如何獲取PE文件的導出函數列表
發(fā)布時(shí)間:2021-09-27 17:50
來(lái)源:億速云
閱讀:0
作者:小新
欄目: 開(kāi)發(fā)技術(shù)
這篇文章主要為大家展示了“如何獲取PE文件的導出函數列表”�����,內容簡(jiǎn)而易懂�,條理清晰����,希望能夠幫助大家解決疑惑�����,下面讓小編帶領(lǐng)大家一起研究并學(xué)習一下“如何獲取PE文件的導出函數列表”這篇文章吧��。
獲取PE文件的導出函數列表
關(guān)鍵字:PE文件,導出函數,PIMAGE_DOS_HEADER,PIMAGE_EXPORT_DIRECTORY,PIMAGE_NT_HEADER
函數作者為zhangjiawen@cchongda.com.cn��,示例代碼由ccrun(老妖)編寫(xiě)�����,應函數作者要求發(fā)表在本站��。
一段可以從任何DLL中提取函數名的代碼��,這段代碼的應用前提是該DLL文件對象沒(méi)有經(jīng)過(guò)任何“加殼”處理�,否則����,可能提取不完整��。
#include "Dbghelp.h"
bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pImg_DOS_Header;
PIMAGE_NT_HEADERS pImg_NT_Header;
PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;
hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(hFile == INVALID_HANDLE_VALUE)
return false;
hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if(hFileMapping == 0)
{
CloseHandle(hFile);
return false;
}
lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if(lpFileBase == 0)
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;
pImg_NT_Header = (PIMAGE_NT_HEADERS)(
(LONG)pImg_DOS_Header + (LONG)pImg_DOS_Header->e_lfanew);
if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))
|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(!pImg_Export_Dir)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);
DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;
ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)ppdwNames, 0);
if(!ppdwNames)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
*nNoOfExports = pImg_Export_Dir->NumberOfNames;
pszFunctions = new char*[*nNoOfExports];
for(UINT i=0; i < *nNoOfExports; i++)
{
char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);
pszFunctions[i] = new char[strlen(szFunc)+1];
strcpy(pszFunctions[i],szFunc);
ppdwNames++;
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return true;
}
void __fastcall TForm1::Button1Click(TObject *Sender)
{
UINT unNoOfExports;
char **lppBuffer;
GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);
for(UINT i=0; i<unNoOfExports; i++)
Memo1->Lines->Add(lppBuffer[i]);
for(UINT i=0; i<unNoOfExports; i++)
delete []lppBuffer[i];
delete []lppBuffer;
}
