#include <windows.h>
#include <stdio.h>
#include <tchar.h>
DWORD RvaToOffset(PIMAGE_NT_HEADERS pImageNtHeaders, DWORD dwRva);
int _tmain(int argc, TCHAR *argv[])
{
PIMAGE_DOS_HEADER pImageDOSHeader;
PIMAGE_NT_HEADERS pImageNTHeader;
PIMAGE_IMPORT_DESCRIPTOR pImageImportDescriptor;
PIMAGE_IMPORT_BY_NAME pImageImportByName;
PIMAGE_EXPORT_DIRECTORY pImageExportDirectory;
DWORD dwCount;
DWORD dwCount2;
DWORD *Thunks;
DWORD dwFileOffset;
DWORD dwOrdinals;
DWORD dwFunctions;
char *szFunctionName;
DWORD dwNames;
PDWORD dwName;
PDWORD dwFunction;
PWORD dwOrdinal;
HANDLE hFile;
HANDLE hMapObject;
PUCHAR uFileMap;
if(argc<2)
return -1;
if(!(hFile=CreateFile(argv[1],GENERIC_READ,0,NULL,OPEN_EXISTING,0,0)))
return -1;
if (!(hMapObject = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL)))
return (-1);
if (!(uFileMap = MapViewOfFile(hMapObject, FILE_MAP_READ, 0, 0, 0)))
return (-1);
pImageDOSHeader=(PIMAGE_DOS_HEADER)uFileMap;
if(pImageDOSHeader->e_magic != IMAGE_DOS_SIGNATURE)
return -1;
pImageNTHeader = (PIMAGE_NT_HEADERS)((PUCHAR)uFileMap + pImageDOSHeader->e_lfanew);
if(pImageNTHeader->Signature != IMAGE_NT_SIGNATURE)
return -1;
if (!(pImageNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress))
{
printf("No export function!");
return 0;
}
//导出表文件偏移
dwFileOffset = RvaToOffset(pImageNTHeader,pImageNTHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
pImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((PUCHAR)uFileMap+dwFileOffset);
dwCount = pImageExportDirectory->NumberOfFunctions;
dwOrdinals = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfNameOrdinals);
dwFunctions = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfFunctions);
dwNames = RvaToOffset(pImageNTHeader,pImageExportDirectory->AddressOfNames);
for (dwCount2=0;dwCount2<dwCount;dwCount2++)
{
dwOrdinal=(PWORD)((PUCHAR)uFileMap+dwOrdinals+dwCount2*2); // 地址
dwFunction=(PDWORD)((PUCHAR)uFileMap+dwFunctions+dwCount2*4); // 地址
dwName=(PDWORD)((PUCHAR)uFileMap+dwNames+dwCount2*4); //地址
szFunctionName = ((PUCHAR)uFileMap+RvaToOffset(pImageNTHeader,*dwName));
printf("Ordinal: 0x%04X ",*dwOrdinal);
if(dwCount2 == *dwOrdinal)
{
printf("Name: %s ",szFunctionName);
}
printf("Address: 0x%04X
",*dwFunction);
}
UnmapViewOfFile(uFileMap);
CloseHandle(hMapObject);
CloseHandle(hFile);
return 0;
}
DWORD RvaToOffset(PIMAGE_NT_HEADERS pImageNtHeaders, DWORD dwRva)
{
PIMAGE_SECTION_HEADER pImageSectionHeader;
DWORD dwCount;
DWORD dwFileOffset;
pImageSectionHeader = IMAGE_FIRST_SECTION(pImageNtHeaders);
dwFileOffset = dwRva;
for (dwCount=0;dwCount<pImageNtHeaders->FileHeader.NumberOfSections;dwCount++)
{
if(dwRva>=pImageSectionHeader[dwCount].VirtualAddress && dwRva<(pImageSectionHeader[dwCount].VirtualAddress+pImageSectionHeader[dwCount].SizeOfRawData))
{
dwFileOffset-=pImageSectionHeader[dwCount].VirtualAddress;
dwFileOffset+=pImageSectionHeader[dwCount].PointerToRawData;
return dwFileOffset;
}
}
return 0;
}