#include "windows.h" #include "iostream.h" #include "Dbghelp.h" #include "Psapi.h" #pragma comment(lib,"Psapi.lib") #pragma comment(lib,"Dbghelp.lib") #define SizeOfArray 32//枚举模块的数组大小 HMODULE hModuleArray[SizeOfArray]={0};//定义了枚举模块数组 DWORD dwNeed; main() { ULONG size; if(!EnumProcessModules(GetCurrentProcess(),hModuleArray,SizeOfArray,&dwNeed)) {cout<<"fail to enum modules"<<endl; return;} int i=0;//上一句为枚举当前进程中的模块 while(hModuleArray[i]) { PIMAGE_IMPORT_DESCRIPTOR pImport=(PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData((HINSTANCE)hModuleArray[i],true,IMAGE_DIRECTORY_ENTRY_IMPORT,&size); //上一句为获得导入表 if (pImport==NULL) {cout<<endl;break;} while (pImport->Name)//根据导入表来循环得到导入模块和导入函数 { cout<<"模块名称:"<<(PSTR)((PBYTE)hModuleArray[i]+pImport->Name)<<endl; PIMAGE_THUNK_DATA pThunk =(PIMAGE_THUNK_DATA) ((PBYTE)hModuleArray[i]+pImport->OriginalFirstThunk);//IAT //在一个模块下获得第一个Thunk if (pThunk==NULL) break; while(pThunk->u1.Function) { cout<<" 导入函数:"<<(LPSTR)((PBYTE)hModuleArray[i]+(DWORD)pThunk->u1.AddressOfData+2)<<endl;//前两个为导入符号。导入函数的名称在之后所以加上2 pThunk++; } pImport++; } i++; } system("pause");//暂停 }