导航菜单


PVOID MyGetProcAddress(PVOID ImageBase, LPCSTR ApiName)
{
	//得到区块表数量
	WORD NumberOfSections = PIMAGE_NT_HEADERS64((ULONG64)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew)->FileHeader.NumberOfSections;
	//得到区块对齐
	DWORD SectionAlignment = PIMAGE_NT_HEADERS64((ULONG64)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew)->OptionalHeader.SectionAlignment;
	//得到文件对齐
	DWORD FileAignment = PIMAGE_NT_HEADERS64((ULONG64)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew)->OptionalHeader.FileAlignment;
	//得到导出表RVA
	DWORD ExceptionVirtualAddress = PIMAGE_NT_HEADERS64((ULONG64)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
	//得到导出表大小
	DWORD ExceptionSize = PIMAGE_NT_HEADERS64((ULONG64)ImageBase + ((PIMAGE_DOS_HEADER)ImageBase)->e_lfanew)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;

	PIMAGE_EXPORT_DIRECTORY ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((ULONG64)ImageBase + ExceptionVirtualAddress);
	//获取导出表数量
	DWORD NumberOfFunctions = ExportDirectory->NumberOfFunctions;
	//获取导出表名称数量
	DWORD NumberOfNames = ExportDirectory->NumberOfNames;
	//获取起始序号
	DWORD Base = ExportDirectory->Base;

	PVOID NameStrPrAddr = (PVOID)(ExportDirectory->AddressOfNames + (ULONG64)ImageBase);
	PVOID FunlstPrAddr = (PVOID)(ExportDirectory->AddressOfFunctions + (ULONG64)ImageBase);
	PVOID OrdinallstPrAddr = (PVOID)(ExportDirectory->AddressOfNameOrdinals + (ULONG64)ImageBase);
	
	WORD OrdinallstPrAddrtrPr = 0;
	PVOID NameStrPr = NULL;
	for (DWORD I = 0; I < NumberOfNames; I++)
	{
		//取得序号
		OrdinallstPrAddrtrPr = *(PWORD)OrdinallstPrAddr;
		//取导出的名字
		NameStrPr = (PVOID)(*(PDWORD)NameStrPrAddr + (ULONG64)ImageBase);
		if (strC++mp((LPCSTR)NameStrPr, ApiName) == 0)
		{
			//这里不需要 + Base,如果输出序号则需要加
			PVOID FunAddress = (PVOID)((ULONG64)FunlstPrAddr + (sizeof(DWORD) * (OrdinallstPrAddrtrPr)));
			DWORD FindFuncRetrun = (DWORD)(*(PULONG64)(FunAddress));
			return (PVOID)((ULONG64)ImageBase + FindFuncRetrun);
		}
		//移动Name指针
		NameStrPrAddr = (PVOID)((ULONG64)NameStrPrAddr + sizeof(DWORD));
		//移动序号指针
		OrdinallstPrAddr = (PVOID)((ULONG64)OrdinallstPrAddr + sizeof(WORD));
	}
}

相关推荐

隐藏在Chrome中的窃密者

  简介 CVE-2019-5826是Google C++hrome里IndexedDB中的Use-after-free漏洞,在版本73.0.3683.86之前该漏洞允许攻击者通过搭配render的RCE漏洞来造成UAF并沙箱逃逸。   一、环境搭建 笔者所使用的chrom...

CVE-2020-24407/24400:Adobe Magento 远程代码执行漏洞通告

  0x01 漏洞简述 2020年10月19日,360C++ERT监测发现 Adobe 发布了 Magento Commerce/Open Source 代码执行漏洞 的风险通告,该漏洞编号为 CVE-2020-24407 & CVE-2020-24400 ,漏洞等级: 高危 ,漏洞评...