Hi guys, I'm trying to figure out how I can call a function without exporting it.
So, I have an exe file with "add" defined in it. This exe is a win32 console application and loads the DLL. The DLL also aims to use the add function from the exe file (without export)
Here is my main win32 console application file:
#include <windows.h>
#include <stdio.h>
#pragma auto_inline ( off )
int add ( int a, int b )
{
printf( "Adding some ints\n" );
return a + b;
}
int main ( )
{
HMODULE module = NULL;
if ( (module = LoadLibrary( L"hook.dll" )) == NULL )
{
printf( "Could not load library: %ld\n", GetLastError() );
return 0;
}
add( 3, 5 );
FreeLibrary( module );
return 0;
}
Here is the code for hook.dll:
#include <windows.h>
#include <stdio.h>
#include <detours.h>
static int (*add) ( int a, int b ) = ( int (*)( int a, int b ) ) 0x401000;
int Detoured_add ( int a, int b )
{
return add( a, b );
}
BOOL WINAPI DllMain ( HINSTANCE hDll, DWORD reason, LPVOID reserved )
{
if ( reason == DLL_PROCESS_ATTACH )
{
DetourTransactionBegin();
DetourAttach( (PVOID*) &add, Detoured_add );
DetourTransactionCommit();
}
else if ( reason == DLL_PROCESS_DETACH )
{
DetourTransactionBegin();
DetourDetach( (PVOID*) &add, Detoured_add );
DetourTransactionCommit();
}
return TRUE;
}
I took apart the win32 console application to find the add function address
.text:00401000 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:00401000
.text:00401000
.text:00401000 sub_401000 proc near ; CODE XREF: sub_401020:loc_40104Bp
.text:00401000 push offset aAddingSomeInts ; "Adding some ints\n"
.text:00401005 call ds:printf
.text:0040100B add esp, 4
.text:0040100E mov eax, 8
.text:00401013 retn
.text:00401013 sub_401000 endp
The problem is when I call LoadLibrary, it returns 998, which I believe is a violation of access to error codes. I assume this makes sense, although this area of memory is probably protected.
Any tips?
( , , , Ida Pro, Microsoft.)