帮忙看下WinCE上的api hook

cnic

帮忙看下WinCE上的api hook [复制链接]

typedef void (*MYGETSYSTEMTIME)(LPSYSTEMTIME lpsystime);

MYGETSYSTEMTIME oldGetSystemTime;
BYTE oldaddr[5];
BYTE newaddr[5];
void WINAPI MyGetSystemTime(LPSYSTEMTIME lpsystime);
void HookGetSystemTime();
void UnhookGetSystemTime();

void WINAPI MyGetSystemTime(LPSYSTEMTIME lpsystime)
{
        MessageBox(NULL,L"haha~~",L"api",MB_OK);
        ::UnhookGetSystemTime();
}

void HookGetSystemTime()
{
        ::HINSTANCE hMod;

        hMod = ::LoadLibraryW(_T("coredll.dll"));
        oldGetSystemTime = (MYGETSYSTEMTIME)GetProcAddressW(hMod,_T("GetSystemTime"));

        if(oldGetSystemTime)
        {
                //memcpy(oldaddr,oldGetSystemTime,5);
                newaddr[0] = 0xeb;        //JMP
               
                DWORD myaddr;
                DWORD sysaddr;
                DWORD diffaddr;

                myaddr = (DWORD)&MyGetSystemTime;
                sysaddr = (DWORD)&*oldGetSystemTime;
                diffaddr = sysaddr - myaddr - 5;

                memcpy(&newaddr[1],&diffaddr,4);

                HANDLE hProcess = ::GetCurrentProcess();
                DWORD dwByte;
                BOOL ret;
                DWORD dwOldProtect;
               
                ret = ReadProcessMemory(hProcess,oldGetSystemTime,oldaddr,5,&dwByte);
                ret = VirtualProtect(oldGetSystemTime,5,PAGE_READWRITE,&dwOldProtect);
                ret = WriteProcessMemory(hProcess,oldGetSystemTime,newaddr,5,&dwByte);
                ret = VirtualProtect(oldGetSystemTime,5,dwOldProtect,&dwOldProtect);
                CloseHandle(hProcess);
        }
}

void UnhookGetSystemTime()
{
        HANDLE hProcess = ::GetCurrentProcess();
        DWORD dwByte;
        BOOL ret;
        ret = ::WriteProcessMemory(hProcess,(LPVOID)oldGetSystemTime,oldaddr,5,&dwByte);
        CloseHandle(hProcess);
}

每次在执行WriteProcessMemory(hProcess,oldGetSystemTime,newaddr,5,&dwByte);时，应用程序就会退出。哪位帮忙看下问题在哪里？

wenli1985wl

为什么退出，你要查参数是否正确的问题

还要看有关参数所在函数有无返回值的问题