热门标签
热门文章
- 1iconfont字体图标和各种CSS小图标
- 2pythondcnda算法聚类_ML-hand/5kmeans聚类.ipynb at master · Briareox/ML-hand · GitHub
- 3unity 3D模型展示旋转缩放_unity 模型旋转
- 4CFAR原理详解及其matlab代码实现
- 5OpenCV4.5 dnn模块+QT5.12.9实现人脸识别Demo_cv::facedetectoryn::create
- 6antd源码-form解析(初始化到表单收集校验过程)_antd validatemessages
- 7互动照片墙效果之扩散效果(一)_unity ui 扩散效果
- 8echarts实现3d环形饼状图_echart 3d饼状图
- 9ant-design-vue切换主题+换肤+自定义换肤+less动态换肤_ant-design-vue 在线换肤
- 10vue 循环数组使用el-input,输入一次以后光标不见了,无法输入第二次_el-input数组
当前位置: article > 正文
通过符号文件获取函数地址_解析符号表获取函数地址
作者:笔触狂放9 | 2024-02-28 17:25:17
赞
踩
解析符号表获取函数地址
- //通过符号文件获取函数地址
-
- #include <windows.h>
- #include <stdio.h>
- #include <Dbghelp.h>
- #include <tchar.h>
- #include "ntdll.h"
- #pragma comment(lib,"dbghelp.lib")
-
- //注意:需要这两个文件
- //dbghelp.dll
- //symsrv.dll
-
- //获取函数地址PDB
- ULONG_PTR GetFunctionAddressPDB(HMODULE hMod, const WCHAR * szApiName)
- {
- //定义变量
- BYTE memory[0x2000] = {0};
-
- //参数效验
- if (hMod == NULL)return NULL;
- if (szApiName == NULL)return NULL;
-
-
- ZeroMemory(memory, sizeof(memory));
- SYMBOL_INFOW * syminfo = (SYMBOL_INFOW *)memory;
- syminfo->SizeOfStruct = sizeof(SYMBOL_INFOW);
- syminfo->MaxNameLen = MAX_SYM_NAME;
- syminfo->ModBase = (ULONG_PTR)hMod;
-
- if (!SymFromNameW(GetCurrentProcess(), szApiName, syminfo))
- {
- printf("SymFromName %ws returned error : %d\n", szApiName, GetLastError());
- return 0;
- }
-
- return (ULONG_PTR)syminfo->Address;
- }
-
- //符号获取函数地址
- PVOID SymGetProcAddress(LPCWSTR szDllName, LPCWSTR szApiName)
- {
- //变量定义
- TCHAR symbolPath[0x2000] = { 0 };
- TCHAR szPath[MAX_PATH] = { 0 };
-
- //参数效验
- if (szDllName == NULL)return NULL;
- if (szApiName == NULL)return NULL;
-
-
- GetModuleFileName(0, szPath, ARRAYSIZE(szPath));
- TCHAR * temp = _tcsrchr(szPath, TEXT('\\'));
- if (temp == NULL)return NULL;
- *temp = 0;
- _tcscat_s(symbolPath, TEXT("SRV*"));
- _tcscat_s(symbolPath, szPath);
- _tcscat_s(symbolPath, TEXT("*http://msdl.microsoft.com/download/symbols"));
- SymSetOptions(SYMOPT_UNDNAME | SYMOPT_DEFERRED_LOADS | SYMOPT_FAVOR_COMPRESSED);
- if (!SymInitializeW(GetCurrentProcess(), symbolPath, TRUE))
- {
- return NULL;
- }
-
- HMODULE hDll = GetModuleHandle(szDllName);
- PVOID lpRet = NULL;
- lpRet = (PVOID)GetFunctionAddressPDB(hDll, szApiName);
- SymCleanup(GetCurrentProcess());
-
- return lpRet;
- }
-
-
-
-
- int main(void)
- {
-
- PVOID lpFuntAddressRet = NULL;
- if (GetModuleHandle(TEXT("kernelbase.dll")))
- {
- //高版本系统
- lpFuntAddressRet = SymGetProcAddress(TEXT("ntdll.dll"), TEXT("ZwReadVirtualMemory"));
- //lpRet = SymGetProcAddress(TEXT("ntdll.dll"), TEXT("RtlDispatchAPC"));
- }
- else
- {
- lpFuntAddressRet = SymGetProcAddress(TEXT("kernel32.dll"), TEXT("ZwReadVirtualMemory"));
- //lpRet = SymGetProcAddress(TEXT("kernel32.dll"), TEXT("BaseDispatchAPC"));
- }
- printf("%p", lpFuntAddressRet);
- return 0;
- }
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/笔触狂放9/article/detail/160502
推荐阅读
相关标签
