C/C++ 分配 DWORD 数组的指针地址

Question

我正在编写一个 C/C++ PE 解析库，我在其中使用 DLL 或 exe 来提取有关目录和标题的信息。我的问题是当我提取导出地址并获取函数的地址时，我不知道如何使用该地址将其指向具有导出的导出函数数量的数组

DWORD ExportRVA = PEHeader->optional.data_directory[0].virtual_address;
image_export_directory* Exports = (image_export_directory*)(RVAToOffset(ExportRVA)+BaseAddress);

ExportTable.nNames = Exports->number_of_names;
ExportTable.nFunctions = Exports->number_of_functions;
ExportTable.pFunctions = Exports->address_of_functions;
ExportTable.nNames = Exports->address_of_names;
ExportTable.pNamesOrdinals = Exports->address_of_name_ordinals;

我是否必须分配一个指向数组的指针，例如

DWORD * AddrFunctions;

改变指针地址？

Answer 1

address_of_functions 和 address_of_names 字段分别是实际函数入口点和名称的 RVA 数组的 RVA，而 address_of_name_ordinals 字段是 WORD 值数组的 RVA，例如：

#define RVAToPtr(RVA) ( ((LPBYTE)BaseAddress) + ((DWORD)(RVA)) )

image_export_directory* Exports = (image_export_directory*) RVAToPtr(PEHeader->optional.data_directory[0].virtual_address); 

ExportTable.nFunctions = Exports->number_of_functions; 
ExportTable.nNames = Exports->number_of_names; 
ExportTable.pFunctions = (PDWORD) RVAToPtr(Exports->address_of_functions); 
ExportTable.pNames = (PDWORD) RVAToPtr(Exports->address_of_names); 
ExportTable.pNamesOrdinals = (PWORD) RVAToPtr(Exports->address_of_name_ordinals); 

for (DWORD i = 0; i < ExportTable.nFunctions; ++i)
{
    void *FuncPtr = (void*) RVAToPtr(ExportTable.pFunctions[i]);
    char* FuncName = (char*) RVAToPtr(ExportTable.pNames[i]);
    WORD FuncOrdinal = ExportTable.Base + ExportTable.pNamesOrdinals[i]; 
    ...
}

详情请参阅MSDN。