获取PE文件的导出函数

一段可以从任何DLL中提取函数名的代码，这段代码的应用前提是该DLL文件对象没有经过任何“加壳”处理，否则，可能提取不完整。

#include "Dbghelp.h"bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions){HANDLE hFile;HANDLE hFileMapping;LPVOID lpFileBase;PIMAGE_DOS_HEADER pImg_DOS_Header;PIMAGE_NT_HEADERS pImg_NT_Header;PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);if(hFile == INVALID_HANDLE_VALUE)return false;hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);if(hFileMapping == 0){CloseHandle(hFile);return false;}lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);if(lpFileBase == 0){CloseHandle(hFileMapping);CloseHandle(hFile);return false;}pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;pImg_NT_Header = (PIMAGE_NT_HEADERS)((LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew);if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE){UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;if(!pImg_Export_Dir)// 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1{UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}// 63 63 72 75 6E 2E 63 6F 6DpImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,pImg_DOS_Header, (DWORD)ppdwNames, 0);if(!ppdwNames){UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}*nNoOfExports = pImg_Export_Dir->NumberOfNames;pszFunctions = new char*[*nNoOfExports];for(UINT i=0; i < *nNoOfExports; i ){char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);pszFunctions[i] = new char[strlen(szFunc) 1];strcpy(pszFunctions[i],szFunc);ppdwNames ;}UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return true;}//---------------------------------------------------------------------------// 示例代码，读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中void __fastcall TForm1::Button1Click(TObject *Sender){UINT unNoOfExports;char **lppBuffer;GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);for(UINT i=0; i<unNoOfExports; i )Memo1->Lines->Add(lppBuffer[i]);for(UINT i=0; i<unNoOfExports; i )delete []lppBuffer[i];delete []lppBuffer;}  /*==========================================================================================================*/#include "Dbghelp.h"bool GetDLLFileExports(char *szFileName, UINT *nNoOfExports, char **&pszFunctions){HANDLE hFile;HANDLE hFileMapping;LPVOID lpFileBase;PIMAGE_DOS_HEADER pImg_DOS_Header;PIMAGE_NT_HEADERS pImg_NT_Header;PIMAGE_EXPORT_DIRECTORY pImg_Export_Dir;hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ,NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);if(hFile == INVALID_HANDLE_VALUE)return false;hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);if(hFileMapping == 0){CloseHandle(hFile);return false;}lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);if(lpFileBase == 0){CloseHandle(hFileMapping);CloseHandle(hFile);return false;}pImg_DOS_Header = (PIMAGE_DOS_HEADER)lpFileBase;pImg_NT_Header = (PIMAGE_NT_HEADERS)((LONG)pImg_DOS_Header (LONG)pImg_DOS_Header->e_lfanew);if(IsBadReadPtr(pImg_NT_Header, sizeof(IMAGE_NT_HEADERS))|| pImg_NT_Header->Signature != IMAGE_NT_SIGNATURE){UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}pImg_Export_Dir = (PIMAGE_EXPORT_DIRECTORY)pImg_NT_Header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;if(!pImg_Export_Dir)// 本文转自 C Builder研究 - http://www.ccrun.com/article.asp?i=653&d=b2m5o1{UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}// 63 63 72 75 6E 2E 63 6F 6DpImg_Export_Dir= (PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pImg_NT_Header,pImg_DOS_Header, (DWORD)pImg_Export_Dir, 0);DWORD **ppdwNames = (DWORD **)pImg_Export_Dir->AddressOfNames;ppdwNames = (PDWORD*)ImageRvaToVa(pImg_NT_Header,pImg_DOS_Header, (DWORD)ppdwNames, 0);if(!ppdwNames){UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return false;}*nNoOfExports = pImg_Export_Dir->NumberOfNames;pszFunctions = new char*[*nNoOfExports];for(UINT i=0; i < *nNoOfExports; i ){char *szFunc=(PSTR)ImageRvaToVa(pImg_NT_Header, pImg_DOS_Header, (DWORD)*ppdwNames, 0);pszFunctions[i] = new char[strlen(szFunc) 1];strcpy(pszFunctions[i],szFunc);ppdwNames ;}UnmapViewOfFile(lpFileBase);CloseHandle(hFileMapping);CloseHandle(hFile);return true;}//---------------------------------------------------------------------------// 示例代码，读取C:/ccrun/123.dll中的导出函数列表并显示在Memo中void __fastcall TForm1::Button1Click(TObject *Sender){UINT unNoOfExports;char **lppBuffer;GetDLLFileExports("C://ccrun//123.dll", &unNoOfExports, lppBuffer);for(UINT i=0; i<unNoOfExports; i )Memo1->Lines->Add(lppBuffer[i]);for(UINT i=0; i<unNoOfExports; i )delete []lppBuffer[i];delete []lppBuffer;}