PE文件

VMProtect 是新一代軟件盜版保護(hù)解決方案。VMProtect 是目前強(qiáng)大的反盜版解決方案之一，許多領(lǐng)先的軟件發(fā)行商都在使用它。VMProtect允許保護(hù)可執(zhí)行文件（EXE，SCR），動(dòng)態(tài)鏈接庫(kù)（DLL，OCX，BPL）和驅(qū)動(dòng)程序（SYS）。

VMProtect最新版下載

加密解密技術(shù)交流群（766135708）

常量，以配合PE格式：

enum PEFormat {
	// Directory Entries
	IMAGE_DIRECTORY_ENTRY_EXPORT,
	IMAGE_DIRECTORY_ENTRY_IMPORT,
	IMAGE_DIRECTORY_ENTRY_RESOURCE,
	IMAGE_DIRECTORY_ENTRY_EXCEPTION,
	IMAGE_DIRECTORY_ENTRY_SECURITY,
	IMAGE_DIRECTORY_ENTRY_BASERELOC,
	IMAGE_DIRECTORY_ENTRY_DEBUG,
	IMAGE_DIRECTORY_ENTRY_ARCHITECTURE,
	IMAGE_DIRECTORY_ENTRY_TLS,
	IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG,
	IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT,
	IMAGE_DIRECTORY_ENTRY_IAT,
	IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT,
	IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR,
	// Section characteristics
	IMAGE_SCN_CNT_CODE,
	IMAGE_SCN_CNT_INITIALIZED_DATA,
	IMAGE_SCN_CNT_UNINITIALIZED_DATA,
	IMAGE_SCN_MEM_DISCARDABLE,
	IMAGE_SCN_MEM_NOT_CACHED,
	IMAGE_SCN_MEM_NOT_PAGED,
	IMAGE_SCN_MEM_SHARED,
	IMAGE_SCN_MEM_EXECUTE,
	IMAGE_SCN_MEM_READ,
	IMAGE_SCN_MEM_WRITE,
	// Resource types
	RT_CURSOR,
	RT_BITMAP,
	RT_ICON,
	RT_MENU,
	RT_DIALOG,
	RT_STRING,
	RT_FONTDIR,
	RT_FONT,
	RT_ACCELERATOR,
	RT_RCDATA,
	RT_MESSAGETABLE,
	RT_GROUP_CURSOR,
	RT_GROUP_ICON,
	RT_VERSION,
	RT_DLGINCLUDE,
	RT_PLUGPLAY,
	RT_VXD,
	RT_ANICURSOR,
	RT_ANIICON,
	RT_HTML,
	RT_MANIFEST,
	RT_DLGINIT,
	RT_TOOLBAR
};

一個(gè)處理PE文件的類：

class PEFile {
public:
	string name(); // returns the filename
	string format(); // returns the "PE" format name
	uint64 size(); // returns the size of the file
	int count(); // returns the number of architectures in the list
	PEArchitecture item(int index); // returns an architecture with the given index
	uint64 seek(uint64 offset); // sets a file position
	uint64 tell(); // returns a file position
	int write(string buffer); // records a buffer to the file
};

一個(gè)與PE架構(gòu)一起工作的類：

class PEArchitecture {
public:
	string name(); // returns the name of the architecture
	PEFile file(); // returns the parent file
	uint64 entryPoint(); // returns the starting address
	uint64 imageBase(); // returns the base offset
	OperandSize cpuAddressSize(); // returns bit count of the architecture
	uint64 size(); // returns the size of the architecture
	PESegments segments(); // returns the list of segments
	PESections sections(); // returns the list of sections
	PEDirectories directories(); // returns the list of directories
	PEImports imports(); // returns the list of imported libraries
	PEExports exports(); // returns the list of exported functions
	PEResources resources(); // returns the list of resources
	PEFixups fixups(); // returns the list of relocations (fixups);
	MapFunctions mapFunctions(); // returns the list of functions available for protection
	IntelFunctions functions(); // returns the list of protected functions
	bool addressSeek(uint64 address); // sets a file position
	uint64 seek(uint64 offset); // sets a file position
	uint64 tell(); // returns a file position
	int write(string buffer); // writes a buffer to a file
};

一個(gè)用于處理PE架構(gòu)的片段列表的類：

class PESegments {
public:
	PESegment item(int index); // returns a segment with the given index
	int count(); // returns the number of segments in the list
	PESegment itemByAddress(uint64 address); // returns the segment at the given address
};

一個(gè)與PE架構(gòu)段合作的類：

class PESegment {
public:
	uint64 address(); // returns the address of the segment
	string name(); // returns the name of the segment
	uint64 size(); // returns the size of the segment
	int physicalOffset(); // returns the file position (offset) of the segment
	int physicalSize(); // returns the file size of the segment
	int flags(); // returns flags of the segment
	bool excludedFromPacking(); // returns the "Excluded from packing" property
	void setName(string name); // sets the name of the segment
};

一個(gè)用于處理PE架構(gòu)部分列表的類：

class PESections {
public:
	PESection item(int index); // returns a section with the given index
	int count(); // returns the number of sections in the list
	PESection itemByAddress(uint64 address); // returns a section at the given address
};

一個(gè)與PE架構(gòu)部分合作的類：

class PESection {
public:
	uint64 address(); // returns the address of the section
	string name(); // returns the name of the section
	uint64 size(); // returns the size of the section
	int offset(); // returns the file positions of the section
	PESegme
nt segment(); // returns the parent segment
};

一個(gè)處理PE架構(gòu)目錄的類：

class PEDirectories {
public:
	PEDirectory item(int index); // returns a directory with the given index
	int count(); // returns the number of directories in the list
	PEDirectory itemByType(int type); // returns a directory of the given type
};

一個(gè)與PE架構(gòu)目錄協(xié)同工作的類：

class PEDirectory {
public:
	uint64 address(); // returns the address of the directory
	string name(); // returns the name of the directory
	uint64 size(); // returns the size of the directory
	int type(); // returns the type of the directory
	void setAddress(uint64 address); // sets the address of the directory
	void setSize(int size); // sets the size of the directory
	void clear(); // clears the address and the size of the directory
};

一個(gè)用于處理PE架構(gòu)的導(dǎo)入庫(kù)列表的類：

class PEImports {
public:
	PEImport item(int index); // returns a library with the given index
	int count(); // returns the number of libraries in the list
	PEImport itemByName(string name); // returns a library with the given name
};

一個(gè)與PE架構(gòu)的導(dǎo)入庫(kù)一起工作的類：

class PEImport {
public:
	string name(); // returns the name of the library
	PEImportFunction item(int index); // returns an imported function with the given index
	int count(); // returns the number of imported functions
	void setName(string name); // sets the name of the library
};

一個(gè)與PE架構(gòu)的導(dǎo)入函數(shù)一起工作的類：

class PEImportFunction {
public:
	uint64 address(); // returns a memory address where the imported function address is stored
	string name();  // returns the name of the imported function
}

一個(gè)用于處理PE架構(gòu)的導(dǎo)出函數(shù)列表的類：

class PEExports {
public:
	string name(); // returns the name of the library
	PEExport item(int index); // returns an exported function with the given index
	int count(); // returns the number of exported functions in the list
	void clear(); // clears the list
	PEExport itemByAddress(uint64 address); // returns an exported function at the given address
	PEExport itemByName(string name); // returns an exported function with the given name
};

一個(gè)與PE架構(gòu)導(dǎo)出的函數(shù)相匹配的類：

class PEExport {
public:
	uint64 address(); // returns the address of the exported function
	string name(); // returns the name of the exported function
	int ordinal();  // returns the ordinal of the exported function
	string forwardedName(); // returns the name of the function the exported function forwards to
	void destroy(); // destroys the exported function
};

一個(gè)處理PE架構(gòu)資源列表的類：

class PEResources {
public:
	PEResource item(int index); // returns a resources with the given index
	int count(); // returns the number of resources in the list
	void clear(); // clears the list
	PEResource itemByType(int type); // returns a resource of the given type
	PEResource itemByName(string name); // returns a resource with the given name
};

一個(gè)與PE架構(gòu)資源一起工作的類：

class PEResource {
public:
	PEResource item(int index); // returns a resource with the given index
	int count(); // returns the number of resources in the list
	void clear(); // clears the list
	uint64 address(); // returns the address of the resource
	int size(); // returns the size of the resource
	string name(); // returns the name of the resource
	int type(); // returns the type of the resource
	bool isDirectory(); // returns the "Directory" property
	void destroy(); // destroys the resource
	PEResource itemByName(string name); // returns a resource with the given name
	bool excludedFromPacking(); // returns the "Excluded from packing" property
};

一個(gè)用于處理PE架構(gòu)修復(fù)（重新定位）列表的類：

class PEFixups {
public:
	PEFixup item(int index); // returns an element with the given index
	int count(); // returns the number of elements in the list
	PEFixup itemByAddress(uint64 address); // returns an element at the given address
};

一個(gè)與PE架構(gòu)修復(fù)（重定位）有關(guān)的類：

class PEFixup {
public:
	uint64 address(); // returns the address of the element
};