hellolittlepan 2017-08-17 02:24 采纳率: 0%
浏览 2082
已结题

x64 平台下怎么使用汇编修改函数地址 替换为自己的函数地址

      之前做了在32位平台下的hook,替换dll中的函数为自己的函数,现在因为要对
    64位的软件做hook,所以现在需要将 “使用汇编替换函数地址代码 ”改为 64位平台下的代码,请大神指点指点
  • 写回答

2条回答 默认 最新

  • hellolittlepan 2017-08-17 09:49
    关注

    if( IsBadReadPtr( TargetAddr, sizeof( KJmpToStub ) ) ){//Code not readable
    ErrCode = ERR_PAGE_ACCESS;
    return FALSE;
    }

    if( IsShortFunc( TargetAddr ) ){
    ErrCode = ERR_SMALL_FUNC;
    return FALSE;
}


DWORD dwOldProt = 0;
if( ! ::VirtualProtectEx( (HANDLE)(-1), (LPVOID)TargetAddr, 32, PAGE_EXECUTE_READWRITE, &dwOldProt ) )
{
    g_pLog->Write(L"\n\n VirtualProtectEx  失败\n\n");
    ErrCode = ERR_VIRT_PROT;
    return FALSE;
}


this->TargetAddr      = TargetAddr;
this->PrologueHandler = PrologueHandler;
this->FuncId          = FuncId_;
this->MainHandler     = MainHandler;

code_len = 0;
DWORD ReassembledCodeLen = 0;

BYTE* pDst  = (BYTE*)pDstStub->ReassembledInstr;// 
BYTE *pcode = (BYTE*)TargetAddr;                // 

while( code_len < 5 ){
    hde64s hdestr = {0};
    DWORD instr_len = hde_disasm(pcode, &hdestr);

    //reassemble instruction and copy
    DWORD NewInstrLen = ReAssembleInstr( (BYTE*)TargetAddr, pcode, pDst, instr_len );

    code_len += instr_len;
    ReassembledCodeLen += NewInstrLen;
    pcode += instr_len;
    pDst  += NewInstrLen;
}

//Save original bytes for restore hook
memcpy( orig_bytes, TargetAddr, code_len);


//Prepare stub code
//push id   0x68 xx xx xx xx
//jmp Stub  0xE9 yy yy yy yy
pDstStub->PushIdOpcode = 0x68;    //PUSH opcode
pDstStub->FuncId = FuncId;

pDstStub->JmpOpcode = 0xE9;    //JMP opcode
pDstStub->JmpOperand = (DWORD)( (BYTE*)PrologueHandler - ( (BYTE*)&pDstStub->JmpOpcode + 5 ) );

Unhooked = pDstStub->ReassembledInstr;

 //Add JMP to continue code in Reassembled instructions end
BYTE *dst = pDstStub->ReassembledInstr + ReassembledCodeLen;
*(BYTE*)dst = 0xE9;//JMP opcode
*(DWORD*)(dst+1) = (DWORD) ( (DWORD)((BYTE*)TargetAddr + code_len) - ( (DWORD)dst + 5 ) );


//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//Set hook
//Write jmp stub to function start address

    JmpTo.Opcode = 0xE9;
    if( FuncId == 0xFFFFFFFF ){//jump to PrologueAddr
    JmpTo.Operand=(DWORD)((BYTE*)MainHandler - ( (BYTE*)TargetAddr + 5) );
    }
    else{// jump to push id
    JmpTo.Operand=(DWORD)( &pDstStub->PushIdOpcode - ( (BYTE*)TargetAddr + 5 ) );
    }

    //Patch function
memcpy( TargetAddr, &JmpTo, sizeof( JmpTo ) );
ErrCode = ERR_NO_ERR;
    评论

报告相同问题?

悬赏问题

  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器