Potential issue of accessing random memory address

As there are 2 ways to import functions, either by ordinal or by name, we should ensure that the function is imported by name before comparing the name, since treating the Hint as RVA could potentially leads to some random memory address when trying to compare the name.

I changed this line:
https://github.com/pampersrocker/DInput8HookingExample/blob/b9b7e790fe0deb96c2c7884dcf5b3aac5a88c879/MinimalDInput8Hook/Hook.cpp#L44-L45

With this line, using an existing macro to check the MSB:
```c++
// The import name table is a null terminated array, so iterate until we either found it or reach the null termination
// Note: If the MSB is set the function is imported by using Ordinal/Hint instead of Name (the Hint value is the lowest WORD), otherwise it's an RVA to a IMAGE_IMPORT_BY_NAME structure
while ((ImportNameTable->u1.AddressOfData != 0) && (!IMAGE_SNAP_BY_ORDINAL(ImportNameTable->u1.Ordinal)))
```

PS: `u1.AddressOfData` and `u1.Ordinal` is the same thing as they're a union, but i'm using Ordinal just because the argument name on the macro is also called Ordinal.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Potential issue of accessing random memory address #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

	// The import name table is a null terminated array, so iterate until we either found it or reach the null termination
	while (ImportNameTable->u1.AddressOfData != 0)

Potential issue of accessing random memory address #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions