分类导航
程序笔记程序问答

获取GetProcAddress地址

程序笔记   发布时间:2022-07-12  发布网站:大佬教程  code.js-code.com
大佬教程收集整理的这篇文章主要介绍了获取GetProcAddress地址大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
#include<stdio.h>
#include<Windows.h>
__declspec(naked) DWORD getKernel32()
{
	__asm {
		mov eax,fs:[30h]
		mov eax,[eax+0ch]
		mov eax,[eax+14h]
		mov eax,[eax]
		mov eax,[eax]
		mov eax,[eax+10h]
		ret
	}
}
FARPROC MyGetProcAddress(HMODULE hModuleBasE)
{
	PIMAGE_DOS_HEADER lpDosHeader = (PIMAGE_DOS_HEADER)hModuleBase;
	PIMAGE_NT_HEADERS32 lpNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)hModuleBase + lpDosHeader->e_lfanew);
	if (!lpNtHeaders->OptionalHeader.DataDirectorY[IMAGE_DIRECTORY_ENTRY_EXPORT].SizE)
	{
		return NULL;
	}
	if (!lpNtHeaders->OptionalHeader.DataDirectorY[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)//数据目录表的EXPORT TABLE RVA
	{
		return NULL;
	}
	
	PIMAGE_EXPORT_DIRECTORY lpExports = (PIMAGE_EXPORT_DIRECTORY)((DWORD)hModuleBase + (DWORD)lpNtHeaders->OptionalHeader.DataDirectorY[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
	PDWORD lpdwFunName = (PDWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfNames);//输出函数名称表RVA
	PWORD lpwOrd = (PWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfNameOrdinals);//序号
	PDWORD lpdwFunAddr = (PDWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfFunctions);//函数地址

	DWORD dwLoop = 0;
	FARPROC pRet = NULL;
	for (; dwLoop <= lpExports->numberOfNames - 1; dwLoop++)
	{
		char* pFunName = (char*)(lpdwFunName[dwLoop] + (DWORD)hModuleBasE);
		if (pFunName[0] == 'G'&&
			pFunName[1] == 'e'&&
			pFunName[2] == 't'&&
			pFunName[3] == 'P'&&
			pFunName[4] == 'r'&&
			pFunName[5] == 'o'&&
			pFunName[6] == 'c'&&
			pFunName[7] == 'A'&&
			pFunName[8] == 'd'&&
			pFunName[9] == 'd'&&
			pFunName[10] == 'r'&&
			pFunName[11] == 'e'&&
			pFunName[12] == 's'&&
			pFunName[13] == 's'

			)
		{
			pRet = (FARPROC)(lpdwFunAddr[lpwOrd[dwLoop]] + (DWORD)hModuleBasE);
			break;
		}
		
	}
	return pRet;
}
int main()
{
	HMODULE hModule = (HMODULE)getKernel32();
	printf("0x%08Xn", hModulE);
	printf("0x%08Xn", LoadLibraryA("kernel32.dll"));

	typedef FARPROC(WINAPI *FUN_GetProcAddress)(
		HMODULE hModule,
		LPCSTR lpProcName
		);
	FUN_GetProcAddress fn_GetProcAddress;
	fn_GetProcAddress=(FUN_GetProcAddress)MyGetProcAddress(hModulE);
	printf("0x%08xn", fn_GetProcAddress);
	printf("0x%08xn", GetProcAddress);
}

 

大佬总结

以上是大佬教程为你收集整理的获取GetProcAddress地址全部内容,希望文章能够帮你解决获取GetProcAddress地址所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。
标签:loadphpvirtual程序员
猜你在找的程序笔记相关文章
其他相关热搜词更多
phpJavaPython程序员load如何string使用参数jquery开发安装listlinuxiosandroid工具javascriptcap