获取PE文件的导出函数
2008-10-14 20:19
471 查看
一段可以从任何DLL中提取函数名的代码,这段代码的应用前提是该DLL文件对象没有经过任何“加壳”处理,否则,可能提取不完整。
#include "Dbghelp.h" bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER pImg_DOS_Header; PIMAGE_NT_HEADERS pImg_NT_Header; PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir; hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if(hFile == INVALID_HANDLE_VALUE) return false; hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if(hFileMapping == 0) { CloseHandle(hFile); return false; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if(lpFileBase == 0) { CloseHandle(hFileMapping); CloseHandle(hFile); return false; } pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase; pImg_NT_Header = (PIMAGE_NT_HEADERS)( (LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew); if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS)) || pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE) { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader .DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; if(!pImg_Export_Dir) // 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1 { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } // 63 63 72 75 6E 2E 63 6F 6D pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0); DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames; ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)ppdwNames, 0); if(!ppdwNames) { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } *nNoOfExports = pImg_Export_Dir->NumberOfNames; pszFunctions = new char*[*nNoOfExports]; for(UINT i=0; i < *nNoOfExports; i ) { char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0); pszFunctions[i] = new char[strlen(szFunc) 1]; strcpy(pszFunctions[i],szFunc); ppdwNames ; } UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return true; } //--------------------------------------------------------------------------- // 示例代码,读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中 void __fastcall TForm1::Button1Click(TObject *Sender) { UINT unNoOfExports; char **lppBuffer; GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer); for(UINT i=0; i<unNoOfExports; i ) Memo1->Lines->Add(lppBuffer[i]); for(UINT i=0; i<unNoOfExports; i ) delete []lppBuffer[i]; delete []lppBuffer; } /*==========================================================================================================*/ #include "Dbghelp.h" bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions) { HANDLE hFile; HANDLE hFileMapping; LPVOID lpFileBase; PIMAGE_DOS_HEADER pImg_DOS_Header; PIMAGE_NT_HEADERS pImg_NT_Header; PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir; hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if(hFile == INVALID_HANDLE_VALUE) return false; hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL); if(hFileMapping == 0) { CloseHandle(hFile); return false; } lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0); if(lpFileBase == 0) { CloseHandle(hFileMapping); CloseHandle(hFile); return false; } pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase; pImg_NT_Header = (PIMAGE_NT_HEADERS)( (LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew); if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS)) || pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE) { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader .DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; if(!pImg_Export_Dir) // 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1 { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } // 63 63 72 75 6E 2E 63 6F 6D pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0); DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames; ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)ppdwNames, 0); if(!ppdwNames) { UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return false; } *nNoOfExports = pImg_Export_Dir->NumberOfNames; pszFunctions = new char*[*nNoOfExports]; for(UINT i=0; i < *nNoOfExports; i ) { char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0); pszFunctions[i] = new char[strlen(szFunc) 1]; strcpy(pszFunctions[i],szFunc); ppdwNames ; } UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return true; } //--------------------------------------------------------------------------- // 示例代码,读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中 void __fastcall TForm1::Button1Click(TObject *Sender) { UINT unNoOfExports; char **lppBuffer; GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer); for(UINT i=0; i<unNoOfExports; i ) Memo1->Lines->Add(lppBuffer[i]); for(UINT i=0; i<unNoOfExports; i ) delete []lppBuffer[i]; delete []lppBuffer; }
相关文章推荐
- 获取PE文件的导出函数列表
- 利用PDB文件获取未导出全局变量、函数等信息
- 深入解析PE文件结构之导出表获取
- PE文件结构与函数导出表——详解与实例
- 内核分析PE获取DLL导出函数地址
- delphi数字签名验证及能够获取数字签名文件信息(利用wintrust.dll的导出函数,翻译一下)
- 内核分析PE获取DLL导出函数地址
- C语言编程获取PE文件导入函数
- 深入解析PE文件结构之导出表获取
- C语言编程获取PE文件导出表内容
- 内核分析PE获取DLL导出函数地址
- 内核分析PE获取DLL导出函数地址
- PHP获取和操作配置文件php.ini的几个函数介绍
- php获取文件大小封装函数
- vs2010中使用.def文件导出函数时需要的设置
- vs添加现有def文件无法导出函数
- delphi 获取文件路径函数
- C# 获取文件信息并导出Excel,Xml报表
- C# 获取当前文件名、执行函数、执行代码行数和列数
- 动态库dll使用module.def文件导出函数(像静态库一样使用)