📄 dllload.cpp
字号:
// GetDLLFileName() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Like GetModuleFileName(), returns 0 on failure
DWORD GetDLLFileName(HMODULE hModule, LPTSTR lpFileName, DWORD nSize)
{
IMAGE_PARAMETERS * cur;
DWORD dwRet;
if(hModule==NULL || lpFileName==NULL || nSize==0)
return 0;
if((dwRet = GetModuleFileName(hModule,lpFileName,nSize)) !=0 )
return dwRet;
EnterCriticalSection(&g_DLLCrit);
// Find DLL in list
for(cur = g_pImageParamHead; cur!=NULL; cur = cur->next)
{
if(cur->pImageBase == hModule)
break;
}
if(cur != NULL)
{
lstrcpyn(lpFileName, cur->svName, nSize);
LeaveCriticalSection(&g_DLLCrit);
return lstrlen(lpFileName);
}
LeaveCriticalSection(&g_DLLCrit);
return 0;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// GetDLLProcAddress() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Like GetProcAddress(), returns null if the procedure/ordinal is not there, otherwise returns function addr.
FARPROC GetDLLProcAddress(HMODULE hModule, LPCSTR lpProcName)
{
IMAGE_OPTIONAL_HEADER * oh;
IMAGE_EXPORT_DIRECTORY * ed;
int nDirCount; // Number of entries in export table
int nOrdinal = 0; // Function ordinal number
if(hModule == NULL)
return NULL;
// Get optional header
oh = GetOptionalHeader(hModule);
// Get number of image directories in list
if((nDirCount = oh->NumberOfRvaAndSizes) < 16)
return NULL;
// Sift through export table
if(oh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
return NULL;
// Good, we have an export table. Lets get it.
ed = (IMAGE_EXPORT_DIRECTORY *)MovePtr(hModule, oh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
// Get ordinal of desired function
if(HIWORD((DWORD)lpProcName) == 0)
nOrdinal = (LOWORD((DWORD)lpProcName)) - ed->Base;
else
{
DWORD * pdwNamePtr = (DWORD *)MovePtr(hModule, (DWORD)ed->AddressOfNames);
WORD * pwOrdinalPtr = (WORD *)MovePtr(hModule, (DWORD)ed->AddressOfNameOrdinals);
// Go through name table and find appropriate ordinal
for(DWORD i = 0; i < ed->NumberOfNames; i++)
{
char * svName = (char *)MovePtr(hModule, *pdwNamePtr);
if(!lstrcmp(svName, lpProcName))
{
nOrdinal = (int)(*pwOrdinalPtr);
break;
}
pdwNamePtr++;
pwOrdinalPtr++;
}
if(i == ed->NumberOfNames)
return NULL;
}
// Look up RVA of this ordinal
DWORD * pAddrTable = (DWORD *)MovePtr(hModule, (DWORD)ed->AddressOfFunctions);
DWORD dwRVA = pAddrTable[nOrdinal];
return (FARPROC)MovePtr(hModule, dwRVA);
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// SetDLLProcAddress() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Modifies an image. Must be loaded with RWX_PERMISSIONS, or have the export
// table writable
FARPROC SetDLLProcAddress(HMODULE hModule, LPCSTR lpProcName, FARPROC fpAddr)
{
if(hModule==NULL)
return FALSE;
// Get header and number of image directories in list
IMAGE_OPTIONAL_HEADER * oh = GetOptionalHeader(hModule);
int nDirCount = oh->NumberOfRvaAndSizes;
if(nDirCount<16)
return FALSE;
// - Sift through export table -----------------------------------------------
if(oh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
return NULL;
// Good, we have an export table. Lets get it.
IMAGE_EXPORT_DIRECTORY * ed = (IMAGE_EXPORT_DIRECTORY *)MovePtr(hModule, oh->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
// Get ordinal of desired function
int nOrdinal = 0;
if(HIWORD((DWORD)lpProcName) == 0)
nOrdinal = (LOWORD((DWORD)lpProcName)) - ed->Base;
else
{
// Go through name table and find appropriate ordinal
DWORD *pdwNamePtr;
WORD *pwOrdinalPtr;
int count = ed->NumberOfNames;
pdwNamePtr=(DWORD *)RVATOVA(hModule,ed->AddressOfNames);
pwOrdinalPtr=(WORD *)RVATOVA(hModule,ed->AddressOfNameOrdinals);
for(int i = 0; i < count; i++)
{
// XXX should be a binary search, but, again, fuck it.
char * svName =(char *)MovePtr(hModule, *pdwNamePtr);
if(lstrcmp(svName, lpProcName) == 0)
{
nOrdinal=*pwOrdinalPtr;
break;
}
pdwNamePtr++;
pwOrdinalPtr++;
}
if(i==count)
return NULL;
}
// Replace with different virtual address
// Look up RVA of this ordinal and replace with RVA of other function
/*
DWORD *pAddrTable = (DWORD *)MovePtr(hModule, (DWORD)ed->AddressOfFunctions);
DWORD dwOldAddr = (DWORD) MovePtr(hModule, pAddrTable[nOrdinal]);
pAddrTable[nOrdinal]=(DWORD) MovePtrBack(hModule, (DWORD)fpAddr);
*/
DWORD *pAddrTable=(DWORD *)RVATOVA(hModule,ed->AddressOfFunctions);
DWORD dwOldAddr=(DWORD) RVATOVA(hModule,(pAddrTable[nOrdinal]));
pAddrTable[nOrdinal]=(DWORD) VATORVA(hModule,((DWORD)fpAddr));
return (FARPROC) dwOldAddr;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Internal DLL Loader code //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// LoadDLL() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
HMODULE LoadDLLEx(LPCTSTR lpLibFileName, HANDLE, DWORD dwFlags)
{
HMODULE hModule = NULL;
HANDLE hFile;
HANDLE hMapping;
char svPath[MAX_PATH+1];
char * svFilePart;
void * baseAddr;
// Find DLL File
if(dwFlags & LOAD_WITH_ALTERED_SEARCH_PATH)
return NULL;
else
{
if(SearchPath(NULL, lpLibFileName, ".dll", MAX_PATH, svPath, &svFilePart) == 0)
return NULL;
}
// Open File
if((hFile = CreateFile(svPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL)) != INVALID_HANDLE_VALUE)
{
// Create a file mapping
if((hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL)) != NULL)
{
// Map file mapping object to memory image
if((baseAddr = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0)) != NULL)
{
if(dwFlags & FORCE_LOAD_NEW_IMAGE)
hModule = LoadDLLFromImage(baseAddr, NULL, dwFlags & ~LOAD_WITH_ALTERED_SEARCH_PATH);
else
hModule = LoadDLLFromImage(baseAddr, svFilePart, dwFlags & ~LOAD_WITH_ALTERED_SEARCH_PATH);
UnmapViewOfFile(baseAddr);
}
// Close file mapping
CloseHandle(hMapping);
}
// Close file
CloseHandle(hFile);
}
// Return base address as an instance handle
return (HMODULE)hModule;
}
HMODULE LoadDLL(LPCTSTR lpLibFileName)
{
return LoadDLLEx(lpLibFileName, NULL, 0);
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// ResetDLLProcAddress() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL ResetDLLProcAddress(HMODULE hModule, LPCSTR lpProcName)
{
HMODULE hNewMod;
DWORD dwNewAddr;
DWORD dwAddr = 0;
char fileName[MAX_PATH+1];
if(GetDLLFileName(hModule, fileName, MAX_PATH))
{
// Load another copy of the DLL
if((hNewMod = LoadDLLEx(fileName, NULL, FORCE_LOAD_NEW_IMAGE)) == NULL)
return FALSE;
if(((DWORD)GetDLLProcAddress(hNewMod, lpProcName)) == NULL)
{
FreeDLL(hNewMod);
return FALSE;
}
dwNewAddr = (DWORD)MovePtr(hModule, (DWORD)MovePtrBack(hNewMod, dwAddr));
FreeDLL(hNewMod);
SetDLLProcAddress(hModule,lpProcName,(FARPROC)dwNewAddr);
return TRUE;
}
return FALSE;
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
// FreeDLL() //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
BOOL FreeDLL(HMODULE hLibModule)
{
if(hLibModule==NULL) return FALSE;
// Examine DOS Header
PIMAGE_DOS_HEADER dosHdr;
dosHdr=(PIMAGE_DOS_HEADER) hLibModule;
if(dosHdr->e_magic!=IMAGE_DOS_SIGNATURE) return FALSE;
// Determine File Format
if(*GetNTSignature(hLibModule) != IMAGE_NT_SIGNATURE)
return FALSE;
// Get PE Optional Header
PIMAGE_OPTIONAL_HEADER oh;
oh=(PIMAGE_OPTIONAL_HEADER) OPTHDROFFSET(hLibModule);
// Ensure we are an executable image, not a rom image
if(oh->Magic!=0x010B) return FALSE;
// Get image length
DWORD dwImageSize;
dwImageSize=oh->SizeOfImage;
// Get from DLL table/decrease reference count
DWORD dwFlags;
char svName[MAX_PATH];
int dllaction;
dllaction=RemoveDLLReference(hLibModule,svName,&dwFlags);
if(dllaction==-1) return NULL;
// Call DllMain if necessary
BOOL bRet;
bRet=TRUE;
if(!(dwFlags & (LOAD_LIBRARY_AS_DATAFILE | DONT_RESOLVE_DLL_REFERENCES))) {
if(dllaction) {
RunDLLMain(hLibModule,dwImageSize,DLL_DETACH);
if(g_bIsWinNT) bRet=UnmapViewOfFile(hLibModule);
else bRet=VirtualFree(hLibModule,0,MEM_RELEASE);
}
}
return bRet;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -