我试图在另一个进程中(通过PE头)列出某个DLL中的所有导入函数,
if (!_stricmp(pName, pDLLname)){
// get the import list table
pILT = new IMAGE_THUNK_DATA[dwThunkArrayLen];
bSuccess = ReadProcessMemory(hProcess,
(LPCVOID)((DWORD)lpImageBaseAddress +
idescriptor.OriginalFirstThunk),
pILT,
BUFFER_SIZE, 0);
// get the import address table
pIAT = new IMAGE_THUNK_DATA[dwThunkArrayLen];
ReadProcessMemory(hProcess,
(LPCVOID)((DWORD)lpImageBaseAddress +
idescriptor.FirstThunk),
pIAT,
BUFFER_SIZE, 0);
if (!pIAT)
printf("Error reading Address Table\n");
/* This is where I'm having trouble, it doesn't output correct function names*/
while (pIAT->u1.Function){
PIMAGE_IMPORT_BY_NAME pimport = new IMAGE_IMPORT_BY_NAME;
bSuccess = ReadProcessMemory(hProcess,
(LPCVOID)((DWORD)lpImageBaseAddress +
pIAT->u1.AddressOfData),
pimport,
BUFFER_SIZE, 0);
printf("%s\n", pimport->Name);
pIAT++;
}
} /* If matched DLL */
我可以成功列出DLL而不是函数。
有人知道我做错了吗?