- UID
- 2
注册时间2004-12-1
阅读权限255
最后登录1970-1-1
总坛主
TA的每日心情 | 开心
2024-12-1 11:04 |
|---|
签到天数: 12 天 [LV.3]偶尔看看II
|
方便你们写劫持工具。。。自己去整吧~~
- /*
- 解析PE64 DLL 导出表
- By 飘云/P.Y.G
- www.chinapyg.com
- */
- #include "windows.h"
- #include "stdio.h"
- DWORD RVA2Offset(PIMAGE_NT_HEADERS pNTHeader, DWORD dwRVA)
- {
- PIMAGE_SECTION_HEADER pSection = (PIMAGE_SECTION_HEADER)((DWORD)pNTHeader + sizeof(IMAGE_NT_HEADERS));
- for(int i = 0; i < pNTHeader->FileHeader.NumberOfSections; i++)
- {
- if(dwRVA >= pSection[i].VirtualAddress && dwRVA < (pSection[i].VirtualAddress + pSection[i].SizeOfRawData))
- {
- return pSection[i].PointerToRawData + (dwRVA - pSection[i].VirtualAddress);
- }
- }
- return 0;
- }
- void PE64_DLL(PCHAR lpFileName)
- {
- HANDLE hfile = CreateFileA(lpFileName,
- GENERIC_READ|GENERIC_WRITE,
- FILE_SHARE_READ,
- NULL,
- OPEN_EXISTING,
- FILE_ATTRIBUTE_NORMAL,
- NULL);
- if(hfile == INVALID_HANDLE_VALUE)
- {
- printf("[P.Y.G]创建文件失败.\n");
- return ;
- }
- HANDLE hFileMapping = CreateFileMapping(hfile, NULL, PAGE_READONLY, 0, 0, NULL);
- if (hFileMapping == NULL || hFileMapping == INVALID_HANDLE_VALUE)
- {
- printf("[P.Y.G]创建共享内存失败 (%d).\n", GetLastError());
- return ;
- }
- LPBYTE lpBaseAddress = (LPBYTE)MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
- if (lpBaseAddress == NULL)
- {
- printf("[P.Y.G]内存映射失败 (%d).\n", GetLastError());
- return ;
- }
- PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)lpBaseAddress;
- // 验证PE合法性
- if (pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
- {
- printf("[PYG]--非PE文件!\n");
- // 自行清理现场。。。
- return;
- }
- PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)(lpBaseAddress + pDosHeader->e_lfanew);
- // 继续验证PE合法性
- if(pNtHeaders->Signature != IMAGE_NT_SIGNATURE)
- {
- printf("[PYG]--非PE文件!\n");
- // 自行清理现场。。。
- return;
- }
- int dwExportOffset = RVA2Offset(pNtHeaders, pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
- PIMAGE_EXPORT_DIRECTORY pExport = (PIMAGE_EXPORT_DIRECTORY)((DWORD)lpBaseAddress + dwExportOffset);
- DWORD dwFunctionNameOffset = (DWORD)lpBaseAddress + RVA2Offset(pNtHeaders, pExport->Name);
- DWORD* pdwNamesAddress = (DWORD*)((DWORD)lpBaseAddress + RVA2Offset(pNtHeaders, pExport->AddressOfNames));
- DWORD* pdwFunctionAddress = (DWORD*)((DWORD)lpBaseAddress + RVA2Offset(pNtHeaders, pExport->AddressOfFunctions));
- WORD* pwOrdinals = (WORD*)((DWORD)lpBaseAddress + RVA2Offset(pNtHeaders, pExport->AddressOfNameOrdinals));
- DWORD dwNumberOfNames = pExport->NumberOfNames;
- if(dwNumberOfNames > 0)
- {
- printf("[P.Y.G]文件名: %s\n", dwFunctionNameOffset);
- printf("[P.Y.G]导出函数总数: %X\n", pExport->NumberOfFunctions);
- printf("[P.Y.G]名称函数总数: %X\n\n", pExport->NumberOfNames);
- printf("名称导出:\n\n");
- for(int i = 0; i < dwNumberOfNames; i++)
- {
- DWORD dwFunctionAddress = pdwFunctionAddress[pwOrdinals[i]];
- DWORD pdwFunNameOffset = (DWORD)lpBaseAddress + RVA2Offset(pNtHeaders, pdwNamesAddress[i]);
- printf("[P.Y.G][序号]: %-4X [名称]: %-30s [RVA]: 0x%08X\n", pExport->Base + i/* + 1*/, pdwFunNameOffset, dwFunctionAddress);
- }
- printf("\n序号导出:\n\n");
- for(int i = 0; i < pExport->NumberOfFunctions - dwNumberOfNames; i++)
- {
- printf("[P.Y.G][序号]: %-4d [RVA]: 0x%08X\n", pExport->Base + i/* + 1*/, pdwFunctionAddress[i]);
- }
- }else
- printf("\n\t---------- [P.Y.G]未找到导出表! ----------\n");
- UnmapViewOfFile(lpBaseAddress);
- CloseHandle(hFileMapping);
- CloseHandle(hfile);
- }
- void main()
- {
- char szFileName[MAX_PATH];
- printf("请输入文件路径:\n");
- scanf("%s", szFileName);
- PE64_DLL(szFileName);
- system("pause");
- }
|
评分
-
查看全部评分
|
IP卡
发表于 2015-1-14 15:43:00
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2015-1-14 16:30:15
发表于 2015-1-15 08:59:01
发表于 2015-1-16 11:30:12
发表于 2015-1-16 11:34:55