今天学习导入表,于是便通过程序将获取IAT的过程实现一下,各位看官发现什么问题,请多指教。谢谢!
废话不多说,下面是代码:
#include <iostream>
#include <windows.h>
#include <winnt.h>
using namespace std;
int main(int argc, char* argv[])
{
if (argc != 2)
{
cout << "Usage: " << argv[0] <<" "<<argv[1]<<endl;
exit(1);
}
HANDLE hFile = NULL;
IMAGE_DOS_HEADER * pDosHeader = NULL;
cout << argv[0] << " " << argv[1] << endl;
WCHAR pwchar[255] = {0};
MultiByteToWideChar(CP_ACP, 0, argv[1], sizeof(argv[1]) + 1, pwchar, sizeof(pwchar)/sizeof(pwchar[0]));
//hFile = CreateFile("D:\project\PEInfo\Debug\Loadsys.exe", GENERIC_READ, FILE_SHARE_READ| FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
hFile = CreateFile(argv[1], GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE)
cout << "CreateFile Error" << GetLastError() << endl;
HANDLE hMap = 0;
hMap = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (!hMap)
cout << "CreatefileMapping Error !" << endl;
void * lpMemory = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
pDosHeader = (IMAGE_DOS_HEADER *)lpMemory;
if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
cout << "This File is not a PE File !" << endl;
IMAGE_NT_HEADERS* pNtHeader = (IMAGE_NT_HEADERS*)((BYTE*)pDosHeader + pDosHeader->e_lfanew);
cout << "----------------------------------------------------------------------" << endl;
cout << "Number of Section: " << pNtHeader->FileHeader.NumberOfSections << endl;
for (int i = 0; i < pNtHeader->FileHeader.NumberOfSections; ++i)
{
IMAGE_SECTION_HEADER * pSectionHeader = (IMAGE_SECTION_HEADER *)((pNtHeader->FileHeader.SizeOfOptionalHeader + 24 + (BYTE*)pNtHeader) + i * 0x28);
cout << "Setction Name: " << pSectionHeader->Name << endl;
}
cout << "----------------------------------------------------------------------" << endl;
IMAGE_IMPORT_DESCRIPTOR * pImportTabe = (IMAGE_IMPORT_DESCRIPTOR *)(pNtHeader->OptionalHeader.DataDirectory[1].VirtualAddress + (BYTE*)pDosHeader);
IMAGE_IMPORT_DESCRIPTOR* pOriginalImportTable = pImportTabe;
IMAGE_THUNK_DATA * pThunk = nullptr;
IMAGE_IMPORT_BY_NAME* pINT = nullptr;
DWORD n = 0;
while (pImportTabe->Name)
{
cout <<"+-------------------------------------------------------------------"<< endl;
cout << "+动态库:" << pImportTabe->Name + (BYTE*)pDosHeader << endl;
cout << " +----导入函数名称表:" << endl;
pThunk = (IMAGE_THUNK_DATA *)(pImportTabe->OriginalFirstThunk + (BYTE*)pDosHeader);
while (pThunk->u1.Function)
{
pINT = (IMAGE_IMPORT_BY_NAME*)(pThunk->u1.Function + (BYTE*)pDosHeader);
cout <<" |------"<< pINT->Hint << " : " << pINT->Name << endl;
//cout << ((DWORD*)(pImportTabe->FirstThunk + (BYTE*)pDosHeader) + n)<<endl;
//printf("%x
", ((DWORD*)(pImportTabe->FirstThunk + (BYTE*)pDosHeader) + n));
//n++;
pThunk = (IMAGE_THUNK_DATA*)((BYTE*)pThunk + 4);
}
pImportTabe = (IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)pImportTabe + 20);
}
cout << "----------------------------------------------------------------------" << endl;
return 0;
}