首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] 一个堆栈的问题,大家帮我看看,谢谢了 0.00雪花
发表于: 2010-6-30 10:29 3076

[旧帖] 一个堆栈的问题,大家帮我看看,谢谢了 0.00雪花

daienming 活跃值
2010-6-30 10:29
3076
STACK_TEXT:  
ee654004 ee76b5cd 8661063c ee654034 ee76b5cd test!GetSystemName+0x8 [d:\TestCode\fristdriver.cpp @ 204]
ee654028 ee76ba8b 8661e528 00000000 ee76ba99 test!IsOk+0xd [d:\TestCode\fristdriver.cpp @ 214]
ee654034 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0xb [d:\TestCode\fristdriver.cpp @ 443]
ee654040 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65404c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654058 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654064 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654070 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65407c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654088 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654094 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540a0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540ac ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540b8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540c4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540d0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540dc ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540e8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6540f4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654100 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65410c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654118 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654124 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654130 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65413c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654148 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654154 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654160 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65416c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654178 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654184 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654190 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65419c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541a8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541b4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541c0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541cc ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541d8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541e4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541f0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6541fc ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654208 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654214 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654220 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65422c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654238 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654244 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654250 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65425c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654268 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654274 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654280 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65428c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654298 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542a4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542b0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542bc ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542c8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542d4 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542e0 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542ec ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee6542f8 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654304 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654310 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65431c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654328 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654334 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654340 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65434c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654358 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654364 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654370 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee65437c ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654388 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]
ee654394 ee76ba99 8661e528 00000000 ee76ba99 test!NtOpenThreadHookCode+0x19 [d:\TestCode\fristdriver.cpp @ 450]

堆栈溢出了。
代码是这样的
STACK_COMMAND:  .tss 0x28 ; kb

FOLLOWUP_IP:
test!GetSystemName+8 [d:\TestCode\fristdriver.cpp @ 204]
ee76b598 ff150cd876ee    call    dword ptr [test!_imp__IoGetCurrentProcess (ee76d80c)]

FAULTING_SOURCE_CODE:  
   200:
   201:
   202: PCHAR GetSystemName()
   203: {
>  204:         PEPROCESS pProcessInfo = PsGetCurrentProcess();
   205:         PCHAR pSystemName = (PCHAR)pProcessInfo + g_NamePostion;
   206:         return pSystemName;
   207: }
   208:
   209:  

__declspec(naked) VOID NtOpenThreadHookCode()
{
        _asm
        {
                push    dword ptr [ebp-34h]
                push    dword ptr [ebp-20h]
        }
        if (IsOk())
        {
                _asm
                {
                        mov eax,g_NtOpenThreadChangeAddr
                        call eax
                        MOV EBX ,g_NtOpenThreadHookAddrRet                                //这行出现问题
                        JMP EBX
                }
        }
        else
        {
                _asm
                {
                        MOV EAX,g_ObOpenObjectByPointer
                        CALL EAX
                        MOV EBX ,g_NtOpenThreadHookAddrRet
                        JMP EBX
                }
        }
}

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (2)
半道出家
雪    币: 724
活跃值: (81)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
2
不能确定你的问题是什么原因造成的,但至少你的代码中有一个严重的错误:
      MOV EBX ,g_NtOpenThreadHookAddrRet        //这行出现问题
      JMP EBX
你破坏了EBX,而且调用你函数代码认为ebx是不会被破坏的,所以只有上帝知道这会造成什么后果。将EBX改为ecx试一下吧。
2010-6-30 11:55
0
daienming
雪    币: 211
活跃值: (326)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
谢谢ls的兄弟先了,汇编实在不熟悉呀,惭愧呀
2010-6-30 13:27
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//