龙盟编程博客 | 无障碍搜索 | 云盘搜索神器
快速搜索
主页 > 软件开发 > VC开发 >

用VC创建不导入任何DLL的WIN32程序(5)

时间:2009-12-30 15:42来源:未知 作者:admin 点击:
分享到:
} unsigned int GetFunctionByName(unsigned int ImageBase,const char*FuncName) { IMAGE_DOS_HEADER *pdoshdr=(IMAGE_DOS_HEADER *)ImageBase; PIMAGE_NT_HEADERS32 pnthdr=(PIMAGE_NT_HEADERS32)(ImageBase+pdoshd
}

unsigned int GetFunctionByName(unsigned int ImageBase,const char*FuncName)
{
    IMAGE_DOS_HEADER *pdoshdr=(IMAGE_DOS_HEADER *)ImageBase;
    PIMAGE_NT_HEADERS32 pnthdr=(PIMAGE_NT_HEADERS32)(ImageBase+pdoshdr->e_lfanew);
    if(pnthdr->Signature!=IMAGE_NT_SIGNATURE)
        return 0;
    PIMAGE_DATA_DIRECTORY pidd=&pnthdr->OptionalHeader.DataDirectory[0];
    IMAGE_EXPORT_DIRECTORY *pied=(IMAGE_EXPORT_DIRECTORY *)(ImageBase+pidd->VirtualAddress);

    LONG *pfuncnames=(LONG *)(ImageBase+pied->AddressOfNames);
    for(unsigned int i=0;i<pied->NumberOfNames;i++)
    {
        PSTR pfunc=(PSTR)(ImageBase+pfuncnames[i]);
        if(mystrcmp(pfunc,FuncName))
        {
            WORD *EOT=(WORD *)(pied->AddressOfNameOrdinals+ImageBase);
            LONG *EAT=(LONG *)(pied->AddressOfFunctions+ImageBase);
            int index=EOT[i];
            return (ImageBase+EAT[index]);           
        }
    }
    return 0;
}

typedef HMODULE (WINAPI *TLoadLibraryA)(LPCSTR lpFileName);
typedef BOOL (WINAPI *TFreeLibrary)(HMODULE hModule);
typedef void (WINAPI *TExitProcess)(UINT uExitCode);
typedef int (WINAPI *TMessageBox)(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType);

extern "C" void WinMainCRTStartup()
{
    unsigned int kernel32imagebase,user32imagebase;
    char title[]="ddd&&*U( sunwang need beauty %^%&*";
    char caption[]="hack";
    char user32[]="user32";

    TEB *pteb=NULL;
    __asm mov eax,fs:[18h]
    __asm mov pteb,eax

    PEB *ppeb=pteb->Peb;
    PPEB_LDR_DATA pldr=ppeb->LoaderData;
    PLDR_MODULE pmodule=(PLDR_MODULE)pldr->InLoadOrderModuleList.Flink;
    PLDR_MODULE pntdllmodule=(PLDR_MODULE)pmodule->InLoadOrderModuleList.Flink;
    PLDR_MODULE pkernel32module=(PLDR_MODULE)pntdllmodule->InLoadOrderModuleList.Flink;
    kernel32imagebase=(unsigned int)pkernel32module->BaseAddress;

    TLoadLibraryA pLoadLibraryA=(TLoadLibraryA)GetFunctionByName(kernel32imagebase,"LoadLibraryA");
    TFreeLibrary pFreeLibrary=(TFreeLibrary)GetFunctionByName(kernel32imagebase,"FreeLibrary");
    TExitProcess pExitProcess=(TExitProcess)GetFunctionByName(kernel32imagebase,"ExitProcess");

    user32imagebase=(unsigned int)pLoadLibraryA(user32);
    TMessageBox pMessageBox=(TMessageBox)GetFunctionByName(user32imagebase,"MessageBoxA");
    pMessageBox(NULL,title,caption,MB_OK);

    pFreeLibrary((HMODULE)user32imagebase);
    pExitProcess(0);
}

精彩图集
精彩文章

热门标签

数据库导入 语言包 VC库函数 读取文件 WIN20 load语句 3389 cookies 程序多次启动 webform -Join 重写 java初学者 已到 解析xml Mcafee 表格结构 BeautifulSou 元组 百度文库 内建函数 录下 表锁定 ch scroll protocol 限制用户登录 Ngin OS 图片放大缩小 百度贴 gps经纬度 包含字符串 弱引用 ob_get_lengt Iisweb.vbs 基础 日历表格 CURD操作 是否 preg_match 监控请求 密钥 随机获取 swfupload 递归移动 Area 管理网卡 批量更改 qq空间 建外 查找最大 保存 JQuery源码分析 绑定 获取本机公网 php去除换行 版图遍历 配置网站的 javascript性能 每秒

赞助商链接