在 C 语言中查找函数地址;
我想知道是否有人知道如何获取您所在函数的地址。假设我挂钩 MessageBoxA()。当 MessageBoxA() 被调用时,我调用伪函数 hookMessageboxA()。从 hookMessageBoxA() 内部我想吐出 MessageBoxA() 是从哪里调用的。这有道理吗?可能需要使用汇编,但我不确定如何完成。
下面的代码是错误的,这只是我认为可能必须要做的事情。非常感谢任何有关如何在汇编和 C++ 中执行此操作的帮助!!!!!!
DWORD address = 0x00;
_asm {
mov address, ebp
}
DWORD keyPointerAddr = (DWORD)hInstance + 0x1000 - address + 0x00401000;
char str[255];
sprintf(str,"That call is coming from [%d]\n", keyPointerAddr);
I was wondering if anyone knows how to grab the address of the function you are in. Lets say I hook MessageBoxA(). When MessageBoxA() is called I call me pseudo function called hookMessageboxA(). From within hookMessageBoxA() I want to spit out where MessageBoxA() was called from. Does that make sense? Using assembly is probably needed but I am unsure how it could be done.
The below code is wrong, its just something I think might have to be done. Any help on how to do this in assembly and C++ is greatly appreciated!!!!!
DWORD address = 0x00;
_asm {
mov address, ebp
}
DWORD keyPointerAddr = (DWORD)hInstance + 0x1000 - address + 0x00401000;
char str[255];
sprintf(str,"That call is coming from [%d]\n", keyPointerAddr);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您实际上不需要使用任何 API。 MSVC 提供内在函数来获取返回地址:
You don't really need to use any APIs. MSVC provides an intrinsic to get just the return address:
您感兴趣的函数(假设您使用的是 Windows)是 StackWalk64。我建议阅读以下文章,了解有关使用此函数的一些提示:
步行调用堆栈
剖析代码应该会给你你想要的东西,尽管是以操作系统相关的方式 - 唯一的方式。虽然这篇文章应该很方便,但它不是看起来最友好的功能:)。
The function you're interested in (Given you're using Windows), is StackWalk64. I'd suggest reading the following article for a few hints on using this function:
Walking the Callstack
Dissecting the code should give you exactly what you're after, albeit in an OS dependant way - the only way. The article should prove handy though, it's not the friendliest looking function :).
如果您知道所在函数的名称,则该函数的名称就是指向它的指针,但我假设您已经知道了当前的指针黑客技术。
否则,您将不得不遍历当前堆栈。看看
StackWalk64和相关函数,或 DIA SDK(显然,我从未看过它)。当然,这是MS特有的。其他平台有其他方法(正如我刚刚忘记用户名的另一个人所说的)。否则,您可以手动遍历堆栈(如果您知道 ABI 并且可以访问平台的堆栈指针)。If you know the name of the function you are in, the name of the function is the pointer to it, but I assume you already know that given your current pointer hackery.
Otherwise, you're going to have to walk the current stack. Have a look at
StackWalk64and related functions, or the DIA SDK (apparently, I've never looked at it though). Of course, this is MS specific. Other platforms have other methods (as the other person I've just forgotten the username of has said). Otherwise, you could manually walk the stack (if you know the ABI and can access your platform's stack pointer).在标准 C++ 中是不可能的...但是,通过了解特定编译器如何编译和运行代码以及使用诊断挂钩,这是可能的。例如,在 Mac OS X 中,您可以使用“backtrace()”或“backtrace_symbols()”函数。有关更多信息,请参阅您的平台文档。
其他平台可能也有类似的例程。
Not possible in standard C++... But is possible with knowledge of how the particular compiler happens to compile and run the code, and with diagnostic hooks. In Mac OS X, for instance, you could use the 'backtrace()' or 'backtrace_symbols()' functions. Consult your platform documentation for more information.
There may be similar routines for other platforms.