[求助]修改IMPORT ADDRESS TABLE的疑问
基础差,有点晕,都语无伦次了,不好意思。
IMAGE_IMPORT_DESCRIPTOR
*descriptor=
(IMAGE_IMPORT_DESCRIPTOR *)(BYTE*) hMod +
opthdr->DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT].
VirtualAddress;
while(descriptor ->FirstThunk)
{
char*dllname=(char*)((BYTE*)hMod+ descriptor ->Name);
IMAGE_THUNK_DATA* thunk=( IMAGE_THUNK_DATA*)((BYTE*) hMod +
descriptor ->OriginalFirstThunk);
int x=0;
while(thunk->u1.Function)
{
char*functionname=(char*)((BYTE*) hMod +
( DWORD)thunk->u1.AddressOfData+2);
DWORD *IATentryaddress=( DWORD *)((BYTE*) hMod +
descriptor->FirstThunk)+x;
x++; thunk++;
}
descriptor++;
}
上面是文章里的代码段。
WriteProcessMemory(GetCurrentProcess(),IATentryaddress,&ptr,4,&byteswritten);
ptr数组里存放了call指令,
这样修改,这个call指令为什么会被执行呢?