하고 싶은 얘기를 마음대로 쓰는 게시판입니다. 개발 관련 이야기, 살면서 재미있었던 일, 인생 상담, 예쁘고 신기한 사진 등 마음대로 떠들어 보세요. 단, 개발관련 질문만은 별도의 게시판을 이용해 주십시오.
  • [샘플] 작성 도중인 PE파일 뷰어 입니다. C/C++
  • 조회 수: 1106, 추천 수: 0/0, 2015-11-25 13:48:08(2015-11-25)
  • 옛날 코드 정리하던 중에 이게 나왔는데요.

    예전에 PE파일 분석하면서 C++공부할때 만든 PE파일 뷰어 입니다.

     

    코드를 보시면 아시겠지만 단순 노가다 작업이어서 만들던 도중에 관뒀는데요.

    컴파일은 잘 되니 혹시라도 참고하실분 계실까 싶어서 올려봅니다.

     

    간단한 사용법은 다음과 같습니다.

    1) AddFile로 PE파일리스트 경로를 지정(n개 지정가능)

    2) First/Next/Prev/Last File함수로 파일이동

    3) First/Next/Prev/Last Page로 PE파일내 헤더 정도 이동

     

    색도 알록달록하게 나오는군요.. ㅋㅋ

     

     

     

    PEViewer.h

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    #pragma once
    #include <Windows.h>
    #include <stdio.h>
    #include <io.h>
    #include <tchar.h>
    #include <time.h>
    #include <vector>
    #include <string>
     
    using namespace std;
     
    typedef vector<string> StringList;
     
    class CPEViewer
    {
    public:
        CPEViewer();
        ~CPEViewer();
     
        void AddFile(const TCHAR * filePath);
        void AddFile(StringList & filePath);
     
        void FirstFile();
        void NextFile();
        void PrevFile();
        void LastFile();
     
        void FirstPage();
        void NextPage();
        void PrevPage();
        void LastPage();
     
        void ClearPEFile();
     
        const TCHAR * GetLastError() { return _lastErr; }
     
    private:
        TCHAR _lastErr[1024];
        
        int _fileNo;
        int _PageNo;
        bool _isSucceed;
     
        StringList _fileList;
     
        _IMAGE_DOS_HEADER _dosHeader;
        int _DOSStubSize;
        BYTE * _DOSStub;
        IMAGE_NT_HEADERS _ntHeader;
        int _NumberOfRVAs;
     
        _IMAGE_SECTION_HEADER _secText;
     
        bool readPEFile();
        void showTitle();
        void showPage();
        void showError();
     
        void showDOSHeader();
        void showDOSStub();
        void showNTHeader();
        void showNTHeaderFileHeader();
        void showNTHeaderFileOption();
        void showSectionText();
     
     
        const TCHAR * getMachineText(WORD machine);
        string getTimeStampText(DWORD timestamp);
        void showCharacteristicsText(WORD Characteristics);
        const TCHAR * getSubSystemText(WORD subsystem);
        DWORD makeDWORD(const BYTE * data);
        string getNameText(const BYTE * data);
     
        void clear();
    };
     
     
    cs

     

    PEViewer.cpp

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    194
    195
    196
    197
    198
    199
    200
    201
    202
    203
    204
    205
    206
    207
    208
    209
    210
    211
    212
    213
    214
    215
    216
    217
    218
    219
    220
    221
    222
    223
    224
    225
    226
    227
    228
    229
    230
    231
    232
    233
    234
    235
    236
    237
    238
    239
    240
    241
    242
    243
    244
    245
    246
    247
    248
    249
    250
    251
    252
    253
    254
    255
    256
    257
    258
    259
    260
    261
    262
    263
    264
    265
    266
    267
    268
    269
    270
    271
    272
    273
    274
    275
    276
    277
    278
    279
    280
    281
    282
    283
    284
    285
    286
    287
    288
    289
    290
    291
    292
    293
    294
    295
    296
    297
    298
    299
    300
    301
    302
    303
    304
    305
    306
    307
    308
    309
    310
    311
    312
    313
    314
    315
    316
    317
    318
    319
    320
    321
    322
    323
    324
    325
    326
    327
    328
    329
    330
    331
    332
    333
    334
    335
    336
    337
    338
    339
    340
    341
    342
    343
    344
    345
    346
    347
    348
    349
    350
    351
    352
    353
    354
    355
    356
    357
    358
    359
    360
    361
    362
    363
    364
    365
    366
    367
    368
    369
    370
    371
    372
    373
    374
    375
    376
    377
    378
    379
    380
    381
    382
    383
    384
    385
    386
    387
    388
    389
    390
    391
    392
    393
    394
    395
    396
    397
    398
    399
    400
    401
    402
    403
    404
    405
    406
    407
    408
    409
    410
    411
    412
    413
    414
    415
    416
    417
    418
    419
    420
    421
    422
    423
    424
    425
    426
    427
    428
    429
    430
    431
    432
    433
    434
    435
    436
    437
    438
    439
    440
    441
    442
    443
    444
    445
    446
    447
    448
    449
    450
    451
    452
    453
    454
    455
    456
    457
    458
    459
    460
    461
    462
    463
    464
    465
    466
    467
    468
    469
    470
    471
    472
    473
    474
    475
    476
    477
    478
    479
    480
    481
    482
    483
    484
    485
    486
    487
    488
    489
    490
    491
    492
    493
    494
    495
    496
    497
    498
    499
    500
    501
    502
    503
    504
    505
    506
    507
    508
    509
    510
    511
    512
    513
    514
    515
    516
    517
    518
    519
    520
    521
    522
    523
    524
    525
    526
    527
    528
    529
    530
    531
    532
    533
    534
    535
    536
    537
    538
    539
    540
    541
    542
    543
    544
    545
    546
    547
    548
    549
    550
    551
    552
    553
    554
    555
    556
    557
    558
    559
    560
    561
    562
    563
    564
    565
    566
    567
    568
    569
    570
    571
    572
    573
    574
    575
    576
    577
    578
    579
    580
    581
    582
    583
    584
    585
    586
    587
    588
    589
    590
    591
    592
    593
    594
    595
    596
    597
    598
    599
    600
    601
    602
    603
    604
    605
    606
    607
    608
    609
    610
    611
    612
    613
    614
    615
    616
    617
    618
    619
    620
    621
    622
    623
    624
    625
    626
    627
    628
    629
    630
    631
    632
    633
    634
    635
    636
    637
    638
    639
    640
    641
    642
    643
    644
    645
    646
    647
    648
    649
    650
    651
    652
    653
    654
    655
    656
    657
    658
    659
    660
    661
    662
    663
    664
    665
    666
    667
    668
    669
    670
    671
    672
    673
    674
    675
    676
    677
    678
    679
    680
    681
    682
    683
    684
    685
    686
    687
    688
    689
    690
    691
    692
    693
    694
    695
    696
    697
    698
    699
    700
    701
    702
    703
    704
    705
    706
    707
    708
    709
    710
    711
    712
    713
    714
    715
    716
    717
    718
    719
    720
    721
    722
    723
    724
    725
    726
    727
    728
    729
    730
    731
    732
    733
    734
    735
    736
    737
    738
    739
    740
    741
    742
    743
    744
    745
    746
    747
    748
    749
    750
    751
    752
    753
    754
    755
    756
    757
    758
    759
    760
    761
    762
    763
    764
    765
    766
    767
    768
    769
    770
    771
    772
    773
    774
    775
    776
    777
    778
    779
    780
    781
    782
    783
    784
    785
    786
    787
    788
    789
    790
    791
    792
    793
    794
    795
    796
    797
    798
    799
    800
    801
    802
    803
    804
    805
    806
    807
    808
    809
    810
    811
    812
    813
    814
    815
    816
    817
    818
    819
    820
    821
    822
    823
    824
    825
    826
    827
    828
    829
    830
    831
    832
    833
    834
    835
    836
    837
    838
    839
    840
    841
    842
    843
    844
    845
    846
    847
    848
    849
    850
    851
    852
    853
    854
    855
    856
    857
    858
    859
    860
    861
    862
    863
    864
    865
    866
    867
    868
    869
    870
    871
    872
    873
    874
    875
    876
    877
    878
    879
    880
    881
    882
    883
    884
    885
    886
    887
    888
    889
    890
    891
    892
    893
    894
    895
    896
    897
    898
    899
    900
    901
    902
    903
    904
    905
    906
    907
    908
    909
    910
    911
    912
    913
    914
    915
    916
    917
    918
    919
    920
    921
    922
    923
    924
    925
    926
    927
    928
    929
    930
    931
    932
    933
    934
    935
    936
    937
    938
    939
    940
    941
    942
    943
    944
    945
    946
    947
    948
    949
    950
    951
    952
    953
    954
    955
    956
    957
    958
    959
    960
    961
    962
    963
    964
    #include "PEViewer.h"
    #include "ConsoleUtil.h"
     
    #define LODWORD(ull)           ((DWORD)(((ULONGLONG)(ull)) & 0xffffffff))
    #define HIDWORD(ull)           ((DWORD)((((ULONGLONG)(ull)) >> 32) & 0xffffffff))
     
    typedef enum PAGES { DOSHeader = 0, DOSStub, NTHeader, NTFile, NTOption, SecText };
    #define FIRST_PAGE  DOSHeader
    #define LAST_PAGE   SecText
    const TCHAR * PAGE_NAME[] = { "DOSHeader""DOSStub""NTHeader""NTFile""NTOption""Sec(.Text)" };
     
    CPEViewer::CPEViewer()
    {
        _DOSStub = NULL;
     
        memset(&_dosHeader, 0sizeof(_dosHeader));
        memset(&_ntHeader, 0sizeof(_ntHeader));
     
        _fileList.clear();
     
        _fileNo = -1;
        _PageNo = 0;
     
        _isSucceed = false;
    }
     
    CPEViewer::~CPEViewer()
    {
        if (_DOSStub != NULL) {
            free(_DOSStub);
            _DOSStub = NULL;
        }
    }
     
    void CPEViewer::AddFile(const TCHAR * filePath)
    {
        _fileList.push_back(filePath);
    }
     
    void CPEViewer::AddFile(StringList & filePath)
    {
        _fileList.assign(filePath.begin(), filePath.end());
    }
     
    void CPEViewer::FirstFile()
    {
        if (_fileNo != 0) {
            _fileNo = 0;
     
            _isSucceed = readPEFile();
            showPage();
        }
    }
     
    void CPEViewer::NextFile()
    {
        if ((_fileNo + 1< _fileList.size()) {
            _fileNo++;
     
            _isSucceed = readPEFile();
            showPage();
        }
    }
     
    void CPEViewer::PrevFile()
    {
        if ((_fileNo - 1>= 0) {
            _fileNo--;
     
            _isSucceed = readPEFile();
            showPage();
        }
    }
     
    void CPEViewer::LastFile()
    {
        if (_fileNo != _fileList.size() - 1) {
            _fileNo = _fileList.size() - 1;
     
            _isSucceed = readPEFile();
            showPage();
        }
    }
     
    void CPEViewer::FirstPage()
    {
        if (_PageNo != FIRST_PAGE) {
            _PageNo = FIRST_PAGE;
     
            showPage();
        }
    }
     
    void CPEViewer::NextPage()
    {
        if ((_PageNo + 1<= LAST_PAGE) {
            _PageNo++;
            
            showPage();
        }
    }
     
    void CPEViewer::PrevPage()
    {
        if ((_PageNo - 1>= FIRST_PAGE) {
            _PageNo--;
     
            showPage();
        }
    }
     
    void CPEViewer::LastPage()
    {
        if (_PageNo != LAST_PAGE) {
            _PageNo = LAST_PAGE;
     
            showPage();
        }
    }
     
    bool CPEViewer::readPEFile()
    {
        FILE * fp = NULL;
        size_t readSize = 0;
     
        // 
        clear();
     
        // 
        if (_access(_fileList[_fileNo].c_str(), 0!= 0) {
            sprintf(_lastErr, "Cannot find the file specified.");
            return false;
        }
     
        // 
        fp = fopen(_fileList[_fileNo].c_str(), "rb");
        if (fp == NULL) {
            sprintf(_lastErr, "Cannot open the file specified. errCode:[%d]\n", errno);
            return false;
        }
     
        // Read to DOS header
        readSize = fread(&_dosHeader, sizeof(BYTE), sizeof(_IMAGE_DOS_HEADER), fp);
        if (readSize != sizeof(_IMAGE_DOS_HEADER)) {
            sprintf(_lastErr, "Failed to read DOS header. needSize:[%d], readSize:[%d]"sizeof(_IMAGE_DOS_HEADER), readSize);
            fclose(fp);
            return false;
        }
     
        // Read to DOS Stub
        _DOSStubSize = _dosHeader.e_lfanew - sizeof(_IMAGE_DOS_HEADER);
        if (_DOSStubSize > 0) {
            _DOSStub = (BYTE*)malloc(_DOSStubSize);
            
            readSize = fread(_DOSStub, sizeof(BYTE), _DOSStubSize, fp);
            if (readSize != _DOSStubSize) {
                sprintf(_lastErr, "Failed to read DOS Stub. needSize:[%d], readSize:[%d]", _DOSStubSize, readSize);
                fclose(fp);
                return false;
            }
        }
     
        // Read to NT Header
        readSize = fread(&_ntHeader, sizeof(BYTE), sizeof(IMAGE_NT_HEADERS), fp);
        if (readSize != sizeof(IMAGE_NT_HEADERS)) {
            sprintf(_lastErr, "Failed to read NT header. needSize:[%d], readSize:[%d]"sizeof(IMAGE_NT_HEADERS), readSize);
            fclose(fp);
            return false;
        }
     
        //if (_ntHeader.OptionalHeader.NumberOfRvaAndSizes == 0)
        //{
        //    int reverseSize = sizeof(_ntHeader.OptionalHeader.DataDirectory);
        //    fseek(fp, -reverseSize, SEEK_CUR);
        //}
     
        // Read to Sections. TEXT
        readSize = fread(&_secText, sizeof(BYTE), sizeof(_IMAGE_SECTION_HEADER), fp);
        if (readSize != sizeof(_IMAGE_SECTION_HEADER)) {
            sprintf(_lastErr, "Failed to read Section(.Text) header. needSize:[%d], readSize:[%d]"sizeof(IMAGE_NT_HEADERS), readSize);
            fclose(fp);
            return false;
        }
     
        fclose(fp);
        return true;
    }
     
    void CPEViewer::showPage()
    {
        if (_isSucceed == false) {
            showError();
        }
        else {
            switch (_PageNo)
            {
            case DOSHeader:
                showDOSHeader();
                break;
     
            case DOSStub:
                showDOSStub();
                break;
     
            case NTHeader:
                showNTHeader();
                break;
     
            case NTFile:
                showNTHeaderFileHeader();
                break;
     
            case NTOption:
                showNTHeaderFileOption();
                break;
     
            case SecText:
                showSectionText();
                break;
            }
        }
    }
     
    void CPEViewer::showError()
    {
        system("cls");
     
        puts("==============================================================================");
        printf("FILE PATH:[%s]\n", _fileList[_fileNo].c_str());
        puts("==============================================================================\n");
        CConsoleUtil::SetColor(COLOR_RED);
        printf("ERROR!!! %s\n", _lastErr);
        CConsoleUtil::ResetColor();
    }
     
    void CPEViewer::showTitle()
    {
        system("cls");
     
        puts("==============================================================================");
        CConsoleUtil::SetColor(COLOR_WHITE);
        printf("FILE PATH:[%s]\n", _fileList[_fileNo].c_str());
        CConsoleUtil::ResetColor();
     
        printf(" Position:");
        for (int i = 0; i <= _PageNo; i++)
        {
            if (i == _PageNo) {
                CConsoleUtil::SetColor(COLOR_WHITE);
                printf("%s\n", PAGE_NAME[i]);
                CConsoleUtil::ResetColor();
            }
            else {
                printf("%s > ", PAGE_NAME[i]);
            }
        }
        puts("==============================================================================\n");
    }
     
    void CPEViewer::showDOSHeader()
    {
        unsigned int offset = 0;
        
        showTitle();
     
        /*
        typedef struct _IMAGE_DOS_HEADER {      // DOS .EXE header
        WORD   e_magic;                     // Magic number
        WORD   e_cblp;                      // Bytes on last page of file
        WORD   e_cp;                        // Pages in file
        WORD   e_crlc;                      // Relocations
        WORD   e_cparhdr;                   // Size of header in paragraphs
        WORD   e_minalloc;                  // Minimum extra paragraphs needed
        WORD   e_maxalloc;                  // Maximum extra paragraphs needed
        WORD   e_ss;                        // Initial (relative) SS value
        WORD   e_sp;                        // Initial SP value
        WORD   e_csum;                      // Checksum
        WORD   e_ip;                        // Initial IP value
        WORD   e_cs;                        // Initial (relative) CS value
        WORD   e_lfarlc;                    // File address of relocation table
        WORD   e_ovno;                      // Overlay number
        WORD   e_res[4];                    // Reserved words
        WORD   e_oemid;                     // OEM identifier (for e_oeminfo)
        WORD   e_oeminfo;                   // OEM information; e_oemid specific
        WORD   e_res2[10];                  // Reserved words
        LONG   e_lfanew;                    // File address of new exe header
        } IMAGE_DOS_HEADER, *PIMAGE_DOS_HEADER;
        */
     
        puts(" Offset   Value    Description");
        puts("-------- -------- -------------------------------------------------------------");
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_RED);
        printf("%08X %08X Signature:(%C%C)\n", offset, _dosHeader.e_magic, LOBYTE(_dosHeader.e_magic), HIBYTE(_dosHeader.e_magic));
        offset += sizeof(_dosHeader.e_magic);
        CConsoleUtil::ResetColor();
     
        printf("%08X %08X Bytes on last page of file:%d\n", offset, _dosHeader.e_cblp, _dosHeader.e_cblp);
        offset += sizeof(_dosHeader.e_cblp);
     
        printf("%08X %08X Pages in file:%d\n", offset, _dosHeader.e_cp, _dosHeader.e_cp);
        offset += sizeof(_dosHeader.e_cp);
     
        printf("%08X %08X Relocations:%d\n", offset, _dosHeader.e_crlc, _dosHeader.e_crlc);
        offset += sizeof(_dosHeader.e_crlc);
     
        printf("%08X %08X Size of header in paragraphs:%d\n", offset, _dosHeader.e_cparhdr, _dosHeader.e_cparhdr);
        offset += sizeof(_dosHeader.e_cparhdr);
     
        printf("%08X %08X Minimum extra paragraphs needed:%d\n", offset, _dosHeader.e_minalloc, _dosHeader.e_minalloc);
        offset += sizeof(_dosHeader.e_minalloc);
     
        printf("%08X %08X  extra paragraphs needed:%d\n", offset, _dosHeader.e_maxalloc, _dosHeader.e_maxalloc);
        offset += sizeof(_dosHeader.e_maxalloc);
     
        printf("%08X %08X Initial (relative) SS value:%d\n", offset, _dosHeader.e_ss, _dosHeader.e_ss);
        offset += sizeof(_dosHeader.e_ss);
     
        printf("%08X %08X Initial SP value:%d\n", offset, _dosHeader.e_sp, _dosHeader.e_sp);
        offset += sizeof(_dosHeader.e_sp);
     
        printf("%08X %08X Checksum:%d\n", offset, _dosHeader.e_csum, _dosHeader.e_csum);
        offset += sizeof(_dosHeader.e_csum);
     
        printf("%08X %08X Initial IP value:%d\n", offset, _dosHeader.e_ip, _dosHeader.e_ip);
        offset += sizeof(_dosHeader.e_ip);
     
        printf("%08X %08X Initial (relative) CS value:%d\n", offset, _dosHeader.e_cs, _dosHeader.e_cs);
        offset += sizeof(_dosHeader.e_cs);
     
        printf("%08X %08X File address of relocation table:%d\n", offset, _dosHeader.e_lfarlc, _dosHeader.e_lfarlc);
        offset += sizeof(_dosHeader.e_lfarlc);
     
        printf("%08X %08X Overlay number:%d\n", offset, _dosHeader.e_ovno, _dosHeader.e_ovno);
        offset += sizeof(_dosHeader.e_ovno);
     
        // Reserved
        offset += sizeof(_dosHeader.e_res);
     
        printf("%08X %08X OEM identifier (for e_oeminfo):%d\n", offset, _dosHeader.e_oemid, _dosHeader.e_oemid);
        offset += sizeof(_dosHeader.e_oemid);
     
        printf("%08X %08X OEM information:%d\n", offset, _dosHeader.e_oeminfo, _dosHeader.e_oeminfo);
        offset += sizeof(_dosHeader.e_oeminfo);
     
        // Reserved
        offset += sizeof(_dosHeader.e_res2);
     
        printf("%08X %08X File address of new exe header:%d\n", offset, _dosHeader.e_lfanew, _dosHeader.e_lfanew);
        offset += sizeof(_dosHeader.e_lfanew);
    }
     
    void CPEViewer::showDOSStub()
    {
        const int DISP_SIZE = 16;
        unsigned int offset = sizeof(_IMAGE_DOS_HEADER);
        int maxCnt;
        TCHAR Hex[64];
        TCHAR Binary[64];
        TCHAR temp1[64];
        TCHAR temp2[64];
     
        showTitle();
        /*
            Variable Format
        */
     
        puts(" Offset   Hex                                             Binary");
        puts("-------- ----------------------------------------------- ----------------");
     
        if (_DOSStubSize < 1) {
            CConsoleUtil::SetColor(COLOR_RED);
            puts("         The PE file has no DOSStub Section...                        ");
            CConsoleUtil::ResetColor();
        }
        else {
            for (int i = 0; i < _DOSStubSize; ) 
            {
                // Offset
                printf("%08X ", offset);
                offset += DISP_SIZE;
                
                Hex[0= '\0';
                Binary[0= '\0';
     
                if ((i + DISP_SIZE) <= _DOSStubSize)
                    maxCnt = i + DISP_SIZE;
                else
                    maxCnt = _DOSStubSize;
     
                for (int j = i; j < maxCnt; j++)
                {
                    sprintf(temp1, "%02X ", _DOSStub[j]);
                    sprintf(temp2, "%C", (_DOSStub[j] == '\r' || _DOSStub[j] == '\n') ? '.' : _DOSStub[j]);
     
                    strcat(Hex, temp1);
                    strcat(Binary, temp2);
                }
                printf("%s%s\n", Hex, Binary);
                i += DISP_SIZE;
            }
        }
    }
     
    void CPEViewer::showNTHeader()
    {
        unsigned int offset = sizeof(_IMAGE_DOS_HEADER) + _DOSStubSize;
     
        showTitle();
     
        /*
        typedef struct _IMAGE_NT_HEADERS {
        DWORD Signature;
        IMAGE_FILE_HEADER FileHeader;
        IMAGE_OPTIONAL_HEADER32 OptionalHeader;
        } IMAGE_NT_HEADERS32, *PIMAGE_NT_HEADERS32;
        */
        puts(" Offset   Value    Description");
        puts("-------- -------- -------------------------------------------------------------");
        
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_RED);
        BYTE * p = (BYTE*)_ntHeader.Signature;
        printf("%08X %08X Signature:(%C%C%C%C)\n", offset, _ntHeader.Signature,
            LOWORD(LOBYTE(_ntHeader.Signature)), LOWORD(HIBYTE(_ntHeader.Signature)), 
            HIWORD(LOBYTE(_ntHeader.Signature)), HIWORD(HIBYTE(_ntHeader.Signature)));
        CConsoleUtil::ResetColor();
    }
     
    void CPEViewer::showNTHeaderFileHeader()
    {
        unsigned int offset = sizeof(_IMAGE_DOS_HEADER) + _DOSStubSize + sizeof(_ntHeader.Signature);
        IMAGE_FILE_HEADER * header = &_ntHeader.FileHeader;
     
        showTitle();
     
        /*
        typedef struct _IMAGE_FILE_HEADER {
        WORD    Machine;
        WORD    NumberOfSections;
        DWORD   TimeDateStamp;
        DWORD   PointerToSymbolTable;
        DWORD   NumberOfSymbols;
        WORD    SizeOfOptionalHeader;
        WORD    Characteristics;
        } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
        */
        puts(" Offset   Value    Description");
        puts("-------- -------- -------------------------------------------------------------");
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Machine:%s\n", offset, header->Machine, getMachineText(header->Machine));
        offset += sizeof(header->Machine);
     
        printf("%08X %08X SectionCount:%d\n", offset, header->NumberOfSections, header->NumberOfSections);
        offset += sizeof(header->NumberOfSections);
        CConsoleUtil::ResetColor();
     
        printf("%08X %08X TimeStamp:%s\n", offset, header->TimeDateStamp, getTimeStampText(header->TimeDateStamp).c_str());
        offset += sizeof(header->TimeDateStamp);
     
        printf("%08X %08X Offset to symbole table:%d\n", offset, header->PointerToSymbolTable, header->PointerToSymbolTable);
        offset += sizeof(header->PointerToSymbolTable);
        
        printf("%08X %08X Number of symbole table:%d\n", offset, header->NumberOfSymbols, header->NumberOfSymbols);
        offset += sizeof(header->NumberOfSymbols);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Size of Optional header:%d\n", offset, header->SizeOfOptionalHeader, header->SizeOfOptionalHeader);
        offset += sizeof(header->SizeOfOptionalHeader);
        CConsoleUtil::ResetColor();
     
        printf("%08X %08X Characteristics\n", offset, header->Characteristics);
        showCharacteristicsText(header->Characteristics);
    }
     
    const TCHAR * CPEViewer::getMachineText(WORD machine)
    {
        const int IMAGE_FILE_MACHINE_ARM64 = 0xAA64;
        const int IMAGE_FILE_MACHINE_R3000_BIG = 0x0160;
     
        switch (machine)
        {
            // founded documents
        case IMAGE_FILE_MACHINE_AM33:
            return "Matsushita AM33.";
     
        case IMAGE_FILE_MACHINE_AMD64:
            return "AMD(64).";
     
        case IMAGE_FILE_MACHINE_ARM:
            return "ARM little endian.";
        case IMAGE_FILE_MACHINE_ARMNT:
            return "ARMv7 (or higher) Thumb mode only.";
        case IMAGE_FILE_MACHINE_ARM64:
            return "ARMv8 in 64-bit mode.";
     
        case IMAGE_FILE_MACHINE_EBC:
            return "EFI byte code.";
     
        case IMAGE_FILE_MACHINE_I386:
            return "Intel 386 or later processors and compatible processors.";
        case IMAGE_FILE_MACHINE_IA64:
            return "Intel Itanium processor family.";
     
        case IMAGE_FILE_MACHINE_M32R:
            return "Mitsubishi M32R little endian.";
     
        case IMAGE_FILE_MACHINE_MIPS16:
            return "MIPS16.";
        case IMAGE_FILE_MACHINE_MIPSFPU:
            return "MIPS with FPU.";
        case IMAGE_FILE_MACHINE_MIPSFPU16:
            return "MIPS16 with FPU.";
     
        case IMAGE_FILE_MACHINE_POWERPC:
            return "Power PC little endian.";
        case IMAGE_FILE_MACHINE_POWERPCFP:
            return "Power PC with floating point support.";
     
        case IMAGE_FILE_MACHINE_R4000:
            return "MIPS little endian.";
     
        case IMAGE_FILE_MACHINE_SH3:
            return "Hitachi SH3.";
        case IMAGE_FILE_MACHINE_SH3DSP:
            return "Hitachi SH3 DSP.";
        case IMAGE_FILE_MACHINE_SH4:
            return "Hitachi SH4.";
        case IMAGE_FILE_MACHINE_SH5:
            return "Hitachi SH5.";
     
        case IMAGE_FILE_MACHINE_THUMB:
            return "ARM or Thumb (\"interworking\")";
        case IMAGE_FILE_MACHINE_WCEMIPSV2:
            return "MIPS little-endian WCE v2.";
     
            // just winnt.h's comment
        case IMAGE_FILE_MACHINE_R3000:
            return "MIPS little-endian(IMAGE_FILE_MACHINE_R3000).";
        case IMAGE_FILE_MACHINE_R3000_BIG:
            return "MIPS big-endian(IMAGE_FILE_MACHINE_R3000).";
        case IMAGE_FILE_MACHINE_R10000:
            return "MIPS little-endian(IMAGE_FILE_MACHINE_R10000).";
        case IMAGE_FILE_MACHINE_ALPHA:
            return "Alpha_AXP(IMAGE_FILE_MACHINE_ALPHA).";
        case IMAGE_FILE_MACHINE_SH3E:
            return "SH3E little-endian(IMAGE_FILE_MACHINE_SH3E).";
        case IMAGE_FILE_MACHINE_ALPHA64:
            return "ALPHA64(IMAGE_FILE_MACHINE_ALPHA64).";
        case IMAGE_FILE_MACHINE_TRICORE:
            return "Infineon(IMAGE_FILE_MACHINE_TRICORE).";
        case IMAGE_FILE_MACHINE_CEF:
            return "???(IMAGE_FILE_MACHINE_CEF).";
        case IMAGE_FILE_MACHINE_CEE:
            return "???(IMAGE_FILE_MACHINE_CEE).";
        }
        return "UNKNOWN.";
    }
     
    string CPEViewer::getTimeStampText(DWORD timestamp)
    {
        string str;
        TCHAR buffer[64];
     
        if (timestamp == 0)
        {
            sprintf(buffer, "----/--/-- --:--:--");
        }
        else {
            time_t tm = timestamp;
            struct tm * t = localtime(&tm);
     
            sprintf(buffer, "%04d/%02d/%02d %02d:%02d:%02d",
                t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
        }
     
        str = buffer;
        return str;
    }
     
    void CPEViewer::showCharacteristicsText(WORD Characteristics)
    {
        if ((Characteristics & IMAGE_FILE_RELOCS_STRIPPED) == IMAGE_FILE_RELOCS_STRIPPED) {
            puts("                      RELOCS_STRIPPED");
        }
        if ((Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) == IMAGE_FILE_EXECUTABLE_IMAGE) {
            puts("                      EXECUTABLE_IMAGE");
        }
        if ((Characteristics & IMAGE_FILE_LINE_NUMS_STRIPPED) == IMAGE_FILE_LINE_NUMS_STRIPPED) {
            puts("                      LINE_NUMS_STRIPPED");
        }
        if ((Characteristics & IMAGE_FILE_LOCAL_SYMS_STRIPPED) == IMAGE_FILE_LOCAL_SYMS_STRIPPED) {
            puts("                      LOCAL_SYMS_STRIPPED");
        }
        if ((Characteristics & IMAGE_FILE_AGGRESIVE_WS_TRIM) == IMAGE_FILE_AGGRESIVE_WS_TRIM) {
            puts("                      AGGRESIVE_WS_TRIM");
        }
        if ((Characteristics & IMAGE_FILE_LARGE_ADDRESS_AWARE) == IMAGE_FILE_LARGE_ADDRESS_AWARE) {
            puts("                      LARGE_ADDRESS_AWARE");
        }
        if ((Characteristics & IMAGE_FILE_BYTES_REVERSED_LO) == IMAGE_FILE_BYTES_REVERSED_LO) {
            puts("                      BYTES_REVERSED_LO");
        }
        if ((Characteristics & IMAGE_FILE_32BIT_MACHINE) == IMAGE_FILE_32BIT_MACHINE) {
            puts("                      32BIT_MACHINE");
        }
        if ((Characteristics & IMAGE_FILE_DEBUG_STRIPPED) == IMAGE_FILE_DEBUG_STRIPPED) {
            puts("                      DEBUG_STRIPPED");
        }
        if ((Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) == IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) {
            puts("                      REMOVABLE_RUN_FROM_SWAP");
        }
        if ((Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP) == IMAGE_FILE_NET_RUN_FROM_SWAP) {
            puts("                      NET_RUN_FROM_SWAP");
        }
        if ((Characteristics & IMAGE_FILE_SYSTEM) == IMAGE_FILE_SYSTEM) {
            puts("                      SYSTEM");
        }
        if ((Characteristics & IMAGE_FILE_DLL) == IMAGE_FILE_DLL) {
            puts("                      DLL");
        }
        if ((Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY) == IMAGE_FILE_UP_SYSTEM_ONLY) {
            puts("                      UP_SYSTEM_ONLY");
        }
        if ((Characteristics & IMAGE_FILE_BYTES_REVERSED_HI) == IMAGE_FILE_BYTES_REVERSED_HI) {
            puts("                      BYTES_REVERSED_HI");
        }
    }
     
    void CPEViewer::showNTHeaderFileOption()
    {
        const int MAGIC_32BIT = 0x010B;
        const int MAGIC_64BIT = 0x020B;
     
        unsigned int offset = sizeof(_IMAGE_DOS_HEADER) + _DOSStubSize + sizeof(_ntHeader.Signature) + sizeof(_ntHeader.FileHeader);
        IMAGE_OPTIONAL_HEADER * header = &_ntHeader.OptionalHeader;
     
        showTitle();
     
        /* 64BIT                                                                   32BIT
        WORD        Magic;                                                         WORD    Magic;
        BYTE        MajorLinkerVersion;                                            BYTE    MajorLinkerVersion;
        BYTE        MinorLinkerVersion;                                            BYTE    MinorLinkerVersion;
        DWORD       SizeOfCode;                                                    DWORD   SizeOfCode;
        DWORD       SizeOfInitializedData;                                         DWORD   SizeOfInitializedData;
        DWORD       SizeOfUninitializedData;                                       DWORD   SizeOfUninitializedData;
        DWORD       AddressOfEntryPoint;                                           DWORD   AddressOfEntryPoint;
        DWORD       BaseOfCode;                                                    DWORD   BaseOfCode;
                                                                                   DWORD   BaseOfData;
        ULONGLONG   ImageBase;                                                     DWORD   ImageBase;
        DWORD       SectionAlignment;                                              DWORD   SectionAlignment;
        DWORD       FileAlignment;                                                 DWORD   FileAlignment;
        WORD        MajorOperatingSystemVersion;                                   WORD    MajorOperatingSystemVersion;
        WORD        MinorOperatingSystemVersion;                                   WORD    MinorOperatingSystemVersion;
        WORD        MajorImageVersion;                                             WORD    MajorImageVersion;
        WORD        MinorImageVersion;                                             WORD    MinorImageVersion;
        WORD        MajorSubsystemVersion;                                         WORD    MajorSubsystemVersion;
        WORD        MinorSubsystemVersion;                                         WORD    MinorSubsystemVersion;
        DWORD       Win32VersionValue;                                             DWORD   Win32VersionValue;
        DWORD       SizeOfImage;                                                   DWORD   SizeOfImage;
        DWORD       SizeOfHeaders;                                                 DWORD   SizeOfHeaders;
        DWORD       CheckSum;                                                      DWORD   CheckSum;
        WORD        Subsystem;                                                     WORD    Subsystem;
        WORD        DllCharacteristics;                                            WORD    DllCharacteristics;
        ULONGLONG   SizeOfStackReserve;                                            DWORD   SizeOfStackReserve;
        ULONGLONG   SizeOfStackCommit;                                             DWORD   SizeOfStackCommit;
        ULONGLONG   SizeOfHeapReserve;                                             DWORD   SizeOfHeapReserve;
        ULONGLONG   SizeOfHeapCommit;                                              DWORD   SizeOfHeapCommit;
        DWORD       LoaderFlags;                                                   DWORD   LoaderFlags;
        DWORD       NumberOfRvaAndSizes;                                           DWORD   NumberOfRvaAndSizes;
        IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];      IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];  
        */                                                                         
        puts(" Offset   Value    Description");
        puts("-------- -------- -------------------------------------------------------------");
        
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_RED);
        printf("%08X %08X Magic:%u(%s)\n", offset, header->Magic, header->Magic, (header->Magic == MAGIC_32BIT) ? "32Bit" : (header->Magic == MAGIC_64BIT) ? "64Bit" : "Unknown");
        offset += sizeof(header->Magic);
        CConsoleUtil::ResetColor();
     
        //printf("%08X %08X Linker Version:%u.%u\n", offset, MAKEWORD(header->MinorLinkerVersion, header->MajorLinkerVersion), header->MajorLinkerVersion, header->MinorLinkerVersion);
        offset += sizeof(header->MajorLinkerVersion);
        offset += sizeof(header->MinorLinkerVersion);
        
        printf("%08X %08X SizeOfCode:%u(Bytes)\n", offset, header->SizeOfCode, header->SizeOfCode);
        offset += sizeof(header->SizeOfCode);
     
        printf("%08X %08X SizeOfInitializedData:%u(Bytes)\n", offset, header->SizeOfInitializedData, header->SizeOfInitializedData);
        offset += sizeof(header->SizeOfInitializedData);
     
        printf("%08X %08X SizeOfUninitializedData:%u(Bytes)\n", offset, header->SizeOfUninitializedData, header->SizeOfUninitializedData);
        offset += sizeof(header->SizeOfUninitializedData);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X RVA(Relative Virtual Address).\n", offset, header->AddressOfEntryPoint);
        offset += sizeof(header->AddressOfEntryPoint);
        CConsoleUtil::ResetColor();
     
        printf("%08X %08X Image base of the beginning-of-code section.\n", offset, header->BaseOfCode);
        offset += sizeof(header->BaseOfCode);
     
    #ifdef _WIN64
        todo : xxxx
        printf("%08X %08X Image when loaded into memory(LO).\n", offset, LODWORD(header->ImageBase));
        offset += sizeof(DWORD);
        printf("%08X %08X Image when loaded into memory(HI).\n", offset, HIDWORD(header->ImageBase));
        offset += sizeof(DWORD);
    #else
        printf("%08X %08X Image base of the beginning-of-data section.\n", offset, header->BaseOfData);
        offset += sizeof(header->BaseOfCode);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Image when loaded into memory.\n", offset, header->ImageBase);
        offset += sizeof(header->ImageBase);
        CConsoleUtil::ResetColor();
    #endif
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X SectionAlignment:%u\n", offset, header->SectionAlignment, header->SectionAlignment);
        offset += sizeof(header->SectionAlignment);
     
        printf("%08X %08X FileAlignment:%u\n", offset, header->FileAlignment, header->FileAlignment);
        offset += sizeof(header->FileAlignment);
        CConsoleUtil::ResetColor();
     
        //printf("%08X %08X OperatingSystemVersion:%u.%u\n", offset, MAKELONG(header->MinorOperatingSystemVersion, header->MajorOperatingSystemVersion),
        //    header->MajorOperatingSystemVersion, header->MinorOperatingSystemVersion);
        offset += sizeof(header->MajorOperatingSystemVersion);
        offset += sizeof(header->MinorOperatingSystemVersion);
     
        //printf("%08X %08X ImageVersion:%u.%u\n", offset, MAKELONG(header->MinorImageVersion, header->MajorImageVersion),
        //    header->MajorImageVersion, header->MinorImageVersion);
        offset += sizeof(header->MajorImageVersion);
        offset += sizeof(header->MinorImageVersion);
     
        //printf("%08X %08X SubsystemVersion:%u.%u\n", offset, MAKELONG(header->MinorSubsystemVersion, header->MajorSubsystemVersion),
        //    header->MajorSubsystemVersion, header->MinorSubsystemVersion);
        offset += sizeof(header->MajorSubsystemVersion);
        offset += sizeof(header->MinorSubsystemVersion);
     
        //printf("%08X %08X Win32VersionValue:%u\n", offset, header->Win32VersionValue, header->Win32VersionValue);
        offset += sizeof(header->Win32VersionValue);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Size of Image is loaded in memory:%u(Bytes)\n", offset, header->SizeOfImage, header->SizeOfImage);
        offset += sizeof(header->SizeOfImage);
     
        printf("%08X %08X Total size of PE Header:%u(Bytes)\n", offset, header->SizeOfHeaders, header->SizeOfHeaders);
        offset += sizeof(header->SizeOfHeaders);
        CConsoleUtil::ResetColor();
     
        //printf("%08X %08X CheckSum:(%u)\n", offset, header->CheckSum, header->CheckSum);
        offset += sizeof(header->CheckSum);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Subsystem:(%s)\n", offset, header->Subsystem, getSubSystemText(header->Subsystem));
        offset += sizeof(header->Subsystem);
        CConsoleUtil::ResetColor();
     
        printf("%08X %08X DllCharacteristics:(%u)\n", offset, header->DllCharacteristics, header->DllCharacteristics);
        offset += sizeof(header->DllCharacteristics);
     
    #ifdef _WIN64
        TODO:total size!!!
        printf("%08X %08X SizeOfStackReserve(LO):(%d)\n", offset, LODWORD(header->SizeOfStackReserve));
        offset += sizeof(DWORD);
        printf("%08X %08X SizeOfStackReserve(HI):(%d)\n", offset, HIDWORD(header->SizeOfStackReserve));
        offset += sizeof(DWORD);
     
        printf("%08X %08X SizeOfStackCommit:(%d)\n", offset, header->SizeOfStackCommit, header->SizeOfStackCommit);
        offset += sizeof(header->SizeOfStackCommit);
        
        printf("%08X %08X SizeOfHeapReserve:(%d)\n", offset, header->SizeOfHeapReserve, header->SizeOfHeapReserve);
        offset += sizeof(header->SizeOfHeapReserve);
        
        printf("%08X %08X SizeOfHeapCommit:(%d)\n", offset, header->SizeOfHeapCommit, header->SizeOfHeapCommit);
        offset += sizeof(header->SizeOfHeapCommit);
    #else
        printf("%08X %08X SizeOfStackReserve:(%u)\n", offset, header->SizeOfStackReserve, header->SizeOfStackReserve);
        offset += sizeof(header->SizeOfStackReserve);
     
        printf("%08X %08X SizeOfStackCommit:(%u)\n", offset, header->SizeOfStackCommit, header->SizeOfStackCommit);
        offset += sizeof(header->SizeOfStackCommit);
     
        printf("%08X %08X SizeOfHeapReserve:(%u)\n", offset, header->SizeOfHeapReserve, header->SizeOfHeapReserve);
        offset += sizeof(header->SizeOfHeapReserve);
     
        printf("%08X %08X SizeOfHeapCommit:(%u)\n", offset, header->SizeOfHeapCommit, header->SizeOfHeapCommit);
        offset += sizeof(header->SizeOfHeapCommit);
    #endif
        printf("%08X %08X LoaderFlags:(%u)\n", offset, header->LoaderFlags, header->LoaderFlags);
        offset += sizeof(header->LoaderFlags);
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X %08X Data directories size:%u.\n", offset, header->NumberOfRvaAndSizes, header->NumberOfRvaAndSizes);
        offset += sizeof(header->NumberOfRvaAndSizes);
        CConsoleUtil::ResetColor();
        _NumberOfRVAs = header->NumberOfRvaAndSizes;
     
     
        // Directories
        IMAGE_DATA_DIRECTORY * dir = header->DataDirectory;
     
        CConsoleUtil::SetColor(COLOR_WHITE, COLOR_BLUE);
        printf("%08X -------- EXPORT DIR.         VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- IMPORT DIR.         VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- RESOURCE DIR.       VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        CConsoleUtil::ResetColor();
        printf("%08X -------- EXCEPTION DIR.      VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- SECURITY DIR.       VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- BASERELOC DIR.      VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- DEBUG DIR.          VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- COPYRIGHT DIR.      VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- GLOBALPTR DIR.      VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- TLS DIR.            VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- LOAD CONFIG DIR.    VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- BOUND IMPORT DIR.   VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- IAT DIR.            VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- DELAY IMPORT DIR.   VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- COM DESCRIPTOR DIR. VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
        offset += sizeof(IMAGE_DATA_DIRECTORY); dir++;
        printf("%08X -------- Reserved DIR.       VirtualAddr:0x%08X, Size:%u\n", offset, dir->VirtualAddress, dir->Size);
    }
     
    const TCHAR * CPEViewer::getSubSystemText(WORD subsystem)
    {
        switch (subsystem)
        {
        case IMAGE_SUBSYSTEM_NATIVE:
            return "Device drivers and native Windows processes.";
        case IMAGE_SUBSYSTEM_WINDOWS_GUI:
            return "The Windows GUI.";
        case IMAGE_SUBSYSTEM_WINDOWS_CUI:
            return "The Windows CUI.";
        case IMAGE_SUBSYSTEM_OS2_CUI:
            return "The OS/2 GUI.";
        case IMAGE_SUBSYSTEM_POSIX_CUI:
            return "The Posix character.";
        case IMAGE_SUBSYSTEM_NATIVE_WINDOWS:
            return "Windows9x driver.";
        case IMAGE_SUBSYSTEM_WINDOWS_CE_GUI:
            return "Windows CE.";
        case IMAGE_SUBSYSTEM_EFI_APPLICATION:
            return "An EFI application.";
        case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
            return "An EFI driver with boot services.";
        case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
            return "An EFI driver with run-time services.";
        case IMAGE_SUBSYSTEM_EFI_ROM:
            return "An EFI ROM image.";
        case IMAGE_SUBSYSTEM_XBOX:
            return "XBOX.";
        case IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION:
            return "Windows boot application.";
        }
        return "Unknown";
    }
     
    void CPEViewer::showSectionText()
    {
        unsigned int offset = sizeof(_IMAGE_DOS_HEADER) + _DOSStubSize + sizeof(IMAGE_NT_HEADERS);
     
        /*
                    BYTE    Name[IMAGE_SIZEOF_SHORT_NAME];
        union {
                DWORD   PhysicalAddress;
                DWORD   VirtualSize;
        } Misc;
        DWORD   VirtualAddress;
        DWORD   SizeOfRawData;
        DWORD   PointerToRawData;
        DWORD   PointerToRelocations;
        DWORD   PointerToLinenumbers;
        WORD    NumberOfRelocations;
        WORD    NumberOfLinenumbers;
        DWORD   Characteristics;
        */
     
        showTitle();
     
        puts(" Offset   Value    Description");
        puts("-------- -------- -------------------------------------------------------------");
     
        printf("%08X %08X Name:(%s)\n", offset, makeDWORD(_secText.Name), getNameText(_secText.Name).c_str());
        offset += sizeof(sizeof(_secText.Name) / 2);
     
        printf("%08X %08X \n", offset, makeDWORD(&_secText.Name[4]));
        offset += sizeof(sizeof(_secText.Name) / 2);
    }
     
    string CPEViewer::getNameText(const BYTE * data)
    {
        string ret;
        TCHAR buffer[64= { 0 };
        TCHAR temp[32];
     
        for (int i = 0; i < IMAGE_SIZEOF_SHORT_NAME; i++)
        {
            switch (data[i])
            {
            case '\0':
                temp[0= '\\';
                temp[1= '0';
                temp[2= 0;
                break;
     
            case '\r':
                temp[0= '\\';
                temp[1= 'r';
                temp[2= 0;
                break;
     
            case '\n':
                temp[0= '\\';
                temp[1= 'n';
                temp[2= 0;
                break;
     
            case '\b':
                temp[0= '\\';
                temp[1= 'b';
                temp[2= 0;
                break;
     
            default:
                sprintf(temp, "%C", data[i]);
            }
            strcat(buffer, temp);
        }
     
        ret = buffer;
        return ret;
    }
     
    DWORD CPEViewer::makeDWORD(const BYTE * data)
    {
        DWORD ret = MAKELONG(MAKEWORD(data[3], data[2]), MAKEWORD(data[1], data[0]));
        return ret;
    }
     
    void CPEViewer::clear()
    {
        memset(&_dosHeader, 0sizeof(_dosHeader));
        memset(&_ntHeader, 0sizeof(_ntHeader));
     
        if (_DOSStub != NULL) {
            free(_DOSStub);
            _DOSStub = NULL;
        }
    }
     
     
    cs

     

     

    ConsolUtil.h

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    #pragma once
    #include <Windows.h>
     
    #define COLOR_BLACK     (0x00)
    #define COLOR_DKRED     (0x04)
    #define COLOR_DKGREEN   (0x02)
    #define COLOR_DKBLUE    (0x01)
    #define COLOR_GRAY      (COLOR_DKRED | COLOR_DKGREEN | COLOR_DKBLUE)
    #define COLOR_RED       (COLOR_DKRED    | 0x08)
    #define COLOR_GREEN     (COLOR_DKGREEN  | 0x08)
    #define COLOR_BLUE      (COLOR_DKBLUE   | 0x08)
    #define COLOR_WHITE     (COLOR_GRAY     | 0x08)
     
    class CConsoleUtil
    {
    public:
        CConsoleUtil();
        ~CConsoleUtil();
     
        static void SetColor(BYTE foreColor, BYTE backColor = COLOR_BLACK);
        static void ResetColor(BYTE foreColor = COLOR_GRAY, BYTE backColor = COLOR_BLACK);
    };
     
     
    cs

     

    ConsolUtil.cpp

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    #include "ConsoleUtil.h"
     
     
    CConsoleUtil::CConsoleUtil()
    {
    }
     
     
    CConsoleUtil::~CConsoleUtil()
    {
    }
     
    void CConsoleUtil::SetColor(BYTE foreColor, BYTE backColor)
    {
        BYTE color = backColor << 4 | foreColor;
        ::SetConsoleTextAttribute(::GetStdHandle(STD_OUTPUT_HANDLE), MAKEWORD(color, 0));
    }
     
    void CConsoleUtil::ResetColor(BYTE foreColor, BYTE backColor)
    {
        BYTE color = backColor << 4 | foreColor;
        ::SetConsoleTextAttribute(::GetStdHandle(STD_OUTPUT_HANDLE), MAKEWORD(color, 0));
    }
     
    cs

     

     

댓글 0

현재 게시판 기능 테스트중입니다. 디자인이나 게시판 구성은 언제든지 예고없이 변경될 수 있습니다.