PE之写入打印导入表(9)

源码GitHub：https://github.com/TL-SN/_TLSN_RES.PE

一、

部分关键代码：(考虑篇幅，这里只贴了部分代码，全部代码都在GitHub上 或者 https://www.cnblogs.com/lordtianqiyi/articles/15782773.html)

 

VOID _PE_User::RelPointAllImportData(LPVOID pFileBuffer)
{
    PIMAGE_IMPORT_BY_NAME pImExortByName = NULL;
    PIMAGE_IMPORT_BY_NAME pImExortByNameOri = NULL;

    int i = 0;
    DWORD ExportXuHao = 0;
    while(*(PDWORD)File_PE_s.pImportDescri)
    {
        printf("\n\n%s\n\n",(PDWORD)((DWORD)pFileBuffer + RvaToFileOffset(File_PE_s.pImportDescri->Name)));
       // printf("%s\n\n",RvaToFileOffset(pFileBuffer,pImportDescri->Name) + )
        cout<<"时间戳：\t"<<File_PE_s.pImportDescri->TimeDateStamp<<endl;
        cout<<"dall名字的文件偏移: \t"<<File_PE_s.pImportDescri->Name<<endl;
        while((*(PDWORD)((DWORD)pFileBuffer + 4*i +RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk)))!=0)//第一张表的值//
        {
            cout<<"***********************************"<<"INT表"<<"************************************"<<endl<<endl<<endl;
            //判断最高位//
            DWORD qaz = (*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk)))&(0x80000000);
            if(qaz!=0)
            {
               ExportXuHao = (*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk)))&(0x7FFFFFFF);
               cout<<"最高位为 1 "<<endl;
               cout<<"OriginalOriginalFirstThunk的第"<<i<<"个值为 : "<<hex<<"\t"<<*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk))<<"\t\t"<<"函数序号为：\t"<<ExportXuHao<<endl;
               i++;
            }

            if(qaz==0)
            {
                    cout<<"最高位为 0 "<<endl;
                    pImExortByNameOri = (PIMAGE_IMPORT_BY_NAME)((DWORD)pFileBuffer + RvaToFileOffset(*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk))));
                    cout<<"OriginalFirstThunk的第"<<i<<"个值为 : "<<"\t"<<hex<<*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->OriginalFirstThunk))<<"\t\t"<<"下表与名字：\t"<<pImExortByNameOri->Hint<<"-"; 
                    printf("%s\n",pImExortByNameOri->Name);
                    i++;
            }
        }

        i=0;

        while((*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk)))!=0)//第一张表的值//
        {
            cout<<"***********************************"<<"IAT表"<<"************************************"<<endl<<endl<<endl;
            //判断最高位//
            DWORD qwe = (*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk)))&0x80000000;
            if(qwe!=0)
            {
                //最高位为1，去掉最高位，就是导出序号//
               ExportXuHao = (*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk)))&0x7FFFFFFF;
               cout<<"FirstThunk的第"<<i<<"个值为 : "<<hex<<"\t"<<*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk))<<"\t\t"<<"函数序号为：\t"<<ExportXuHao<<endl;
               i++;
            }
            else
            if(qwe==0)
            {
                    pImExortByName = (PIMAGE_IMPORT_BY_NAME)((DWORD)pFileBuffer + RvaToFileOffset(*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk))));
                    cout<<"FirstThunk的第"<<i<<"个值为 : "<<"\t"<<hex<<*(PDWORD)((DWORD)pFileBuffer + 4*i + RvaToFileOffset(File_PE_s.pImportDescri->FirstThunk))<<"\t\t"<<"下表与名字：\t"<<pImExortByName->Hint<<"-"; 
                    printf("%s\n",pImExortByName->Name);
                    i++;
            }

        }
        i = 0;
        File_PE_s.pImportDescri = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)File_PE_s.pImportDescri + sizeof(IMAGE_IMPORT_DESCRIPTOR));
    }
}

 

二、对比LoadPe解析的导入表：

 

 

 

__EOF__

本文作者：_TLSN
本文链接：https://www.cnblogs.com/lordtianqiyi/articles/15782640.html
关于博主：评论和私信会在第一时间回复。或者直接私信我。
版权声明：本博客所有文章除特别声明外，均采用 BY-NC-SA 许可协议。转载请注明出处！
声援博主：如果您觉得文章对您有帮助，可以点击文章右下角【推荐】一下。您的鼓励是博主的最大动力！