具有所有已加载库的GetProcAddress [英] GetProcAddress with all loaded libraries
问题描述
使用 dlopen ,您可以提供 NULL 作为库名,并获得一个句柄,该句柄允许您在已加载的 any 中找到符号库:
With dlopen you can provide NULL as the library name and get a handle that allows you to find a symbol in any of the loaded libraries:
如果filename是NULL指针,则返回的句柄用于主程序.当提供给dlsym()时,此句柄将导致搜索主程序中的符号,然后在处加载所有共享库程序启动,然后由dlopen()使用以下命令加载所有共享库:标志RTLD_GLOBAL.
If filename is a NULL pointer, then the returned handle is for the main program. When given to dlsym(), this handle causes a search for a symbol in the main program, followed by all shared libraries loaded at program startup, and then all shared libraries loaded by dlopen() with the flag RTLD_GLOBAL.
您可以对 GetProcAddress 做同样的事情吗?我想搜索Windows API的存在,但是Windows 8中加载了不同的库.
Can you do the same with GetProcAddress? I want to search for the presence of a Windows API but different libraries are loaded in Windows 8.
通过查看COFF标头,我知道加载了哪些库,我想我可以遍历那里的句柄...
I know what libraries are loaded by looking in the COFF headers, I guess I could loop through the handles there...
这是我当前正在使用的代码:
This is the code I'm currently using:
.hpp
#include <string>
#include <stdexcept>
/**
* @~english
* Looks up a Windows API function. Make sure you set @c _WIN32_WINNT so that the definition is available at compile
* time.
* @par Example
* @code
* # undef _WIN32_WINNT
* # define _WIN32_WINNT 0x600
* # include <system/inc/nt/windows.h>
* static const auto initialize_srw_lock_ptr = FunctionPtrLookup(InitializeSRWLock, "kernel32");
* @endcode
* @param function the function definition to lookup
* @retval nullptr the function did not exist on this version of Windows
* @returns a function pointer to invoke
*/
#define FunctionPtrLookup(function, library) \
FunctionLookup<decltype(function)>(#function, library)
/**
* @~english
* The return type of FunctionLookup
*/
typedef void(*FunctionLookupPtr)();
/**
* @~english
* Looks up a Windows API function.
* @param name the name of the function to find in the library
* @retval nullptr the function did not exist on this version of Windows
* @returns a function pointer to invoke
* @see FunctionPtrLookup
*/
FunctionLookupPtr FunctionLookup(const std::string& name, const std::string& library);
/// @copydoc FunctionLookup
template<typename Signature>
const Signature * FunctionLookup(const std::string& name, const std::string& library) {
return reinterpret_cast<const Signature*>(FunctionLookup(name, library));
}
.cpp
FunctionLookupPtr FunctionLookup(const std::string& name, const std::string& library) {
const auto wide_library = Utf8ToWide(library);
const auto lib = LoadLibraryW(wide_library.c_str());
if (!lib) {
return nullptr;
}
return reinterpret_cast<FunctionLookupPtr>(GetProcAddress(lib, name.c_str()));
}
理想情况下,我想删除 library 变量.
Ideally, I'd want to remove the library variable.
推荐答案
您可以使用 http://msdn.microsoft.com/zh-CN/library/ms682621%28v=vs.85%29.aspx (如果您致电) PrintModules 和 GetCurrentProcessId(),它将枚举当前进程的所有HMODULE句柄(值在 hMods [i] 中).您可以将它们与GetProcAddress一起使用以查找您的函数.
You can use EnumProcessModules to enumerate all loaded modules for current process, use example from here: http://msdn.microsoft.com/en-us/library/ms682621%28v=vs.85%29.aspx, if you call PrintModules with GetCurrentProcessId(), it will enumerate all HMODULE handles (value is in hMods[i]) for current process. You can use them with GetProcAddress to find your function.
您必须意识到,可以在不同的dll-s中找到相同的命名函数,大多数情况下您都知道WinAPI函数的dll名称.
You must be aware that its possible to find the same named functions in different dll-s, mostly you know dll name for WinAPI function.
这篇关于具有所有已加载库的GetProcAddress的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
