C++ (Cpp) PIMAGE_IMPORT_BY_NAME示例

编程语言: C++ (Cpp)

方法/功能: PIMAGE_IMPORT_BY_NAME

hotexamples.com的示例: 2

C++ (Cpp) PIMAGE_IMPORT_BY_NAME - 已找到2个示例。这些是从开源项目中提取的最受好评的PIMAGE_IMPORT_BY_NAME现实C++ (Cpp)示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： CHook.cpp 项目： jmfti/Function-hooks-in-cplusplus

DWORD* CIATHook::IATHook( /*HMODULE hDllWhichImports,*/ char *DllImportsFrom, char *OldFunctionName ){
	if (!this->loaded) return 0;
	DWORD dwIndex;
    DWORD dwOffset;
    HMODULE hDllWhichImports = this->moduleimporting;
    PIMAGE_DATA_DIRECTORY pDataDirectory;
    PIMAGE_DOS_HEADER pDosHeader;
    PDWORD pdwIAT;
    PDWORD pdwINT;
    PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
    PIMAGE_IMPORT_BY_NAME pImportName;
    PIMAGE_OPTIONAL_HEADER pOptionalHeader;
    PIMAGE_NT_HEADERS pPeHeader;
    PSTR strCurrent;
    //hDllWhichImports = GetModuleHandleA(DllWhichImports);

    if(!hDllWhichImports) return NULL;
          
    pDosHeader = PIMAGE_DOS_HEADER(hDllWhichImports);
    dwOffset = pDosHeader->e_lfanew;
    pPeHeader = PIMAGE_NT_HEADERS(long(hDllWhichImports) + dwOffset);
    pOptionalHeader = &pPeHeader->OptionalHeader;
    pDataDirectory = pOptionalHeader->DataDirectory;
    dwOffset = pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
    pImportDescriptor = PIMAGE_IMPORT_DESCRIPTOR(long(hDllWhichImports) + dwOffset);
    for(dwIndex = 0; true; dwIndex++)
    {
        dwOffset = pImportDescriptor[dwIndex].Name;
        if (!dwOffset) return NULL;
        strCurrent = PSTR(long(hDllWhichImports) + dwOffset);

		if(_stricmp( strCurrent, DllImportsFrom) == 0 )
		{
			break;
		}
    }
    dwOffset = pImportDescriptor[dwIndex].FirstThunk;
    pdwIAT = PDWORD(long(hDllWhichImports) + dwOffset);
    dwOffset = pImportDescriptor[dwIndex].OriginalFirstThunk;
    pdwINT = PDWORD(long(hDllWhichImports) + dwOffset);

	for(dwIndex = 0; true; dwIndex++)
    {
        dwOffset = pdwINT[dwIndex];
        if (!dwOffset) return NULL;
        pImportName = PIMAGE_IMPORT_BY_NAME(long(hDllWhichImports) + dwOffset);
        strCurrent = PSTR(pImportName->Name);

		if(_stricmp(strCurrent, OldFunctionName) == 0)
        {
            return &pdwIAT[dwIndex];
        }
    }
    return NULL;
}

示例#2

显示文件

文件： IATHookInjector.cpp 项目： dennisfischer/dll-injector

PIMAGE_IMPORT_BY_NAME IATHookInjector::ReadRemoteImportByName(HANDLE hProcess, LPCVOID lpImageBaseAddress, PIMAGE_THUNK_DATA32 pImageThunk) const
{
	auto lpImportNameBuffer = new BYTE[BUFFER_SIZE];
	auto bSuccess = ReadProcessMemory(hProcess, LPCVOID(DWORD(lpImageBaseAddress) + pImageThunk->u1.AddressOfData), lpImportNameBuffer,BUFFER_SIZE, nullptr);

	if (!bSuccess)
	{
		return nullptr;
	}

	return PIMAGE_IMPORT_BY_NAME(lpImportNameBuffer);
}