HanDs
管理员

[Delphi文章] 获取PE文件的导出函数列表 



http://ccrun.com/article/go.asp?i=653&d=b2m5o1

uses ImageHlp;

function GetDLLFileExports(
  szFileName: PChar;
  mStrings: TStrings
): Boolean;
var
  hFile: THANDLE;
  hFileMapping: THANDLE;
  lpFileBase: Pointer;
  pImg_DOS_Header: PImageDosHeader;
  pImg_NT_Header: PImageNtHeaders;
  pImg_Export_Dir: PImageExportDirectory;
  ppdwNames: ^PDWORD;
  szFunc: PChar;
  i: Integer;
begin
  Result := False;
  if not Assigned(mStrings) then Exit;
  hFile := CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, nil,
    OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
  if(hFile = INVALID_HANDLE_VALUE) then Exit;
  hFileMapping := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
  if hFileMapping = 0 then
  begin
    CloseHandle(hFile);
    Exit;
  end;

  lpFileBase := MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
  if lpFileBase = nil then
  begin
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    Exit;
  end;

  pImg_DOS_Header := PImageDosHeader(lpFileBase);
  pImg_NT_Header := PImageNtHeaders(
    Integer(pImg_DOS_Header) + Integer(pImg_DOS_Header._lfanew));

  if IsBadReadPtr(pImg_NT_Header, SizeOf(IMAGE_NT_HEADERS)) or
    (pImg_NT_Header.Signature <> IMAGE_NT_SIGNATURE) then
  begin
    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    Exit;
  end;

  pImg_Export_Dir := PImageExportDirectory(
    pImg_NT_Header.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].
      VirtualAddress);
  if not Assigned(pImg_Export_Dir) then
  begin
    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    Exit;
  end;
  // 63 63 72 75 6E 2E 63 6F 6D
  pImg_Export_Dir := PImageExportDirectory(
    ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, DWORD(pImg_Export_Dir),
    PImageSectionHeader(Pointer(nil)^)));

  ppdwNames := Pointer(pImg_Export_Dir.AddressOfNames);

  ppdwNames := Pointer(ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header,
    DWORD(ppdwNames), PImageSectionHeader(Pointer(nil)^)));
  if not Assigned(ppdwNames) then
  begin
    UnmapViewOfFile(lpFileBase);
    CloseHandle(hFileMapping);
    CloseHandle(hFile);
    Exit;
  end;

  for i := 0 to pImg_Export_Dir.NumberOfNames - 1 do
  begin
    szFunc := PChar(ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header,
      DWORD(ppdwNames^), PImageSectionHeader(Pointer(nil)^)));
    mStrings.Add(szFunc);
    Inc(ppdwNames);
  end;
  UnmapViewOfFile(lpFileBase);
  CloseHandle(hFileMapping);
  CloseHandle(hFile);
  Result := True;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  GetDLLFileExports('C:\WINDOWS\SYSTEM32\MSSIP32.DLL', Memo1.Lines);
end;


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
获取 P E 文件 导出 数列
#1楼
发帖时间:2016-7-9   |   查看数:0   |   回复数:0
游客组
快速回复