列出导入的PE文件的DLL

时间:2012-05-10 18:19:50

标签: c winapi dll portable-executable

我尝试使用以下代码列出导入的PE文件的DLL,但它不起作用,并且Windows表示exe在运行时已停止工作。在代码中,我只是使用CreateFileMapping函数将给定的exe文件映射到内存中,然后使用Win32 API中给出的适当结构浏览每个部分。我该如何纠正?

#include <stdio.h>
#include <windows.h>

//add Pointer Values
#define MakePtr( cast, ptr, addValue ) (cast)( (unsigned long)(ptr)+(unsigned long)(addValue))


int main(int argc , char ** argv) //main method
{
HANDLE hMapObject, hFile;//File Mapping Object
LPVOID lpBase;//Pointer to the base memory of mapped 

PIMAGE_DOS_HEADER dosHeader;//Pointer to DOS Header
PIMAGE_NT_HEADERS ntHeader;//Pointer to NT Header
PIMAGE_IMPORT_DESCRIPTOR importDesc;//Pointer to import descriptor

hFile = CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);//Open the Exe File
if(hFile == INVALID_HANDLE_VALUE){
         printf("\nERROR : Could not open the file specified\n");
}
hMapObject = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
lpBase = MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0);//Mapping Given EXE file to Memory

dosHeader = (PIMAGE_DOS_HEADER)lpBase;//Get the DOS Header Base
//verify dos header
if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE)
{

    ntHeader = MakePtr(PIMAGE_NT_HEADERS, dosHeader, dosHeader->e_lfanew);//Get the NT Header
            //verify NT header
    if (ntHeader->Signature == IMAGE_NT_SIGNATURE ){
        importDesc = MakePtr(PIMAGE_IMPORT_DESCRIPTOR, dosHeader,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);

        while (importDesc->Name)
        {
            printf("%s\n",MakePtr(char*, dosHeader,importDesc->Name));
            importDesc++;               
        }

    }
}

getchar();

}

1 个答案:

答案 0 :(得分:3)

您要查找的列表的内容包含在一个部分中(就像PE图像中的几乎所有内容一样)。您必须访问目录所指向的部分。看看Matt Pietrek(PeDump)的代码,了解它是如何工作的。

相关问题
最新问题