Die folgende Funktion gibt in
aList alle exportierten Funktion einer DLL zurück:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
| uses
ImageHlp;
procedure DLLExportsFunc (aFileName: string; aList: tStrings);
type
TDWordArray = array [0..0] of DWORD;
var
ImageInfo: LoadedImage;
pExportDirectory: PImageExportDirectory;
DirSize: Cardinal;
pDummy: PImageSectionHeader;
i: Cardinal;
pNameRVAs: ^TDWordArray;
Name: string;
begin
if MapAndLoad (PChar (aFileName), nil, @ImageInfo, True, True) then
try
pExportDirectory := ImageDirectoryEntryToData (ImageInfo.MappedAddress,
False, IMAGE_DIRECTORY_ENTRY_EXPORT, DirSize);
if (pExportDirectory <> nil) then
Try
pNameRVAs := ImageRvaToVa (ImageInfo.FileHeader, ImageInfo.MappedAddress,
DWORD(pExportDirectory^.AddressOfNames), pDummy);
Except
aList.Add ('ERROR: #' + IntToStr (GetLastError));
End;
for i := 0 to pExportDirectory^.NumberOfNames - 1 do
begin
Name := PChar (ImageRvaToVa (ImageInfo.FileHeader, ImageInfo.MappedAddress,
pNameRVAs^[i], pDummy));
aList.Add (Name);
end;
finally
UnMapAndLoad (@ImageInfo);
end;
end; |
Ein typischer Aufruf könnte so aussehen:
Delphi-Quelltext
1:
2:
3:
4:
| Procedure TForm1.Button1Click(Sender: TObject);
begin
DLLExportsFunc ('c:\test.dll', Listbox1.Items);
end; |
Um die Funktionen von DLLs zu exportieren, die in den eigenen Prozess geladen wurden (z. B. kernel32.dll) hat Assarbad die folgende Procedure geschrieben:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
| uses
ImageHlp;
procedure LoadedDLLExportsFunc (aFileName: string; aList: tStrings);
type
PDWORDArray = ^TDWORDArray;
TDWORDArray = array[0..0] of DWORD;
var
ImageInfo: LoadedImage;
pExportDirectory: PImageExportDirectory;
DirSize: Cardinal;
i: Cardinal;
pNameRVAs: PDWORDArray;
begin
ImageInfo.MappedAddress := PChar (GetModuleHandle (@aFileName[1]));
if Assigned (ImageInfo.MappedAddress) then
try
ImageInfo.FileHeader := ImageNtHeader (ImageInfo.MappedAddress);
pExportDirectory := ImageDirectoryEntryToData (ImageInfo.MappedAddress,
True, IMAGE_DIRECTORY_ENTRY_EXPORT, DirSize);
if (pExportDirectory <> nil) then
begin
try
pNameRVAs := PDWORDArray (PChar (ImageInfo.MappedAddress)
+ DWORD (pExportDirectory^.AddressOfNames));
except
aList.Add ('ERROR: #' + IntToStr (GetLastError));
end;
for i := 0 to pExportDirectory^.NumberOfNames - 1 do
aList.Add (PChar (ImageInfo.MappedAddress) + pNameRVAs^[i]);
end;
finally
end;
End; |
Aufgerufen wird diese Funktion so:
Delphi-Quelltext
1:
2:
3:
4:
| procedure TForm1.Button1Click(Sender: TObject);
begin
LoadedDLLExportsFunc('ntdll.dll', Listbox1.Items);
end; |
![Antworten [gesperrt]](./graphics/navbar/reply.png)
