#include <windows.h>
#include <iostream>
using namespace std;
DWORD*g_mess=(DWORD*)MessageBox;
DWORD*lpAddr;
DWORD*pImportn;
int n=0;
typedef int(WINAPI *PFNMESSAGEBOX)(HWND hWnd,
LPCSTR lpText,
LPCSTR lpCaption,
UINT uType
);
//自定义的要替换原始函数的函数,这个函数必须与要替换的函数具有相同的结构
int WINAPI Mymess(HWND hWnd,LPCSTR lpText,LPCSTR lpCaption,UINT uType)
{return((PFNMESSAGEBOX)g_mess)(hWnd,"新函数","new",uType);
}
IMAGE_IMPORT_DESCRIPTOR* GetImportAddress(HMODULE hModule)
{IMAGE_DOS_HEADER* pDosHeader = (IMAGE_DOS_HEADER*)hModule;
IMAGE_OPTIONAL_HEADER* Pioh=(IMAGE_OPTIONAL_HEADER*)
((BYTE*)hModule+pDosHeader->e_lfanew+24);
return (IMAGE_IMPORT_DESCRIPTOR*)
((BYTE*)hModule+Pioh->DataDirectory[1].VirtualAddress);
}
void OutImport(IMAGE_IMPORT_DESCRIPTOR* pIid,HMODULE hModule)
{IMAGE_THUNK_DATA* pItd=(IMAGE_THUNK_DATA*)((BYTE*)hModule+pIid->OriginalFirstThunk);
while(pIid->Name)
{char *szDllName=(char*)((BYTE*)hModule+pIid->Name);
if(strcmp(szDllName,"USER32.dll")==0)
while(pItd->u1.Function)
{//判断IAT中函数地址是否是要替换的地址,若是则将自定义的函数的地址存入IAT中
//注意,直接修改导入地址表的方式只能在DEBUG模式下起作用,在RELEASE下要修改内存属性
if(*((DWORD*)((BYTE*)hModule+pIid->FirstThunk)+n)==(DWORD)g_mess)
{ pImportn=(DWORD*)((BYTE*)hModule+pIid->FirstThunk)+n;
lpAddr=(DWORD*)Mymess;
cout<<"pImport"<<n<<"="<<(void*)pImportn<<endl;
cout<<"*pImport"<<n<<"="<<(void*)*pImportn<<endl;
cout<<"Mymess="<<(void*)Mymess<<endl;
// *pImportn=(DWORD)lpAddr;
DWORD dwOld;
MEMORY_BASIC_INFORMATION mbi;
::VirtualQuery(pImportn,&mbi,sizeof(mbi));
::VirtualProtect(pImportn,
sizeof(DWORD),
PAGE_READWRITE,
&dwOld
);
::WriteProcessMemory(::GetCurrentProcess(),
pImportn,
&lpAddr,
sizeof(DWORD),
NULL
);
::VirtualProtect(pImportn,sizeof(DWORD),dwOld,0);
cout<<"修改IAT后\n";
cout<<"*pImport"<<n<<"="<<(void*)*pImportn<<endl;
}
pItd++;n++;
}
pIid++;
}
return ;
}
int main()
{::MessageBox(NULL,"原函数","old",0);
HMODULE hModule=::GetModuleHandle(NULL);
IMAGE_IMPORT_DESCRIPTOR* pIid=GetImportAddress(hModule);
OutImport(pIid,hModule);
::MessageBox(NULL,"原函数","old",0);
system("pause");
return 0;
}
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。