我正在编程一个C / C ++ PE解析库,在其中使用DLL或exe提取有关目录和标头的信息。我的问题是当我提取导出地址并获取函数的地址时,我不知道如何使用该地址将其指向具有导出的导出函数数量的数组
DWORD ExportRVA = PEHeader->optional.data_directory[0].virtual_address;
image_export_directory* Exports = (image_export_directory*)(RVAToOffset(ExportRVA)+BaseAddress);
ExportTable.nNames = Exports->number_of_names;
ExportTable.nFunctions = Exports->number_of_functions;
ExportTable.pFunctions = Exports->address_of_functions;
ExportTable.nNames = Exports->address_of_names;
ExportTable.pNamesOrdinals = Exports->address_of_name_ordinals;
我必须分配一个指向数组的指针吗
DWORD * AddrFunctions;
改变指针地址?
最佳答案
address_of_functions
和address_of_names
字段分别是指向实际函数入口点和名称的RVA数组的RVA,而address_of_name_ordinals
字段是WORD值数组的RVA,例如:
#define RVAToPtr(RVA) ( ((LPBYTE)BaseAddress) + ((DWORD)(RVA)) )
image_export_directory* Exports = (image_export_directory*) RVAToPtr(PEHeader->optional.data_directory[0].virtual_address);
ExportTable.nFunctions = Exports->number_of_functions;
ExportTable.nNames = Exports->number_of_names;
ExportTable.pFunctions = (PDWORD) RVAToPtr(Exports->address_of_functions);
ExportTable.pNames = (PDWORD) RVAToPtr(Exports->address_of_names);
ExportTable.pNamesOrdinals = (PWORD) RVAToPtr(Exports->address_of_name_ordinals);
for (DWORD i = 0; i < ExportTable.nFunctions; ++i)
{
void *FuncPtr = (void*) RVAToPtr(ExportTable.pFunctions[i]);
char* FuncName = (char*) RVAToPtr(ExportTable.pNames[i]);
WORD FuncOrdinal = ExportTable.Base + ExportTable.pNamesOrdinals[i];
...
}
有关更多详细信息,请参见MSDN。
关于c++ - C/C++分配DWORD数组的指针地址,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/12592821/