之前做了在32位平台下的hook,替换dll中的函数为自己的函数,现在因为要对
64位的软件做hook,所以现在需要将 “使用汇编替换函数地址代码 ”改为 64位平台下的代码,请大神指点指点
x64 平台下怎么使用汇编修改函数地址 替换为自己的函数地址
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
2条回答 默认 最新
- hellolittlepan 2017-08-17 09:49关注
if( IsBadReadPtr( TargetAddr, sizeof( KJmpToStub ) ) ){//Code not readable
ErrCode = ERR_PAGE_ACCESS;
return FALSE;
}if( IsShortFunc( TargetAddr ) ){ ErrCode = ERR_SMALL_FUNC; return FALSE; } DWORD dwOldProt = 0; if( ! ::VirtualProtectEx( (HANDLE)(-1), (LPVOID)TargetAddr, 32, PAGE_EXECUTE_READWRITE, &dwOldProt ) ) { g_pLog->Write(L"\n\n VirtualProtectEx 失败\n\n"); ErrCode = ERR_VIRT_PROT; return FALSE; } this->TargetAddr = TargetAddr; this->PrologueHandler = PrologueHandler; this->FuncId = FuncId_; this->MainHandler = MainHandler; code_len = 0; DWORD ReassembledCodeLen = 0; BYTE* pDst = (BYTE*)pDstStub->ReassembledInstr;// BYTE *pcode = (BYTE*)TargetAddr; // while( code_len < 5 ){ hde64s hdestr = {0}; DWORD instr_len = hde_disasm(pcode, &hdestr); //reassemble instruction and copy DWORD NewInstrLen = ReAssembleInstr( (BYTE*)TargetAddr, pcode, pDst, instr_len ); code_len += instr_len; ReassembledCodeLen += NewInstrLen; pcode += instr_len; pDst += NewInstrLen; } //Save original bytes for restore hook memcpy( orig_bytes, TargetAddr, code_len); //Prepare stub code //push id 0x68 xx xx xx xx //jmp Stub 0xE9 yy yy yy yy pDstStub->PushIdOpcode = 0x68; //PUSH opcode pDstStub->FuncId = FuncId; pDstStub->JmpOpcode = 0xE9; //JMP opcode pDstStub->JmpOperand = (DWORD)( (BYTE*)PrologueHandler - ( (BYTE*)&pDstStub->JmpOpcode + 5 ) ); Unhooked = pDstStub->ReassembledInstr; //Add JMP to continue code in Reassembled instructions end BYTE *dst = pDstStub->ReassembledInstr + ReassembledCodeLen; *(BYTE*)dst = 0xE9;//JMP opcode *(DWORD*)(dst+1) = (DWORD) ( (DWORD)((BYTE*)TargetAddr + code_len) - ( (DWORD)dst + 5 ) ); //!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! //Set hook //Write jmp stub to function start address
JmpTo.Opcode = 0xE9;
if( FuncId == 0xFFFFFFFF ){//jump to PrologueAddr
JmpTo.Operand=(DWORD)((BYTE*)MainHandler - ( (BYTE*)TargetAddr + 5) );
}
else{// jump to push id
JmpTo.Operand=(DWORD)( &pDstStub->PushIdOpcode - ( (BYTE*)TargetAddr + 5 ) );
}//Patch function memcpy( TargetAddr, &JmpTo, sizeof( JmpTo ) ); ErrCode = ERR_NO_ERR;
解决 无用评论 打赏 举报
悬赏问题
- ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
- ¥15 求daily translation(DT)偏差订正方法的代码
- ¥15 js调用html页面需要隐藏某个按钮
- ¥15 ads仿真结果在圆图上是怎么读数的
- ¥20 Cotex M3的调试和程序执行方式是什么样的?
- ¥20 java项目连接sqlserver时报ssl相关错误
- ¥15 一道python难题3
- ¥15 牛顿斯科特系数表表示
- ¥15 arduino 步进电机
- ¥20 程序进入HardFault_Handler