2022初学64位hook 汇编 jmp源码

 控制台复制就能用,简单易懂

#include <iostream>
#include <Windows.h>
using namespace std;
unsigned long xxxxxxxx = 0;
void hook64(void* dest,void* myfunc) {    //xxx随便填一个可读写执行的地址,jmp6字节,地址8字节,ret 1字节,一共15字节
    bool xp1 = VirtualProtect(dest, 15, PAGE_EXECUTE_READWRITE, &xxxxxxxx);
    //cout << xp1<<"\n";
    LONGLONG destaddresss = (LONGLONG)dest;
    LONGLONG myfuncaddress = (LONGLONG)myfunc;

    unsigned char* change = (BYTE*)dest;
    *change = 255;  //jmp = FF
    change++;
    *change = 37; //jmp 25 = jmp qword ptr
    change++;

    int* a = (int*)change;  //jmp 25 后面4个字节偏移
    *a = 0;     //偏移填0,表示取jmp指令后8个字节的内容为地址
    change += 4;

    LONGLONG* addres = (LONGLONG*)change;
    *addres = myfuncaddress;
    
    //change += 8;
    //*change = 195;  // C3 = ret   为什么不写ret也没事呢,难道从myfunc返回直接回到main主函数了,没有回到被hook函数
}
void myfunc() {
    cout << "messagebox\n";
}
int main()
{
    void* destptr = (void*)GetProcAddress(GetModuleHandleW(L"user32"), "MessageBoxW");
    hook64(destptr, myfunc);
    MessageBoxW(0, L"", L"abc", 0);

    void* destptr1 = (void*)GetProcAddress(GetModuleHandleW(L"kernel32"), "OpenProcess");
    if (destptr1) {
        cout << "1\n";
        hook64(destptr1, myfunc);
        OpenProcess(PROCESS_ALL_ACCESS,0,0);
    }
}

64位汇编的文章好像比较少,唉,我这个虽然很低级,也不是完全帮不到人吧

 浅谈64位进程远程hook技术及64模块导出表的一些变化，附源码_精易论坛