(全部代码附件下载:)
关键代码如下:
void ShowImportDllInfo(LPVOID ImageBase)
{
char *szdllname;
int i=1;
PIMAGE_NT_HEADERS pnt=NULL;
PIMAGE_IMPORT_DESCRIPTOR pimport=NULL;
pnt=GetNtHead(ImageBase);
pimport=GetFirstImportAddress(ImageBase);
if(!pimport)
{
cout<<"GetFirstImportAddress() error"<<endl;
return;
}
while(pimport->FirstThunk)
{
szdllname=(char*)RvaToPtr(pnt,ImageBase,pimport->Name);
cout<<"NO."<<i<<": "<<szdllname<<endl;
i++;
pimport++;
}
}
void ShowImportFuncInfo(LPVOID ImageBase)
{
int i=1;
char* funcname;
PIMAGE_IMPORT_BY_NAME pbyname=NULL;
DWORD *pthunk=NULL;
DWORD dwthunk;
PIMAGE_IMPORT_DESCRIPTOR pstart=NULL;
PIMAGE_NT_HEADERS pnt=NULL;
pstart=GetFirstImportAddress(ImageBase);
dwthunk=GETTHUNK(pstart);
pnt=GetNtHead(ImageBase);
pthunk=(DWORD*)RvaToPtr(pnt,ImageBase,dwthunk);
if(!pthunk)
{
cout<<"RvaToVa() fail"<<endl;
return ;
}
cout<<endl<<">>>====FUNC INFO====<<<"<<endl;
while(*pthunk)
{
if(HIWORD(*pthunk)==0x8000)
{
funcname=(char*)IMAGE_ORDINAL32(*pthunk);
}
else
{
pbyname=(PIMAGE_IMPORT_BY_NAME)RvaToPtr(pnt,ImageBase,(DWORD)(*pthunk));
if(pbyname)
{
funcname=(char*)pbyname->Name;
}
else
{
funcname=(char*)(DWORD*)(*pthunk);
}
}
cout<<"NO."<<i<<": "<<funcname<<endl;
i++;
pthunk++;
}
}
- 标 题:提取PE输入表(dll及函数名)
- 作 者:LI的夏天
- 时 间:2011-02-23 10:19:44
- 链 接:http://bbs.pediy.com/showthread.php?t=129764