获取GetProcAddress地址 

#include<stdio.h>
#include<Windows.h>
__declspec(naked) DWORD getKernel32()
{
	__asm {
		mov eax,fs:[30h]
		mov eax,[eax+0ch]
		mov eax,[eax+14h]
		mov eax,[eax]
		mov eax,[eax]
		mov eax,[eax+10h]
		ret
	}
}
FARPROC MyGetProcAddress(HMODULE hModuleBase)
{
	PIMAGE_DOS_HEADER lpDosHeader = (PIMAGE_DOS_HEADER)hModuleBase;
	PIMAGE_NT_HEADERS32 lpNtHeaders = (PIMAGE_NT_HEADERS)((DWORD)hModuleBase + lpDosHeader->e_lfanew);
	if (!lpNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size)
	{
		return NULL;
	}
	if (!lpNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress)//数据目录表的EXPORT TABLE RVA
	{
		return NULL;
	}
	
	PIMAGE_EXPORT_DIRECTORY lpExports = (PIMAGE_EXPORT_DIRECTORY)((DWORD)hModuleBase + (DWORD)lpNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
	PDWORD lpdwFunName = (PDWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfNames);//输出函数名称表RVA
	PWORD lpwOrd = (PWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfNameOrdinals);//序号
	PDWORD lpdwFunAddr = (PDWORD)((DWORD)hModuleBase + (DWORD)lpExports->AddressOfFunctions);//函数地址

	DWORD dwLoop = 0;
	FARPROC pRet = NULL;
	for (; dwLoop <= lpExports->NumberOfNames - 1; dwLoop++)
	{
		char* pFunName = (char*)(lpdwFunName[dwLoop] + (DWORD)hModuleBase);
		if (pFunName[0] == 'G'&&
			pFunName[1] == 'e'&&
			pFunName[2] == 't'&&
			pFunName[3] == 'P'&&
			pFunName[4] == 'r'&&
			pFunName[5] == 'o'&&
			pFunName[6] == 'c'&&
			pFunName[7] == 'A'&&
			pFunName[8] == 'd'&&
			pFunName[9] == 'd'&&
			pFunName[10] == 'r'&&
			pFunName[11] == 'e'&&
			pFunName[12] == 's'&&
			pFunName[13] == 's'

			)
		{
			pRet = (FARPROC)(lpdwFunAddr[lpwOrd[dwLoop]] + (DWORD)hModuleBase);
			break;
		}
		
	}
	return pRet;
}
int main()
{
	HMODULE hModule = (HMODULE)getKernel32();
	printf("0x%08X\n", hModule);
	printf("0x%08X\n", LoadLibraryA("kernel32.dll"));

	typedef FARPROC(WINAPI *FUN_GetProcAddress)(
		HMODULE hModule,
		LPCSTR lpProcName
		);
	FUN_GetProcAddress fn_GetProcAddress;
	fn_GetProcAddress=(FUN_GetProcAddress)MyGetProcAddress(hModule);
	printf("0x%08x\n", fn_GetProcAddress);
	printf("0x%08x\n", GetProcAddress);
}

 

posted @ 2021-08-27 00:08  磐正  阅读(150)  评论(0)    收藏  举报