Kernel32.dll导出函数的CRC32码

#include #include #define MAXSIZE 2048 typedef struct tagElem { unsigned int iData[MAXSIZE+1]; int iLength; }Elem; //////////////////////////////////////////////////////////////// // 计算字符串的CRC32值 // 参数：欲计算CRC32值字符串的首地址和大小 // 返回值: 返回CRC32值 DWORD CRC32(BYTE* ptr, DWORD Size) { int i, j ; DWORD crcTable[256], dwTemp; //动态生成CRC-32表 for (i=0; i<256; i++) { dwTemp = i ; for (j=8; j>0; j--) { if (dwTemp&1) dwTemp = (dwTemp >> 1) ^ 0xEDB88320L; else dwTemp >>= 1; } crcTable[i] = dwTemp; } dwTemp = 0xFFFFFFFF ; //计算CRC32值 while (Size--) //for(; Size--; ) { dwTemp = ((dwTemp>>8) & 0x00FFFFFF) ^ crcTable[ (dwTemp^(*ptr)) & 0xFF ]; ptr++; } return (dwTemp^0xFFFFFFFF); } int CRC16(char *ptr, int count) { int crc = 0, i; while (--count >= 0) { crc = crc ^ (int)*ptr++ << 8; for (i = 0; i < 8; ++i) if (crc & 0x8000) crc = crc << 1 ^ 0x1021; else crc = crc << 1; } return (crc & 0xFFFF); } Elem elemData ; //快速排序(升序) void quickSort(Elem *pElem, int iLow, int iHigh) { int iTempLow, iTempHigh, iTemp; iTempLow = iLow; iTempHigh = iHigh; iTemp = pElem->iData[iLow]; while (iTempLow < iTempHigh) { while (iTempLow < iTempHigh && pElem->iData[iTempHigh] >= iTemp) iTempHigh--; if (iTempLow < iTempHigh) pElem->iData[iTempLow++] = pElem->iData[iTempHigh]; while (iTempLow < iTempHigh && pElem->iData[iTempLow] <= iTemp) iTempLow++; if (iTempLow < iTempHigh) pElem->iData[iTempHigh--] = pElem->iData[iTempLow]; } pElem->iData[iTempLow] = iTemp; if (iLow < iTempLow-1) quickSort(pElem, iLow, iTempLow-1); if (iHigh > iTempLow+1) quickSort(pElem, iTempLow+1, iHigh); } DWORD GetAllApiCRC(DWORD dwBaseAddr) { IMAGE_DOS_HEADER *pidh = NULL ; IMAGE_NT_HEADERS *pinh = NULL ; IMAGE_DATA_DIRECTORY *pSymbolTable = NULL ; IMAGE_EXPORT_DIRECTORY *pied = NULL ; int NumberOfNames, i ; char *pName = NULL ; pidh = (IMAGE_DOS_HEADER *)dwBaseAddr; pinh = (IMAGE_NT_HEADERS *)((DWORD)dwBaseAddr + pidh->e_lfanew); pSymbolTable = &pinh->OptionalHeader.DataDirectory[0] ; pied =(IMAGE_EXPORT_DIRECTORY *)((DWORD)dwBaseAddr + pSymbolTable->VirtualAddress); NumberOfNames = pied->NumberOfNames ; elemData.iLength = 0 ; for (i=0; iAddressOfNames)+i)) ; //函数地址 elemData.iData[elemData.iLength] = CRC32(pName, strlen(pName)) ; //printf("%s --> %04X/n", pName, elemData.iData[elemData.iLength]) ; elemData.iLength++ ; //if(MyStrCmp(strAPI, pName) == 0) // return dwBaseAddr + (*((DWORD *)(dwBaseAddr+pied->AddressOfFunctions)+*((WORD *)(dwBaseAddr + pied->AddressOfNameOrdinals)+i))) ; } printf("apicount = %d/n", elemData.iLength) ; return 0 ; } void print(Elem *pElem) { int i; unsigned int iCrc = 0 ; for (i=0; iiLength; i++) { printf("%-10X", pElem->iData[i]); if(iCrc == pElem->iData[i]) printf("发现冲突：%X/n", pElem->iData[i]) ; iCrc = pElem->iData[i] ; } printf("/n"); } int main(void) { unsigned short usCRC ; int i ; char *strApi[] = {"CreateThread", "CreateRemoteThread", "CreateFileA", "CreateFileMappingA", "UnmapViewOfFile", "MapViewOfFile", "GetFileSize", "GetFileAttributesA", "SetFileAttributesA", "SetFilePointer", "SetEndOfFile", "FindFirstFileA", "FindNextFileA", "LoadLibraryA", "FreeLibrary", "GetModuleHandleA", "CloseHandle", "Sleep", "RtlMoveMemory", "MessageBoxA" } ; // for(i=0; i