标签:
列举PE文件的导入函数信息,功能与格式和 dumpbin /imports一模一样。
不说空话,直接看代码:
1 void ListImports(DWORD dbase) 2 { 3 char szMsgImport[]="\n %s\n\t%8X Import Address Table\n\t%8X Import Name Table\n\t%8x time date stamp\n\t%8x Index of first forwarder reference\n\n"; 4 char szMsg2[]=" %8X %s\n"; 5 char szMsg3[]=" %8X\n"; 6 PIMAGE_DOS_HEADER dos=(PIMAGE_DOS_HEADER)dbase; 7 PIMAGE_NT_HEADERS nt=(PIMAGE_NT_HEADERS)(dbase+dos->e_lfanew); 8 DWORD va=(DWORD)nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress; 9 if (!va) 10 { 11 printf("\nNo imports\n\n"); 12 return; 13 } 14 PIMAGE_IMPORT_DESCRIPTOR iid=(PIMAGE_IMPORT_DESCRIPTOR)RvaToPtr(dbase,va); 15 printf("Section contains the following imports:\n"); 16 DWORD imagebase=nt->OptionalHeader.ImageBase; 17 while(iid->OriginalFirstThunk || iid->FirstThunk || iid->Name || iid->TimeDateStamp || iid->ForwarderChain) 18 { 19 printf(szMsgImport,RvaToPtr(dbase,iid->Name),iid->FirstThunk+imagebase,iid->OriginalFirstThunk+imagebase,iid->TimeDateStamp,iid->ForwarderChain); 20 21 if (iid->OriginalFirstThunk) 22 va=iid->OriginalFirstThunk; 23 else 24 va=iid->FirstThunk; 25 PDWORD pva=(PDWORD)RvaToPtr(dbase,va); 26 while (*pva) 27 { 28 if (*pva & IMAGE_ORDINAL_FLAG32) 29 { 30 DWORD dd=(*pva) & 0x0ffff; 31 printf(szMsg3,dd); 32 } 33 PIMAGE_IMPORT_BY_NAME piibn=NULL; 34 piibn=(PIMAGE_IMPORT_BY_NAME)RvaToPtr(dbase,*pva); 35 printf(szMsg2,piibn->Hint,piibn->Name); 36 pva++; 37 } 38 iid++; 39 } 40 }
标签:
原文地址:http://www.cnblogs.com/dpblue/p/4816135.html