/**描述: 類比windows轉載器載入PE檔案,能更方便的對PE檔案進行處理參數: szFileName: PE檔案的路徑返回: 成功則返回PE檔案鏡像在記憶體的首地址,失敗則返回0*/ULONG MapPeFile(TCHAR* szFileName){HANDLE hFile;ULONG numR;IMAGE_DOS_HEADER dosHeader = {0};IMAGE_NT_HEADERS ntHeader;ULONG dwImageSize; ULONG dwNumOfSections;ULONG dwHeadSize;PIMAGE_SECTION_HEADER pSection; char* pBase;ULONG nIndex; hFile = CreateFile(szFileName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );if (hFile == INVALID_HANDLE_VALUE){OutputDebugString(_T("開啟檔案失敗!"));return 0;} ReadFile(hFile, &dosHeader, sizeof(IMAGE_DOS_HEADER), &numR, NULL );SetFilePointer(hFile, dosHeader.e_lfanew, NULL, FILE_BEGIN );ReadFile(hFile, &ntHeader, sizeof(IMAGE_NT_HEADERS), &numR, NULL ); dwImageSize = ntHeader.OptionalHeader.SizeOfImage; dwNumOfSections = ntHeader.FileHeader.NumberOfSections; dwHeadSize = ntHeader.OptionalHeader.SizeOfHeaders; pBase =(char*)malloc(dwImageSize); memset(pBase , 0 , dwImageSize); SetFilePointer(hFile , 0 , NULL , FILE_BEGIN);ReadFile(hFile, pBase , dwHeadSize ,&numR , NULL); pSection = (PIMAGE_SECTION_HEADER)(dosHeader.e_lfanew + sizeof(ntHeader.Signature) + sizeof(IMAGE_FILE_HEADER)+ ntHeader.FileHeader.SizeOfOptionalHeader+ (ULONG)pBase); for (nIndex = 0 , pSection ; nIndex < dwNumOfSections ; nIndex++ ,pSection++){ SetFilePointer(hFile , pSection ->PointerToRawData , NULL , FILE_BEGIN); ReadFile(hFile , &pBase[pSection->VirtualAddress] , pSection->SizeOfRawData ,&numR ,NULL);}CloseHandle(hFile); return (ULONG)pBase;}