验证中...
8月18日(周六)成都源创会火热报名中,四位一线行业大牛与你面对面,探讨区块链技术热潮下的冷思考。
walk_through_export.cpp
Raw Copy
auto walk_through_export = [](PVOID ImageBase)
{
ULONG ExportSize = 0;
auto nt_header = ntdll::RtlImageNtHeader(ImageBase);
auto export_header = (PIMAGE_EXPORT_DIRECTORY)ntdll::RtlImageDirectoryEntryToData(ImageBase,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXPORT,
&ExportSize
);
auto RVATOVA = [](auto _base_, auto _offset_) {
return ((PUCHAR)(_base_)+(ULONG)(_offset_)); };
if (export_header)
{
PULONG AddressOfFunctions = (PULONG)RVATOVA(ImageBase, export_header->AddressOfFunctions);
PSHORT AddrOfOrdinals = (PSHORT)RVATOVA(ImageBase, export_header->AddressOfNameOrdinals);
PULONG AddressOfNames = (PULONG)RVATOVA(ImageBase, export_header->AddressOfNames);
for (auto i = 0; i < export_header->NumberOfFunctions; i++)
{
auto pname = (char *)RVATOVA(ImageBase, AddressOfNames[i]);
auto rva = AddressOfFunctions[AddrOfOrdinals[i]];
auto VA_ = (ULONG_PTR)RVATOVA(ImageBase, rva);
std::cout <<
pname << "=" << std::hex << VA_ << "\n";
}
}
};

Comment list( 0 )

You need to Sign in for post a comment