Windows PE 重定位表编程（枚举重定位地址）

原理之前单独总结过，在这里：

http://blog.csdn.net/u013761036/article/details/54051347

下面是枚举重定位信息的代码：

// ReLocationX86.cpp : 定义控制台应用程序的入口点。 //#include "stdafx.h" #include <string> #include <windows.h> #include <shlwapi.h> #include <Dbghelp.h> //ImageRvaToVa #pragma comment(lib, "Dbghelp.lib") #pragma comment(lib, "shlwapi.lib") using namespace std; #pragma warning(disable : 4996)unsigned char bMemory[1024*1024*5] = {0};DWORD dwLoadPE2Memory(string strPePath){ FILE *fpLoadDll; char cCache[1024]; if((fpLoadDll = fopen(strPePath.c_str(),"rb")) == NULL) { return 0; } DWORD dwNowReadId = 0; while (1) { ZeroMemory(cCache ,sizeof(cCache)); DWORD dwReadSize = fread(cCache,1,1024 ,fpLoadDll); DWORD dwErrorCode = GetLastError(); if(dwReadSize == 0){ break; } for(int i = 1 ;i <= dwReadSize ;i ++){ bMemory[dwNowReadId++] = cCache[i-1]; } } fclose(fpLoadDll); return dwNowReadId; }void DoReLocation( void * pBaseAddress){PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pBaseAddress; PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((PBYTE)pBaseAddress + pDosHeader->e_lfanew); //PIMAGE_BASE_RELOCATION pNowPageAddress = (PIMAGE_BASE_RELOCATION)((unsigned long)pBaseAddress + pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); if(pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress == 0){ return ; } PIMAGE_BASE_RELOCATION pNowPageAddress = (PIMAGE_BASE_RELOCATION)ImageRvaToVa( pNtHeaders, pBaseAddress, pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress, NULL);while ((pNowPageAddress->VirtualAddress + pNowPageAddress->SizeOfBlock) != 0) {WORD *pLocalListAddress = (WORD *)((PBYTE)pNowPageAddress + sizeof(IMAGE_BASE_RELOCATION));int nNumberOfReloc = (pNowPageAddress->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION))/sizeof(WORD);for ( int i=0 ; i < nNumberOfReloc; i++){if ((DWORD)(pLocalListAddress[i] & 0x0000F000) == 0x00003000){DWORD* pNeedReLocationAddress = (DWORD *)((PBYTE)pBaseAddress + pNowPageAddress->VirtualAddress + (pLocalListAddress[i] & 0x0FFF));DWORD dwDelta = (DWORD)pBaseAddress - pNtHeaders->OptionalHeader.ImageBase;*pLocalListAddress += dwDelta;DWORD dwSorAddress ,dwNewAddress ,dwImageBaseAddress ,dwVirtualBaseAddress; dwSorAddress = *pLocalListAddress - dwDelta;dwNewAddress = *pLocalListAddress; dwImageBaseAddress = pNtHeaders->OptionalHeader.ImageBase; dwVirtualBaseAddress = (DWORD)pBaseAddress; printf("ImageBasAd:%X ,VirtualBasAd:%X ,SorAd:%X ,NewAd:%X\n" ,dwImageBaseAddress ,dwVirtualBaseAddress ,dwSorAddress ,dwNewAddress);}}pNowPageAddress = (PIMAGE_BASE_RELOCATION)((PBYTE)pNowPageAddress + pNowPageAddress->SizeOfBlock);} }int _tmain(int argc, _TCHAR* argv[]) { //HMODULE hModule = GetModuleHandle(NULL); if(dwLoadPE2Memory("C:\\TTT.exe")){ DoReLocation(bMemory); } return 0; }

总结

以上是生活随笔为你收集整理的Windows PE 重定位表编程（枚举重定位地址）的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。