win7x64inlinehook的尝试

系统教程500 更新时间：2025-09-08 03:46:35

2024年3月9日发(作者：)

//step 3: fill jmp code

tmpv = (UINT64)Proxy_ApiAddress;

memcpy(jmp_code + 6, &tmpv, 8);

//step 4: Fill NOP and hook

irql = WPOFFx64();

RtlFillMemory(ApiAddress, PatchSize, 0x90);

memcpy(ApiAddress, jmp_code, 14);

WPONx64(irql);

return head_n_byte;

}

VOID HookSpinlockFunctions()

{

/* 加锁函数 */

lock_head_n_byte = (PUCHAR)HookKernelApi(GetFunctionAddr(L"KeAcquireSpinLockAtDpcLevel"),

(PVOID)Proxy_KeAcquireSpinLockAtDpcLevel,

&ori_lock,

lock_patch_size);

/* 解锁函数 */

unlock_head_n_byte = (PUCHAR)HookKernelApi(GetFunctionAddr(L"KeReleaseSpinLock"),

(PVOID)Proxy_KeReleaseSpinLock,

&ori_unlock,

unlock_patch_size);

}

本文发布于:2024-03-09，感谢您对本站的认可！

评论列表（有0条评论）