DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
for (i=dwStartMap; i <dwEndMap; i++)
{
dwCode = *(LPBYTE)i;
if (dwCode == 0xE8 || dwCode == 0xE9)//call»òjmp
{
dwAddr = i + 5 + *(LPDWORD)(i+1);//ÌøתµÄÄ¿µÄµØÖ·
if (dwAddr>dwStartMap && dwAddr <dwEndMap)
continue ; //¶ÎÄÚתÒÆ
dwCode = *(LPBYTE)(i+1);//¶Î¼äתÒÆ£¬*(LPBYTE)(i+1)ÊÇÆ«ÒÆÁ¿µÄµÍ×Ö½Ú°É£¬±£´æµ½dwCodeÓÐʲôÓã¿Ê²Ã´Âß¼£¿
if (dwCode == dwMagic)
break ; //ΪʲôÕâÑù×ö£¬Æ«ÒÆÁ¿µÄµÍ×Ö½ÚΪѻ·µÄdwMagicµÄ¸ÅÂʺÜС°¡£¬¶øÇұȽÏÀàÐÍÒ²²»Ò»ÖÂ
}
}
}//Õâ¸öÁ½²ãforÍêÁË£¬Ã»ÓÐ×öÈκβÙ×÷£¬Î¨ÓÐdwAddr±£´æÁË×îºó¸öcall»òjmpµÄÌøתµØÖ·£¬dwCodeÇ¡ºÃÊÇdwMagicµÄÖµ-¿ÉÄÜÐÔºÜС
DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
ÏÂÃæÊÇÎÒдµÄ¹ØÓÚ¸ß˹ÁÐÖ÷ÏûÔª·¨µÄC³ÌÐòʵÏÖ·½·¨¡£µ«ÊÇÇó½â½á¹ûʼÖÕ²»ÕýÈ·°¡£¡¼ì²éºÜ¾ÃÁË£¬»¹ÊǼì²é²»³öÀ´£¬Âé·³ÄÄλ´ó¸ç¸øÖ¸µãÏ°ɣ¡ÏÈO(¡É_¡É)OллÁË£¡
³ÌÐò´úÂ룺
C/C++ code:
#include <stdio.h ......
