下面的写法...API进入Jump到我的Function后
我在去call WS2_32_connect
但是 WS2_32_connect 又被我 Jump 回去原本 API的位子
造成无穷回圈...
请问有人知道如何不将原本的函数位址写回去
直接将函数接回原本的API吗?
不论我怎么改..都会出现系统错误...//程式码
Connect_FunAddr[i] = (ULONG)GetProcAddress(LoadLibrary(DllName[i]), "connect");
memcpy(Connect_OldCode[i], (void *)Connect_FunAddr[i], 5);
Connect_NewCode[i][0] = 0xe9;
JmpAddr = (ULONG)WS2_32_connect_Hook - Connect_FunAddr[i] - 5;
memcpy(&Connect_NewCode[i][1], &JmpAddr, 4);
WriteProcessMemory(hProcess, (void *)Connect_FunAddr[i], Connect_NewCode[i], 5, 0); Connect_SubAddr[i] = (ULONG)WS2_32_connect;
Connect_NewCode[i][0] = 0xe9;
JmpAddr = Connect_FunAddr[i] - Connect_SubAddr[i] - 5;
memcpy(&Connect_NewCode[i][1], &JmpAddr, 4);
WriteProcessMemory(hProcess, (void *)Connect_SubAddr[i], Connect_NewCode[i], 5, 0);
int WINAPI WS2_32_connect_Hook(SOCKET s, struct sockaddr *name,int namelen,int mClass)
{
struct sockaddr_in *paddr = (struct sockaddr_in *)name; char *cp = inet_ntoa(paddr->sin_addr);
int port = ntohs(paddr->sin_port);
FILE *tempoutb = fopen("C:\\Connect.txt","at");
fprintf(tempoutb,"IP = %s , %d , %d\n",cp,port,s);
fclose(tempoutb);
return WS2_32_connect(s, name, namelen);}int WINAPI WS2_32_connect(SOCKET s, struct sockaddr *name,int namelen)
{
return 0;
}
我在去call WS2_32_connect
但是 WS2_32_connect 又被我 Jump 回去原本 API的位子
造成无穷回圈...
请问有人知道如何不将原本的函数位址写回去
直接将函数接回原本的API吗?
不论我怎么改..都会出现系统错误...//程式码
Connect_FunAddr[i] = (ULONG)GetProcAddress(LoadLibrary(DllName[i]), "connect");
memcpy(Connect_OldCode[i], (void *)Connect_FunAddr[i], 5);
Connect_NewCode[i][0] = 0xe9;
JmpAddr = (ULONG)WS2_32_connect_Hook - Connect_FunAddr[i] - 5;
memcpy(&Connect_NewCode[i][1], &JmpAddr, 4);
WriteProcessMemory(hProcess, (void *)Connect_FunAddr[i], Connect_NewCode[i], 5, 0); Connect_SubAddr[i] = (ULONG)WS2_32_connect;
Connect_NewCode[i][0] = 0xe9;
JmpAddr = Connect_FunAddr[i] - Connect_SubAddr[i] - 5;
memcpy(&Connect_NewCode[i][1], &JmpAddr, 4);
WriteProcessMemory(hProcess, (void *)Connect_SubAddr[i], Connect_NewCode[i], 5, 0);
int WINAPI WS2_32_connect_Hook(SOCKET s, struct sockaddr *name,int namelen,int mClass)
{
struct sockaddr_in *paddr = (struct sockaddr_in *)name; char *cp = inet_ntoa(paddr->sin_addr);
int port = ntohs(paddr->sin_port);
FILE *tempoutb = fopen("C:\\Connect.txt","at");
fprintf(tempoutb,"IP = %s , %d , %d\n",cp,port,s);
fclose(tempoutb);
return WS2_32_connect(s, name, namelen);}int WINAPI WS2_32_connect(SOCKET s, struct sockaddr *name,int namelen)
{
return 0;
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货