码迷,mamicode.com
首页 > 其他好文 > 详细

代码片:ListImports

时间:2015-09-17 15:06:16      阅读:187      评论:0      收藏:0      [点我收藏+]

标签:

列举PE文件的导入函数信息,功能与格式和 dumpbin /imports一模一样。

不说空话,直接看代码:

 1 void ListImports(DWORD dbase)
 2 {
 3     char szMsgImport[]="\n  %s\n\t%8X  Import Address Table\n\t%8X  Import Name Table\n\t%8x  time date stamp\n\t%8x  Index of first forwarder reference\n\n";
 4     char szMsg2[]="      %8X  %s\n";
 5     char szMsg3[]="      %8X\n";
 6     PIMAGE_DOS_HEADER dos=(PIMAGE_DOS_HEADER)dbase;
 7     PIMAGE_NT_HEADERS nt=(PIMAGE_NT_HEADERS)(dbase+dos->e_lfanew);
 8     DWORD va=(DWORD)nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
 9     if (!va)
10     {
11         printf("\nNo imports\n\n");
12         return;
13     }
14     PIMAGE_IMPORT_DESCRIPTOR iid=(PIMAGE_IMPORT_DESCRIPTOR)RvaToPtr(dbase,va);
15     printf("Section contains the following imports:\n");
16     DWORD imagebase=nt->OptionalHeader.ImageBase;
17     while(iid->OriginalFirstThunk || iid->FirstThunk || iid->Name || iid->TimeDateStamp || iid->ForwarderChain)
18     {        
19         printf(szMsgImport,RvaToPtr(dbase,iid->Name),iid->FirstThunk+imagebase,iid->OriginalFirstThunk+imagebase,iid->TimeDateStamp,iid->ForwarderChain);
20         
21         if (iid->OriginalFirstThunk)
22             va=iid->OriginalFirstThunk;
23         else
24             va=iid->FirstThunk;
25         PDWORD pva=(PDWORD)RvaToPtr(dbase,va);
26         while (*pva)
27         {
28             if (*pva & IMAGE_ORDINAL_FLAG32)
29             {
30                 DWORD dd=(*pva) & 0x0ffff;
31                 printf(szMsg3,dd);
32             }
33             PIMAGE_IMPORT_BY_NAME piibn=NULL;
34             piibn=(PIMAGE_IMPORT_BY_NAME)RvaToPtr(dbase,*pva);
35             printf(szMsg2,piibn->Hint,piibn->Name);
36             pva++;
37         }
38         iid++;
39     }
40 }

 

 

代码片:ListImports

标签:

原文地址:http://www.cnblogs.com/dpblue/p/4816135.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!