Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DWORD ResolveAPI(DWORD dwModuleBase, DWORD dwFunctionHash)
- {
- PIMAGE_DOS_HEADER pImageDosHeader = (PIMAGE_DOS_HEADER)dwModuleBase;
- PIMAGE_FILE_HEADER pImageFileHeader = (PIMAGE_FILE_HEADER)(dwModuleBase + pImageDosHeader->e_lfanew + 4);
- PIMAGE_OPTIONAL_HEADER pImageOptionalHeader = (PIMAGE_OPTIONAL_HEADER)((PBYTE)pImageFileHeader + sizeof(IMAGE_FILE_HEADER));
- PIMAGE_EXPORT_DIRECTORY pImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY)(dwModuleBase + pImageOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
- PDWORD pdwAddressOfNames, pdwAddressOfFunctions;
- PWORD pwAddressOfNameOrdinals;
- DWORD dwX = 0, dwY = 0;
- int mark = 0;
- pdwAddressOfNames=(PDWORD)(dwModuleBase + pImageExportDirectory->AddressOfNames);
- pwAddressOfNameOrdinals=(PWORD)(dwModuleBase + pImageExportDirectory->AddressOfNameOrdinals);
- pdwAddressOfFunctions=(PDWORD)(dwModuleBase + pImageExportDirectory->AddressOfFunctions);
- for (dwX=0; dwX < pImageExportDirectory->NumberOfNames; dwX++)
- {
- PBYTE pFunctionName=(PBYTE)(dwModuleBase + pdwAddressOfNames[dwX]);
- for (dwY=0; *pFunctionName; *pFunctionName++)
- {
- dwY=(dwY + (*(PBYTE)pFunctionName|0x60));
- dwY <<= 1;
- }
- if(dwY == dwFunctionHash)
- {
- return (dwModuleBase + pdwAddressOfFunctions[pwAddressOfNameOrdinals[dwX]]);
- }
- }
- return NULL;
- }
- DWORD hash(LPBYTE str)
- {
- DWORD ret;
- for (ret = 0; *str; *str++)
- {
- ret = (ret + (*(LPBYTE)str | 0x60));
- ret <<= 1;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
