PE32/PE32+ Import table dumper

1. /*
2.     PE32 / PE32+
3.     PE32 / PE64
4.     Dumper Import table
5. */
6. #include <windows.h>
7. #include <winnt.h>
8. #include <stdio.h>
9.  
10. int PE32Plus(char *filename)
11. {
12.  
13.      HANDLE hFile,hFileMap;
14.      DWORD dwImportDirectoryVA,dwSection=0,dwRawOffset;
15.      ULONGLONG dwSectionCount;
16.      LPVOID lpFile;
17.      PIMAGE_DOS_HEADER pDosHeader;
18.      PIMAGE_NT_HEADERS64 pNtHeaders;
19.      
20.      PIMAGE_SECTION_HEADER pSectionHeader;
21.      PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
22.      PIMAGE_THUNK_DATA pThunkData;
23.    
24.      hFile = CreateFile(filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
25.      
26.      if(hFile==INVALID_HANDLE_VALUE)
27.         ExitProcess(1);
28.        
29.      hFileMap = CreateFileMapping(hFile,0,PAGE_READONLY,0,0,0);
30.      lpFile = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0);
31.      
32.      pDosHeader = (PIMAGE_DOS_HEADER)lpFile;
33.         printf("e_magic %x \n", pDosHeader->e_magic);
34.  
35.         printf("%x", pDosHeader->e_cblp);
36.         printf("%x", pDosHeader->e_cp);
37.         printf("%x", pDosHeader->e_crlc);
38.         printf("%x", pDosHeader->e_cparhdr);
39.         printf("%x", pDosHeader->e_maxalloc);
40.         printf("%x", pDosHeader->e_ss);
41.         printf("%x", pDosHeader->e_sp);
42.         printf("%x", pDosHeader->e_ip);
43.         printf("%x", pDosHeader->e_cs);
44.         printf("%x", pDosHeader->e_lfarlc);
45.         printf("%x", pDosHeader->e_ovno);
46.         printf("%x", pDosHeader->e_oemid);
47.         printf("%x", pDosHeader->e_oeminfo);
48.         printf("e_lfanew %x", pDosHeader->e_lfanew);
49.        
50.      pNtHeaders = (PIMAGE_NT_HEADERS64)((DWORD)lpFile+pDosHeader->e_lfanew);    
51.         printf("Signature %x \n", pNtHeaders->Signature);
52.      dwSectionCount = pNtHeaders->FileHeader.NumberOfSections;
53.         printf("pNtHeaders->FileHeader.NumberOfSections %x\n", dwSectionCount);
54.      dwImportDirectoryVA = pNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress;
55.         printf("dwImportDirectoryVA %x\n", dwImportDirectoryVA);
56.      pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pNtHeaders+sizeof(IMAGE_NT_HEADERS64));
57.         printf("pSectionHeader %x\n", pSectionHeader);
58.      for(;dwSection < dwSectionCount && pSectionHeader->VirtualAddress <= dwImportDirectoryVA;pSectionHeader++,dwSection++);
59.      pSectionHeader--;
60.      dwRawOffset = (DWORD)lpFile+pSectionHeader->PointerToRawData;
61.         printf("dwRawOffset %x\n", dwRawOffset);
62.      pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)(dwRawOffset+(dwImportDirectoryVA-pSectionHeader->VirtualAddress));
63.         printf("pImportDescriptor %x\n", pImportDescriptor);
64.      for(;pImportDescriptor->Name!=0;pImportDescriptor++)
65.      {
66.          printf("\nDLL Name : %s \n\n",dwRawOffset+(pImportDescriptor->Name-pSectionHeader->VirtualAddress));
67.          //pThunkData = (PIMAGE_THUNK_DATA)(dwRawOffset+(pImportDescriptor->FirstThunk-pSectionHeader->VirtualAddress));
68.      }
69.              
70.     UnmapViewOfFile(lpFile);
71.     CloseHandle(hFileMap);
72.     CloseHandle(hFile);
73.     return 0;
74. }
75.  
76. int PE32(char *filename)
77. {
78.      
79.      HANDLE hFile,hFileMap;
80.      DWORD dwImportDirectoryVA,dwSectionCount,dwSection=0,dwRawOffset;
81.      LPVOID lpFile;
82.      PIMAGE_DOS_HEADER pDosHeader;
83.      PIMAGE_NT_HEADERS pNtHeaders;
84.      PIMAGE_SECTION_HEADER pSectionHeader;
85.      PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor;
86.      PIMAGE_THUNK_DATA pThunkData;
87.      
88.      hFile = CreateFile(filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
89.      if(hFile==INVALID_HANDLE_VALUE)
90.         ExitProcess(1);
91.        
92.      hFileMap = CreateFileMapping(hFile,0,PAGE_READONLY,0,0,0);
93.      lpFile = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0);
94.      pDosHeader = (PIMAGE_DOS_HEADER)lpFile;
95.      pNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)lpFile+pDosHeader->e_lfanew);
96.      dwSectionCount = pNtHeaders->FileHeader.NumberOfSections;
97.      dwImportDirectoryVA = pNtHeaders->OptionalHeader.DataDirectory[1].VirtualAddress;
98.      pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pNtHeaders+sizeof(IMAGE_NT_HEADERS));
99.      for(;dwSection < dwSectionCount && pSectionHeader->VirtualAddress <= dwImportDirectoryVA;pSectionHeader++,dwSection++);
100.      pSectionHeader--;
101.      dwRawOffset = (DWORD)lpFile+pSectionHeader->PointerToRawData;
102.      pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)(dwRawOffset+(dwImportDirectoryVA-pSectionHeader->VirtualAddress));
103.      for(;pImportDescriptor->Name!=0;pImportDescriptor++)
104.      {
105.          printf("\nDLL Name : %s\n\n",dwRawOffset+(pImportDescriptor->Name-pSectionHeader->VirtualAddress));
106. //         pThunkData = (PIMAGE_THUNK_DATA)(dwRawOffset+(pImportDescriptor->FirstThunk-pSectionHeader->VirtualAddress));
107. //         for(;pThunkData->u1.AddressOfData != 0;pThunkData++)
108. //         printf("\tFunction : %s\n",(dwRawOffset+(pThunkData->u1.AddressOfData-pSectionHeader->VirtualAddress+2)));
109.      }
110.     UnmapViewOfFile(lpFile);
111.     CloseHandle(hFileMap);
112.     CloseHandle(hFile);
113.     return 0;
114. }
115.  
116. int main(int argc, char *argv[])
117. {
118.     DWORD bintype;
119.      if(argc<2)
120.      {
121.        printf("\nUsage : ImportDirParser.exe TargetExe\n");
122.        ExitProcess(0);
123.     }
124.    
125.    
126.     if(GetBinaryType(argv[1], &bintype)  && bintype == SCS_64BIT_BINARY)
127.     {
128.         printf("64Bit file detected... \n");
129.         PE32Plus(argv[1]);
130.     }
131.     else
132.     {
133.             printf("32Bit file detected... \n");
134.             PE32(argv[1]);
135.     }
136. }