PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)lpBase;
PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((DWORD)lpBase + pDosHeader->e_lfanew );
//导出表
if(pNtHeader->OptionalHeader.DataDirectory[0].VirtualAddress !=0)
{
PIMAGE_EXPORT_DIRECTORY pExport = (PIMAGE_EXPORT_DIRECTORY) (lpBase+AddressConvert(lpBase,pNtHeader->OptionalHeader.DataDirectory[0].VirtualAddress,TRUE));
int dwNumberOfFunctions = pExport->NumberOfFunctions;
int dwNumberOfNames = pExport->NumberOfNames;
//函数地址
PDWORD pFunAddr = (PDWORD) (lpBase + AddressConvert(lpBase,pExport->AddressOfFunctions,TRUE));
//函数名地址
PDWORD pFunNameAddr = (PDWORD) (lpBase + AddressConvert(lpBase,pExport->AddressOfNames,TRUE));
//函数序号地址
PWORD pOrdinalAddr = (PWORD) (lpBase + AddressConvert(lpBase,pExport->AddressOfNameOrdinals,TRUE));
for (int i=0;i<dwNumberOfFunctions;i++)
{
printf("函数地址:%.8X\t ",pFunAddr[i]);
int j =0;
for (;j<dwNumberOfNames;j++)
{
if(pOrdinalAddr[j] == i)
{
printf("函数编号:%d\t ",j + pExport->Base);
break;
}
}
if(j!=dwNumberOfNames)//
{
DWORD nameAddr = (DWORD) lpBase + AddressConvert(lpBase,pFunNameAddr[j],TRUE);
printf("%s",nameAddr);
}
printf("\n");
}
}
网友评论