[旧帖]
请教看雪大大们,关于HOOK收包Call写法问题
0.00雪花
发表于:
2015-7-7 20:01
3850
[旧帖] 请教看雪大大们,关于HOOK收包Call写法问题
0.00雪花
我想HOOK程序的收包函数,返回内容,该怎么写呢。麻烦大家帮忙下。谢谢。
00402F80 85C0 test eax, eax
00402F82 7E 13 jle short 00402F97
00402F84 FF15 28876F00 call dword ptr [6F8728]
00402F8A 85C0 test eax, eax
00402F8C 74 02 je short 00402F90
procedure MyOperation; stdcall;
begin
//Form1.Memo1.Clear;
//Form1.Memo1.Lines.Add('dddddddddddddddddd');
end;
procedure HookCall; stdcall;
var
OldCall, MyCall: DWORD;
begin
OldCall := $6F8728;
MyCall := DWORD(@MyOperation);
asm
pushad
pushfd
call MyCall
popfd
popad
Jmp OldCall
end;
end;
procedure TForm1.Button7Click(Sender: TObject);
var
HOOK_addr: DWORD;
tOldPoint:Cardinal;
begin
tOldPoint := 0;
HOOK_addr := $6F8728;
VirtualProtect(Pointer(HOOK_addr), $5, PAGE_READWRITE, tOldPoint);
Pbyte(HOOK_addr)^:=$e8;
Pdword(HOOK_addr+$1)^ :=((dWORD(@HookCall)) - HOOK_addr - $5);
VirtualProtect(Pointer(HOOK_addr), 5, tOldPoint, nil);
end;
[课程]Android-CTF解题方法汇总!
上传的附件: