C++ method to get the current process IAT

This article illustrates the method of C++ to obtain the current process IAT.

The specific implementation method is as follows:

#include <windows.h>

#include <stdio.h>
int main(int argc, char* argv[])

{

 HMODULE hModule = ::GetModuleHandleA(NULL);

 IMAGE_DOS_HEADER* pDosHeader = (IMAGE_DOS_HEADER*)hModule;

 IMAGE_OPTIONAL_HEADER* pOpNtHeader = (IMAGE_OPTIONAL_HEADER*)((BYTE*)hModule + pDosHeader->e_lfanew + 24); //Plus 24

 IMAGE_IMPORT_DESCRIPTOR* pImportDesc = (IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)hModule + pOpNtHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
 while (pImportDesc->FirstThunk)

 {

  char* pszDllName = (char*)((BYTE*)hModule + pImportDesc->Name);

  printf(" The name of the module :%sn", pszDllName);
  DWORD n = 0;

  //An IMAGE_THUNK_DATA is an import function 

  IMAGE_THUNK_DATA* pThunk = (IMAGE_THUNK_DATA*)((BYTE*)hModule + pImportDesc->OriginalFirstThunk);

  while (pThunk->u1.Function)

  {

   //Gets the function name 

   char* pszFuncName = (char*)((BYTE*)hModule+pThunk->u1.AddressOfData+2); //The function name is preceded by two.. < br / >
   printf("function name:%-25s,  ", pszFuncName);

   //Gets the function address 

   PDWORD lpAddr = (DWORD*)((BYTE*)hModule + pImportDesc->FirstThunk) + n; //From the address of the first function, each time after +4 bytes 

   printf("addrss:%Xn", lpAddr);

   n++; //Add one DWORD
 at a time
   pThunk++;

  }

  printf("n");

  pImportDesc++;

 }

 return 0;

}

Hope that the article described in the C++ programming to help you.