程序很简单,装载一个DLL,调用DLL内的函数,完成后退出.
DLL是某壳的加壳接口,装载了一个PE文件.
关键错误代码如下:
DWORD GetFuncRVA(void* FuncName)
{
void *_tempFuncName=FuncName;
char *ptempFuncName=PCHAR(_tempFuncName);
DWORD _jmpdwRVA,dwRVA;
CopyMemory(&_jmpdwRVA,ptempFuncName+1,4);
dwRVA=DWORD(ptempFuncName)+_jmpdwRVA+5;
return(dwRVA);
}
DWORD GetFuncSize(void* FuncName)
{
DWORD dwRVA=GetFuncRVA(FuncName);
char* pFuncBody=PCHAR(dwRVA);
UCHAR _temp;
bool notEnd=TRUE;
char *DepackerCodeEnd=new TCHAR[10];
DWORD l=0;
do
{
CopyMemory(&_temp,pFuncBody+l,1);//此处执行后出错
if(_temp==0xC3)
{
CopyMemory(DepackerCodeEnd,pFuncBody+l+0x01,10);
DepackerCodeEnd[9]=0x00;
if(strcmp(DepackerCodeEnd,"EPRTBYJHK")==0)
{
notEnd=FALSE;
}
}
l++;
}while(notEnd);
return(l);
}
请有知者赐教,不胜感谢!
DLL是某壳的加壳接口,装载了一个PE文件.
关键错误代码如下:
DWORD GetFuncRVA(void* FuncName)
{
void *_tempFuncName=FuncName;
char *ptempFuncName=PCHAR(_tempFuncName);
DWORD _jmpdwRVA,dwRVA;
CopyMemory(&_jmpdwRVA,ptempFuncName+1,4);
dwRVA=DWORD(ptempFuncName)+_jmpdwRVA+5;
return(dwRVA);
}
DWORD GetFuncSize(void* FuncName)
{
DWORD dwRVA=GetFuncRVA(FuncName);
char* pFuncBody=PCHAR(dwRVA);
UCHAR _temp;
bool notEnd=TRUE;
char *DepackerCodeEnd=new TCHAR[10];
DWORD l=0;
do
{
CopyMemory(&_temp,pFuncBody+l,1);//此处执行后出错
if(_temp==0xC3)
{
CopyMemory(DepackerCodeEnd,pFuncBody+l+0x01,10);
DepackerCodeEnd[9]=0x00;
if(strcmp(DepackerCodeEnd,"EPRTBYJHK")==0)
{
notEnd=FALSE;
}
}
l++;
}while(notEnd);
return(l);
}
请有知者赐教,不胜感谢!
VC的Debugger用不习惯= =