ULONG_PTR MyGetProcAddress(
HMODULE hModule, // handle to DLL module
LPCSTR lpProcName // function name
)
{
int i=0;
char *pRet = NULL;
PIMAGE_DOS_HEADER pImageDosHeader = NULL;
PIMAGE_NT_HEADERS pImageNtHeader = NULL;
PIMAGE_EXPORT_DIRECTORY pImageExportDirectory = NULL;
pImageDosHeader=(PIMAGE_DOS_HEADER)hModule;
pImageNtHeader=(PIMAGE_NT_HEADERS)((ULONG_PTR)hModule+pImageDosHeader->e_lfanew);
pImageExportDirectory=(PIMAGE_EXPORT_DIRECTORY)((ULONG_PTR)hModule+pImageNtHeader->OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
DWORD dwExportRVA = pImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
DWORD dwExportSize = pImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
DWORD *pAddressOfFunction = (DWORD*)(pImageExportDirectory->AddressOfFunctions + (ULONG_PTR)hModule);
DWORD *pAddressOfNames = (DWORD*)(pImageExportDirectory->AddressOfNames + (ULONG_PTR)hModule);
DWORD dwNumberOfNames = (DWORD)(pImageExportDirectory->NumberOfNames);
DWORD dwBase = (DWORD)(pImageExportDirectory->Base);
WORD *pAddressOfNameOrdinals = (WORD*)(pImageExportDirectory->AddressOfNameOrdinals + (ULONG_PTR)hModule);
//这个是查一下是按照什么方式(函数名称or函数序号)来查函数地址的
DWORD dwName = (DWORD)lpProcName;
if ((dwName & 0xFFFF0000) == 0)
{
goto xuhao;
}
for (i=0; i<(int)dwNumberOfNames; i++)
{
char *strFunction = (char *)(pAddressOfNames[i] + (ULONG_PTR)hModule);
if (strcmp(strFunction, (char *)lpProcName) == 0)
{
pRet = (char *)(pAddressOfFunction[pAddressOfNameOrdinals[i]] + (ULONG_PTR)hModule);
goto _exit11;
}
}
//这个是通过以序号的方式来查函数地址的
xuhao:
if (dwName < dwBase || dwName > dwBase + pImageExportDirectory->NumberOfFunctions - 1)
{
return 0;
}
pRet = (char *)(pAddressOfFunction[dwName - dwBase] + (ULONG_PTR)hModule);
_exit11:
//判断得到的地址有没有越界
if ((ULONG_PTR)pRet<dwExportRVA+(ULONG_PTR)hModule || (ULONG_PTR)pRet > dwExportRVA+ (ULONG_PTR)hModule + dwExportSize)
{
return (ULONG_PTR)pRet;
}
char pTempDll[100] = {0};
char pTempFuction[100] = {0};
lstrcpyA(pTempDll, pRet);
char *p = strchr(pTempDll, '.');
if (!p)
{
return (ULONG_PTR)pRet;
}
*p = 0;
lstrcpyA(pTempFuction, p+1);
lstrcatA(pTempDll, ".dll");
HMODULE h = LoadLibraryA(pTempDll);
if (h == NULL)
{
return (ULONG_PTR)pRet;
}
return MyGetProcAddress(h, pTempFuction);
}
坑爹的CSDN Code,引用点了半天没反应... https://code.csdn.net/snippets/1991596 需要的到这里下载吧