我试图在x64应用程序上挂钩一个函数。下面是我的代码:
int __stdcall nRecv(SOCKET s, char* buf, int len, int flags)
{
Log("Receving!");
return 0;
}
BOOL HookFunction(LPCWSTR moduleName, LPCSTR funcName, LPVOID pDestination)
{
BYTE stub[6] = { 0xe9, 0x00, 0x00, 0x00, 0x00, 0xc3 };
DWORD pProtection;
DWORD pSource = (DWORD)GetProcAddress(GetModuleHandle(moduleName), funcName);
LPVOID pTrampoline = VirtualAlloc(NULL, 6 + sizeof(stub), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
VirtualProtect((LPVOID)pSource, 6, PAGE_EXECUTE_READWRITE, &pProtection);
CopyMemory(stub + 1, &pDestination, 4);
CopyMemory((LPVOID)((DWORD_PTR)pTrampoline), &pSource, 6);
CopyMemory((LPVOID)((DWORD_PTR)pTrampoline + 6), stub, sizeof(stub));
CopyMemory(stub + 1, &pTrampoline, 4);
CopyMemory(&pSource, &stub, sizeof(stub));
VirtualProtect((LPVOID)pSource, 6, pProtection, NULL);
return TRUE;
}
BOOL recvHook = HookFunction(L"ws2_32.dll", "recv", &nRecv);
我附加了一个调试器并发现了一个错误:
我真的找不到发生这种情况的确切原因,我做错了什么吗?谢谢!
这一行将6字节的内存复制到一个4字节的变量
CopyMemory(&pSource, &stub, sizeof(stub));