A wonderful MASM teaching page

Mon, 02 Jul 2007 19:35:42 -0500

http://web.sau.edu/lilliskevinm/csci240/masmdocs/

My Life is get hard?

Fri, 29 Jun 2007 07:58:13 -0500

Everything for me goes bad.But on the other hand,hope is a good thing.

My GetProcAddress

Thu, 28 Sep 2006 21:54:47 -0500

This func. could only find API's Address by name. -_-!!!

This is source:

typedef void(*MyFunc)(void*); //only use bu me *_^

MyFunc GetProcAddr(char* pFuncName,HMODULE hDll)
{
unsigned long hash;

pExploit RetVanlue;

_asm
{
mov esi,pFuncName
xor ebx,ebx
CmputeHash:
xor eax,eax
lodsb
cmp al,0x0a
jz CmputeHash
cmp al,ah
jz FindStart
ror ebx,7
add ebx,eax
jmp CmputeHash

FindStart:
mov hash,ebx

mov ebx,hDll ;base to eax
mov edi,[ebx+0x3c]
mov edi,[edi+ebx+0x78]
add edi,ebx ;edi==Addr of IMAGE_EXPORT_DIRECTORY

mov edx,[edi+0x20]
push esi
mov esi,dword ptr [edx+ebx]
add esi,ebx ;esi-->names

xor edx,edx ;counter...
dec edx
mov ecx,[edi+0x18] ;Number of Names of Funcs

push ebx

GetHash:
dec ecx
inc edx
xor ebx,ebx

GetHashLoop:
xor eax,eax
lodsb
cmp ah,al
jz FindByHash
ror ebx,7
add ebx,eax
jmp GetHashLoop

FindByHash:
mov eax,hash
cmp eax,ebx
jz HashFind
cmp ecx,0
jnz GetHash
jmp UnFindAndEnd

HashFind:
mov eax,[edi+0x24] ;Get AddressOfNameOrdinals's Address
pop ebx
add eax,ebx
movzx ax,word ptr [eax+edx*2]
mov edx,[edi+0x1c]
add edx,ebx
and eax,0x0ffff
mov eax,[edx+eax*4]
add eax,ebx
jmp FindAndEnd

UnFindAndEnd:
pop esi
xor eax,eax
FindAndEnd:
mov RetVanlue,eax
pop esi
}
return RetVanlue;
}

My IDA 5.0

Fri, 22 Sep 2006 19:49:38 -0500

When I use IDA 5.0 for the first time.I was completely attracted by it.Expet it can not recognise some native functions when I reversing kerneal32.dll...

I've tried to slove it. but...I havn't achieve it...

So sad...

OpenRCE: Blog

A wonderful MASM teaching page

My Life is get hard?

My GetProcAddress

My IDA 5.0