Well, I modified your code a bit as per maxorator's excellent description of the problem. It now displays the import table.
Code:
#include <windows.h>
#include <stdio.h>
DWORD Rva2Offset(DWORD dwRva, PIMAGE_SECTION_HEADER dwSectionRva, USHORT uNumberOfSections)
{
for (USHORT i=0; i<uNumberOfSections; i++)
{
if (dwRva >= dwSectionRva->VirtualAddress)
{
if (dwRva < dwSectionRva->VirtualAddress + dwSectionRva->Misc.VirtualSize)
{
return (DWORD)(dwRva - dwSectionRva->VirtualAddress + dwSectionRva->PointerToRawData) ;
}
}
dwSectionRva ++ ;
}
return (DWORD)-1 ;
}
int MapFileRead(LPCTSTR szFileName)
{
/* variable declare section */
USHORT uNumberOfSections ;
HANDLE hFile, hMapping;
DWORD dwFileSize;
DWORD dwImportTableVirtualAddress ;
DWORD dwImportTableVirtualSize ;
LPVOID lpView;
HANDLE hMapFile;
PIMAGE_NT_HEADERS pimage_nt_headers;
PIMAGE_DATA_DIRECTORY pimage_data_directory ;
PIMAGE_OPTIONAL_HEADER pimage_optional_header ;
PIMAGE_IMPORT_DESCRIPTOR pimage_import_desciptor ;
PIMAGE_SECTION_HEADER pimage_import_section_header ;
PIMAGE_THUNK_DATA pimage_thunk_data ;
PIMAGE_IMPORT_BY_NAME pimage_import_by_name ;
PIMAGE_SECTION_HEADER pimage_section_header ;
/* hFile is the handle to the calc.exe returned by createfile function */
hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL,OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
return -1;
}
dwFileSize = GetFileSize(hFile, NULL);
if (INVALID_FILE_SIZE == dwFileSize)
{
CloseHandle(hFile);
return -1;
}
hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (NULL == hMapping)
{
CloseHandle(hFile);
return -1;
}
lpView = (LPTSTR)MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0);
PIMAGE_DOS_HEADER pimage_dos_header = PIMAGE_DOS_HEADER(lpView);
pimage_nt_headers = (PIMAGE_NT_HEADERS)
(pimage_dos_header + pimage_dos_header->e_lfanew);
if (pimage_dos_header->e_magic == IMAGE_DOS_SIGNATURE)
{
pimage_nt_headers = (PIMAGE_NT_HEADERS) ((DWORD)lpView + pimage_dos_header->e_lfanew) ;
}
else return NULL;
if (pimage_nt_headers->Signature == IMAGE_NT_SIGNATURE)
{
uNumberOfSections = pimage_nt_headers->FileHeader.NumberOfSections ;
}
else return -1;
pimage_optional_header = &pimage_nt_headers->OptionalHeader ;
pimage_data_directory = pimage_optional_header->DataDirectory ;
++pimage_data_directory;
dwImportTableVirtualAddress = pimage_data_directory->VirtualAddress ;
dwImportTableVirtualSize = pimage_data_directory->Size ;
pimage_section_header = (PIMAGE_SECTION_HEADER) ((DWORD) lpView + pimage_dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS)) ;
pimage_import_section_header = pimage_section_header ;
if (dwImportTableVirtualSize != 0)
{
pimage_import_desciptor = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD) lpView + Rva2Offset(dwImportTableVirtualAddress, pimage_import_section_header, uNumberOfSections)) ;
printf("\nIMAGE_IMPORT_DESCRIPTOR\n") ;
while (pimage_import_desciptor->Name != NULL)
{
printf("Name ") ;
printf("%s\n", (char *)((DWORD) lpView + Rva2Offset(pimage_import_desciptor->Name, pimage_import_section_header, uNumberOfSections))) ;
printf("OriginalFirstThunk %08lX\n", pimage_import_desciptor->OriginalFirstThunk) ;
printf("TimeDateStamp %08lX\n", pimage_import_desciptor->TimeDateStamp) ;
printf("ForwarderChain %08lX\n", pimage_import_desciptor->ForwarderChain) ;
printf("FirstThunk %08lX\n", pimage_import_desciptor->FirstThunk) ;
if (pimage_import_desciptor->OriginalFirstThunk != 0)
{
pimage_thunk_data = (PIMAGE_THUNK_DATA) ((DWORD) lpView + Rva2Offset(pimage_import_desciptor->OriginalFirstThunk, pimage_import_section_header, uNumberOfSections)) ;
}
else
{
pimage_thunk_data = (PIMAGE_THUNK_DATA) ((DWORD) lpView + Rva2Offset(pimage_import_desciptor->FirstThunk, pimage_import_section_header, uNumberOfSections)) ;
}
printf("\nHint Function\n") ;
while (pimage_thunk_data->u1.Ordinal != 0)
{
pimage_import_by_name = (PIMAGE_IMPORT_BY_NAME) ((DWORD) lpView + Rva2Offset(pimage_thunk_data->u1.Function, pimage_import_section_header, uNumberOfSections)) ;
if (pimage_thunk_data->u1.Ordinal & IMAGE_ORDINAL_FLAG32)
{
printf("Hint %08lX\n", pimage_thunk_data->u1.Ordinal - IMAGE_ORDINAL_FLAG32) ;
}
else
{
printf("%08lX %s\n", pimage_import_by_name->Hint, pimage_import_by_name->Name) ;
}
pimage_thunk_data ++ ;
}
printf("\n") ;
pimage_import_desciptor ++ ;
}
}
else
{
printf("No Import Table!\n") ;
}
CloseHandle(hMapping);
CloseHandle(hFile);
return 0;
}
int main(void)
{
MapFileRead(TEXT("C:\\WINDOWS\\system32\\calc.exe"));
return 0;
}