Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
vxug-VXAPI/VX-API/LdrLoadGetProcedureAddress.cpp

32 lines
1.1 KiB
C++
Raw Permalink Blame History

#include "Win32Helper.h"
DWORD64 LdrLoadGetProcedureAddress(VOID)
{
PBYTE pFunctionName = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
HMODULE hModule = NULL;
hModule = GetModuleHandleEx2W(L"ntdll.dll");
if (hModule == NULL)
return 0;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, (PBYTE*)&hModule);
IMAGE_EXPORT_DIRECTORY* ExportTable = (PIMAGE_EXPORT_DIRECTORY)((DWORD64)hModule + Optional->DataDirectory[0].VirtualAddress);
PDWORD FunctionNameAddressArray = (PDWORD)((LPBYTE)(DWORD64)hModule + ExportTable->AddressOfNames);
PDWORD FunctionAddressArray = (PDWORD)((LPBYTE)(DWORD64)hModule + ExportTable->AddressOfFunctions);
PWORD FunctionOrdinalAddressArray = (PWORD)((LPBYTE)(DWORD64)hModule + ExportTable->AddressOfNameOrdinals);
for (DWORD dwX = 0; dwX < ExportTable->NumberOfNames; dwX++)
{
pFunctionName = FunctionNameAddressArray[dwX] + (PBYTE)hModule;
if (StringCompareA((PCHAR)pFunctionName, "LdrGetProcedureAddress") == 0)
return ((DWORD64)hModule + FunctionAddressArray[FunctionOrdinalAddressArray[dwX]]);
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink