出于培训目的,我自己实现了WINAPI函数GetModuleHandle
它是这样的:
PVOID SelfGetModuleHandle(PCWSTR name) {
PEB* pPeb = RtlGetCurrentPeb();//getting Process Environement Bloc
PPEB_LDR_DATA pLdr = pPeb->Ldr; //https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb
LIST_ENTRY Lentry = pLdr->InMemoryOrderModuleList;//https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb_ldr_data
LIST_ENTRY FirstLentry = Lentry;
do
{
LDR_DATA_TABLE_ENTRY LDataTableEntry = *(LDR_DATA_TABLE_ENTRY*)Lentry.Flink;
if (StrCmpW(LDataTableEntry.FullDllName.Buffer, name) == 0) {
printf("Base foud: %p\n", LDataTableEntry.DllBase);
return (LDataTableEntry.DllBase);
}
Lentry = *Lentry.Flink;
} while (memcmp(&Lentry, &FirstLentry, sizeof(LIST_ENTRY)));
return NULL;
}
我认为我的函数非常酷并且工作正常,但是示例代码得到了一个段错误
typedef
double
(__stdcall* POW)( //pow from NTDLL (offset 0x151498)
double a,
double b
);
int main(){
HMODULE dllBase = (HMODULE)SelfGetModuleHandle(L"ntdll.dll");//00000000001F8000 instead of 00007FFD36FD0000
POW pow = (POW)GetProcAddress(dllBase, "pow");
printf("%f", pow(2.0,3.0));
}
我在寻找我做错了什么却找不到.
也许我没有得到正确的dllbase,在错误的表中,或者也许PVOID需要更大的转换才能成为HMODULE,但我不认为这就是那个.
谢谢.