Ejemplos de PIMAGE_EXPORT_DIRECTORY en C++ (Cpp)

Lenguaje de programación: C++ (Cpp)

Método / Función: PIMAGE_EXPORT_DIRECTORY

Ejemplos en hotexamples.com: 2

C++ (Cpp) PIMAGE_EXPORT_DIRECTORY - 2 ejemplos encontrados. Estos son los ejemplos en C++ (Cpp) del mundo real mejor valorados de PIMAGE_EXPORT_DIRECTORY extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Ejemplo n.º 1

Mostrar archivo

Archivo: PE.cpp Proyecto: mxisme/GitHubVS2013

HRESULT PE_PrintExport(PBYTE pBase, IMAGE_DATA_DIRECTORY DataExport,ULONG_PTR ulBase ,BOOL bExport)
{
	HRESULT                      result = S_OK;
	char                       * pName = NULL;
	ULONG                        Funstart = 0;
	ULONG                        FunEnd = 0;
	PIMAGE_EXPORT_DIRECTORY      pExportBlack = NULL;
	WORD                        *pAddressOfNameOrdinals = NULL;
	ULONG                       *pAddressOfNames = NULL;
	ULONG                       *pAddressOfFunctions = NULL;
	UINT                         j = 0;
	pExportBlack = PIMAGE_EXPORT_DIRECTORY(pBase + DataExport.VirtualAddress);

	if (!pExportBlack || !DataExport.Size)
	{
		dprintf("没有导出表 \n");
		return S_OK;
	}
	if (!bExport)
	{
		return S_OK;
	}
	pAddressOfNameOrdinals = (PWORD)((PUCHAR)pBase + pExportBlack->AddressOfNameOrdinals);
	pAddressOfNames = (PULONG)((PUCHAR)pBase + pExportBlack->AddressOfNames);
	pAddressOfFunctions = (PULONG)((PUCHAR)pBase + pExportBlack->AddressOfFunctions);
	Funstart = DataExport.VirtualAddress;
	FunEnd = DataExport.VirtualAddress + DataExport.Size;
	pName = (PCHAR)pBase + pExportBlack->Name;
	dprintf("DLL  导出名是  %s\n", pName);
	dprintf("序号    函数相对偏移    函数地址      函数名称 \n");
	for (UINT i = 0; i < pExportBlack->NumberOfFunctions; i++)
	{
		if ((*pAddressOfFunctions >Funstart) &&(*pAddressOfFunctions < FunEnd))
		{
			pName = (char *)(pBase + *pAddressOfFunctions);
			dprintf("%04d    0x%08x    0x%08x    %s\n", pExportBlack->Base + i, (PULONG)((PUCHAR)ulBase + pExportBlack->AddressOfFunctions) + i , ulBase + *(pAddressOfFunctions + i), (char *)(pBase + *pAddressOfFunctions));
			continue;
		}
		for (j = 0; j < pExportBlack->NumberOfNames; j++)
		{
			if (*(pAddressOfNameOrdinals +j) == i)
			{
				pName = (char *)pBase + *(pAddressOfNames + j);
				dprintf("%04d    0x%08x    0x%08x    %s\n", pExportBlack->Base + i, (PULONG)((PUCHAR)ulBase + pExportBlack->AddressOfFunctions) + i, ulBase + *(pAddressOfFunctions + i), (char *)pBase + *(pAddressOfNames + j));
				break;
			}
		}
		if (*(pAddressOfNameOrdinals + j) !=  i)
		{
			dprintf("%04d    0x%08x    0x%08x    无\n", pExportBlack->Base + i, (PULONG)((PUCHAR)ulBase + pExportBlack->AddressOfFunctions) + i, ulBase + *(pAddressOfFunctions + i));
		}


	}
	return result;
}

Ejemplo n.º 2

Mostrar archivo

Archivo: Plugins.cpp Proyecto: kichik/nsis-1

void Plugins::GetExports(char* pathToDll,bool displayInfo)
{
  if (pathToDll)
  {
    unsigned char* dlldata    = 0;
    long           dlldatalen = 0;
    bool           loaded     = false;
    char           dllName[100];
    char           signature[256];

    dllName[0] = 0;
    char* ptr = strrchr(pathToDll,'\\');
    if (ptr && *ptr && *(ptr+1)) strcpy(dllName,ptr+1);
    ptr = strstr(dllName, ".dll");
    if (ptr) *ptr = 0;

    FILE* dll = fopen(pathToDll,"rb");
    if (dll)
    {
      fseek(dll,0,SEEK_END);
      dlldatalen = ftell(dll);
      fseek(dll,0,SEEK_SET);
      if (dlldatalen > 0)
      {
        dlldata = new unsigned char [dlldatalen];
        if (dlldata)
        {
          size_t bytesread = fread((void*)dlldata,1,dlldatalen,dll);
          if ((long)bytesread == dlldatalen)
            loaded = true;
        }
      }
      fclose(dll);
    }

    if (!loaded)
    {
      if (dlldata) delete[] dlldata;
      return;
    }

    PIMAGE_NT_HEADERS NTHeaders = PIMAGE_NT_HEADERS(dlldata + PIMAGE_DOS_HEADER(dlldata)->e_lfanew);
    if (NTHeaders->Signature == IMAGE_NT_SIGNATURE)
    {
      if (NTHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL)
      {
        if (NTHeaders->OptionalHeader.NumberOfRvaAndSizes <= IMAGE_DIRECTORY_ENTRY_EXPORT) return;

        DWORD ExportDirVA = NTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
        DWORD ExportDirSize = NTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
        PIMAGE_SECTION_HEADER sections = IMAGE_FIRST_SECTION(NTHeaders);

        for (int i = 0; i < NTHeaders->FileHeader.NumberOfSections; i++)
          {
          if (sections[i].VirtualAddress <= ExportDirVA
              && sections[i].VirtualAddress+sections[i].Misc.VirtualSize >= ExportDirVA+ExportDirSize)
            {
            PIMAGE_EXPORT_DIRECTORY exports = PIMAGE_EXPORT_DIRECTORY(dlldata + sections[i].PointerToRawData + ExportDirVA - sections[i].VirtualAddress);
            unsigned long *names = (unsigned long*)((char*)exports + exports->AddressOfNames - ExportDirVA);
            for (unsigned long j = 0; j < exports->NumberOfNames; j++)
            {
              char *name = (char*)exports + names[j] - ExportDirVA;
              wsprintf(signature, "%s::%s", dllName, name);
              m_list.add(signature, pathToDll);
              if (displayInfo)
                fprintf(g_output, " - %s\n", signature);
            }
            break;
          }
        }
      }
    }

    delete[] dlldata;
  }
}