C语言编程获取PE文件导出表内容
2016-02-02 22:43
405 查看
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
DWORD RvaToOffset(PIMAGE_NT_HEADERS pImageNtHeaders, DWORD dwRva);
int _tmain(int argc, TCHAR *argv[])
{
PIMAGE_DOS_HEADER pImageDOSHeader;
PIMAGE_NT_HEADERS pImageNTHeader;
PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor;
PIMAGE_IMPORT_BY_NAME pImageImportByName;
PIMAGE_EXPORT_DIRECTORY pImageExportDirectory;
DWORD dwCount;
DWORD dwCount2;
DWORD *Thunks;
DWORD dwFileOffset;
DWORD dwOrdinals;
DWORD dwFunctions;
char *szFunctionName;
DWORD dwNames;
PDWORD dwName;
PDWORD dwFunction;
PWORD dwOrdinal;
HANDLE hFile;
HANDLE hMapObject;
PUCHAR uFileMap;
if(argc<2)
return -1;
if(!(hFile=CreateFile(argv[1],GENERIC_READ,0,NULL,OPEN_EXISTING,0,0)))
return -1;
if (!(hMapObject = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL)))
return (-1);
if (!(uFileMap = MapViewOfFile(hMapObject, FILE_MAP_READ, 0, 0, 0)))
return (-1);
pImageDOSHeader=(PIMAGE_DOS_HEADER)uFileMap;
if(pImageDOSHeader->e_magic != IMAGE_DOS_SIGNATURE)
return -1;
pImageNTHeader = (PIMAGE_NT_HEADERS)((PUCHAR)uFileMap + pImageDOSHeader->e_lfanew);
if(pImageNTHeader->Signature != IMAGE_NT_SIGNATURE)
return -1;
if (!(pImageNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress))
{
printf("No export function!");
return 0;
}
//导出表文件偏移
dwFileOffset = RvaToOffset(pImageNTHeader,pImageNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
pImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((PUCHAR)uFileMap+dwFileOffset);
dwCount = pImageExportDirectory->NumberOfFunctions;
dwOrdinals = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfNameOrdinals);
dwFunctions = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfFunctions);
dwNames = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfNames);
for (dwCount2=0;dwCount2<dwCount;dwCount2++)
{
dwOrdinal=(PWORD)((PUCHAR)uFileMap+dwOrdinals+dwCount2*2); // 地址
dwFunction=(PDWORD)((PUCHAR)uFileMap+dwFunctions+dwCount2*4); // 地址
dwName=(PDWORD)((PUCHAR)uFileMap+dwNames+dwCount2*4); //地址
szFunctionName = ((PUCHAR)uFileMap+RvaToOffset(pImageNTHeader,*dwName));
printf("Ordinal: 0x%04X ",*dwOrdinal);
if(dwCount2 == *dwOrdinal)
{
printf("Name: %s ",szFunctionName);
}
printf("Address: 0x%04X\n ",*dwFunction);
}
UnmapViewOfFile(uFileMap);
CloseHandle(hMapObject);
CloseHandle(hFile);
return 0;
}
DWORD RvaToOffset(PIMAGE_NT_HEADERS pImageNtHeaders, DWORD dwRva)
{
PIMAGE_SECTION_HEADER pImageSectionHeader;
DWORD dwCount;
DWORD dwFileOffset;
pImageSectionHeader = IMAGE_FIRST_SECTION(pImageNtHeaders);
dwFileOffset = dwRva;
for (dwCount=0;dwCount<pImageNtHeaders->FileHeader.NumberOfSections;dwCount++)
{
if(dwRva>=pImageSectionHeader[dwCount].VirtualAddress && dwRva<(pImageSectionHeader[dwCount].VirtualAddress+pImageSectionHeader[dwCount].SizeOfRawData))
{
dwFileOffset-=pImageSectionHeader[dwCount].VirtualAddress;
dwFileOffset+=pImageSectionHeader[dwCount].PointerToRawData;
return dwFileOffset;
}
}
return 0;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- C语言编程获取PE文件导入函数
- C语言编程获取PE文件Section_Header
- C语言编程获取PE文件Option_Header
- C语言编程获取PE文件File_Header内容
- c++转换构造函数和类型转换函数
- C语言编程获取PE文件DOS头
- c++中的数据类型
- C++ 通用编程
- C语言 求一个数列的前n项之和,保留两位小数。
- [土狗之路]coursera上C语言进阶习题 括号匹配
- [土狗之路]coursera C语言进阶练习题 排队游戏
- C语言求斐波拉切数列第n项
- 一起talk C栗子吧(第一百一十九回:C语言实例--线程死锁三)
- 小蚂蚁学习C语言(38)——题目——求字符串是否回文
- (C++) 分隔符匹配
- C++ Primer 笔记(一)cin输入的一些用法和注意事项(未完成)
- 设计模式C++实现:管理者模式
- asm基础——asm函数和c++函数之间的相互调用
- sqlite3对数据库加密用c语言开源项目wxSQLite3实现
- 用C++ Builder实现一组数组的排序与插入操作