问题描述
我一直试图在类对象中正确钩住/绕行虚拟函数,并且在调用另一个函数方面已经取得了成功,但是对于this
关键字传递给该函数.
I've been trying to properly hook/detour a virtual function in a class object, and I've had success in terms of having a different function called, but I must be doing something that's incorrect in terms of how the this
keyword is passed to the function.
我读了一篇有关以类似方式钩住D3D函数的文章,并且提到编译器会将诸如int Class::method(int)
之类的函数转换为int method(Class* this, int)
,但是如果我将vtable中的地址替换为如此定义,"this"的地址不正确,因此可能不正确.
I read an article about hooking D3D functions in a similar fashion, and it mentioned that the compiler will turn a function such as int Class::method(int)
into int method(Class* this, int)
, but if I replace the address in the vtable with a function that is defined as such, the address for 'this' is incorrect, so that's probably not right.
编译器如何布置成员函数,并且有可能以非成员函数形式表示它,以便我可以将vtable中的地址设置为此类函数并能够引用适当的对象?
How are member functions laid out by the compiler, and is it possible to represent it in non-member-function form so that I can set the address in the vtable to such a function and be able to refer to the appropriate object?
推荐答案
您需要将函数定义为.它通过ecx
寄存器上的this
.完成此操作的方法是,该函数在堆栈上期望this
并读取错误的值,该值可能属于另一个参数.
You need to define your function as thiscall. It passes this
on the ecx
register. The way you've done it, the function was expecting this
on the stack and reading the wrong value which probably belonged to another argument.
这篇关于挂钩/绕道虚拟功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!