列表导入的PE文件的DLL

Question

我试图用下面的代码列出PE文件的导入DLL，但它没有工作，Windows说我运行它时exe已停止工作。在代码中，我使用CreateFileMapping函数将给定的exe文件映射到内存中，然后使用Win32 API中给出的适当结构浏览器的每个部分。我该如何纠正它？

#include <stdio.h> 
#include <windows.h> 

//add Pointer Values 
#define MakePtr(cast, ptr, addValue) (cast)((unsigned long)(ptr)+(unsigned long)(addValue)) 


int main(int argc , char ** argv) //main method 
{ 
HANDLE hMapObject, hFile;//File Mapping Object 
LPVOID lpBase;//Pointer to the base memory of mapped 

PIMAGE_DOS_HEADER dosHeader;//Pointer to DOS Header 
PIMAGE_NT_HEADERS ntHeader;//Pointer to NT Header 
PIMAGE_IMPORT_DESCRIPTOR importDesc;//Pointer to import descriptor 

hFile = CreateFile(argv[1],GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);//Open the Exe File 
if(hFile == INVALID_HANDLE_VALUE){ 
     printf("\nERROR : Could not open the file specified\n"); 
} 
hMapObject = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL); 
lpBase = MapViewOfFile(hMapObject,FILE_MAP_READ,0,0,0);//Mapping Given EXE file to Memory 

dosHeader = (PIMAGE_DOS_HEADER)lpBase;//Get the DOS Header Base 
//verify dos header 
if (dosHeader->e_magic == IMAGE_DOS_SIGNATURE) 
{ 

    ntHeader = MakePtr(PIMAGE_NT_HEADERS, dosHeader, dosHeader->e_lfanew);//Get the NT Header 
      //verify NT header 
    if (ntHeader->Signature == IMAGE_NT_SIGNATURE){ 
     importDesc = MakePtr(PIMAGE_IMPORT_DESCRIPTOR, dosHeader,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); 

     while (importDesc->Name) 
     { 
      printf("%s\n",MakePtr(char*, dosHeader,importDesc->Name)); 
      importDesc++;    
     } 

    } 
} 

getchar(); 

} 

Answer 1

您正在查找的列表内容包含在一个部分（如PE图像中的几乎所有内容）中。您必须访问目录指向的部分。看看Matt Pietrek的代码（PeDump），看看它是如何工作的。