堆栈内存溢出
  简体   繁体   English

如何用Deviare写出结构领域?

[英]How to write to out structure's field with Deviare?

 原文  2016-09-21 00:56:19       c#/ hook/ deviare

问题描述

I can use Deviare to hook and intercept GetLocalTime function, but how can I change field's value of its out parameter, ie edit wYear in SYSTEMTIME ? 我可以使用Deviare挂钩并拦截GetLocalTime函数,但是如何更改字段out参数的值,即在SYSTEMTIME编辑wYear呢? Few snippets I could find use NktHookCallInfo.Result , unfortunately it's a void function and direct assignment to Field(0).Value does nothing. 我能找到的NktHookCallInfo.Result片段很少使用NktHookCallInfo.Result ,不幸的是它是一个void函数,直接分配给Field(0).Value没有作用。 

CreateHook("kernel32.dll!GetLocalTime", (int)eNktHookFlags.flgOnlyPostCall);


private static void OnFunctionCalled(NktHook hook, NktProcess process, NktHookCallInfo info)
{
    NktParamsEnum param = info.Params();
    NktParam value = param.First().Evaluate();

    for (int i = 0; i < 8; i++)
    {
        NktParam field = value.Field(i);
        Console.WriteLine("{0} {1} {2}", field.Name, field.TypeName, field.Value);
    }
}


void WINAPI GetLocalTime(
  _Out_ LPSYSTEMTIME lpSystemTime
);

typedef struct _SYSTEMTIME {
  WORD wYear;
  WORD wMonth;
  WORD wDayOfWeek;
  WORD wDay;
  WORD wHour;
  WORD wMinute;
  WORD wSecond;
  WORD wMilliseconds;
} SYSTEMTIME, *PSYSTEMTIME;

1 个解决方案

解决方案1
 0 已采纳  2016-09-21 14:29:32

基于评论的答案是:使用UShortVal

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用deviare进行系统调用计数 - How to make system calls counter using deviare Deviare2两次挂接WriteFile API,一次只能写一次 - Deviare2 hook WriteFile API twice for only one write 如何使用反射检测对象的字段是只读字段还是读写字段? - How to detect if an object's field is readonly or read/write, using reflection? 如何为层次结构编写QueryOver - How to write a QueryOver for a hierarchy structure 在字典TryGetValue中,如果它是类的一部分,如何写出out参数(并获取它的值)? - In a Dictionary TryGetValue, how do I write the out parameter (and get it's values) if it's part of a class? 如何为此数据结构编写linq查询 - How to write a linq query for this data structure 如何禁止对深层结构的写访问? - How to prohibit write access on a deep structure? SingleOrDefault,如何写出默认值? - SingleOrDefault, how to write out default? 如何打印树结构? - How do I print out a tree structure? 如何编写不带 out 参数的异步方法? - How to write an async method with out parameter?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM