|
|
Hi guys,
I was wondering how someone would find the Ordinal of an imported function? I am using an API hook function which is below:
PVOID HookImportedFunction(const char *Dll, const char *FuncName, int Ordinal, void *Function)
{
DWORD oldProtect;
void *PrevValue=0;
DWORD image_base = (DWORD)GetModuleHandle(NULL);
IMAGE_DOS_HEADER *idh = (IMAGE_DOS_HEADER *)image_base;
IMAGE_FILE_HEADER *ifh = (IMAGE_FILE_HEADER *)(image_base +
idh->e_lfanew + sizeof(DWORD));
IMAGE_OPTIONAL_HEADER *ioh = (IMAGE_OPTIONAL_HEADER *)((DWORD)(ifh) +
sizeof(IMAGE_FILE_HEADER));
IMAGE_IMPORT_DESCRIPTOR *iid = (IMAGE_IMPORT_DESCRIPTOR *)(image_base +
ioh->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
VirtualProtect((LPVOID)(image_base +
ioh->DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress),
ioh->DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size, PAGE_READWRITE,
&oldProtect);
while(iid->Name)
{
if(stricmp(Dll, (char *)(image_base + iid->Name)) == 0)
{
IMAGE_THUNK_DATA * pThunk = (IMAGE_THUNK_DATA *)
((DWORD)iid->OriginalFirstThunk + image_base);
IMAGE_THUNK_DATA * pThunk2 = (IMAGE_THUNK_DATA *)
((DWORD)iid->FirstThunk + image_base);
while(pThunk->u1.AddressOfData)
{
char * name = 0;
int ordinal;
if(pThunk->u1.Ordinal & 0x80000000)
ordinal = pThunk->u1.Ordinal & 0xffff;
else
{
IMAGE_IMPORT_BY_NAME * pname = (IMAGE_IMPORT_BY_NAME *)
((DWORD)pThunk->u1.AddressOfData + image_base);
ordinal = pname->Hint;
name = (char *)pname->Name;
}
if(name != 0 && FuncName && strcmp(name, FuncName) == 0)
{
PrevValue = (void*)pThunk2->u1.Function;
#if _MFC_VER == 0x0600
pThunk2->u1.Function = (DWORD*)Function;
#else
pThunk2->u1.Function = (DWORD)Function;
#endif
}
else if(ordinal == Ordinal)
{
PrevValue = (void*)pThunk2->u1.Function;
#if _MFC_VER == 0x0600
pThunk2->u1.Function = (DWORD*)Function;
#else
pThunk2->u1.Function = (DWORD)Function;
#endif
}
pThunk++;
pThunk2++;
}
}
iid++;
}
return PrevValue;
}
However I do not know how to get the Ordinal of a windows API function, say CreateFile or WriteProcessMemory . I know an ordinal of the function MessageBoxA is 476, but I cant find the ordinals of these functions.
Would anyone know how you would find the ordinals?
Thanks,
Robbie
|
|
|
|
|
Maybe the following sample function will give you some ideas?
It returns the ordinal number having the handle of the DLL (from LoadLibrary ) and the address of the exported function (from GetProcAddress ):
WORD getFunctionOrdinal( HMODULE hModule, FARPROC pFunction)
{
if( hModule == 000 || pFunction == 000) return 0;
ULONG export_dir_size;
PIMAGE_EXPORT_DIRECTORY pExportDir =
(PIMAGE_EXPORT_DIRECTORY)ImageDirectoryEntryToData(
hModule,
TRUE,
IMAGE_DIRECTORY_ENTRY_EXPORT,
&export_dir_size
);
if( pExportDir == 000)
{
return 0;
}
LPCSTR const charAddress = (LPCSTR)hModule;
WORD const base = (WORD)pExportDir->Base;
PDWORD const pFunctions = (PDWORD)(charAddress + pExportDir->AddressOfFunctions);
PWORD const pOrdinals = (PWORD)(charAddress + pExportDir->AddressOfNameOrdinals);
DWORD const numberOfFunctions = pExportDir->NumberOfFunctions;
DWORD const numberOfNames = pExportDir->NumberOfNames;
for( DWORD i = 0; i < numberOfFunctions; ++i)
{
FARPROC const fp = (FARPROC)(charAddress + pFunctions[i]);
if( fp == pFunction)
{
return (WORD)(i + base);
}
}
return 0;
}
I hope this helps.
|
|
|
|
|
Thanks Viorel, I'll use that! How do you know so much?
|
|
|
|
|
First of all, excuse my poor English.
I have a program that fails initializing with error 0xC0000005 only if the default printer is a LaserJet Color 2605. If I select a DeskJet as default printer, there is no problem.
The program was made with VC++ 6.0 and was checked with many printers and/or platforms. Problems appeared when I bought my new LaserJet.
Thans,
Enrique Manzano
|
|
|
|
|
You have this error with this type or all
whitesky
|
|
|
|
|
Program runs without problem with plotters, Epson printers, HP LaserJet of many other models, etc. Problems began with HP LaserJet Color 2605DN
Have you any idea?
Thanks
Enrique
|
|
|
|
|
Could you be debug with debugger and one question when you want read printer you get error
whitesky
|
|
|
|
|
With VC++ 6.0, call stack is as follows :
NTDLL! 7c974ed1()
NTDLL! 7c94f8fb()
NTDLL! 7c91eac7()
As you can see, my program hasn't be loaded.
Output window of debugger is:
Loaded 'ntdll.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\kernel32.dll', no matching symbolic information found.
Loaded symbols for 'D:\fuente32\indalwin 5.0\Proyeccion\Debug\PdfDllD.dll'
Loaded symbols for 'C:\WINDOWS\system32\MFC42UD.DLL'
Loaded symbols for 'C:\WINDOWS\system32\MSVCRTD.DLL'
Loaded 'C:\WINDOWS\system32\gdi32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\user32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\opengl32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\msvcrt.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\advapi32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\rpcrt4.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\glu32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\ddraw.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\dciman32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\version.dll', no matching symbolic information found.
Loaded 'D:\fuente32\indalwin 5.0\Proyeccion\Debug\Vecad52.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\comdlg32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\shlwapi.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\comctl32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\shell32.dll', no matching symbolic information found.
Loaded 'D:\fuente32\indalwin 5.0\Proyeccion\Debug\bmw.dll', no matching symbolic information found.
Loaded 'D:\fuente32\indalwin 5.0\Proyeccion\Debug\arrgrid.dll', no matching symbolic information found.
Loaded symbols for 'C:\WINDOWS\system32\MFCO42UD.DLL'
Loaded 'C:\WINDOWS\system32\ole32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\oleaut32.dll', no matching symbolic information found.
Loaded symbols for 'C:\WINDOWS\system32\MSVCIRTD.DLL'
Loaded 'C:\WINDOWS\system32\mfc42loc.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll', no matching symbolic information found.
Loaded 'C:\Archivos de programa\Logitech\MouseWare\system\LgWndHk.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\msctf.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\winspool.drv', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\spool\drivers\w32x86\3\unidrvui.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui053.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\compstui.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\msimg32.dll', no matching symbolic information found.
Loaded 'C:\WINDOWS\system32\setupapi.dll', no matching symbolic information found.
First-chance exception in Proyeccionv5.exe (NTDLL.DLL): 0xC0000005: Access Violation.
First-chance exception in Proyeccionv5.exe (NTDLL.DLL): 0xC0000005: Access Violation.
If I choose other printer as default, there is no library "hpzui053.dll" and everything is alright.
Thanks,
Enrique
|
|
|
|
|
Are you sure that you install correct driver printer,i use like you two printer(HP 1220C) and
one virtual printer but it work without problem
whitesky
|
|
|
|
|
I have found the problem:
I use to work in 6 programs. Three have no problems and three went wrong when I bought new printer.
The three with problems also use a library from Kolbasoft (Vecad52.dll). This library was statically linked. I have modified the program to dynamically link this library and EVERYTHING IS ALRIGHT!!!!
Any way, thank you very much for your help.
Enrique
|
|
|
|
|
a file save as .rtf contain text and bitmap from Rich edit by streamout
now same file i try to read it and load in the rich edit by streamin
it display only text not bitmap
why?...........?
chetan
|
|
|
|
|
|
hello all,
I need to create edit controls in the formview window that would accept numeric digits like 1.3 5.7 etc., .
but when I try building/executing the program, I cannot type in values like 1.3 etc., it gets rounded to 1 ; and 5.7 gets rounded to 6.
I use VC++6.0 . and i have created edit memeber variables using classwizard of type double and in SetWindow, I pass as double.
Should I be using/including some other relevant class to be able to do this? Cant I do otherwise.
Any help appreciated.
Thanks.
|
|
|
|
|
How do you know that they are rounded? Did you trace through to the variables storing them?
|
|
|
|
|
After sucessful building of the program,
in the formview window that pops up, I tried entering 1.3 in the edit control box. but it immediately rounds to 1 by itself.
sorry if this doesnt answer your question...this is my first project in MFC.
|
|
|
|
|
I created a formview project but i did not encounter this problem. The only thing i notice is that if you set the Number property to true, it will not allow you to enter decimal point. Did you change any property values for the edit control?
|
|
|
|
|
nope. I dont have the number property enabled.
I can type in a decimal point followed by numbers. but once i finish typing, the values get rounded.
I have set the maximum and minimum to be 10 and -10 respectively.
Does the value you enter remain the same as 2.4 as such when you start entering values in the other edit boxes.?
|
|
|
|
|
thathvamsi wrote: Does the value you enter remain the same as 2.4 as such when you start entering values in the other edit boxes.?
Yes, try removing the minimum and maximum limit that you have set to see if it works.
|
|
|
|
|
hello,
since i wanted to limit the range between +10 and -10 ..i had the following code inside the member function for that edit box.
void CSample2View::OnKillfocusEditMirrOS() <br />
{<br />
if (m_dMirrOS <= -10)<br />
m_dMirrOS = -10;<br />
else if (m_dMirrOS >= 10)<br />
m_dMirrOS = 10;<br />
else<br />
m_dMirrOS = m_dMirrOS;<br />
<br />
CString strMirrOS;<br />
strMirrOS.Format(STR_FMT_FLT_D,m_dMirrOS);<br />
m_editMirrOS.SetWindowText(strMirrOS);<br />
<br />
}
where, STR_FMT_FLT_D is defined as _T("%d")
when i comment out the above code inside the killfocus...(),
I can enter values with decimal points. But I want to have a upper and lower limit for my control box so that weird values doesnt get entered for that particular control.
how do i do it?
-- modified at 5:44 Tuesday 4th July, 2006
|
|
|
|
|
Your problem is at
strMirrOS.Format(STR_FMT_FLT_D,m_dMirrOS);
Since STR_FMT_FLT is defined as _T("%d"), any decimal values you try format will be rounded. Change to _T("%f"). If you want to limit to 2 decimal places, you can write as _T("%.2f").
|
|
|
|
|
Hey Weiye chen,
Thanks very much.
It solved my problem.
Thanks for helping buddy.
|
|
|
|
|
hi
I would like to retrieve information concerning the CPU temperature,Fan speed
from the motherboard, and also i want to increase the the fan speed. Where do I start?
Can any one help me?
nirmal
|
|
|
|
|
|
hi ,
i want to know how to get the ip address of a machine in the network programatically,
if i give the hostname.
thanks
-
^-^
@|@
- redCat
|
|
|
|