[[662]]の続き。IMAGE_FILE_HEADER.NumberOfSectionsの数だけ、IMAGE_NT_HEADERSの後ろに存在するIMAGE_SECTION_HEADERを読み込む。 #more|| show_section_header.py: #code|python|> import sys, logging, struct, ctypes # {{{ data structure definitions BYTE = ctypes.c_ubyte WORD = ctypes.c_ushort LONG = ctypes.c_long DWORD = ctypes.c_ulong class IMAGE_DOS_HEADER(ctypes.Structure): #省略 class IMAGE_FILE_HEADER(ctypes.Structure): #省略 class IMAGE_DATA_DIRECTORY(ctypes.Structure): #省略 IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16 class IMAGE_OPTIONAL_HEADER(ctypes.Structure): #省略 class IMAGE_NT_HEADERS(ctypes.Structure): #省略 IMAGE_SIZEOF_SHORT_NAME = 8 class IMAGE_SECTION_HEADER_MISC(ctypes.Union): _fields_ = [ ('PhysicalAddress', DWORD), ('VirtualSize', DWORD), ] class IMAGE_SECTION_HEADER(ctypes.Structure): _fields_ = [ ('Name', BYTE * IMAGE_SIZEOF_SHORT_NAME), ('Misc', IMAGE_SECTION_HEADER_MISC), ('VirtualAddress', DWORD), ('SizeOfRawData', DWORD), ('PointerToRawData', DWORD), ('PointerToRelocations', DWORD), ('PointerToLinenumbers', DWORD), ('NumberOfRelocations', WORD), ('NumberOfLinenumbers', WORD), ('Characteristics', DWORD), ] # }}} if 2 != len(sys.argv): print 'usage: python %s filename' % sys.argv[0] quit() file_name = sys.argv[1] logging.basicConfig( level=logging.DEBUG, format='%(asctime)s %(name)s %(levelname)s %(message)s', ) log = logging.getLogger('main') try: f = open(file_name, 'rb') except IOError, e: log.error("open(%s) faileed." % file_name) log.error(e) raise e # {{{ read IMAGE_DOS_HEADER f.seek(0, 0) sz = ctypes.sizeof(IMAGE_DOS_HEADER) data = f.read(sz) dos_header = IMAGE_DOS_HEADER() fit = min(len(data), sz) ctypes.memmove(ctypes.addressof(dos_header), data, fit) # }}} # {{{ read IMAGE_NT_HEADERS f.seek(dos_header.e_lfanew, 0) sz = ctypes.sizeof(IMAGE_NT_HEADERS) data = f.read(sz) pe_header = IMAGE_NT_HEADERS() fit = min(len(data), sz) ctypes.memmove(ctypes.addressof(pe_header), data, fit) # }}} # {{{ dump IMAGE_NT_HEADER print "IMAGE_NT_HEADER:" print "\tSignature: %08X" % pe_header.Signature print "\tFileHeader, OptionalHeader: (continued)" file_header = pe_header.FileHeader print "-------------------------------" print "IMAGE_FILE_HEADER:" # 省略 opt_header = pe_header.OptionalHeader print "-------------------------------" print "IMAGE_OPTIONAL_HEADER:" # 省略 # }}} # {{{ dump IMAGE_SECTION_HEADERs section_header_sz = ctypes.sizeof(IMAGE_SECTION_HEADER) for i in range(file_header.NumberOfSections): data = f.read(section_header_sz) section_header = IMAGE_SECTION_HEADER() fit = min(len(data), sz) ctypes.memmove(ctypes.addressof(section_header), data, fit) print "-------------------------------" print "IMAGE_SECTION_HEADER[%d]:" % i print "\tName: ", for j in range(IMAGE_SIZEOF_SHORT_NAME): print "%c" % section_header.Name[j], print "" print "\tMisc.PhysicalAddress: %08X" % section_header.Misc.PhysicalAddress print "\tMisc.VirtualSize: %08X" % section_header.Misc.VirtualSize print "\tVirtualAddress: %08X" % section_header.VirtualAddress print "\tSizeOfRawData: %08X" % section_header.SizeOfRawData print "\tPointerToRawData: %08X" % section_header.PointerToRawData print "\tPointerToRelocations: %08X" % section_header.PointerToRelocations print "\tPointerToLinenumbers: %08X" % section_header.PointerToLinenumbers print "\tNumberOfRelocations: %04X" % section_header.NumberOfRelocations print "\tNumberOfLinenumbers: %04X" % section_header.NumberOfLinenumbers print "\tCharacteristics: %08X" % section_header.Characteristics # }}} ||< 省略部分についてはこれまでの記事を参照。 [[662]] [[661]] [[660]]