-
-
[求助]再次向大家请教一个问题
-
2008-4-13 16:21
3563
-
跟刚才请教的拿个问题差不多,晕,,,,,,
PCSTR Ntdll_Func_Name[320];------------------>>>>>关键一,全局
VOID ListNtdllFunction(IN PVOID Addr)
{
HANDLE hMod;
IMAGE_DOS_HEADER * dosheader;
IMAGE_OPTIONAL_HEADER * opthdr;
PIMAGE_EXPORT_DIRECTORY exports;
ULONG addr, i;
PUCHAR pFuncName = NULL;
PULONG pAddressOfNames;
hMod=Addr;
dosheader = (IMAGE_DOS_HEADER *)hMod;
opthdr =(IMAGE_OPTIONAL_HEADER *) ((BYTE*)hMod+dosheader->e_lfanew+24);
exports = (PIMAGE_EXPORT_DIRECTORY)((BYTE*)dosheader+ opthdr->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
pAddressOfNames=(ULONG*)((BYTE*)hMod+exports->AddressOfNames);
for (i = 0; i < exports->NumberOfNames; i++)
{
int u=0;
pFuncName = (PUCHAR)( (BYTE*)hMod + pAddressOfNames[i]);
if ( 'N' == pFuncName[0] && 't' == pFuncName[1] )
{
Ntdll_Func_Name
=pFuncName;
DbgPrint(" %s \n",Ntdll_Func_Name);---------->>>>关键二.输出正常
u++;
}
}
DbgPrint(" %s \n",Ntdll_Func_Name[1]);-------->>>>问题:输出是NULL,为什么??
}
今天被此类问题搞晕了,以前好像没遇到过....菜啊!!!!!
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
