C/C++分配DWORD數組的指針地址

Question

我正在編寫一個C/C++ PE解析庫，我使用DLL或exe來提取有關目錄和頭文件的信息。我prblem是當我解壓的出口地址，並得到函數的地址，我不知道如何使用該地址指向它與導出功能數量陣列導出

DWORD ExportRVA = PEHeader->optional.data_directory[0].virtual_address; 
image_export_directory* Exports = (image_export_directory*)(RVAToOffset(ExportRVA)+BaseAddress); 

ExportTable.nNames = Exports->number_of_names; 
ExportTable.nFunctions = Exports->number_of_functions; 
ExportTable.pFunctions = Exports->address_of_functions; 
ExportTable.nNames = Exports->address_of_names; 
ExportTable.pNamesOrdinals = Exports->address_of_name_ordinals; 

我必須分配一個指向數組的指針，如

DWORD * AddrFunctions; 

更改指針地址？

Answer 1

的address_of_functions和address_of_names字段的RVAs到的RVAs的陣列以分別實際函數入口點和名稱，而address_of_name_ordinals字段是RVA到WORD值的數組，例如：

#define RVAToPtr(RVA) (((LPBYTE)BaseAddress) + ((DWORD)(RVA))) 

image_export_directory* Exports = (image_export_directory*) RVAToPtr(PEHeader->optional.data_directory[0].virtual_address); 

ExportTable.nFunctions = Exports->number_of_functions; 
ExportTable.nNames = Exports->number_of_names; 
ExportTable.pFunctions = (PDWORD) RVAToPtr(Exports->address_of_functions); 
ExportTable.pNames = (PDWORD) RVAToPtr(Exports->address_of_names); 
ExportTable.pNamesOrdinals = (PWORD) RVAToPtr(Exports->address_of_name_ordinals); 

for (DWORD i = 0; i < ExportTable.nFunctions; ++i) 
{ 
    void *FuncPtr = (void*) RVAToPtr(ExportTable.pFunctions[i]); 
    char* FuncName = (char*) RVAToPtr(ExportTable.pNames[i]); 
    WORD FuncOrdinal = ExportTable.Base + ExportTable.pNamesOrdinals[i]; 
    ... 
} 

參見到MSDN瞭解更多詳情。