代码片:ListImports

列举PE文件的导入函数信息,功能与格式和 dumpbin /imports一模一样。

不说空话,直接看代码:

 1 void ListImports(DWORD dbase)
 2 {
 3     char szMsgImport[]="\n  %s\n\t%8X  Import Address Table\n\t%8X  Import Name Table\n\t%8x  time date stamp\n\t%8x  Index of first forwarder reference\n\n";
 4     char szMsg2[]="      %8X  %s\n";
 5     char szMsg3[]="      %8X\n";
 6     PIMAGE_DOS_HEADER dos=(PIMAGE_DOS_HEADER)dbase;
 7     PIMAGE_NT_HEADERS nt=(PIMAGE_NT_HEADERS)(dbase+dos->e_lfanew);
 8     DWORD va=(DWORD)nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
 9     if (!va)
10     {
11         printf("\nNo imports\n\n");
12         return;
13     }
14     PIMAGE_IMPORT_DESCRIPTOR iid=(PIMAGE_IMPORT_DESCRIPTOR)RvaToPtr(dbase,va);
15     printf("Section contains the following imports:\n");
16     DWORD imagebase=nt->OptionalHeader.ImageBase;
17     while(iid->OriginalFirstThunk || iid->FirstThunk || iid->Name || iid->TimeDateStamp || iid->ForwarderChain)
18     {        
19         printf(szMsgImport,RvaToPtr(dbase,iid->Name),iid->FirstThunk+imagebase,iid->OriginalFirstThunk+imagebase,iid->TimeDateStamp,iid->ForwarderChain);
20         
21         if (iid->OriginalFirstThunk)
22             va=iid->OriginalFirstThunk;
23         else
24             va=iid->FirstThunk;
25         PDWORD pva=(PDWORD)RvaToPtr(dbase,va);
26         while (*pva)
27         {
28             if (*pva & IMAGE_ORDINAL_FLAG32)
29             {
30                 DWORD dd=(*pva) & 0x0ffff;
31                 printf(szMsg3,dd);
32             }
33             PIMAGE_IMPORT_BY_NAME piibn=NULL;
34             piibn=(PIMAGE_IMPORT_BY_NAME)RvaToPtr(dbase,*pva);
35             printf(szMsg2,piibn->Hint,piibn->Name);
36             pva++;
37         }
38         iid++;
39     }
40 }

 

 

posted on 2015-09-17 13:38  深蓝无忌  阅读(210)  评论(0编辑  收藏  举报

导航