-
Notifications
You must be signed in to change notification settings - Fork 0
Export Directory
AFP edited this page Jun 20, 2022
·
1 revision
After initialize the PE class, you can access the GetImageExportDirectory method to access the Export Directory.
See the below example:
#include <iostream>
#include <POEX.h> // include POEX header
int main()
{
auto pe = POEX::PE(L"1.dll");
// Access to Image Export Directory
auto ed = pe.GetImageExportDirectory();
// Access to Characteristics field
std::cout << "Characteristics: " << ed.Characteristics() << std::endl;
// Change Characteristics field
ed.Characteristics(10422);
// Print Characteristics field to see the change
std::cout << "Characteristics: " << ed.Characteristics() << std::endl;
return 0;
}You can use the GetExportFunctions method in ImageExportDirectory object.
See the below example:
#include <iostream>
#include <POEX.h> // include POEX header
int main()
{
auto pe = POEX::PE(L"1.dll");
// Access to Image Export Directory
auto ed = pe.GetImageExportDirectory();
// Acess to Export Function
auto efs = ed.GetExportFunctions();
// Print some info about export functions
for (auto ef : efs)
{
std::cout << "function name: " << ef.Name << std::endl;
std::cout << "function address: " << ef.Address << std::endl;
std::cout << "function ordinal: " << ef.Ordinal << std::endl;
std::cout << "function forwareded name: " << ef.ForwardedName << std::endl << std::endl;
}
return 0;
}auto Characteristics() const ->unsigned int;
auto Characteristics(const unsigned int& characteristics)->void;
auto TimeDateStamp() const ->unsigned int;
auto TimeDateStamp(const unsigned int& timeDateStamp)->void;
auto MajorVersion() const ->unsigned short;
auto MajorVersion(const unsigned short& majorVersion)->void;
auto MinorVersion() const ->unsigned short;
auto MinorVersion(const unsigned short& minorVersion)->void;
auto Name() const ->unsigned int;
auto Name(const unsigned int& name)->void;
auto Base() const ->unsigned int;
auto Base(const unsigned int& base)->void;
auto NumberOfFunctions() const ->unsigned int;
auto NumberOfFunctions(const unsigned int& numberOfFunctions)->void;
auto NumberOfNames() const ->unsigned int;
auto NumberOfNames(const unsigned int& numberOfNames)->void;
auto AddressOfFunctions() const ->unsigned int;
auto AddressOfFunctions(const unsigned int& addressOfFunctions)->void;
auto AddressOfNames() const ->unsigned int;
auto AddressOfNames(const unsigned int& addressOfNames)->void;
auto AddressOfNameOrdinals() const ->unsigned int;
auto AddressOfNameOrdinals(const unsigned int& addressOfNameOrdinals)->void;
auto GetExportFunctions()->std::vector<ExportFunction>;std::string Name;
unsigned int Address;
unsigned short Ordinal;
std::string ForwardedName;