//枚举导出的函数 // #include <idc.idc> static main() { auto entrypoints,i,ord,addr,name,purged,file,fd; file = AskFile(1,"*.idt","Select IDT save file"); //打开文件对话框 fd = fopen(file,"w"); //以写的方式打开 entrypoints = GetEntryPointQty(); //返回共享库中导出的符号数量 fprintf(fd,"ALIGNMENT 4\n"); fprintf(fd,"0 Name = %s\n",GetInputFile()); //返回加载到IDA中的文件名称 Warning("Name = %s\n",GetInputFile()); //返回加载到IDA中的文件名称 for(i = 0 ; i< entrypoints; i++) { ord = GetEntryOrdinal(i); //返回入口点(导出库)索引,如果没有返回0 if(ord == 0) continue; addr = GetEntryPoint(ord); //返回导出函数关联的地址 if(ord == addr) { continue; } name = Name(addr); //导出函数名字 fprintf(fd,"%d Name = %s",ord,name); purged = GetFunctionAttr(addr,FUNCATTR_ARGSIZE); //从堆栈中清除的字节数量 if(purged > 0) { fprintf(fd," Pascal=%d",purged); } fprintf(fd,"\n"); } }
原文:http://www.cnblogs.com/M-Mr/p/3926805.html