r3L4x
asked on
Listing the Export Address Table (EAT) - IMAGE_EXPORT_DIRECTORY
Ok, i have code im trying to write the export address table in C++, and i am utterly confused. I have the Import Address Table listing pretty much down pat, but EAT seems to be different.
Here is code i have so far:
void main()
{
HINSTANCE hInstance;
hInstance = GetModuleHandle("kernel32. dll");
IMAGE_DOS_HEADER *dosHeader;
dosHeader = (IMAGE_DOS_HEADER *)hInstance;
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(0, "1", "", 0);
// return NULL;
}
IMAGE_NT_HEADERS *ntHeaders = (IMAGE_NT_HEADERS *)(((BYTE *)dosHeader) + dosHeader->e_lfanew);
if (ntHeaders->Signature != 0x00004550)
{
MessageBox(0, "2", "", 0);
// return NULL;
}
IMAGE_OPTIONAL_HEADER *optionalHeader = &ntHeaders->OptionalHeader ;
IMAGE_DATA_DIRECTORY *dataDirectory = &optionalHeader->DataDirec tory[IMAGE _DIRECTORY _ENTRY_EXP ORT];
IMAGE_EXPORT_DIRECTORY *Exp;
Exp = (IMAGE_EXPORT_DIRECTORY *)((DWORD)dosHeader + dataDirectory->VirtualAddr ess);
IMAGE_SECTION_HEADER * section;
//section = (IMAGE_SECTION_HEADER *);
char blah[100];
int count = 1;
//for(count = 1; count == Exp->NumberOfFunctions; count++)
//{
//sprintf(blah, "Names: %d", Exp->AddressOfFunctions[co unt]);
PSTR * Name;
Name = (PSTR *)((DWORD)Exp->AddressOfNa mes + dosHeader->e_lfanew);
sprintf(blah, "Name:%s\nNum of Functs:%d\nBase: %d Addr:%d", &Name, Exp->NumberOfFunctions, Exp->Base, Exp->AddressOfFunctions);
MessageBox(0, blah, "", 0);
//Exp++;
//sprintf(blah, "Poo:%d\nName:%d \nNum of Functs%d\nBase: %d", endExportEntry,Exp->Name, Exp->NumberOfFunctions, Exp->Base);
//MessageBox(0, blah, "", 0);
//count++;
//}
}
sorry if this is incomplete my code so far is extremely messy!
As you can tell with the 500 points, i would REALLY appreciate some help..
Here is code i have so far:
void main()
{
HINSTANCE hInstance;
hInstance = GetModuleHandle("kernel32.
IMAGE_DOS_HEADER *dosHeader;
dosHeader = (IMAGE_DOS_HEADER *)hInstance;
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(0, "1", "", 0);
// return NULL;
}
IMAGE_NT_HEADERS *ntHeaders = (IMAGE_NT_HEADERS *)(((BYTE *)dosHeader) + dosHeader->e_lfanew);
if (ntHeaders->Signature != 0x00004550)
{
MessageBox(0, "2", "", 0);
// return NULL;
}
IMAGE_OPTIONAL_HEADER *optionalHeader = &ntHeaders->OptionalHeader
IMAGE_DATA_DIRECTORY *dataDirectory = &optionalHeader->DataDirec
IMAGE_EXPORT_DIRECTORY *Exp;
Exp = (IMAGE_EXPORT_DIRECTORY *)((DWORD)dosHeader + dataDirectory->VirtualAddr
IMAGE_SECTION_HEADER * section;
//section = (IMAGE_SECTION_HEADER *);
char blah[100];
int count = 1;
//for(count = 1; count == Exp->NumberOfFunctions; count++)
//{
//sprintf(blah, "Names: %d", Exp->AddressOfFunctions[co
PSTR * Name;
Name = (PSTR *)((DWORD)Exp->AddressOfNa
sprintf(blah, "Name:%s\nNum of Functs:%d\nBase: %d Addr:%d", &Name, Exp->NumberOfFunctions, Exp->Base, Exp->AddressOfFunctions);
MessageBox(0, blah, "", 0);
//Exp++;
//sprintf(blah, "Poo:%d\nName:%d \nNum of Functs%d\nBase: %d", endExportEntry,Exp->Name, Exp->NumberOfFunctions, Exp->Base);
//MessageBox(0, blah, "", 0);
//count++;
//}
}
sorry if this is incomplete my code so far is extremely messy!
As you can tell with the 500 points, i would REALLY appreciate some help..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help! My question is answered :D
HINSTANCE hInstance;
hInstance = GetModuleHandle("kernel32.
IMAGE_DOS_HEADER *dosHeader;
dosHeader = (IMAGE_DOS_HEADER *)hInstance;
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(0, "1", "", 0);
return 1;
}
IMAGE_NT_HEADERS *ntHeaders = (IMAGE_NT_HEADERS *)(((BYTE *)dosHeader) + dosHeader->e_lfanew);
if (ntHeaders->Signature != 0x00004550)
{
MessageBox(0, "2", "", 0);
return 1;
}
IMAGE_OPTIONAL_HEADER *optionalHeader = &ntHeaders->OptionalHeader
IMAGE_DATA_DIRECTORY *dataDirectory = &optionalHeader->DataDirec
IMAGE_EXPORT_DIRECTORY *Exp;
Exp = (IMAGE_EXPORT_DIRECTORY *)((DWORD)dosHeader + dataDirectory->VirtualAddr
IMAGE_SECTION_HEADER *section;
char blah[100];
int count = 1;
char * Name;
Name = (char *)((DWORD)Exp->Name + (DWORD)dosHeader);
sprintf(blah, "Name:%s\nNum of Functs:%d\nBase: %d Addr:%d\n", Name, Exp->NumberOfFunctions, Exp->Base, Exp->AddressOfFunctions);
std::cout << blah << std::endl;
for(count = 0; count < Exp->NumberOfNames; count++) // Can't use number of Functions - may not be the same because may export by ordinal
{
Name += ::strlen(Name); // skip current name
Name += 1; // skip null terminator
std::cout << Name << std::endl;
}
You were quite close - a few typos and a couple of incorrect values.