delphi package - easy access to kernel objects etc.
HammerHead
Posts: 10 Joined: Wed May 05, 2004 10:43 pm
Post
by HammerHead » Wed May 19, 2004 2:25 pm
Hi,
Found a bug in exportlist :
It resolves wrong ExportName :
Code: Select all
procedure TForm1.Button2Click(Sender: TObject);
var s1, s2 : string;
p : pointer;
begin
p := GetProcAddress(GetModuleHandle('kernel32.dll'), 'LockResource');
s1 := Process('explorer.exe').Exportlist.FindItem(p).Name;
s2 := Process('explorer.exe').Exportlist.FindItem(p).ExportModule.FileName;
s2 := ExtractFileName(S2);
Label1.Caption:=s1;
end;
It should say as result : LockResource but instead u get SetHandleCount
weird..
gtz HammerHead
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Thu May 20, 2004 10:03 am
In which OS did you test that?
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Sat May 22, 2004 7:39 am
Hmmmm... It works in my XP. Unfortunately right now I don't have a running w2k here. Could you please give me some more information?
(1) What does "GetProcAddress(GetModuleHandle(kernel32), 'LockResource')" return?
(2) What does "GetProcAddress(GetModuleHandle(kernel32), 'SetHandleCount')" return?
(3) What does "Process('explorer.exe').Exportlist.FindItem(p).Address" return?
Thanks!
HammerHead
Posts: 10 Joined: Wed May 05, 2004 10:43 pm
Post
by HammerHead » Sat May 22, 2004 11:05 am
p:= GetProcAddress(GetModuleHandle(kernel32), 'LockResource');---->$7C573ED1
p:=Process('explorer.exe').Exportlist.FindItem(p).Address;---->$7C573ED1
p:= GetProcAddress(GetModuleHandle(kernel32), 'SetHandleCount');---->$7C573ED1
p:=Process('explorer.exe').Exportlist.FindItem(p).Address;---->$7C573ED1
----------------------
Seems they return all the same values (bug in GetProcAddress??)
grtz HammerHead
madshi
Site Admin
Posts: 10764 Joined: Sun Mar 21, 2004 5:25 pm
Post
by madshi » Sat May 22, 2004 12:19 pm
I think kernel32 really exports those 2 APIs with the same address. Don't ask me why, I've no idea. They are different in XP. Anyway, it doesn't seem to be a bug in madKernel...