0
我試圖在kernel32.dll中獲取函數的RVA,並且我得到了導出目錄的偏移量,並將其添加到我的file_map中。但是,當我嘗試對任何PIMAGE_EXPORT_DIRECTORY結構的成員做任何事情時,我的程序崩潰。我甚至無法檢查它是否是沒有崩潰的nullptr。這是我的代碼:訪問PE的PIMAGE_EXPORT_DIRECTORY結構中的任何成員時發生崩潰
#include "Sample.h" //Just contains other headers
#include <dbghelp.h>
#include <imagehlp.h>
int main()
{
char kernel_path[MAX_PATH];
//PIMAGE_DOS_HEADER pDos_hdr = (PIMAGE_DOS_HEADER)GetModuleHandle("kernel32.dll");
//if(pDos_hdr == NULL){printf("Invalid header: %d", (int)GetLastError());}
if(GetModuleFileName(GetModuleHandle("kernel32.dll"), kernel_path, MAX_PATH) == 0)
{
printf("GetModuleFileName failed: %d", (int)GetLastError());
return 1;
}
HANDLE hFile = CreateFile(kernel_path, GENERIC_READ, FILE_SHARE_READ,
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
if(hFile == INVALID_HANDLE_VALUE){printf("Error getting file handle:
%d", (int)GetLastError());return 1;}
HANDLE kernel_map = CreateFileMapping(hFile, NULL,
PAGE_READONLY|SEC_IMAGE, 0, 256, "KernelMap");
LPVOID file_map = MapViewOfFile(kernel_map, FILE_MAP_READ, 0, 0, 0);
if(file_map == 0){printf("Error getting mapped view: %d",
(int)GetLastError());return 1;}
PIMAGE_DOS_HEADER pDos_hdr = (PIMAGE_DOS_HEADER)file_map;
if(pDos_hdr->e_magic == IMAGE_DOS_SIGNATURE){printf("Has MZ signature\n");}
PIMAGE_NT_HEADERS pNt_hdr = (PIMAGE_NT_HEADERS)((char*)file_map+pDos_hdr->e_lfanew);
if(pNt_hdr->Signature == 0x4550){printf("Has PE signature\n");}
IMAGE_OPTIONAL_HEADER opt_hdr = pNt_hdr->OptionalHeader;
IMAGE_DATA_DIRECTORY exp_entry =
opt_hdr.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
PIMAGE_EXPORT_DIRECTORY pExp_dir = (PIMAGE_EXPORT_DIRECTORY)
(((char*)file_map)+exp_entry.VirtualAddress);
// Crashing Code --->
void **func_table = (void**)((char*)file_map+pExp_dir->AddressOfFunctions);
return 0;
}
這就是我所看到的功能文檔。非常感激! –
適合我們最好的:) – Abhineet