假設我有一個數組,存儲了加法函數的二進制代碼(硬編碼)
加法函數
int __cdecl Plus(int x, int y)
{
return x + y;
}
硬編碼數組
// Plus 的硬編碼
unsigned char code[] =
{
0x55,
0x8B,0xEC,
0x81,0xEC,0xC0,0x00,0x00,0x00,
0x53,
0x56,
0x57,
0x8D,0xBD,0x40,0xFF,0xFF,0xFF,
0xB9,0x30,0x00,0x00,0x00,
0xB8,0xCC,0xCC,0xCC,0xCC,
0xF3,0xAB,
0xB9,0x03,0xC0,0x82,0x00,
//0xE8,0xF5,0xFA,0xFF,0xFF, //檢測堆棧平衡的函數
0x8B,0x45,0x08,
0x03,0x45,0x0C,
0x5F,
0x5E,
0x5B,
0x81,0xC4,0xC0,0x00,0x00,0x00,
0x3B,0xEC,
//0xE8,0xC9,0xFA,0xFF,0xFF,
0x8B,0xE5,
0x5D,
0xC3
};
直接用函數指針指向數組是不能調用的,因爲數組所在的數據區沒有執行權限。
所以需要申請一塊可執行的內存,把硬編碼複製過去,方可調用。
int main(int argc, char *argv[])
{
LPVOID pAdd = VirtualAlloc(NULL, sizeof(code), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(pAdd, code, sizeof(code));
int(__cdecl *Add)(int, int) = (int(__cdecl *)(int, int)) pAdd;
int x = Add(1, 3);
printf("%d\n", x);
return 0;
}
