VC PE导出/输入表演示(文件影射版本)

原创 于 2007-12-30 09:28:00 发布 · 2.9k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#null #descriptor #header #dos #winapi #file

此程序为VC版PE导出/输入表演示程序,大家可以体会一下VC与VB版的不同之处.

// GetPeInfo.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "windows.h"
#include "stdio.h"

typedef PVOID
(WINAPI *IMAGERVATOVA)(
    IN PIMAGE_NT_HEADERS NtHeaders,
    IN PVOID Base,
    IN ULONG Rva,
    IN OUT PIMAGE_SECTION_HEADER *LastRvaSection
    );
IMAGERVATOVA ImageRvaToVa;
VOID PrintImportTable(LPSTR strPath);
VOID PrintExportTable(LPSTR strPath);

int main(int argc, char* argv[])
{
 if (argc==1)
  return 0;
 printf("导出表信息:/n/n");
 PrintExportTable(argv[1]);
 printf("/n");
 printf("----------------------------------------------/n/n");
 printf("输入表信息:/n/n");
 PrintImportTable(argv[1]);
 return 0;
}

VOID PrintImportTable(LPSTR strPath)
{
 HANDLE hFile = CreateFile(strPath,GENERIC_READ,FILE_SHARE_READ,NULL,3,0,NULL);
 if (!hFile)
  return;
 HMODULE hMod = LoadLibrary("imagehlp.dll");
 ImageRvaToVa = (IMAGERVATOVA)GetProcAddress(hMod,"ImageRvaToVa");
 HANDLE hMap = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
 PVOID pBase = MapViewOfFile(hMap,FILE_MAP_READ,0,0,0),pAddr=NULL;
 PIMAGE_DOS_HEADER pDosHeader=(PIMAGE_DOS_HEADER)pBase;
 PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((ULONG)pBase + pDosHeader->e_lfanew);
 PIMAGE_IMPORT_DESCRIPTOR pImport = (PIMAGE_IMPORT_DESCRIPTOR)ImageRvaToVa(pNtHeaders,pBase,pNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress,NULL);
 while (pImport->Name!=0)
 {
  if (pImport->OriginalFirstThunk==0 && pImport->FirstThunk==0) break;
  printf("模块:%s/n",ImageRvaToVa(pNtHeaders,pBase,pImport->Name,NULL));
  PIMAGE_THUNK_DATA pThunk=NULL;
  if (pImport->OriginalFirstThunk!=0)
   pThunk = (PIMAGE_THUNK_DATA)ImageRvaToVa(pNtHeaders,pBase,pImport->OriginalFirstThunk,NULL);
  else
   pThunk = (PIMAGE_THUNK_DATA)ImageRvaToVa(pNtHeaders,pBase,pImport->FirstThunk,NULL);
  do
  {
   if (pThunk->u1.AddressOfData==0) break;
   pAddr=ImageRvaToVa(pNtHeaders,pBase,(ULONG)pThunk->u1.AddressOfData->Name,NULL);
   if (!pAddr)
    printf("/t函数:/n");
   else
    printf("/t函数:%s/n",pAddr);
   pThunk++;
  } while (pThunk->u1.AddressOfData!=0);
  pImport++;
 };
 FreeLibrary(hMod);
 CloseHandle(hMap);
 CloseHandle(hFile);
 UnmapViewOfFile(pBase);
}

VOID PrintExportTable(LPSTR strPath)
{
 HANDLE hFile = CreateFile(strPath,GENERIC_READ,FILE_SHARE_READ,NULL,3,0,NULL);
 if (!hFile)
  return;
 HMODULE hMod = LoadLibrary("imagehlp.dll");
 ImageRvaToVa = (IMAGERVATOVA)GetProcAddress(hMod,"ImageRvaToVa");
 HANDLE hMap = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
 PVOID pBase = MapViewOfFile(hMap,FILE_MAP_READ,0,0,0);
 PULONG *pAddr=NULL,pName=NULL;
 PIMAGE_DOS_HEADER pDosHeader=(PIMAGE_DOS_HEADER)pBase;
 PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((ULONG)pBase + pDosHeader->e_lfanew);
 PIMAGE_EXPORT_DIRECTORY pExport = (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pNtHeaders,pBase,pNtHeaders->OptionalHeader.DataDirectory[0].VirtualAddress,NULL);
 if (!pExport)
 {
  printf("没有导出表信息!!/n");
  return ;
 }
 printf("模块:%s/n",ImageRvaToVa(pNtHeaders,pBase,pExport->Name,NULL));
 ULONG uStup=0;
 do
 {
  pAddr=(PULONG *)ImageRvaToVa(pNtHeaders,pBase,(ULONG)pExport->AddressOfNames + uStup * sizeof(uStup) ,NULL);
  pName=(PULONG)ImageRvaToVa(pNtHeaders,pBase,(ULONG)*pAddr,NULL);
  if (!pName) break;
  printf("/t函数:%s/n",pName);
  uStup ++;
 } while (pName);
 FreeLibrary(hMod);
 CloseHandle(hMap);
 CloseHandle(hFile);
 UnmapViewOfFile(pBase);
}

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值