为什么我的绕道代码会因 NOP 崩溃
你好,这是我的第一个问题,所以请温柔地对待我。我正在使用 MS detours 和 Visual Studio 2005 绕过一个 exe,我的 dll 被加载,我的钩子工作得很好,但是当我尝试扩展我的钩子代码时,出现了问题,整个事情崩溃了,我认为它在 exe 中创建了一个异常,弹出了一个消息框联系支持。
typedef void (__stdcall* GenterateStrings)(int,int,int);
GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);
extern "C" { static void __stdcall myGenterateStrings(int,int,int); }
void __stdcall myGenterateStrings(int a1, int a2, int a3)
{
myLogMessage(L"its working");
Real_GenterateStrings( a1, a2, a3);
return;
}
这毫无例外,我的日志文件中充满了“它正在工作”,但是,我需要在 Real_GenterateStrings() 调用之后捕获 EAX,因为它包含指向 unicode 字符串的指针。
但如果我在 Real_GenterateStrings 调用之后放置任何代码,就会在挂钩后立即导致崩溃。即使只是一个 nop
void __stdcall PokerAdvisorGenterateStrings(int a1, int a2, int a3)
{
myLogMessage(L"its working");
Real_GenterateStrings( a1, a2, a3);
__asm
{
nop
}
return;
}
有什么想法吗?
我挂钩的函数是
mov eax, [rsp+0Ch]
mov ecx, [rsp+8]
mov edx, cs:113650Ah
push rax
mov eax, [rsp+8]
push rcx
push rdx
push 0A3CA2Ch
push rax
call near ptr unk_6AB8E0
add esp, 14h
retn
我认为它没有返回值?
Hi this is my first question so please treat me gently.I am detouring an exe, using MS detours and Visual Studio 2005, my dll gets loaded and my hook works a treat however when I try to extend my hook code something is going wrong and the whole thing crashes, I think its creating an exception in the exe which is popping up a message box contact support.
typedef void (__stdcall* GenterateStrings)(int,int,int);
GenterateStrings Real_GenterateStrings = (GenterateStrings)(0x06EDFA0);
extern "C" { static void __stdcall myGenterateStrings(int,int,int); }
void __stdcall myGenterateStrings(int a1, int a2, int a3)
{
myLogMessage(L"its working");
Real_GenterateStrings( a1, a2, a3);
return;
}
That works a treat no exceptions and my log file fills with "its working", however, i need to capture EAX after my Real_GenterateStrings() call as it contains a pointer to a unicode string.
but if i put any code after the Real_GenterateStrings call just cause the crash as soon as its hooked. Even just a nop
void __stdcall PokerAdvisorGenterateStrings(int a1, int a2, int a3)
{
myLogMessage(L"its working");
Real_GenterateStrings( a1, a2, a3);
__asm
{
nop
}
return;
}
Any ideas?
The function i am hooking is
mov eax, [rsp+0Ch]
mov ecx, [rsp+8]
mov edx, cs:113650Ah
push rax
mov eax, [rsp+8]
push rcx
push rdx
push 0A3CA2Ch
push rax
call near ptr unk_6AB8E0
add esp, 14h
retn
I dont think it returns a value?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你怎么知道
eax中有东西?一般来说,绕行崩溃通常是由于不准确的调用约定和/或原型造成的。我怀疑绕道函数返回 void* 或其他内容。您需要捕获返回值并在完成后将其传递给调用者,如下所示:
How do you know there is something in
eax?In general, detour crashes are often due to an inaccurate calling convention and/or prototype. I suspect that the detoured function returns a void* or something else. You need to capture the return value and pass it along to the caller once you're done, like so: