0

因此,我将 paltalk.exe 作为参数加载到我的 c++ 命令行程序中,并得到以下输出:

 [Walk_Imports]: Imported DLL [0] WSOCK32.dll 
--------------------------------------------------
 [Import_By_Ordinal]: address: 80000016 
 [Import_By_Ordinal]: address: 80000003 
 [Import_By_Ordinal]: address: 80000073 
 [Import_By_Ordinal]: address: 80000017 
 [Import_By_Ordinal]: address: 80000015 
 [Import_By_Ordinal]: address: 8000000B 
 [Import_By_Ordinal]: address: 80000014 
 [Import_By_Ordinal]: address: 8000000E 
 [Import_By_Ordinal]: address: 8000000A 
 [Import_By_Ordinal]: address: 80000034 
 [Import_By_Ordinal]: address: 80000011 
 [Import_By_Ordinal]: address: 80000013 
 [Import_By_Ordinal]: address: 80000010 
 [Import_By_Ordinal]: address: 80000009 
 [Import_By_Ordinal]: address: 80000002 
 [Import_By_Ordinal]: address: 80000008 
 [Import_By_Ordinal]: address: 8000006F 
 [Import_By_Ordinal]: address: 80000097 
 [Import_By_Ordinal]: address: 80000012 
 [Import_By_Ordinal]: address: 80000004 
 [Import_By_Ordinal]: address: 8000000F 
 [Import_By_Ordinal]: address: 8000000C 

 22 functions imported (22 ordinal)

Paltalk 导入 wsock32.dll 好消息。我走过它的进口,我看到所有的序号。

如何获取这些导入序号名称并使用 c 或 c++ 加载 wsock32.dll 并遍历其导出表以将序号名称与相应的函数名称匹配?

我希望这是足够的信息来解决我的问题。如果没有,我可以添加更多信息。

谢谢

4

1 回答 1

1

关于 Portable Executable 基础设施的如此广泛的问题,请查看 Matt Pietrek http://www.wheaty.net以及他如何在 PEDUMP 中实现对此类细节的检索(提供的代码)。

于 2013-01-05T09:04:46.840 回答