-
-
[求助][求助]最近inline hook的时候怎么偶然出现这样的问题,忘知道的告知下原因
-
发表于: 2011-3-3 21:15
-
最近写几个hook的代码,可是总是偶然出现第一个字节该不了的情况,望知道的告知原因。上图:
函数代码如下:
BOOLEAN RestoreHook( PVOID pHookAddress, PVOID OriCodeBuffer, DWORD dwLen )
{
if( MmIsAddressValid( pHookAddress ) )
{
KSPIN_LOCK SpinLock;
KIRQL OldIrq;
PMDL MemoryDescriptorList;
DWORD dwIrql = 0;
MapVirtualAddress( pHookAddress, dwLen, &MemoryDescriptorList );
if( (DWORD)KeGetCurrentIrql() < 2 )
{
KeInitializeSpinLock( &SpinLock );
KeAcquireSpinLock( &SpinLock, &OldIrq );
dwIrql = 1;
}
WPOFF();
memcpy( pHookAddress, OriCodeBuffer, dwLen );
WPON();
if( dwIrql == 1 )
KeReleaseSpinLock( &SpinLock, OldIrq );
if( MmIsAddressValid(MemoryDescriptorList) )
UnMapVirtualAddress( MemoryDescriptorList );
return TRUE;
}
return FALSE;
}
刚刚还运行的好好的,现在又不行了,真见鬼了
函数代码如下:
BOOLEAN RestoreHook( PVOID pHookAddress, PVOID OriCodeBuffer, DWORD dwLen )
{
if( MmIsAddressValid( pHookAddress ) )
{
KSPIN_LOCK SpinLock;
KIRQL OldIrq;
PMDL MemoryDescriptorList;
DWORD dwIrql = 0;
MapVirtualAddress( pHookAddress, dwLen, &MemoryDescriptorList );
if( (DWORD)KeGetCurrentIrql() < 2 )
{
KeInitializeSpinLock( &SpinLock );
KeAcquireSpinLock( &SpinLock, &OldIrq );
dwIrql = 1;
}
WPOFF();
memcpy( pHookAddress, OriCodeBuffer, dwLen );
WPON();
if( dwIrql == 1 )
KeReleaseSpinLock( &SpinLock, OldIrq );
if( MmIsAddressValid(MemoryDescriptorList) )
UnMapVirtualAddress( MemoryDescriptorList );
return TRUE;
}
return FALSE;
}
刚刚还运行的好好的,现在又不行了,真见鬼了
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
