使用 __asm 从十六进制偏移量调用函数
我不懂汇编,所以我不知道如何去做。
我有一个程序正在连接到另一个程序。我已经获得了该函数在挂钩程序的 .exe 中所在位置的偏移量
#define FuncToCall 0x00447E5D
那么现在如何使用 __asm{} 来调用该函数呢?
I don't know assembly so I'm not sure how to go about this.
I have a program which is hooking into another. I have obtained the offset to where the function is located within the hooked program's .exe
#define FuncToCall 0x00447E5D
So now how can I use __asm{} to call that function?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
简短的回答是,如果您不懂汇编,您就不应该这样做,哈哈。
但是,如果您如此热衷于黑客攻击,我的意思是,修改合法程序的操作,您就不能只获取一个地址并称其为好。
您需要查找符号(如果在快乐的 Linux 土地上)或使用 sig 扫描(或两者 D= )来查找实际函数。
一旦你这样做了,那就相对简单了,你只需要编写一个 mov 和 jmp 即可。假设您已经可以访问正在运行的进程,并且您的签名扫描器找到了正确的地址,这段代码将得到您想要的
现在,如果您想要的这个函数是一个类方法..您需要做更多的研究。但那段汇编将运行您想要的任何静态函数。
处理不同的调用约定也有一些混乱,所以没有评论者试图对我提出批评,这对于这个问题来说还远远不够。
编辑:
顺便说一下,我不使用 call,因为使用 call 时你必须担心堆栈帧和其他非常混乱的事情。该代码将跳转到任意地址并开始执行。
如果你想返回你的代码,那就是另一个故事了,但是只要它是正确的调用约定,而不是类方法等,这将使你的目标函数继续运行
Well short answer is if you do not know assembly you should not be doing this, haha.
But, if you are so intent on wall hacking, I mean, modifying the operation of a legitimate program, you can't just take an address and call it good.
You need to look up the symbol (if in happy linux land) or use sig scanning ( or both D= ) to find the actual function.
Once you do that then its relatively simple, you just need to write a mov and jmp. Assuming you have access to the running process already, and your sig scanner found the right address, this bit of code will get you want you want
Now, if this function you want is a class method.. you need to do some more studying. But that bit of assembly will run whatever static function you want.
There is some mess to deal with different calling conventions too, so no commenters try and call me out on that, that is far to advanced for this question.
EDIT:
By the way I do not use call because when using call you have to worry about stack frames and other very messing things. This code will jump to any address and start executing.
If you want to return to your code thats another story, but that WILL get your target function going as long as its the right calling convention, not a class method, etc etc
我认为您也可以将该地址转换为函数指针并以这种方式调用它。那可能会更好。
I think you could also cast that address to a function pointer and call it that way. That might be better.
感谢您的回答,但我已经弄清楚了。这就是我正在做的:
如果它有效,就不要修复它,天哪,它有效。
Thanks for answers, but I figured it out. This is what I'm doing:
If it works don't fix it, and by golly it works.
这是一个棘手的问题:
您也可以将它与参数和返回值一起使用。它只是将所有内容转发到您想要调用的函数,该函数由指向函数的指针 (FuncToCall) 给出。
Here is a tricky one:
You can use it with parameters and return value too. It simply forwards everything to the function you intend to call that is given by a pointer (FuncToCall) to the function.