flat assembler
Message board for the users of flat assembler.
Index
> Windows > Get Imported Functions' names |
Author |
|
Overflowz 30 Jun 2011, 02:42
typedef
I was playing with something like that.. Check this out and try yourself. (I guess you want something like this ^^) Code: mov edx,[peh] mov ebx,[edx+0x80] add ebx,[nBase] virtual at ebx iides IMAGE_IMPORT_DESCRIPTOR end virtual fill: mov esi,[iides.Name_] add esi,[nBase] invoke LoadLibrary,esi mov [DllHandle],eax mov edx,[iides.OriginalFirstThunk] add edx,[nBase] xor eax,eax findapi: mov ecx,[edx] test ecx,ecx jz @f mov esi,[edx] add esi,2 add esi,[nBase] push edx push eax invoke GetProcAddress,[DllHandle],esi mov [apiaddr],eax pop eax pop edx mov ecx,[iides.FirstThunk] add ecx,[nBase] mov edi,[apiaddr] mov [ecx+eax*4],edi add edx,4 inc eax jmp findapi peh = PE Header nBase = Base Address of Executable As I remember, it gets imports from file with names and then VAs. I don't have time now, I'll write later for ya if this won't help ^^ |
|||
30 Jun 2011, 02:42 |
|
typedef 30 Jun 2011, 04:51
Thank you. Overflowz.
I was just not sure whether the address was ever relative to ImageBase. Now I get it. Thanks. I'm just doing it a different way. I'll post it when It is done. Thanks |
|||
30 Jun 2011, 04:51 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.