下面是问题的关键代码
IMAGE_DOS_HEADER* pCurrentModelDosHeader =(IMAGE_DOS_HEADER*) ::GetModuleHandle(NULL);
IMAGE_NT_HEADERS32* pCurrentModelNtHeader = (IMAGE_NT_HEADERS32*)(pCurrentModelDosHeader->e_lfanew + pCurrentModelDosHeader);//出错
IMAGE_NT_HEADERS32* pCurrentModelNtHeader2 = (IMAGE_NT_HEADERS32*)(pCurrentModelDosHeader->e_lfanew + (DWORD)pCurrentModelDosHeader);//正确
WORD MagicNumber= pCurrentModelNtHeader2->OptionalHeader.Magic;
///////////////////////////////////////
反汇编代码对比
IMAGE_NT_HEADERS32* pCurrentModelNtHeader = (IMAGE_NT_HEADERS32*)(pCurrentModelDosHeader->e_lfanew + pCurrentModelDosHeader);//出错
012B7544 mov eax,dword ptr [pCurrentModelDosHeader]
012B7547 mov ecx,dword ptr [eax+3Ch]
012B754A shl ecx,6
012B754D add ecx,dword ptr [pCurrentModelDosHeader]
012B7550 mov dword ptr [pCurrentModelNtHeader],ecx
IMAGE_NT_HEADERS32* pCurrentModelNtHeader2 = (IMAGE_NT_HEADERS32*)(pCurrentModelDosHeader->e_lfanew + (DWORD)pCurrentModelDosHeader);//正确
012B7553 mov eax,dword ptr [pCurrentModelDosHeader]
012B7556 mov ecx,dword ptr [eax+3Ch]
012B7559 add ecx,dword ptr [pCurrentModelDosHeader]
012B755C mov dword ptr [pCurrentModelNtHeader2],ecx
多出的这句shl ecx,6 把原先结构体成员e_lfanew的偏移乘上了64导致错误结果,可是指针本身应该就是dword类型的啊,为什么还要显示的转换下?
