dz̸C/C++ÄÚ´æй©¼°Æä¼ì²â¹¤¾ß

BoundsChecker²ÉÓÃÒ»ÖÖ±»³ÆΪ Code InjectionµÄ¼¼Êõ£¬À´½Ø»ñ¶Ô·ÖÅäÄÚ´æºÍÊÍ·ÅÄÚ´æµÄº¯ÊýµÄµ÷Ó᣼òµ¥µØ˵£¬µ±ÄãµÄ³ÌÐò¿ªÊ¼ÔËÐÐʱ£¬BoundsCheckerµÄDLL±»×Ô¶¯ÔØÈë½ø³ÌµÄµØÖ·¿Õ¼ä£¨Õâ¿ÉÒÔͨ¹ýsystem-levelµÄHookʵÏÖ£©£¬È»ºóËü»áÐ޸Ľø³ÌÖжÔÄÚ´æ·ÖÅäºÍÊͷŵĺ¯Êýµ÷Óã¬ÈÃÕâЩµ÷ÓÃÊ×ÏÈתÈëËüµÄ´úÂ룬ȻºóÔÙÖ´ÐÐÔ­À´µÄ´úÂë¡£BoundsCheckerÔÚ×öÕâЩ¶¯×÷µÄʱ£¬ÎÞÐëÐ޸ı»µ÷ÊÔ³ÌÐòµÄÔ´´úÂë»ò¹¤³ÌÅäÖÃÎļþ£¬ÕâʹµÃʹÓÃËü·Ç³£µÄ¼ò±ã¡¢Ö±½Ó¡£
¡¡¡¡ÕâÀïÎÒÃÇÒÔmallocº¯ÊýΪÀý£¬½Ø»ñÆäËûµÄº¯Êý·½·¨Óë´ËÀàËÆ¡£
¡¡¡¡ÐèÒª±»½Ø»ñµÄº¯Êý¿ÉÄÜÔÚDLLÖУ¬Ò²¿ÉÄÜÔÚ³ÌÐòµÄ´úÂëÀï¡£±ÈÈ磬Èç¹û¾²Ì¬Á¬½áC-Runtime Library£¬ÄÇômallocº¯ÊýµÄ´úÂë»á±»Á¬½áµ½³ÌÐòÀΪÁ˽ػñס¶ÔÕâÀຯÊýµÄµ÷Óã¬BoundsChecker»á¶¯Ì¬ÐÞ¸ÄÕâЩº¯ÊýµÄÖ¸Áî¡£
¡¡¡¡ÒÔÏÂÁ½¶Î»ã±à´úÂ룬һ¶ÎûÓÐBoundsChecker½éÈ룬ÁíÒ»¶ÎÔòÓÐBoundsCheckerµÄ½éÈ룺
126: _CRTIMP void * __cdecl malloc (
127: size_t nSize
128: )
129: {
00403C10 push ebp
00403C11 mov ebp,esp
130: return _nh_malloc_dbg(nSize, _newmode, _NORMAL_BLOCK, NULL, 0);
00403C13 push 0
00403C15 push 0
00403C17 push 1
00403C19 mov eax,[__newmode (0042376c)]
00403C1E push eax
00403C1F mov ecx,dword ptr [nSize]
00403C22 push ecx
00403C23 call _nh_malloc_dbg (00403c80)
00403C28 add esp,14h
131: }
¡¡¡¡ÒÔÏÂÕâÒ»¶Î´úÂëÓÐBoundsChecker½éÈ룺
126: _CRTIMP void * __cdecl malloc (
127: size_t nSize
128: )
129: {
00403C10 jmp 01F41EC8
00403C15 push 0
00403C17 push 1
00403C19 mov eax,[__newmode (0042376c)]
00403C1E push eax
00403C1F mov ecx,dword ptr [nSize]
00403C22 push ecx
00403C23 call _nh_malloc_dbg (00403c80)
00403C28 add esp,14h
131: }
¡¡¡¡µ±BoundsChecker½éÈëºó£¬º¯ÊýmallocµÄÇ°ÈýÌõ»ã±àÖ¸Áî±»Ìæ»»³ÉÒ»ÌõjmpÖ¸ÁԭÀ´µÄÈýÌõÖ¸Áî±»°áµ½µØÖ·01F41EC8´¦ÁË¡£µ±³ÌÐò½øÈëmallocºóÏÈjmpµ½01F41EC8£¬Ö´ÐÐÔ­À´µÄÈýÌõÖ¸ÁȻºó¾ÍÊÇBoundsCheckerµÄÌìÏÂÁË¡£´óÖÂÉÏËü»áÏȼǼº¯ÊýµÄ·µ»ØµØÖ·£¨º¯ÊýµÄ·µ»ØµØÖ·ÔÚstackÉÏ£¬ËùÒÔºÜÈÝÒ×Ð޸ģ©£¬È»ºó°Ñ·µ»ØµØÖ·Ö¸ÏòÊôÓÚBoundsCheckerµÄ´úÂ룬½Ó×ÅÌøµ½mallocº¯ÊýÔ­À´µÄÖ¸ÁҲ¾ÍÊÇÔÚ00403c15µÄµØ·½¡£µ±mallocº¯Êý½áÊøµÄʱºò£¬ÓÉÓÚ·µ»ØµØÖ·±»Ð޸ģ¬Ëü»á·µ»Øµ½BoundsCheckerµÄ´úÂëÖУ¬´ËʱBoundsChecker»á¼Ç¼ÓÉmalloc