-
Notifications
You must be signed in to change notification settings - Fork 111
/
Copy pathdump_dlls_export_64.c
40 lines (34 loc) · 1.38 KB
/
dump_dlls_export_64.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include <Windows.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
VOID DumpListOfExport(VOID *lib);
VOID DumpListOfExport(VOID *lib) {
DWORD dwIter = 0;
CHAR* base = lib;
CHAR* PE = base + (unsigned char)*(base + 0x3c);
DWORD ExportDirectoryOffset = *((DWORD*)PE + (0x8a / 4));
CHAR* ExportDirectory = base + ExportDirectoryOffset;
DWORD dwFunctionsCount = *((DWORD*)ExportDirectory + (0x14 / 4));
DWORD OffsetNamesTableOffset = *((DWORD*)ExportDirectory + (0x20 / 4));
DWORD* OffsetNamesTable = base + OffsetNamesTableOffset;
printf("------------------------------------------\nBASE\t\t\t0x%p\t%s\nPE\t\t\t0x%p\t%s\nExportTableOffset\t0x%p\nOffsetNameTable\t\t0x%p\nFunctions Count\t\t0x%x (%d)\n------------------------------------------\n",
base, base, PE, PE, ExportDirectory, OffsetNamesTable, dwFunctionsCount, dwFunctionsCount);
for(dwIter; dwIter < dwFunctionsCount - 1; dwIter++) {
DWORD64 offset = *(OffsetNamesTable + dwIter);
CHAR* current = base + offset;
printf("%s\n", current);
}
}
int main (int argc, char **argv) {
CHAR *dll = argv[1];
HANDLE hDll = LoadLibrary(dll);
printf("Loading %s\n", dll);
if(hDll == NULL) {
ExitProcess(0);
}
DumpListOfExport(hDll);
CloseHandle(hDll);
printf("------------------------------------------\nCompleted\n");
return 0;
}