PE import table: DLL(name), Functions (name & address)

[JoBlack]

Hello everyone.

I want to make EXE-file to process its own Import Table printing to console DLL names and Functions (including names and addresses).

Mapping file is not an option (CreateFileMapping and MapViewOfFile) as file started is already locating in memory. Also alignment should be according to RVA, not to raw offset.

As I understand ImageBase can be received by GetModuleHandleA(0) function. But I don't know how to proceed further.

Starting with:

HANDLE f = CreateFileA("PEview.exe", GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
HMODULE fMap = GetModuleHandleA(0);
IMAGE_DOS_HEADER* mz_head = (IMAGE_DOS_HEADER*)fMap;
if(mz_head->e_magic != IMAGE_DOS_SIGNATURE) {cout << "Unable to locate MS_DOS_HEADER"; _getch(); exit(0);};
IMAGE_NT_HEADERS* nt_head = (IMAGE_NT_HEADERS*)(fMap + mz_head->e_lfanew);
if(nt_head->Signature != IMAGE_NT_SIGNATURE) {cout << "Unable to locate FILE_NT_HEADER"; _getch(); exit(0);};
and getting an error: Unable to locate FILE_NT_HEADER

Please help.

[gaar321]

To get dll functions names and base address to be processed through you exe why not use

Code:

HMODULE h;
int funcaddress = 0;
h = GetModule("blah.dll");

funcaddress = GetProcAddress(h,"function");

// format funcaddress to hex....... then print it out to screen

[chrisGz]

You can walk the modules list in your process to list the modules. You can then ReadProcessMemory or memcpy and use the ImageNtHeader and other functions to get the information you want.

For more info about module walking: http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx