0
我試圖找到從DLL導出的函數的簽名,併爲鉤子定義完全相同的回調函數。C/C++ - 使用__funcsig__宏來獲取函數簽名?
這是我正在研究的當前項目的需要。
以下是我所做的功能位置查找。
HMODULE hModd = LoadLibraryEx("xxx.dll",NULL,DONT_RESOLVE_DLL_REFERENCES);
dosHeader = ((PIMAGE_DOS_HEADER)hModd);
/*if(((PIMAGE_DOS_HEADER)hModd)->e_magic == IMAGE_DOS_SIGNATURE)
MessageBoxA(NULL,"wow","exe",MB_OK);/**/
ntHeader = (PIMAGE_NT_HEADERS)((PBYTE)hModd + ((PIMAGE_DOS_HEADER)hModd)->e_lfanew);
PIMAGE_EXPORT_DIRECTORY exports = (PIMAGE_EXPORT_DIRECTORY)((BYTE *)hModd + ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
PVOID names = (BYTE *)hModd + exports->AddressOfNames;
WORD *pOrds = (WORD*)((BYTE*)hModd + exports->AddressOfNameOrdinals);
DWORD* addr = (DWORD*)((BYTE*)hModd + exports->AddressOfFunctions);
for (int i = 0; i < exports->NumberOfNames; ++i,addr++)
{
char funcName[255];
char const *target = "Test";
ZeroMemory(funcName,sizeof(funcName));
//strcpy(funcName,(char*)((BYTE *)hModd + ((DWORD *)names)[i]));
if(strcmp((char*)((BYTE *)hModd + ((DWORD *)names)[i]),target))
{
printf("Export: %s Address: %X \n", (char*)((BYTE *)hModd + ((DWORD *)names)[i]),*addr);
offsetTarget = *addr;
}
}
如何使用__funcsig__宏來獲取DLL函數簽名?
__funcsig__一般返回封裝它的函數的簽名。
請注意,導出按照字典順序排列,這意味着您可以使用二進制搜索來查找具有特定名稱的導出。不需要線性搜索。 – 2012-08-16 05:49:23