准确看看 user32.dll 里有哪些导出函数(win7
看看 user32.dll里有哪些导出函数,大家都会,但准确性???以MS dumpbin为标准,要做出来结果一模一样,,才表示代码完全正确。
直接上代码:
1 // ListExport.cpp : Defines the entry point for the console application. 2 // 3 #include "stdafx.h" 4 #include <windows.h> 5 #include <winnt.h> 6 7 extern "C" DWORD _stdcall _RVAToOffset(DWORD _lpFileHead,DWORD _dwRVA); 8 extern "C" DWORD _stdcall _OffsetToRVA(DWORD _lpFileHead,DWORD _dwOffset); 9 extern "C" DWORD _stdcall _getRVASectionName(DWORD _lpFileHead,DWORD _dwRVA); 10 11 HANDLE m_file; 12 HANDLE m_map; 13 LPVOID m_base; 14 15 LPVOID RvaToPtr(DWORD dwBase,DWORD dwRVA) 16 { 17 DWORD dd=_RVAToOffset(dwBase,dwRVA); 18 dd=dd+dwBase; 19 return (LPVOID)dd; 20 } 21 22 bool LoadPE() 23 { 24 bool bret=false; 25 wchar_t pwch[]=L"C:\\Windows\\System32\\user32.dll"; 26 m_file=CreateFile(pwch, 27 GENERIC_READ , 28 FILE_SHARE_READ | FILE_SHARE_WRITE, 29 NULL, 30 OPEN_EXISTING, 31 FILE_ATTRIBUTE_ARCHIVE, 32 NULL); 33 if(m_file==INVALID_HANDLE_VALUE) 34 return bret; 35 m_map=CreateFileMapping(m_file, 36 NULL,PAGE_READONLY, 37 0,0,0); 38 if (m_map==NULL) 39 { 40 CloseHandle(m_file); 41 return bret; 42 } 43 m_base=MapViewOfFile(m_map, 44 FILE_MAP_READ, 45 0,0,0); 46 if(m_base==NULL) 47 { 48 CloseHandle(m_map); 49 CloseHandle(m_file); 50 return bret; 51 } 52 bret=true; 53 return bret; 54 } 55 56 void UnloadPE() 57 { 58 UnmapViewOfFile(m_base); 59 CloseHandle(m_map); 60 CloseHandle(m_file); 61 } 62 63 void ListExport() 64 { 65 DWORD dbase=(DWORD)m_base; 66 PIMAGE_DOS_HEADER dos=(PIMAGE_DOS_HEADER)dbase; 67 PIMAGE_NT_HEADERS nt=(PIMAGE_NT_HEADERS)(dbase+dos->e_lfanew); 68 PIMAGE_EXPORT_DIRECTORY exp=(PIMAGE_EXPORT_DIRECTORY)(RvaToPtr(dbase,nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)); 69 PDWORD pdwNames,pdwRvs; 70 PWORD pwOrds; 71 pdwNames=(PDWORD)RvaToPtr(dbase,exp->AddressOfNames); 72 pdwRvs=(PDWORD)RvaToPtr(dbase,exp->AddressOfFunctions); 73 pwOrds=(PWORD)RvaToPtr(dbase,exp->AddressOfNameOrdinals); 74 if (!pdwRvs) 75 return; 76 DWORD iNumOfNames=exp->NumberOfNames; 77 bool bIsByName=false; 78 char szExportByOrd[]="[NONAME]"; 79 char buf[2000],*pbuf; 80 81 char *szFuncName; 82 DWORD i,j,hint=-1; 83 pbuf=buf; 84 printf("Export Function Table vs MS dumpbin exports v0.0001.....\n\n\n ordinal hint RVA name\n"); 85 for (i=0;i<exp->NumberOfFunctions;i++) 86 { 87 if(*pdwRvs) 88 { 89 bIsByName=false; 90 for (j=0;j<iNumOfNames;j++) 91 { 92 if(i==pwOrds[j]) 93 { 94 bIsByName=true; 95 break; 96 } 97 } 98 if (bIsByName) 99 { 100 ++hint; 101 szFuncName=(char*)RvaToPtr(dbase,pdwNames[j]); 102 printf("%8ld %4lx %08lx %s\n",exp->Base+i,hint,*pdwRvs,szFuncName); 103 } 104 else 105 { 106 szFuncName=szExportByOrd; 107 int ilen=sprintf(pbuf,"%8ld %08lx %s\n",exp->Base+i,*pdwRvs,szFuncName); 108 pbuf=pbuf+ilen; 109 } 110 } 111 ++pdwRvs; 112 } 113 printf("%s\n",buf); 114 115 } 116 117 int _tmain(int argc, _TCHAR* argv[]) 118 { 119 if (LoadPE()) 120 { 121 ListExport(); 122 UnloadPE(); 123 } 124 getchar(); 125 return 0; 126 }
看结果:
温馨提示: 本文由Jm博客推荐,转载请保留链接: https://www.jmwww.net/file/67384.html
