#include <Windows.h>#include <iostream>#include <time.h>bool __stdcall I

1. #include <Windows.h>
2. #include <iostream>
3. #include <time.h>
4.  
5. bool __stdcall InfoRoutine(LPVOID lpParam) {
6.  
7.     //Pointers to Struct
8.     PIMAGE_DOS_HEADER p_IMAGE_DOS_HEADER = reinterpret_cast<PIMAGE_DOS_HEADER>(GetModuleHandle(nullptr)); //Pega o modulo do binario
9.     PIMAGE_NT_HEADERS p_IMAGE_NT_HEADER = reinterpret_cast<PIMAGE_NT_HEADERS>((BYTE*)p_IMAGE_DOS_HEADER + p_IMAGE_DOS_HEADER->e_lfanew); //Deslocamento para o PE do IMAGE_NT_HEADER
10.     PIMAGE_FILE_HEADER p_IMAGE_FILE_HEADER = &p_IMAGE_NT_HEADER->FileHeader; //Struct do IMAGE_FILE_HEADER
11.     PIMAGE_OPTIONAL_HEADER p_IMAGE_OPTIONAL_HEADER = &p_IMAGE_NT_HEADER->OptionalHeader; //Struct do IMAGE_OPTIONAL_HEADER
12.  
13.     std::cout << "Getting information from the PE format!!!";
14.     std::cout << "\n\n----------------------------------------------------------\nIMAGE_DOS_HEADER\n----------------------------------------------------------\n";
15.     std::cout << "e_magic: 0x" << std::hex << p_IMAGE_DOS_HEADER->e_magic << " ( MZ ) //Little Endian  ( inverse bytes )\n"; // Determina o formato PE
16.     std::cout << "e_lfanew: 0x" << std::hex << p_IMAGE_DOS_HEADER->e_lfanew << "\n"; //Deslocamento para a struct IMAGE_NT_HEADER
17.     std::cout << "VA IMAGE_NT_HEADER: 0x" << std::hex << p_IMAGE_NT_HEADER << "\n\n"; //Endereço para a struct IMAGE_NT_HEADER
18.  
19.  
20.     std::cout << "----------------------------------------------------------\nIMAGE_NT_HEADER\n----------------------------------------------------------\n" ;
21.    
22.     std::cout << "Signature: " << reinterpret_cast<char*>(p_IMAGE_NT_HEADER) << "\n"; //IMAGE_NT_HEADERS ( PE )
23.     std::cout << "VA IMAGE_FILE_HEADER: 0x" << std::hex << p_IMAGE_FILE_HEADER << "\n"; //Endereço para a struct IMAGE_FILE_HEADER
24.     std::cout << "VA IMAGE_OPTIONAL_HEADER: 0x" << std::hex << p_IMAGE_OPTIONAL_HEADER << std::dec << "\n\n"; //Endereço para a struct IMAGE_OPTIONAL_HEADER
25.  
26.     std::cout << "----------------------------------------------------------\nIMAGE_FILE_HEADER\n----------------------------------------------------------\n";
27.     std::cout << "                           Machine Supports\n";
28.  
29.     if (p_IMAGE_FILE_HEADER->Machine == IMAGE_FILE_MACHINE_I386) //Verifica se sua máquina é compátivel
30.         std::cout <<  "\nMachine: Intel 386 or later processor and compatible processors\n" << "  Offset: 0x" << p_IMAGE_FILE_HEADER->Machine << "\n"; //Compatibilidade
31.     else
32.         FreeLibraryAndExitThread((HMODULE)lpParam, 0);
33.     std::cout << "Number of Sections: " << p_IMAGE_FILE_HEADER->NumberOfSections << "\n"; //Determina o número de seções do binário
34.  
35.     char b[20];
36.     {
37.         time_t TimeDateStamp = p_IMAGE_FILE_HEADER->TimeDateStamp;
38.         tm* Time = localtime(&TimeDateStamp);
39.         strftime(b, sizeof(b), "%D", Time);
40.     }
41.     std::cout << "Date Compilation: " << b << "\n"; //Exibe a data de compilação do binário
42.     std::cout << "Pointer to Symbol Table: 0x" << p_IMAGE_FILE_HEADER->PointerToSymbolTable << "\n"; //Ponteiro para a Symbol Table
43.     std::cout << "Number of Symbols: 0x" << p_IMAGE_FILE_HEADER->NumberOfSymbols << "\n"; //Número de symbols..
44.     std::cout << "Size of Optional Header: " << p_IMAGE_FILE_HEADER->SizeOfOptionalHeader << " byte(s)\n\n"; //Tamanho do IMAGE_OPTIONAL_HEADER
45.     std::cout << "- Characteristics: 0x" << reinterpret_cast<WORD*>(p_IMAGE_FILE_HEADER->Characteristics) << "\n\n";
46.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_RELOCS_STRIPPED)
47.         std::cout << "IMAGE_FILE_RELOCS_STRIPPED\n# This indicate that the file does not contain base relocations\n"; //Sem info de reloc ...
48.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE)
49.         std::cout << "IMAGE_FILE_EXECUTABLE_IMAGE\n# This indicates that the image file is valid and can be run\n"; //Define um executavel
50.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_LINE_NUMS_STRIPPED)
51.         std::cout << "IMAGE_FILE_LINE_NUMS_STRIPPED\n# COFF line numbers have been removed\n"; //Obsoleto e deve ser ZERO
52.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_LOCAL_SYMS_STRIPPED)
53.         std::cout << "IMAGE_FILE_LOCAL_SYMS_STRIPPED\n# COFF symbol table entries for local symbols have been removed\n"; // Obsoleto e deve ser ZERO
54.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_AGGRESIVE_WS_TRIM)
55.         std::cout << "IMAGE_FILE_AGGRESIVE_WS_TRIM\n# Aggressively trim working set\n"; //Obsoleto para Win 2000 e posterior e deve ser ZERO
56.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_LARGE_ADDRESS_AWARE)
57.         std::cout << "IMAGE_FILE_LARGE_ADDRESS_AWARE\n# Application can handle > 2 GB addresses\n"; //Aplicacao consegue trabalhar com maior que 2 GB de enderecos
58.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_BYTES_REVERSED_LO)
59.         std::cout << "IMAGE_FILE_BYTES_REVERSED_LO\n# Little endian: the least significant bit (LSB) precedes the most significant bit (MSB) in memory\n"; //Obsoleto e deve ser ZERO
60.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_32BIT_MACHINE)
61.         std::cout << "IMAGE_FILE_32BIT_MACHINE\n# Machine is based on a 32-bit-word architecture\n"; //32-bit arquitetura
62.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_DEBUG_STRIPPED)
63.         std::cout << "IMAGE_FILE_DEBUG_STRIPPED\n# Debugging information is removed from the image file\n"; //Remove info de depuracao
64.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP)
65.         std::cout << "IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP\n# If the image is on removable media, fully load it and copy it to the swap file\n"; //Se estiver em midia removivel carregue e copie para arquivo de troca
66.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_NET_RUN_FROM_SWAP)
67.         std::cout << "IMAGE_FILE_NET_RUN_FROM_SWAP\n# If the image is on network media, fully load it and copy it to the swap file\n"; //Se estiver na rede carregue e copie para arquivo de troca
68.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_SYSTEM)
69.         std::cout << "IMAGE_FILE_SYSTEM\n# The image file is a system file, not a user program\n"; //Arquivo de imagem pertence ao sistema e nao ao user
70.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_DLL)
71.         std::cout << "IMAGE_FILE_DLL\n# The image file is a dynamic-link library (DLL)\n"; //Considerado um arquivo executavel porem nao diretamente
72.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_UP_SYSTEM_ONLY)
73.         std::cout << "IMAGE_FILE_UP_SYSTEM_ONLY\n# The file should be run only on a uniprocessor machine\n"; //Arquivo so pode ser executado em um unico processador
74.     if (p_IMAGE_FILE_HEADER->Characteristics & IMAGE_FILE_BYTES_REVERSED_HI)
75.         std::cout << "IMAGE_FILE_BYTES_REVERSED_HI\n# Big endian: the MSB precedes the LSB in memory\n\n"; //Obsoleto e deve ser ZERO
76.    
77.     std::cout << "----------------------------------------------------------\nIMAGE_OPTIONAL_HEADER\n----------------------------------------------------------\n";
78.     std::cout << std::hex << "Magic: 0x" << p_IMAGE_OPTIONAL_HEADER->Magic << "\n"; //Identificaçao do tipo de IMAGEM
79.     std::cout << "MajorLinkVersion: " << reinterpret_cast<int*>(p_IMAGE_OPTIONAL_HEADER->MajorLinkerVersion) << "\n"; //Maior versao do link
80.     std::cout << "MinorLinkVersion: " << reinterpret_cast<int*>(p_IMAGE_OPTIONAL_HEADER->MinorLinkerVersion) << "\n"; //Menor versao do link
81.     std::cout << "SizeOfCode: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfCode << "\n"; //Tamanho da secao CODE ( Normalmente .text nas aplicacoes por ai )
82.     std::cout << "SizeOfInitializedData: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfInitializedData << "\n"; //Tamanho da secao DATA ( Normalmente .data nas aplicacoes por ai )
83.     std::cout << "SizeOfUnitializedData: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfHeaders << "\n"; //Tamanho da secao de dados ( Normalmente .bss nas aplicacoes por ai )
84.     std::cout << "AddressOfEntryPoint: 0x" << p_IMAGE_OPTIONAL_HEADER->AddressOfEntryPoint << "\n"; //RVA do entry point no caso em relacao ao ImageBase ( 0x400000 )
85.     std::cout << "BaseOfCode: 0x" << p_IMAGE_OPTIONAL_HEADER->BaseOfCode << "\n"; //RVA do comeco da secao code ( .text )
86.     std::cout << "BaseOfData: 0x" << p_IMAGE_OPTIONAL_HEADER->BaseOfData << "\n"; //O nome da diz e a mesma coisa acima porem o RVA e para a secao de dados ( .data )
87.     std::cout << "ImageBase: 0x" << p_IMAGE_OPTIONAL_HEADER->ImageBase << "\n"; //ImageBase do binario, no caso quando uma aplicacao e executada ela recebe um valor inicial de memoria ( 0x400000 )
88.     std::cout << "SectionAlignment: 0x" << p_IMAGE_OPTIONAL_HEADER->SectionAlignment << "\n"; //Alinhamento das secoes em bytes
89.     std::cout << "FileAlignment: 0x" << p_IMAGE_OPTIONAL_HEADER->FileAlignment << "\n"; //Alinhamento das secoes de dados e caso o SectionAlignment seja menor que o size de uma pagina ela vai possuir o mesmo tamanho da FileAlignment
90.     std::cout << "MajorImageVersion: " << p_IMAGE_OPTIONAL_HEADER->MajorImageVersion << "\n"; //Indicam o maior tamanho da image
91.     std::cout << "MinorImageVersion: " << p_IMAGE_OPTIONAL_HEADER->MinorImageVersion << "\n"; //Indicam o menor tamanho da image ( No caso sao 2 WORDS )
92.     std::cout << "MajorSubsystemVersion: " << p_IMAGE_OPTIONAL_HEADER->MajorSubsystemVersion << "\n"; //Indica o maior tamanho da subsystem
93.     std::cout << "MinorSubsystemVersion: " << p_IMAGE_OPTIONAL_HEADER->MinorSubsystemVersion << "\n"; //Indica o menor tamanho da Subsystem e isso vai influenciar como uma aplicacao roda ( questao grafica por ex... )
94.     std::cout << "Win32VersionValue: " << p_IMAGE_OPTIONAL_HEADER->Win32VersionValue << "\n"; //A principio e sempre ZERO
95.     std::cout << "SizeOfImage: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfImage << "\n"; //Tamanho total da Image quando carregada na memoria
96.     std::cout << "SizeOfHeader: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfHeaders << "\n"; //Tamanho de todos cabecalhos data, code, etc..
97.     std::cout << "CheckSum: 0x" << p_IMAGE_OPTIONAL_HEADER->CheckSum << "\n"; //So e checada se a image for um Driver NT
98.     std::cout << "- Subsystem: " << std::dec << p_IMAGE_OPTIONAL_HEADER->Subsystem << std::hex << "\n"; //Espera o subsystem adequado para executar a imagem
99.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_UNKNOWN)
100.         std::cout << "An unknown subsystem\n";
101.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_NATIVE)
102.         std::cout << "Device drivers and native Windows processe\n";
103.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_WINDOWS_GUI)
104.         std::cout << "The Windows graphical user interface (GUI) subsystem\n";
105.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_WINDOWS_CUI)
106.         std::cout << "The Windows character subsystem\n";
107.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_OS2_CUI)
108.         std::cout << "The OS/2 character subsystem\n";
109.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_POSIX_CUI)
110.         std::cout << "The Posix character subsystem\n";
111.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_NATIVE_WINDOWS)
112.         std::cout << "Native Win9x driver\n";
113.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_WINDOWS_CE_GUI)
114.         std::cout << "Windows CE\n";
115.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_EFI_APPLICATION)
116.         std::cout << "An Extensible Firmware Interface (EFI) application\n";
117.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER)
118.         std::cout << "An EFI driver with boot services\n";
119.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER)
120.         std::cout << "An EFI driver with run-time services\n";
121.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_EFI_ROM)
122.         std::cout << "An EFI ROM image\n";
123.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_XBOX)
124.         std::cout << "XBOX\n";
125.     if (p_IMAGE_OPTIONAL_HEADER->Subsystem & IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION)
126.         std::cout << "Windows boot application\n";
127.     std::cout << "DllCharacteristics: " << p_IMAGE_OPTIONAL_HEADER->DllCharacteristics << "\n"; //Como nao e uma dll e sim um .exe o campo estara ZERADO
128.     std::cout << "SizeOfStackReserved: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfStackReserve << "\n"; //Espaco que sera reservado para a stack ( pilha )
129.     std::cout << "SizeOfStackCommit: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfStackCommit << "\n"; //Espaco que sera entregue a ela
130.     std::cout << "SizeOfHeapReserved: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfHeapReserve << "\n"; //Espaco que sera entregue a ela
131.     std::cout << "SizeOfHeapCommit: 0x" << p_IMAGE_OPTIONAL_HEADER->SizeOfHeapCommit << "\n"; //Espaco que sera entregue a ela
132.     std::cout << "LoaderFlags: 0x" << p_IMAGE_OPTIONAL_HEADER->LoaderFlags << "\n"; //Reservado e ZERADA
133.     std::cout << "NumberOfRVAandSizes: 0x" << p_IMAGE_OPTIONAL_HEADER->NumberOfRvaAndSizes << "\n\n\n"; //Numero de entradadas do DataDirectory
134.    
135.     system("pause");
136.     return 0;
137. }
138.  
139. BOOL WINAPI DllMain(
140.     HINSTANCE hinstDLL,
141.     DWORD     fdwReason,
142.     LPVOID    lpvReserved
143. ) {
144.     if (fdwReason == DLL_PROCESS_ATTACH) {
145.         FILE * File = { nullptr };
146.         AllocConsole();
147.         freopen_s(&File, "CONOUT$", "w", stdout);
148.         freopen_s(&File, "CONOUT$", "w", stderr);
149.         freopen_s(&File, "CONIN$", "r", stdin);
150.         fclose(File);
151.         CreateThread(nullptr, 0, (LPTHREAD_START_ROUTINE)InfoRoutine, hinstDLL, 0, 0);
152.         return TRUE;
153.     }
154.     return FALSE;
155. }