flat assembler
Message board for the users of flat assembler.

Index > Windows > How get function address if i have lpBase Of Dll ?

Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1766
Roman 09 Nov 2014, 09:45
I have lpBase Of Dll(its not kernel32.dll its another dll) and read data.
I see first 2 bytes MZ.
I found function name.
How i found function address without GetProcAddress?
By what formula assume the starting address of a function?
Please help me.
Post 09 Nov 2014, 09:45
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1900
DOS386 11 Nov 2014, 17:27
Post 11 Nov 2014, 17:27
View user's profile Send private message Reply with quote
lucifer



Joined: 24 Nov 2014
Posts: 4
lucifer 24 Nov 2014, 02:46
DOS386 wrote:
search for "noimport" http://board.flatassembler.net/topic.php?t=7718
A bit off topic but that code snippet isn't the best. I hate it when the first thing a program does is use a stupid loop to get the base address of kernel32.dll. You can do it in two instructions and it works on all Windows platforms as far as I have tested! When the loader calls your entry point eax is a pointer inside kernel32.dll that is just a single page away from the base of kernel32.dll which is page aligned Smile (another cool trick is that ebx is loaded with the address to the PEB when the loader calls the entry point)
Code:
xor      ax, ax      ; align eax pointer to page boundaries
sub     eax, 10000h  ; roll back a page. eax is now equal to kernel32.dll base    
Anyway... it utilizes a lot of registers but this is something that I wrote that was the first thing my program did so I didn't need them for anything else yet Smile
Code:
;; Assuming that eax contains the pointer to the DOS header of the module
mov     ebx, eax            ; ebx = k32 base addr
mov     edx, eax
add     eax, [eax + 3Ch]    ; eax = ptr to pe header
add     edx, [eax + 78h]    ; edx = ptr to data directory
mov     ecx, [edx + 18h]    ; ecx = number of function names
mov     eax, [edx + 1Ch]
add     eax, ebx            ; eax = address of functions
mov     edx, [edx + 20h]
add     edx, ebx            ; edx = address of names    
It's easy from there just google about the export table!

also its my first post ;o
Post 24 Nov 2014, 02:46
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.