{"rsdb":{"rid":"397326","subhead":"","postdate":"0","aid":"273521","fid":"49","uid":"1","topic":"1","content":"<div id=\"cnblogs_post_body\" class=\"blogpost-body cnblogs-markdown\"> \n <p>\u5728\u53ef\u6267\u884c\u6587\u4ef6PE\u6587\u4ef6\u7ed3\u6784\u4e2d\uff0c\u901a\u5e38\u6211\u4eec\u9700\u8981\u7528\u5230\u5730\u5740\u8f6c\u6362\u76f8\u5173\u77e5\u8bc6\uff0cPE\u6587\u4ef6\u9488\u5bf9\u5730\u5740\u7684\u89c4\u8303\u6709\u4e09\u79cd\uff0c\u5176\u4e2d\u5c31\u5305\u62ec\u4e86<code>VA<\/code>\uff0c<code>RVA<\/code>\uff0c<code>FOA<\/code>\u4e09\u79cd\uff0c\u8fd9\u4e09\u79cd\u8be5\u5730\u5740\u4e4b\u95f4\u7684\u7075\u6d3b\u8f6c\u6362\u4e5f\u662f\u975e\u5e38\u6709\u7528\u7684\uff0c\u672c\u8282\u5c06\u4ecb\u7ecd\u8fd9\u4e9b\u5730\u5740\u8303\u56f4\u5982\u4f55\u901a\u8fc7\u7f16\u7a0b\u7684\u65b9\u5f0f\u5b9e\u73b0\u8f6c\u6362\u3002<\/p> \n <p>\u5982\u4e0b\u662f\u4e09\u79cd\u683c\u5f0f\u7684\u5f02\u540c\u70b9\uff1a<\/p> \n <ul> \n  <li>VA\uff08Virtual Address\uff0c\u865a\u62df\u5730\u5740\uff09\uff1a\u5b83\u662f\u5728\u8fdb\u7a0b\u7684\u865a\u62df\u5730\u5740\u7a7a\u95f4\u4e2d\u7684\u5730\u5740\uff0c\u7528\u4e8e\u5728\u8fd0\u884c\u65f6\u8bbf\u95ee\u5185\u5b58\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u3002VA\u662f\u76f8\u5bf9\u4e8e\u8fdb\u7a0b\u57fa\u5740\u7684\u504f\u79fb\u91cf\u3002\u5728\u4e0d\u540c\u7684\u8fdb\u7a0b\u4e2d\uff0c\u76f8\u540c\u7684VA\u53ef\u80fd\u6620\u5c04\u5230\u4e0d\u540c\u7684\u7269\u7406\u5730\u5740\u3002<\/li> \n  <li>RVA\uff08Relative Virtual Address\uff0c\u76f8\u5bf9\u865a\u62df\u5730\u5740\uff09\uff1a\u5b83\u662f\u76f8\u5bf9\u4e8e\u6a21\u5757\u57fa\u5740\uff08Module Base Address\uff09\u7684\u504f\u79fb\u91cf\uff0c\u7528\u4e8e\u5b9a\u4f4d\u6a21\u5757\u5185\u90e8\u7684\u6570\u636e\u548c\u4ee3\u7801\u3002RVA\u662f\u76f8\u5bf9\u4e8e\u6a21\u5757\u57fa\u5740\u7684\u504f\u79fb\u91cf\uff0c\u901a\u8fc7\u5c06\u6a21\u5757\u57fa\u5740\u548cRVA\u76f8\u52a0\uff0c\u53ef\u4ee5\u8ba1\u7b97\u51fa\u76f8\u5e94\u7684VA\u3002<\/li> \n  <li>FOA\uff08File Offset Address\uff0c\u6587\u4ef6\u504f\u79fb\u5730\u5740\uff09\uff1a\u5b83\u662f\u76f8\u5bf9\u4e8e\u6587\u4ef6\u8d77\u59cb\u4f4d\u7f6e\u7684\u504f\u79fb\u91cf\uff0c\u7528\u4e8e\u5b9a\u4f4d\u53ef\u6267\u884c\u6587\u4ef6\u4e2d\u7684\u6570\u636e\u548c\u4ee3\u7801\u5728\u6587\u4ef6\u4e2d\u7684\u4f4d\u7f6e\u3002\u901a\u8fc7\u5c06\u6587\u4ef6\u504f\u79fb\u5730\u5740\u548c\u8282\u8868\u4e2d\u7684\u6307\u5b9a\u8282\u7684\u8d77\u59cb\u4f4d\u7f6e\u76f8\u52a0\uff0c\u53ef\u4ee5\u8ba1\u7b97\u51fa\u76f8\u5e94\u7684FOA\u3002<\/li> \n <\/ul> \n <h3 id=\"va\u865a\u62df\u5730\u5740\u8f6c\u6362\u4e3afoa\u6587\u4ef6\u504f\u79fb\">VA\u865a\u62df\u5730\u5740\u8f6c\u6362\u4e3aFOA\u6587\u4ef6\u504f\u79fb<\/h3> \n <p>VA\u5730\u5740\u4ee3\u6307\u7684\u662f\u7a0b\u5e8f\u52a0\u8f7d\u5230\u5185\u5b58\u540e\u7684\u5185\u5b58\u5730\u5740\uff0c\u800c<code>FOA<\/code>\u5730\u5740\u5219\u4ee3\u8868\u6587\u4ef6\u5185\u7684\u7269\u7406\u5730\u5740\uff0c\u901a\u8fc7\u7f16\u5199<code>VA_To_FOA<\/code>\u5219\u53ef\u5b9e\u73b0\u5c06\u4e00\u4e2a\u865a\u62df\u5730\u5740\u8f6c\u6362\u4e3a\u6587\u4ef6\u504f\u79fb\u5730\u5740\uff0c\u8be5\u51fd\u6570\u7684\u5b9e\u73b0\u65b9\u5f0f\uff0c\u9996\u5148\u5f97\u5230<code>ImageBase<\/code>\u955c\u50cf\u57fa\u5730\u5740\uff0c\u5e76\u5f97\u5230<code>NumberOfSections<\/code>\u8282\u6570\u91cf\uff0c\u6709\u4e86\u8be5\u6570\u91cf\u4ee5\u540e\u76f4\u63a5\u5faa\u73af\uff0c\u901a\u8fc7\u5224\u65ad\u8bed\u53e5\u5c06\u8282\u9650\u5b9a\u5728\u4e00\u4e2a\u533a\u95f4\u5185\u8be5\u533a\u95f4<code>dwVA &gt;= Section_Start &amp;&amp; dwVA &lt;= Section_Ends<\/code>\uff0c\u5f53\u627e\u5230\u540e\uff0c\u9996\u5148\u901a\u8fc7<code>VA-ImageBase<\/code>\u5f97\u5230\u5f53\u524d\u7684<code>RVA<\/code>\u5730\u5740\uff0c\u63a5\u7740\u901a\u8fc7\u8be5\u5730\u5740\u51cf\u53bb<code>VirtualAddress<\/code>\u5e76\u52a0\u4e0a<code>PointerToRawData<\/code>\u6587\u4ef6\u6307\u9488\uff0c\u5373\u53ef\u83b7\u53d6\u5230\u6587\u4ef6\u5185\u7684\u504f\u79fb\u3002<\/p> \n <pre><code class=\"language-c\">#include &lt;iostream&gt;\n#include &lt;Windows.h&gt;\n#include &lt;ImageHlp.h&gt;\n\n#pragma comment(lib,&quot;Imagehlp.lib&quot;)\n\n\/\/ \u8bfb\u53d6NT\u5934\nPIMAGE_NT_HEADERS GetNtHeader(PVOID ImageBase)\n{\n  PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)ImageBase;\n\n  if (pDosHeader-&gt;e_magic != IMAGE_DOS_SIGNATURE)\n  {\n    return NULL;\n  }\n\n  PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((BYTE*)ImageBase + pDosHeader-&gt;e_lfanew);\n  if (pNtHeaders-&gt;Signature != IMAGE_NT_SIGNATURE)\n  {\n    return NULL;\n  }\n\n  return pNtHeaders;\n}\n\n\/\/ \u8bfb\u53d6PE\u7ed3\u6784\u7684\u5c01\u88c5\nHANDLE OpenPeFile(LPTSTR FileName)\n{\n  HANDLE hFile, hMapFile, lpMapAddress = NULL;\n  DWORD dwFileSize = 0;\n\n  \/\/ CreateFile \u65e2\u53ef\u4ee5\u521b\u5efa\u6587\u4ef6\uff0c\u4e5f\u53ef\u4ee5\u6253\u5f00\u6587\u4ef6\uff0c\u8fd9\u91cc\u5219\u662f\u6253\u5f00\u6587\u4ef6\u7684\u542b\u4e49\n  hFile = CreateFile(FileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);\n  if (hFile == INVALID_HANDLE_VALUE)\n  {\n    return 0;\n  }\n\n  \/\/ \u83b7\u53d6\u5230\u6587\u4ef6\u5927\u5c0f\n  dwFileSize = GetFileSize(hFile, NULL);\n\n  \/\/ \u521b\u5efa\u6587\u4ef6\u7684\u5185\u5b58\u6620\u50cf\n  hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, dwFileSize, NULL);\n  if (hMapFile == NULL)\n  {\n    return 0;\n  }\n\n  \/\/ \u8bfb\u53d6\u6620\u5c04\u4e2d\u7684\u5185\u5b58\u5e76\u8fd4\u56de\u4e00\u4e2a\u53e5\u67c4\n  lpMapAddress = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, dwFileSize);\n  if (lpMapAddress != NULL)\n  {\n    return lpMapAddress;\n  }\n\n  return 0;\n}\n\n\/\/ \u5c06 VA(\u865a\u62df\u5730\u5740) --&gt; \u8f6c\u6362\u4e3a FOA(\u6587\u4ef6\u504f\u79fb)\nDWORD VA_To_FOA(HANDLE ImageBase, DWORD dwVA)\n{\n  PIMAGE_NT_HEADERS pNtHead = NULL;\n  PIMAGE_FILE_HEADER pFileHead = NULL;\n  PIMAGE_SECTION_HEADER pSection = NULL;\n  DWORD NumberOfSectinsCount = 0;\n  DWORD dwImageBase = 0;\n\n  pNtHead = GetNtHeader(ImageBase);\n  pSection = IMAGE_FIRST_SECTION(pNtHead);\n\n  dwImageBase = pNtHead-&gt;OptionalHeader.ImageBase;\n  NumberOfSectinsCount = pNtHead-&gt;FileHeader.NumberOfSections;\n  for (int each = 0; each &lt; NumberOfSectinsCount; each++)\n  {\n    \/\/ \u83b7\u53d6\u8282\u7684\u5f00\u59cb\u5730\u5740\u4e0e\u7ed3\u675f\u5730\u5740\n    DWORD Section_Start = dwImageBase + pSection[each].VirtualAddress;\n    DWORD Section_Ends = dwImageBase + pSection[each].VirtualAddress + pSection[each].Misc.VirtualSize;\n    \/\/ \u5224\u65ad\u5f53\u524d\u7684VA\u5730\u5740\u843d\u5728\u4e86\u90a3\u4e2a\u8282\u4e0a\n    if (dwVA &gt;= Section_Start &amp;&amp; dwVA &lt;= Section_Ends)\n    {\n      DWORD RVA = dwVA - pNtHead-&gt;OptionalHeader.ImageBase;                                    \/\/ \u8ba1\u7b97RVA\n      DWORD FOA = pSection[each].PointerToRawData + (RVA - pSection[each].VirtualAddress);     \/\/ \u8ba1\u7b97FOA\n      return FOA;\n    }\n  }\n  return -1;\n}\n\nint main(int argc, char * argv[])\n{\n  HANDLE lpMapAddress = NULL;\n\n  \/\/ \u6253\u5f00PE\u6587\u4ef6\n  lpMapAddress = OpenPeFile(L&quot;d:\/\/lyshark.exe&quot;);\n\n  \/\/ \u8f6c\u6362\n  DWORD FOA = VA_To_FOA(lpMapAddress, 0x401000);\n  printf(&quot;VA --&gt; FOA \u7ed3\u679c\u4e3a: %x \\n&quot;, FOA);\n\n  system(&quot;pause&quot;);\n  retur","orderid":"0","title":"2.14 PE\u7ed3\u6784\uff1a\u5730\u5740\u4e4b\u95f4\u7684\u8f6c\u6362(\u4e00)","smalltitle":"","mid":"0","fname":"c++\u7f16\u7a0b\u57fa\u7840","special_id":"0","bak_id":"0","info":"0","hits":"594","pages":"3","comments":"0","posttime":"2023-09-23 15:44:05","list":"1695455045","username":"admin","author":"","copyfrom":"","copyfromurl":"","titlecolor":"","fonttype":"0","titleicon":"0","picurl":"https:\/\/www.cppentry.com\/upload_files\/","ispic":"0","yz":"1","yzer":"","yztime":"0","levels":"0","levelstime":"0","keywords":"<A HREF='https:\/\/www.cppentry.com\/do\/search.php?type=keyword&keyword=2.14' target=_blank>2.14<\/A> <A HREF='https:\/\/www.cppentry.com\/do\/search.php?type=keyword&keyword=%BD%E1%B9%B9' target=_blank>\u7ed3\u6784<\/A>","jumpurl":"","iframeurl":"","style":"","template":"a:3:{s:4:\"head\";s:0:\"\";s:4:\"foot\";s:0:\"\";s:8:\"bencandy\";s:0:\"\";}","target":"0","ip":"112.94.1.100","lastfid":"0","money":"0","buyuser":"","passwd":"","allowdown":"","allowview":"","editer":"","edittime":"0","begintime":"0","endtime":"0","description":"2.14 PE\u7ed3\u6784\uff1a\u5730\u5740\u4e4b\u95f4\u7684\u8f6c\u6362","lastview":"1714215024","digg_num":"568","digg_time":"1714219272","forbidcomment":"0","ifvote":"0","heart":"","htmlname":"","city_id":"0"},"page":"1"}