mirror of
https://github.com/vxunderground/VX-API
synced 2024-06-30 18:51:17 +00:00
Create GetProcAddressJenkinsOneAtATime32Bit.cpp
This commit is contained in:
parent
dccd0d3f44
commit
dedc77724d
@ -0,0 +1,26 @@
|
||||
DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash)
|
||||
{
|
||||
PBYTE pFunctionName;
|
||||
PIMAGE_DOS_HEADER Dos;
|
||||
PIMAGE_NT_HEADERS Nt;
|
||||
PIMAGE_FILE_HEADER File;
|
||||
PIMAGE_OPTIONAL_HEADER Optional;
|
||||
|
||||
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&ModuleBase);
|
||||
|
||||
IMAGE_EXPORT_DIRECTORY* ExportTable = (PIMAGE_EXPORT_DIRECTORY)(ModuleBase + Optional->DataDirectory[0].VirtualAddress);
|
||||
PDWORD FunctionNameAddressArray = (PDWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfNames);
|
||||
PDWORD FunctionAddressArray = (PDWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfFunctions);
|
||||
PWORD FunctionOrdinalAddressArray = (PWORD)((LPBYTE)ModuleBase + ExportTable->AddressOfNameOrdinals);
|
||||
|
||||
for (DWORD dwX = 0; dwX < ExportTable->NumberOfNames; dwX++)
|
||||
{
|
||||
pFunctionName = FunctionNameAddressArray[dwX] + (PBYTE)ModuleBase;
|
||||
|
||||
DWORD dwFunctionHash = HashStringJenkinsOneAtATime32BitA((PCHAR)pFunctionName);
|
||||
if (Hash == dwFunctionHash)
|
||||
return ((DWORD64)ModuleBase + FunctionAddressArray[FunctionOrdinalAddressArray[dwX]]);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue
Block a user