堆栈内存溢出
  简体   繁体   English

如何找到自定义函数的地址以在另一个正在运行的进程中进行挂接/绕行?

[英]How to find a custom function's address to hook/detour in another running process?

 原文  2014-06-23 05:22:19       c++/ c/ windows/ assembly/ hook

问题描述

Related to: How to find a functions address to hook/detour in an EXE file? 相关信息: 如何在EXE文件中查找要挂接/绕行的函数地址?

I have to detour a function defined inside the executable I'm injecting my code into. 我必须绕过将代码注入其中的可执行文件中定义的函数。 The application is Open-Source so I know everything about the function I'd need for hooking it. 该应用程序是开源的,因此我了解钩住该功能所需要的一切。

In the accepted answer to that question, it says to hook some low level windows api functions first to get the address of the actual function I want to hook, question is, which windows API function should I hook? 在该问题的公认答案中,它说首先钩住一些底层Windows api函数以获得我想钩住的实际函数的地址,问题是,我应该钩住哪个Windows API函数?

1 个解决方案

解决方案1
 1  2014-06-23 06:10:09

Choose an API inside your target EXE that get called first when it runs. 在目标EXE中选择一个在运行时首先被调用的API。 Load it to OllyDbg and trace until you find one. 将其加载到OllyDbg并进行跟踪,直到找到一个。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在EXE文件中找到挂钩/绕行的函数地址? - How to find a functions address to hook/detour in an EXE file? 如何在运行的进程中查找函数指针的地址? - How to find address of function pointers in a running process? 绕行提示到自定义功能 - Detour cout to custom function 如何绕过 Linux 上的 function? - How to detour a function on Linux? Microsoft Detour - 使用汇编程序“调用”指令挂钩 Function - Microsoft Detour - Hook Function with an assembler “call” instruction 如何从同一个进程中挂钩一个函数并获取调用者函数的地址? - How to hook a function from the same process and get the address of the caller function? 如何正确使用C ++中的Detour库来实现具有已知内存地址的函数的简单钩子? - How to use the Detour library in C++ properly for a simple hook of a function with known memory adress? WSARecv弯路钩隐窝 - WSARecv Detour hook crypt Linux Ubuntu下的Detour功能 - Detour function under Linux Ubuntu 试图了解绕道(钩)function - Trying to understand a detour (hooking) function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM