My GetProcAddress
 Vanmin (buguty) <ringzr msn com> |
Thursday, September 28 2006 21:54.47 CDT |
This func. could only find API's Address by name. -_-!!!
This is source:
typedef void(*MyFunc)(void*); //only use bu me *_^
MyFunc GetProcAddr(char* pFuncName,HMODULE hDll)
{
unsigned long hash;
pExploit RetVanlue;
_asm
{
mov esi,pFuncName
xor ebx,ebx
CmputeHash:
xor eax,eax
lodsb
cmp al,0x0a
jz CmputeHash
cmp al,ah
jz FindStart
ror ebx,7
add ebx,eax
jmp CmputeHash
FindStart:
mov hash,ebx
mov ebx,hDll ;base to eax
mov edi,[ebx+0x3c]
mov edi,[edi+ebx+0x78]
add edi,ebx ;edi==Addr of IMAGE_EXPORT_DIRECTORY
mov edx,[edi+0x20]
push esi
mov esi,dword ptr [edx+ebx]
add esi,ebx ;esi-->names
xor edx,edx ;counter...
dec edx
mov ecx,[edi+0x18] ;Number of Names of Funcs
push ebx
GetHash:
dec ecx
inc edx
xor ebx,ebx
GetHashLoop:
xor eax,eax
lodsb
cmp ah,al
jz FindByHash
ror ebx,7
add ebx,eax
jmp GetHashLoop
FindByHash:
mov eax,hash
cmp eax,ebx
jz HashFind
cmp ecx,0
jnz GetHash
jmp UnFindAndEnd
HashFind:
mov eax,[edi+0x24] ;Get AddressOfNameOrdinals's Address
pop ebx
add eax,ebx
movzx ax,word ptr [eax+edx*2]
mov edx,[edi+0x1c]
add edx,ebx
and eax,0x0ffff
mov eax,[edx+eax*4]
add eax,ebx
jmp FindAndEnd
UnFindAndEnd:
pop esi
xor eax,eax
FindAndEnd:
mov RetVanlue,eax
pop esi
}
return RetVanlue;
}
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |