#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
int main()
{
printf("Dump fucking iat par 0vercl0k.\n\n");
HANDLE hdlExecutable = GetModuleHandle(NULL);
if(hdlExecutable == NULL){printf("GetModuleHandle.\n");return 0;}
PIMAGE_DOS_HEADER structPe = (PIMAGE_DOS_HEADER)hdlExecutable;
if(structPe->e_magic != IMAGE_DOS_SIGNATURE){printf("Membre different de l'entete dos.\n"); return 0;}
printf("Entete dos valide.\n\n");
PIMAGE_NT_HEADERS structHeaderPe = (PIMAGE_NT_HEADERS)(structPe->e_lfanew + (DWORD)structPe);
PVOID ptrImgDirecto = (PVOID)structHeaderPe->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
PIMAGE_IMPORT_DESCRIPTOR ptrImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)ptrImgDirecto + (DWORD)structPe);
printf("Dll presente dans l'iat : \n");
while(*(PDWORD)ptrImportDesc != 0)
{
PVOID nameDll = (PVOID)(ptrImportDesc->Name + DWORD(structPe));
printf("-%s\n",nameDll);
PIMAGE_THUNK_DATA32 imgThunk = (PIMAGE_THUNK_DATA32)(ptrImportDesc->OriginalFirstThunk + (DWORD)structPe);
PIMAGE_THUNK_DATA32 structAddrFu = (PIMAGE_THUNK_DATA32)(ptrImportDesc->FirstThunk + (DWORD)structPe);
while(*(PDWORD)imgThunk != 0)
{
PIMAGE_IMPORT_BY_NAME nameImg = (PIMAGE_IMPORT_BY_NAME)(imgThunk->u1.AddressOfData + (DWORD)structPe);
printf("\tfunct : %s address : 0x%x\n",nameImg->Name,structAddrFu->u1.Function);
imgThunk ++;
structAddrFu++;
}
ptrImportDesc++;
}
return 0;
}