2. IT
    3. 修改大神写的MyGetProcAddress支持64位

    修改大神写的MyGetProcAddress支持64位

    xiaoxiao2021-11-10  79
    ULONG_PTR MyGetProcAddress( HMODULE hModule, // handle to DLL module LPCSTR lpProcName // function name ) { int i=0; char *pRet = NULL; PIMAGE_DOS_HEADER pImageDosHeader = NULL; PIMAGE_NT_HEADERS pImageNtHeader = NULL; PIMAGE_EXPORT_DIRECTORY pImageExportDirectory = NULL; pImageDosHeader=(PIMAGE_DOS_HEADER)hModule; pImageNtHeader=(PIMAGE_NT_HEADERS)((ULONG_PTR)hModule+pImageDosHeader->e_lfanew); pImageExportDirectory=(PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)hModule+pImageNtHeader->OptionalHeader.DataDirectory [IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); DWORD dwExportRVA = pImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; DWORD dwExportSize = pImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size; DWORD *pAddressOfFunction = (DWORD*)(pImageExportDirectory->AddressOfFunctions + (ULONG_PTR)hModule); DWORD *pAddressOfNames = (DWORD*)(pImageExportDirectory->AddressOfNames + (ULONG_PTR)hModule); DWORD dwNumberOfNames = (DWORD)(pImageExportDirectory->NumberOfNames); DWORD dwBase = (DWORD)(pImageExportDirectory->Base); WORD *pAddressOfNameOrdinals = (WORD*)(pImageExportDirectory->AddressOfNameOrdinals + (ULONG_PTR)hModule); //这个是查一下是按照什么方式(函数名称or函数序号)来查函数地址的 DWORD dwName = (DWORD)lpProcName; if ((dwName & 0xFFFF0000) == 0) { goto xuhao; } for (i=0; i<(int)dwNumberOfNames; i++) { char *strFunction = (char *)(pAddressOfNames[i] + (ULONG_PTR)hModule); if (strcmp(strFunction, (char *)lpProcName) == 0) { pRet = (char *)(pAddressOfFunction[pAddressOfNameOrdinals[i]] + (ULONG_PTR)hModule); goto _exit11; } } //这个是通过以序号的方式来查函数地址的 xuhao: if (dwName < dwBase || dwName > dwBase + pImageExportDirectory->NumberOfFunctions - 1) { return 0; } pRet = (char *)(pAddressOfFunction[dwName - dwBase] + (ULONG_PTR)hModule); _exit11: //判断得到的地址有没有越界 if ((ULONG_PTR)pRet<dwExportRVA+(ULONG_PTR)hModule || (ULONG_PTR)pRet > dwExportRVA+ (ULONG_PTR)hModule + dwExportSize) { return (ULONG_PTR)pRet; } char pTempDll[100] = {0}; char pTempFuction[100] = {0}; lstrcpyA(pTempDll, pRet); char *p = strchr(pTempDll, '.'); if (!p) { return (ULONG_PTR)pRet; } *p = 0; lstrcpyA(pTempFuction, p+1); lstrcatA(pTempDll, ".dll"); HMODULE h = LoadLibraryA(pTempDll); if (h == NULL) { return (ULONG_PTR)pRet; } return MyGetProcAddress(h, pTempFuction); }

    坑爹的 Code,引用点了半天没反应...     https://code.csdn.net/snippets/1991596  需要的到这里下载吧

    转载请注明原文地址: https://ju.6miu.com/read-678167.html

    专利

    最新回复(0)