1
我將以下四行代碼編譯到一個名爲foo.exe的文件中,希望全局變量'i'(即9)的值將進入數據部分foo.exe的exe中的數據部分的數據
int i = 9;
int main()
{
}
然後我用下面的代碼,以找出是否真的是foo.exe的的.data節,但沒有發現任何東西..有人可以解釋我什麼地方出了錯。 ??
#include<iostream>
#include<Windows.h>
#include<stdio.h>
#include<WinNT.h>
int main()
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
hFile = CreateFile(TEXT("foo.exe"), GENERIC_READ, FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile == INVALID_HANDLE_VALUE)
{
printf("Couldn't open file with CreateFile()\n");
return 0;
}
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (hFileMapping == 0)
{
CloseHandle(hFile);
printf("Couldn't open file mapping with CreateFileMapping()\n");
return 0;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if (lpFileBase == 0)
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
printf("Couldn't map view of file with MapViewOfFile()\n");
return 0;
}
PIMAGE_DOS_HEADER pimdh;
pimdh = (PIMAGE_DOS_HEADER)lpFileBase;
PIMAGE_NT_HEADERS pimnth;
pimnth = (PIMAGE_NT_HEADERS)((char *)lpFileBase + pimdh->e_lfanew);
PIMAGE_SECTION_HEADER pimsh;
pimsh = (PIMAGE_SECTION_HEADER)(pimnth + 1);
PIMAGE_IMPORT_DESCRIPTOR pimid;
long delta;
for(int i = 0; i<pimnth->FileHeader.NumberOfSections;i++)
{
if(!strcmp((char *)pimsh->Name,".data"))
{
DWORD base = (DWORD)lpFileBase;
for(DWORD start = pimsh ->PointerToRawData; start <= (pimsh->PointerToRawData + pimsh->SizeOfRawData); start++)
{
if(*((int *)(start + base)) == 9)
{
printf("found");
break;
}
}
}
pimsh++;
}
}