0
使用Microsoft Detours时出现访问冲突时遇到问题。我制作了一个加载到第三方应用程序的dll。我正在使用走弯路一个未公开的函数国际开发协会专业显示为trampiline功能:使用Microsoft Detours时出现访问冲突
void __thiscall sub_6142E0(int a2, int a3)
我的代码如下所示: 的#include “stdafx.h中” 的#include 的#include
typedef void(__stdcall* pFunc)(int d1, int d2);
pFunc FuncToDetour = (pFunc)(0x6142EC);
void MyFunc(int d1, int d2)//Function does not mach call convension __thiscall. Possible problem?
{
printf("a2 %i, a1 %i);\n", d1, d2);
FuncToDetour(d1, d2);
}
void Init()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)FuncToDetour, MyFunc);
DetourTransactionCommit();
}
我想拦截功能的原装配是这样的:
sub_6142E0 proc near
arg_0= dword ptr 8
arg_4= dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ecx+8]
mov ecx, [ebp+arg_4]
mov edx, [ebp+arg_0]
的变化弯路做的结果是:
.text:006142EC jmp near ptr unk_F9C6802
...
d3d9.dll:0F9C6802 jmp near ptr unk_F9D5FE0 //jump to function in my dll
...
void MyFunc(int d1, int d2)//my function
{
printf("updateHealth(%i, %i);\n", d1, d2);
}
...
Stack[00004A8C]:0019FB4C sub ah, bh
Stack[00004A8C]:0019FB4E sbb [eax], eax //eax=0x491B -> access violation
Stack[00004A8C]:0019FB50 cmc
Stack[00004A8C]:0019FB51 inc si
Stack[00004A8C]:0019FB53 add [eax], dl
Stack[00004A8C]:0019FB55 add [eax], eax
Stack[00004A8C]:0019FB57 add [eax+80019FDh], cl
Stack[00004A8C]:0019FB5D add byte_19FC6415[eax], dh
Stack[00004A8C]:0019FB5D ; -------------------------------------------------
该错误消息我得到的是:
The instruction 0x19FB4E referenced memory at 0x491B. The memory could not be written -> 0000491B (exc.code c0000005, tid 19084)