[求助]求助NtGdiBitBlt的参数-付费问答-看雪-安全社区|安全招聘|kanxue.com

最新回复 (2)
moonife 雪币： 370 活跃值： (52) 能力值： ( LV13，RANK：350 ) 在线值：发帖 133 回帖 852 粉丝 5 关注私信	moonife 8 2 楼查了下在ntdll中并没NtGdiBitBlt这个函数 BitBlt在gdi32中直接sysenter转入内核的你要hook的话跟下看看吧 2009-10-18 17:31 0
zzage 雪币： 612 活跃值： (961) 能力值： ( LV4，RANK：50 ) 在线值：发帖 2 回帖 103 粉丝 2 关注私信	zzage 1 3 楼 BOOL APIENTRY NtGdiBitBlt( HDC hDCDest, INT XDest, INT YDest, INT Width, INT Height, HDC hDCSrc, INT XSrc, INT YSrc, DWORD ROP, IN DWORD crBackColor, IN FLONG fl) { PDC DCDest; PDC DCSrc = NULL; PDC_ATTR pdcattr = NULL; SURFACE BitmapDest, BitmapSrc = NULL; RECTL DestRect; POINTL SourcePoint; BOOL Status = FALSE; EXLATEOBJ exlo; XLATEOBJ XlateObj = NULL; BOOL UsesSource = ROP3_USES_SOURCE(ROP); DCDest = DC_LockDc(hDCDest); if (NULL == DCDest) { DPRINT("Invalid destination dc handle (0x%08x) passed to NtGdiBitBlt\n", hDCDest); return FALSE; } if (DCDest->dctype == DC_TYPE_INFO) { DC_UnlockDc(DCDest); / Yes, Windows really returns TRUE in this case / return TRUE; } if (UsesSource) { if (hDCSrc != hDCDest) { DCSrc = DC_LockDc(hDCSrc); if (NULL == DCSrc) { DC_UnlockDc(DCDest); DPRINT("Invalid source dc handle (0x%08x) passed to NtGdiBitBlt\n", hDCSrc); return FALSE; } if (DCSrc->dctype == DC_TYPE_INFO) { DC_UnlockDc(DCSrc); DC_UnlockDc(DCDest); / Yes, Windows really returns TRUE in this case / return TRUE; } } else { DCSrc = DCDest; } } pdcattr = DCDest->pdcattr; if (pdcattr->ulDirty_ & (DIRTY_FILL \| DC_BRUSH_DIRTY)) DC_vUpdateFillBrush(DCDest); DestRect.left = XDest; DestRect.top = YDest; DestRect.right = XDest+Width; DestRect.bottom = YDest+Height; IntLPtoDP(DCDest, (LPPOINT)&DestRect, 2); DestRect.left += DCDest->ptlDCOrig.x; DestRect.top += DCDest->ptlDCOrig.y; DestRect.right += DCDest->ptlDCOrig.x; DestRect.bottom += DCDest->ptlDCOrig.y; SourcePoint.x = XSrc; SourcePoint.y = YSrc; if (UsesSource) { IntLPtoDP(DCSrc, (LPPOINT)&SourcePoint, 1); SourcePoint.x += DCSrc->ptlDCOrig.x; SourcePoint.y += DCSrc->ptlDCOrig.y; } / Determine surfaces to be used in the bitblt / BitmapDest = DCDest->dclevel.pSurface; if (!BitmapDest) goto cleanup; if (UsesSource) { { BitmapSrc = DCSrc->dclevel.pSurface; if (!BitmapSrc) goto cleanup; } } / Create the XLATEOBJ. / if (UsesSource) { EXLATEOBJ_vInitXlateFromDCs(&exlo, DCSrc, DCDest); XlateObj = &exlo.xlo; } / Perform the bitblt operation */ Status = IntEngBitBlt(&BitmapDest->SurfObj, BitmapSrc ? &BitmapSrc->SurfObj : NULL, NULL, DCDest->rosdc.CombinedClip, XlateObj, &DestRect, &SourcePoint, NULL, &DCDest->eboFill.BrushObject, &DCDest->dclevel.pbrFill->ptOrigin, ROP3_TO_ROP4(ROP)); cleanup: if (UsesSource) EXLATEOBJ_vCleanup(&exlo); if (UsesSource && hDCSrc != hDCDest) { DC_UnlockDc(DCSrc); } DC_UnlockDc(DCDest); return Status; } 2009-10-18 20:35 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
moonife 雪币： 370 活跃值： (52) 能力值： ( LV13，RANK：350 ) 在线值：发帖 133 回帖 852 粉丝 5 关注私信	moonife 8 2 楼查了下在ntdll中并没NtGdiBitBlt这个函数 BitBlt在gdi32中直接sysenter转入内核的你要hook的话跟下看看吧 2009-10-18 17:31 0
zzage 雪币： 612 活跃值： (961) 能力值： ( LV4，RANK：50 ) 在线值：发帖 2 回帖 103 粉丝 2 关注私信	zzage 1 3 楼 BOOL APIENTRY NtGdiBitBlt( HDC hDCDest, INT XDest, INT YDest, INT Width, INT Height, HDC hDCSrc, INT XSrc, INT YSrc, DWORD ROP, IN DWORD crBackColor, IN FLONG fl) { PDC DCDest; PDC DCSrc = NULL; PDC_ATTR pdcattr = NULL; SURFACE BitmapDest, BitmapSrc = NULL; RECTL DestRect; POINTL SourcePoint; BOOL Status = FALSE; EXLATEOBJ exlo; XLATEOBJ XlateObj = NULL; BOOL UsesSource = ROP3_USES_SOURCE(ROP); DCDest = DC_LockDc(hDCDest); if (NULL == DCDest) { DPRINT("Invalid destination dc handle (0x%08x) passed to NtGdiBitBlt\n", hDCDest); return FALSE; } if (DCDest->dctype == DC_TYPE_INFO) { DC_UnlockDc(DCDest); / Yes, Windows really returns TRUE in this case / return TRUE; } if (UsesSource) { if (hDCSrc != hDCDest) { DCSrc = DC_LockDc(hDCSrc); if (NULL == DCSrc) { DC_UnlockDc(DCDest); DPRINT("Invalid source dc handle (0x%08x) passed to NtGdiBitBlt\n", hDCSrc); return FALSE; } if (DCSrc->dctype == DC_TYPE_INFO) { DC_UnlockDc(DCSrc); DC_UnlockDc(DCDest); / Yes, Windows really returns TRUE in this case / return TRUE; } } else { DCSrc = DCDest; } } pdcattr = DCDest->pdcattr; if (pdcattr->ulDirty_ & (DIRTY_FILL \| DC_BRUSH_DIRTY)) DC_vUpdateFillBrush(DCDest); DestRect.left = XDest; DestRect.top = YDest; DestRect.right = XDest+Width; DestRect.bottom = YDest+Height; IntLPtoDP(DCDest, (LPPOINT)&DestRect, 2); DestRect.left += DCDest->ptlDCOrig.x; DestRect.top += DCDest->ptlDCOrig.y; DestRect.right += DCDest->ptlDCOrig.x; DestRect.bottom += DCDest->ptlDCOrig.y; SourcePoint.x = XSrc; SourcePoint.y = YSrc; if (UsesSource) { IntLPtoDP(DCSrc, (LPPOINT)&SourcePoint, 1); SourcePoint.x += DCSrc->ptlDCOrig.x; SourcePoint.y += DCSrc->ptlDCOrig.y; } / Determine surfaces to be used in the bitblt / BitmapDest = DCDest->dclevel.pSurface; if (!BitmapDest) goto cleanup; if (UsesSource) { { BitmapSrc = DCSrc->dclevel.pSurface; if (!BitmapSrc) goto cleanup; } } / Create the XLATEOBJ. / if (UsesSource) { EXLATEOBJ_vInitXlateFromDCs(&exlo, DCSrc, DCDest); XlateObj = &exlo.xlo; } / Perform the bitblt operation */ Status = IntEngBitBlt(&BitmapDest->SurfObj, BitmapSrc ? &BitmapSrc->SurfObj : NULL, NULL, DCDest->rosdc.CombinedClip, XlateObj, &DestRect, &SourcePoint, NULL, &DCDest->eboFill.BrushObject, &DCDest->dclevel.pbrFill->ptOrigin, ROP3_TO_ROP4(ROP)); cleanup: if (UsesSource) EXLATEOBJ_vCleanup(&exlo); if (UsesSource && hDCSrc != hDCDest) { DC_UnlockDc(DCSrc); } DC_UnlockDc(DCDest); return Status; } 2009-10-18 20:35 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

[旧帖] [求助]求助NtGdiBitBlt的参数 0.00雪花