?? thunk.cpp
字號:
/********************************************************************
Copyright 2006-2008 ZHANG Luduo. All Rights Reserved.
Permission to use, copy, modify, distribute and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and
that both that copyright notice and this permission notice appear
in supporting documentation.
********************************************************************/
/*
代碼說明 :
thunk - 動態(tài)替換CPU指令
利用這個類可以將Windows API的回調(diào)函數(shù)封裝
成C++類成員.這份代碼只能在x86的CPU上執(zhí)行.
聯(lián)系方式:
作者 - 張魯奪
MSN - zhangluduo@msn.com
Email - zhangluduo@163.com
QQ群 - 34064264, 56918155
為所有愛我的人和我愛的人努力!
*/
#include "stdafx.h"
#include "Thunk.h"
void* Thunk::Thiscall(void* pThis, unsigned long MemberFxnAddr)
{
// Encoded machine instruction Equivalent assembly languate notation
// --------------------------- -------------------------------------
// B9 ?? ?? ?? ?? mov ecx, pThis ; Load ecx with this pointer
// E9 ?? ?? ?? ?? jmp target addr ; Jump to target message handler
// unsigned long JmpAddr = MemberFxnAddr - (unsigned long) &m_ThiscallCode - sizeof(m_ThiscallCode);
// m_ThiscallCode[0] = 0xB9;
// m_ThiscallCode[5] = 0xE9;
// *((unsigned long *) &m_ThiscallCode[1]) = (unsigned long) pThis;
// *((unsigned long *) &m_ThiscallCode[6]) = JmpAddr;
//
// return (void*)m_ThiscallCode;
m_THISCALL.Mov = 0xB9;
m_THISCALL.This = (unsigned long) pThis;
m_THISCALL.Jmp = 0xE9;
m_THISCALL.Adrr = MemberFxnAddr - (unsigned long)&m_THISCALL - sizeof(THUNK_THISCALL);
return (void*)(&m_THISCALL);
}
void* Thunk::Stdcall(void* pThis, unsigned long MemberFxnAddr)
{
// Encoded machine instruction Equivalent assembly languate notation
// --------------------------- -------------------------------------
// FF 34 24 push dword ptr [esp] ; Save (or duplicate)
// ; the return Address into stack
// C7 44 24 04 ?? ?? ?? ?? mov dword ptr [esp+4], pThis ; Overwite the old;
// ; Return Address with 'this pointer'
// E9 ?? ?? ?? ?? jmp target addr ; Jump to target message handler
// unsigned long JmpAddr = MemberFxnAddr - (unsigned long) &m_StdcallCode - sizeof(m_StdcallCode);
// m_StdcallCode[11] = 0xE9;
// *((unsigned long *) &m_StdcallCode[ 0]) = 0x002434FF;
// *((unsigned long *) &m_StdcallCode[ 3]) = 0x042444C7;
// *((unsigned long *) &m_StdcallCode[ 7]) = (unsigned long) pThis;
// *((unsigned long *) &m_StdcallCode[12]) = JmpAddr;
//
// return (void*)m_StdcallCode;
m_STDCALL.Push[0] = 0xFF;
m_STDCALL.Push[1] = 0x34;
m_STDCALL.Push[2] = 0x24;
m_STDCALL.Move = 0x042444C7;
m_STDCALL.This = (unsigned long) pThis;
m_STDCALL.Jmp = 0xE9;
m_STDCALL.Adrr = MemberFxnAddr - (unsigned long)&m_STDCALL - sizeof(THUNK_STDCALL);
return (void*)(&m_STDCALL);
}
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -