I am reading IMAGE_EXPORT_DIRECTORY as follows
PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD)dosHeader + ConvertRVA(PEImageOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress,
FirstSectionHeader,PEFileImageHeader));
This works.Then i want to access AddressOfNames.
PDWORD* ExportedFunctions;
ExportedFunctions = (PDWORD *)((DWORD)dosHeader + ConvertRVA(ExportDirectory->AddressOfNames,FirstSectionHeader,PEFileImageHeader));
Now how can i find the names of the exported functions?ConvertRVA() is defined as
DWORD ConvertRVA(DWORD rva,PIMAGE_SECTION_HEADER FirstSectionHeader,PIMAGE_FILE_HEADER PEFileImageHeader)
{
int j=0;
auto i =FirstSectionHeader;
for(;j<PEFileImageHeader->NumberOfSections ;i++,j++)
{
if(rva>=i->VirtualAddress && rva<i->VirtualAddress + i->Misc.VirtualSize)
break;
}
return rva+i->PointerToRawData-i->VirtualAddress;
}
I found a way to do this.
PDWORD ExportedFunctions;
ExportedFunctions = (PDWORD )((DWORD)dosHeader + ConvertRVA(ExportDirectory->AddressOfNames,FirstSectionHeaderBest,PEFileImageHeader));
for(int i=0;i<ExportDirectory->NumberOfNames;i++)
{
LPSTR aaaa=(PCHAR)((DWORD)dosHeader + ConvertRVA((DWORD)ExportedFunctions[0],FirstSectionHeaderBest,PEFileImageHeader));
std::cout<<aaaa<<std::endl;
}