This article describes the C + + acquisition of the current process Iat method, share for everyone to reference.
The implementation methods are as follows:
Copy Code code as follows:
#include <windows.h>
#include <stdio.h>
int main (int argc, char* argv[])
{
Hmodule hmodule =:: Getmodulehandlea (NULL);
image_dos_header* Pdosheader = (image_dos_header*) hmodule;
image_optional_header* Popntheader = (image_optional_header*) ((byte*) hmodule + pdosheader->e_lfanew + 24); Add 24 here.
image_import_descriptor* Pimportdesc = (image_import_descriptor*) ((byte*) hmodule + popntheader->datadirectory[ Image_directory_entry_import]. virtualaddress);
while (Pimportdesc->firstthunk)
{
char* pszdllname = (char*) ((byte*) hmodule + pimportdesc->name);
printf ("Module name:%s\n", pszdllname);
DWORD n = 0;
A image_thunk_data is an import function
image_thunk_data* Pthunk = (image_thunk_data*) ((byte*) hmodule + pimportdesc->originalfirstthunk);
while (PTHUNK->U1. Function)
{
Get function name
char* pszfuncname = (char*) (byte*) hmodule+pthunk->u1. ADDRESSOFDATA+2); The function name is preceded by two.
printf ("Function name:%-25s,", pszfuncname);
Get function Address
Pdword lpaddr = (dword*) ((byte*) hmodule + pimportdesc->firstthunk) + N; From the address of the first function, after each + 4 bytes
printf ("addrss:%x\n", lpaddr);
n++; Add one DWORD at a time
pthunk++;
}
printf ("\ n");
pimportdesc++;
}
return 0;
}
I hope this article will help you with the C + + program design.