Fatal编程技术网
  • winapi/
  • Winapi 将引用对象从win32 dll传递到mfc dll

Winapi 将引用对象从win32 dll传递到mfc dll

winapi visual-c++ mfc

Winapi 将引用对象从win32 dll传递到mfc dll,winapi,visual-c++,mfc,hook,Winapi,Visual C++,Mfc,Hook,我已经用裸函数钩住了一个导出的MFC DLL函数 裸函数的定义如下: __declspec(naked) static void __cdecl GenericHook(void* __this,class CScrollViewAccess* objParam1, class CRect& objParam2,unsigned int iParam1, unsigned long iParam2, char* szParam1, void* vParam1, class CFont* objP

我已经用裸函数钩住了一个导出的MFC DLL函数

裸函数的定义如下:

__declspec(naked) static void __cdecl GenericHook(void* __this,class CScrollViewAccess* objParam1, class CRect& objParam2,unsigned int iParam1, unsigned long iParam2, char* szParam1, void* vParam1, class CFont* objParam3,class CFont* objParam4, class CBrush* objParam5) { /*function body start*/ __asm pushad; /* first "argument", which is also used to store registers */ __asm push ecx; /* padding so that ebp+8 refers to the first "argument" */ /* set up standard prologue */ __asm push ebp; __asm mov ebp, esp; __asm sub esp, __LOCAL_SIZE; if(flg == false) { //RECT* rct = reinterpret_cast(&objParam2); hInst = LoadLibrary("C:\\Sample.dll"); /// MFC Dll funcPTR = (CMYCLASS_)(((int)hInst)+((int)0x00001032)); funcPTR(__this,objParam2); /* standard epilogue */ __asm mov esp, ebp; __asm pop ebp; __asm pop ecx; /* clear padding */ __asm popad; /* clear first "argument" */ __asm jmp [Trampoline]; } /*function body end*/ __declspec(裸体) 静态void uu cdecl GenericHook(void*u this,类CScrollViewAccess*objParam1,类CRect&objParam2,无符号int-iParam1,无符号long-iParam2,char*szParam1, 无效*vParam1,CFont*objParam3类,CFont*objParam4类, 类CBrush*objParam5) {/*函数体开始*/ __asm pushad;/*第一个“参数”,也用于存储寄存器*/ __asm push ecx;/*填充,以便ebp+8引用第一个“参数”*/ /*建立标准开场白*/ __asm-push-ebp; __asm mov ebp,esp; __asm子esp,本地大小; 如果(flg==false) { //RECT*rct=重新解释铸件(&objParam2); hInst=LoadLibrary(“C:\\Sample.dll”);///MFC dll funcPTR=(CMYCLASS_u2;)((int)hInst)+(int)0x00001032); funcPTR(u_this,objParam2); /*标准尾声*/ __asm mov esp、ebp; __asm-pop-ebp; __asm pop ecx;/*清除填充*/ __asm popad;/*清除第一个“参数”*/ __asm jmp[蹦床]; } /*功能体端*/ Mfc dll具有以下功能:

void CMyClass::returnRect(class CRect& objParam) { int width = objParam.Width(); int height = objParam.Height(); CPoint pt = objParam.TopLeft(); FILE* fp; char szEnter[6] = {13,0,10,0,0,0}; fp = fopen("c:\\LogFolder\\log.txt","ab+"); fprintf(fp,"Width: %d Height: %d X co-ord: %d Y co-ord: %d\n%s",width,height,pt.x,pt.y,szEnter); fclose(fp); } void CMyClass::returnRect(类正确和对象参数) { int width=objParam.width(); int height=objParam.height(); CPoint pt=objParam.TopLeft(); 文件*fp; char szEnter[6]={13,0,10,0,0}; fp=fopen(“c:\\LogFolder\\log.txt”,“ab+”; fprintf(fp,“宽度:%d高度:%d X合作订单:%d Y合作订单:%d\n%s”,宽度,高度,pt.X,pt.Y,szEnter); fclose(fp); } 将正确参数传递到MFC DLL后,记录的值是错误的

如何处理引用对象?

我已经解决了这个挂钩问题,如下所示:

extern "C" __declspec(naked) __declspec(dllexport) void __stdcall GenericHook() { /*function body start*/ /* set up standard prologue */ __asm push ebp; __asm mov ebp, esp; __asm pushad; // __asm sub esp, __LOCAL_SIZE; // Grow stack size __asm mov eax,[ebp+4]; //Return Address __asm mov objParam1,eax; __asm mov eax,DWORD ptr[ebp+8]; //arg1 __asm mov objParam2,eax; __asm mov eax,DWORD ptr[ebp+12]; //arg2 __asm mov objParam3,eax; __asm mov eax,DWORD ptr[ebp+16]; //arg3 __asm mov objParam4,eax; __asm mov eax,DWORD ptr[ebp+20]; //arg4 __asm mov objParam5,eax; /*-------------PROCESSING START---------------------*/ fp = fopen("c:\\LogFolder\\log.txt","ab+"); fprintf(fp,"arg1: %lu~arg2: %lu~arg3: %lu~arg4: %lu~ar5: %lu\n",objParam1,objParam2,objParam3,objParam4,objParam5); fprintf(fp,"==========================================================================\n\n"); fclose(fp); /*-------------PROCESSING END-----------------------*/ /* standard epilogue __asm add esp, __LOCAL_SIZE;*/ __asm popad; __asm mov esp, ebp; __asm pop ebp; __asm jmp [Trampoline]; } 外部“C”\uuuuudeclspec(裸体)\uuuuudeclspec(dllexport)void\uuuuuuuuu stdcall GenericHook() {/*函数体开始*/ /*建立标准开场白*/ __asm-push-ebp; __asm mov ebp,esp; __asm-pushad; //\uuuASM子esp,\uuuuu LOCAL\u SIZE;//增加堆栈大小 __asm mov eax[ebp+4];//返回地址 __asm mov objParam1,eax; __asm mov eax,DWORD ptr[ebp+8];//arg1 __asm mov objParam2,eax; __asm mov eax,DWORD ptr[ebp+12];//arg2 __asm mov objParam3,eax; __asm mov eax,DWORD ptr[ebp+16];//arg3 __asm mov objParam4,eax; __asm mov eax,DWORD ptr[ebp+20];//arg4 __asm mov objParam5,eax; /*-------------处理开始---------------------*/ fp=fopen(“c:\\LogFolder\\log.txt”,“ab+”; fprintf(fp,“arg1:%lu~arg2:%lu~arg3:%lu~arg4:%lu~ar5:%lu\n”,objParam1、objParam2、objParam3、objParam4、objParam5); fprintf(fp,“====================================================================================================================================================\n\n”); fclose(fp); /*-------------处理端-----------------------*/ /*标准尾声 __asm添加esp,本地大小*/ __asm-popad; __asm mov esp、ebp; __asm-pop-ebp; __asm jmp[蹦床]; }
How
CMYCLASS\uu
(我想它是指向函数的指针)是否定义了?是的,它是指向函数的指针returnRect的调用类型是什么?如果是u thiscall,则在ecx中传递,而不是在堆栈上。@TheSteve:正确,调用约定是u stdcall。是否可以使用调试器并在returnRect中设置断点。我还建议使用ollydbg逐步遍历生成的assember代码位对于记录,在assember级别传递一个correct&和一个correct*应该是相同的。