(PEViewer)headers.h

과거의 컴퓨터 공부/PE Viewer 다시만들기 2015. 6. 1. 09:50

share this post

// PE view [headers.h]

말그대로 헤더부분이여서 딱히 특별한 부분은 없다.. 원래 개발자도 intel 에서 제공하는 PE 메뉴얼을 보고 사이즈들을 지정해준것 같고, main부분에서 PE32 / PE32+(64bit)를 나눠주엇기 때문에 , 좀더 편하게 하기위해서 헤더부분에서도 32 비트와 64비트의 PE의 파라메터들을 각각 선언해 준것 같다.

#ifndef HEADERS_H_

#define HEADERS_H_

typedef struct PE_Header // IMAGE_FILE_HEADER

{

char sig[4 * sizeof(char)];

short Machine;

short NumberOfSections;

int TimeDateStamp;

int PointerToSymbolTable;

int NumberOfSymbols;

short SIzeOfOptionalHeader;

short Characteristics;

} PE_Header;

typedef struct PE_Optional_Header //32bit

{

short Magic;

char MajorLinkerVersion;

char MinorLinkerVersion;

int SizeOfCode;

int SizeOfinitializedData;

int SizeOfUninitializedData;

int AddressOfEntryPoint;

int BaseOfCode;

int BaseOfData;

//Windows-Specific

int ImageBase;

int SectionAlignment;

int FileAlignment;

short MajorOperationSystemVersion;

short MinorOperationSystemVersion;

short MajorImageVersion;

short MinorImageVersion;

short MajorSubsystemVersion;

short MinorSubsystemVersion;

int Win32VersionValue;

int SizeOfImage;

int SizeOfHeaders;

int Checksum;

short Subsystem;

short DllCharacteristics;

int SizeOfStackReserve;

int SizeOfStackCommit;

int SizeOfHeapReserve;

int SizeOfHeapCommit;

int LoaderFlags;

int NumberOfRvaAndSIzes;

//Data_Directory

long ExportTable;

long ImportTable;

long ResourceTable;

long ExceptionTable;

long CertificateTable;

long BaseRelocationTable;

long Debug;

long Architecture;

long GlobalPtr;

long TLSTable;

long LoadConfigTable;

long BoundImport;

long IAT;

long DelayImportDescriptor;

long CLRRuntimeHeader;

long reserved;

} PE_Optional_header;

typedef struct PE_Optional_Header_Plus // 64bit

{