#include #include #include #include #define SECTION void int IMAGE_SCN_INDEX[]={IMAGE_SCN_TYPE_REG, IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_LNK_OTHER, IMAGE_SCN_LNK_INFO, IMAGE_SCN_TYPE_OVER, IMAGE_SCN_LNK_REMOVE, IMAGE_SCN_LNK_COMDAT, IMAGE_SCN_GPREL, IMAGE_SCN_MEM_FARDATA, IMAGE_SCN_MEM_PURGEABLE, IMAGE_SCN_MEM_16BIT, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_PRELOAD, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_128BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_LNK_NRELOC_OVFL, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_NOT_CACHED, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE}; char *IMAGE_SCN_CHAR[]={"IMAGE_SCN_TYPE_REG", "IMAGE_SCN_TYPE_DSECT", "IMAGE_SCN_TYPE_NOLOAD", "IMAGE_SCN_TYPE_GROUP", "IMAGE_SCN_TYPE_NO_PAD", "IMAGE_SCN_TYPE_COPY", "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_CNT_UNINITIALIZED_DATA", "IMAGE_SCN_LNK_OTHER", "IMAGE_SCN_LNK_INFO", "IMAGE_SCN_TYPE_OVER", "IMAGE_SCN_LNK_REMOVE", "IMAGE_SCN_LNK_COMDAT", "IMAGE_SCN_GPREL", "IMAGE_SCN_MEM_FARDATA", "IMAGE_SCN_MEM_PURGEABLE", "IMAGE_SCN_MEM_16BIT", "IMAGE_SCN_MEM_LOCKED", "IMAGE_SCN_MEM_PRELOAD", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_8BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_128BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_2048BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_LNK_NRELOC_OVFL", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_NOT_CACHED", "IMAGE_SCN_MEM_NOT_PAGED", "IMAGE_SCN_MEM_SHARED", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE"}; int IMAGE_FILE_MACHINE_INDEX[]={IMAGE_FILE_MACHINE_UNKNOWN, IMAGE_FILE_MACHINE_AM33, IMAGE_FILE_MACHINE_AMD64, IMAGE_FILE_MACHINE_ARM, IMAGE_FILE_MACHINE_EBC, IMAGE_FILE_MACHINE_I386, IMAGE_FILE_MACHINE_IA64, IMAGE_FILE_MACHINE_M32R, IMAGE_FILE_MACHINE_MIPS16, IMAGE_FILE_MACHINE_MIPSFPU, IMAGE_FILE_MACHINE_MIPSFPU16, IMAGE_FILE_MACHINE_POWERPC, IMAGE_FILE_MACHINE_POWERPCFP, IMAGE_FILE_MACHINE_R4000, IMAGE_FILE_MACHINE_SH3, IMAGE_FILE_MACHINE_SH3DSP, IMAGE_FILE_MACHINE_SH4, IMAGE_FILE_MACHINE_SH5, IMAGE_FILE_MACHINE_THUMB, IMAGE_FILE_MACHINE_WCEMIPSV2}; char *IMAGE_FILE_MACHINE_CHAR[]={"IMAGE_FILE_MACHINE_UNKNOWN", "IMAGE_FILE_MACHINE_AM33", "IMAGE_FILE_MACHINE_AMD64", "IMAGE_FILE_MACHINE_ARM", "IMAGE_FILE_MACHINE_EBC", "IMAGE_FILE_MACHINE_I386", "IMAGE_FILE_MACHINE_IA64", "IMAGE_FILE_MACHINE_M32R", "IMAGE_FILE_MACHINE_MIPS16", "IMAGE_FILE_MACHINE_MIPSFPU", "IMAGE_FILE_MACHINE_MIPSFPU16", "IMAGE_FILE_MACHINE_POWERPC", "IMAGE_FILE_MACHINE_POWERPCFP", "IMAGE_FILE_MACHINE_R4000", "IMAGE_FILE_MACHINE_SH3", "IMAGE_FILE_MACHINE_SH3DSP", "IMAGE_FILE_MACHINE_SH4", "IMAGE_FILE_MACHINE_SH5", "IMAGE_FILE_MACHINE_THUMB", "IMAGE_FILE_MACHINE_WCEMIPSV2"}; int IMAGE_FILE_CHARACTERISTICS_INDEX[]={IMAGE_SIZEOF_FILE_HEADER, IMAGE_FILE_RELOCS_STRIPPED, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_AGGRESIVE_WS_TRIM , IMAGE_FILE_LARGE_ADDRESS_AWARE, IMAGE_FILE_BYTES_REVERSED_LO, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_DEBUG_STRIPPED, IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP, IMAGE_FILE_NET_RUN_FROM_SWAP, IMAGE_FILE_SYSTEM, IMAGE_FILE_DLL, IMAGE_FILE_UP_SYSTEM_ONLY, IMAGE_FILE_BYTES_REVERSED_HI}; char *IMAGE_FILE_CHARACTERISTICS_CHAR[]={"IMAGE_SIZEOF_FILE_HEADER", "IMAGE_FILE_RELOCS_STRIPPED", "IMAGE_FILE_EXECUTABLE_IMAGE", "IMAGE_FILE_LINE_NUMS_STRIPPED", "IMAGE_FILE_LOCAL_SYMS_STRIPPED", "IMAGE_FILE_AGGRESIVE_WS_TRIM ", "IMAGE_FILE_LARGE_ADDRESS_AWARE", "IMAGE_FILE_BYTES_REVERSED_LO", "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_DEBUG_STRIPPED", "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP", "IMAGE_FILE_NET_RUN_FROM_SWAP", "IMAGE_FILE_SYSTEM", "IMAGE_FILE_DLL", "IMAGE_FILE_UP_SYSTEM_ONLY", "IMAGE_FILE_BYTES_REVERSED_HI"}; int IMAGE_SUBSYSTEM_INDEX[]={IMAGE_SUBSYSTEM_UNKNOWN, IMAGE_SUBSYSTEM_NATIVE, IMAGE_SUBSYSTEM_WINDOWS_GUI, IMAGE_SUBSYSTEM_WINDOWS_CUI, IMAGE_SUBSYSTEM_OS2_CUI, IMAGE_SUBSYSTEM_POSIX_CUI, IMAGE_SUBSYSTEM_NATIVE_WINDOWS, IMAGE_SUBSYSTEM_WINDOWS_CE_GUI, IMAGE_SUBSYSTEM_EFI_APPLICATION, IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER, IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER, IMAGE_SUBSYSTEM_EFI_ROM, IMAGE_SUBSYSTEM_XBOX}; char *IMAGE_SUBSYSTEM_CHAR[]={"IMAGE_SUBSYSTEM_UNKNOWN", "IMAGE_SUBSYSTEM_NATIVE", "IMAGE_SUBSYSTEM_WINDOWS_GUI", "IMAGE_SUBSYSTEM_WINDOWS_CUI", "IMAGE_SUBSYSTEM_OS2_CUI", "IMAGE_SUBSYSTEM_POSIX_CUI", "IMAGE_SUBSYSTEM_NATIVE_WINDOWS", "IMAGE_SUBSYSTEM_WINDOWS_CE_GUI", "IMAGE_SUBSYSTEM_EFI_APPLICATION", "IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER", "IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER", "IMAGE_SUBSYSTEM_EFI_ROM", "IMAGE_SUBSYSTEM_XBOX"}; int IMAGE_DLL_INDEX[]={IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE, IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY, IMAGE_DLL_CHARACTERISTICS_NX_COMPAT, IMAGE_DLLCHARACTERISTICS_NO_ISOLATION, IMAGE_DLLCHARACTERISTICS_NO_SEH, IMAGE_DLLCHARACTERISTICS_NO_BIND, IMAGE_DLLCHARACTERISTICS_WDM_DRIVER, IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE}; char *IMAGE_DLL_CHAR[]={"IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE", "IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY", "IMAGE_DLL_CHARACTERISTICS_NX_COMPAT", "IMAGE_DLLCHARACTERISTICS_NO_ISOLATION", "IMAGE_DLLCHARACTERISTICS_NO_SEH", "IMAGE_DLLCHARACTERISTICS_NO_BIND", "IMAGE_DLLCHARACTERISTICS_WDM_DRIVER", "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"}; void printDOSHeader(IMAGE_DOS_HEADER *a){ printf("###########################################\n"); printf("# #\n"); printf("# IMAGE_DOS_HEADER #\n"); printf("# #\n"); printf("###########################################\n"); printf("# #\n"); printf("# DOS_EXE_Signature: %c%c (0x%04X) #\n",((BYTE*)(&a->e_magic))[0],((BYTE*)(&a->e_magic))[1],a->e_magic ); printf("# DOS_PartPag: 0x%04X #\n",a->e_cblp); printf("# DOS_PageCnt: 0x%04X #\n",a->e_cp); printf("# DOS_ReloCnt: 0x%04X #\n",a->e_crlc); printf("# DOS_HdrSize: 0x%04X #\n",a->e_cparhdr); printf("# DOS_MinMem: 0x%04X #\n",a->e_minalloc); printf("# DOS_MaxMem: 0x%04X #\n",a->e_maxalloc); printf("# DOS_ReloSS: 0x%04X #\n",a->e_ss); printf("# DOS_ExeSP: 0x%04X #\n",a->e_sp); printf("# DOS_ChkSum: 0x%04X #\n",a->e_csum); printf("# DOS_ExeIPP: 0x%04X #\n",a->e_ip); printf("# DOS_ReloCS: 0x%04X #\n",a->e_cs); printf("# DOS_TablOff: 0x%04X #\n",a->e_lfarlc); printf("# DOS_Res[0]: 0x%04X #\n",a->e_res[0]); printf("# DOS_Res[1]: 0x%04X #\n",a->e_res[1]); printf("# DOS_Res[2]: 0x%04X #\n",a->e_res[2]); printf("# DOS_Res[3]: 0x%04X #\n",a->e_res[3]); printf("# DOS_OEMID: 0x%04X #\n",a->e_oemid); printf("# DOS_OEMInfo: 0x%04X #\n",a->e_oeminfo); printf("# DOS_Overlay: 0x%04X #\n",a->e_ovno); printf("# Offset: 0x%08X #\n",a->e_lfanew); printf("# #\n"); printf("###########################################\n\n\n"); } void printNTHeaders(IMAGE_NT_HEADERS *a){ int counter; printf("#####################################################\n"); printf("# #\n"); printf("# IMAGE_NT_HEADERS #\n"); printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# Signature: %s (0x%08X) #\n",&(a->Signature),a->Signature); printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# IMAGE_NT_HEADERS::IMAGE_FILE_HEADER #\n"); printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# Machine: 0x%04X #\n",a->FileHeader.Machine); for(counter=0;counter<20;counter++){ if(a->FileHeader.Machine == IMAGE_FILE_MACHINE_INDEX[counter]) printf("# %-46s #\n",IMAGE_FILE_MACHINE_CHAR[counter]); } printf("# NumberOfSection: 0x%04X #\n",a->FileHeader.NumberOfSections); printf("# TimeDataStamp: 0x%08X #\n",a->FileHeader.TimeDateStamp); printf("# PointerToSymbolTable: 0x%08X #\n",a->FileHeader.PointerToSymbolTable); printf("# NumberOfSymbols: 0x%08X #\n",a->FileHeader.NumberOfSymbols); printf("# SizeOfOptionalHeader: 0x%04X #\n",a->FileHeader.SizeOfOptionalHeader); printf("# Characteristics: 0x%04X #\n",a->FileHeader.Characteristics); for(counter=0;counter<16;counter++){ if(a->FileHeader.Characteristics & IMAGE_FILE_CHARACTERISTICS_INDEX[counter]) printf("# %-46s #\n",IMAGE_FILE_CHARACTERISTICS_CHAR[counter]); } printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# IMAGE_NT_HEADERS::IMAGE_OPTIONAL_HEADER32 #\n"); printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# MagicNumber: 0x%04X #\n",a->OptionalHeader.Magic); printf("# MajorLinkerVersion: 0x%02X #\n",a->OptionalHeader.MajorLinkerVersion); printf("# MinorLinkerVersion: 0x%02X #\n",a->OptionalHeader.MinorLinkerVersion); printf("# SizeOfCode: 0x%08X #\n",a->OptionalHeader.SizeOfCode); printf("# SizeOfInitializedData: 0x%08X #\n",a->OptionalHeader.SizeOfInitializedData); printf("# SizeOfUninitializedData: 0x%08X #\n",a->OptionalHeader.SizeOfUninitializedData); printf("# AddressOfEntryPoint: 0x%08X #\n",a->OptionalHeader.AddressOfEntryPoint); printf("# BaseOfCode: 0x%08X #\n",a->OptionalHeader.BaseOfCode); printf("# BaseOfData: 0x%08X #\n",a->OptionalHeader.BaseOfData); printf("# ImageBase: 0x%08X #\n",a->OptionalHeader.ImageBase); printf("# SectionAlignment: 0x%08X #\n",a->OptionalHeader.SectionAlignment); printf("# FileAlignment: 0x%08X #\n",a->OptionalHeader.FileAlignment); printf("# MajorOSVersion: 0x%04X #\n",a->OptionalHeader.MajorOperatingSystemVersion); printf("# MinorOSVersion: 0x%04X #\n",a->OptionalHeader.MinorOperatingSystemVersion); printf("# MajorImageVersion: 0x%04X #\n",a->OptionalHeader.MajorImageVersion); printf("# MinorImageVersion: 0x%04X #\n",a->OptionalHeader.MinorImageVersion); printf("# MajorSubsystemVersion: 0x%04X #\n",a->OptionalHeader.MajorSubsystemVersion); printf("# MinorSubsystemVersion: 0x%04X #\n",a->OptionalHeader.MinorSubsystemVersion); printf("# Win32VersionValue: 0x%08X #\n",a->OptionalHeader.Win32VersionValue); printf("# SizeOfImage: 0x%08X #\n",a->OptionalHeader.SizeOfImage); printf("# SizeOfHeaders: 0x%08X #\n",a->OptionalHeader.SizeOfHeaders); printf("# CheckSum: 0x%08X #\n",a->OptionalHeader.CheckSum); printf("# Subsystem: 0x%04X #\n",a->OptionalHeader.Subsystem); for(counter=0;counter<13;counter++){ if(a->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_INDEX[counter]) printf("# %-46s #\n",IMAGE_SUBSYSTEM_CHAR[counter]); } printf("# DllCharacteristics: 0x%04X #\n",a->OptionalHeader.DllCharacteristics); for(counter=0;counter<16;counter++){ if(a->OptionalHeader.DllCharacteristics & IMAGE_DLL_INDEX[counter]) printf("# %-46s #\n",IMAGE_DLL_CHAR[counter]); } printf("# SizeOfStackReserve: 0x%08X #\n",a->OptionalHeader.SizeOfStackReserve); printf("# SizeOfStackCommit: 0x%08X #\n",a->OptionalHeader.SizeOfStackCommit); printf("# SizeOfHeapReserve: 0x%08X #\n",a->OptionalHeader.SizeOfHeapReserve); printf("# SizeOfHeapCommit: 0x%08X #\n",a->OptionalHeader.SizeOfHeapCommit); printf("# LoaderFlags: 0x%08X #\n",a->OptionalHeader.LoaderFlags); printf("# NumberOfRvaAndSizes: 0x%08X #\n",a->OptionalHeader.NumberOfRvaAndSizes); printf("# #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# IMAGE_NT_HEADERS::IMAGE_OPTIONAL_HEADER32:: #\n"); printf("# ::IMAGE_DATA_DIRECTORY #\n"); printf("#####################################################\n"); printf("# #\n"); printf("# VirtualAddress Size #\n"); printf("# [0]ExportTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[0].VirtualAddress,a->OptionalHeader.DataDirectory[0].Size); printf("# [1]ImportTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[1].VirtualAddress,a->OptionalHeader.DataDirectory[1].Size); printf("# [2]ResourceTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[2].VirtualAddress,a->OptionalHeader.DataDirectory[2].Size); printf("# [3]ExceptionTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[3].VirtualAddress,a->OptionalHeader.DataDirectory[3].Size); printf("# [4]CertificateTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[4].VirtualAddress,a->OptionalHeader.DataDirectory[4].Size); printf("# [5]RelocatoinTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[5].VirtualAddress,a->OptionalHeader.DataDirectory[5].Size); printf("# [6]DebugData: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[6].VirtualAddress,a->OptionalHeader.DataDirectory[6].Size); printf("# [7]ArchitectureData: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[7].VirtualAddress,a->OptionalHeader.DataDirectory[7].Size); printf("# [8]GlobalPtr: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[8].VirtualAddress,a->OptionalHeader.DataDirectory[8].Size); printf("# [9]TLSTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[9].VirtualAddress,a->OptionalHeader.DataDirectory[9].Size); printf("# [10]LoadCOnfigTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[10].VirtualAddress,a->OptionalHeader.DataDirectory[10].Size); printf("# [11]BoundImportTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[11].VirtualAddress,a->OptionalHeader.DataDirectory[11].Size); printf("# [12]ImportAddressTable: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[12].VirtualAddress,a->OptionalHeader.DataDirectory[12].Size); printf("# [13]DelyImportDescriptor: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[13].VirtualAddress,a->OptionalHeader.DataDirectory[13].Size); printf("# [14]COM+RuntimeHeader: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[14].VirtualAddress,a->OptionalHeader.DataDirectory[14].Size); printf("# [15]Reserved: 0x%08X 0x%08X #\n",a->OptionalHeader.DataDirectory[15].VirtualAddress,a->OptionalHeader.DataDirectory[15].Size); printf("# #\n"); printf("#####################################################\n\n"); } void printSectionHeader(IMAGE_SECTION_HEADER *a){ int counter; printf("###########################################\n"); printf("# #\n"); printf("# IMAGE_SECTION_HEADER #\n"); printf("# #\n"); printf("###########################################\n"); printf("# #\n"); printf("# Name: %-8s #\n",&(a->Name)); printf("# VirtualSize: 0x%08X #\n",a->Misc.VirtualSize); printf("# VirtualAddress: 0x%08X #\n",a->VirtualAddress); printf("# SizeOfRawData: 0x%08X #\n",a->SizeOfRawData); printf("# PointerToRawData: 0x%08X #\n",a->PointerToRawData); printf("# PointerToRelocations: 0x%08X #\n",a->PointerToRelocations); printf("# PointerToLineNumbers: 0x%08X #\n",a->PointerToLinenumbers); printf("# NumberOfRelocations: 0x%04X #\n",a->NumberOfRelocations); printf("# NumberLineNumbers: 0x%04X #\n",a->NumberOfLinenumbers); printf("# Characteristics: 0x%08X #\n",a->Characteristics); for(counter=0;counter<42;counter++){ if(a->Characteristics & IMAGE_SCN_INDEX[counter]) printf("# %-36s #\n",IMAGE_SCN_CHAR[counter]); } printf("# #\n"); printf("###########################################\n\n\n"); } int main(int argc, char* argv[]){ FILE *target; BYTE storage[200000]; IMAGE_DOS_HEADER *image_dos_header=storage; IMAGE_NT_HEADERS *image_nt_headers; IMAGE_SECTION_HEADER *image_section_header[24]; SECTION *section[24]; int i,size; BYTE n,s[0x28]; if(argc!=2){ printf("Syntax: HeaderReaderv3 "); return 2; } target=fopen(argv[1],"r"); if(target==NULL){ printf("File missing!"); return 1; } fseek (target , 0 , SEEK_END); size = ftell (target); fseek (target , 0 , SEEK_SET); fread(storage,size,1,target); fclose(target); printDOSHeader(image_dos_header); image_nt_headers=storage+image_dos_header->e_lfanew-1; printNTHeaders(image_nt_headers); for(i=0;iFileHeader.NumberOfSections;i++){ //printf("----->>ADDRESS: 0x%08X\n\n",image_dos_header->e_lfanew+sizeof(IMAGE_NT_HEADERS)+sizeof(IMAGE_SECTION_HEADER)*i-1); image_section_header[i]=storage+image_dos_header->e_lfanew+sizeof(IMAGE_NT_HEADERS)+sizeof(IMAGE_SECTION_HEADER)*i-1; section[i]=storage+image_section_header[i]->PointerToRawData; printSectionHeader(image_section_header[i]); } return 0; }