今天逆向破解firefox浏覽器中保存的賬號及密碼,因為firefox對賬號的信息不斷的提高安全性,所以之前破解中需要用到的一個導出函數不知被封裝到那個dll中了,但firefox安裝目錄下又有許多的dll,一個一個的使用loadPe工具去查找太麻煩了,於是就編寫了一個小程序去遍歷文件夾下所有的dll的導出表中的函數名稱並打印出來。
頭文件:
#include實現函數:#include #include #pragma comment(lib, "imagehlp.lib ")
void ShowExportFuncsInfo( char* szName )
{
HANDLE hFile;
HANDLE hMapping;
LPVOID ImageBase;
DWORD dwDataStartRVA;
PIMAGE_DOS_HEADER pDH;
PIMAGE_NT_HEADERS pNtH= NULL;
PIMAGE_OPTIONAL_HEADER pOH= NULL;
PIMAGE_EXPORT_DIRECTORY pExportDir= NULL;
PDWORD pdwRvas, pdwNames;
PWORD pwOrds;
UINT iNumOfName=0;
char *szFuncName;
BOOL bIsByName=FALSE;;
hFile=CreateFile(szName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,0);
if (!hFile)
return ;
hMapping=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(!hMapping)
{
CloseHandle(hFile);
return ;
}
ImageBase=MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0);
if(!ImageBase)
{
CloseHandle(hMapping);
CloseHandle(hFile);
return ;
}
pDH=(PIMAGE_DOS_HEADER)ImageBase;
if(pDH->e_magic!=IMAGE_DOS_SIGNATURE)
return ;
pNtH=(PIMAGE_NT_HEADERS32)((DWORD)pDH+pDH->e_lfanew);
if (pNtH->Signature != IMAGE_NT_SIGNATURE )
return ;
pOH=&pNtH->OptionalHeader;
if(!pOH)
return ;
dwDataStartRVA=pOH->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
if(!dwDataStartRVA)
return ;
pExportDir=(PIMAGE_EXPORT_DIRECTORY)ImageRvaToVa(pNtH,ImageBase,dwDataStartRVA, NULL);
if(!pExportDir)
return ;
pwOrds = (PWORD)ImageRvaToVa(pNtH, ImageBase,pExportDir->AddressOfNameOrdinals, NULL);
pdwRvas = (PDWORD)ImageRvaToVa(pNtH, ImageBase,pExportDir->AddressOfFunctions, NULL);
pdwNames = (PDWORD)ImageRvaToVa(pNtH, ImageBase,pExportDir->AddressOfNames, NULL);
iNumOfName=pExportDir->NumberOfNames;
for(int i=0;iNumberOfFunctions;i++)
{
if(*pdwRvas)
{
for(int j=0;jBase+i), (*pdwRvas), szFuncName);
}
++pdwRvas;
}
if(ImageBase)
UnmapViewOfFile(ImageBase);
if(hMapping)
CloseHandle(hMapping);
if(hFile)
CloseHandle(hFile);
}
調用函數:
int main()
{
WIN32_FIND_DATA FindData;
HANDLE hFind;
char FilePathName[MAX_PATH];
char FullPathName[MAX_PATH];
if (__argc !=2)
{
return 0;
}
strcpy(FilePathName, __argv[1]);
strcat(FilePathName, "\\*.dll");
hFind = FindFirstFile(FilePathName, &FindData);
if (hFind == INVALID_HANDLE_VALUE)
{
return 0;
}
while(::FindNextFile(hFind, &FindData))
{
if (strcmp(FindData.cFileName, ".") == 0
|| strcmp(FindData.cFileName, "..") == 0 )
{
continue;
}
if (FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
{
continue;
}
sprintf(FullPathName, "%s\\%s", __argv[1],FindData.cFileName);
printf("\n%s\n", FullPathName);
ShowExportFuncsInfo(FullPathName);
}
getchar();
return 0;
}
