Mirrors/vxug-VXAPI
6
0
Fork 0
mirror of https://github.com/vxunderground/VX-API synced 2024-06-30 18:51:17 +00:00
Code Issues Projects Releases Wiki Activity

Create GetProcAddressLoseLose.cpp

Browse Source
This commit is contained in:
vxunderground 2022-07-15 12:49:00 -05:00 committed by GitHub
parent 6136b046fd
commit dccd0d3f44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Windows API/Library Loading/GetProcAddressLoseLose.cpp Normal file
View File

@ -0,0 +1,26 @@
DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash)
{
PBYTE pFunctionName;
PIMAGE_DOS_HEADER Dos;
PIMAGE_NT_HEADERS Nt;
PIMAGE_FILE_HEADER File;
PIMAGE_OPTIONAL_HEADER Optional;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);
IMAGE_EXPORT_DIRECTORY* ExportTable = (PIMAGE_EXPORT_DIRECTORY)(ModuleBase + Optional->DataDirectory[0].VirtualAddress);
PDWORD FunctionNameAddressArray = (PDWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfNames);
PDWORD FunctionAddressArray = (PDWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfFunctions);
PWORD FunctionOrdinalAddressArray = (PWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfNameOrdinals);
for (DWORD dwX = 0; dwX < ExportTable->NumberOfNames; dwX++)
{
pFunctionName = FunctionNameAddressArray[dwX] + (PBYTE)ModuleBase;
DWORD dwFunctionHash = HashStringLoseLoseA((PCHAR)pFunctionName);
if (Hash == dwFunctionHash)
return ((DWORD64)ModuleBase + FunctionAddressArray[FunctionOrdinalAddressArray[dwX]]);
}
return 0;
}