-
-
[原创]vb6.0 __stdcall函数内调用__cdecl函数_mingw版
-
发表于: 2021-3-11 20:47
-
//dy.c
#include <windows.h>
//C声明:
//int __stdcall dy(void * bdhsdz, int cssz[], int csgs);
//第一个参数:被调函数地址,第二个参数:参数数组,第三个参数:参数个数.
//dy(fp,0,0)表示无参函数调用.
//dy支持有返回值函数调用和无返回值函数调用.
//被调函数的返回值是dy的返回值.
declspec(dllexport) int declspec(naked) __stdcall dy(void *bdhsdz, int cssz[], int csgs)
{
1 2 3 4 5 6 7 8 | __asm__("\pushl %ebp;\movl %esp,%ebp;\pushl %ebx;\movl %ss:0x0C(%ebp),%ebx;\movl %ss:0x10(%ebp),%eax;\decl %eax;\ |
bqq: cmpl $0x0,%eax;\
jl bqh;\
pushl %ds:(%ebx,%eax,0x4);\
decl %eax;\
jmp bqq;\
bqh: call *%ss:0x8(%ebp);\
movl %eax,%ebx;\
movl $0x4,%eax;\
imull %ss:0x10(%ebp);\
addl %eax,%esp;\
movl %ebx,%eax;\
popl %ebx;\
leave;\
ret $0xC\
");
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
// attach to process
// return FALSE to fail DLL load
break;
case DLL_PROCESS_DETACH:
// detach from process
break;
case DLL_THREAD_ATTACH:
// attach to thread
break;
case DLL_THREAD_DETACH:
// detach from thread
break;
}
return TRUE; // succesful
}
编译成dll:
gcc -m32 -static -Wall dy.c -s -O2 -Wl,--kill-at -mdll -o dy.dll
dy.dll静态分析:
调用测试:
//main.c
#include <stdio.h>
#include <stdlib.h>
int __stdcall dy(void * bdhsdz, int cssz[], int csgs);
int a[2];
int main(void)
{
a[0] = (int)"hello%d\n";
a[1] = 123;
1 2 3 4 | printf("%d\n", dy(printf, a, 2));system("pause");return 0; |
}
gcc main.c -static -s -m32 -Wall -o main.exe -O2 dy.dll
main.exe运行效果
hello123
9
请按任意键继续. . .
[培训]科锐软件逆向54期预科班、正式班开始火爆招生报名啦!!!
|
|
|---|---|
