?????????????????????DLL????????????????У???ЩDLL???????????λ?????????????????г?????????DLL?е??????????????????Щ????????????????????????????????????????????????????????????????λ?á????????????????????????????????滻?????????????????????????ú??????????????????????У????????????????????????????????????????

?????????????????????API?????PE???????к?????????????????????????????????ɡ??????????????

????????????????????????ε?????????????PE???????ε?????????????ImageDirectoryEntryToData.??????

PVOID WINAPI ImageDirectoryEntryToData(

__in   PVOID Base??

__in   BOOLEAN MappedAsImage??

__in   USHORT DirectoryEntry??

__out  PULONG Size );
 


????Base??????????????????????????????GetModuleHandle????????

????MappedAsImage?????true?????????????????????????????????????????????????

????DirectoryEntry???????ε???????????????????????????ε?????????????????????ú??????????ε??????????????? IMAGE_DIRECTORY_ENTRY_IMPORT??????????????ε?????

????Size?????????С????????????

??????????

ULONG size;

HMODULE hModule=GetModuleHandle(NULL);

PIMAGE_IMPORT_DESCRIPTOR pImport=

ImageDirectoryEntryToData(hModule??true??IMAGE_DIRECTORY_ENTRY_IMPORT??&size);

while(pImport->FirstThunk)

{

int i=0;

char *ModuleName=(char*)((BYTE*)hModule+pImport->Name);

PIMAGE_THUNK_DATA pThunk=(PIMAGE_THUNK_DATA)

                                                ((BYTE*)hModule+pImport->FirstThunk);

while(pThunk->u1.Function)

{

                  char*Func=(char*)((BYTE*)hModule+pThunk->u1.AddressOfData+2);

If(Func=="MessageBoxA")

                   {

MessageBox("???????");

                   }

          }

    }