//=============================Edited by 牛皮哄哄 and thanks for reading ^-^ =====================
#include "stdafx.h"
#include <windows.h>

unsigned char* ReadPE()
{
	FILE *fp;
	IMAGE_DOS_HEADER dosH;
	IMAGE_NT_HEADERS ntH;//(signature+fileH+optH)
	PIMAGE_SECTION_HEADER sectionTable;
	unsigned char *pCodeBuf=NULL,*pCode=NULL;

	if((fp=fopen("E:\\ZYSD.exe","rb"))==NULL)//打开文件
		printf("Cannot open file");

	fread(&dosH, sizeof(dosH),1,fp);
	if(dosH.e_magic!=IMAGE_DOS_SIGNATURE)//"MZ" 5A4D
	{
		printf("DOS signature? \"MZ\"?");
		exit(1);
	}

	fseek(fp,dosH.e_lfanew,SEEK_SET);
	fread(&ntH,sizeof(ntH),1,fp);
	if(ntH.Signature!=IMAGE_NT_SIGNATURE)//"PE00"4550
	{
		printf("NT signature? \"PE00\"?");
		exit(1);
	}
	if(ntH.FileHeader.SizeOfOptionalHeader!=0xE0)//该结构大小万一不是0xE0
	{
		printf("ntH.FileHeader.SizeOfOptionalHeader!=0xE0");
		exit(1);
	}
	
	int sectionCount=ntH.FileHeader.NumberOfSections;
	sectionTable=(PIMAGE_SECTION_HEADER)malloc(sizeof(IMAGE_SECTION_HEADER)*sectionCount);
	fread(sectionTable,sizeof(IMAGE_SECTION_HEADER),sectionCount,fp);

	BOOL bCodeSection=FALSE;
	for(int i=0;i<sectionCount;i++)
	{
		if(! strcmp((char*)sectionTable[i].Name,".text") )
		{
			bCodeSection=TRUE;
			if( (pCodeBuf=(unsigned char *)malloc( sizeof(char)*sectionTable[i].SizeOfRawData+17))==NULL )
			{
				fprintf(stderr,"Memory allocation error!\n");
				exit(-1);
			}
			fseek(fp,sectionTable[i].PointerToRawData,SEEK_SET);
			fread(pCodeBuf,1,sectionTable[i].SizeOfRawData,fp);
			fclose(fp);
			return pCodeBuf;

			pCode=pCodeBuf;
			for(int j=ntH.OptionalHeader.ImageBase+sectionTable[i].VirtualAddress;j<ntH.OptionalHeader.ImageBase+sectionTable[i].VirtualAddress+700;j+=16)
			{
				printf("%08x:    ",j);
				for(int k=0;k<16;k++)
				{
					if(!(k%4))
						printf("   ");
					printf("%02X ",*pCode);
					pCode++;
				}
				printf("\r\n");
			}
			free(pCodeBuf);//如果在return前free呢?
			break;
		}
	}
	if(!bCodeSection)
		printf("Can not find.text section!\n");
}