1.目标
点击按钮“区段”弹出节表框,显示当前所选pe文件的节表信息
2.分析
1)画一个新对话框;只需要一个listView即可;
2)按钮的点击事件中调用DialogBox弹出该对话框;
3)在新对话框的回调函数的窗口加载事件中初始化listview;
4)为了得到节表信息,需要知道pe文件的路径;该路径在获取pe信息是已经得到,用全局变量来保存即可;
3.主要代码
//遍历节信息 void getSectionInfo(HWND hSection){ PIMAGE_DOS_HEADER dosHeader = NULL; //dos头指针 PIMAGE_FILE_HEADER peHeader = NULL; //pe头指针 PIMAGE_OPTIONAL_HEADER32 opHeader = NULL; //可选pe头指针 PIMAGE_SECTION_HEADER secHeader = NULL; //节表指针 //读入pe文件 LPVOID pFileBuffer = NULL; ::readPeFile(szFileName, &pFileBuffer); if(!pFileBuffer){ return; } //给pe结构头指针赋值 dosHeader = (PIMAGE_DOS_HEADER) pFileBuffer; peHeader = (PIMAGE_FILE_HEADER) ((DWORD)pFileBuffer + dosHeader->e_lfanew + 4); opHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)peHeader + IMAGE_SIZEOF_FILE_HEADER); secHeader = (PIMAGE_SECTION_HEADER) ((DWORD)opHeader + peHeader->SizeOfOptionalHeader); DWORD secNum = peHeader->NumberOfSections; for(int i=0;i<secNum;i++){ PIMAGE_SECTION_HEADER pSec = secHeader + i; LV_ITEM vitem; //初始化 memset(&vitem,0,sizeof(LV_ITEM)); vitem.mask = LVIF_TEXT; //节名 TCHAR szSecName[9]={0}; memcpy(szSecName, pSec->Name, 8); vitem.pszText = szSecName; //值 vitem.iItem = i; //行 vitem.iSubItem = 0; //列 SendMessage(hSection, LVM_INSERTITEM,0,(DWORD)&vitem); //内存偏移 TCHAR szVirtualAddress[10] = {0}; sprintf(szVirtualAddress,"%08x",pSec->VirtualAddress); //数字转字符串 vitem.pszText = szVirtualAddress; vitem.iItem = i; vitem.iSubItem = 1; ListView_SetItem(hSection, &vitem); //内存大小 TCHAR szMisc[10] = {0}; sprintf(szMisc,"%08x",pSec->Misc.VirtualSize); //数字转字符串 vitem.pszText = szMisc; vitem.iItem = i; vitem.iSubItem = 2; ListView_SetItem(hSection, &vitem); //文件偏移 TCHAR szPointerToRawData[10] = {0}; sprintf(szPointerToRawData,"%08x",pSec->PointerToRawData); //数字转字符串 vitem.pszText = szPointerToRawData; vitem.iItem = i; vitem.iSubItem = 3; ListView_SetItem(hSection, &vitem); //文件大小 TCHAR szSizeOfRawData[10] = {0}; sprintf(szSizeOfRawData,"%08x",pSec->SizeOfRawData); //数字转字符串 vitem.pszText = szSizeOfRawData; vitem.iItem = i; vitem.iSubItem = 4; ListView_SetItem(hSection, &vitem); //属性 TCHAR szChar[10] = {0}; sprintf(szChar,"%08x",pSec->Characteristics); //数字转字符串 vitem.pszText = szChar; vitem.iItem = i; vitem.iSubItem = 5; ListView_SetItem(hSection, &vitem); } free(pFileBuffer); } //节表列 void initSectionView(HWND hDlg){ LV_COLUMN lv; HWND hSection; //初始化,局部变量堆栈中分配,不知道是什么数据所以先清零 memset(&lv,0,sizeof(LV_COLUMN)); //获取listview控件句柄 hSection = GetDlgItem(hDlg,IDC_LIST_SEC); //设置整行选中,窗口是windows来管理的无法直接操作,程序能做的只能发送一个消息来让windows直到该怎么做 SendMessage(hSection,LVM_SETEXTENDEDLISTVIEWSTYLE,LVS_EX_FULLROWSELECT,LVS_EX_FULLROWSELECT); //第一列 lv.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; lv.pszText = TEXT("节名"); //列标题 lv.cx = 160; //列宽 lv.iSubItem = 0; //ListView_InsertColumn(hListProcess, 0, &lv); SendMessage(hSection,LVM_INSERTCOLUMN,0,(DWORD)&lv); //第二列 lv.pszText = TEXT("内存偏移"); lv.cx = 100; lv.iSubItem = 1; //ListView_InsertColumn(hListProcess, 1, &lv); SendMessage(hSection,LVM_INSERTCOLUMN,1,(DWORD)&lv); lv.pszText = TEXT("内存大小"); lv.cx = 100; lv.iSubItem = 2; SendMessage(hSection,LVM_INSERTCOLUMN,2,(DWORD)&lv); lv.pszText = TEXT("文件偏移"); lv.cx = 100; lv.iSubItem = 3; SendMessage(hSection,LVM_INSERTCOLUMN,3,(DWORD)&lv); lv.pszText = TEXT("文件大小"); lv.cx = 100; lv.iSubItem = 4; SendMessage(hSection,LVM_INSERTCOLUMN,4,(DWORD)&lv); lv.pszText = TEXT("属性"); lv.cx = 100; lv.iSubItem = 5; SendMessage(hSection,LVM_INSERTCOLUMN,5,(DWORD)&lv); getSectionInfo(hSection); }