PIMAGE_NT_HEADERS32 CPEFile::GetNtHeader() // done!
{
PIMAGE_DOS_HEADER pDH = GetDosHeader();
if (pDH)
return (PIMAGE_NT_HEADERS32)((DWORD)GetImage()+pDH->e_lfanew);
return NULL;
}
bool CPEFile::IsPEFile() // done!
{
PIMAGE_DOS_HEADER pDosHeader = GetDosHeader();
if (pDosHeader->e_magic == IMAGE_DOS_SIGNATURE)
{
PIMAGE_NT_HEADERS32 pNtHeader = GetNtHeader();
if (pNtHeader->Signature == IMAGE_NT_SIGNATURE)
return true;
}
return false;
}
void test(void)
{
std::list<PROCESSENTRY32> lProcess;
std::list<MODULEENTRY32> lModules;
DWORD dwPid = 0;
std::list<MEMORY_BASIC_INFORMATION> lMemBI;
std::list<THREADENTRY32> lThreads;
std::list<LPCVOID> lAddress;
DWORD dwBaseAddress = 0;
IMAGE_DOS_HEADER DosHeader;
IMAGE_NT_HEADERS NTHeader;
lProcess = GetProcessList();
PrintProcessList(lProcess);
dwPid = GetPidProcess("notepad++.exe");
PrintPidProcess("notepad++.exe", dwPid);
lModules = GetModuleList(dwPid);
PrintModulesList(lModules);
lMemBI = GetMemoryInformation(dwPid);
PrintMemoryInfo(lMemBI);
lThreads = GetThreadsList(dwPid);
PrintThreadsInfo(lThreads);
SuspendAllThread(dwPid);
Sleep(1000);
ResumeAllThread(dwPid);
lAddress = ScanPattern("\x42\x42\x42", 3, dwPid);
PrintPatternMatch(lAddress);
dwBaseAddress = GetRemoteBaseAddress(dwPid);
printf("BaseAddress = %08X\n", dwBaseAddress);
DosHeader = GetDosHeader(dwPid);
PrintDosHeader(&DosHeader);
NTHeader = GetNTHeader(dwPid);
PrintNTHeader(&NTHeader);
}
PIMAGE_SECTION_HEADER CPEInfo::GetSectionHeader()
{
return (PIMAGE_SECTION_HEADER)((char*)m_pFileMap + GetDosHeader()->e_lfanew + sizeof(IMAGE_NT_HEADERS));
}
PIMAGE_NT_HEADERS CPEInfo::GetImageNTHeader()
{
return (PIMAGE_NT_HEADERS)((char*)m_pFileMap + GetDosHeader()->e_lfanew);;
}
