如下的函数,不能显示PE导入表中的DLL导入的函数名,哪的问题?void CPEImportTableDlg::ShowDllFunctions(CString DllName)//DllNameDLL名字
{
int item=0;
char tempdata[20];
char *p=NULL;
if(m_DllTableAddr==NULL) //m_DllTableAddr导入表的内存地址,m_DllTableAddr=(PVOID)((DWORD)m_lpMapAddr+optionalheader->DataDirectory[1].VirtualAddress);
return;
if(DllName=="")
{
AfxMessageBox("DLL名不能为空!");
return;
}
m_ShowImportList.DeleteAllItems();
PIMAGE_IMPORT_DESCRIPTOR dllAddr=(PIMAGE_IMPORT_DESCRIPTOR)m_DllTableAddr;
while(dllAddr->Name||
dllAddr->FirstThunk||
dllAddr->ForwarderChain||
dllAddr->OriginalFirstThunk||
dllAddr->TimeDateStamp)
{
p=(char*)((DWORD)m_lpMapAddr+dllAddr->Name);//m_lpMapAddr映射文件到内存的地址
if(DllName==CString(p))
break;
dllAddr++;
}
PIMAGE_THUNK_DATA lpthunk=(PIMAGE_THUNK_DATA)((DWORD)m_lpMapAddr+dllAddr->FirstThunk);
while(lpthunk->u1.AddressOfData||lpthunk->u1.ForwarderString||lpthunk->u1.Function||lpthunk->u1.Ordinal)
{
if(!(((DWORD)lpthunk)&0x80000000))
{
PIMAGE_IMPORT_BY_NAME lpfunc=(PIMAGE_IMPORT_BY_NAME)(lpthunk);
wsprintf(tempdata,"%p",(DWORD)lpfunc->Hint);
m_ShowImportList.InsertItem(item,tempdata,0);
m_ShowImportList.SetItemText(item,1,(char*)(lpfunc->Name));
item++;
}
lpthunk++;
}
}
{
int item=0;
char tempdata[20];
char *p=NULL;
if(m_DllTableAddr==NULL) //m_DllTableAddr导入表的内存地址,m_DllTableAddr=(PVOID)((DWORD)m_lpMapAddr+optionalheader->DataDirectory[1].VirtualAddress);
return;
if(DllName=="")
{
AfxMessageBox("DLL名不能为空!");
return;
}
m_ShowImportList.DeleteAllItems();
PIMAGE_IMPORT_DESCRIPTOR dllAddr=(PIMAGE_IMPORT_DESCRIPTOR)m_DllTableAddr;
while(dllAddr->Name||
dllAddr->FirstThunk||
dllAddr->ForwarderChain||
dllAddr->OriginalFirstThunk||
dllAddr->TimeDateStamp)
{
p=(char*)((DWORD)m_lpMapAddr+dllAddr->Name);//m_lpMapAddr映射文件到内存的地址
if(DllName==CString(p))
break;
dllAddr++;
}
PIMAGE_THUNK_DATA lpthunk=(PIMAGE_THUNK_DATA)((DWORD)m_lpMapAddr+dllAddr->FirstThunk);
while(lpthunk->u1.AddressOfData||lpthunk->u1.ForwarderString||lpthunk->u1.Function||lpthunk->u1.Ordinal)
{
if(!(((DWORD)lpthunk)&0x80000000))
{
PIMAGE_IMPORT_BY_NAME lpfunc=(PIMAGE_IMPORT_BY_NAME)(lpthunk);
wsprintf(tempdata,"%p",(DWORD)lpfunc->Hint);
m_ShowImportList.InsertItem(item,tempdata,0);
m_ShowImportList.SetItemText(item,1,(char*)(lpfunc->Name));
item++;
}
lpthunk++;
}
}
m_hMapFile=CreateFileMapping(m_hFile,NULL,PAGE_READONLY,0,0,NULL);
if(m_hMapFile==NULL)
{
MessageBox("创建文件映像失败!","错误");
CloseHandle(m_hFile);
CloseHandle(m_hMapFile);
return 0;
}
m_lpMapAddr=MapViewOfFile(m_hMapFile,FILE_MAP_READ,0,0,0);
if(m_lpMapAddr==NULL)
{
MessageBox("文件映射失败!","错误");
CloseHandle(m_hFile);
CloseHandle(m_hMapFile);
return 0;
}这样使用文件映射得到的,哪些DLL我都能全部显示出来了,还有就是只能把发布版的PE文件的能显示出来
m_lpMapAddr是loadlibrary得到的还是直接读入的文件
[/Quote] m_hMapFile=CreateFileMapping(m_hFile,NULL,PAGE_READONLY,0,0,NULL);
if(m_hMapFile==NULL)
{
MessageBox("创建文件映像失败!","错误");
CloseHandle(m_hFile);
CloseHandle(m_hMapFile);
return 0;
}
m_lpMapAddr=MapViewOfFile(m_hMapFile,FILE_MAP_READ,0,0,0);
if(m_lpMapAddr==NULL)
{
MessageBox("文件映射失败!","错误");
CloseHandle(m_hFile);
CloseHandle(m_hMapFile);
return 0;
}这样使用文件映射得到的,哪些DLL我都能全部显示出来了,还有就是只能把发布版的PE文件的能显示出来
然后把section内偏移加上section的原始数据指针,才是文件偏移