我正在尝试 Hook 一个具有签名的未记录的函数:
(void(__thiscall*)(int arg1, int arg2))0x6142E0;
我看过弯路示例“成员”,它解释了:
By default, C++ member functions use the __thiscall calling convention. In order to Detour a member function, both the trampoline and the detour must have exactly the same calling convention as the target function. Unfortunately, the VC compiler does not support a __thiscall, so the only way to create legal detour and trampoline functions is by making them class members of a "detour" class.
In addition, C++ does not support converting a pointer to a member function to an arbitrary pointer. To get a raw pointer, the address of the member function must be moved into a temporary member-function pointer, then passed by taking it's address, then de-referencing it. Fortunately, the compiler will optimize the code to remove the extra pointer operations.
我已经从示例中复制了一些代码并对其进行了修改,但我似乎无法让它工作(original example code here):
class CDetour {
public:
void Mine_Target(int arg1, int arg2);
static void (CDetour::* Real_Target)(int arg1, int arg2);
};
void CDetour::Mine_Target(int arg1, int arg2) {
printf(" CDetour::Mine_Target! (this:%p)\n", this);
(this->*Real_Target)(arg1, arg2);
}
void (CDetour::* CDetour::Real_Target)(int arg1, int arg2) = (void(CDetour::*)(int arg1, int arg2)) (0x6142E0);
void hoo()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)CDetour::Real_Target, (PVOID)(&(PVOID&)CDetour::Mine_Target));
DetourTransactionCommit();
}
我不确定如何让它工作。 a bow 代码有两个编译器错误:
void (CDetour::* CDetour::Real_Target)(int arg1, int arg2) = (void(CDetour::*)(int arg1, int arg2)) (0x6142E0);
//Error C2440 'type cast': cannot convert from 'int' to 'void (__thiscall CDetour::* )(int,int)'
和:
DetourAttach(&(PVOID&)CDetour::Real_Target, (PVOID)(&(PVOID&)CDetour::Mine_Target));
//Error C2440 'type cast': cannot convert from 'void (__thiscall CDetour::* )(int,int)' to 'PVOID &'
我希望有人能在正确的方向上帮助我,因为我即将放弃 Hook __thiscall 函数...
我正在考虑使用内联汇编编写一个全局“__declspec( naken ) void MyFunc(int, int)”函数,以便按照建议保留“this 指针”here .
最佳答案
Detours 已经相当老了。明确 compiler support for __thiscall是相当新的。看起来在 Visual C++ 2005 及更高版本中支持它。似乎 Detours 文档从未更新过。
关于c++ - Microsoft Detours - 无法 Hook __thiscall 函数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34301293/