#include <windows.h>
#include <stdlib.h>
void *SefGetProcAddress(HMODULE module, const char *proc_name)
{
char *modb = (char *)module;
IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)modb;
IMAGE_NT_HEADERS *nt_headers = (IMAGE_NT_HEADERS *)(modb + dos_header->e_lfanew);
IMAGE_OPTIONAL_HEADER *opt_header = &nt_headers->OptionalHeader;
IMAGE_DATA_DIRECTORY *exp_entry = (IMAGE_DATA_DIRECTORY *)
(&opt_header->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]);
IMAGE_EXPORT_DIRECTORY *exp_dir = (IMAGE_EXPORT_DIRECTORY *)(modb + exp_entry->VirtualAddress);
void **func_table = (void **)(modb + exp_dir->AddressOfFunctions);
WORD *ord_table = (WORD *)(modb + exp_dir->AddressOfNameOrdinals);
char **name_table = (char **)(modb + exp_dir->AddressOfNames);
void *address = NULL;
DWORD i;
/* is ordinal? */
if (((DWORD)proc_name >> 16) == 0) {
WORD ordinal = LOWORD(proc_name);
DWORD ord_base = exp_dir->Base;
/* is valid ordinal? */
if (ordinal < ord_base || ordinal > ord_base + exp_dir->NumberOfFunctions)
return NULL;
/* taking ordinal base into consideration */
address = (void *)(modb + (DWORD)func_table[ordinal - ord_base]);
} else {
/* import by name */
for (i = 0; i < exp_dir->NumberOfNames; i++) {
/* name table pointers are rvas */
if (strcmp(proc_name, modb + (DWORD)name_table[i]) == 0)
address = (void *)(modb + (DWORD)func_table[ord_table[i]]);
}
}
/* is forwarded? */
if ((char *)address >= (char *)exp_dir &&
(char *)address < (char *)exp_dir + exp_entry->Size) {
char *dll_name, *func_name;
HMODULE frwd_module;
dll_name = strdup((char *)address);
if (!dll_name)
return NULL;
address = NULL;
func_name = strchr(dll_name, '.');
*func_name++ = 0;
/* is already loaded? */
frwd_module = GetModuleHandle(dll_name);
if (!frwd_module)
frwd_module = LoadLibrary(dll_name);
if (frwd_module)
address = get_proc_address(frwd_module, func_name);
free(dll_name);
}
return address;
}
自定义实现GetProcAddress函数,布布扣,bubuko.com
原文地址:http://blog.csdn.net/reversess/article/details/27356693
