When I try to go to Jeremy's site, I get this.
If you are the account holder, please contact the billing or support department as soon as possible.
I think this came from his site, I don't understand exactly what this code is doing ?
Thanks.
include \masm32\include\masm32rt.inc
.CONST
.data
WaterMark db "SiegeWorks 2013 ð__ð" ; Alt 240 char
%Date db " &@Date " ; Compile date
%time db " &@Time"
KERNEL_NAME DB 'KERNEL32.DLL',0
NAME_STRINGS DB 'CopyFileA',0
DB 'DeleteFileA',0
DB 'lstrlen',0
DB 'lstrcat',0
DB 'GetSystemDirectoryA',0
DB 'GetWindowsDirectoryA',0
DB 'GetTickCount',0
DB 0FFh
;****** and where the addresses will be put
CALLS DD 7 DUP (0)
.data?
.code
start:
DLL_TEST9: ;calling function by name-load
PUSH OFFSET KERNEL_NAME
CALL GetModuleHandleA ;get handle of Kernel32.dll
MOV EBX,EAX ;keep in ebx
MOV EDI,OFFSET CALLS ;get place to put API addresses
MOV ESI,OFFSET NAME_STRINGS ;get list of API names
L1:
PUSH ESI
PUSH EBX
CALL GetProcAddress
OR EAX,EAX ;see if successful
JZ L4 ;no
STOSD ;insert API address into CALLS
L2:
LODSB ;get to end of this API name
OR AL,AL ;see if end of string yet
JNZ L2 ;no
LODSB
CMP AL,0FFh ;see if finished function list
JZ L3 ;yes
DEC ESI
JMP L1
L3:
CALL [CALLS+18h] ;ie. GetTickCount
CALL GetTickCount ;proof correct thing was called
L4:
RET
invoke ExitProcess,0
end start