Thread: problem regrading PIMAGE_DOS_HEADER

My program code is given bellow.....

Code:

#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include<winnt.h>

#define BUF_SIZE 256
TCHAR szName[]=TEXT("process.c");
TCHAR szMsg[]=TEXT("Message from first process");

int main()
{
   HANDLE hMapFile;
   LPCTSTR pBuf;
   PIMAGE_NT_HEADERS pimage_nt_headers;

   hMapFile = CreateFileMapping(
                 INVALID_HANDLE_VALUE,    // use paging file
                 NULL,                    // default security 
                 PAGE_READWRITE,          // read/write access
                 0,                       // max. object size 
                 BUF_SIZE,                // buffer size  
                 szName);                 // name of mapping object
 
   if (hMapFile == NULL || hMapFile == INVALID_HANDLE_VALUE) 
   { 
      printf("Could not create file mapping object (%d).\n", 
             GetLastError());
      return 1;
   }
   pBuf = (LPTSTR) MapViewOfFile(hMapFile,   // handle to map object
                        FILE_MAP_ALL_ACCESS, // read/write permission
                        0,                   
                        0,                   
                        BUF_SIZE);           

   printf("%d",pBuf);
   if (pBuf == NULL) 
   { 
      printf("Could not map view of file (%d).\n", 
             GetLastError()); 
      return 2;
   }

   CopyMemory((PVOID)pBuf, szMsg, strlen(szMsg));
  
   PIMAGE_DOS_HEADER pimage_dos_header = PIMAGE_DOS_HEADER(pBuf);

   pimage_nt_headers = (PIMAGE_NT_HEADERS)
    (pBuf + pimage_dos_header->e_lfanew);
   printf("\n%d\n",pimage_nt_headers);
   DWORD it_voffset = pimage_nt_headers->OptionalHeader.
   DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;

  printf("%d",it_voffset);
   getch();

   UnmapViewOfFile(pBuf);

   CloseHandle(hMapFile);

   return 0;
}

when i am displaying the value in it_voffset .....it is showing 0.
why it is so ?
can anyone explain this.......
pBuf is having valid value......

> TCHAR szName[]=TEXT("process.c");
Maybe it's something to do with the fact that you're looking for an exe header in something which isn't an exe file.

MSDN says:
If hFile is INVALID_HANDLE_VALUE, the calling process must also specify a mapping object size in the dwMaximumSizeHigh and dwMaximumSizeLow parameters. In this scenario, CreateFileMapping creates a file mapping object of a specified size that the operating system paging file backs, instead of by a named file in the file system.

What does it actually do? Open process.c file as a PE executable to see the virtual addresses of that "program's" sections?

Code:

#include <windows.h>
#include <stdio.h>


//#include <windows.h>
//#include <stdio.h>
#include <conio.h>
#include<winnt.h>

#define BUF_SIZE 256
TCHAR szName[]=TEXT("process.c");
TCHAR szMsg[]=TEXT("Message from first process");
/*
 * Map a file for read access. Returns size of view in lpcbSize
 */
LPCTSTR MapFileRead(LPCTSTR szFileName, size_t * lpcbSize)
{
	HANDLE hFile, hMapping;
	DWORD  dwFileSize;
	LPCTSTR lpView;
	MEMORY_BASIC_INFORMATION mbi;

	HANDLE hMapFile;
   LPCTSTR pBuf;
   PIMAGE_NT_HEADERS pimage_nt_headers;

	*lpcbSize = 0;

	hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL,
	                   OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	if (INVALID_HANDLE_VALUE == hFile)
	{
		return NULL;
	}

	dwFileSize = GetFileSize(hFile, NULL);
	if (INVALID_FILE_SIZE == dwFileSize)
	{
		CloseHandle(hFile);
		return NULL;
	}

	hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
	if (NULL == hMapping)
	{
		CloseHandle(hFile);
		return NULL;
	}

	lpView = (LPTSTR)MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);

printf("%d",lpView);


	  
   PIMAGE_DOS_HEADER pimage_dos_header = PIMAGE_DOS_HEADER(lpView);
   printf("%d...",pimage_dos_header->e_lfanew+lpView);

   pimage_nt_headers = (PIMAGE_NT_HEADERS)
   (lpView + pimage_dos_header->e_lfanew);
   DWORD it_voffset = pimage_nt_headers->OptionalHeader.
   DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;  printf("%lu",it_voffset);
   getch();


	CloseHandle(hMapping);
	CloseHandle(hFile);

	if (NULL != lpView)
	{
		if (VirtualQuery(lpView, &mbi, sizeof(mbi)) >= sizeof(mbi))
		{
			*lpcbSize = min(dwFileSize, mbi.RegionSize);
		}
		else
		{
			*lpcbSize = dwFileSize;
		}
	}

	return lpView;
}


/*
 * Close a file mapping view.
 */
BOOL MapFileClose(LPCVOID lpView)
{
	return UnmapViewOfFile(lpView);
}


int main(void)
{
	size_t cbSize, i;
	const char * file_view;

	file_view = (const char *) MapFileRead(TEXT("const.cpp"), &cbSize);

	if (file_view)
	{
		try
		{
			for (i = 0;i < cbSize; i++)
			{
				printf("%c", file_view[i]);
			}
		}
		catch (...)
		{
			printf("Oh oh, not good doctor.");
		}

		MapFileClose(file_view);
	}

	getchar();
	return 0;
}

Code is given above .....

the point where i am getting error is underlined in italic...
and error is Memory could not be read

> printf("%c", file_view[i]);
This will just puke on a binary file.

> file_view = (const char *) MapFileRead(TEXT("const.cpp"), &cbSize);
How about trying to read your .exe file instead of your source file?
3 people have said the same thing now, but you still don't seem to get it.