调试易

http://blog.chinaunix.net/u2/67530/showart_601638.html

想要强大的功能就用bfd库，就是binutils的那一套东西。

depends下载地址：http://www.dependencywalker.com/depends22_x86.zip如果想知道函数参数等信息的话得用反汇编工具查了，例如IDA。

你看一下下面这个连接，有详细的C++代码实现：
http://blog.csdn.net/hoboo/archive/2008/01/24/2062634.aspx

木有这样的函数，得加载DLL，然后去PE的函数导出表中查找http://www.qqgb.com/Program/VC/VCJQ/Program_182406.html

很久以前的东西，不小心翻了出来#include <windows.h>
#include <winbase.h>
#include <stdio.h>
#include <tchar.h>
#include <imagehlp.h>void PrintUsage(char * msg)
{
 printf("|---------------------------------------------------------|\n");
 printf("|   CreateDate: 2000-02-15                                |\n");
 printf("|   Usage: <Path>\\GetFunction[.exe] <Exe file|DLL file>   |\n");
 printf("|---------------------------------------------------------|\n");
 return;
}BOOL CheckFunction(PCHAR pf)
{
 int iCount=strlen(pf); for(int i=0;i<iCount;i++)
 {
  if ((pf[i]<'0')||(pf[i]>'z')) return FALSE;
 }
 return TRUE;
}int main(int argc,char **argv)
{
 PIMAGE_NT_HEADERS nt_headers;
 PIMAGE_EXPORT_DIRECTORY export_data;
 DWORD export_data_size;
 PDWORD FunctionsNames,FunctionsPtrs;
 PWORD NameOrdinals;
 HANDLE hFile,hFileMap;
 DWORD file_attributes;
 PVOID mod_base,func_ptr=0,image_base;
 char file_path[MAX_PATH];
 char * func_name;
 LPWIN32_FIND_DATA lpwfd_first=new WIN32_FIND_DATA;
 DWORD i,dwretcode;
 char * lpTmp=new char[MAX_PATH];
 BOOLEAN bcp=FALSE; if (argc<2)
 {
  PrintUsage (argv[0]);
  return 0;
 }// GetFullPathName (argv[1],MAX_PATH,file_path ,NULL);
 sprintf(file_path,argv[1]); if (FindFirstFile (file_path,lpwfd_first)==NULL)
 {
  //file_attributes=0;
  PrintUsage(argv[0]);
  return 0;
 }
 else
 {
  file_attributes=lpwfd_first->dwFileAttributes ;
 }
goto_continue:
 hFile=CreateFile(file_path,GENERIC_READ,
  0,0,OPEN_EXISTING,
  file_attributes,0);
 if (hFile==INVALID_HANDLE_VALUE)
 {
  dwretcode=GetLastError();
  if (dwretcode==32)
  {
   bcp =TRUE;
   sprintf(lpTmp,argv[0]);
   lpTmp[(strrchr(argv[0],92) - argv[0])+1]=NULL;
   sprintf(lpTmp+strlen(lpTmp),lpwfd_first->cFileName) ;
   CopyFile(argv[1],lpTmp,TRUE);
   sprintf(file_path,lpTmp);
   delete lpTmp;
   goto goto_continue;
  }
  else return 0;
 } delete lpwfd_first; hFileMap=CreateFileMapping(hFile,0,PAGE_READONLY,0,0,0);
 if (hFileMap==NULL)
 {
  printf("Create File Map Error!\n");
  CloseHandle(hFile);
  return 0;
 }
 mod_base =MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0);
 if (mod_base==NULL)
 {
  printf("Create MapView of file error!\n");
  CloseHandle(hFileMap);
  CloseHandle(hFile);
  return 0;
 }
 nt_headers =ImageNtHeader (mod_base);
 image_base=(PVOID)nt_headers->OptionalHeader .ImageBase ; export_data =(PIMAGE_EXPORT_DIRECTORY )ImageDirectoryEntryToData (mod_base,
  FALSE,IMAGE_DIRECTORY_ENTRY_EXPORT,&export_data_size);
 if (export_data==NULL)
 {
  DWORD dwError = GetLastError();
  printf("ImageDirectoryEntryToData Error!(Errorcode:%d)\n",dwError);
  return 0;
 }
 FunctionsNames =(PDWORD)ImageRvaToVa (nt_headers,mod_base,
  (DWORD)export_data->AddressOfNames ,0);
 FunctionsPtrs = (PDWORD)ImageRvaToVa(nt_headers,mod_base,
  (DWORD)export_data->AddressOfFunctions ,0);
 NameOrdinals =(PWORD)ImageRvaToVa(nt_headers,mod_base,
  (DWORD)export_data->AddressOfNameOrdinals ,0); printf("Order            FunctionName                     FunctionAddress\n");
 for (i=0;i<export_data->NumberOfFunctions ;i++)
 {
  func_name = (PCHAR)ImageRvaToVa(nt_headers,mod_base,(DWORD)FunctionsNames[i],0);
  if (IsBadReadPtr (func_name,1)) continue;
  if ((!IsCharAlpha (func_name[0]))&&(!IsCharAlphaNumeric (func_name[0]))) continue;
  if (IsBadCodePtr ((FARPROC)func_name)) continue;
  if (!CheckFunction (func_name)) continue;
  if (strlen(func_name)>32) continue;
 // func_ptr=NULL;
//  if (IsBadReadPtr(&FunctionsPtrs[NameOrdinals[i]],1)) continue;
//  if (NameOrdinals[i]>10000) continue;
  
  func_ptr = (PVOID) FunctionsPtrs [NameOrdinals [i]];
  printf("%d",i);
  char * temp=new char[10];
  sprintf(temp,"%d",i);
  for(int w=0;w<(18 - (int)strlen(temp));w++)
   printf(" ");
  printf("%s",func_name);
  for (int j=0;j<(50 - (int)strlen(func_name));j++)
   printf(" ");
  printf("%d\n",func_ptr);
 }
 
 UnmapViewOfFile (mod_base);
 CloseHandle(hFileMap);
 CloseHandle(hFile);
 if (bcp ) 
  DeleteFile(file_path);
 return 0;
}例如运行：GetFunction.exe c:\windows\system32\ntdll.dll则输出如下结果：Order            FunctionName                         FunctionAddress
0                 CsrAllocateCaptureBuffer                          125863
1                 CsrAllocateMessagePointer                         125960
2                 CsrCaptureMessageBuffer                           160625
4                 CsrCaptureMessageString                           132870
5                 CsrCaptureTimeout                                 329170
6                 CsrClientCallServer                               78497
7                 CsrClientConnectToServer                          137105
8                 CsrFreeCaptureBuffer                              125775
9                 CsrGetProcessId                                   329159
10                CsrIdentifyAlertableThread                        329026
11                CsrNewThread                                      102010
12                CsrProbeForRead                                   329299
13                CsrProbeForWrite                                  329221
14                CsrSetPriorityClass                               329086
15                DbgBreakPoint                                     4656
16                DbgPrint                                          197616
17                DbgPrintEx                                        125733
18                DbgPrintReturnControlC                            362522
19                DbgPrompt                                         362761
...