PE文件格式的问题
遍历DLL,除了C程序之外,貌似没有什么能遍历出来,遍历导入函数更是一个都遍历不出来,帮帮在下.感激不尽..
程序代码:typedef struct _PE_INFO_STRUCT{
HANDLE hFile;//文件句柄
HANDLE hMap; //映像句柄
DWORD ImageBase;//映像基址
}PEInfo;
DWORD GetImageBase( LPVOID FilePath );//获取映像基址
PIMAGE_DOS_HEADER GetDosHeader( DWORD ImageBase );//获取Dos头
PIMAGE_NT_HEADERS GetNtHeader(PIMAGE_DOS_HEADER &pDos);//获取Nt头
PIMAGE_FILE_HEADER GetFileHeader( PIMAGE_NT_HEADERS &pNt );
PIMAGE_OPTIONAL_HEADER GetOptionHeader( PIMAGE_NT_HEADERS &pNt );
PIMAGE_SECTION_HEADER GetSectionHeader( PIMAGE_NT_HEADERS &pNt );
BOOL BianLiSection( PIMAGE_SECTION_HEADER &pSec, PIMAGE_FILE_HEADER &pFH );
PIMAGE_DATA_DIRECTORY GetDataDir( PIMAGE_OPTIONAL_HEADER &pOH,int Num );
PIMAGE_IMPORT_DESCRIPTOR GetImportDir( PIMAGE_OPTIONAL_HEADER &pOh );
PIMAGE_THUNK_DATA GetThunkData( PIMAGE_IMPORT_DESCRIPTOR &pImportor);
DWORD ImageBase = 0;
BOOL BianLiDll(PIMAGE_IMPORT_DESCRIPTOR &pImportor);
bool HookApi();
int main(int argc, char* argv[])
{
char FilePath[255];
scanf("%s",FilePath);
ImageBase = GetImageBase( FilePath );
PIMAGE_DOS_HEADER pDos = GetDosHeader( ImageBase );
PIMAGE_NT_HEADERS pNtH = GetNtHeader( pDos );
PIMAGE_OPTIONAL_HEADER pOH = GetOptionHeader( pNtH );
GetOptionHeader( pNtH );
PIMAGE_SECTION_HEADER pSec = GetSectionHeader( pNtH );
PIMAGE_FILE_HEADER pFH = GetFileHeader( pNtH );
PIMAGE_IMPORT_DESCRIPTOR pImportor = GetImportDir( pOH );
GetThunkData( pImportor );
//BianLiDll( pImportor );
//BianLiSection( pSec, pFH );
return 0;
}
DWORD GetImageBase( LPVOID FilePath )
{
PEInfo TempInfo;
TempInfo.hFile = CreateFile(
(LPCTSTR)FilePath,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0
);
if ( INVALID_HANDLE_VALUE == TempInfo.hFile )
{
printf("CreateFile Error!\n");
return 0;
}
TempInfo.hMap = CreateFileMapping(
TempInfo.hFile,
NULL,
PAGE_READONLY,
0,
0,
0
);
if ( TempInfo.hMap == NULL )
{
printf("CreateFileMap Error!\n");
return 0;
}
LPVOID TempBase = MapViewOfFile(
TempInfo.hMap,
FILE_MAP_READ,
0,
0,
GetFileSize( TempInfo.hFile, 0 )
);
if ( TempBase == NULL )
{
printf("MapView Error!\n");
return 0;
}
else
{
TempInfo.ImageBase = (DWORD)TempBase;
return TempInfo.ImageBase;
}
}
PIMAGE_DOS_HEADER GetDosHeader( DWORD ImageBase )
{
PIMAGE_DOS_HEADER pDos = NULL;
if( !ImageBase)
return 0;
else
pDos = (PIMAGE_DOS_HEADER)ImageBase;
return pDos;
}
PIMAGE_NT_HEADERS GetNtHeader( PIMAGE_DOS_HEADER &pDos )
{
PIMAGE_NT_HEADERS pNtH =NULL;
if ( !pDos )
{
return 0;
}
else
{
pNtH = (PIMAGE_NT_HEADERS)( ImageBase + pDos->e_lfanew );
return pNtH;
}
}
PIMAGE_FILE_HEADER GetFileHeader( PIMAGE_NT_HEADERS &pNt )
{
PIMAGE_FILE_HEADER pFH = NULL;
if ( !pNt)
{
return 0;
}
else
{
pFH = (PIMAGE_FILE_HEADER)&pNt->FileHeader;
return pFH;
}
}
PIMAGE_OPTIONAL_HEADER GetOptionHeader( PIMAGE_NT_HEADERS &pNt )
{
PIMAGE_OPTIONAL_HEADER pOH = NULL;
if ( !pNt)
{
return 0;
}
else
{
pOH = (PIMAGE_OPTIONAL_HEADER)&( pNt->OptionalHeader );
return pOH;
}
}
PIMAGE_SECTION_HEADER GetSectionHeader( PIMAGE_NT_HEADERS &pNt )
{
PIMAGE_SECTION_HEADER pSecH = NULL;
if ( !pNt)
{
return 0;
}
else
{
pSecH = IMAGE_FIRST_SECTION(pNt);
return pSecH;
}
}
PIMAGE_DATA_DIRECTORY GetDataDir( PIMAGE_OPTIONAL_HEADER &pOH,int Num )
{
PIMAGE_DATA_DIRECTORY pDataDir = NULL;
if ( !pOH )
{
return 0;
}
else
{
pDataDir = (PIMAGE_DATA_DIRECTORY)&pOH->DataDirectory[Num];
return pDataDir;
}
}
PIMAGE_IMPORT_DESCRIPTOR GetImportDir( PIMAGE_OPTIONAL_HEADER &pOh )
{
PIMAGE_IMPORT_DESCRIPTOR pImportDir = NULL;
if ( !pOh )
{
return 0;
}
else
{
pImportDir = ( PIMAGE_IMPORT_DESCRIPTOR )( ImageBase + pOh->DataDirectory[1].VirtualAddress );
return pImportDir;
}
}
BOOL BianLiSection( PIMAGE_SECTION_HEADER &pSec, PIMAGE_FILE_HEADER &pFH )
{
WORD SecNum = pFH->NumberOfSections;
if( !pSec && !pFH )
{
return FALSE;
}
else
{
for (int i=0; i<SecNum; i++)
{
printf("%s\n",pSec[i].Name);
}
return TRUE;
}
}
PIMAGE_THUNK_DATA GetThunkData( PIMAGE_IMPORT_DESCRIPTOR &pImportor)
{
PIMAGE_THUNK_DATA pThunk = NULL;
if ( !pImportor )
{
return 0;
}
else
{
pThunk = (PIMAGE_THUNK_DATA)(pImportor->FirstThunk+ImageBase);
while (pImportor->FirstThunk)
printf("%s\n",pThunk->u1.Function+ImageBase);
return pThunk;
}
}
BOOL BianLiDll(PIMAGE_IMPORT_DESCRIPTOR &pImportor)
{
if ( !pImportor )
{
return FALSE;
}
else
{
while(pImportor->FirstThunk)
{
printf("%s\n",pImportor->Name+ImageBase);
pImportor++;
}
return TRUE;
}
}
[[it] 本帖最后由 djxh77710 于 2009-8-3 04:50 编辑 [/it]]
麻烦你告诉我下 你的目的是什么???