C++

Forum

 
GetComputerName Not Returning

cyneox (1)
Hey guys, I am using GetProcAddress to simulate the Virtual Location of a function inside the dll "getcomputername()" of kernerl32.dll because apparently this function normally gets detected by AV as a trojan.heuristic? Anyways! Here's the call

((BOOL(WINAPI*)(LPSTR,LPDWORD))szProcAddress)(szTmp, &dwsize);

And when my program gets to this point after execution it crashes. This is the "details" section of the crash report: http://postimg.org/image/dvswsf39r/

The variables are defined like so:

char* szTmp = "";
DWORD dwSize = MAX_COMPUTERNAME_LENGTH+1;

I have no idea why this error is caused since it didn't occur when I ran this same program last night. Now I log on, I didn't change anything since, and it's occurring during execution. Any ideas guys? Thanks!
Last edited on
liuyang (217)
You didn't allocate space for your szTmp. That's one of the reason.
And I don't know if you have validated the szProcAddress before calling it. Maybe you were trying to get the proc address of GetComputerName instead of GetComputerNameA?
modoran (2077)
It works for me:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
#include <windows.h>
#include <tchar.h>
#include <stdio.h>

typedef BOOL (WINAPI *MYPROC)(LPTSTR, LPDWORD);


int main()
{
    HINSTANCE hinstLib;
    MYPROC GetComputerNameProc;
    char buffer [MAX_COMPUTERNAME_LENGTH + 1] = {0};
    DWORD dwBuffer = sizeof (buffer) / sizeof (buffer[0]);
    // Get a handle to the DLL module.

    hinstLib = LoadLibrary(TEXT("kernel32.dll"));

    // If the handle is valid, try to get the function address.
    if (hinstLib != NULL)
    {
        GetComputerNameProc = (MYPROC) GetProcAddress(hinstLib, "GetComputerNameA");

        // If the function address is valid, call the function.

        if (NULL != GetComputerNameProc)
        {
            (GetComputerNameProc) (buffer, &dwBuffer);

            printf ("Computer name is '%s'\n", buffer);
        }
        else
        {
            printf ("GetProcAddress failed, error code %ld\n", GetLastError());
        }
        // Free the DLL module.

        FreeLibrary(hinstLib);
    }


    return 0;
}
Computergeek01 (5613)
@ OP: Notice the inclusion of the 'A' at the end of the function name in modoran's call to "GetProcAddress()", this is critical. Most applications will only have either the unicode or the ASCII version of a function present and if you don't know which one to call you can dump the imported function names with the 'strings' utility from SysInternals: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Last edited on
Topic archived. No new replies allowed.