48 lines
1.5 KiB
C++
48 lines
1.5 KiB
C++
#pragma once
|
||
#include "afxwin.h"
|
||
|
||
#include "ChooseProcessDlg.h"
|
||
#include <psapi.h>
|
||
#pragma comment(lib, "psapi.lib")
|
||
|
||
// CViewDlg 对话框
|
||
|
||
class CViewDlg : public CDialogEx
|
||
{
|
||
DECLARE_DYNAMIC(CViewDlg)
|
||
private:
|
||
DWORD m_dwID;
|
||
BOOL GetMemoryInfo(DWORD dwID);
|
||
// 获取进程的基址
|
||
BOOL GetProcessBaseAddress(HMODULE *lpBaseAddress, HANDLE hProcess);
|
||
// 从导入表中获取加载的DLL模块名称
|
||
BOOL GetProcessDllName(HANDLE hProcess, HMODULE hBaseAddress, char szDllNameArray[MAX_PATH][MAX_PATH], DWORD &dwDllNum, BOOL b32);
|
||
// 根据导入表和导入表中的函数地址,暴力遍历出加载的DLL的模块基址
|
||
DWORD64 GetProcessDllBaseAddress(HANDLE hProcess, HMODULE hBaseAddress, char szDllName[MAX_PATH], BOOL b32);
|
||
// 根据DLL中的函数地址暴力搜索出DLL的加载基址
|
||
// 原理是:文件是对齐64k(0x10000)装载进内存的,DLL是一个PE结构文件
|
||
DWORD64 GetDllBase(HANDLE hProcess, DWORD64 dwFunctionAddress, BOOL b32);
|
||
// 获取使用到的加载的DLL中的导出函数的地址
|
||
DWORD64 GetFuncInDll(HANDLE hProcess, DWORD64 dwDllBaseAddress, char *lpszFuncName, BOOL b32);
|
||
|
||
|
||
public:
|
||
CViewDlg(CWnd* pParent = NULL); // 标准构造函数
|
||
virtual ~CViewDlg();
|
||
|
||
// 对话框数据
|
||
enum { IDD = IDD_DIALOG_VIEW };
|
||
|
||
protected:
|
||
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV 支持
|
||
|
||
DECLARE_MESSAGE_MAP()
|
||
public:
|
||
afx_msg void OnBnClickedButtonProcess();
|
||
CString m_strProcess;
|
||
CListBox m_ViewList;
|
||
CString m_strDllName;
|
||
CString m_strFunc;
|
||
afx_msg void OnBnClickedButtonGetApi();
|
||
};
|