-
-
[求助]为什么这段代码调用native api出错?[已解决]
-
发表于:
2007-3-12 01:23
6375
-
[求助]为什么这段代码调用native api出错?[已解决]
#include<windows.h>
前面通过FindWindowExW调用正常,但是通过native API就得不到正确的结果
typedef struct _MYUNICODE_STRING
{
USHORT Length;
USHORT MaxLength;
LPWSTR String;
} MYUNICODE_STRING;
WCHAR Name[]=L"PopKart Client";
MYUNICODE_STRING WindowName,ClassName;
/*
push [ebp+arg_10]
push [ebp+LPUNICODE_WINDOWNAME]
push [ebp+LPUNICODE_CLASSNAME]
push [ebp+arg_4]
push [ebp+arg_0]
; __stdcall NtUserFindWindowEx(x, x, x, x, x)
_NtUserFindWindowEx@20 proc near
mov eax, 117Ah
mov edx, 7FFE0300h
call dword ptr [edx]
retn 14h
_NtUserFindWindowEx@20 endp
*/
int main(int argc, CHAR* argv[])
{
HWND hClient;
WindowName.Length=0x1c;
WindowName.MaxLength=0x1E;
WindowName.String=Name;
ClassName.Length=0x1c;
ClassName.MaxLength=0x1E;
ClassName.String=Name;
hClient=FindWindowExW(NULL,NULL,Name,Name);
printf("\n%08x",hClient);
hClient=0;
_asm
{
pushad
pushfd
push 0;
push offset WindowName
push offset ClassName
push 0
push 0 //没有push 返回地址
mov eax, 0x117A
mov edx, 0x7FFE0300
call dword ptr [edx]
add esp,0x14
mov hClient,eax
popfd
popad
}
printf("\n%08x",hClient);
return 0;
}
似乎是没有push 返回地址
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法