-
-
[求助]逆向调试新手,这个内联HOOK函数怎么写
-
发表于: 2012-10-16 16:04
-
我要在632024a6出进行hook,执行我的MyCconnect函数
__declspec(naked) WINAPI void __stdcall MyWSAConnect()这个函数怎么写.
我写的有问题,请问如何修改
int WINAPI DoConnect(SOCKET s, const struct sockaddr FAR * name, int namelen)
{
}
__declspec(naked) void __stdcall MyWSAConnect()
{
__asm
{
MOV EAX, ESP
PUSHAD
PUSH 10 //len
PUSH DWORD PTR[EAX+0x8] //sockaddr
PUSH DWORD PTR[EAX+0x4] //socket
CALL DoConnect
POPAD
jmp g_dwWSAConnectAddr+5;
}
}
void HookWSAConnect()
{
BYTE byJmpStr[5] = {0xE9};
DWORD dwJmpAddr = (DWORD)MyWSAConnect - g_dwWSAConnectAddr - 5;
memcpy(byJmpStr+1, &dwJmpAddr, 4);
DWORD dwOldProtect = 0;
::VirtualProtect((void*)g_dwWSAConnectAddr, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect);
::WriteProcessMemory(::GetCurrentProcess(), (void*)g_dwWSAConnectAddr, byJmpStr, 5, NULL);
::VirtualProtect((void*)g_dwWSAConnectAddr, 5, dwOldProtect, &dwOldProtect);
}
__declspec(naked) WINAPI void __stdcall MyWSAConnect()这个函数怎么写.
我写的有问题,请问如何修改
int WINAPI DoConnect(SOCKET s, const struct sockaddr FAR * name, int namelen)
{
}
__declspec(naked) void __stdcall MyWSAConnect()
{
__asm
{
MOV EAX, ESP
PUSHAD
PUSH 10 //len
PUSH DWORD PTR[EAX+0x8] //sockaddr
PUSH DWORD PTR[EAX+0x4] //socket
CALL DoConnect
POPAD
jmp g_dwWSAConnectAddr+5;
}
}
void HookWSAConnect()
{
BYTE byJmpStr[5] = {0xE9};
DWORD dwJmpAddr = (DWORD)MyWSAConnect - g_dwWSAConnectAddr - 5;
memcpy(byJmpStr+1, &dwJmpAddr, 4);
DWORD dwOldProtect = 0;
::VirtualProtect((void*)g_dwWSAConnectAddr, 5, PAGE_EXECUTE_READWRITE, &dwOldProtect);
::WriteProcessMemory(::GetCurrentProcess(), (void*)g_dwWSAConnectAddr, byJmpStr, 5, NULL);
::VirtualProtect((void*)g_dwWSAConnectAddr, 5, dwOldProtect, &dwOldProtect);
}
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
