您的位置:首页 > 其它

获取PE文件的导出函数

2008-10-14 20:19 471 查看
一段可以从任何DLL中提取函数名的代码,这段代码的应用前提是该DLL文件对象没有经过任何“加壳”处理,否则,可能提取不完整。

#include "Dbghelp.h"

bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pImg_DOS_Header;
PIMAGE_NT_HEADERS pImg_NT_Header;
PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;

hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(hFile == INVALID_HANDLE_VALUE)
return false;

hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if(hFileMapping == 0)
{
CloseHandle(hFile);
return false;
}

lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if(lpFileBase == 0)
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;
pImg_NT_Header = (PIMAGE_NT_HEADERS)(
(LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew);

if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))
|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(!pImg_Export_Dir)
// 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1 {
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
// 63 63 72 75 6E 2E 63 6F 6D
pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);

DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;

ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)ppdwNames, 0);
if(!ppdwNames)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

*nNoOfExports = pImg_Export_Dir->NumberOfNames;
pszFunctions = new char*[*nNoOfExports];

for(UINT i=0; i < *nNoOfExports; i )
{
char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);

pszFunctions[i] = new char[strlen(szFunc) 1];
strcpy(pszFunctions[i],szFunc);

ppdwNames ;
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return true;
}
//---------------------------------------------------------------------------
// 示例代码,读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中
void __fastcall TForm1::Button1Click(TObject *Sender)
{
UINT unNoOfExports;
char **lppBuffer;

GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);

for(UINT i=0; i<unNoOfExports; i )
Memo1->Lines->Add(lppBuffer[i]);

for(UINT i=0; i<unNoOfExports; i )
delete []lppBuffer[i];

delete []lppBuffer;
}

/*==========================================================================================================*/
#include "Dbghelp.h"

bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions)
{
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER pImg_DOS_Header;
PIMAGE_NT_HEADERS pImg_NT_Header;
PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;

hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if(hFile == INVALID_HANDLE_VALUE)
return false;

hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if(hFileMapping == 0)
{
CloseHandle(hFile);
return false;
}

lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if(lpFileBase == 0)
{
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;
pImg_NT_Header = (PIMAGE_NT_HEADERS)(
(LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew);

if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))
|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(!pImg_Export_Dir)
// 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1 {
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}
// 63 63 72 75 6E 2E 63 6F 6D
pImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);

DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;

ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,
pImg_DOS_Header, (DWORD)ppdwNames, 0);
if(!ppdwNames)
{
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return false;
}

*nNoOfExports = pImg_Export_Dir->NumberOfNames;
pszFunctions = new char*[*nNoOfExports];

for(UINT i=0; i < *nNoOfExports; i )
{
char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);

pszFunctions[i] = new char[strlen(szFunc) 1];
strcpy(pszFunctions[i],szFunc);

ppdwNames ;
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return true;
}
//---------------------------------------------------------------------------
// 示例代码,读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中
void __fastcall TForm1::Button1Click(TObject *Sender)
{
UINT unNoOfExports;
char **lppBuffer;

GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);

for(UINT i=0; i<unNoOfExports; i )
Memo1->Lines->Add(lppBuffer[i]);

for(UINT i=0; i<unNoOfExports; i )
delete []lppBuffer[i];

delete []lppBuffer;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航