-
Notifications
You must be signed in to change notification settings - Fork 131
/
Copy pathprocrva.c
89 lines (83 loc) · 2.22 KB
/
procrva.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
/*
Get the RVA of a function directly from a module. This allows 64-bit code to
work with 32-bit DLLs, and eliminates (or at least reduces) the possibility
of the function already being hooked.
*/
#include "ansicon.h"
static PIMAGE_DOS_HEADER pDosHeader;
#ifdef _WIN64
DWORD GetProcRVA( LPCTSTR module, LPCSTR func, int bits )
#else
DWORD GetProcRVA( LPCTSTR module, LPCSTR func )
#endif
{
HMODULE hMod;
TCHAR buf[MAX_PATH];
UINT len;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_EXPORT_DIRECTORY pExportDir;
PDWORD fun_table, name_table;
PWORD ord_table;
DWORD rva;
int lo, mid, hi, cmp;
#ifdef _WIN64
if (bits == 32)
len = GetSystemWow64Directory( buf, MAX_PATH );
else
#endif
len = GetSystemDirectory( buf, MAX_PATH );
buf[len++] = '\\';
lstrcpy( buf + len, module );
hMod = LoadLibraryEx( buf, NULL, LOAD_LIBRARY_AS_IMAGE_RESOURCE );
if (hMod == NULL)
{
#ifdef _WIN64
DEBUGSTR( 1, "Unable to load %u-bit %S (%u)!",
bits, module, GetLastError() );
#else
DEBUGSTR( 1, "Unable to load %S (%u)!", module, GetLastError() );
#endif
return 0;
}
// The handle uses low bits as flags, so strip 'em off.
pDosHeader = (PIMAGE_DOS_HEADER)((DWORD_PTR)hMod & ~0xFFFF);
pNTHeader = MakeVA( PIMAGE_NT_HEADERS, pDosHeader->e_lfanew );
#ifdef _WIN64
if (bits == 32)
pExportDir = MakeVA( PIMAGE_EXPORT_DIRECTORY,
((PIMAGE_NT_HEADERS32)pNTHeader)->EXPORTDIR.VirtualAddress );
else
#endif
pExportDir = MakeVA( PIMAGE_EXPORT_DIRECTORY,
pNTHeader->EXPORTDIR.VirtualAddress );
fun_table = MakeVA( PDWORD, pExportDir->AddressOfFunctions );
name_table = MakeVA( PDWORD, pExportDir->AddressOfNames );
ord_table = MakeVA( PWORD, pExportDir->AddressOfNameOrdinals );
rva = 0;
lo = 0;
hi = pExportDir->NumberOfNames - 1;
while (lo <= hi)
{
mid = (lo + hi) / 2;
cmp = strcmp( func, MakeVA( LPCSTR, name_table[mid] ) );
if (cmp == 0)
{
rva = fun_table[ord_table[mid]];
break;
}
if (cmp < 0)
hi = mid - 1;
else
lo = mid + 1;
}
if (rva == 0)
{
#ifdef _WIN64
DEBUGSTR( 1, "Could not find %u-bit %s!", bits, func );
#else
DEBUGSTR( 1, "Could not find %s!", func );
#endif
}
FreeLibrary( hMod );
return rva;
}