Shulou(Shulou.com)06/03 Report--

This article mainly shows you "how to get the export function list of PE files", the content is easy to understand, clear, hope to help you solve your doubts, the following let Xiaobian lead you to study and learn "how to get the export function list of PE files" this article.

Get the list of export functions for PE file keywords: PE file, export function, PIMAGE_DOS_HEADER,PIMAGE_EXPORT_DIRECTORY,PIMAGE_NT_HEADER

The author of the function is zhangjiawen@cchongda.com.cn, and the sample code is written by ccrun, which is published on this site at the request of the function author.

A piece of code that can extract the name of a function from any DLL, provided that the DLL file object has not been "shelled", otherwise, the extraction may be incomplete.

# include "Dbghelp.h"

Bool GetDLLFileExports (char * szFileName, UINT * nNoOfExports, char * * & pszFunctions)

{

HANDLE hFile

HANDLE hFileMapping

LPVOID lpFileBase

PIMAGE_DOS_HEADER pImg_DOS_Header

PIMAGE_NT_HEADERS pImg_NT_Header

PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir

HFile = CreateFile (szFileName, GENERIC_READ, FILE_SHARE_READ

NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0)

If (hFile = = INVALID_HANDLE_VALUE)

Return false

HFileMapping = CreateFileMapping (hFile, NULL, PAGE_READONLY, 0,0, NULL)

If (hFileMapping = = 0)

{

CloseHandle (hFile)

Return false

}

LpFileBase = MapViewOfFile (hFileMapping, FILE_MAP_READ, 0,0,0)

If (lpFileBase = = 0)

{

CloseHandle (hFileMapping)

CloseHandle (hFile)

Return false

}

PImg_DOS_Header = (PIMAGE_DOS_HEADER) lpFileBase

PImg_NT_Header = (PIMAGE_NT_HEADERS) (

(LONG) pImg_DOS_Header + (LONG) pImg_DOS_Header- > e_lfanew)

If (IsBadReadPtr (pImg_NT_Header, sizeof (IMAGE_NT_HEADERS))

| pImg_NT_Header- > Signature! = IMAGE_NT_SIGNATURE) |

{

UnmapViewOfFile (lpFileBase)

CloseHandle (hFileMapping)

CloseHandle (hFile)

Return false

}

PImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY) pImg_NT_Header- > OptionalHeader

. DataDirectory[IMAGE _ DIRECTORY_ENTRY_EXPORT]. VirtualAddress

If (! pImg_Export_Dir)

{

UnmapViewOfFile (lpFileBase)

CloseHandle (hFileMapping)

CloseHandle (hFile)

Return false

}

/ / 63 63 72 75 6E 2E 63 6F 6D

PImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY) ImageRvaToVa (pImg_NT_Header

PImg_DOS_Header, (DWORD) pImg_Export_Dir, 0)

DWORD * * ppdwNames = (DWORD * *) pImg_Export_Dir- > AddressOfNames

PpdwNames = (PDWORD*) ImageRvaToVa (pImg_NT_Header

PImg_DOS_Header, (DWORD) ppdwNames, 0)

If (! ppdwNames)

{

UnmapViewOfFile (lpFileBase)

CloseHandle (hFileMapping)

CloseHandle (hFile)

Return false

}

* nNoOfExports = pImg_Export_Dir- > NumberOfNames

PszFunctions = new char* [* nNoOfExports]

For (UINT item0; I

< *nNoOfExports; i++) { char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0); pszFunctions[i] = new char[strlen(szFunc)+1]; strcpy(pszFunctions[i],szFunc); ppdwNames++; } UnmapViewOfFile(lpFileBase); CloseHandle(hFileMapping); CloseHandle(hFile); return true; } //--------------------------------------------------------------------------- // 示例代码，读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中 void __fastcall TForm1::Button1Click(TObject *Sender) { UINT unNoOfExports; char **lppBuffer; GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer); for(UINT i=0; iLines->

Add (lppBuffer [I])

For (UINT item0; I

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.