随笔-43  评论-2  文章-6  trackbacks-0
int main(int argc, char* argv[])
{
    HMODULE  hMod 
= GetModuleHandle(NULL);
    IMAGE_DOS_HEADER
* pDosHeader = (IMAGE_DOS_HEADER*)hMod;
    IMAGE_OPTIONAL_HEADER
* pOptHeader = (IMAGE_OPTIONAL_HEADER*)((BYTE*)hMod+pDosHeader->e_lfanew+24);
    IMAGE_IMPORT_DESCRIPTOR
* pImportDesc = (IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)hMod+pOptHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
    
while (pImportDesc->FirstThunk)
    
{
        
char* pszDllName = (char*)((BYTE*)hMod+pImportDesc->Name);
        printf(
"\nModule Name:%s\n",pszDllName);

        IMAGE_THUNK_DATA
* pThunk = (IMAGE_THUNK_DATA*)((BYTE*)hMod+pImportDesc->OriginalFirstThunk);
        
int n = 0;
        
while (pThunk->u1.Function)
        
{
            
char* pszFunName = (char*)((BYTE*)hMod+(DWORD)pThunk->u1.AddressOfData+2);
            PDWORD lpAddr 
= (DWORD*)((BYTE*)hMod+pImportDesc->FirstThunk)+n;
            printf(
"Fuction Name:%-27s,",pszFunName);
            printf(
"Fuction Address:%X\n",*lpAddr);
            n
++;
            pThunk
++;
        }

        pImportDesc
++;
    }


    getchar();

    
return 0;
}

得到输入表地址:


后面的两个循环:
posted on 2012-12-28 17:01 寻步 阅读(472) 评论(0)  编辑 收藏 引用 所属分类: Reverse

只有注册用户登录后才能发表评论。
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理