C++ 钩住游戏的IAT功能
我在胡闹一些dll注入/挂钩。 我已经尝试在我自己的应用程序中挂接IAT的睡眠功能,它工作得非常好,但后来我尝试在一个电脑游戏中挂接IAT的睡眠功能,结果却失败了 由于我插入了一个dll,并从dll中钩住了可执行模块的IAT,因此我看不到错误(日志),但我将错误锁定到了这一部分,它在IAT上迭代:C++ 钩住游戏的IAT功能,c++,hook,portable-executable,C++,Hook,Portable Executable,我在胡闹一些dll注入/挂钩。 我已经尝试在我自己的应用程序中挂接IAT的睡眠功能,它工作得非常好,但后来我尝试在一个电脑游戏中挂接IAT的睡眠功能,结果却失败了 由于我插入了一个dll,并从dll中钩住了可执行模块的IAT,因此我看不到错误(日志),但我将错误锁定到了这一部分,它在IAT上迭代: while (impDesc->FirstThunk) { auto thunkData = getMemoryPointer<IMAGE_THUNK_DATA>((LPVO
while (impDesc->FirstThunk) {
auto thunkData = getMemoryPointer<IMAGE_THUNK_DATA>((LPVOID)(baseAddress + impDesc->OriginalFirstThunk));
int n = 0;
while (thunkData->u1.Function) {
char* importFuncName = getMemoryPointer<char>((LPVOID)(baseAddress + (DWORD)thunkData->u1.AddressOfData + 2)); //the function name is stored at .AddressOfData + 2
if (strcmp(importFuncName, funcName) == 0) {
auto vfTable = getMemoryPointer<DWORD>((LPVOID)(baseAddress + impDesc->FirstThunk));
DWORD original = vfTable[n];
auto oldProtection = protectMemory<DWORD>((LPVOID)&vfTable[n], PAGE_READWRITE);
vfTable[n] = newFunc;
protectMemory<DWORD>((LPVOID)&vfTable[n], oldProtection);
return original;
}
n++;
thunkData++;
}
impDesc++;
}
while(impDesc->FirstThunk){
auto-thunkData=getMemoryPointer((LPVOID)(baseAddress+impDesc->OriginalFirstThunk));
int n=0;
同时(thunkData->u1.函数){
char*importFuncName=getMemoryPointer((LPVOID)(baseAddress+(DWORD)thunkData->u1.AddressOfData+2));//函数名存储在.AddressOfData+2
if(strcmp(importFuncName,funcName)==0){
自动vfTable=getMemoryPointer((LPVOID)(baseAddress+impDesc->FirstThunk));
DWORD original=vfTable[n];
auto-oldProtection=protectMemory((LPVOID)&vfTable[n],页\读写);
vfTable[n]=newFunc;
protectMemory((LPVOID)和vfTable[n],oldProtection);
归还原件;
}
n++;
thunkData++;
}
impDesc++;
}
auto impDesc = getMemoryPointer<IMAGE_IMPORT_DESCRIPTOR>((LPVOID)(baseAddress + IAT.VirtualAddress));
auto-impDesc=getMemoryPointer((LPVOID)(基地址+IAT.VirtualAddress));
while (impDesc->FirstThunk) {
IMAGE_THUNK_DATA* thunkData = getMemoryPointer<IMAGE_THUNK_DATA>((LPVOID)(baseAddress + impDesc->OriginalFirstThunk));
int n = 0;
while (thunkData->u1.Function) {
if (IMAGE_SNAP_BY_ORDINAL(thunkData->u1.Function)) {
n++;
thunkData++;
continue;
}
auto importFuncName = getMemoryPointer<char>((LPVOID)(baseAddress + (DWORD)thunkData->u1.AddressOfData + 2)); //the function name is stored at .AddressOfData + 2
if (strcmp(importFuncName, funcName) == 0) {
auto vfTable = getMemoryPointer<DWORD>((LPVOID)(baseAddress + impDesc->FirstThunk));
DWORD original = vfTable[n];
auto oldProtection = protectMemory<DWORD>((LPVOID)&vfTable[n], PAGE_EXECUTE_READWRITE);
vfTable[n] = newFunc;
protectMemory<DWORD>((LPVOID)&vfTable[n], oldProtection);
return original;
}
n++;
thunkData++;
}
impDesc++;
}
while(impDesc->FirstThunk){
IMAGE_THUNK_DATA*thunkData=getMemoryPointer((LPVOID)(baseAddress+impDesc->OriginalFirstThunk));
int n=0;
同时(thunkData->u1.函数){
if(图像按顺序捕捉(thunkData->u1.Function)){
n++;
thunkData++;
继续;
}
auto-importFuncName=getMemoryPointer((LPVOID)(baseAddress+(DWORD)thunkData->u1.AddressOfData+2));//函数名存储在.AddressOfData+2
if(strcmp(importFuncName,funcName)==0){
自动vfTable=getMemoryPointer((LPVOID)(baseAddress+impDesc->FirstThunk));
DWORD original=vfTable[n];
auto-oldProtection=protectMemory((LPVOID)&vfTable[n],第页\u执行\u读写);
vfTable[n]=newFunc;
protectMemory((LPVOID)和vfTable[n],oldProtection);
归还原件;
}
n++;
thunkData++;
}
impDesc++;
}
auto oldProtection = protectMemory<DWORD>((LPVOID)&vfTable[n], PAGE_EXECUTE_READWRITE);
vfTable[n] = newFunc;
protectMemory<DWORD>((LPVOID)&vfTable[n], oldProtection);
auto-oldProtection=protectMemory((LPVOID)&vfTable[n],PAGE\u EXECUTE\u READWRITE);
vfTable[n]=newFunc;
protectMemory((LPVOID)和vfTable[n],oldProtection);
当我为自己的应用程序执行此操作时,它仍在工作8000000 e-这是顺序。函数可以按名称或顺序导入。你需要使用
如果(!IMAGE\u SNAP\u BY_ORDINAL(thunkData->u1.Function)){…}如果(!IMAGE\u SNAP\u BY_ORDINAL(thunkData->u1.Function)){…}