验证中...
码云 Gitee IDE 全新上线——支持 Git 管理的轻量在线编码环境
语言: C++
最后更新于 2017-07-27 18:58
walk_through_export.cpp
原始数据 复制代码
auto walk_through_export = [](PVOID ImageBase)
{
ULONG ExportSize = 0;
auto nt_header = ntdll::RtlImageNtHeader(ImageBase);
auto export_header = (PIMAGE_EXPORT_DIRECTORY)ntdll::RtlImageDirectoryEntryToData(ImageBase,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXPORT,
&ExportSize
);
auto RVATOVA = [](auto _base_, auto _offset_) {
return ((PUCHAR)(_base_)+(ULONG)(_offset_)); };
if (export_header)
{
PULONG AddressOfFunctions = (PULONG)RVATOVA(ImageBase, export_header->AddressOfFunctions);
PSHORT AddrOfOrdinals = (PSHORT)RVATOVA(ImageBase, export_header->AddressOfNameOrdinals);
PULONG AddressOfNames = (PULONG)RVATOVA(ImageBase, export_header->AddressOfNames);
for (auto i = 0; i < export_header->NumberOfFunctions; i++)
{
auto pname = (char *)RVATOVA(ImageBase, AddressOfNames[i]);
auto rva = AddressOfFunctions[AddrOfOrdinals[i]];
auto VA_ = (ULONG_PTR)RVATOVA(ImageBase, rva);
std::cout <<
pname << "=" << std::hex << VA_ << "\n";
}
}
};

评论列表( 0 )

你可以在登录后,发表评论

搜索帮助