Binary search

[Vortex]

Here is a simultation of GetProcAddress using binary search method to find the address of an exported function.

Code Select Expand

include     GetProcAddr.inc

_BinSearch  PROTO :DWORD,:DWORD,:DWORD,:DWORD

.code

GetProcAddr PROC USES esi hModule:DWORD,func:DWORD

LOCAL AddrOfFuncs:DWORD

    mov     esi,hModule
    mov     edx,esi
    add     edx,IMAGE_DOS_HEADER.e_lfanew[edx]
    mov     edx,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[edx]
    add     edx,esi

    mov     eax,IMAGE_EXPORT_DIRECTORY.AddressOfNames[edx]
    add     eax,esi
    mov     ecx,IMAGE_EXPORT_DIRECTORY.AddressOfFunctions[edx]
    add     ecx,esi

    mov     AddrOfFuncs,ecx

    invoke  _BinSearch,eax,\                                ; Address of the string array
            IMAGE_EXPORT_DIRECTORY.NumberOfNames[edx],\     ; Number of symbols
            func,\                                          ; Item to search for
            esi                                             ; hModule
           
    cmp     eax,-1
    je      finish

    mov     ecx,AddrOfFuncs
    lea     edx,[ecx+4*eax]
    mov     eax,DWORD PTR [edx]
    add     eax,esi

finish:

    ret

GetProcAddr ENDP

END


[Vortex]

Here is the 64-bit version.

[Vortex]

Replaced some local variables with volatile registers in the 64-bit version.

[HellOfMice]

Very short!
Thank You Vortex