给定一个函数的地址,如何确定它的签名?
DWORD funcAddr = 0x63001023; // arbitrary address
char[MAX] signature = ? // what algorithm can be devised?
原因如下:
there is a exe say Calc.exe, once the process starts on pc "A" my exe intercepts the creation of process and sends the signal to pc"B" where the same calc.exe starts. then the users presses the digits every click, movement, internal process of suppose addition is passed on from pc"A" to pc"B" where it is getting virtualized. so all resources to manipulate the function arguments are present on pc"B", all i need is a perfect signature...... so even the fundamentally dangerous activity of hooking unknown dll becomes "kind-of" safe...
请不要建议任何第三方图书馆。
答案 0 :(得分:1)
答案 1 :(得分:1)
嗯,首先要做的事情 - 这并不容易。你可能会放弃。
您需要使用DbgHelp functions,尤其是符号处理程序。 您需要识别它所采用的调用约定,参数和返回类型。需要担心它需要的类型(UDF)。然后创建这些类型,将它们传递给函数,并使用适当的调用约定调用该函数。
RunDLL32.EXE是加载函数,查找函数,其类型并组成调用的工具之一。尝试在命令提示符下运行以下命令:
rundll32 user32.dll LockWorkStation
阅读一些有关API挂钩的文章,特别是来自Jeffery Ritcher的文章。