You want custom GetProcAddress?
Code:
PVOID FastGetProcAddress(PCHAR DllBase, PCHAR RoutineName)
{
USHORT OrdinalNumber;
PULONG NameTableBase;
PUSHORT NameOrdinalTableBase;
PULONG Addr;
ULONG High;
ULONG Low;
ULONG Middle;
LONG Result;
ULONG ExportSize;
PVOID FunctionAddress;
PIMAGE_EXPORT_DIRECTORY ExportDirectory;
ExportDirectory = (PIMAGE_EXPORT_DIRECTORY)
RtlImageDirectoryEntryToData(DllBase, TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &ExportSize);
NameTableBase = (PULONG)(DllBase + (ULONG)ExportDirectory->AddressOfNames);
NameOrdinalTableBase = (PUSHORT)(DllBase + (ULONG)ExportDirectory->AddressOfNameOrdinals);
Low = 0;
High = ExportDirectory->NumberOfNames - 1;
while (High >= Low)
{
Middle = (Low + High) >> 1;
Result = strcmp(RoutineName,
(PCHAR)(DllBase + NameTableBase[Middle]));
if (Result < 0)
{
High = Middle - 1;
}
else if (Result > 0)
{
Low = Middle + 1;
}
else
{
break;
};
};
if (High < Low)
{
return NULL;
};
OrdinalNumber = NameOrdinalTableBase[Middle];
if ((ULONG)OrdinalNumber >= ExportDirectory->NumberOfFunctions)
{
return NULL;
};
Addr = (PULONG)(DllBase + (ULONG)ExportDirectory->AddressOfFunctions);
FunctionAddress = (PVOID)(DllBase + Addr[OrdinalNumber]);
return FunctionAddress;
};
Quote:
Originally Posted by ahmadmansoor
we always do this to get the API addresss
GetAPIAddress = GetProcAddress(GetModuleHandle("Kernel.dll),FunctionName)
to get the Address of the API .
but what the programmatic way to get the API of the address .
like if we have this :
if I have 2FEB1344 how I could know for which API it relative too !!
( I need the reverse way of GetProcAddress )
Thanks in adv
|