通过读取PE文件获取导入函数的地址?
我的程序主要用了ReadFile和SetFilePointer两个API。

我已经取到ntHeaders.OptionalHeader.DataDirectory[1].VirtualAddress的值并且强转成IMAGE_IMPORT_DESCRIPTOR了，
然后又把这个地址强转成IMAGE_THUNK_DATA型，并取里面的OriginalFirstThunk值，代码如下：

IMAGE_IMPORT_DESCRIPTOR * Point;
IMAGE_THUNK_DATA * ThunkPoint;

Point=(IMAGE_IMPORT_DESCRIPTOR *)ntHeaders.OptionalHeader.DataDirectory[1].VirtualAddress;
ThunkPoint=(IMAGE_THUNK_DATA *)Point->OriginalFirstThunk;


这几步思路没错吧？


后面就不知道怎么继续取了，看书上说还要进行RVA和FOA的转换？请问接下来还要怎么操作？？

[解决办法]
WinNT.h Windows.h

C/C++ code

typedef struct _IMAGE_SECTION_HEADER {  BYTE  Name[IMAGE_SIZEOF_SHORT_NAME];  union {    DWORD PhysicalAddress;    DWORD VirtualSize;  } Misc;  DWORD VirtualAddress;  DWORD SizeOfRawData;  DWORD PointerToRawData;  DWORD PointerToRelocations;  DWORD PointerToLinenumbers;  WORD  NumberOfRelocations;  WORD  NumberOfLinenumbers;  DWORD Characteristics;} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;