// GetProcAddr.cpp : redo function GetProcAddress
//
// Coder Jozu
#include
#include
#include
// generic macro
#define MakePtr( cast, ptr, addValue ) (cast)( (DWORD)(ptr) + (DWORD)(addValue))
PVOID
GetFuncAddr(
IN PVOID Base, ?
IN PULONG FuncTableBase,
IN USHORT Index)
{
return MakePtr(PVOID, Base, FuncTableBase[Index]);
}
USHORT
NameToOrdinal (
IN PCSTR Name,
IN ULONG NumberOfNames,
IN PVOID DllBase,
IN PULONG NameTableBase,
IN PUSHORT NameOrdinalTableBase
???)
{
LONG High;
LONG Low;
LONG Middle;
LONG Result;
Low = 0;
High = NumberOfNames - 1;
while (High >= Low)
{
Middle = (Low + High) >> 1;
Result = strcmp(Name, (PCHAR)((ULONG_PTR)DllBase + NameTableBase[Middle]));
if (Result < 0)
High = Middle - 1;
else if(Result > 0)
Low = Middle + 1;
else
break;
}
if (High < Low)
return (USHORT)-1;
else
return NameOrdinalTableBase[Middle];
}
//////////////////////////////////////////////////////////////////////////
PVOID
GetFuncAddrByIndex(
IN PVOID Base, ?
IN PIMAGE_EXPORT_DIRECTORY pied,
IN USHORT ulIndex)
{
PULONG FuncTableBase;
ulIndex -= (USHORT)pied->Base;
if(ulIndex >= pied->NumberOfFunctions)
return NULL;
FuncTableBase = MakePtr(PULONG, Base, pied->AddressOfFunctions);
return GetFuncAddr(Base, FuncTableBase, ulIndex);
}
//////////////////////////////////////////////////////////////////////////
PVOID
GetFuncAddrByName(
IN PVOID Base, ?
IN PIMAGE_EXPORT_DIRECTORY pied,
IN PCSTR Name)
{
USHORT OrdinalNumber;
PULONG NameTableBase;
PULONG FuncTableBase;
PUSHORT NameOrdinalTableBase;
NameTableBase = MakePtr(PULONG, Base, pied->AddressOfNames);
NameOrdinalTableBase = MakePtr(PUSHORT, Base, pied->AddressOfNameOrdinals);
FuncTableBase = MakePtr(PULONG, Base, pied->AddressOfFunctions);
OrdinalNumber = NameToOrdinal(Name,
pied->NumberOfNames,
Base,
NameTableBase,
NameOrdinalTableBase);
return GetFuncAddr(Base, FuncTableBase, OrdinalNumber);
}
//////////////////////////////////////////////////////////////////////////
PVOID
FindFunc(
IN PVOID Base,
IN PCSTR Name
)
{
#define MAX_FUNC_ID 0xFFFF
PIMAGE_DOS_HEADER pidh;
PIMAGE_NT_HEADERS pinh;
PIMAGE_EXPORT_DIRECTORY pied;
PVOID pFuncAddr = NULL;
BOOLEAN bUseIndex = FALSE;
if((ULONG)Name < MAX_FUNC_ID)
{
bUseIndex = TRUE;
}
pidh = MakePtr(PIMAGE_DOS_HEADER, Base, 0);
do
{
if(pidh->e_magic != IMAGE_DOS_SIGNATURE)
break;
pinh = MakePtr(PIMAGE_NT_HEADERS, Base, pidh->e_lfanew);
if(pinh->Signature != IMAGE_NT_SIGNATURE)
break;
pied = MakePtr(PIMAGE_EXPORT_DIRECTORY,
Base,
pinh->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
if(bUseIndex)
pFuncAddr = GetFuncAddrByIndex(Base, pied, (USHORT)Name);
else
pFuncAddr = GetFuncAddrByName(Base, pied, Name);
} while(FALSE);
return pFuncAddr;
}
int main(int argc, char* argv[])
{
PVOID pFunc;
HMODULE hNtdll;
hNtdll = LoadLibrary("ntdll.dll");
pFunc = GetProcAddress(hNtdll, "KiUserExceptionDispatcher");
printf("KiUserExceptionDispatcher: pFunc = %08X\n", pFunc);
pFunc = FindFunc(hNtdll, "KiUserExceptionDispatcher");
printf("KiUserExceptionDispatcher: pFunc = %08X\n", pFunc);
pFunc = FindFunc(hNtdll, (LPCSTR)0x4f);
printf("KiUserExceptionDispatcher: pFunc = %08X\n", pFunc);
return 0;
}
--------------------next---------------------
阅读(522) | 评论(0) | 转发(0) |
