Código:
#include <windows.h>
#include <stdio.h>
#include <iostream>
using namespace std;
int Kernel32();
DWORD GetOffset(DWORD Modulo, char *Funcion, DWORD Tamaño);
int LoadLibrari(char *Modulo);
DWORD Krn32 = 0;
DWORD Ws2_32 = 0;
//**************************
DWORD GetProcA = 0;
DWORD LoadLibA = 0;
DWORD Sock = 0;
//**************************
DWORD Contador;
DWORD PEHeader = 0;
DWORD ET = 0;
WORD PosicionEAT = 0;
DWORD Retorno = 0;
int main()
{
Kernel32();
printf("\n\nLa direccion de Memoria de Kernel32.dll es: %8X", Krn32);
printf("\nLa direccion de Memoria de Kernel32.dll con LoadLibraryA es: %8X", LoadLibraryA("Kernel32.dll"));
cout << "\n\n*****************************************************************" << endl;
GetProcA = GetOffset( Krn32, "GetProcAddress", 14 );
printf("La direccion de Memoria de GetProcAddress es: %8X", GetProcA);
printf("\nLa direccion de Memoria de GetProcAddress con GetProcAddress es: %8X", GetProcAddress((HMODULE)Krn32,"GetProcAddress"));
cout << "\n\n*********************************************************************" << endl;
LoadLibA = GetOffset( Krn32, "LoadLibraryA", 12 );
printf("La direccion de Memoria de LoadLibraryA es: %8X", LoadLibA);
printf("\nLa direccion de Memoria de LoadLibraryA con GetProcAddress es: %8X", GetProcAddress((HMODULE)Krn32,"LoadLibraryA"));
cout << "\n\n*********************************************************************" << endl;
Ws2_32 = LoadLibrari("ws2_32.dll");
printf("\nLa direccion de Memoria de Ws2_32.dll es: %8X", Ws2_32);
printf("\nLa direccion de Memoria de Ws2_32.dll con LoadLibraryA es: %8X", LoadLibraryA("Ws2_32.dll"));
cout << "\n\n*********************************************************************" << endl;
Sock = GetOffset( Ws2_32, "socket", 6 );
printf("\nLa direccion de Memoria de socket es: %8X", Sock);
printf("\nLa direccion de Memoria de socket con GetProcAddress es: %8X", GetProcAddress((HMODULE)Ws2_32,"socket"));
cin.get();
}
int Kernel32()
{
__asm{
mov eax, fs:[0x30]
mov eax, [eax + 0x0C]
lea eax, [eax + 0x0C]
NextModule:
mov eax, [eax]
mov ebx, [eax + 0x30]
cmp byte ptr[ebx + 6*2], '3'
jne NextModule
mov ebx, [eax + 0x18]
mov Krn32, ebx
}
return 0;
}
DWORD GetOffset(DWORD Modulo, char *Funcion, DWORD Tamaño)
{
__asm {
mov Contador, -1
mov eax, Modulo
add eax, [eax+3Ch]
mov [PEHeader], eax
add eax, 78h
mov eax, [eax]
add eax, Modulo
mov [ET], eax
add eax, 20h
mov eax, [eax]
add eax, Modulo
bucle:
inc Contador
mov ebx, [eax]
add ebx, Modulo
mov esi, ebx
add eax, 4
mov edi, Funcion
mov ecx, Tamaño
repe cmpsb
jnz bucle
mov ecx, [ET]
mov ecx, [ecx+24h]
add ecx, [Modulo]
mov eax, [Contador]
add eax, eax
add ecx, eax
mov ax, word ptr [ecx]
mov [PosicionEAT], ax
mov eax, [ET]
mov eax, [eax+1Ch]
add eax, Modulo
mov ebx, [Contador]
rol ebx, 2
add eax, ebx
mov eax, [eax]
add eax, Modulo
mov Retorno, eax
}
cout << "\nEl Ordinal es: " << Contador << endl;
return Retorno;
}
int LoadLibrari(char *Modulo)
{
__asm{
push [Modulo]
call [LoadLibA]
mov Retorno, eax
}
return Retorno;
}
#include <stdio.h>
#include <iostream>
using namespace std;
int Kernel32();
DWORD GetOffset(DWORD Modulo, char *Funcion, DWORD Tamaño);
int LoadLibrari(char *Modulo);
DWORD Krn32 = 0;
DWORD Ws2_32 = 0;
//**************************
DWORD GetProcA = 0;
DWORD LoadLibA = 0;
DWORD Sock = 0;
//**************************
DWORD Contador;
DWORD PEHeader = 0;
DWORD ET = 0;
WORD PosicionEAT = 0;
DWORD Retorno = 0;
int main()
{
Kernel32();
printf("\n\nLa direccion de Memoria de Kernel32.dll es: %8X", Krn32);
printf("\nLa direccion de Memoria de Kernel32.dll con LoadLibraryA es: %8X", LoadLibraryA("Kernel32.dll"));
cout << "\n\n*****************************************************************" << endl;
GetProcA = GetOffset( Krn32, "GetProcAddress", 14 );
printf("La direccion de Memoria de GetProcAddress es: %8X", GetProcA);
printf("\nLa direccion de Memoria de GetProcAddress con GetProcAddress es: %8X", GetProcAddress((HMODULE)Krn32,"GetProcAddress"));
cout << "\n\n*********************************************************************" << endl;
LoadLibA = GetOffset( Krn32, "LoadLibraryA", 12 );
printf("La direccion de Memoria de LoadLibraryA es: %8X", LoadLibA);
printf("\nLa direccion de Memoria de LoadLibraryA con GetProcAddress es: %8X", GetProcAddress((HMODULE)Krn32,"LoadLibraryA"));
cout << "\n\n*********************************************************************" << endl;
Ws2_32 = LoadLibrari("ws2_32.dll");
printf("\nLa direccion de Memoria de Ws2_32.dll es: %8X", Ws2_32);
printf("\nLa direccion de Memoria de Ws2_32.dll con LoadLibraryA es: %8X", LoadLibraryA("Ws2_32.dll"));
cout << "\n\n*********************************************************************" << endl;
Sock = GetOffset( Ws2_32, "socket", 6 );
printf("\nLa direccion de Memoria de socket es: %8X", Sock);
printf("\nLa direccion de Memoria de socket con GetProcAddress es: %8X", GetProcAddress((HMODULE)Ws2_32,"socket"));
cin.get();
}
int Kernel32()
{
__asm{
mov eax, fs:[0x30]
mov eax, [eax + 0x0C]
lea eax, [eax + 0x0C]
NextModule:
mov eax, [eax]
mov ebx, [eax + 0x30]
cmp byte ptr[ebx + 6*2], '3'
jne NextModule
mov ebx, [eax + 0x18]
mov Krn32, ebx
}
return 0;
}
DWORD GetOffset(DWORD Modulo, char *Funcion, DWORD Tamaño)
{
__asm {
mov Contador, -1
mov eax, Modulo
add eax, [eax+3Ch]
mov [PEHeader], eax
add eax, 78h
mov eax, [eax]
add eax, Modulo
mov [ET], eax
add eax, 20h
mov eax, [eax]
add eax, Modulo
bucle:
inc Contador
mov ebx, [eax]
add ebx, Modulo
mov esi, ebx
add eax, 4
mov edi, Funcion
mov ecx, Tamaño
repe cmpsb
jnz bucle
mov ecx, [ET]
mov ecx, [ecx+24h]
add ecx, [Modulo]
mov eax, [Contador]
add eax, eax
add ecx, eax
mov ax, word ptr [ecx]
mov [PosicionEAT], ax
mov eax, [ET]
mov eax, [eax+1Ch]
add eax, Modulo
mov ebx, [Contador]
rol ebx, 2
add eax, ebx
mov eax, [eax]
add eax, Modulo
mov Retorno, eax
}
cout << "\nEl Ordinal es: " << Contador << endl;
return Retorno;
}
int LoadLibrari(char *Modulo)
{
__asm{
push [Modulo]
call [LoadLibA]
mov Retorno, eax
}
return Retorno;
}