Skip to content

Bugs in PLH::IATHook::FindIATFunc #2

Open
Open
Bugs in PLH::IATHook::FindIATFunc#2
@ddbb2017

Description

@ddbb2017
ddbb2017
opened on Dec 30, 2017

I came across your PLH::IATHook::FindIATFunc() and noticed that it had several bugs. Here's the correction:

bool FindIATFunc(char* ModuleName, char* FuncName, PIMAGE_THUNK_DATA* pFuncThunkOut)
{
	HINSTANCE hInst = GetModuleHandle(NULL);
	ULONG Sz;
	PIMAGE_IMPORT_DESCRIPTOR pImports = (PIMAGE_IMPORT_DESCRIPTOR)
		ImageDirectoryEntryToDataEx(hInst, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &Sz, nullptr);

	for (int i = 0; pImports[i].Characteristics != 0; i++)
	{
		char* strModuleName = (char*)ResolveRVA(hInst, pImports[i].Name);
		if (_stricmp(ModuleName, strModuleName) != 0)
			continue;

		PIMAGE_THUNK_DATA pOriginalThunk = (PIMAGE_THUNK_DATA)
			ResolveRVA(hInst, pImports[i].OriginalFirstThunk);
		PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)
			ResolveRVA(hInst, pImports[i].FirstThunk);
		for (; pOriginalThunk->u1.Function != NULL; pOriginalThunk++, pThunk++)
		{
			if (pOriginalThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG)
				continue;

			PIMAGE_IMPORT_BY_NAME pImport = (PIMAGE_IMPORT_BY_NAME)
				ResolveRVA(hInst, pOriginalThunk->u1.AddressOfData);

			if (_stricmp(FuncName, pImport->Name) != 0)
				continue;

			*pFuncThunkOut = pThunk;
			return true;
		}
	}

	return false;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions