恢复Inline Hook的代码怎么翻译？

乔丹二世 · 发表于 2010-6-28 00:47:51

本帖最后由乔丹二世于 2010-6-28 00:54 编辑

原贴：http://www.m5home.com/bbs/redirect.php?goto=findpost&ptid=3752&pid=18588&fromuid=4282
关于重定位的翻译不正确，高手看看怎么回事？memcpy就是RtlMoveMemory。

Public Function Reloc(ByVal lpBase As Long, ByVal VirtualAddress As Long) As Boolean
'ULONG Reloc(ULONG lpBase, ULONG VirtualAddress )
'{
' PIMAGE_DOS_HEADER pDosHeader;
' PIMAGE_NT_HEADERS pNtHeader;
' PIMAGE_BASE_RELOCATION pRelocTable;
' ULONG i,dwOldProtect;
Dim DosHeader As IMAGE_DOS_HEADER
Dim NtHeader As IMAGE_NT_HEADERS
Dim RelocTable As IMAGE_BASE_RELOCATION
Dim pDosHeader, pNtHeader, pRelocTable, I, dwOldProtect As Long
' pDosHeader = (PIMAGE_DOS_HEADER)lpBase;
pDosHeader = lpBase
' if ( pDosHeader->e_magic != IMAGE_DOS_SIGNATURE )
' return 0;
memcpy VarPtr(DosHeader), pDosHeader, LenB(DosHeader)
If DosHeader.Magic <> IMAGE_DOS_SIGNATURE Then
Reloc = False
Exit Function
End If
' pNtHeader =(PIMAGE_NT_HEADERS)( (ULONG)lpBase + pDosHeader->e_lfanew );
pNtHeader = UAdd(lpBase, DosHeader.lfanew)
memcpy VarPtr(NtHeader), pNtHeader, LenB(NtHeader)
' if (pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size)
' {
If (NtHeader.OptionalHeader.DataEntries(IMAGE_DIRECTORY_ENTRY_BASERELOC).DataSize) Then
' pRelocTable=(PIMAGE_BASE_RELOCATION)((ULONG)lpBase + pNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
pRelocTable = UAdd(lpBase, NtHeader.OptionalHeader.DataEntries(IMAGE_DIRECTORY_ENTRY_BASERELOC).DataRVA)
memcpy VarPtr(RelocTable), pRelocTable, LenB(RelocTable)
' Do
Do
' {
' ULONG numofReloc=(pRelocTable->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;
Dim numofReloc As Long: numofReloc = (USub(RelocTable.SizeOfBlock, 8)) / 2
' SHORT minioffset=0;
Dim minioffset As Integer: minioffset = 0
' PUSHORT pRelocData=(PUSHORT)((ULONG)pRelocTable+sizeof(IMAGE_BASE_RELOCATION));
Dim pRelocData As Long: pRelocData = UAdd(pRelocTable, 8)
' for (i=0;i<numofReloc;i++)
For I = 0 To numofReloc - 1 Step 1
' {
' PULONG RelocAddress;
Dim RelocAddress As Long
' if (((*pRelocData)>>12)==IMAGE_REL_BASED_HIGHLOW)
If (IntFromPtr(pRelocData) \ (2 ^ 12) = IMAGE_REL_BASED_HIGHLOW) Then
' {
' minioffset=(*pRelocData)&0xFFF;
minioffset = IntFromPtr(pRelocData) And &HFFF
' RelocAddress=(PULONG)(lpBase+pRelocTable->VirtualAddress+minioffset);
RelocAddress = UAdd(UAdd(lpBase, RelocTable.VirtualAddress), minioffset)
' VirtualProtect((PVOID)RelocAddress, 4, PAGE_EXECUTE_READWRITE, &dwOldProtect);
Call VirtualProtect(RelocAddress, 4, PAGE_EXECUTE_READWRITE, VarPtr(dwOldProtect))
' *RelocAddress=*RelocAddress+VirtualAddress-pNtHeader->OptionalHeader.ImageBase;
memcpy RelocAddress, USub(UAdd(LngFromPtr(RelocAddress), VirtualAddress), NtHeader.OptionalHeader.ImageBase), 4
' VirtualProtect((PVOID)RelocAddress, 4, dwOldProtect, NULL);
Call VirtualProtect(RelocAddress, 4, dwOldProtect, 0)
' }
End If
' pRelocData++;
pRelocData = UAdd(pRelocData, 1)
' }
Next
' pRelocTable=(PIMAGE_BASE_RELOCATION)((ULONG)pRelocTable+pRelocTable->SizeOfBlock);
pRelocTable = UAdd(pRelocTable, RelocTable.SizeOfBlock)
' }while (pRelocTable->VirtualAddress);
Loop While (RelocTable.VirtualAddress)
' return TRUE;
Reloc = True
Exit Function
' }
End If
' return FALSE;
Reloc = False
Exit Function
'}
End Function

复制代码

乔丹二世 · 发表于 2010-6-28 00:48:57

本帖最后由乔丹二世于 2010-6-28 00:53 编辑

把LenB改成Len也不正确。
另：网上找到的UADD、USUB函数：

Private Const MaxInt32 As Long = &H7FFFFFFF
Private Const MinInt32 As Long = &H80000000
Public Function UAdd(ByVal a As Long, ByVal b As Long) As Long
UAdd = ((a And MaxInt32) + ((b And MaxInt32) Or MinInt32)) Xor (a And MinInt32) Xor (b And MinInt32) Xor MinInt32
End Function
Public Function USub(ByVal a As Long, ByVal b As Long) As Long
USub = ((a And MaxInt32) - (b And MaxInt32)) Xor (a And MinInt32) Xor (b And MinInt32)
End Function