|
阅读:1977回复:1
关于在网上找的那份代码ndis-hook框架是不是有错啊
最近学习这方面的知识,顺便看了下。加点注释
在HOOK -protocol的时候。作者用的好像是直接换protocol_block表指针。网上不是有文章说“回调的时候并非从这里取指针,而是从open_block中取。 所以说替换这个表的函数指针没用,替换open_block的才有用。 。所以我觉得作者的HookNdisFunc函数有点问题。 不知道理解对不对 pHookContext->code1_0x58 = 0x58; pHookContext->code2_0x68 = 0x68; pHookContext->code3_0x50 = 0x50; pHookContext->code4_0xE9 = 0xE9; pHookContext->m_pHookContext = pHookContext; //放自己的地址 pHookContext->m_pHookProcOffset = ((udword)pHookProc) - (((udword)&pHookContext->m_pHookProcOffset) + sizeof(udword)); pHookContext->m_pBindAdaptHandle = pBindAdaptHandle; pHookContext->m_pProtocolContent = pProtocolContent; pHookContext->m_pOriginalProc = OrgFunc;//ppOrigProc[0]; pHookContext->m_ppOriginPtr = ppOrigProc; pHookContext->m_pHookProc = pHookProc; pHookContext->m_pHookNext = m_pOurAllOfHookContext; m_pOurAllOfHookContext = pHookContext; //链入总链表,并且问题链在链头 ppOrigProc[0] = pHookContext; return pHookContext; |
|
|
沙发#
发布于:2010-05-02 14:42
怎么没人说句话
|
|