|
|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
VOID Recoveryhook(PVOID address,PUCHAR code,ULONG codelenth)
{
__asm
{
cli
mov eax, cr0
and eax,not 0x10000
mov cr0,eax
}
RtlCopyMemory(address,code,codelenth);
__asm
{
mov eax ,cr0
or eax, 0x10000
mov cr0,eax
sti
}
}
VOID HOOK(PVOID addres ,ULONG Funaddr,PUCHAR presecode, ULONG presecodelength)
{
KdBreakPoint();
PULONG pcode ;
UCHAR JmpCode[] = {0xe9,0x00,0x00,0x00,0x00}; //jmp到你要跳到的地址
RtlCopyMemory(presecode,addres, presecodelength);//参数1保存以前的代码
presecode [presecodelength] = 0xe9;
pcode = (PULONG)((ULONG)presecode + presecodelength +1);
*pcode = (ULONG)addres - (ULONG)presecode - 5;
pcode = (PULONG)((ULONG )JmpCode +1);
*pcode =(ULONG)Funaddr - (ULONG)addres - 5; //跳Funaddr
Recoveryhook(addres,JmpCode,5); //将jmpcode的值赋值到addr中去 5个字节
}
|
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2013-10-19 20:24:50
置顶卡
千斤顶
显身卡