文件名称:pe_decoder
介绍说明--下载内容均来自于网络,请自行研究使用
在《软件加密技术》这本书里看过PE文件各部分的详细解释之后,我也有了一个自己写PE文件分析器的的想法。虽然好的分析器不在少数,但对于一堆十六进制数,有些朋友可能不明白它代表什么意思。如果在程序里就可以将这些01序列转换成可以直接看懂得信息,那至少用户可以省去以后去查表的麻烦。怀着这样的想法,我仔细的研究了书中分析器PEInfo的源代码,我发现它没有提供信息转换的功能。
通过研究发现,PEInfo是通过PE文件在内存中的映象来获取文件信息的,我在想是否还有别的方法可以绕过将文件映象到内存这一步,直接读取文件信息。这样的方法只有直接读取磁盘上的PE文件,在磁盘上寻找所需要的文件信息。
在这里暂且不说这样的做法和内存映象法有什么优劣,我在此仅仅只是想找寻另一条解决问题的道路,并实现之。看完我的分析和源程序,大家自然知道孰优孰劣。-"software encryption technology," this book read PE part of the document detailed explanations, I have a paper to write his PE analyzer idea. Although good analyzer 2000, but a pile of hexadecimal number, some friends may not understand what it meant. If the program can be converted into 01 sequences can look directly understand information, That, at least users have no future to look-up table of trouble. With the idea, I carefully studied the book analyzer PEInfo of source code, I found that it did not provide data conversion functions. Found through research, through PE PEInfo document in memory mapping information to obtain documents, I wonder whether there are other ways to circumvent the document image to memory this step, direct read file information. This approach is only
通过研究发现,PEInfo是通过PE文件在内存中的映象来获取文件信息的,我在想是否还有别的方法可以绕过将文件映象到内存这一步,直接读取文件信息。这样的方法只有直接读取磁盘上的PE文件,在磁盘上寻找所需要的文件信息。
在这里暂且不说这样的做法和内存映象法有什么优劣,我在此仅仅只是想找寻另一条解决问题的道路,并实现之。看完我的分析和源程序,大家自然知道孰优孰劣。-"software encryption technology," this book read PE part of the document detailed explanations, I have a paper to write his PE analyzer idea. Although good analyzer 2000, but a pile of hexadecimal number, some friends may not understand what it meant. If the program can be converted into 01 sequences can look directly understand information, That, at least users have no future to look-up table of trouble. With the idea, I carefully studied the book analyzer PEInfo of source code, I found that it did not provide data conversion functions. Found through research, through PE PEInfo document in memory mapping information to obtain documents, I wonder whether there are other ways to circumvent the document image to memory this step, direct read file information. This approach is only
(系统自动生成,下载前可以参看下载内容)
下载文件列表
PE_DeCODER.cpp
PE_DeCODER.exe
Readme.txt
PE_DeCODER.exe
Readme.txt