-
-
[求助]高手请看:为什么是api开头的8个字节呢?
-
发表于:
2007-12-26 10:15
3486
-
[求助]高手请看:为什么是api开头的8个字节呢?
在inline-hook当中,代码如下:为什么是api开头的8个字节?一直想不明白,是怎么计算过来的,请高手指教:
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
{
//获取本dll句柄
g_hInstance = hModule;
//创建事务
g_hSendEvent = CreateEvent( NULL, FALSE, TRUE, NULL );
//重写API开头的8字节
HMODULE hWsock = LoadLibrary( "wsock32.dll" );
g_pSend = ( DWORD )GetProcAddress( hWsock, "send" );
//保存原始字节
ReadProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pSend,
( void * )g_dwOldBytes[0], sizeof( DWORD )*2, NULL );
//将00400000改写为我们函数的地址
*( DWORD* )( g_btNewBytes + 1 ) = ( DWORD )hook_send;
WriteProcessMemory( INVALID_HANDLE_VALUE, ( void * )g_pSend,
( void * )g_btNewBytes, sizeof( DWORD )*2, NULL );
}
return TRUE;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
