.386
.model flat, stdcall
option casemap:none
assume fs:nothing
.data
GPA db "GetProcAddress",0
Cont dd 0
.code
start:
mov eax, fs:[030h] ; Get pointer of the PEB
mov eax, [eax + 0ch] ; Get pointer of PPEB_LDR_DATA
mov eax, [eax + 0ch] ; Get pointer of InLoadOrderModuleList
mov eax, [eax] ; Get InLoadOrderModuleList of next library "ntdll"
mov eax, [eax] ; Get InLoadOrderModuleList of next library "kernel32"
mov eax, [eax + 018h] ; Get BaseAddress of "kernel32"
mov ecx, dword ptr[eax + 03ch] ; Set PE Offset
add ecx, 078h ; Set in DirectoryTable[0]
mov edx, dword ptr [eax + ecx] ; Get Export Table RVA
add edx, eax ; Add KernelBase Address
xor ebx, ebx ; Clean EBX
add edx, 020h ; Set in addressofnames RVA
mov ebx, dword ptr [edx] ; Get RVA AddressOfNames Table
add ebx, eax ; Add KernelBase Address
COMP: ; Rutine of compare strings with "GetProcAddress", incrementing Cont
add ebx, 4
inc [Cont]
mov esi, dword ptr [ebx]
add esi, eax
lea edi, [GPA]
mov ecx, 0Eh
repe cmpsb
jnz COMP
;GetAddress
xor ebx, ebx ; Clean EBX
add edx, 04h ; Set on Table Ordinal RVA
mov ebx, dword ptr[edx] ; Get first RVA of Ordinal
add ebx, eax ; Add KernelBase Address
mov edi, eax ; Save KernelBase Address in EDI
xor eax, eax ; Clean EAX
mov al, 02h ; Base of WORD
mov esi, edx ; Save Address of RVA Ordinal Table
mul word ptr[Cont] ; Mul Cont for get WORD
mov [Cont], eax ; Get new value in Cont
xor eax, eax ; Clean EAX
add ebx, [Cont] ; Add Cont to Address of Ordinal Table
mov ax,word ptr[ebx] ; Get Ordinal of GetProcAddress
sub esi, 08h ; Set in AddressOfFunctions
mov ecx, [esi] ; Get First pointer to Functions RVA
add ecx, edi ; Add KernelBase Address
xor ebx, ebx ; Clean EBX
mov ebx, eax ; Mov Ordinal to EBX for MUL
mov eax, 04h ; Base of DWORD
mul ebx ; Calcule spaces to Get address bassed in (Address of First Function + Ordinal GetProcAddress
add ecx, eax ; Add spaces for Set Address in RVA of GetProcAddress
mov ecx, [ecx] ; Get RVA of GetProcAddress
add ecx, edi ; Add KernelBase Address
end start
Agradecimientos a Shaddy, [Zero], Lelo, Thor, Psymera & todos los que me han ayudado.