如何在windows中加载Native API?
[英]How to load Native API in windows?
问题描述
I wanted to find the address of some of API like NtUserMessageCall by using GetProcAddress.
我想通过使用 GetProcAddress 找到一些 API 的地址,比如 NtUserMessageCall。 But this error appears: "The specified procedure could not be found."但是出现这个错误:“找不到指定的程序。”
HMODULE hUser32 = LoadLibrary(TEXT("User32.dll"));//handle user32
LPCSTR APIName = "NtUserMessageCall";
FARPROC function_address = GetProcAddress(hNtdll, APIName);//retrun Null
int temp = GetLastError();//Error 127
hUser32 = GetModuleHandle(TEXT("User32.dll"));//retrun Null
temp = GetLastError();//Error 127
2 个解决方案
解决方案1
0 2014-05-10 13:17:28
user32.dll does not export NtUserMessageCall for public use (it is internal only), so you cannot get its address by name using GetProcAddress . user32.dll不会导出NtUserMessageCall供公众使用(它仅供内部使用),因此您无法使用GetProcAddress按名称获取其地址。 You'll have to find another technique, like downloading and parsing the symbol file ( .PDB ) for the version of the DLL you're working with.您必须找到另一种技术,例如下载和解析您正在使用的 DLL 版本的符号文件 ( .PDB )。
解决方案2
0 2022-04-05 16:22:40
Should be set up like:应该这样设置:
typedef unsigned __int64 QWORD;
typedef NTSTATUS(NTAPI* _NtUserMessageCall)(
HWND, UINT, WPARAM, LPARAM, DWORD, DWORD, QWORD);
char sNtUserMessageCall[] = { 'N', 't', 'U', 's', 'e', 'r', 'M', 'e', 's', 's', 'a', 'g', 'e', 'C', 'a', 'l', 'l', 0x0 };
static auto NtUserMessageCall = (_NtUserMessageCall)GetProcAddress(GetModuleHandleW("Ntdll.dll"), sNtUserMessageCall);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.