#include "stdafx.h"
#include "windows.h"
#define var_MessageBox 4
#define var_ExitProcess 8
#define var_LoadLibrary 12
#define var_DllBase 16
#define var_Export 20
#define var_Libname 28
int _tmain(int argc, _TCHAR* argv[])
{
_asm{
push ebp
mov ebp,esp
sub esp,0D4h
mov dword ptr [ebp-var_MessageBox],0x1e380a6a
mov dword ptr [ebp-var_ExitProcess],0x4fd18963
mov dword ptr [ebp-var_LoadLibrary],0xc0d83287
mov dword ptr [ebp-var_Libname],0x72657375
mov dword ptr [ebp-24],0x3233
mov eax,fs:[0x30]
mov eax,[eax+0x0c]
mov eax,[eax+0x1c]
mov eax,[eax]
mov eax,[eax+08h]
mov [ebp-var_DllBase],eax
mov esi,ebp
sub esi,12
Find_Next:
lodsd
cmp eax,0x1e380a6a
jne Find_lib_Function
push LOAD_LIBRARY_AS_DATAFILE
push 0
mov eax,ebp
sub eax,28
push eax
call [ebp-var_LoadLibrary]
mov [ebp-var_DllBase],eax
Find_lib_Function:
mov eax,[ebp-var_DllBase]
add eax,[eax+03ch]
mov eax,[eax+078h]
add eax,[ebp-var_DllBase]
mov [ebp-var_Export],eax
mov ecx,[eax+018h]
mov eax,[eax+020h]
add eax,[ebp-var_DllBase]
xor edx,edx
Next_Loop:
cmp edx,ecx
jge nofind
mov edi,[eax]
add edi,[ebp-var_DllBase]
xor ebx,ebx
Get_Hash:
cmp byte ptr [edi],0
je xxx
ror ebx,7
push eax
movzx eax,byte ptr [edi]
add ebx,eax
pop eax
inc edi
jmp Get_Hash
xxx:
cmp ebx,dword ptr [esi-4]
jz find
add eax,4
inc edx
jmp Next_Loop
find:
mov eax,[ebp-var_Export]
mov ecx,[eax+024h]
add ecx,[ebp-var_DllBase]
shl edx,1
add ecx,edx
movzx ecx,word ptr [ecx]
shl ecx,2
mov eax,[eax+01ch]
add eax,[ebp-var_DllBase]
add eax,ecx
mov eax,[eax]
add eax,[ebp-var_DllBase]
mov [esi-4],eax
cmp ebx,0x1e380a6a
jz call_function
jmp Find_Next
call_function:
push 0
push 0
mov eax,ebp
sub eax,28
push eax
push 0
call [ebp-var_MessageBox]
push 0
call [ebp-var_ExitProcess]
nofind:
}
printf("hello,word");
getchar();
return 0;
}
[ 本帖最后由 zhu224039 于 2014-6-7 03:57 编辑 ]