def LdrGetProcedureAddress(self, emu, argv, ctx={}):
'''
NTSTATUS LdrGetProcedureAddress(
HMODULE ModuleHandle,
PANSI_STRING FunctionName,
WORD Oridinal,
OUT PVOID *FunctionAddress
);
'''
hmod, proc_name, ordinal, func_addr = argv
rv = ddk.STATUS_PROCEDURE_NOT_FOUND
if proc_name:
fn = ntos.STRING(emu.get_ptr_size())
fn = self.mem_cast(fn, proc_name)
proc = self.read_mem_string(fn.Buffer, 1)
argv[1] = proc
elif ordinal:
proc = 'ordinal_%d' % (proc_name)
mods = emu.get_user_modules()
for mod in mods:
if mod.get_base() == hmod:
bn = mod.get_base_name()
mname, _ = os.path.splitext(bn)
addr = emu.get_proc(mname, proc)
rv = ddk.STATUS_SUCCESS
self.mem_write(func_addr,
addr.to_bytes(self.get_ptr_size(), 'little'))
return rv
def read_ansi_string(self, addr):
ans = ntos.STRING(self.emu.get_ptr_size())
ans = self.mem_cast(ans, addr)
string = self.emu.read_mem_string(ans.Buffer, width=1)
return string