Hey there,
can anyone tell me why the heck this won't work (because of GetProcAddress returning 0h) ?


invoke LoadLibrary, CTEXT("ntdll.dll")
cmp eax, 0h
je Unload
mov hntdll, eax
invoke GetProcAddress, hntdll, CTEXT("NTDeviceIoControlFile")
cmp eax, 0h
je Unload
mov pNTDeviceIoControlFile, eax
...
Unload:
ret



As I know the API exists I wrote my own GetProcAddress function and it works perfect:

FindLibExport proc uses ebx esi edi hmodule:DWORD, papi:DWORD
mov esi, hmodule

lodsw ;check MZ signature
cmp ax, 'ZM'
jne @Error

add esi, 3Ah ;get the pe header offset
lodsd
sub esi, 40h
add esi, eax

lodsd ;check PE header signature
cmp eax, 'EP'
jne @Error

add esi, 116d ;reach export data directory entry
lodsd
cmp eax, 0h
je @Error
mov edi, hmodule        ;edi holds the export data directory
add edi, eax
assume edi:ptr IMAGE_EXPORT_DIRECTORY
mov ebx, .NumberOfNames
mov esi, .AddressOfNames
add esi, hmodule

cmp ebx, 0h      ;walk through names to find the specific API
@@:
jz @Error
lodsd
add eax, hmodule
invoke lstrcmpi, eax, papi
.IF eax == 0h
    sub esi, 4d
    sub esi, .AddressOfNames
    sub esi, hmodule
    shr esi, 1d
    add esi, .AddressOfNameOrdinals
    add esi, hmodule
    xor eax, eax
    lodsw
    add eax, .nBase
    dec eax
    xchg esi, eax
    shl esi, 1d
    add esi, .AddressOfFunctions
    add esi, hmodule
    lodsd
    ret
.ENDIF
dec ebx
jmp @b
@Error:
return 0h
FindLibExport endp


Is it because my application needs to be a service or something like that? Please help,
Dom
Posted on 2005-10-28 13:08:27 by Dom
try CTEXT("NtDeviceIoControlFile")
(lowercase 't')
Posted on 2005-10-28 13:50:09 by arafel
oh my bad ... thx arafel
Posted on 2005-10-28 13:52:31 by Dom