cdiaz0712
April 5th, 2008, 00:40
Write a program in C that do the following. ----------------------------------------------------------------------------------------------------------------------------------------------------
1. Accepts 1 parameter. The parameter is the filename to be processed.
If there are no parameters, or if there are more than 1 parameters, show an error message.
2. Opens the file and verify if it’s a PE file.
A PE File has the following characteristics:
MZ signature at offset 00h..01h
A value > 0x40 at offset 18h
PE signature at offset pointed to by value in offset 3Ch
** You can use either fread/ReadFile/ReadFileEx/CreateFileMapping to read the contents of the file.
3. Loads the PE header, PE Optional Header and Data directory into a structure and display the values inside this table.
Please refer to the attached excel sheet for the PE Header documentation.
You can start your structure for the PE Header as follows:
struct _PE_HEADER
{
char szPeSignature[4];
WORD wMachine;
WORD wNumberOfSections;
DWORD dwTimeDateStamp;
DWORD dwPointerToSymbolTable;
…
…
…
} PE_HEADER;
Sample Output:
PE-Dump of "calc.exe"
============================================================================
PE-Header at offset 000000F
============================================================================
Machine (014C) Intel 386
Number of sections 3
TimeDate stamp (3B7D8410) Fri Aug 17 13:52:32 2001
Pointer to symbol table 00000000
Number of symbols (00000000) 0
Size of optional header (00E0) 224
Characteristics 010F
bit 0: relocations stripped Yes
bit 1: executable image Yes
bit 2: line numbers stripped Yes
bit 3: local symbols stripped Yes
bit 4: agressively trim working set No
bit 5: (reserved) No
...
Magic optional header 010B
Linker version 7.00
Size of code (00012800) 75776
Size of initialized data (00009C00) 39936
Size of uninitialized data (00000000) 0
Address of entry point 00012475
…
1. Accepts 1 parameter. The parameter is the filename to be processed.
If there are no parameters, or if there are more than 1 parameters, show an error message.
2. Opens the file and verify if it’s a PE file.
A PE File has the following characteristics:
MZ signature at offset 00h..01h
A value > 0x40 at offset 18h
PE signature at offset pointed to by value in offset 3Ch
** You can use either fread/ReadFile/ReadFileEx/CreateFileMapping to read the contents of the file.
3. Loads the PE header, PE Optional Header and Data directory into a structure and display the values inside this table.
Please refer to the attached excel sheet for the PE Header documentation.
You can start your structure for the PE Header as follows:
struct _PE_HEADER
{
char szPeSignature[4];
WORD wMachine;
WORD wNumberOfSections;
DWORD dwTimeDateStamp;
DWORD dwPointerToSymbolTable;
…
…
…
} PE_HEADER;
Sample Output:
PE-Dump of "calc.exe"
============================================================================
PE-Header at offset 000000F
============================================================================
Machine (014C) Intel 386
Number of sections 3
TimeDate stamp (3B7D8410) Fri Aug 17 13:52:32 2001
Pointer to symbol table 00000000
Number of symbols (00000000) 0
Size of optional header (00E0) 224
Characteristics 010F
bit 0: relocations stripped Yes
bit 1: executable image Yes
bit 2: line numbers stripped Yes
bit 3: local symbols stripped Yes
bit 4: agressively trim working set No
bit 5: (reserved) No
...
Magic optional header 010B
Linker version 7.00
Size of code (00012800) 75776
Size of initialized data (00009C00) 39936
Size of uninitialized data (00000000) 0
Address of entry point 00012475
…