您好,登录后才能下订单哦!
这篇文章主要为大家展示了“如何获取PE文件的导出函数列表”,内容简而易懂,条理清晰,希望能够帮助大家解决疑惑,下面让小编带领大家一起研究并学习一下“如何获取PE文件的导出函数列表”这篇文章吧。
函数作者为zhangjiawen@cchongda.com.cn,示例代码由ccrun(老妖)编写,应函数作者要求发表在本站。
一段可以从任何DLL中提取函数名的代码,这段代码的应用前提是该DLL文件对象没有经过任何“加壳”处理,否则,可能提取不完整。
#include "Dbghelp.h"
bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pImg_DOS_Header;
PIMAGE_NT_HEADERS pImg_NT_Header;
PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;
hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(hFile == INVALID_HANDLE_VALUE)
return false;
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if(hFileMapping == 0)
{
CloseHandle(hFile);
return false;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if(lpFileBase == 0)
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;
pImg_NT_Header = (PIMAGE_NT_HEADERS)(
(LONG)pImg_DOS_Header + (LONG)pImg_DOS_Header->e_lfanew);
if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))
|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(!pImg_Export_Dir)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
// 63 63 72 75 6E 2E 63 6F 6D
pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);
DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;
ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)ppdwNames, 0);
if(!ppdwNames)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
*nNoOfExports = pImg_Export_Dir->NumberOfNames;
pszFunctions = new char*[*nNoOfExports];
for(UINT i=0; i < *nNoOfExports; i++)
{
char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);
pszFunctions[i] = new char[strlen(szFunc)+1];
strcpy(pszFunctions[i],szFunc);
ppdwNames++;
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return true;
}
//---------------------------------------------------------------------------
// 示例代码,读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中
void __fastcall TForm1::Button1Click(TObject *Sender)
{
UINT unNoOfExports;
char **lppBuffer;
GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);
for(UINT i=0; i<unNoOfExports; i++)
Memo1->Lines->Add(lppBuffer[i]);
for(UINT i=0; i<unNoOfExports; i++)
delete []lppBuffer[i];
delete []lppBuffer;
}
以上是“如何获取PE文件的导出函数列表”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注亿速云行业资讯频道!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。