PHOOKENVIRONMENT __stdcall InstallHookApi(PCHAR DllName,PCHAR ApiName,PVOID HookProc)
{
HMODULE DllHandle;
PVOID ApiEntry;
int ReplaceCodeSize;
DWORD oldpro;
DWORD SizeOfStub;
DWORD delta;
DWORD RetSize =0;
PHOOKENVIRONMENT pHookEnv;
if (HookProc == NULL)
{
return NULL;
}
DllHandle = GetModuleHandleA(DllName);
if (DllHandle == NULL)
DllHandle = LoadLibraryA(DllName);
if (DllHandle == NULL)
return NULL;
ApiEntry = GetProcAddress(DllHandle,ApiName);
if (ApiEntry == NULL) return NULL;
ReplaceCodeSize = GetOpCodeSize((BYTE*)ApiEntry);
while (ReplaceCodeSize < 5)
ReplaceCodeSize += GetOpCodeSize((BYTE*)((DWORD)ApiEntry + (DWORD)ReplaceCodeSize));
if (ReplaceCodeSize > 16) return NULL;
SizeOfStub = GetEndAddr()-(DWORD)&pEnv;
pHookEnv = (PHOOKENVIRONMENT)VirtualAlloc(NULL,SizeOfStub,MEM_COMMIT,PAGE_READWRITE);
if(!pHookEnv){
return NULL;
}
memset((void*)&pEnv,0x90,sizeof(pEnv));
CopyMemory(pHookEnv,(PVOID)&pEnv,SizeOfStub);
CopyMemory((void*)pHookEnv,(void*)&pEnv,sizeof(pEnv.savebytes));
CopyMemory(pHookEnv->savebytes,ApiEntry,ReplaceCodeSize);
pHookEnv->OrgApiAddr = ApiEntry;
pHookEnv->SizeOfReplaceCode = ReplaceCodeSize;
pHookEnv->jmptoapi[0]=0xE9;
*(DWORD*)(&pHookEnv->jmptoapi[1]) = (DWORD)ApiEntry + ReplaceCodeSize - ((DWORD)pHookEnv->jmptoapi + 5);
//patch api
if (!VirtualProtect(ApiEntry,ReplaceCodeSize,PAGE_EXECUTE_READWRITE,&oldpro))
return FALSE;
delta = (DWORD)pHookEnv - (DWORD)&pEnv;
*(DWORD*)(&JMPGate[1]) = ((DWORD)NewStub + delta) - ((DWORD)ApiEntry + 5);
WriteProcessMemory(GetCurrentProcess(), ApiEntry, JMPGate, sizeof(JMPGate),&RetSize);
if (!VirtualProtect(ApiEntry,ReplaceCodeSize,oldpro,&oldpro))
return FALSE;
//写入变量
*(DWORD*)((DWORD)NewStub + delta + 3) = (DWORD)HookProc - ((DWORD)NewStub + delta + 3 + 4);
return pHookEnv;
}
在这一句SizeOfStub = GetEndAddr()-(DWORD)&pEnv;
我得到的SizeOfStub总是一个负值,我想问问该句的作用是什么?