Rev 892 | Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 890 | serge | 1 | |
| 2 | #include |
||
| 3 | #include |
||
| 4 | #include |
||
| 5 | #include |
||
| 6 | #include |
||
| 7 | |||
| 8 | |||
| 9 | typedef unsigned int DWORD; |
||
| 10 | typedef unsigned int LONG; |
||
| 11 | typedef unsigned char BYTE; |
||
| 12 | |||
| 13 | |||
| 14 | #define IMAGE_NT_SIGNATURE 0x00004550 |
||
| 15 | #define IMAGE_NT_OPTIONAL_HDR32_MAGIC 0x10b |
||
| 16 | |||
| 17 | |||
| 18 | typedef struct _IMAGE_DOS_HEADER |
||
| 19 | { |
||
| 20 | WORD e_magic; |
||
| 21 | WORD e_cblp; |
||
| 22 | WORD e_cp; |
||
| 23 | WORD e_crlc; |
||
| 24 | WORD e_cparhdr; |
||
| 25 | WORD e_minalloc; |
||
| 26 | WORD e_maxalloc; |
||
| 27 | WORD e_ss; |
||
| 28 | WORD e_sp; |
||
| 29 | WORD e_csum; |
||
| 30 | WORD e_ip; |
||
| 31 | WORD e_cs; |
||
| 32 | WORD e_lfarlc; |
||
| 33 | WORD e_ovno; |
||
| 34 | WORD e_res[4]; |
||
| 35 | WORD e_oemid; |
||
| 36 | WORD e_oeminfo; |
||
| 37 | WORD e_res2[10]; |
||
| 38 | LONG e_lfanew; |
||
| 39 | } IMAGE_DOS_HEADER,*PIMAGE_DOS_HEADER; |
||
| 40 | #pragma pack(pop) |
||
| 41 | |||
| 42 | |||
| 43 | |||
| 44 | typedef struct _IMAGE_FILE_HEADER |
||
| 45 | { |
||
| 46 | WORD Machine; |
||
| 47 | WORD NumberOfSections; |
||
| 48 | DWORD TimeDateStamp; |
||
| 49 | DWORD PointerToSymbolTable; |
||
| 50 | DWORD NumberOfSymbols; |
||
| 51 | WORD SizeOfOptionalHeader; |
||
| 52 | WORD Characteristics; |
||
| 53 | } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER; |
||
| 54 | |||
| 55 | |||
| 56 | DWORD VirtualAddress; |
||
| 57 | DWORD Size; |
||
| 58 | } IMAGE_DATA_DIRECTORY,*PIMAGE_DATA_DIRECTORY; |
||
| 59 | |||
| 60 | |||
| 61 | |||
| 62 | |||
| 63 | WORD Magic; |
||
| 64 | BYTE MajorLinkerVersion; |
||
| 65 | BYTE MinorLinkerVersion; |
||
| 66 | DWORD SizeOfCode; |
||
| 67 | DWORD SizeOfInitializedData; |
||
| 68 | DWORD SizeOfUninitializedData; |
||
| 69 | DWORD AddressOfEntryPoint; |
||
| 70 | DWORD BaseOfCode; |
||
| 71 | DWORD BaseOfData; |
||
| 72 | DWORD ImageBase; |
||
| 73 | DWORD SectionAlignment; |
||
| 74 | DWORD FileAlignment; |
||
| 75 | WORD MajorOperatingSystemVersion; |
||
| 76 | WORD MinorOperatingSystemVersion; |
||
| 77 | WORD MajorImageVersion; |
||
| 78 | WORD MinorImageVersion; |
||
| 79 | WORD MajorSubsystemVersion; |
||
| 80 | WORD MinorSubsystemVersion; |
||
| 81 | DWORD Win32VersionValue; |
||
| 82 | DWORD SizeOfImage; |
||
| 83 | DWORD SizeOfHeaders; |
||
| 84 | DWORD CheckSum; |
||
| 85 | WORD Subsystem; |
||
| 86 | WORD DllCharacteristics; |
||
| 87 | DWORD SizeOfStackReserve; |
||
| 88 | DWORD SizeOfStackCommit; |
||
| 89 | DWORD SizeOfHeapReserve; |
||
| 90 | DWORD SizeOfHeapCommit; |
||
| 91 | DWORD LoaderFlags; |
||
| 92 | DWORD NumberOfRvaAndSizes; |
||
| 93 | IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; |
||
| 94 | } IMAGE_OPTIONAL_HEADER,*PIMAGE_OPTIONAL_HEADER; |
||
| 95 | |||
| 96 | |||
| 97 | |||
| 98 | |||
| 99 | |||
| 100 | typedef struct _IMAGE_NT_HEADERS |
||
| 101 | { |
||
| 102 | DWORD Signature; |
||
| 103 | IMAGE_FILE_HEADER FileHeader; |
||
| 104 | IMAGE_OPTIONAL_HEADER OptionalHeader; |
||
| 105 | } IMAGE_NT_HEADERS32,*PIMAGE_NT_HEADERS32; |
||
| 106 | |||
| 107 | |||
| 108 | |||
| 109 | |||
| 110 | { |
||
| 111 | BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; |
||
| 112 | union |
||
| 113 | { |
||
| 114 | DWORD PhysicalAddress; |
||
| 115 | DWORD VirtualSize; |
||
| 116 | } Misc; |
||
| 117 | DWORD VirtualAddress; |
||
| 118 | DWORD SizeOfRawData; |
||
| 119 | DWORD PointerToRawData; |
||
| 120 | DWORD PointerToRelocations; |
||
| 121 | DWORD PointerToLinenumbers; |
||
| 122 | WORD NumberOfRelocations; |
||
| 123 | WORD NumberOfLinenumbers; |
||
| 124 | DWORD Characteristics; |
||
| 125 | } IMAGE_SECTION_HEADER,*PIMAGE_SECTION_HEADER; |
||
| 126 | #pragma pack(pop) |
||
| 127 | |||
| 128 | |||
| 129 | typedef struct _IMAGE_BASE_RELOCATION { |
||
| 130 | DWORD VirtualAddress; |
||
| 131 | DWORD SizeOfBlock; |
||
| 132 | } IMAGE_BASE_RELOCATION,*PIMAGE_BASE_RELOCATION; |
||
| 133 | #pragma pack(pop) |
||
| 134 | |||
| 135 | |||
| 136 | { |
||
| 137 | union |
||
| 138 | { |
||
| 139 | DWORD Characteristics; |
||
| 140 | DWORD OriginalFirstThunk; |
||
| 141 | }; |
||
| 142 | DWORD TimeDateStamp; |
||
| 143 | DWORD ForwarderChain; |
||
| 144 | DWORD Name; |
||
| 145 | DWORD FirstThunk; |
||
| 146 | } IMAGE_IMPORT_DESCRIPTOR,*PIMAGE_IMPORT_DESCRIPTOR; |
||
| 147 | |||
| 148 | |||
| 149 | { |
||
| 150 | union |
||
| 151 | { |
||
| 152 | DWORD ForwarderString; |
||
| 153 | DWORD Function; |
||
| 154 | DWORD Ordinal; |
||
| 155 | DWORD AddressOfData; |
||
| 156 | } u1; |
||
| 157 | } IMAGE_THUNK_DATA32,*PIMAGE_THUNK_DATA32; |
||
| 158 | |||
| 159 | |||
| 160 | { |
||
| 161 | WORD Hint; |
||
| 162 | BYTE Name[1]; |
||
| 163 | } IMAGE_IMPORT_BY_NAME,*PIMAGE_IMPORT_BY_NAME; |
||
| 164 | |||
| 165 | |||
| 166 | |||
| 167 | |||
| 168 | DWORD Characteristics; |
||
| 169 | DWORD TimeDateStamp; |
||
| 170 | WORD MajorVersion; |
||
| 171 | WORD MinorVersion; |
||
| 172 | DWORD Name; |
||
| 173 | DWORD Base; |
||
| 174 | DWORD NumberOfFunctions; |
||
| 175 | DWORD NumberOfNames; |
||
| 176 | DWORD AddressOfFunctions; |
||
| 177 | DWORD AddressOfNames; |
||
| 178 | DWORD AddressOfNameOrdinals; |
||
| 179 | } IMAGE_EXPORT_DIRECTORY,*PIMAGE_EXPORT_DIRECTORY; |
||
| 180 | |||
| 181 | |||
| 182 | |||
| 183 | |||
| 184 | |||
| 185 | |||
| 186 | { |
||
| 187 | addr_t base; |
||
| 188 | addr_t frame; |
||
| 189 | md_t *md; |
||
| 190 | |||
| 191 | |||
| 192 | |||
| 193 | |||
| 194 | |||
| 195 | |||
| 196 | { |
||
| 197 | if(val == 0) |
||
| 198 | return false; |
||
| 199 | return (val & (val - 1)) == 0; |
||
| 200 | } |
||
| 201 | |||
| 202 | |||
| 203 | |||
| 204 | { |
||
| 205 | u32_t tmp; |
||
| 206 | __asm__ __volatile__ ( |
||
| 207 | "shrl $2, %%ecx \n\t" |
||
| 208 | "rep movsl" |
||
| 209 | :"=c"(tmp),"=S"(tmp),"=D"(tmp) |
||
| 210 | :"c"(len),"S"(src),"D"(dst) |
||
| 211 | :"cc"); |
||
| 212 | }; |
||
| 213 | |||
| 214 | |||
| 215 | { |
||
| 216 | u32_t tmp; |
||
| 217 | __asm__ __volatile__ ( |
||
| 218 | "xorl %%eax, %%eax \n\t" |
||
| 219 | "rep stosb" |
||
| 220 | :"=c"(tmp),"=D"(tmp) |
||
| 221 | :"c"(len),"D"(dst) |
||
| 222 | :"eax","cc"); |
||
| 223 | }; |
||
| 224 | |||
| 225 | |||
| 226 | |||
| 227 | |||
| 228 | |||
| 229 | |||
| 230 | |||
| 231 | |||
| 232 | |||
| 233 | |||
| 234 | { |
||
| 235 | md_t *md; |
||
| 236 | |||
| 237 | |||
| 238 | |||
| 239 | |||
| 240 | return (void*)md->base; |
||
| 241 | |||
| 242 | |||
| 243 | }; |
||
| 244 | |||
| 245 | |||
| 246 | { |
||
| 247 | char srv_name[16]; // ASCIIZ string |
||
| 248 | u32_t magic; // +0x10 'SRV ' |
||
| 249 | size_t size; // +0x14 size of structure SRV |
||
| 250 | void *fd; // +0x18 next SRV descriptor |
||
| 251 | void *bk; // +0x1C prev SRV descriptor |
||
| 252 | addr_t base; // +0x20 service base address |
||
| 253 | addr_t entry; // +0x24 service START function |
||
| 254 | void *srv_proc; // +0x28 main service handler |
||
| 255 | }srv_t; |
||
| 256 | |||
| 257 | |||
| 258 | |||
| 259 | |||
| 260 | { |
||
| 261 | PIMAGE_DOS_HEADER dos; |
||
| 262 | PIMAGE_NT_HEADERS32 nt; |
||
| 263 | |||
| 264 | |||
| 265 | md_t *md; |
||
| 266 | srv_t *srv; |
||
| 267 | |||
| 268 | |||
| 269 | |||
| 270 | |||
| 271 | return 0; |
||
| 272 | |||
| 273 | |||
| 274 | nt = MakePtr( PIMAGE_NT_HEADERS32, dos, dos->e_lfanew); |
||
| 275 | |||
| 276 | |||
| 277 | nt->OptionalHeader.AddressOfEntryPoint); |
||
| 278 | |||
| 279 | |||
| 280 | |||
| 281 | |||
| 282 | srv->entry = nt->OptionalHeader.AddressOfEntryPoint + md->base; |
||
| 283 | |||
| 284 | |||
| 285 | } |
||
| 286 | |||
| 287 | |||
| 288 | { |
||
| 289 | PIMAGE_DOS_HEADER dos; |
||
| 290 | PIMAGE_NT_HEADERS32 nt; |
||
| 291 | |||
| 292 | |||
| 293 | |||
| 294 | |||
| 295 | void *img_base; |
||
| 296 | count_t img_pages; |
||
| 297 | |||
| 298 | |||
| 299 | void *raw; |
||
| 300 | |||
| 301 | |||
| 302 | |||
| 303 | |||
| 304 | |||
| 305 | |||
| 306 | |||
| 307 | |||
| 308 | |||
| 309 | |||
| 310 | |||
| 311 | |||
| 312 | return NULL; |
||
| 313 | |||
| 314 | |||
| 315 | return NULL; |
||
| 316 | |||
| 317 | |||
| 318 | |||
| 319 | |||
| 320 | return NULL; |
||
| 321 | |||
| 322 | |||
| 323 | return NULL; |
||
| 324 | |||
| 325 | |||
| 326 | return NULL; |
||
| 327 | |||
| 328 | |||
| 329 | { |
||
| 330 | if(nt->OptionalHeader.FileAlignment != nt->OptionalHeader.SectionAlignment) |
||
| 331 | return NULL; |
||
| 332 | } |
||
| 333 | else if(nt->OptionalHeader.SectionAlignment < nt->OptionalHeader.FileAlignment) |
||
| 334 | return NULL; |
||
| 335 | |||
| 336 | |||
| 337 | !IsPowerOf2(nt->OptionalHeader.FileAlignment)) |
||
| 338 | return NULL; |
||
| 339 | |||
| 340 | |||
| 341 | return NULL; |
||
| 342 | |||
| 343 | |||
| 344 | // img_pages = img_size / PAGE_SIZE; |
||
| 345 | |||
| 346 | |||
| 347 | |||
| 348 | |||
| 349 | |||
| 350 | { |
||
| 351 | mem_free(raw); |
||
| 352 | return NULL; |
||
| 353 | }; |
||
| 354 | |||
| 355 | |||
| 356 | |||
| 357 | |||
| 358 | |||
| 359 | |||
| 360 | |||
| 361 | |||
| 362 | // nt = MakePtr( PIMAGE_NT_HEADERS32, dos, dos->e_lfanew); |
||
| 363 | |||
| 364 | |||
| 365 | }; |
||
| 366 | |||
| 367 | |||
| 368 | |||
| 369 | addr_t get_proc_addr(addr_t module, char *name) |
||
| 370 | { |
||
| 371 | PIMAGE_DOS_HEADER expdos; |
||
| 372 | PIMAGE_NT_HEADERS32 expnt; |
||
| 373 | PIMAGE_EXPORT_DIRECTORY exp; |
||
| 374 | u32_t *functions; |
||
| 375 | char **funcname; |
||
| 376 | int ind; |
||
| 377 | |||
| 378 | |||
| 379 | expnt = MakePtr( PIMAGE_NT_HEADERS32, expdos, expdos->e_lfanew); |
||
| 380 | |||
| 381 | |||
| 382 | expnt->OptionalHeader.DataDirectory[0].VirtualAddress); |
||
| 383 | |||
| 384 | |||
| 385 | funcname = MakePtr(char**,exp->AddressOfNames,module); |
||
| 386 | |||
| 387 | |||
| 388 | { |
||
| 389 | if(!strcmp(name,MakePtr(char*,*funcname,module))) |
||
| 390 | return functions[ind] + module; |
||
| 391 | }; |
||
| 392 | return -1; |
||
| 393 | }; |
||
| 394 | */ |
||
| 395 | |||
| 396 | |||
| 397 | |||
| 398 | { |
||
| 399 | PIMAGE_DOS_HEADER dos; |
||
| 400 | PIMAGE_NT_HEADERS32 nt; |
||
| 401 | PIMAGE_SECTION_HEADER img_sec; |
||
| 402 | |||
| 403 | |||
| 404 | int i; |
||
| 405 | |||
| 406 | |||
| 407 | |||
| 408 | |||
| 409 | |||
| 410 | nt = MakePtr( PIMAGE_NT_HEADERS32, dos, dos->e_lfanew); |
||
| 411 | |||
| 412 | |||
| 413 | |||
| 414 | |||
| 415 | |||
| 416 | |||
| 417 | |||
| 418 | |||
| 419 | { |
||
| 420 | char *src_ptr; |
||
| 421 | char *dest_ptr; |
||
| 422 | size_t sec_size; |
||
| 423 | |||
| 424 | |||
| 425 | dest_ptr = MakePtr(char*,img_base, img_sec->VirtualAddress); |
||
| 426 | |||
| 427 | |||
| 428 | sec_copy(dest_ptr, src_ptr, img_sec->SizeOfRawData); |
||
| 429 | |||
| 430 | |||
| 431 | |||
| 432 | |||
| 433 | sec_clear(dest_ptr + img_sec->SizeOfRawData, |
||
| 434 | sec_size - img_sec->SizeOfRawData); |
||
| 435 | img_sec++; |
||
| 436 | } |
||
| 437 | |||
| 438 | |||
| 439 | { |
||
| 440 | PIMAGE_BASE_RELOCATION reloc; |
||
| 441 | |||
| 442 | |||
| 443 | |||
| 444 | |||
| 445 | |||
| 446 | |||
| 447 | nt->OptionalHeader.DataDirectory[5].VirtualAddress); |
||
| 448 | |||
| 449 | |||
| 450 | { |
||
| 451 | u32_t cnt; |
||
| 452 | u16_t *entry; |
||
| 453 | u16_t reltype; |
||
| 454 | u32_t offs; |
||
| 455 | |||
| 456 | |||
| 457 | entry = MakePtr( u16_t*, reloc, sizeof(*reloc) ); |
||
| 458 | |||
| 459 | |||
| 460 | { |
||
| 461 | u16_t *p16; |
||
| 462 | u32_t *p32; |
||
| 463 | |||
| 464 | |||
| 465 | offs = (*entry & 0x0FFF) + reloc->VirtualAddress; |
||
| 466 | switch(reltype) |
||
| 467 | { |
||
| 468 | case 1: |
||
| 469 | p16 = MakePtr(u16_t*, img_base, offs); |
||
| 470 | *p16+= (u16_t)(delta>>16); |
||
| 471 | break; |
||
| 472 | case 2: |
||
| 473 | p16 = MakePtr(u16_t*, img_base, offs); |
||
| 474 | *p16+= (u16_t)delta; |
||
| 475 | break; |
||
| 476 | case 3: |
||
| 477 | p32 = MakePtr(u32_t*, img_base, offs); |
||
| 478 | *p32+= delta; |
||
| 479 | } |
||
| 480 | entry++; |
||
| 481 | } |
||
| 482 | reloc = MakePtr(PIMAGE_BASE_RELOCATION, reloc,reloc->SizeOfBlock); |
||
| 483 | } |
||
| 484 | }; |
||
| 485 | |||
| 486 | |||
| 487 | { |
||
| 488 | PIMAGE_IMPORT_DESCRIPTOR imp; |
||
| 489 | |||
| 490 | |||
| 491 | |||
| 492 | |||
| 493 | nt->OptionalHeader.DataDirectory[1].VirtualAddress); |
||
| 494 | |||
| 495 | |||
| 496 | |||
| 497 | |||
| 498 | { |
||
| 499 | PIMAGE_THUNK_DATA32 thunk; |
||
| 500 | |||
| 501 | |||
| 502 | PIMAGE_NT_HEADERS32 expnt; |
||
| 503 | PIMAGE_EXPORT_DIRECTORY exp; |
||
| 504 | |||
| 505 | |||
| 506 | char *libname; |
||
| 507 | addr_t *functions; |
||
| 508 | u16_t *ordinals; |
||
| 509 | char **funcname; |
||
| 510 | |||
| 511 | |||
| 512 | |||
| 513 | break; |
||
| 514 | |||
| 515 | |||
| 516 | |||
| 517 | |||
| 518 | |||
| 519 | |||
| 520 | expnt = MakePtr( PIMAGE_NT_HEADERS32, expdos, expdos->e_lfanew); |
||
| 521 | |||
| 522 | |||
| 523 | expnt->OptionalHeader.DataDirectory[0].VirtualAddress); |
||
| 524 | |||
| 525 | |||
| 526 | ordinals = MakePtr(WORD*, exp->AddressOfNameOrdinals,LOAD_BASE); |
||
| 527 | funcname = MakePtr(char**, exp->AddressOfNames,LOAD_BASE); |
||
| 528 | |||
| 529 | |||
| 530 | imp->Characteristics, img_base); |
||
| 531 | iat= MakePtr(DWORD*,imp->FirstThunk, img_base); |
||
| 532 | |||
| 533 | |||
| 534 | { |
||
| 535 | PIMAGE_IMPORT_BY_NAME ord; |
||
| 536 | addr_t addr; |
||
| 537 | |||
| 538 | |||
| 539 | break; |
||
| 540 | |||
| 541 | |||
| 542 | { |
||
| 543 | // printf(" %4u\n", thunk->u1.Ordinal & 0xFFFF); |
||
| 544 | break; |
||
| 545 | } |
||
| 546 | else |
||
| 547 | { |
||
| 548 | ord = MakePtr(PIMAGE_IMPORT_BY_NAME, |
||
| 549 | thunk->u1.AddressOfData, img_base); |
||
| 550 | *iat=0; |
||
| 551 | |||
| 552 | |||
| 553 | |||
| 554 | |||
| 555 | MakePtr(char*,funcname[ord->Hint],LOAD_BASE),32)) |
||
| 556 | { |
||
| 557 | int ind; |
||
| 558 | char **names=funcname; |
||
| 559 | |||
| 560 | |||
| 561 | ind < exp->NumberOfNames; names++,ind++) |
||
| 562 | { |
||
| 563 | if(!strncmp(ord->Name,MakePtr(char*,*names,LOAD_BASE),32)) |
||
| 564 | { |
||
| 565 | DBG(" \tat %x\n", functions[ind] + LOAD_BASE); |
||
| 566 | *iat = functions[ind] + LOAD_BASE; |
||
| 567 | break; |
||
| 568 | }; |
||
| 569 | }; |
||
| 570 | if(ind == exp->NumberOfNames) |
||
| 571 | { |
||
| 572 | DBG(" unresolved import %s\n",ord->Name); |
||
| 573 | warn=1; |
||
| 574 | }; |
||
| 575 | } |
||
| 576 | else |
||
| 577 | { |
||
| 578 | DBG(" \tat %x\n", functions[ord->Hint] + LOAD_BASE); |
||
| 579 | *iat = functions[ord->Hint] + LOAD_BASE; |
||
| 580 | }; |
||
| 581 | }; |
||
| 582 | thunk++; // Advance to next thunk |
||
| 583 | iat++; |
||
| 584 | } |
||
| 585 | imp++; // advance to next IMAGE_IMPORT_DESCRIPTOR |
||
| 586 | }; |
||
| 587 | }; |
||
| 588 | |||
| 589 | |||
| 590 | nt->OptionalHeader.SizeOfImage, nt->FileHeader.NumberOfSections); |
||
| 591 | }; |
||
| 592 | |||
| 593 | |||
| 594 | |||
| 595 | |||
| 596 | |||
| 597 | |||
| 598 | |||
| 599 | |||
| 600 | { |
||
| 601 | PIMAGE_DOS_HEADER dos; |
||
| 602 | PIMAGE_NT_HEADERS32 nt; |
||
| 603 | PIMAGE_SECTION_HEADER sec; |
||
| 604 | |||
| 605 | |||
| 606 | int pages; |
||
| 607 | |||
| 608 | |||
| 609 | nt = MakePtr( PIMAGE_NT_HEADERS32, dos, dos->e_lfanew); |
||
| 610 | |||
| 611 | |||
| 612 | |||
| 613 | img_pages = img_size / PAGE_SIZE; |
||
| 614 | |||
| 615 | |||
| 616 | |||
| 617 | |||
| 618 | return NULL; |
||
| 619 | |||
| 620 | |||
| 621 | |||
| 622 | |||
| 623 | |||
| 624 | |||
| 625 | |||
| 626 | |||
| 627 | |||
| 628 | { |
||
| 629 | PIMAGE_IMPORT_DESCRIPTOR imp; |
||
| 630 | |||
| 631 | |||
| 632 | nt->OptionalHeader.DataDirectory[1].VirtualAddress); |
||
| 633 | while ( 1 ) |
||
| 634 | { |
||
| 635 | PIMAGE_THUNK_DATA32 thunk; |
||
| 636 | u32 *iat; |
||
| 637 | char *libname; |
||
| 638 | |||
| 639 | |||
| 640 | break; |
||
| 641 | |||
| 642 | |||
| 643 | |||
| 644 | imp->Characteristics, base); |
||
| 645 | iat= MakePtr(DWORD*,imp->FirstThunk, base); |
||
| 646 | |||
| 647 | |||
| 648 | { |
||
| 649 | PIMAGE_IMPORT_BY_NAME ord; |
||
| 650 | |||
| 651 | |||
| 652 | |||
| 653 | |||
| 654 | break; |
||
| 655 | |||
| 656 | |||
| 657 | { |
||
| 658 | // printf(" %4u\n", thunk->u1.Ordinal & 0xFFFF); |
||
| 659 | break; |
||
| 660 | } |
||
| 661 | else |
||
| 662 | { |
||
| 663 | PKERNEL_EXPORT exp; |
||
| 664 | exp = kernel_export; |
||
| 665 | |||
| 666 | |||
| 667 | thunk->u1.AddressOfData,base); |
||
| 668 | *iat=-1; |
||
| 669 | |||
| 670 | |||
| 671 | { |
||
| 672 | if(!strncmp(ord->Name,exp->name,16)) |
||
| 673 | { |
||
| 674 | *iat = exp->address; |
||
| 675 | break; |
||
| 676 | } |
||
| 677 | exp++; |
||
| 678 | } while(exp->name != 0); |
||
| 679 | }; |
||
| 680 | thunk++; // Advance to next thunk |
||
| 681 | iat++; |
||
| 682 | } |
||
| 683 | imp++; // advance to next IMAGE_IMPORT_DESCRIPTOR |
||
| 684 | } |
||
| 685 | }; |
||
| 686 | |||
| 687 | |||
| 688 |