恢复Inline Hook的代码怎么翻译?
本帖最后由 乔丹二世 于 2010-6-28 00:54 编辑原贴:http://www.m5home.com/bbs/redirect.php?goto=findpost&ptid=3752&pid=18588&fromuid=4282
关于重定位的翻译不正确,高手看看怎么回事?memcpy就是RtlMoveMemory。
Public Function Reloc(ByVal lpBase As Long, ByVal VirtualAddress As Long) As Boolean
'ULONG Reloc(ULONG lpBase, ULONG VirtualAddress )
'{
' PIMAGE_DOS_HEADER pDosHeader;
' PIMAGE_NT_HEADERS pNtHeader;
' PIMAGE_BASE_RELOCATIONpRelocTable;
' ULONG i,dwOldProtect;
Dim DosHeader As IMAGE_DOS_HEADER
Dim NtHeader As IMAGE_NT_HEADERS
Dim RelocTable As IMAGE_BASE_RELOCATION
Dim pDosHeader, pNtHeader, pRelocTable, I, dwOldProtect As Long
' pDosHeader = (PIMAGE_DOS_HEADER)lpBase;
pDosHeader = lpBase
' if ( pDosHeader->e_magic != IMAGE_DOS_SIGNATURE )
' return 0;
memcpy VarPtr(DosHeader), pDosHeader, LenB(DosHeader)
If DosHeader.Magic <> IMAGE_DOS_SIGNATURE Then
Reloc = False
Exit Function
End If
' pNtHeader =(PIMAGE_NT_HEADERS)( (ULONG)lpBase + pDosHeader->e_lfanew );
pNtHeader = UAdd(lpBase, DosHeader.lfanew)
memcpy VarPtr(NtHeader), pNtHeader, LenB(NtHeader)
' if (pNtHeader->OptionalHeader.DataDirectory.Size)
' {
If (NtHeader.OptionalHeader.DataEntries(IMAGE_DIRECTORY_ENTRY_BASERELOC).DataSize) Then
' pRelocTable=(PIMAGE_BASE_RELOCATION)((ULONG)lpBase + pNtHeader->OptionalHeader.DataDirectory.VirtualAddress);
pRelocTable = UAdd(lpBase, NtHeader.OptionalHeader.DataEntries(IMAGE_DIRECTORY_ENTRY_BASERELOC).DataRVA)
memcpy VarPtr(RelocTable), pRelocTable, LenB(RelocTable)
' Do
Do
' {
' ULONG numofReloc=(pRelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;
Dim numofReloc As Long: numofReloc = (USub(RelocTable.SizeOfBlock, 8)) / 2
' SHORT minioffset=0;
Dim minioffset As Integer: minioffset = 0
' PUSHORT pRelocData=(PUSHORT)((ULONG)pRelocTable+sizeof(IMAGE_BASE_RELOCATION));
Dim pRelocData As Long: pRelocData = UAdd(pRelocTable, 8)
' for (i=0;i<numofReloc;i++)
For I = 0 To numofReloc - 1 Step 1
' {
' PULONG RelocAddress;
Dim RelocAddress As Long
' if (((*pRelocData)>>12)==IMAGE_REL_BASED_HIGHLOW)
If (IntFromPtr(pRelocData) \ (2 ^ 12) = IMAGE_REL_BASED_HIGHLOW) Then
' {
' minioffset=(*pRelocData)&0xFFF;
minioffset = IntFromPtr(pRelocData) And &HFFF
' RelocAddress=(PULONG)(lpBase+pRelocTable->VirtualAddress+minioffset);
RelocAddress = UAdd(UAdd(lpBase, RelocTable.VirtualAddress), minioffset)
' VirtualProtect((PVOID)RelocAddress, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
Call VirtualProtect(RelocAddress, 4, PAGE_EXECUTE_READWRITE, VarPtr(dwOldProtect))
' *RelocAddress=*RelocAddress+VirtualAddress-pNtHeader->OptionalHeader.ImageBase;
memcpy RelocAddress, USub(UAdd(LngFromPtr(RelocAddress), VirtualAddress), NtHeader.OptionalHeader.ImageBase), 4
' VirtualProtect((PVOID)RelocAddress, 4, dwOldProtect, NULL);
Call VirtualProtect(RelocAddress, 4, dwOldProtect, 0)
' }
End If
' pRelocData++;
pRelocData = UAdd(pRelocData, 1)
' }
Next
' pRelocTable=(PIMAGE_BASE_RELOCATION)((ULONG)pRelocTable+pRelocTable->SizeOfBlock);
pRelocTable = UAdd(pRelocTable, RelocTable.SizeOfBlock)
' }while (pRelocTable->VirtualAddress);
Loop While (RelocTable.VirtualAddress)
' return TRUE;
Reloc = True
Exit Function
' }
End If
' return FALSE;
Reloc = False
Exit Function
'}
End Function
本帖最后由 乔丹二世 于 2010-6-28 00:53 编辑
把LenB改成Len也不正确。
另:网上找到的UADD、USUB函数:
Private Const MaxInt32 As Long = &H7FFFFFFF
Private Const MinInt32 As Long = &H80000000
Public Function UAdd(ByVal a As Long, ByVal b As Long) As Long
UAdd = ((a And MaxInt32) + ((b And MaxInt32) Or MinInt32)) Xor (a And MinInt32) Xor (b And MinInt32) Xor MinInt32
End Function
Public Function USub(ByVal a As Long, ByVal b As Long) As Long
USub = ((a And MaxInt32) - (b And MaxInt32)) Xor (a And MinInt32) Xor (b And MinInt32)
End Function
我在网上找到的结构体:
Private Const FILE_MAP_READ = 4
Private Const PAGE_READONLY = &H2
Private Const IMAGE_REL_BASED_HIGHLOW = 3
Private Const IMAGE_DIRECTORY_ENTRY_BASERELOC = 5
Private Const PAGE_EXECUTE_READWRITE As Long = &H40
Private Const DONT_RESOLVE_DLL_REFERENCES As Long = &H1
Private Enum ImageSignatureTypes
IMAGE_DOS_SIGNATURE = &H5A4D ''\\ MZ
IMAGE_OS2_SIGNATURE = &H454E ''\\ NE
IMAGE_OS2_SIGNATURE_LE = &H454C''\\ LE
IMAGE_VXD_SIGNATURE = &H454C ''\\ LE
IMAGE_NT_SIGNATURE = &H4550 ''\\ PE00
End Enum
Private Type IMAGE_DOS_HEADER
Magic As Integer
cblp As Integer
cp As Integer
crlc As Integer
cparhdrAs Integer
minalloc As Integer
maxalloc As Integer
ss As Integer
sp As Integer
csum As Integer
ip As Integer
cs As Integer
lfarlc As Integer
ovno As Integer
res(3) As Integer
oemid As Integer
oeminfoAs Integer
res2(9)As Integer
lfanew As Long
End Type
Private Type IMAGE_FILE_HEADER
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOtionalHeaderAs Integer
Characteristics As Integer'±êÖ¾Dll
End Type
Private Type IMAGE_DATA_DIRECTORY
DataRVA As Long
DataSize As Long
End Type
Private Type IMAGE_OPTIONAL_HEADER
Magic As Integer
MajorLinkVer As Byte
MinorLinkVer As Byte
CodeSize As Long
InitDataSize As Long
unInitDataSize As Long
EntryPoint As Long
CodeBase As Long
DataBase As Long
ImageBase As Long
SectionAlignmentAs Long
FileAlignment As Long
MajorOSVer As Integer
MinorOSVer As Integer
MajorImageVer As Integer
MinorImageVer As Integer
MajorSSVer As Integer
MinorSSVer As Integer
Win32Ver As Long
ImageSize As Long
HeaderSize As Long
Checksum As Long
Subsystem As Integer
DLLChars As Integer
StackRes As Long
StackCommit As Long
HeapReserve As Long
HeapCommit As Long
LoaderFlags As Long
RVAsAndSizes As Long
DataEntries(15) As IMAGE_DATA_DIRECTORY
End Type
Private Type IMAGE_NT_HEADERS
Signature As Long
FileHeader As IMAGE_FILE_HEADER
OptionalHeader As IMAGE_OPTIONAL_HEADER
End Type
Private Type IMAGE_BASE_RELOCATION
VirtualAddress As Long
SizeOfBlock As Long
End Type
帮你顶顶.
现在可能都差不多睡了,再不然就是在准备看球........... 我只是想知道,到底哪里错了。。。
页:
[1]