This repository has been archived by the owner on Feb 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathWindowsFunctions.h
88 lines (70 loc) · 2.4 KB
/
WindowsFunctions.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#pragma once
#include "n.hpp"
PEB* GetPEBInternal()
{
#ifdef _WIN64
PEB* peb = (PEB*)__readgsqword(0x60);
#else
PEB* peb = (PEB*)__readfsdword(0x30);
#endif
return peb;
}
LDR_DATA_TABLE_ENTRY* GetLDREntryInternal(const wchar_t* modName)
{
LDR_DATA_TABLE_ENTRY* modEntry = nullptr;
PEB* peb = GetPEBInternal();
LIST_ENTRY head = peb->Ldr->InMemoryOrderModuleList;
LIST_ENTRY curr = head;
for (auto curr = head; curr.Flink != &peb->Ldr->InMemoryOrderModuleList; curr = *curr.Flink)
{
LDR_DATA_TABLE_ENTRY* mod = (LDR_DATA_TABLE_ENTRY*)CONTAINING_RECORD(curr.Flink, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
if (mod->BaseDllName.Buffer)
{
if (_wcsicmp(modName, mod->BaseDllName.Buffer) == 0)
{
modEntry = mod;
break;
}
}
}
return modEntry;
}
uintptr_t GetModuleBaseAddressInternalPEB(const wchar_t* modName)
{
LDR_DATA_TABLE_ENTRY* modEntry = GetLDREntryInternal(modName);
return (uintptr_t)modEntry->DllBase;
}
BYTE* GetProcAddressA(HINSTANCE hDll, const char* szFunc)
{
if (!hDll)
return nullptr;
BYTE* pBase = reinterpret_cast<BYTE*>(hDll);
auto* pNT = reinterpret_cast<IMAGE_NT_HEADERS*>(pBase + reinterpret_cast<IMAGE_DOS_HEADER*>(pBase)->e_lfanew);
auto* pExportDir = reinterpret_cast<IMAGE_EXPORT_DIRECTORY*>(pBase + pNT->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
if (reinterpret_cast<UINT_PTR>(szFunc) <= MAXWORD)
{
WORD Ordinal = (WORD)szFunc;
DWORD RVA = reinterpret_cast<DWORD*>(pBase + pExportDir->AddressOfFunctions)[Ordinal];
return pBase + RVA;
}
DWORD max = pExportDir->NumberOfNames - 1;
DWORD min = 0;
while (min <= max)
{
DWORD mid = (min + max) >> 1;
DWORD CurrNameRVA = reinterpret_cast<DWORD*>(pBase + pExportDir->AddressOfNames)[mid];
char* szName = reinterpret_cast<char*>(pBase + CurrNameRVA);
int cmp = strcmp(szName, szFunc);
if (cmp < 0)
min = mid + 1;
else if (cmp > 0)
max = mid - 1;
else
{
WORD Ordinal = reinterpret_cast<WORD*>(pBase + pExportDir->AddressOfNameOrdinals)[mid];
DWORD RVA = reinterpret_cast<DWORD*>(pBase + pExportDir->AddressOfFunctions)[Ordinal];
return pBase + RVA;
}
}
return nullptr;
}