嗨,我的程序中有这两条代码:
PIMAGE_IMPORT_DESCRIPTOR PE::GetImportedLibInfo(LPSTR libName )
{
PIMAGE_DOS_HEADER doshdr = (PIMAGE_DOS_HEADER)EntryPoint;
PIMAGE_NT_HEADERS nthdr = (PIMAGE_NT_HEADERS)((DWORD)doshdr + doshdr->e_lfanew);
DWORD tmp =nthdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
DWORD Rva = RvaToOffset((DWORD)tmp);
if(Rva != -1)
{
Rva += EntryPoint;
PIMAGE_IMPORT_DESCRIPTOR iid =(PIMAGE_IMPORT_DESCRIPTOR)(DWORD)Rva;
while(iid->Characteristics)
{
char* dll = (char*)((DWORD_PTR)RvaToOffset(iid->Name)+ EntryPoint);
DWORD res=lstrcmp((LPCSTR)dll,(LPCSTR)libName);
if(res == 0)
{
return iid;
}
iid ++;
}
}
return NULL;
}
VOID FillLibInfo(PIMAGE_IMPORT_DESCRIPTOR iiD)
{
if(iiD != NULL)
{
char* buff[20];
wsprintf((LPSTR)&buff,"%08lX",(DWORD)iiD->OriginalFirstThunk);
SetDlgItemText(hImpDlg,IDC_EDIT1,(LPCSTR)&buff);
wsprintf((LPSTR)&buff,"%08lX",(DWORD)iiD->TimeDateStamp);
SetDlgItemText(hImpDlg,IDC_EDIT2,(LPCSTR)&buff);
wsprintf((LPSTR)&buff,"%08lX",(DWORD)iiD->ForwarderChain);
SetDlgItemText(hImpDlg,IDC_EDIT3,(LPCSTR)&buff);
wsprintf((LPSTR)&buff,"%08lX",(DWORD)iiD->FirstThunk);
SetDlgItemText(hImpDlg,IDC_EDIT4,(LPCSTR)&buff);
}
}
然后我这样使用它:
FillLibInfo(GetImportedLibInfo("MyLibName"));
附加的是我的文本框在我通过鼠标悬停它们之前不会实现文本
在几次调用GetImportedLibInfo()程序崩溃之后。我认为这是堆栈损坏的东西......
有人可以给我一个提示吗?
@编辑:
PE类定义:
class PE
{
private:
DWORD ptrImgDosHeader;
DWORD RvaToOffset(DWORD Rva);
DWORD RvaToMemory(DWORD Rva);
public:
DWORD EntryPoint;
PE(DWORD ptrMemory);
~PE();
VOID EnumSections(BOOL (*ptrCallBack)(PIMAGE_SECTION_HEADER));
VOID EnumImports(BOOL (*ptrCallBack)(LPSTR,DWORD),DWORD);
VOID EnumImportedFunctionsFromLib(LPSTR,BOOL (*ptrCallBack)(LPSTR,LPSTR));
VOID EnumExportedFunctions(BOOL (*ptrCallBack)(LPSTR,LPSTR,LPSTR));
WORD GetPeType();
DWORD ValidatePE();
DWORD ValidateNtHeader();
PIMAGE_IMPORT_DESCRIPTOR GetImportedLibInfo(LPSTR lib);
};