PE--导入表

• 遍历导入表信息

/////////////////读取导入表信息///////////////////////VOID _GetImportInfo(PVOID pFileBuffer){    PIMAGE_DOS_HEADER pDosHeader = NULL;    PIMAGE_NT_HEADERS pNtHeaders = NULL;    PIMAGE_IMPORT_DESCRIPTOR pImportDes = NULL;    PDWORD pThunkData = NULL;    PIMAGE_IMPORT_BY_NAME pImportByName = NULL;    PSTR ImportName = NULL;    pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;    if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)    {        printf("not a mz header!\n");        return ;    }    pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + pDosHeader->e_lfanew);    if (pNtHeaders->Signature != IMAGE_NT_SIGNATURE)    {        printf("not a ntpe header!\n");        return ;    }    //导入表的位置    pImportDes = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pFileBuffer+(_RVAToOffset(pFileBuffer, pNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress)));    while (pImportDes->Name!=0)    {        ImportName = (LPSTR)((DWORD)pFileBuffer + (_RVAToOffset(pFileBuffer, pImportDes->Name)));        printf("导入表：%s\n", ImportName);        pThunkData = PDWORD((DWORD)pFileBuffer+(_RVAToOffset(pFileBuffer, pImportDes->OriginalFirstThunk)));        while (*pThunkData!=0)        {            //偏移            if ((*pThunkData & 0x80000) == 0)            {                pImportByName = (PIMAGE_IMPORT_BY_NAME)((DWORD)pFileBuffer + (_RVAToOffset(pFileBuffer, *pThunkData)));                printf("序号：%x   %s\n", pImportByName->Hint, pImportByName->Name);            }            else if ((*pThunkData&0x80000)!=0)            {                printf("名字：%s\n", (PSTR)pThunkData);            }            pThunkData++;        }        pImportDes++;    }}

本文是学习笔记，有错误的地方请不吝赐教！