dll 파일에서 함수 이름 가져오기

 
 
        ，        
 
 
 
 #include <windows.h> 
 
 #include <winbase.h> 
 
 #include <stdio.h> 
 
 #include <tchar.h> 
 
 #include <imagehlp.h> 
 
 
 
 void PrintUsage(char * msg) 
 
 { 
 
  printf("|---------------------------------------------------------|
"); 
 
  printf("| CreateDate: 2000-02-15 |
"); 
 
  printf("| Usage: <Path>\\GetFunction[.exe] <Exe file|DLL file> |
"); 
 
  printf("|---------------------------------------------------------|
"); 
 
  return; 
 
 } 
 
 
 
 BOOL CheckFunction(PCHAR pf) 
 
 { 
 
  int iCount=strlen(pf); 
 
 
 
  for(int i=0;i<iCount;i++) 
 
  { 
 
   if ((pf[i]<'0')||(pf[i]>'z')) return FALSE; 
 
  } 
 
  return TRUE; 
 
 } 
 
 
 
 int main(int argc,char **argv) 
 
 { 
 
  PIMAGE_NT_HEADERS nt_headers; 
 
  PIMAGE_EXPORT_DIRECTORY export_data; 
 
  DWORD export_data_size; 
 
  PDWORD FunctionsNames,FunctionsPtrs; 
 
  PWORD NameOrdinals; 
 
  HANDLE hFile,hFileMap; 
 
  DWORD file_attributes; 
 
  PVOID mod_base,func_ptr=0,image_base; 
 
  char file_path[MAX_PATH]; 
 
  char * func_name; 
 
  LPWIN32_FIND_DATA lpwfd_first=new WIN32_FIND_DATA; 
 
  DWORD i,dwretcode; 
 
  char * lpTmp=new char[MAX_PATH]; 
 
  BOOLEAN bcp=FALSE; 
 
 
 
  if (argc<2) 
 
  { 
 
   PrintUsage (argv[0]); 
 
   return 0; 
 
  } 
 
 
 
 // GetFullPathName (argv[1],MAX_PATH,file_path ,NULL); 
 
  sprintf(file_path,argv[1]); 
 
 
 
  if (FindFirstFile (file_path,lpwfd_first)==NULL) 
 
  { 
 
   //file_attributes=0; 
 
   PrintUsage(argv[0]); 
 
   return 0; 
 
  } 
 
  else 
 
  { 
 
   file_attributes=lpwfd_first->dwFileAttributes ; 
 
  } 
 
 goto_continue: 
 
  hFile=CreateFile(file_path,GENERIC_READ, 
 
   0,0,OPEN_EXISTING, 
 
   file_attributes,0); 
 
  if (hFile==INVALID_HANDLE_VALUE) 
 
  { 
 
   dwretcode=GetLastError(); 
 
   if (dwretcode==32) 
 
   { 
 
   bcp =TRUE; 
 
   sprintf(lpTmp,argv[0]); 
 
   lpTmp[(strrchr(argv[0],92) - argv[0])+1]=NULL; 
 
   sprintf(lpTmp+strlen(lpTmp),lpwfd_first->cFileName) ; 
 
   CopyFile(argv[1],lpTmp,TRUE); 
 
   sprintf(file_path,lpTmp); 
 
   delete lpTmp; 
 
   goto goto_continue; 
 
   } 
 
   else return 0; 
 
  } 
 
 
 
  delete lpwfd_first; 
 
 
 
  hFileMap=CreateFileMapping(hFile,0,PAGE_READONLY,0,0,0); 
 
  if (hFileMap==NULL) 
 
  { 
 
   printf("Create File Map Error!
"); 
 
   CloseHandle(hFile); 
 
   return 0; 
 
  } 
 
  mod_base =MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); 
 
  if (mod_base==NULL) 
 
  { 
 
   printf("Create MapView of file error!
"); 
 
   CloseHandle(hFileMap); 
 
   CloseHandle(hFile); 
 
   return 0; 
 
  } 
 
  nt_headers =ImageNtHeader (mod_base); 
 
  image_base=(PVOID)nt_headers->OptionalHeader .ImageBase ; 
 
 
 
  export_data =(PIMAGE_EXPORT_DIRECTORY )ImageDirectoryEntryToData (mod_base, 
 
   FALSE,IMAGE_DIRECTORY_ENTRY_EXPORT,&export_data_size); 
 
  if (export_data==NULL) 
 
  { 
 
   DWORD dwError = GetLastError(); 
 
   printf("ImageDirectoryEntryToData Error!(Errorcode:%d)
",dwError); 
 
   return 0; 
 
  } 
 
  FunctionsNames =(PDWORD)ImageRvaToVa (nt_headers,mod_base, 
 
   (DWORD)export_data->AddressOfNames ,0); 
 
  FunctionsPtrs = (PDWORD)ImageRvaToVa(nt_headers,mod_base, 
 
   (DWORD)export_data->AddressOfFunctions ,0); 
 
  NameOrdinals =(PWORD)ImageRvaToVa(nt_headers,mod_base, 
 
   (DWORD)export_data->AddressOfNameOrdinals ,0); 
 
 
 
  printf("Order FunctionName FunctionAddress
"); 
 
  for (i=0;i<export_data->NumberOfFunctions ;i++) 
 
  { 
 
   func_name = (PCHAR)ImageRvaToVa(nt_headers,mod_base,(DWORD)FunctionsNames[i],0); 
 
   if (IsBadReadPtr (func_name,1)) continue; 
 
   if ((!IsCharAlpha (func_name[0]))&&(!IsCharAlphaNumeric (func_name[0]))) continue; 
 
   if (IsBadCodePtr ((FARPROC)func_name)) continue; 
 
   if (!CheckFunction (func_name)) continue; 
 
   if (strlen(func_name)>32) continue; 
 
  // func_ptr=NULL; 
 
 // if (IsBadReadPtr(&FunctionsPtrs[NameOrdinals[i]],1)) continue; 
 
 // if (NameOrdinals[i]>10000) continue; 
 
    
 
   func_ptr = (PVOID) FunctionsPtrs [NameOrdinals [i]]; 
 
   printf("%d",i); 
 
   char * temp=new char[10]; 
 
   sprintf(temp,"%d",i); 
 
   for(int w=0;w<(18 - (int)strlen(temp));w++) 
 
   printf(" "); 
 
   printf("%s",func_name); 
 
   for (int j=0;j<(50 - (int)strlen(func_name));j++) 
 
   printf(" "); 
 
   printf("%d
",func_ptr); 
 
  } 
 
   
 
  UnmapViewOfFile (mod_base); 
 
  CloseHandle(hFileMap); 
 
  CloseHandle(hFile); 
 
  if (bcp )  
 
   DeleteFile(file_path); 
 
  return 0; 
 
 } 
 
 
 
     ： 
 
 
 
 GetFunction.exe c:\windows\system32
tdll.dll 
 
 
 
        ： 
 
 
 
 Order FunctionName FunctionAddress 
 
 0 CsrAllocateCaptureBuffer 125863 
 
 1 CsrAllocateMessagePointer 125960 
 
 2 CsrCaptureMessageBuffer 160625 
 
 4 CsrCaptureMessageString 132870 
 
 5 CsrCaptureTimeout 329170 
 
 6 CsrClientCallServer 78497 
 
 7 CsrClientConnectToServer 137105 
 
 8 CsrFreeCaptureBuffer 125775 
 
 9 CsrGetProcessId 329159 
 
 10 CsrIdentifyAlertableThread 329026 
 
 11 CsrNewThread 102010 
 
 12 CsrProbeForRead 329299 
 
 13 CsrProbeForWrite 329221 
 
 14 CsrSetPriorityClass 329086 
 
 15 DbgBreakPoint 4656 
 
 16 DbgPrint 197616 
 
 17 DbgPrintEx 125733 
 
 18 DbgPrintReturnControlC 362522 
 
 19 DbgPrompt 362761 
 
 ...