API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 25th, 2017
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. ; // https://artfulcode.wordpress.com/
  2. ; // https://github.com/cmovz/
  3. ; // License: use it as you wish, just keep this notice. No liability taken.
  4.  
  5. #include <windows.h>
  6.  
  7. static inline BOOL _is_iid_end(IMAGE_IMPORT_DESCRIPTOR* iid)
  8. {
  9. return !iid->Characteristics && !iid->TimeDateStamp && !iid->ForwarderChain
  10. && !iid->Name && !iid->FirstThunk;
  11. }
  12.  
  13. static BOOL _load_from_hints(IMAGE_IMPORT_DESCRIPTOR* iid, DWORD base)
  14. {
  15. HMODULE dll = LoadLibrary((LPCSTR)(base + iid->Name));
  16. if(!dll){
  17. return FALSE;
  18. }
  19.  
  20. // now get the address of each of the functions in the thunks
  21. DWORD* hints = (DWORD*)(base + iid->Characteristics);
  22. DWORD* thunks = (DWORD*)(base + iid->FirstThunk);
  23. while(*hints){
  24. DWORD r;
  25.  
  26. if(*hints & 0x80000000){
  27. // handle import by ordinal
  28. r = (DWORD)GetProcAddress(dll, (LPCSTR)(*hints & 0xffff));
  29. }
  30. else {
  31. // handle import by name
  32. IMAGE_IMPORT_BY_NAME* iibn = (IMAGE_IMPORT_BY_NAME*)(base + *hints);
  33. r = (DWORD)GetProcAddress(dll, iibn->Name);
  34. }
  35.  
  36. if(!r){
  37. return FALSE;
  38. }
  39.  
  40. *thunks = r;
  41. ++thunks;
  42. ++hints;
  43. }
  44.  
  45. return TRUE;
  46. }
  47.  
  48. // old Borland compilers don't include hints...
  49. static BOOL _load_from_thunks(IMAGE_IMPORT_DESCRIPTOR* iid, DWORD base)
  50. {
  51. HMODULE dll = LoadLibrary((LPCSTR)(base + iid->Name));
  52. if(!dll){
  53. return FALSE;
  54. }
  55.  
  56. // now get the address of each of the functions in the thunks
  57. DWORD* thunks = (DWORD*)(base + iid->FirstThunk);
  58. while(*thunks){
  59. DWORD r;
  60.  
  61. if(*thunks & 0x80000000){
  62. // handle import by ordinal
  63. r = (DWORD)GetProcAddress(dll, (LPCSTR)(*thunks & 0xffff));
  64. }
  65. else {
  66. // handle import by name
  67. IMAGE_IMPORT_BY_NAME* iibn = (IMAGE_IMPORT_BY_NAME*)(base + *thunks);
  68. r = (DWORD)GetProcAddress(dll, iibn->Name);
  69. }
  70.  
  71. if(!r){
  72. return FALSE;
  73. }
  74.  
  75. *thunks = r;
  76. ++thunks;
  77. }
  78.  
  79. return TRUE;
  80. }
  81.  
  82. /*
  83. fill_idata() fills the function references in the .idata section. There's no
  84. cleaning up if it fails because it assumes the program won't be able to run
  85. anyway and will have to exit. References to modules are also lost because
  86. the DLLs should be in the address space until the program exits. In short,
  87. it behaves just like the Windows PE loader.
  88. */
  89. BOOL fill_idata(DWORD* idata, DWORD base)
  90. {
  91. IMAGE_IMPORT_DESCRIPTOR* iid = (IMAGE_IMPORT_DESCRIPTOR*)idata;
  92.  
  93. while(!_is_iid_end(iid)){
  94. if(iid->Characteristics){
  95. if(!_load_from_hints(iid, base)){
  96. return FALSE;
  97. }
  98. }
  99. else {
  100. if(!_load_from_thunks(iid, base)){
  101. return FALSE;
  102. }
  103. }
  104.  
  105. ++iid;
  106. }
  107.  
  108. return TRUE;
  109. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!