本文整理汇总了C++中FlushInstructionCache函数的典型用法代码示例。如果您正苦于以下问题:C++ FlushInstructionCache函数的具体用法?C++ FlushInstructionCache怎么用?C++ FlushInstructionCache使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了FlushInstructionCache函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: VirtualAlloc
PVOID JMPHook::hook(PVOID tgt, PVOID rep){
this->target = tgt;
this->replacer = rep;
PVOID orig_fn = tgt;
PVOID dest_fn = rep;
newregion = (byte*) VirtualAlloc(0, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(newregion, orig_fn, size);
int p = memcmp(newregion, orig_fn, size);
//printf("%d\n", p);
unsigned long oldprotect = 0;
VirtualProtect(orig_fn, size, PAGE_EXECUTE_READWRITE, &oldprotect);
__asm{
mov eax, dword ptr [orig_fn]; // eax = orig_fn address
mov ecx, 0xe9; // ecx = jmp relative
mov [eax], ecx; // *orig_fn = jmp relative
mov ecx, dword ptr [dest_fn]; // ecx = dest_fn address
sub ecx, dword ptr [orig_fn]; // ecx = address(dest_fn) - address(orig_fn)
sub ecx, 5;
inc eax; // eax = orig_fn address + 1
mov dword ptr [eax], ecx; // *orig_fn = jmp relative to [dest_fn]
}
VirtualProtect(orig_fn, size, oldprotect, &oldprotect);
VirtualProtect(newregion, size, PAGE_EXECUTE_READ, 0);
FlushInstructionCache(0, orig_fn, size);
FlushInstructionCache(0, newregion, size);
return (PVOID) newregion; // address of the copied function
}
示例2: ThreadWaitUntil
int ThreadWaitUntil(HANDLE hProcess, HANDLE hThread, void *addr)
{
CONTEXT context = {0};
BYTE entry_asm_orig[2];
const BYTE entry_asm_delay[2] = {0xEB, 0xFE}; // JMP SHORT YADA YADA
MEMORY_BASIC_INFORMATION mbi;
DWORD byte_ret;
DWORD old_prot;
if(!VirtualQueryEx(hProcess, addr, &mbi, sizeof(mbi))) {
return 1;
}
VirtualProtectEx(hProcess, mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &old_prot);
ReadProcessMemory(hProcess, addr, entry_asm_orig, sizeof(entry_asm_orig), &byte_ret);
WriteProcessMemory(hProcess, addr, entry_asm_delay, sizeof(entry_asm_delay), &byte_ret);
FlushInstructionCache(hProcess, addr, sizeof(entry_asm_delay));
VirtualProtectEx(hProcess, mbi.BaseAddress, mbi.RegionSize, old_prot, &old_prot);
context.ContextFlags = CONTEXT_CONTROL;
while(context.Eip != (DWORD)addr) {
ResumeThread(hThread);
Sleep(10);
SuspendThread(hThread);
GetThreadContext(hThread, &context);
}
// Write back the original code
WriteProcessMemory(hProcess, addr, entry_asm_orig, sizeof(entry_asm_orig), &byte_ret);
FlushInstructionCache(hProcess, addr, sizeof(entry_asm_orig));
return 0;
}
示例3: ResetSoftwareBreakpoint
void ResetSoftwareBreakpoint(HANDLE hProcess, DWORD dwAddr, BYTE original)
{
DWORD dwRead;
WriteProcessMemory(hProcess, (LPVOID)dwAddr, &original, 1, &dwRead);
FlushInstructionCache(hProcess, (LPVOID)dwAddr, 1);
}
示例4: __declspec
extern "C" int __declspec(dllexport) FixBP(DWORD dwAddress,BYTE bInstruction,DWORD dwFinalClean)
{
BOOL bret;
DWORD dw;
HANDLE hThread;
CONTEXT context;
if (dwFinalClean)
{
bret = WriteProcessMemory(hProcess,(LPVOID)dwAddress,&bInstruction,1,&dw);
return 0;
}
hThread = OpenThread(THREAD_ALL_ACCESS,0,dbg_event.dwThreadId);
memset(&context,0,sizeof(CONTEXT));
context.ContextFlags = CONTEXT_ALL;
bret = GetThreadContext(hThread,&context);
if (bret == 0) return 0;
bret = WriteProcessMemory(hProcess,(LPVOID)dwAddress,&bInstruction,1,&dw);
FlushInstructionCache(hProcess,(LPVOID)dwAddress, 1);
if (bret == 0) return 0;
context.Eip = context.Eip - 1;
context.EFlags |= 0x100;
bret = SetThreadContext(hThread,&context);
if (bret == 0)
return 0;
Log("hThread:%x EIP:%x bret:%d gle:%d",hThread,context.Eip,bret,GetLastError());
return 1;
}
示例5: VirtualProtect
/**
* @brief Injects redirection code into the target function.
*
* Replaces the first 6 Bytes of the function indicated by baseptr
* with the replacement code previously generated (usually a jump
* to mumble code). If a trampoline is available this injection is not needed
* as control flow was already permanently redirected by HardHook::setup .
*
* @param force Perform injection even when trampoline is available.
*/
void HardHook::inject(bool force) {
if (! baseptr)
return;
if (! force && bTrampoline)
return;
DWORD origProtect;
if (VirtualProtect(baseptr, CODEREPLACESIZE, PAGE_EXECUTE_READWRITE, &origProtect)) {
for (int i = 0; i < CODEREPLACESIZE; ++i) {
baseptr[i] = replace[i]; // Replace with jump to new code
}
DWORD tempProtect;
VirtualProtect(baseptr, CODEREPLACESIZE, origProtect, &tempProtect);
FlushInstructionCache(GetCurrentProcess(), baseptr, CODEREPLACESIZE);
}
// Verify that the injection was successful
for (int i = 0; i < CODEREPLACESIZE; ++i) {
if (baseptr[i] != replace[i]) {
fods("HardHook: Injection failure noticed at byte %d", i);
}
}
}
示例6: exit
CompiledProgram::CompiledProgram(Program in_program)
{
mProgSize=0;
for (Program::iterator i=in_program.begin(); i!=in_program.end(); i++)
{
mProgSize+=i->size();
}
mpProg=VirtualAlloc(
NULL,
mProgSize,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE
);
if (mpProg == NULL )
exit(0);
size_t progPos=0;
for (Program::iterator i=in_program.begin(); i!=in_program.end(); i++)
{
memcpy((unsigned char*) mpProg+progPos, &(*i)[0], i->size());
progPos+=i->size();
}
DWORD flOldProtect;
if (!VirtualProtect(mpProg, size(), PAGE_EXECUTE, &flOldProtect))
exit(0);
if (!FlushInstructionCache(GetCurrentProcess(), mpProg, size()))
exit(0);
}
示例7: InjectData
LPVOID InjectData(HANDLE hProcess,LPVOID lpData,ULONG ulFuncLen)
{
LPVOID lpAddress=NULL;
DWORD dwOldProtect;
DWORD BytesWritten=0;
// Allocate memory for lpData int the remote process
lpAddress=VirtualAllocEx(hProcess,NULL,ulFuncLen,MEM_COMMIT|MEM_TOP_DOWN,PAGE_EXECUTE_READWRITE);
if (lpAddress)
{
// Change the protection for the allocated memory
if (VirtualProtectEx(hProcess,lpAddress,ulFuncLen,PAGE_EXECUTE_READWRITE,&dwOldProtect))
{
// ...
FlushInstructionCache(hProcess,lpAddress,ulFuncLen);
// Write lpData into the remote process
if (WriteProcessMemory(hProcess,lpAddress,lpData,ulFuncLen,&BytesWritten))
{
// Restore old protection :)
VirtualProtectEx(hProcess,lpAddress,ulFuncLen,dwOldProtect,NULL);
// Return remote address for lpData
return lpAddress;
}
// Restore old protection :)
VirtualProtectEx(hProcess,lpAddress,ulFuncLen,dwOldProtect,NULL);
}
}
return 0;
}
示例8: child_xfer_memory
/* Transfer memory from/to the debugged process. */
static int
child_xfer_memory (CORE_ADDR memaddr, char *our, int len,
int write, struct target_ops *target)
{
BOOL success;
SIZE_T done = 0;
DWORD lasterror = 0;
uintptr_t addr = (uintptr_t) memaddr;
if (write)
{
success = WriteProcessMemory (current_process_handle, (LPVOID) addr,
(LPCVOID) our, len, &done);
if (!success)
lasterror = GetLastError ();
FlushInstructionCache (current_process_handle, (LPCVOID) addr, len);
}
else
{
success = ReadProcessMemory (current_process_handle, (LPCVOID) addr,
(LPVOID) our, len, &done);
if (!success)
lasterror = GetLastError ();
}
if (!success && lasterror == ERROR_PARTIAL_COPY && done > 0)
return done;
else
return success ? done : -1;
}
示例9: VirtualProtect
// !TODO: Add auto alloc for missing stub
void *HookSub(void *oldProc, void *newProc)
{
void *jmpAddr = (void *)((char *)newProc - (char *)oldProc - 5);
// patch
DWORD oldProtect = NULL;
VirtualProtect(oldProc, 5, PAGE_EXECUTE_WRITECOPY, &oldProtect);
__asm
{
push eax
push ebx
mov eax, oldProc
mov ebx, jmpAddr
mov byte ptr [eax], 0xE9 // long jmp
mov dword ptr [eax + 1], ebx
pop ebx
pop eax
}
VirtualProtect(oldProc, 5, oldProtect, &oldProtect);
FlushInstructionCache(GetCurrentProcess(), oldProc, 5);
return ((void *)((char *)oldProc + 5));
}
示例10: GetDetourLenAuto
bool CDetour::Remove ( BYTE *orig, BYTE *jmp, int iPatchType, int len )
{
int iMinLen = 0;
DWORD dwBack = 0;
if ( !(iMinLen = GetDetourLen(iPatchType)) )
return false;
if ( len != 0 && len < iMinLen )
return false;
// Try and find the end of the instruction automatically
if ( len == 0 )
{
len = GetDetourLenAuto( jmp, iMinLen );
if ( len == 0 )
len = GetDetourLen( iPatchType );
if ( len == 0 || iMinLen == 0 )
return false;
if ( len < iMinLen )
return false;
}
// Write the bytes @ the jmp back to the orig
MEMORY_BASIC_INFORMATION mbi;
VirtualQuery( (void *)orig, &mbi, sizeof(mbi) );
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &mbi.Protect );
memcpy( orig, jmp, len );
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
FlushInstructionCache( GetCurrentProcess(), (void *)orig, len );
return true;
}
示例11: HEStopHook
BOOL HEStopHook(PHOOKINFO HookInfo)
{
BOOL CallRet;
DWORD dwTmp;
DWORD OldProtect;
LPVOID FuncAddr = HookInfo->FuncAddr;
DWORD CodeLength = HookInfo->CodeLength;
CallRet = VirtualProtect(FuncAddr, CodeLength, PAGE_EXECUTE_READWRITE, &OldProtect);
if (!CallRet)
{
return 1;
}
CallRet = WriteProcessMemory(GetCurrentProcess(), FuncAddr, HookInfo->Stub, CodeLength, &dwTmp);
if (!CallRet || dwTmp != CodeLength)
{
return 2;
}
FlushInstructionCache(GetCurrentProcess(), FuncAddr, CodeLength);
VirtualProtect(FuncAddr, CodeLength, OldProtect, &dwTmp);
free(HookInfo->Stub);
return 0;
}
示例12: UnhookFunction
BOOL UnhookFunction(LPTSTR ModuleName, LPCSTR FunctionName, PVOID proxyFunction)
{
PVOID oldFunction = NULL;
DWORD oldProtect = 0;
TCHAR tzTemp[MAX_PATH] = {0};
oldFunction = GetProcAddress(GetModuleHandle(ModuleName), FunctionName);
if (!oldFunction)
{
wsprintf(tzTemp, TEXT("Failed to find the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
return FALSE;
}
// Recover the function
VirtualProtect(oldFunction, JumpCodeSize, PAGE_EXECUTE_READWRITE, &oldProtect);
RtlCopyMemory(oldFunction, proxyFunction, JumpCodeSize);
VirtualProtect(oldFunction, JumpCodeSize, oldProtect, &oldProtect);
FlushInstructionCache(GetModuleHandle(NULL), oldFunction, JumpCodeSize);
if (!VirtualFree(proxyFunction, 0, MEM_RELEASE))
{
wsprintf(tzTemp, TEXT("Failed to free memory for the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
}
return TRUE;
}
示例13: DoTest
void DoTest(void *Buffer, int Size, int Expected)
{
int ret;
SetLastError(0);
ret = FlushInstructionCache(GetCurrentProcess(), Buffer, Size);
if (!ret && Expected)
{
Fail("Expected FlushInstructionCache to return non-zero, got zero!\n"
"region: %p, size: %d, GetLastError: %d\n", Buffer, Size,
GetLastError());
}
else if (ret && !Expected)
{
Fail("Expected FlushInstructionCache to return zero, got non-zero!\n"
"region: %p, size: %d, GetLastError: %d\n", Buffer, Size,
GetLastError());
}
if (!Expected && ERROR_NOACCESS != GetLastError())
{
Fail("FlushInstructionCache failed to set the last error to "
"ERROR_NOACCESS!\n");
}
}
示例14: FixupInlineGetters
void FixupInlineGetters(DWORD tlsSlot, const LPVOID * pLocations, int nLocations)
{
BYTE* pInlineGetter;
DWORD dwOldProtect;
for (int i=0; i<nLocations; i++)
{
pInlineGetter = (BYTE*)GetEEFuncEntryPoint((BYTE*)pLocations[i]);
static const DWORD cbPatch = 9;
if (!ClrVirtualProtect(pInlineGetter, cbPatch, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
ThrowLastError();
}
DWORD offset = (tlsSlot * sizeof(LPVOID) + offsetof(TEB, TlsSlots));
#if defined(_TARGET_AMD64_)
// mov r??, gs:[TLS offset]
_ASSERTE_ALL_BUILDS("clr/src/VM/JITinterfaceGen.cpp",
pInlineGetter[0] == 0x65 &&
pInlineGetter[2] == 0x8B &&
pInlineGetter[4] == 0x25 &&
"Initialization failure while stomping instructions for the TLS slot offset: the instruction at the given offset did not match what we expect");
*((DWORD*)(pInlineGetter + 5)) = offset;
#else // _TARGET_AMD64_
PORTABILITY_ASSERT("FixupInlineGetters");
#endif //_TARGET_AMD64_
FlushInstructionCache(GetCurrentProcess(), pInlineGetter, cbPatch);
ClrVirtualProtect(pInlineGetter, cbPatch, dwOldProtect, &dwOldProtect);
}
}
示例15: hook_jmp
//------------------------------------------------------------------------------
void* hook_jmp(const char* dll, const char* func_name, void* hook)
{
void* func_addr;
void* trampoline;
// Get the address of the function we're going to hook.
func_addr = get_proc_addr(dll, func_name);
if (func_addr == NULL)
{
LOG_INFO("Failed to find function '%s' in '%s'", dll, func_name);
return NULL;
}
LOG_INFO("Attemping jump hook.");
LOG_INFO("Target is %s, %s @ %p", dll, func_name, func_addr);
// Install the hook.
trampoline = hook_jmp_impl(func_addr, hook);
if (trampoline == NULL)
{
LOG_INFO("Jump hook failed.");
return NULL;
}
LOG_INFO("Success!");
FlushInstructionCache(current_proc(), 0, 0);
return trampoline;
}