列出PE文件的导入DLL

Question

我尝试使用以下代码列出 PE 文件的导入 DLL，但它不起作用，并且 windows 说我运行它时 exe 已停止工作。在代码中，我只是使用 CreateFileMapping 函数将给定的 exe 文件映射到内存中，然后使用 Win32 API 中给出的适当结构来浏览每个部分。我该如何纠正？

#include <stdio.h>
#include <windows.h>

//add Pointer Values
#define MakePtr( cast, ptr, addValue ) (cast)( (unsigned long)(ptr)+(unsigned long)(addValue))


int main(int argc , char ** argv) //main method
{
HANDLE hMapObject, hFile;//File Mapping Object
LPVOID lpBase;//Pointer to the base memory of mapped 

PIMAGE_DOS_HEADER dosHeader;//Pointer to DOS Header
PIMAGE_NT_HEADERS ntHeader;//Pointer to NT Header
PIMAGE_IMPORT_DESCRIPTOR importDesc;//Pointer to import descriptor

hFile = CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);//Open the Exe File
if(hFile == INVALID_HANDLE_VALUE){
         printf("\nERROR : Could not open the file specified\n");
}
hMapObject = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
lpBase = MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0);//Mapping Given EXE file to Memory

dosHeader = (PIMAGE_DOS_HEADER)lpBase;//Get the DOS Header Base
//verify dos header
if ( dosHeader->e_magic == IMAGE_DOS_SIGNATURE)
{

    ntHeader = MakePtr(PIMAGE_NT_HEADERS, dosHeader, dosHeader->e_lfanew);//Get the NT Header
            //verify NT header
    if (ntHeader->Signature == IMAGE_NT_SIGNATURE ){
        importDesc = MakePtr(PIMAGE_IMPORT_DESCRIPTOR, dosHeader,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);

        while (importDesc->Name)
        {
            printf("%s\n",MakePtr(char*, dosHeader,importDesc->Name));
            importDesc++;               
        }

    }
}

getchar();

}

Answer 1

您要查找的列表内容包含在一个部分中（就像 PE 图像中的几乎所有内容一样）。您必须访问目录指向的部分。看看 Matt Pietrek (PeDump) 的代码，看看它是如何工作的。