如何在内联汇编中修改/替换堆栈值?
[英]How can I modify/replace stack value in inline assembly?
问题描述
I'm trying to modify/replace the parameter value of a function. 
我正在尝试修改/替换函数的参数值。 Here's the stack and the highlighted location is the target. 这是堆栈,突出显示的位置是目标。
(esp + 8) ( struct sockaddr ) (esp + 8)( struct sockaddr )
I'm executing inline assembly with a hooked function. 我正在执行带有钩子函数的内联汇编。 Should I modify/replace the value once it is already on stack or before the params are even pushed? 一旦该值已经在堆栈上或什至没有推入参数,我是否应该修改/替换该值?
Anything I should be aware of? 我应该注意什么?
1 个解决方案
解决方案1
0 2017-05-10 13:49:34
If you're hooking a function, it means that your own function was called with the original parameters and you may forward these parameters (changed or not) to the original function at some point. 如果要钩住函数,则意味着使用原始参数调用了您自己的函数,并且您可能会在某些时候将这些参数(是否更改)转发给原始函数。 It's generally easier to change the parameters you receive without copying and pass them along. 通常,无需复制就可以轻松更改收到的参数,并将其传递。 If you're doing user-land to user-land or kernel-land to kernel-land hooking, then you may NOT want to touch the original process/kernel memory pointers - copy for safety. 如果您正在执行用户土地到用户土地或内核土地到内核土地的挂钩,那么您可能不想触摸原始进程/内核内存指针-为安全起见。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.