Find Function DLL (porting)

Iseng-iseng porting findFunctionInDll.sh dan arwin.exe dari www.projectshellcode.com, sekalian cobain ctypes nya python.

from ctypes import windll
from os import listdir
from sys import argv

class Arwin(object):
		"""
					simple porting of arwin.exe + findFunctionInDLL.sh
					from www.projectshellcode.com
		"""

		def resolve_function(self, dll, function):
				kernel32 = windll.kernel32
				handle = kernel32.GetModuleHandleA(dll)
				address = kernel32.GetProcAddress(handle, function)
				kernel32.CloseHandle(handle)

				return address

		def find_function(self, funcName):
				dlls = listdir('c:\\windows\\system32\\\')
				address = 0
				for dll in dlls:
						address = self.resolve_function(dll, funcName)
						if address:
								break

				if address:
						print "%s is located at %s in %s" % (funcName, hex(address), dll)
				else:
						print "%s is not found. Mispell maybe?" % (funcName)

				return

if __name__ == '__main__':

		export_func = Arwin()
		export_func.find_function(argv[1])

Testing,

c:\>python projectshellcode.py Sleep
Sleep is located at 0x7c802446 in kernel32.dll
Advertisements

2 thoughts on “Find Function DLL (porting)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s