当前位置：文江博客话题详情

我可以挂钩链接库中的函数吗？

发布于 2024-09-16 18:14:41 字数 132 浏览 10 评论 0原文

使用 EasyHook，我已经成功挂钩了各种 C++ 类的导出函数和已知 vtable 函数。在所有这些情况下，目标程序都使用了 DLL。

如果我知道函数入口点的地址，当库已链接到目标程序而不是作为单独的库时，是否可以执行相同的操作？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

甲如呢乙后呢 2024-09-23 18:14:41

它与 EasyHook 一起出现，您可以挂钩任何地址可计算的子例程。

就我而言，在 OpenSSL 中挂钩静态链接的 SSL_read 和 SSL_write 就像使用我最喜欢的调试器识别偏移量一样简单，然后安装挂钩。

// delegate for EasyHook:
[UnmanagedFunctionPointer(CallingConvention.Cdecl, 
    SetLastError = true, CharSet = CharSet.Ansi)]
delegate Int32 SLL_readDelegate(IntPtr SSL_ptr, IntPtr buffer, Int32 length);

// import SSL_read (I actually did it manually, but this will work in most cases)
/* proto from ssl_lib.c -> int SSL_read(SSL *s,void *buf,int num) */
[DllImport("ssleay32.dll", SetLastError = true)]
public static extern Int32 SSL_read(IntPtr ssl, IntPtr buffer, Int32 len);

// the new routine
static Int32 SSL_readCallback(IntPtr SSL_ptr, IntPtr buffer, Int32 length)
{
    /* call the imported SSL_read */
    int ret = SSL_read(SSL_ptr, buffer, length);
    /* TODO: your code here, e.g:
     * string log_me = Marshal.PtrToString(buffer, ret);
     */
    return ret;
}

现在剩下的就是安装挂钩：

private LocalHook sslReadHook;

public void Run(RemoteHooking.IContext InContext, String InArg1)
{
    // ... initialization code omitted for brevity

    /* the value for ssl_read_addr is made up in this example
     * you'll need to study your target and how it's loaded(?) to 
     * identify the addresses you want to hook
     */
    int ssl_read_addr = 0x12345678; /* made up for examples sake */
    sslReadHook = LocalHook.Create(new IntPtr(ssl_read_addr),
        new SSL_readDelegate(SSL_readCallback), this);

    // ...
}

我应该提到，在这个示例中，您将需要 libeay32.dll 和 ssleay32.dll，因为后者依赖于前者。

快乐挂钩！

It appears with EasyHook you can hook any subroutine whose address is calculable.

In my case hooking static linked SSL_read and SSL_write in OpenSSL was as simple as identifying the offsets with my favourite debugger and then installing the hooks.

// delegate for EasyHook:
[UnmanagedFunctionPointer(CallingConvention.Cdecl, 
    SetLastError = true, CharSet = CharSet.Ansi)]
delegate Int32 SLL_readDelegate(IntPtr SSL_ptr, IntPtr buffer, Int32 length);

// import SSL_read (I actually did it manually, but this will work in most cases)
/* proto from ssl_lib.c -> int SSL_read(SSL *s,void *buf,int num) */
[DllImport("ssleay32.dll", SetLastError = true)]
public static extern Int32 SSL_read(IntPtr ssl, IntPtr buffer, Int32 len);

// the new routine
static Int32 SSL_readCallback(IntPtr SSL_ptr, IntPtr buffer, Int32 length)
{
    /* call the imported SSL_read */
    int ret = SSL_read(SSL_ptr, buffer, length);
    /* TODO: your code here, e.g:
     * string log_me = Marshal.PtrToString(buffer, ret);
     */
    return ret;
}

Now all that's left is to install the hook:

private LocalHook sslReadHook;

public void Run(RemoteHooking.IContext InContext, String InArg1)
{
    // ... initialization code omitted for brevity

    /* the value for ssl_read_addr is made up in this example
     * you'll need to study your target and how it's loaded(?) to 
     * identify the addresses you want to hook
     */
    int ssl_read_addr = 0x12345678; /* made up for examples sake */
    sslReadHook = LocalHook.Create(new IntPtr(ssl_read_addr),
        new SSL_readDelegate(SSL_readCallback), this);

    // ...
}

I should mention that in this example you'll need libeay32.dll and ssleay32.dll as the latter depends on the former.

Happy hooking!

回复收藏 0 原文

~没有更多了~