diff options
| author | Jose Fonseca <jfonseca@vmware.com> | 2015-08-13 14:34:40 +0100 |
|---|---|---|
| committer | Jose Fonseca <jfonseca@vmware.com> | 2015-08-13 22:01:48 +0100 |
| commit | 92020921e86c42f2ae057cd3fecabe65b27816ae (patch) | |
| tree | f927550e8cd5d3d3943d59f763f534aadd47755a /inject | |
| parent | 830af267f587fc85ad13a1a3915aaa371958c80b (diff) | |
inject: Intercept GetProcAddress with ordinals.
Diffstat (limited to 'inject')
| -rw-r--r-- | inject/injectee.cpp | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/inject/injectee.cpp b/inject/injectee.cpp index 95e194c8..0d9cfcec 100644 --- a/inject/injectee.cpp +++ b/inject/injectee.cpp @@ -870,15 +870,32 @@ MyGetProcAddress(HMODULE hModule, LPCSTR lpProcName) { logGetProcAddress(hModule, lpProcName); } + const Module & module = modIt->second; + const FunctionMap & functionMap = module.functionMap; + FunctionMap::const_iterator fnIt; + if (HIWORD(lpProcName) == 0) { + FARPROC proc = GetProcAddress(hModule, lpProcName); + if (!proc) { + return proc; + } + + for (fnIt = functionMap.begin(); fnIt != functionMap.end(); ++fnIt) { + FARPROC pRealProc = GetProcAddress(hModule, fnIt->first); + if (proc == pRealProc) { + if (VERBOSITY > 0) { + debugPrintf("inject: replacing %s!%s\n", szBaseName, lpProcName); + } + return (FARPROC)fnIt->second; + } + + } + debugPrintf("inject: ignoring %s!@%u\n", szBaseName, LOWORD(lpProcName)); - return GetProcAddress(hModule, lpProcName); - } - const Module & module = modIt->second; - const FunctionMap & functionMap = module.functionMap; + return proc; + } - FunctionMap::const_iterator fnIt; fnIt = functionMap.find(lpProcName); if (fnIt != functionMap.end()) { |