📄 importhandler.asm
字号:
; Author: Brandon LaCombe
; Date: February 3, 2006
; License: Public Domain
.386
.model flat, stdcall
option casemap:none
include windows.inc
include LoaderStructs.inc
GETMODULEHANDLE typedef proto lpModuleName:dword
GETPROCADDRESS typedef proto hModule:dword, lpProcName:dword
.code
ExportImportHandler proc pdwImportHandlerSize:dword
mov eax, pdwImportHandlerSize
.if eax
mov dword ptr[eax], import_handler_end - import_handler_start
.endif
mov eax, import_handler_start
ret
ExportImportHandler endp
import_handler_start:
mov esi, (LOADER_STRUCT ptr[ebx]).pImports ; esi = import descriptor pointer
; DLL LOOP
jmp import_handler_enter_dll_loop ; enter dll loop
@@: add eax, (LOADER_STRUCT ptr[ebx]).dwImageBase ; eax = dll name ptr
invoke GETMODULEHANDLE ptr[(KERNEL_IAT ptr[ebp]).pGetModuleHandleA], eax ; get base of dll
mov edi, [esi] ; edi = iat rva
add edi, (LOADER_STRUCT ptr[ebx]).dwImageBase ; edi = iat pointer
; IMPORT LOOP
jmp import_handler_enter_import_loop ; enter import loop
import_handler_import_loop:
btr ecx, 31 ; test for ordinal flag
.if !carry? ; if not an ordinal
add ecx, (LOADER_STRUCT ptr[ebx]).dwImageBase ; convert name rva to pointer
inc ecx
inc ecx ; skip name length field
.endif
push eax ; backup base of dll
invoke GETPROCADDRESS ptr[(KERNEL_IAT ptr[ebp]).pGetProcAddress], eax, ecx ; lookup import address
stosd ; store import address to iat
pop eax ; restore base of dll
import_handler_enter_import_loop:
mov ecx, [edi] ; load iat entry
test ecx, ecx ; test for terminating entry
jnz import_handler_import_loop ; process the import if necessary
add esi, sizeof(IMAGE_IMPORT_DESCRIPTOR) - sizeof(DWORD) ; move to next desc entry
import_handler_enter_dll_loop:
lodsd ; load dll name rva
test eax, eax ; test for terminating descriptor
jnz @B ; process the dll if necessary
import_handler_end:
end
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -