DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
for (i=dwStartMap; i <dwEndMap; i++)
{
dwCode = *(LPBYTE)i;
if (dwCode == 0xE8 || dwCode == 0xE9)//call»òjmp
{
dwAddr = i + 5 + *(LPDWORD)(i+1);//ÌøתµÄÄ¿µÄµØÖ·
if (dwAddr>dwStartMap && dwAddr <dwEndMap)
continue ; //¶ÎÄÚתÒÆ
dwCode = *(LPBYTE)(i+1);//¶Î¼äתÒÆ£¬*(LPBYTE)(i+1)ÊÇÆ«ÒÆÁ¿µÄµÍ×Ö½Ú°É£¬±£´æµ½dwCodeÓÐʲôÓã¿Ê²Ã´Âß¼£¿
if (dwCode == dwMagic)
break ; //ΪʲôÕâÑù×ö£¬Æ«ÒÆÁ¿µÄµÍ×Ö½ÚΪѻ·µÄdwMagicµÄ¸ÅÂʺÜС°¡£¬¶øÇұȽÏÀàÐÍÒ²²»Ò»ÖÂ
}
}
}//Õâ¸öÁ½²ãforÍêÁË£¬Ã»ÓÐ×öÈκβÙ×÷£¬Î¨ÓÐdwAddr±£´æÁË×îºó¸öcall»òjmpµÄÌøתµØÖ·£¬dwCodeÇ¡ºÃÊÇdwMagicµÄÖµ-¿ÉÄÜÐÔºÜС
DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
CÅÌ9G£¬ËãÁËһϸ÷ÖÖÎļþ°üÀ¨ÒþÐÎ×ܹ²²»µ½2G£¬¿ÉÊÇϵͳÏÔʾֻʣÓà1¸ö¶àG£¬ÎÒÒѾ½«¸÷ÖÖÁÙʱÎļþ¶¼É¾³ýÁË£¬°üÀ¨´ÅÅÌÇåÀí£¬Ôõô»ØÊ£¿Ð»Ð»»Ø´ð
ʲôϵͳ£¿
ÐéÄâÄÚ´æÉèÖõ½ÆäËüÅÌ£»
¹Ø±Õϵͳ»¹Ô£»
ɾ³ýÐ ......
ÎÒ¸öÈ˸оõÓеĵط½Ã»±ØÒª¿´£¬·±ËöµÃºÝ£¬ÓÃ×Ô¼º×ܽáµÄ·½·¨¸üºÃ£¬´ó¼Ò˵˵×Ô¼ºµÄÒâ¼û
ÎҸоõ±ã½Ý¼ÆËãÓë²»¶Ô³Æ±ß½çÍêÈ«¸ù¾Ý×Ô¼ºµÄ¾ÑéÀ´£¬Óò»×Å¿´Å¶£¬´ó¼Ò˵˵
Äã¿´²»¿´ÄÇÊÇÄãµÄÊÂ
Æäʵ¶¼ÊÇ»ù´¡µÄ¶«Î÷À²
......
