?? thunk.cpp
字號:
/*
Copyright 2006 - 2008
ZhangLuduo <zhangluduo@msn.com>
All Rights Reserved.
thunk - 動態(tài)替換CPU指令
利用這個類可以將Windows API的回調(diào)函數(shù)封裝
成C++類成員.這份代碼只能在x86的CPU上執(zhí)行.
作者 - 張魯奪(zhangluduo)
MSN - zhangluduo@msn.com
QQ群 - 34064264
為所有愛我的人和我愛的人努力!
*/
#include "stdafx.h"
#include "Thunk.h"
void* Thunk::Thiscall(void* pThis, unsigned long MemberFxnAddr)
{
// Encoded machine instruction Equivalent assembly languate notation
// --------------------------- -------------------------------------
// B9 ?? ?? ?? ?? mov ecx, pThis ; Load ecx with this pointer
// E9 ?? ?? ?? ?? jmp target addr ; Jump to target message handler
// unsigned long JmpAddr = MemberFxnAddr - (unsigned long) &m_ThiscallCode - sizeof(m_ThiscallCode);
// m_ThiscallCode[0] = 0xB9;
// m_ThiscallCode[5] = 0xE9;
// *((unsigned long *) &m_ThiscallCode[1]) = (unsigned long) pThis;
// *((unsigned long *) &m_ThiscallCode[6]) = JmpAddr;
//
// return (void*)m_ThiscallCode;
m_THISCALL.Mov = 0xB9;
m_THISCALL.This = (unsigned long) pThis;
m_THISCALL.Jmp = 0xE9;
m_THISCALL.Adrr = MemberFxnAddr - (unsigned long)&m_THISCALL - sizeof(THUNK_THISCALL);
return (void*)(&m_THISCALL);
}
void* Thunk::Stdcall(void* pThis, unsigned long MemberFxnAddr)
{
// Encoded machine instruction Equivalent assembly languate notation
// --------------------------- -------------------------------------
// FF 34 24 push dword ptr [esp] ; Save (or duplicate)
// ; the return Address into stack
// C7 44 24 04 ?? ?? ?? ?? mov dword ptr [esp+4], pThis ; Overwite the old;
// ; Return Address with 'this pointer'
// E9 ?? ?? ?? ?? jmp target addr ; Jump to target message handler
// unsigned long JmpAddr = MemberFxnAddr - (unsigned long) &m_StdcallCode - sizeof(m_StdcallCode);
// m_StdcallCode[11] = 0xE9;
// *((unsigned long *) &m_StdcallCode[ 0]) = 0x002434FF;
// *((unsigned long *) &m_StdcallCode[ 3]) = 0x042444C7;
// *((unsigned long *) &m_StdcallCode[ 7]) = (unsigned long) pThis;
// *((unsigned long *) &m_StdcallCode[12]) = JmpAddr;
//
// return (void*)m_StdcallCode;
m_STDCALL.Push[0] = 0xFF;
m_STDCALL.Push[1] = 0x34;
m_STDCALL.Push[2] = 0x24;
m_STDCALL.Move = 0x042444C7;
m_STDCALL.This = (unsigned long) pThis;
m_STDCALL.Jmp = 0xE9;
m_STDCALL.Adrr = MemberFxnAddr - (unsigned long)&m_STDCALL - sizeof(THUNK_STDCALL);
return (void*)(&m_STDCALL);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -