获得PE文件的导入模块和导入函数

#include "windows.h"

#include "iostream.h"

#include "Dbghelp.h"

#include "Psapi.h"

#pragma comment(lib,"Psapi.lib")
#pragma comment(lib,"Dbghelp.lib")

#define SizeOfArray 32//枚举模块的数组大小

HMODULE hModuleArray[SizeOfArray]={0};//定义了枚举模块数组
DWORD dwNeed;
main()
{
ULONG size;
if(!EnumProcessModules(GetCurrentProcess(),hModuleArray,SizeOfArray,&dwNeed)) {cout<<"fail to enum modules"<<endl; return;}
int i=0;//上一句为枚举当前进程中的模块
while(hModuleArray[i])
{
PIMAGE_IMPORT_DESCRIPTOR pImport=(PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData((HINSTANCE)hModuleArray[i],true,IMAGE_DIRECTORY_ENTRY_IMPORT,&size);
//上一句为获得导入表
if (pImport==NULL) {cout<<endl;break;}

while (pImport->Name)//根据导入表来循环得到导入模块和导入函数
{
cout<<"模块名称："<<(PSTR)((PBYTE)hModuleArray[i]+pImport->Name)<<endl;

PIMAGE_THUNK_DATA pThunk =(PIMAGE_THUNK_DATA) ((PBYTE)hModuleArray[i]+pImport->OriginalFirstThunk);//IAT
//在一个模块下获得第一个Thunk
if (pThunk==NULL) break;
while(pThunk->u1.Function)
{
cout<<"      导入函数："<<(LPSTR)((PBYTE)hModuleArray[i]+(DWORD)pThunk->u1.AddressOfData+2)<<endl;//前两个为导入符号。导入函数的名称在之后所以加上2
pThunk++;
}

pImport++;
}
i++;
}
system("pause");//暂停
}