home ホーム search 検索 -  login ログイン  | reload edit datainfo version cmd icon diff delete  | help ヘルプ

日記/2010/05/26/IMAGE_SECTION_HEADERを覗いてみる。

日記/2010/05/26/IMAGE_SECTION_HEADERを覗いてみる。

日記 / 2010 / 05 / 26 / IMAGE_SECTION_HEADERを覗いてみる。
id: 663 所有者: msakamoto-sf    作成日: 2010-05-26 10:33:58
カテゴリ: Python Windows 

日記/2010/05/25/IMAGE_OPTIONAL_HEADERを覗いてみる。の続き。IMAGE_FILE_HEADER.NumberOfSectionsの数だけ、IMAGE_NT_HEADERSの後ろに存在するIMAGE_SECTION_HEADERを読み込む。

show_section_header.py:

import sys, logging, struct, ctypes
 
# {{{ data structure definitions
 
BYTE = ctypes.c_ubyte
WORD = ctypes.c_ushort
LONG = ctypes.c_long
DWORD = ctypes.c_ulong
 
class IMAGE_DOS_HEADER(ctypes.Structure):
  #省略
 
class IMAGE_FILE_HEADER(ctypes.Structure):
  #省略
 
class IMAGE_DATA_DIRECTORY(ctypes.Structure):
  #省略
 
IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16
 
class IMAGE_OPTIONAL_HEADER(ctypes.Structure):
  #省略
 
class IMAGE_NT_HEADERS(ctypes.Structure):
  #省略
 
IMAGE_SIZEOF_SHORT_NAME = 8
 
class IMAGE_SECTION_HEADER_MISC(ctypes.Union):
  _fields_ = [
      ('PhysicalAddress', DWORD),
      ('VirtualSize', DWORD),
      ]
 
class IMAGE_SECTION_HEADER(ctypes.Structure):
  _fields_ = [
      ('Name', BYTE * IMAGE_SIZEOF_SHORT_NAME),
      ('Misc', IMAGE_SECTION_HEADER_MISC),
      ('VirtualAddress', DWORD),
      ('SizeOfRawData', DWORD),
      ('PointerToRawData', DWORD),
      ('PointerToRelocations', DWORD),
      ('PointerToLinenumbers', DWORD),
      ('NumberOfRelocations', WORD),
      ('NumberOfLinenumbers', WORD),
      ('Characteristics', DWORD),
      ]
 
# }}}
 
if 2 != len(sys.argv):
  print 'usage: python %s filename' % sys.argv[0]
  quit()
 
file_name = sys.argv[1]
 
logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s %(name)s %(levelname)s %(message)s',
    )
log = logging.getLogger('main')
 
try:
  f = open(file_name, 'rb')
except IOError, e:
  log.error("open(%s) faileed." % file_name)
  log.error(e)
  raise e
 
# {{{ read IMAGE_DOS_HEADER
 
f.seek(0, 0)
sz = ctypes.sizeof(IMAGE_DOS_HEADER)
data = f.read(sz)
dos_header = IMAGE_DOS_HEADER()
fit = min(len(data), sz)
ctypes.memmove(ctypes.addressof(dos_header), data, fit)
 
# }}}
# {{{ read IMAGE_NT_HEADERS
 
f.seek(dos_header.e_lfanew, 0)
sz = ctypes.sizeof(IMAGE_NT_HEADERS)
data = f.read(sz)
pe_header = IMAGE_NT_HEADERS()
fit = min(len(data), sz)
ctypes.memmove(ctypes.addressof(pe_header), data, fit)
 
# }}}
# {{{ dump IMAGE_NT_HEADER
 
print "IMAGE_NT_HEADER:"
print "\tSignature: %08X" % pe_header.Signature
print "\tFileHeader, OptionalHeader: (continued)"
 
file_header = pe_header.FileHeader
print "-------------------------------"
print "IMAGE_FILE_HEADER:"
# 省略
 
opt_header = pe_header.OptionalHeader
print "-------------------------------"
print "IMAGE_OPTIONAL_HEADER:"
# 省略
 
# }}}
# {{{ dump IMAGE_SECTION_HEADERs
 
section_header_sz = ctypes.sizeof(IMAGE_SECTION_HEADER)
for i in range(file_header.NumberOfSections):
  data = f.read(section_header_sz)
  section_header = IMAGE_SECTION_HEADER()
  fit = min(len(data), sz)
  ctypes.memmove(ctypes.addressof(section_header), data, fit)
  print "-------------------------------"
  print "IMAGE_SECTION_HEADER[%d]:" % i
  print "\tName: ",
  for j in range(IMAGE_SIZEOF_SHORT_NAME):
    print "%c" % section_header.Name[j],
  print ""
  print "\tMisc.PhysicalAddress: %08X" % section_header.Misc.PhysicalAddress
  print "\tMisc.VirtualSize: %08X" % section_header.Misc.VirtualSize
  print "\tVirtualAddress: %08X" % section_header.VirtualAddress
  print "\tSizeOfRawData: %08X" % section_header.SizeOfRawData
  print "\tPointerToRawData: %08X" % section_header.PointerToRawData
  print "\tPointerToRelocations: %08X" % section_header.PointerToRelocations
  print "\tPointerToLinenumbers: %08X" % section_header.PointerToLinenumbers
  print "\tNumberOfRelocations: %04X" % section_header.NumberOfRelocations
  print "\tNumberOfLinenumbers: %04X" % section_header.NumberOfLinenumbers
  print "\tCharacteristics: %08X" % section_header.Characteristics
 
# }}}

省略部分についてはこれまでの記事を参照。
日記/2010/05/25/IMAGE_OPTIONAL_HEADERを覗いてみる。
日記/2010/05/25/IMAGE_NT_HEADERSとIMAGE_FILE_HEADERを覗いてみる。
日記/2010/05/25/PEフォーマットのIMAGE_DOS_HEADERを眺めてみる


プレーンテキスト形式でダウンロード
現在のバージョン : 1
更新者: msakamoto-sf
更新日: 2010-05-26 10:51:02
md5:32448f8acd9fe7d33e0e7964debf84ed
sha1:039e583d2308de2adbecff408a6e211e9bc1a541
コメント
コメントを投稿するにはログインして下さい。