %d)",i+1,ntHeader->FileHeader.NumberOfSections); 
       printf("\n---------------------"); 
       printf("\n%-36s%s","Section Header name : ", pSecHeader->Name); 
       printf("\n%-36s%#x","ActualSize of code or data : ", pSecHeader->Misc.VirtualSize); 
       printf("\n%-36s%#x","Virtual Address(RVA) :", pSecHeader->VirtualAddress); 
       printf("\n%-36s%#x","Size of raw data (rounded to FA) : ", pSecHeader->SizeOfRawData); 
       printf("\n%-36s%#x","Pointer to Raw Data : ", pSecHeader->PointerToRawData); 
       printf("\n%-36s%#x","Pointer to Relocations : ", pSecHeader->PointerToRelocations); 
       printf("\n%-36s%#x","Pointer to Line numbers : ", pSecHeader->PointerToLinenumbers); 
       printf("\n%-36s%#x","Number of relocations : ", pSecHeader->NumberOfRelocations); 
       printf("\n%-36s%#x","Number of line numbers : ", pSecHeader->NumberOfLinenumbers); 
       printf("\n%-36s%s","Characteristics : ","Contains "); 
       if((pSecHeader->Characteristics&0x20)==0x20)printf("executable code, "); 
       if((pSecHeader->Characteristics&0x40)==0x40)printf("initialized data, "); 
       if((pSecHeader->Characteristics&0x80)==0x80)printf("uninitialized data, "); 
       if((pSecHeader->Characteristics&0x80)==0x80)printf("uninitialized data, "); 
       if((pSecHeader->Characteristics&0x200)==0x200)printf("comments and linker commands, "); 
       if((pSecHeader->Characteristics&0x10000000)==0x10000000)printf("shareable data(via DLLs), "); 
       if((pSecHeader->Characteristics&0x40000000)==0x40000000)printf("Readable, "); 
       if((pSecHeader->Characteristics&0x80000000)==0x80000000)printf("Writable, "); 


       // If -h or /h option is given then provide HexDump 
       if(argc==4&& (!strcmpi(argv[2],"-h")||!strcmpi(argv[2],"/h"))){ 
        if(!strcmpi(argv[3],pSecHeader->Name)) 
         if(pSecHeader->SizeOfRawData!=0) 
         HexDump((char *)((DWORD)dosHeader + pSecHeader->PointerToRawData) , pSecHeader->SizeOfRawData , opHeader.ImageBase + pSecHeader->VirtualAddress); 
       } 

      } 


      printf("\n===============================================================================\n"); 
     } 
     else goto end; 

end: 
     //UnMaping 
     UnmapViewOfFile(lpBase); 
     CloseHandle(hMapObject); 
    } 
    else Help(); 
info: 

    printf("\ 
      \ 
      \ 
          This Program is written by\ 
          K.Vineel Kumar Reddy.\ 
            III/IV IT\ 
          Gayathri Vidya Parishad college of Eng.\ 
      \ 
      \ 
      "); 
}