首页   新闻   小组   威客   人才   下载   博客   代码贴   在线编程   论坛  
注册 | 登录

动态链接库(DLL文件)函数的查看(转)

作者在 2014-03-18 08:18:00 发布以下内容
今天无聊写了这个DLL函数的查看器代码,也许有人用得上,顺便也复习下PE结构!

VFP CODE:

***本代码由行者SCX2PRG自动转换***
PUBLIC LaodForm
    LaodForm=CreateObject("MyForm")
    LaodForm.Show
RETURN
*-------------------------------------------------------------*
*-VFP应用程式算法群:12787940 行者孙:310727570-*
*-------------------------------------------------------------*
DEFINE CLASS MyForm AS form
Visible=.T.
Top = 63
Left = 274
Height = 324
Width = 385
DoCreate = .T.
Picture =" "
Caption = "DLL函数查看器-行者示例"
Name = "Form1"
PROCEDURE Init
    This.AddObject("Dataenvironment","ClassName1")
    This.AddObject("Command5","ClassName2")
    This.AddObject("List","ClassName3")
    This.AddObject("Text1","ClassName4")
    ThisForm.List.View=3
    ThisForm.List.fullRowSelect= .T.
    ThisForm.List.appearance=0
    ThisForm.List.ColumnHeaders.Add(1,"C1","序号",40,0)
    ThisForm.List.ColumnHeaders.Add(2,"C2","函数名称",200,0)
    ThisForm.List.ColumnHeaders.Add(3,"C3","函数地址",120,0)
ENDPROC
ENDDEFINE
DEFINE CLASS ClassName1 AS dataenvironment
Visible=.T.
Top = 0
Left = 0
Width = 0
Height = 0
DataSource = .NULL.
Name = "Dataenvironment"
ENDDEFINE
DEFINE CLASS ClassName2 AS commandbutton
Visible=.T.
Top = 12
Left = 12
Height = 25
Width = 60
Caption = "开打文件"
Name = "Command5"
PROCEDURE Click
DECLARE Long ImageDirectoryEntryToData IN imagehlp Long, long, long, Long@
DECLARE INTEGER CloseHandle IN kernel32 INTEGER hObject
DECLARE INTEGER LoadLibrary IN kernel32;
    STRING lpLibFileName
DECLARE INTEGER FreeLibrary IN kernel32;
        INTEGER hLibModule
DECLARE Long ImageDirectoryEntryToData IN imagehlp long HANDLE,long,long,Long @
DECLARE integer GetProcAddress IN WIN32API integer hModule, string procname
GENERIC_READ=0x80000000
FILE_SHARE_READ = 1
FILE_SHARE_WRITE=2
OPEN_EXISTING = 3
FILE_ATTRIBUTE_NORMAL = 0x80
IMAGE_DIRECTORY_ENTRY_EXPORT =0
DllFile=GETFILE('dll')
IF FILE(DllFile)
    thisform.text1.Value=DllFile
    hLibModule=LoadLibrary(DllFile)
    IF hLibModule>0
        ulSize=0
        AdrEXPORT=ImageDirectoryEntryToData(hLibModule,1,IMAGE_DIRECTORY_ENTRY_EXPORT,@ulSize)
        IF AdrEXPORT>0
            EXPORT_DIRECTORY=SYS(2600,AdrEXPORT,ulSize)
            NumberOfFunctions=CTOBIN(SYS(2600,AdrEXPORT+24,4),'4rs')&&函数数量
            FunctionsAdress=AdrEXPORT+44&&函数虚拟偏移地址开始地址
            dPtr=4*NumberOfFunctions*2+NumberOfFunctions*2-4&&计算从函数虚拟地址到函数名列表地址的字节数
            NamePtr=FunctionsAdress+dPtr&&得到函数名称列表编译地址
            NameStr=SYS(2600,NamePtr,ulSize-dPtr-44)
            NameStr=0h00+namestr
            ThisForm.List.ListItems.Clear
            FOR i=2 TO NumberOfFunctions+1&&往LISTVIEW中添加记录
                DllName=STREXTRACT(namestr,0h00,0h00,i)
                DllEnty=transform(GetProcAddress(hLibModule,DllName)-hLibModule,'@0')
                sd=ThisForm.List.ListItems.Add(i-1,"Co"+ALLTRIM(STR(i)),ALLTRIM(STR(i-1)))
                sd.SubItems(1)=STRCONV(DllName,11)&&注意:这里DllName是UTF8编码,所以要转换,不然出现乱码,SQL有时出现乱码也是因此。
                sd.SubItems(2)=ALLTRIM(DllEnty)
            ENDF
        ENDI
    FreeLibrary(hLibModule)
    ENDIF
ENDI
ENDPROC
ENDDEFINE
DEFINE CLASS ClassName3 AS olecontrol
    OleClass="MSComctlLib.ListViewCtrl.2"
    Visible=.T.
    Top = 48
    Left = 12
    Height = 264
    Width = 360
    Name = "List"
ENDDEFINE
DEFINE CLASS ClassName4 AS textbox
    Visible=.T.
    FontSize = 10
    Height = 24
    Left = 72
    Top = 12
    Width = 300
    Name = "Text1"
ENDDEFINE

Image:
vfp | 阅读 5975 次
收藏
文章评论,共0条
游客请输入验证码
tlliqi的博客

tlliqi
浏览112628次
文章分类
文章归档
最新评论