本文介绍了挂钩/绕道虚拟功能的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一直试图在类对象中正确钩住/绕行虚拟函数,并且在调用另一个函数方面已经取得了成功,但是对于this关键字传递给该函数.

I've been trying to properly hook/detour a virtual function in a class object, and I've had success in terms of having a different function called, but I must be doing something that's incorrect in terms of how the this keyword is passed to the function.

我读了一篇有关以类似方式钩住D3D函数的文章,并且提到编译器会将诸如int Class::method(int)之类的函数转换为int method(Class* this, int),但是如果我将vtable中的地址替换为如此定义,"this"的地址不正确,因此可能不正确.

I read an article about hooking D3D functions in a similar fashion, and it mentioned that the compiler will turn a function such as int Class::method(int) into int method(Class* this, int), but if I replace the address in the vtable with a function that is defined as such, the address for 'this' is incorrect, so that's probably not right.

编译器如何布置成员函数,并且有可能以非成员函数形式表示它,以便我可以将vtable中的地址设置为此类函数并能够引用适当的对象?

How are member functions laid out by the compiler, and is it possible to represent it in non-member-function form so that I can set the address in the vtable to such a function and be able to refer to the appropriate object?

推荐答案

您需要将函数定义为.它通过ecx寄存器上的this.完成此操作的方法是,该函数在堆栈上期望this并读取错误的值,该值可能属于另一个参数.

You need to define your function as thiscall. It passes this on the ecx register. The way you've done it, the function was expecting this on the stack and reading the wrong value which probably belonged to another argument.

这篇关于挂钩/绕道虚拟功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 11:40