问题描述
- 关于看雪论坛Hook类中一段代码的疑惑
-
PHOOKENVIRONMENT __stdcall InstallHookApi(PCHAR DllName,PCHAR ApiName,PVOID HookProc)
{
HMODULE DllHandle;
PVOID ApiEntry;
int ReplaceCodeSize;
DWORD oldpro;
DWORD SizeOfStub;
DWORD delta;
DWORD RetSize =0;PHOOKENVIRONMENT pHookEnv; if (HookProc == NULL) { return NULL; } DllHandle = GetModuleHandleA(DllName); if (DllHandle == NULL) DllHandle = LoadLibraryA(DllName); if (DllHandle == NULL) return NULL; ApiEntry = GetProcAddress(DllHandle,ApiName); if (ApiEntry == NULL) return NULL; ReplaceCodeSize = GetOpCodeSize((BYTE*)ApiEntry); while (ReplaceCodeSize < 5) ReplaceCodeSize += GetOpCodeSize((BYTE*)((DWORD)ApiEntry + (DWORD)ReplaceCodeSize)); if (ReplaceCodeSize > 16) return NULL;SizeOfStub = GetEndAddr()-(DWORD)&pEnv;
pHookEnv = (PHOOKENVIRONMENT)VirtualAlloc(NULL,SizeOfStub,MEM_COMMIT,PAGE_READWRITE); if(!pHookEnv){ return NULL; } memset((void*)&pEnv,0x90,sizeof(pEnv)); CopyMemory(pHookEnv,(PVOID)&pEnv,SizeOfStub); CopyMemory((void*)pHookEnv,(void*)&pEnv,sizeof(pEnv.savebytes)); CopyMemory(pHookEnv->savebytes,ApiEntry,ReplaceCodeSize); pHookEnv->OrgApiAddr = ApiEntry; pHookEnv->SizeOfReplaceCode = ReplaceCodeSize; pHookEnv->jmptoapi[0]=0xE9; *(DWORD*)(&pHookEnv->jmptoapi[1]) = (DWORD)ApiEntry + ReplaceCodeSize - ((DWORD)pHookEnv->jmptoapi + 5); //patch api if (!VirtualProtect(ApiEntry,ReplaceCodeSize,PAGE_EXECUTE_READWRITE,&oldpro)) return FALSE; delta = (DWORD)pHookEnv - (DWORD)&pEnv; *(DWORD*)(&JMPGate[1]) = ((DWORD)NewStub + delta) - ((DWORD)ApiEntry + 5); WriteProcessMemory(GetCurrentProcess(), ApiEntry, JMPGate, sizeof(JMPGate),&RetSize); if (!VirtualProtect(ApiEntry,ReplaceCodeSize,oldpro,&oldpro)) return FALSE; //写入变量 *(DWORD*)((DWORD)NewStub + delta + 3) = (DWORD)HookProc - ((DWORD)NewStub + delta + 3 + 4); return pHookEnv;}
在这一句SizeOfStub = GetEndAddr()-(DWORD)&pEnv;
我得到的SizeOfStub总是一个负值,我想问问该句的作用是什么?
解决方案
这 好像是个函数代码
时间: 2024-10-31 17:43:48