3,880
社区成员




PIMAGE_DOS_HEADER Pdos = (PIMAGE_DOS_HEADER)GetModuleHandle("ntdll.dll");//获得模块句柄
//错误返回
PIMAGE_NT_HEADERS Pnt = (PIMAGE_NT_HEADERS)((int)Pdos->e_lfanew + (int)Pdos);
IMAGE_OPTIONAL_HEADER32 Popt = Pnt->OptionalHeader;
IMAGE_EXPORT_DIRECTORY * Export;
Export = (IMAGE_EXPORT_DIRECTORY*)(Popt.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + (ULONG_PTR)Pdos);
//关于索引
/*IMAGE_DIRECTORY_ENTRY_EXPORT
导出表
IMAGE_DIRECTORY_ENTRY_IMPORT
导入表
IMAGE_DIRECTORY_ENTRY_RESOURCE
资源
IMAGE_DIRECTORY_ENTRY_EXCEPTION
异常(具体资料不详)
IMAGE_DIRECTORY_ENTRY_SECURITY
安全(具体资料不详)
IMAGE_DIRECTORY_ENTRY_BASERELOC
重定位表
IMAGE_DIRECTORY_ENTRY_DEBUG
调试信息
IMAGE_DIRECTORY_ENTRY_ARCHITECTURE
版权信息
IMAGE_DIRECTORY_ENTRY_GLOBALPTR
具体资料不详
IMAGE_DIRECTORY_ENTRY_TLS
Thread Local Storage
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
具体资料不详
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
具体资料不详
IMAGE_DIRECTORY_ENTRY_IAT
导入函数地址表
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
具体资料不详
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
具体资料不详*/
DWORD * AllAddress;
DWORD * AllName;
USHORT * AllOrg;
AllAddress = (DWORD*)((int)Export->AddressOfFunctions + (int)Pdos);//函数地址数组
AllName = (DWORD*)((int)Export->AddressOfNames + (int)Pdos);//函数名称数组
AllOrg = (USHORT *)((int)Export->AddressOfNameOrdinals + (int)Pdos);//序号数组
//////////////////////////////////////////////////////////////////////////
int OneAddress;
char * OneName;
USHORT OneOrg;
char * Buf = new char[500];
int ListId = NULL;
for (int i = 0; i < (int)Export->NumberOfNames; i++){
OneName = (char*)((BYTE*)Pdos + AllName[i]);
OneOrg = (USHORT)AllOrg[i];
OneAddress = (int)((int)Pdos + AllAddress[OneOrg]);
if (NULL == _stricmp(OneName, "_itoa_s")){
ZeroMemory(Buf, 500 * sizeof(char));
wsprintfA(Buf, "_itoa_s -> 0x%08X | %d | %d\n\0", OneAddress, OneOrg, AllAddress[OneOrg]);
OutputDebugStringA(Buf);
}
}
delete Buf;
}