Assembly language > Assembly discussions

Binary search

(1/1)

Vortex:
Here is a simultation of GetProcAddress using binary search method to find the address of an exported function.


--- Code: ---include     GetProcAddr.inc

_BinSearch  PROTO :DWORD,:DWORD,:DWORD,:DWORD

.code

GetProcAddr PROC USES esi hModule:DWORD,func:DWORD

LOCAL AddrOfFuncs:DWORD

    mov     esi,hModule
    mov     edx,esi
    add     edx,IMAGE_DOS_HEADER.e_lfanew[edx]
    mov     edx,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[edx]
    add     edx,esi

    mov     eax,IMAGE_EXPORT_DIRECTORY.AddressOfNames[edx]
    add     eax,esi
    mov     ecx,IMAGE_EXPORT_DIRECTORY.AddressOfFunctions[edx]
    add     ecx,esi

    mov     AddrOfFuncs,ecx

    invoke  _BinSearch,eax,\                                ; Address of the string array
            IMAGE_EXPORT_DIRECTORY.NumberOfNames[edx],\     ; Number of symbols
            func,\                                          ; Item to search for
            esi                                             ; hModule
           
    cmp     eax,-1
    je      finish

    mov     ecx,AddrOfFuncs
    lea     edx,[ecx+4*eax]
    mov     eax,DWORD PTR [edx]
    add     eax,esi

finish:

    ret

GetProcAddr ENDP

END

--- End code ---

Vortex:
Here is the 64-bit version.

Vortex:
Replaced some local variables with volatile registers in the 64-bit version.

HellOfMice:
Very short!
Thank You Vortex

Navigation

[0] Message Index