如何得到运行程序使用的API函数? 就像VC提供的Depends那样? 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 自己修改系统api函数所在的dll,重写所有的api函数,截获api函数的调用,然后自己调用原来的dll重的对应函数。 分析应用程序的导入表,去察看一下pe文件的格式pe文件的导入表中记载其装载dll的名字和api的名字。 //老毛子写的程序,拿来参考。#include <windows.h>#define MakePtr(base, offset) ((LPSTR)(base) + offset)//@//////////////////////////////////////////////////////////////////////////// §¤§Ý§à§Ò§Ñ§Ý§î§ß§í§Ö §á§Ö§â§Ö§Þ§Ö§ß§ß§í§Östatic BOOL g_bUnicodeOS = FALSE;static HMODULE g_hModuleUnicows = NULL;static LPWORD g_pdwOrd = NULL;static LPDWORD g_pdwAddrs = NULL;static LPDWORD g_pdwNames = NULL;static DWORD g_dwNames = 0;//@//////////////////////////////////////////////////////////////////////////// §£§ã§á§à§Þ§à§Ô§Ñ§ä§Ö§Ý§î§ß§Ñ§ñ §æ§å§ß§Ü§è§Ú§ñ, §Ó§à§Ù§Ó§â§Ñ§ë§Ñ§Ö§ä §Ñ§Õ§â§Ö§ã §æ§å§ß§Ü§è§Ú§Ú §Ú§Ù unicows.dll// §ã §å§Ü§Ñ§Ù§Ñ§ß§ß§í§Þ §Ú§Þ§Ö§ß§Ö§Þ, §Ö§ã§Ý§Ú §ä§Ñ§Ü§Ñ§ñ §Ú§Þ§Ö§Ö§ä§ã§ñstatic LPDWORD GetFunctionAddress(LPCSTR azName){ DWORD dwName = 0; while (dwName < g_dwNames) { if (0 == ::lstrcmpiA(MakePtr( g_hModuleUnicows, g_pdwNames[dwName]), azName)) return (LPDWORD)MakePtr(g_hModuleUnicows, g_pdwAddrs[g_pdwOrd[dwName]]); dwName ++; } return NULL;}BOOL _UnicowsInit(LPCSTR szLib){/* int i = ::GetVersion(); if (0 == (0x80000000 & ::GetVersion())) { // WinNT/2k/XP: §´§å§ä §ß§Ñ§Þ §Õ§Ö§Ý§Ñ§ä§î §ß§Ö§é§Ö§Ô§à g_bUnicodeOS = TRUE; return ::SetLastError(0), TRUE; } */ g_hModuleUnicows = ::LoadLibraryA(szLib); if (!g_hModuleUnicows) return FALSE; // §°§ê§Ú§Ò§Ü§Ñ §á§â§Ú §Ù§Ñ§Ô§â§å§Ù§Ü§Ö Unicows.dll // §¯§Ñ§ç§à§Õ§Ú§Þ §ä§Ñ§Ò§Ý§Ú§è§å §ï§Ü§ã§á§à§â§ä§Ñ PIMAGE_DOS_HEADER pDosHeader = PIMAGE_DOS_HEADER(g_hModuleUnicows); if (::IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER)) || IMAGE_DOS_SIGNATURE != pDosHeader->e_magic) return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; PIMAGE_NT_HEADERS pNTHeaders = (PIMAGE_NT_HEADERS) MakePtr(g_hModuleUnicows, pDosHeader->e_lfanew); if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS)) || IMAGE_NT_SIGNATURE != pNTHeaders->Signature) return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; IMAGE_DATA_DIRECTORY& expDir = pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; PIMAGE_EXPORT_DIRECTORY pExpDir = (PIMAGE_EXPORT_DIRECTORY ) MakePtr(g_hModuleUnicows, expDir.VirtualAddress); // §©§Ñ§á§à§ß§Ú§Þ§Ñ§Ö§Þ §ä§Ñ§Ò§Ý§Ú§è§å §Ú§Þ§Ö§ß §Ú §Ñ§Õ§â§Ö§ã§à§Ó g_pdwOrd = (LPWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfNameOrdinals); g_pdwNames = (LPDWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfNames); g_pdwAddrs = (LPDWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfFunctions); g_dwNames = pExpDir->NumberOfNames; return TRUE;}static LPCSTR GetNameFromOrdinal(HMODULE hModule,DWORD dwOrdinal){ if (!hModule) return FALSE; // §¯§Ö§ä §ä§Ñ§Ü§à§Ô§à §Þ§à§Õ§å§Ý§ñ // §¯§Ñ§ç§à§Õ§Ú§Þ §ä§Ñ§Ò§Ý§Ú§è§å §ï§Ü§ã§á§à§â§ä§Ñ PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)(hModule); if (::IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER)) || IMAGE_DOS_SIGNATURE != pDosHeader->e_magic) return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; PIMAGE_NT_HEADERS pNTHeaders =(PIMAGE_NT_HEADERS) MakePtr( hModule, pDosHeader->e_lfanew); if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS)) || IMAGE_NT_SIGNATURE != pNTHeaders->Signature) return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; IMAGE_DATA_DIRECTORY& expDir = pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; PIMAGE_EXPORT_DIRECTORY pExpDir = (PIMAGE_EXPORT_DIRECTORY) MakePtr( hModule, expDir.VirtualAddress); LPWORD pdwOrd = (LPWORD)MakePtr( hModule, pExpDir->AddressOfNameOrdinals); LPDWORD pdwNames = (LPDWORD)MakePtr(hModule, pExpDir->AddressOfNames); dwOrdinal -= pExpDir->Base; g_dwNames = pExpDir->NumberOfNames; for (DWORD iName = 0; iName < pExpDir->NumberOfNames; iName++) { // §±§â§à§Ó§Ö§â§ñ§Ö§Þ §Ó§ã§Ö §ß§à§Þ§Ö§â§Ñ §á§à §á§à§â§ñ§Õ§Ü§å if (dwOrdinal == pdwOrd[iName]) return MakePtr(hModule, pdwNames[iName]); }/**/ return NULL;}int main(int,char**){ if(!_UnicowsInit("C:\\Test.dll")) return -1; LPCSTR szName = GetNameFromOrdinal(g_hModuleUnicows,1); LPDWORD pTest = GetFunctionAddress(szName); __asm { call pTest } szName = GetNameFromOrdinal(g_hModuleUnicows,2); pTest = GetFunctionAddress(szName); int nOffset= g_dwNames*sizeof(LONG); __asm { push g_dwNames push szName call pTest add esp,nOffset } _UnicowsRebindImports(g_hModuleUnicows); return 0;} 在程序编译的时候pe文件的导入表中记载其装载dll的名字和api的名字。你可以看看这部分 和PE文件结构有关,楼主可以找找PE文件导入表相关的文章。 正在使用的??好像 所有调用的API 可能还可以得到。。 原来学习PE文件的时候写的一个例子,是打印import表的,打印格式类似于dumpbin /imports#include "stdafx.h"#include "windows.h"// define区#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr) + (addValue) )#define MAX_NAME_LEN 256// 全局变量区FILE *hFile = NULL;IMAGE_DOS_HEADER dos_header;IMAGE_NT_HEADERS nt_header;IMAGE_SECTION_HEADER *psection_header;IMAGE_IMPORT_DESCRIPTOR *pimport_descriptor; // 输入表描述符int numOfImportDescriptor; // 输入表项数void usage(){ printf("usage: PEFile filename\n");}bool openFile(char * filename){ hFile = fopen(filename, "rb"); if(!hFile) { printf("open file error\n"); return false; } return true;}void closeFile(){ fclose(hFile);}bool readDosHeader(){ size_t num = fread(&dos_header, sizeof(dos_header), 1, hFile); if(num!=1) { printf("open dos header error\n"); return false; } else return true;}bool readNtHeader(){ int offset = dos_header.e_lfanew; if(fseek(hFile, offset, SEEK_SET)!=0) return false; size_t num = fread(&nt_header, sizeof(IMAGE_NT_HEADERS), 1, hFile); if(num != 1) { printf("read nt header error\n"); return false; } return true;}bool readSectionHeaders(){ // 没有重定位,所以必须在readNtHeader()之后调用 int sectionNum = nt_header.FileHeader.NumberOfSections; psection_header = new IMAGE_SECTION_HEADER[sectionNum]; size_t num = fread(psection_header, sizeof(IMAGE_SECTION_HEADER), sectionNum, hFile); if(num != sectionNum) { printf("read section header error\n"); return false; } return true;}bool readImportDescriptor(){ // 读取输入描述符 int offset = nt_header.OptionalHeader.DataDirectory[1].VirtualAddress; int size = nt_header.OptionalHeader.DataDirectory[1].Size; pimport_descriptor = (IMAGE_IMPORT_DESCRIPTOR *)new char[size]; if(fseek(hFile, offset, SEEK_SET)!=0) return false; size_t num = fread(pimport_descriptor, size, 1, hFile); if(num != 1) { printf("read import descriptor header error\n"); return false; } numOfImportDescriptor = size/sizeof(IMAGE_IMPORT_DESCRIPTOR)-1; return true;}void displayImportFunction(IMAGE_IMPORT_DESCRIPTOR &import_descriptor){ int offset = import_descriptor.OriginalFirstThunk; if(fseek(hFile, offset, SEEK_SET)!=0) return; IMAGE_THUNK_DATA imageThunkData; for(;;) { size_t iRead = fread(&imageThunkData, sizeof(IMAGE_THUNK_DATA), 1, hFile); if(iRead != 1) { printf("read thunk data error\n"); return; } if(*((DWORD *)(&imageThunkData)) == 0) break; // 最高位如果为1,表示函数以序号方式输入 if(*((DWORD *)(&imageThunkData)) & 0x80000000) { DWORD ordinal = *((DWORD *)(&imageThunkData)) & 0x7fffffff; printf(" Ordinal %d\n",ordinal); } else { // 最高位不为1,表示函数以字符串方式输入 long current = ftell(hFile); DWORD offset = *((DWORD *)(&imageThunkData)); WORD Hint; char FunctionName[MAX_NAME_LEN]; if(fseek(hFile, offset, SEEK_SET)!=0) return; fread(&Hint, sizeof(WORD), 1, hFile); int position=0; for(;;) { int ch = fgetc(hFile); FunctionName[position++] = ch; if(!ch) break; } printf(" %8X %s\n", Hint, FunctionName); fseek(hFile, current, SEEK_SET); } }}void displayImportDescriptor(){ printf(" Section contains the following imports:\n\n"); for(int num = 0 ; num < numOfImportDescriptor ; num ++) { // 首先获取输入表名称 char import_descriptor_name[MAX_NAME_LEN]; int offset = pimport_descriptor[num].Name; if(fseek(hFile, offset, SEEK_SET)!=0) return; int position=0; for(;;) { int ch = fgetc(hFile); import_descriptor_name[position++] = ch; if(!ch) break; } printf(" %s\n",import_descriptor_name); printf(" %X Import Address Table\n", pimport_descriptor[num].FirstThunk+nt_header.OptionalHeader.ImageBase); printf(" %X Import Name Table\n", pimport_descriptor[num].OriginalFirstThunk+nt_header.OptionalHeader.ImageBase); printf(" %X time date stamp\n", pimport_descriptor[num].TimeDateStamp); printf(" %X Index of first forwarder reference\n", pimport_descriptor[num].ForwarderChain); printf("\n"); displayImportFunction(pimport_descriptor[num]); printf("\n"); }}void displaySectionTable(){ printf(" Summary:\n\n"); for(int num = 0 ; num < nt_header.FileHeader.NumberOfSections ; num++) { printf(" %6X %s\n", psection_header[num].SizeOfRawData, psection_header[num].Name); }}int _tmain(int argc, _TCHAR* argv[]){ if(argc<2) { usage(); return 0; } if(!openFile(argv[1])) return -1; if(!readDosHeader()) return -1; if(!readNtHeader()) return -1; if(!readSectionHeaders()) return -1; if(!readImportDescriptor()) return -1; displayImportDescriptor(); displaySectionTable(); closeFile(); return 0;} 子线程内部使用PeekMessage 的问题 内存泄露问题,非常急!!! 图形图像 图像移动问题 关于jpg文件格式的探讨 关于GetProcAddress()如何引用参数 成功戒烟一周年 特此庆祝散分喽 谁有 VC setting 设置详细说明,谢谢~~ 请教关于dll使用的问题 自定义格式图像的显示程序 help me 一个小问题 如何导入一个位图作为ToolBar资源呀? 哪位大哥能给个用静态库编程的例子
pe文件的导入表中记载其装载dll的名字和api的名字。
// §¤§Ý§à§Ò§Ñ§Ý§î§ß§í§Ö §á§Ö§â§Ö§Þ§Ö§ß§ß§í§Östatic BOOL g_bUnicodeOS = FALSE;
static HMODULE g_hModuleUnicows = NULL;
static LPWORD g_pdwOrd = NULL;
static LPDWORD g_pdwAddrs = NULL;
static LPDWORD g_pdwNames = NULL;
static DWORD g_dwNames = 0;//@//////////////////////////////////////////////////////////////////////////
// §£§ã§á§à§Þ§à§Ô§Ñ§ä§Ö§Ý§î§ß§Ñ§ñ §æ§å§ß§Ü§è§Ú§ñ, §Ó§à§Ù§Ó§â§Ñ§ë§Ñ§Ö§ä §Ñ§Õ§â§Ö§ã §æ§å§ß§Ü§è§Ú§Ú §Ú§Ù unicows.dll
// §ã §å§Ü§Ñ§Ù§Ñ§ß§ß§í§Þ §Ú§Þ§Ö§ß§Ö§Þ, §Ö§ã§Ý§Ú §ä§Ñ§Ü§Ñ§ñ §Ú§Þ§Ö§Ö§ä§ã§ñstatic LPDWORD GetFunctionAddress(LPCSTR azName)
{
DWORD dwName = 0;
while (dwName < g_dwNames)
{
if (0 == ::lstrcmpiA(MakePtr( g_hModuleUnicows, g_pdwNames[dwName]), azName))
return (LPDWORD)MakePtr(g_hModuleUnicows, g_pdwAddrs[g_pdwOrd[dwName]]);
dwName ++;
} return NULL;
}BOOL _UnicowsInit(LPCSTR szLib)
{
/* int i = ::GetVersion();
if (0 == (0x80000000 & ::GetVersion()))
{
// WinNT/2k/XP: §´§å§ä §ß§Ñ§Þ §Õ§Ö§Ý§Ñ§ä§î §ß§Ö§é§Ö§Ô§à
g_bUnicodeOS = TRUE;
return ::SetLastError(0), TRUE;
} */
g_hModuleUnicows = ::LoadLibraryA(szLib);
if (!g_hModuleUnicows)
return FALSE; // §°§ê§Ú§Ò§Ü§Ñ §á§â§Ú §Ù§Ñ§Ô§â§å§Ù§Ü§Ö Unicows.dll // §¯§Ñ§ç§à§Õ§Ú§Þ §ä§Ñ§Ò§Ý§Ú§è§å §ï§Ü§ã§á§à§â§ä§Ñ
PIMAGE_DOS_HEADER pDosHeader = PIMAGE_DOS_HEADER(g_hModuleUnicows); if (::IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER))
|| IMAGE_DOS_SIGNATURE != pDosHeader->e_magic)
return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; PIMAGE_NT_HEADERS pNTHeaders = (PIMAGE_NT_HEADERS)
MakePtr(g_hModuleUnicows, pDosHeader->e_lfanew);
if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS))
|| IMAGE_NT_SIGNATURE != pNTHeaders->Signature)
return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; IMAGE_DATA_DIRECTORY& expDir =
pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
PIMAGE_EXPORT_DIRECTORY pExpDir = (PIMAGE_EXPORT_DIRECTORY )
MakePtr(g_hModuleUnicows, expDir.VirtualAddress); // §©§Ñ§á§à§ß§Ú§Þ§Ñ§Ö§Þ §ä§Ñ§Ò§Ý§Ú§è§å §Ú§Þ§Ö§ß §Ú §Ñ§Õ§â§Ö§ã§à§Ó
g_pdwOrd = (LPWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfNameOrdinals);
g_pdwNames = (LPDWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfNames);
g_pdwAddrs = (LPDWORD)MakePtr(g_hModuleUnicows, pExpDir->AddressOfFunctions);
g_dwNames = pExpDir->NumberOfNames; return TRUE;
}static LPCSTR GetNameFromOrdinal(HMODULE hModule,DWORD dwOrdinal)
{
if (!hModule)
return FALSE; // §¯§Ö§ä §ä§Ñ§Ü§à§Ô§à §Þ§à§Õ§å§Ý§ñ
// §¯§Ñ§ç§à§Õ§Ú§Þ §ä§Ñ§Ò§Ý§Ú§è§å §ï§Ü§ã§á§à§â§ä§Ñ
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)(hModule);
if (::IsBadReadPtr(pDosHeader, sizeof(IMAGE_DOS_HEADER))
|| IMAGE_DOS_SIGNATURE != pDosHeader->e_magic)
return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE; PIMAGE_NT_HEADERS pNTHeaders =(PIMAGE_NT_HEADERS)
MakePtr( hModule, pDosHeader->e_lfanew);
if (::IsBadReadPtr(pNTHeaders, sizeof(IMAGE_NT_HEADERS))
|| IMAGE_NT_SIGNATURE != pNTHeaders->Signature)
return ::SetLastError(ERROR_INVALID_PARAMETER), FALSE;
IMAGE_DATA_DIRECTORY& expDir =
pNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
PIMAGE_EXPORT_DIRECTORY pExpDir = (PIMAGE_EXPORT_DIRECTORY)
MakePtr( hModule, expDir.VirtualAddress); LPWORD pdwOrd = (LPWORD)MakePtr( hModule, pExpDir->AddressOfNameOrdinals);
LPDWORD pdwNames = (LPDWORD)MakePtr(hModule, pExpDir->AddressOfNames);
dwOrdinal -= pExpDir->Base;
g_dwNames = pExpDir->NumberOfNames;
for (DWORD iName = 0; iName < pExpDir->NumberOfNames; iName++)
{
// §±§â§à§Ó§Ö§â§ñ§Ö§Þ §Ó§ã§Ö §ß§à§Þ§Ö§â§Ñ §á§à §á§à§â§ñ§Õ§Ü§å
if (dwOrdinal == pdwOrd[iName])
return MakePtr(hModule, pdwNames[iName]);
}/**/
return NULL;
}
int main(int,char**)
{
if(!_UnicowsInit("C:\\Test.dll"))
return -1;
LPCSTR szName = GetNameFromOrdinal(g_hModuleUnicows,1);
LPDWORD pTest = GetFunctionAddress(szName); __asm
{
call pTest
} szName = GetNameFromOrdinal(g_hModuleUnicows,2);
pTest = GetFunctionAddress(szName);
int nOffset= g_dwNames*sizeof(LONG);
__asm
{
push g_dwNames
push szName
call pTest
add esp,nOffset
}
_UnicowsRebindImports(g_hModuleUnicows);
return 0;
}
#include "stdafx.h"
#include "windows.h"// define区
#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr) + (addValue) )
#define MAX_NAME_LEN 256// 全局变量区
FILE *hFile = NULL;
IMAGE_DOS_HEADER dos_header;
IMAGE_NT_HEADERS nt_header;
IMAGE_SECTION_HEADER *psection_header;IMAGE_IMPORT_DESCRIPTOR *pimport_descriptor; // 输入表描述符
int numOfImportDescriptor; // 输入表项数void usage()
{
printf("usage: PEFile filename\n");
}bool openFile(char * filename)
{
hFile = fopen(filename, "rb");
if(!hFile)
{
printf("open file error\n");
return false;
}
return true;
}void closeFile()
{
fclose(hFile);
}bool readDosHeader()
{
size_t num = fread(&dos_header, sizeof(dos_header), 1, hFile);
if(num!=1)
{
printf("open dos header error\n");
return false;
}
else
return true;
}bool readNtHeader()
{
int offset = dos_header.e_lfanew;
if(fseek(hFile, offset, SEEK_SET)!=0)
return false;
size_t num = fread(&nt_header, sizeof(IMAGE_NT_HEADERS), 1, hFile);
if(num != 1)
{
printf("read nt header error\n");
return false;
}
return true;}bool readSectionHeaders()
{
// 没有重定位,所以必须在readNtHeader()之后调用
int sectionNum = nt_header.FileHeader.NumberOfSections;
psection_header = new IMAGE_SECTION_HEADER[sectionNum];
size_t num = fread(psection_header, sizeof(IMAGE_SECTION_HEADER), sectionNum, hFile);
if(num != sectionNum)
{
printf("read section header error\n");
return false;
}
return true;
}bool readImportDescriptor()
{
// 读取输入描述符
int offset = nt_header.OptionalHeader.DataDirectory[1].VirtualAddress;
int size = nt_header.OptionalHeader.DataDirectory[1].Size;
pimport_descriptor = (IMAGE_IMPORT_DESCRIPTOR *)new char[size];
if(fseek(hFile, offset, SEEK_SET)!=0)
return false;
size_t num = fread(pimport_descriptor, size, 1, hFile);
if(num != 1)
{
printf("read import descriptor header error\n");
return false;
}
numOfImportDescriptor = size/sizeof(IMAGE_IMPORT_DESCRIPTOR)-1; return true;
}void displayImportFunction(IMAGE_IMPORT_DESCRIPTOR &import_descriptor)
{
int offset = import_descriptor.OriginalFirstThunk;
if(fseek(hFile, offset, SEEK_SET)!=0)
return;
IMAGE_THUNK_DATA imageThunkData;
for(;;)
{
size_t iRead = fread(&imageThunkData, sizeof(IMAGE_THUNK_DATA), 1, hFile);
if(iRead != 1)
{
printf("read thunk data error\n");
return;
}
if(*((DWORD *)(&imageThunkData)) == 0)
break; // 最高位如果为1,表示函数以序号方式输入
if(*((DWORD *)(&imageThunkData)) & 0x80000000)
{
DWORD ordinal = *((DWORD *)(&imageThunkData)) & 0x7fffffff;
printf(" Ordinal %d\n",ordinal);
}
else
{
// 最高位不为1,表示函数以字符串方式输入
long current = ftell(hFile); DWORD offset = *((DWORD *)(&imageThunkData));
WORD Hint;
char FunctionName[MAX_NAME_LEN];
if(fseek(hFile, offset, SEEK_SET)!=0)
return;
fread(&Hint, sizeof(WORD), 1, hFile);
int position=0;
for(;;)
{
int ch = fgetc(hFile);
FunctionName[position++] = ch;
if(!ch)
break;
}
printf(" %8X %s\n", Hint, FunctionName);
fseek(hFile, current, SEEK_SET);
} }}void displayImportDescriptor()
{
printf(" Section contains the following imports:\n\n");
for(int num = 0 ; num < numOfImportDescriptor ; num ++)
{
// 首先获取输入表名称
char import_descriptor_name[MAX_NAME_LEN];
int offset = pimport_descriptor[num].Name;
if(fseek(hFile, offset, SEEK_SET)!=0)
return;
int position=0;
for(;;)
{
int ch = fgetc(hFile);
import_descriptor_name[position++] = ch;
if(!ch)
break;
}
printf(" %s\n",import_descriptor_name);
printf(" %X Import Address Table\n", pimport_descriptor[num].FirstThunk+nt_header.OptionalHeader.ImageBase);
printf(" %X Import Name Table\n", pimport_descriptor[num].OriginalFirstThunk+nt_header.OptionalHeader.ImageBase);
printf(" %X time date stamp\n", pimport_descriptor[num].TimeDateStamp);
printf(" %X Index of first forwarder reference\n", pimport_descriptor[num].ForwarderChain);
printf("\n");
displayImportFunction(pimport_descriptor[num]);
printf("\n");
}
}void displaySectionTable()
{
printf(" Summary:\n\n");
for(int num = 0 ; num < nt_header.FileHeader.NumberOfSections ; num++)
{
printf(" %6X %s\n", psection_header[num].SizeOfRawData, psection_header[num].Name);
}
}int _tmain(int argc, _TCHAR* argv[])
{
if(argc<2)
{
usage();
return 0;
}
if(!openFile(argv[1]))
return -1;
if(!readDosHeader())
return -1;
if(!readNtHeader())
return -1;
if(!readSectionHeaders())
return -1;
if(!readImportDescriptor())
return -1; displayImportDescriptor();
displaySectionTable();
closeFile();
return 0;
}