列举PE文件的导入函数信息,功能与格式和 dumpbin /imports一模一样。
不说空话,直接看代码:
1 void ListImports(DWORD dbase) 2 { 3 char szMsgImport[]=" %s %8X Import Address Table %8X Import Name Table %8x time date stamp %8x Index of first forwarder reference "; 4 char szMsg2[]=" %8X %s "; 5 char szMsg3[]=" %8X "; 6 PIMAGE_DOS_HEADER dos=(PIMAGE_DOS_HEADER)dbase; 7 PIMAGE_NT_HEADERS nt=(PIMAGE_NT_HEADERS)(dbase+dos->e_lfanew); 8 DWORD va=(DWORD)nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress; 9 if (!va) 10 { 11 printf(" No imports "); 12 return; 13 } 14 PIMAGE_IMPORT_DESCRIPTOR iid=(PIMAGE_IMPORT_DESCRIPTOR)RvaToPtr(dbase,va); 15 printf("Section contains the following imports: "); 16 DWORD imagebase=nt->OptionalHeader.ImageBase; 17 while(iid->OriginalFirstThunk || iid->FirstThunk || iid->Name || iid->TimeDateStamp || iid->ForwarderChain) 18 { 19 printf(szMsgImport,RvaToPtr(dbase,iid->Name),iid->FirstThunk+imagebase,iid->OriginalFirstThunk+imagebase,iid->TimeDateStamp,iid->ForwarderChain); 20 21 if (iid->OriginalFirstThunk) 22 va=iid->OriginalFirstThunk; 23 else 24 va=iid->FirstThunk; 25 PDWORD pva=(PDWORD)RvaToPtr(dbase,va); 26 while (*pva) 27 { 28 if (*pva & IMAGE_ORDINAL_FLAG32) 29 { 30 DWORD dd=(*pva) & 0x0ffff; 31 printf(szMsg3,dd); 32 } 33 PIMAGE_IMPORT_BY_NAME piibn=NULL; 34 piibn=(PIMAGE_IMPORT_BY_NAME)RvaToPtr(dbase,*pva); 35 printf(szMsg2,piibn->Hint,piibn->Name); 36 pva++; 37 } 38 iid++; 39 } 40 }