char *__stdcall subFindApiAddr(PVOID ImageBase, int a2, int a3, int a4)  // a2为函数名unicode字符串首地址
{
  PVOID v4; // eax@1
  char *v5; // edx@2
  int v6; // edi@2
  char *v7; // ecx@2
  int v8; // edi@2
  int v9; // edx@5
  int v10; // ecx@5
  unsigned int v11; // ecx@11
  char *result; // eax@12
  PVOID v13; // edi@13
  char *v14; // esi@13
  int v15; // edx@14
  char *v18; // [sp+Ch] [bp-14h]@2
  const char *v19; // [sp+10h] [bp-10h]@3
  char *v20; // [sp+14h] [bp-Ch]@2
  ULONG Size; // [sp+18h] [bp-8h]@1
  int v22; // [sp+1Ch] [bp-4h]@2

  v4 = RtlImageDirectoryEntryToData(ImageBase, 1u, 0, &Size);// 得到导出表的地址
                                                //    ExportDir = (PIMAGE_EXPORT_DIRECTORY)
                                                //                 RtlImageDirectoryEntryToData (BaseAddress,
                                                //                                               TRUE,
                                                //                                               IMAGE_DIRECTORY_ENTRY_EXPORT,
                                                //                                               &i);
  if ( !v4
    || (v5 = (char *)ImageBase + *((_DWORD *)v4 + 8),
        v7 = (char *)ImageBase + *((_DWORD *)v4 + 9),
        v8 = *((_DWORD *)v4 + 6),
        v22 = 0,
        v6 = v8 - 1,
        v20 = v5,
        v18 = v7,
        v6 < 0) )
    goto LABEL_18;
  v19 = *(const char **)(a2 + 4);
  while ( 1 )                                   //    AddressPtr = (PULONG)((ULONG_PTR)BaseAddress + (ULONG)ExportDir->AddressOfFunctions);
                                                //    if (Name && Name->Length)
                                                //      {
                                                //         /* by name */
                                                //         OrdinalPtr = (PUSHORT)((ULONG_PTR)BaseAddress + (ULONG)ExportDir->AddressOfNameOrdinals);
                                                //         NamePtr = (PULONG)((ULONG_PTR)BaseAddress + (ULONG)ExportDir->AddressOfNames);
                                                //         for( i = 0; i < ExportDir->NumberOfNames; i++, NamePtr++, OrdinalPtr++)
                                                //           {
                                                //              if (!strcmp(Name->Buffer, (char*)((ULONG_PTR)BaseAddress + *NamePtr)))
                                                //                {
                                                //                   *ProcedureAddress = (PVOID)((ULONG_PTR)BaseAddress + (ULONG)AddressPtr[*OrdinalPtr]);
                                                //                   return STATUS_SUCCESS;
                                                //                }
                                                //           }
                                                //         DPRINT1("LdrGetProcedureAddress: Can't resolve symbol '%Z'\n", Name);
                                                //      }
  {
    v10 = (v6 + v22) >> 1;
    v9 = strcmp(v19, (const char *)ImageBase + *(_DWORD *)&v5[4 * v10]);
    if ( v9 >= 0 )
    {
      if ( v9 <= 0 )
        break;
      v22 = v10 + 1;
    }
    else
    {
      v6 = v10 - 1;
    }
    if ( v6 < v22 )
      break;
    v5 = v20;
  }
  if ( v6 >= v22 && (v11 = *(_WORD *)&v18[2 * v10], v11 < *((_DWORD *)v4 + 5)) )
  {
    v13 = ImageBase + 4 * v11 + *((_DWORD *)v4 + 7);// *ProcedureAddress = (PVOID)((ULONG_PTR)BaseAddress + (ULONG)AddressPtr[*OrdinalPtr]);
    v14 = (char *)ImageBase + *(_DWORD *)v13;
    if ( a3 )
    {
      CloseMemWriteProct();
      InterlockedExchange((volatile LONG *)v13, v15 - (_DWORD)ImageBase);
      _EAX = dwOldCr0;
      __asm { mov     cr0, eax }
    }
    *(_DWORD *)a4 = v13;
    result = v14;
  }
  else
  {
LABEL_18:
    result = 0;
  }
  return result;
}