本文整理汇总了C++中FlushInstructionCache函数的典型用法代码示例。如果您正苦于以下问题:C++ FlushInstructionCache函数的具体用法?C++ FlushInstructionCache怎么用?C++ FlushInstructionCache使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了FlushInstructionCache函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: VirtualAlloc
PVOID JMPHook::hook(PVOID tgt, PVOID rep){
this->target = tgt;
this->replacer = rep;
PVOID orig_fn = tgt;
PVOID dest_fn = rep;
newregion = (byte*) VirtualAlloc(0, size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(newregion, orig_fn, size);
int p = memcmp(newregion, orig_fn, size);
//printf("%d\n", p);
unsigned long oldprotect = 0;
VirtualProtect(orig_fn, size, PAGE_EXECUTE_READWRITE, &oldprotect);
__asm{
mov eax, dword ptr [orig_fn]; // eax = orig_fn address
mov ecx, 0xe9; // ecx = jmp relative
mov [eax], ecx; // *orig_fn = jmp relative
mov ecx, dword ptr [dest_fn]; // ecx = dest_fn address
sub ecx, dword ptr [orig_fn]; // ecx = address(dest_fn) - address(orig_fn)
sub ecx, 5;
inc eax; // eax = orig_fn address + 1
mov dword ptr [eax], ecx; // *orig_fn = jmp relative to [dest_fn]
}
VirtualProtect(orig_fn, size, oldprotect, &oldprotect);
VirtualProtect(newregion, size, PAGE_EXECUTE_READ, 0);
FlushInstructionCache(0, orig_fn, size);
FlushInstructionCache(0, newregion, size);
return (PVOID) newregion; // address of the copied function
}
开发者ID:jmfti,项目名称:Function-hooks-in-cplusplus,代码行数:34,代码来源:CHook.cpp
示例2: ThreadWaitUntil
int ThreadWaitUntil(HANDLE hProcess, HANDLE hThread, void *addr)
{
CONTEXT context = {0};
BYTE entry_asm_orig[2];
const BYTE entry_asm_delay[2] = {0xEB, 0xFE}; // JMP SHORT YADA YADA
MEMORY_BASIC_INFORMATION mbi;
DWORD byte_ret;
DWORD old_prot;
if(!VirtualQueryEx(hProcess, addr, &mbi, sizeof(mbi))) {
return 1;
}
VirtualProtectEx(hProcess, mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &old_prot);
ReadProcessMemory(hProcess, addr, entry_asm_orig, sizeof(entry_asm_orig), &byte_ret);
WriteProcessMemory(hProcess, addr, entry_asm_delay, sizeof(entry_asm_delay), &byte_ret);
FlushInstructionCache(hProcess, addr, sizeof(entry_asm_delay));
VirtualProtectEx(hProcess, mbi.BaseAddress, mbi.RegionSize, old_prot, &old_prot);
context.ContextFlags = CONTEXT_CONTROL;
while(context.Eip != (DWORD)addr) {
ResumeThread(hThread);
Sleep(10);
SuspendThread(hThread);
GetThreadContext(hThread, &context);
}
// Write back the original code
WriteProcessMemory(hProcess, addr, entry_asm_orig, sizeof(entry_asm_orig), &byte_ret);
FlushInstructionCache(hProcess, addr, sizeof(entry_asm_orig));
return 0;
}
开发者ID:GovanifY,项目名称:thcrap,代码行数:31,代码来源:inject.c
示例3: ResetSoftwareBreakpoint
void ResetSoftwareBreakpoint(HANDLE hProcess, DWORD dwAddr, BYTE original)
{
DWORD dwRead;
WriteProcessMemory(hProcess, (LPVOID)dwAddr, &original, 1, &dwRead);
FlushInstructionCache(hProcess, (LPVOID)dwAddr, 1);
}
开发者ID:weimingtom,项目名称:AokanaCGExtractor,代码行数:7,代码来源:Main.cpp
示例4: __declspec
extern "C" int __declspec(dllexport) FixBP(DWORD dwAddress,BYTE bInstruction,DWORD dwFinalClean)
{
BOOL bret;
DWORD dw;
HANDLE hThread;
CONTEXT context;
if (dwFinalClean)
{
bret = WriteProcessMemory(hProcess,(LPVOID)dwAddress,&bInstruction,1,&dw);
return 0;
}
hThread = OpenThread(THREAD_ALL_ACCESS,0,dbg_event.dwThreadId);
memset(&context,0,sizeof(CONTEXT));
context.ContextFlags = CONTEXT_ALL;
bret = GetThreadContext(hThread,&context);
if (bret == 0) return 0;
bret = WriteProcessMemory(hProcess,(LPVOID)dwAddress,&bInstruction,1,&dw);
FlushInstructionCache(hProcess,(LPVOID)dwAddress, 1);
if (bret == 0) return 0;
context.Eip = context.Eip - 1;
context.EFlags |= 0x100;
bret = SetThreadContext(hThread,&context);
if (bret == 0)
return 0;
Log("hThread:%x EIP:%x bret:%d gle:%d",hThread,context.Eip,bret,GetLastError());
return 1;
}
开发者ID:kroudo,项目名称:win32_debugger,代码行数:35,代码来源:debugger.cpp
示例5: VirtualProtect
/**
* @brief Injects redirection code into the target function.
*
* Replaces the first 6 Bytes of the function indicated by baseptr
* with the replacement code previously generated (usually a jump
* to mumble code). If a trampoline is available this injection is not needed
* as control flow was already permanently redirected by HardHook::setup .
*
* @param force Perform injection even when trampoline is available.
*/
void HardHook::inject(bool force) {
if (! baseptr)
return;
if (! force && bTrampoline)
return;
DWORD origProtect;
if (VirtualProtect(baseptr, CODEREPLACESIZE, PAGE_EXECUTE_READWRITE, &origProtect)) {
for (int i = 0; i < CODEREPLACESIZE; ++i) {
baseptr[i] = replace[i]; // Replace with jump to new code
}
DWORD tempProtect;
VirtualProtect(baseptr, CODEREPLACESIZE, origProtect, &tempProtect);
FlushInstructionCache(GetCurrentProcess(), baseptr, CODEREPLACESIZE);
}
// Verify that the injection was successful
for (int i = 0; i < CODEREPLACESIZE; ++i) {
if (baseptr[i] != replace[i]) {
fods("HardHook: Injection failure noticed at byte %d", i);
}
}
}
开发者ID:Darcade,项目名称:mumble,代码行数:35,代码来源:HardHook.cpp
示例6: exit
CompiledProgram::CompiledProgram(Program in_program)
{
mProgSize=0;
for (Program::iterator i=in_program.begin(); i!=in_program.end(); i++)
{
mProgSize+=i->size();
}
mpProg=VirtualAlloc(
NULL,
mProgSize,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE
);
if (mpProg == NULL )
exit(0);
size_t progPos=0;
for (Program::iterator i=in_program.begin(); i!=in_program.end(); i++)
{
memcpy((unsigned char*) mpProg+progPos, &(*i)[0], i->size());
progPos+=i->size();
}
DWORD flOldProtect;
if (!VirtualProtect(mpProg, size(), PAGE_EXECUTE, &flOldProtect))
exit(0);
if (!FlushInstructionCache(GetCurrentProcess(), mpProg, size()))
exit(0);
}
开发者ID:dreamsxin,项目名称:101_browser,代码行数:35,代码来源:X86Assembly.cpp
示例7: InjectData
LPVOID InjectData(HANDLE hProcess,LPVOID lpData,ULONG ulFuncLen)
{
LPVOID lpAddress=NULL;
DWORD dwOldProtect;
DWORD BytesWritten=0;
// Allocate memory for lpData int the remote process
lpAddress=VirtualAllocEx(hProcess,NULL,ulFuncLen,MEM_COMMIT|MEM_TOP_DOWN,PAGE_EXECUTE_READWRITE);
if (lpAddress)
{
// Change the protection for the allocated memory
if (VirtualProtectEx(hProcess,lpAddress,ulFuncLen,PAGE_EXECUTE_READWRITE,&dwOldProtect))
{
// ...
FlushInstructionCache(hProcess,lpAddress,ulFuncLen);
// Write lpData into the remote process
if (WriteProcessMemory(hProcess,lpAddress,lpData,ulFuncLen,&BytesWritten))
{
// Restore old protection :)
VirtualProtectEx(hProcess,lpAddress,ulFuncLen,dwOldProtect,NULL);
// Return remote address for lpData
return lpAddress;
}
// Restore old protection :)
VirtualProtectEx(hProcess,lpAddress,ulFuncLen,dwOldProtect,NULL);
}
}
return 0;
}
开发者ID:Artorios,项目名称:rootkit.com,代码行数:29,代码来源:injector.c
示例8: child_xfer_memory
/* Transfer memory from/to the debugged process. */
static int
child_xfer_memory (CORE_ADDR memaddr, char *our, int len,
int write, struct target_ops *target)
{
BOOL success;
SIZE_T done = 0;
DWORD lasterror = 0;
uintptr_t addr = (uintptr_t) memaddr;
if (write)
{
success = WriteProcessMemory (current_process_handle, (LPVOID) addr,
(LPCVOID) our, len, &done);
if (!success)
lasterror = GetLastError ();
FlushInstructionCache (current_process_handle, (LPCVOID) addr, len);
}
else
{
success = ReadProcessMemory (current_process_handle, (LPCVOID) addr,
(LPVOID) our, len, &done);
if (!success)
lasterror = GetLastError ();
}
if (!success && lasterror == ERROR_PARTIAL_COPY && done > 0)
return done;
else
return success ? done : -1;
}
开发者ID:phausler,项目名称:binutils,代码行数:30,代码来源:win32-low.c
示例9: VirtualProtect
// !TODO: Add auto alloc for missing stub
void *HookSub(void *oldProc, void *newProc)
{
void *jmpAddr = (void *)((char *)newProc - (char *)oldProc - 5);
// patch
DWORD oldProtect = NULL;
VirtualProtect(oldProc, 5, PAGE_EXECUTE_WRITECOPY, &oldProtect);
__asm
{
push eax
push ebx
mov eax, oldProc
mov ebx, jmpAddr
mov byte ptr [eax], 0xE9 // long jmp
mov dword ptr [eax + 1], ebx
pop ebx
pop eax
}
VirtualProtect(oldProc, 5, oldProtect, &oldProtect);
FlushInstructionCache(GetCurrentProcess(), oldProc, 5);
return ((void *)((char *)oldProc + 5));
}
开发者ID:steeve,项目名称:dwmaxx,代码行数:28,代码来源:patch.cpp
示例10: GetDetourLenAuto
bool CDetour::Remove ( BYTE *orig, BYTE *jmp, int iPatchType, int len )
{
int iMinLen = 0;
DWORD dwBack = 0;
if ( !(iMinLen = GetDetourLen(iPatchType)) )
return false;
if ( len != 0 && len < iMinLen )
return false;
// Try and find the end of the instruction automatically
if ( len == 0 )
{
len = GetDetourLenAuto( jmp, iMinLen );
if ( len == 0 )
len = GetDetourLen( iPatchType );
if ( len == 0 || iMinLen == 0 )
return false;
if ( len < iMinLen )
return false;
}
// Write the bytes @ the jmp back to the orig
MEMORY_BASIC_INFORMATION mbi;
VirtualQuery( (void *)orig, &mbi, sizeof(mbi) );
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &mbi.Protect );
memcpy( orig, jmp, len );
VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &mbi.Protect );
FlushInstructionCache( GetCurrentProcess(), (void *)orig, len );
return true;
}
开发者ID:Aephout14,项目名称:m0d-s0beit-sa,代码行数:33,代码来源:CDetour.cpp
示例11: HEStopHook
BOOL HEStopHook(PHOOKINFO HookInfo)
{
BOOL CallRet;
DWORD dwTmp;
DWORD OldProtect;
LPVOID FuncAddr = HookInfo->FuncAddr;
DWORD CodeLength = HookInfo->CodeLength;
CallRet = VirtualProtect(FuncAddr, CodeLength, PAGE_EXECUTE_READWRITE, &OldProtect);
if (!CallRet)
{
return 1;
}
CallRet = WriteProcessMemory(GetCurrentProcess(), FuncAddr, HookInfo->Stub, CodeLength, &dwTmp);
if (!CallRet || dwTmp != CodeLength)
{
return 2;
}
FlushInstructionCache(GetCurrentProcess(), FuncAddr, CodeLength);
VirtualProtect(FuncAddr, CodeLength, OldProtect, &dwTmp);
free(HookInfo->Stub);
return 0;
}
开发者ID:Stofftierchen13,项目名称:np-activex,代码行数:28,代码来源:Hook.cpp
示例12: UnhookFunction
BOOL UnhookFunction(LPTSTR ModuleName, LPCSTR FunctionName, PVOID proxyFunction)
{
PVOID oldFunction = NULL;
DWORD oldProtect = 0;
TCHAR tzTemp[MAX_PATH] = {0};
oldFunction = GetProcAddress(GetModuleHandle(ModuleName), FunctionName);
if (!oldFunction)
{
wsprintf(tzTemp, TEXT("Failed to find the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
return FALSE;
}
// Recover the function
VirtualProtect(oldFunction, JumpCodeSize, PAGE_EXECUTE_READWRITE, &oldProtect);
RtlCopyMemory(oldFunction, proxyFunction, JumpCodeSize);
VirtualProtect(oldFunction, JumpCodeSize, oldProtect, &oldProtect);
FlushInstructionCache(GetModuleHandle(NULL), oldFunction, JumpCodeSize);
if (!VirtualFree(proxyFunction, 0, MEM_RELEASE))
{
wsprintf(tzTemp, TEXT("Failed to free memory for the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
}
return TRUE;
}
开发者ID:sywymj,项目名称:HookQQ,代码行数:28,代码来源:HookLib.cpp
示例13: DoTest
void DoTest(void *Buffer, int Size, int Expected)
{
int ret;
SetLastError(0);
ret = FlushInstructionCache(GetCurrentProcess(), Buffer, Size);
if (!ret && Expected)
{
Fail("Expected FlushInstructionCache to return non-zero, got zero!\n"
"region: %p, size: %d, GetLastError: %d\n", Buffer, Size,
GetLastError());
}
else if (ret && !Expected)
{
Fail("Expected FlushInstructionCache to return zero, got non-zero!\n"
"region: %p, size: %d, GetLastError: %d\n", Buffer, Size,
GetLastError());
}
if (!Expected && ERROR_NOACCESS != GetLastError())
{
Fail("FlushInstructionCache failed to set the last error to "
"ERROR_NOACCESS!\n");
}
}
开发者ID:smartmaster,项目名称:sscli,代码行数:26,代码来源:test1.c
示例14: FixupInlineGetters
void FixupInlineGetters(DWORD tlsSlot, const LPVOID * pLocations, int nLocations)
{
BYTE* pInlineGetter;
DWORD dwOldProtect;
for (int i=0; i<nLocations; i++)
{
pInlineGetter = (BYTE*)GetEEFuncEntryPoint((BYTE*)pLocations[i]);
static const DWORD cbPatch = 9;
if (!ClrVirtualProtect(pInlineGetter, cbPatch, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
ThrowLastError();
}
DWORD offset = (tlsSlot * sizeof(LPVOID) + offsetof(TEB, TlsSlots));
#if defined(_TARGET_AMD64_)
// mov r??, gs:[TLS offset]
_ASSERTE_ALL_BUILDS("clr/src/VM/JITinterfaceGen.cpp",
pInlineGetter[0] == 0x65 &&
pInlineGetter[2] == 0x8B &&
pInlineGetter[4] == 0x25 &&
"Initialization failure while stomping instructions for the TLS slot offset: the instruction at the given offset did not match what we expect");
*((DWORD*)(pInlineGetter + 5)) = offset;
#else // _TARGET_AMD64_
PORTABILITY_ASSERT("FixupInlineGetters");
#endif //_TARGET_AMD64_
FlushInstructionCache(GetCurrentProcess(), pInlineGetter, cbPatch);
ClrVirtualProtect(pInlineGetter, cbPatch, dwOldProtect, &dwOldProtect);
}
}
开发者ID:0-wiz-0,项目名称:coreclr,代码行数:33,代码来源:jitinterfacegen.cpp
示例15: hook_jmp
//------------------------------------------------------------------------------
void* hook_jmp(const char* dll, const char* func_name, void* hook)
{
void* func_addr;
void* trampoline;
// Get the address of the function we're going to hook.
func_addr = get_proc_addr(dll, func_name);
if (func_addr == NULL)
{
LOG_INFO("Failed to find function '%s' in '%s'", dll, func_name);
return NULL;
}
LOG_INFO("Attemping jump hook.");
LOG_INFO("Target is %s, %s @ %p", dll, func_name, func_addr);
// Install the hook.
trampoline = hook_jmp_impl(func_addr, hook);
if (trampoline == NULL)
{
LOG_INFO("Jump hook failed.");
return NULL;
}
LOG_INFO("Success!");
FlushInstructionCache(current_proc(), 0, 0);
return trampoline;
}
开发者ID:NextGenIntelligence,项目名称:clink,代码行数:29,代码来源:hook.c
示例16: finalize
void finalize()
{
IF_ZERO_THROW_LAST_ERROR(VirtualProtect(_memory, _size,
PAGE_EXECUTE_READ));
IF_ZERO_THROW_LAST_ERROR(FlushInstructionCache(GetCurrentProcess(),
_memory, _size));
}
开发者ID:Soltero,项目名称:reenigne,代码行数:7,代码来源:JIT.cpp
示例17: DEBUGGER_BREAKPOINT
BOOL WindowsDebugger::debugger_set_breakpoint(
unsigned long ulAddress )
{
IMemory * lpMemory = this->windowsdebugger_get_proc_memory();
DEBUGGER_BREAKPOINT * lpBp = new DEBUGGER_BREAKPOINT();
lpBp->ulAddress = ulAddress;
lpBp->nTimesHit = 0;
if( lpMemory->memory_get_address_contents( this->nProcessId,
(void *)ulAddress, 1, &lpBp->lpOriginalCode ) == FALSE ) {
PrintError( "Error Reading Breakpoint address" );
return FALSE;
}
lpBp->bEnabled = TRUE;
this->vBreakpoints.push_back(lpBp);
if( lpMemory->memory_write_to_address( this->nProcessId, (void *)ulAddress,
lpBpInstruction, sizeof(lpBpInstruction ) ) == FALSE ) {
PrintError( "Unable to set breakpoint" );
lpBp->bEnabled = FALSE;
this->debugger_clear_breakpoint( ulAddress );
return FALSE;
}
FlushInstructionCache( this->hProcess, (LPCVOID)lpBp->ulAddress,
sizeof(lpBpInstruction) );
return TRUE;
}
开发者ID:SEC-squad,项目名称:icarus,代码行数:31,代码来源:WindowsDebugger.cpp
示例18: WritePattern
void WritePattern(LPVOID address, const signed short *data, SIZE_T size, MemorySegment *mem)
{
DWORD oldProtect;
// Allowing reading from and writing to this memory space.
VirtualProtect(address, size, PAGE_EXECUTE_READWRITE, &oldProtect);
// Backup memory.
if(mem != NULL) {
mem->address = address;
mem->size = size;
mem->data = (unsigned char*)malloc(size * sizeof(unsigned char));
memcpy(mem->data, address, size);
}
unsigned char *a, *end = (unsigned char*)address + size;
for(a = (unsigned char*)address; a < end; ++a, ++data) {
// Ignore -1s.
if(*data != -1) *a = (unsigned char)*data;
}
// Restore permissions to this memory space.
VirtualProtect(address, size, oldProtect, &oldProtect);
FlushInstructionCache(GetCurrentProcess(), address, size);
}
开发者ID:Plonecakes,项目名称:mod_sharker,代码行数:25,代码来源:patch_lib.cpp
示例19: HookFunction
PVOID HookFunction(LPTSTR ModuleName, LPCSTR FunctionName, PVOID MyFunction)
{
PVOID oldFunction = NULL;
PVOID proxyFunction = NULL;
LPBYTE opCode = NULL;
DWORD backupLen = 0;
DWORD oldProtect = 0;
TCHAR tzTemp[MAX_PATH] = {0};
// Get original function address
oldFunction = GetProcAddress(GetModuleHandle(ModuleName), FunctionName);
if (!oldFunction)
{
wsprintf(tzTemp, TEXT("Failed to find the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
return NULL;
}
// Get the exact length
while (backupLen < JumpCodeSize)
backupLen += size_of_code((LPBYTE)((DWORD)oldFunction + backupLen), &opCode);
// Fill the data
*(DWORD *)(JumpCode + 1) = (DWORD)MyFunction;
*(DWORD *)(JumpbackCode + 1) = (DWORD)oldFunction + backupLen;
// Allocate space for proxy function
proxyFunction = VirtualAlloc(NULL, backupLen + JumpCodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (!proxyFunction)
{
wsprintf(tzTemp, TEXT("Failed to allocate space for the function: %hs\n"), FunctionName);
OutputDebugText(tzTemp);
return NULL;
}
// Fill proxy function and flush instructions
RtlCopyMemory(proxyFunction, oldFunction, backupLen);
RtlCopyMemory((PVOID)((DWORD)proxyFunction + backupLen), JumpbackCode, JumpbackCodeSize);
FlushInstructionCache(GetModuleHandle(NULL), proxyFunction, backupLen + JumpCodeSize);
// Modify original function
VirtualProtect(oldFunction, JumpCodeSize, PAGE_EXECUTE_READWRITE, &oldProtect);
RtlCopyMemory(oldFunction, JumpCode, JumpCodeSize);
VirtualProtect(oldFunction, JumpCodeSize, oldProtect, &oldProtect);
FlushInstructionCache(GetModuleHandle(NULL), oldFunction, JumpCodeSize);
return proxyFunction;
}
开发者ID:sywymj,项目名称:HookQQ,代码行数:47,代码来源:HookLib.cpp
示例20: OsMisc_flush_icache
void OsMisc_flush_icache(address start, int size) {
#if defined(_WIN32_WCE)
/* Currently the PocketPC API doesn't seem to support selective
flushing of the icache => ignore start, size for now */
BOOL ret = FlushInstructionCache(GetCurrentProcess(), 0, 0);
#else
javacall_os_flush_icache((unsigned char*)start, size);
#endif
}
开发者ID:Sektor,项目名称:phoneme-qtopia,代码行数:9,代码来源:OsMisc_javacall.cpp
注:本文中的FlushInstructionCache函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论