有人解释下为什么下一段代码会在 ntdll.dll 中返回一个指针吗?
GetProcAddress(LoadLibraryA("kernel32.dll"), "EncodePointer");
GetProcAddress(LoadLibraryA("kernel32.dll"), "DecodePointer");
PS:如果调用kernel32的导出表指向的函数会抛出断点。
最佳答案
这是一个简单的导出转发案例,如 Matt Pietrek 在 MSDN 杂志的一篇优秀文章中所述,An In-Depth Look into the Win32 Portable Executable File Format, Part 2 .
您可以使用 Dependency Walker 或 dumpbin 等工具自行验证这一点。
dumpbin /exports kernel32.dll | grep codePointer
205 CC DecodePointer (forwarded to NTDLL.RtlDecodePointer)
240 EF EncodePointer (forwarded to NTDLL.RtlEncodePointer)
关于c - GetProcAddress 奇怪的返回地址,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11022930/