x64 平台下怎么使用汇编修改函数地址 替换为自己的函数地址 10C
      之前做了在32位平台下的hook,替换dll中的函数为自己的函数,现在因为要对
    64位的软件做hook,所以现在需要将 “使用汇编替换函数地址代码 ”改为 64位平台下的代码,请大神指点指点

2个回答

if( IsBadReadPtr( TargetAddr, sizeof( KJmpToStub ) ) ){//Code not readable
ErrCode = ERR_PAGE_ACCESS;
return FALSE;
}

if( IsShortFunc( TargetAddr ) ){
    ErrCode = ERR_SMALL_FUNC;
    return FALSE;
}


DWORD dwOldProt = 0;
if( ! ::VirtualProtectEx( (HANDLE)(-1), (LPVOID)TargetAddr, 32, PAGE_EXECUTE_READWRITE, &dwOldProt ) )
{
    g_pLog->Write(L"\n\n VirtualProtectEx  失败\n\n");
    ErrCode = ERR_VIRT_PROT;
    return FALSE;
}


this->TargetAddr      = TargetAddr;
this->PrologueHandler = PrologueHandler;
this->FuncId          = FuncId_;
this->MainHandler     = MainHandler;

code_len = 0;
DWORD ReassembledCodeLen = 0;

BYTE* pDst  = (BYTE*)pDstStub->ReassembledInstr;// 
BYTE *pcode = (BYTE*)TargetAddr;                // 

while( code_len < 5 ){
    hde64s hdestr = {0};
    DWORD instr_len = hde_disasm(pcode, &hdestr);

    //reassemble instruction and copy
    DWORD NewInstrLen = ReAssembleInstr( (BYTE*)TargetAddr, pcode, pDst, instr_len );

    code_len += instr_len;
    ReassembledCodeLen += NewInstrLen;
    pcode += instr_len;
    pDst  += NewInstrLen;
}

//Save original bytes for restore hook
memcpy( orig_bytes, TargetAddr, code_len);


//Prepare stub code
//push id   0x68 xx xx xx xx
//jmp Stub  0xE9 yy yy yy yy
pDstStub->PushIdOpcode = 0x68;    //PUSH opcode
pDstStub->FuncId = FuncId;

pDstStub->JmpOpcode = 0xE9;    //JMP opcode
pDstStub->JmpOperand = (DWORD)( (BYTE*)PrologueHandler - ( (BYTE*)&pDstStub->JmpOpcode + 5 ) );

Unhooked = pDstStub->ReassembledInstr;

 //Add JMP to continue code in Reassembled instructions end
BYTE *dst = pDstStub->ReassembledInstr + ReassembledCodeLen;
*(BYTE*)dst = 0xE9;//JMP opcode
*(DWORD*)(dst+1) = (DWORD) ( (DWORD)((BYTE*)TargetAddr + code_len) - ( (DWORD)dst + 5 ) );


//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//Set hook
//Write jmp stub to function start address

JmpTo.Opcode = 0xE9;
if( FuncId == 0xFFFFFFFF ){//jump to PrologueAddr
JmpTo.Operand=(DWORD)((BYTE*)MainHandler - ( (BYTE*)TargetAddr + 5) );
}
else{// jump to push id
JmpTo.Operand=(DWORD)( &pDstStub->PushIdOpcode - ( (BYTE*)TargetAddr + 5 ) );
}

//Patch function
memcpy( TargetAddr, &JmpTo, sizeof( JmpTo ) );
ErrCode = ERR_NO_ERR;

请问一下 这是32位的代码 怎么 改成 64 位的?

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐