GetProcAddr

Vortex · September 20, 2006, 07:18:12 PM

Here is my GetProcAddr routine simulating the API function GetProcAddress. It takes two parameters like the API version, the first one is the handle to the DLL module and the second one is a pointer to the name of function.

GetProcAddr scans the export table of the DLL and if it succeeds , it returns the address of the function exported by the DLL.
In failure, GetProcAddr returns NULL.

Code Select


; GetProcAddr by Vortex

.386
.model flat, stdcall
option casemap:none

include	\GeneSys\include\windows.inc

StrCmpA     PROTO :DWORD,:DWORD

.code

GetProcAddr PROC uses esi edi ebx hModule:DWORD,func:DWORD

LOCAL counter:DWORD

    mov	edi,hModule
    add	edi,IMAGE_DOS_HEADER.e_lfanew[edi]
    mov	edi,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[edi]
    add	edi,hModule
    mov	ebx,edi
    mov	eax,IMAGE_EXPORT_DIRECTORY.NumberOfNames[edi]
    mov	esi,IMAGE_EXPORT_DIRECTORY.AddressOfNames[edi]
    mov	ecx,eax
    mov     counter,eax
    add	esi,hModule
    inc     ecx
    sub     esi,4

scan_export_table:

    add	esi,4
    dec	ecx
    jz      finish          ; returns NULL if the function fails
    mov	edi,[esi]
    add	edi,hModule
    push    ecx
    invoke	StrCmpA,func,edi
    pop     ecx
    test	eax,eax
    jz	scan_export_table
    mov	esi,IMAGE_EXPORT_DIRECTORY.AddressOfNameOrdinals[ebx]
    neg     ecx
    add     ecx,counter
    shl	ecx,1
    add	esi,ecx 
    add	esi,hModule
    movzx	eax,WORD PTR [esi]
    mov	esi,IMAGE_EXPORT_DIRECTORY.AddressOfFunctions[ebx]
    shl	eax,2
    add	esi,hModule
    add	esi,eax	
    mov	edi,[esi]
    add	edi,hModule
    mov	eax,edi

finish:

    ret		

GetProcAddr ENDP

END

[attachment deleted by admin]

James Ladd · September 20, 2006, 10:07:19 PM

Vortex, that excellent.

What are the advantages of your API over the WIN32 version ?

Could you make an API that returns a table of all function names ?
Maybe even a structure containing the name and the address

Rgs, James.

PBrennick · September 21, 2006, 12:53:35 AM

That is usually the case with all functions in a library. It is a part of the 'trade off.' We are willing to sacrifice a little of the speed for ease of use. Besides, when the results are measured in nanoseconds or picoseconds, a slight loss in speed is not detectable by a human being so what difference does it make? Ease of use is always the answer that makes the most sense. :U
Paul

James Ladd · September 21, 2006, 10:24:12 PM

Paul,
The function is great.
Is it possible to get a function like the one I asked for, where all the exported functions are returns in one
go with the name and the address?

PBrennick · September 22, 2006, 12:04:10 AM

James,
We will definitely do something. Right now, we are exploring options. Stay tuned...

Paul

James Ladd · September 22, 2006, 05:24:28 AM

Premature optimization is the root of all evil (or at least most of it) in programming.
- Donald Knuth

Vortex · September 22, 2006, 05:36:36 AM

Hi James,

Thanks for the idea, I will try to work on that option ( returning in one go)

PBrennick · September 23, 2006, 04:53:00 AM

It became necessary for me to remove some posts from this thread. The decision was not an easy one and as a collateral effect, some posts which had nothing to do with the problem were also removed as they no longer made any sense. If any one wishing a more detailed explanation, I would appreciate it if the request is made by PM.

This thread will now return to its intended function. James, we are working on your request. Thank you for your patience.

Paul

Vortex · September 23, 2006, 11:06:57 AM

New upload at the top :

- Removed some unnecessary local variables.

Vortex · September 24, 2006, 07:34:17 PM

Here is the GetExpTable function returning a structure receiving the names and the addresses of exported functions :

Code Select

GetExpTable PROTO hModule:DWORD,pExpTable:DWORD

hModule : handle to DLL.
pExpTable : pointer to the EXPORT_TABLE structure receiving the names and addresses.

Code Select


EXPORT_TABLE    STRUCT
    NumbOfNames         DWORD ? ; number of exported functions
    AddrOfNames         DWORD ? ; address pointing to an array of RVAs of function names
    AddrOfEntryPoints   DWORD ? ; address pointing to an array of RVAs of function etry points
EXPORT_TABLE    ENDS

Code Select


GetExpTable PROC uses esi hModule:DWORD,pExpTable:DWORD

    mov     esi,pExpTable
    mov	edx,hModule
    add	edx,IMAGE_DOS_HEADER.e_lfanew[edx]
    mov	edx,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[edx]
    add	edx,hModule

    mov	eax,IMAGE_EXPORT_DIRECTORY.NumberOfNames[edx]
    mov     EXPORT_TABLE.NumbOfNames[esi],eax
  
    mov	ecx,IMAGE_EXPORT_DIRECTORY.AddressOfNames[edx]
    add	ecx,hModule
    mov     EXPORT_TABLE.AddrOfNames[esi],ecx

    mov	ecx,IMAGE_EXPORT_DIRECTORY.AddressOfNameOrdinals[edx]
    add	ecx,hModule
    movzx   eax,WORD PTR [ecx]
    mov	ecx,IMAGE_EXPORT_DIRECTORY.AddressOfFunctions[edx]
    shl	eax,2
    add	ecx,hModule
    add	ecx,eax	
    mov     EXPORT_TABLE.AddrOfEntryPoints[esi],ecx
    ret		

GetExpTable ENDP

[attachment deleted by admin]

James Ladd · September 24, 2006, 09:59:29 PM

Vortex,
Thanks for taking the time to do this. I really appreciate it.
Rgs,James.

Vortex · September 25, 2006, 05:19:49 PM

James,

You are welcome :U

News:

GetProcAddr