以.exe模块导入表序号并查找导入模块的函数名称?

时间:2013-01-04 05:28:08

标签: c++ c api winapi portable-executable

所以我将paltalk.exe作为参数加载到我的c ++命令行程序中,我得到了这个输出:

 [Walk_Imports]: Imported DLL [0] WSOCK32.dll 
--------------------------------------------------
 [Import_By_Ordinal]: address: 80000016 
 [Import_By_Ordinal]: address: 80000003 
 [Import_By_Ordinal]: address: 80000073 
 [Import_By_Ordinal]: address: 80000017 
 [Import_By_Ordinal]: address: 80000015 
 [Import_By_Ordinal]: address: 8000000B 
 [Import_By_Ordinal]: address: 80000014 
 [Import_By_Ordinal]: address: 8000000E 
 [Import_By_Ordinal]: address: 8000000A 
 [Import_By_Ordinal]: address: 80000034 
 [Import_By_Ordinal]: address: 80000011 
 [Import_By_Ordinal]: address: 80000013 
 [Import_By_Ordinal]: address: 80000010 
 [Import_By_Ordinal]: address: 80000009 
 [Import_By_Ordinal]: address: 80000002 
 [Import_By_Ordinal]: address: 80000008 
 [Import_By_Ordinal]: address: 8000006F 
 [Import_By_Ordinal]: address: 80000097 
 [Import_By_Ordinal]: address: 80000012 
 [Import_By_Ordinal]: address: 80000004 
 [Import_By_Ordinal]: address: 8000000F 
 [Import_By_Ordinal]: address: 8000000C 

 22 functions imported (22 ordinal)

Paltalk导入wsock32.dll好消息。我走进它的进口,我看到所有的序数名称。

如何获取这些导入序号名称并使用c或c ++加载wsock32.dll并遍历其导出表以使序号名称与相应的函数名称匹配?

我希望这是足以让我的问题得到解决的信息。如果没有,我可以添加更多信息。

由于

1 个答案:

答案 0 :(得分:1)

关于可移植可执行基础架构这样一个广泛的问题,请看看Matt Pietrek http://www.wheaty.net以及他如何在PEDUMP(代码提供)中实现对这些细节的检索。

相关问题
最新问题