mhook-2.2资源-CSDN文库

共17个文件

h：7个

c：4个

cpp：3个

hook

5星 · 超过95%的资源需积分: 18 7 浏览量 2011-06-15 23:15:02 上传评论收藏 73KB ZIP 举报

资源推荐

资源详情

资源评论

收起资源包目录

mhook-2.2.zip （17个子文件）

COPYING 1KB

mhook-test.vcproj 9KB

stdafx.h 452B

mhook-lib

mhook.h 1KB

mhook.cpp 32KB

stdafx.cpp 297B

mhook-test.cpp 5KB

disasm-lib

cpu.h 7KB

cpu.c 2KB

disasm.c 4KB

disasm_x86.c 147KB

disasm_x86_tables.h 259KB

misc.h 1KB

disasm_x86.h 21KB

disasm.h 16KB

misc.c 5KB

mhook-test.sln 1KB

// Copyright (C) 2004, Matt Conover (mconover@gmail.com) #undef NDEBUG #include <assert.h> #include "disasm.h" #include "cpu.h" // Since addresses are internally represented as 64-bit, we need to specially handle // cases where IP + Displacement wraps around for 16-bit/32-bit operand size // Otherwise, ignorethe possibility of wraparounds #define SUPPORT_WRAPAROUND #ifdef NO_SANITY_CHECKS #undef NDEBUG #undef DEBUG_DISASM #undef assert #define assert(x) #endif #ifdef DEBUG_DISASM #define DISASM_OUTPUT(x) printf x #else #define DISASM_OUTPUT(x) #endif #include "disasm_x86_tables.h" #ifdef _WIN64 #pragma warning(disable:4311 4312) #endif //////////////////////////////////////////////////////////////////////// // Internal macros //////////////////////////////////////////////////////////////////////// #define VIRTUAL_ADDRESS ((U64)Instruction->Address + Instruction->VirtualAddressDelta) #define AMD64_DIFF (AMD64_8BIT_OFFSET-X86_8BIT_OFFSET) #define IS_AMD64() (INS_ARCH_TYPE(Instruction) == ARCH_X64) #define IS_X86_32() (INS_ARCH_TYPE(Instruction) == ARCH_X86) #define IS_X86_16() (INS_ARCH_TYPE(Instruction) == ARCH_X86_16) #define X86_BOUND 0x62 #define X86_PUSH_REG 0x50 #define X86_PUSH_CS 0x0e #define X86_PUSH_DS 0x1e #define X86_PUSH_SS 0x16 #define X86_PUSH_ES 0x06 #define X86_PUSH_FS 0xa0 #define X86_PUSH_GS 0xa8 #define X86_PUSH_U8 0x6a #define X86_PUSH_U32 0x68 #define X86_POP_DS 0x1f #define X86_POP_ES 0x07 #define X86_POP_SS 0x17 #define X86_POP_FS 0xa1 #define X86_POP_GS 0xa9 #define X86_POP_REG 0x58 #define OPCSTR Instruction->String+Instruction->StringIndex #define APPEND Instruction->StringIndex += (U8)_snprintf #define APPENDPAD(x) \ { \ if (Instruction->StringAligned) \ { \ if (Instruction->StringIndex > x) assert(0); \ while (x != Instruction->StringIndex) APPENDB(' '); \ } \ else if (Instruction->StringIndex) \ { \ APPENDB(' '); \ } \ } #define APPENDB(a) Instruction->String[Instruction->StringIndex++] = a #define APPENDS(a) APPEND(OPCSTR, SIZE_LEFT, a); #define SIZE_LEFT (MAX_OPCODE_DESCRIPTION-1 > Instruction->StringIndex ? MAX_OPCODE_DESCRIPTION-Instruction->StringIndex : 0) // If an address size prefix is used for an instruction that doesn't make sense, restore it // to the default #define SANITY_CHECK_OPERAND_SIZE() \ { \ if (!Instruction->AnomalyOccurred && X86Instruction->HasOperandSizePrefix) \ { \ if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected operand size prefix\n", VIRTUAL_ADDRESS); \ Instruction->AnomalyOccurred = TRUE; \ X86Instruction->HasOperandSizePrefix = FALSE; \ switch (X86Instruction->OperandSize) \ { \ case 4: X86Instruction->OperandSize = 2; break; \ case 2: X86Instruction->OperandSize = 4; break; \ default: assert(0); \ } \ } \ } #define SANITY_CHECK_ADDRESS_SIZE() \ { \ if (!Instruction->AnomalyOccurred && X86Instruction->HasAddressSizePrefix) \ { \ if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected address size prefix\n", VIRTUAL_ADDRESS); \ Instruction->AnomalyOccurred = TRUE; \ } \ X86Instruction->HasAddressSizePrefix = FALSE; \ switch (INS_ARCH_TYPE(Instruction)) \ { \ case ARCH_X64: X86Instruction->AddressSize = 8; break; \ case ARCH_X86: X86Instruction->AddressSize = 4; break; \ case ARCH_X86_16: X86Instruction->AddressSize = 2; break; \ } \ } #define SANITY_CHECK_SEGMENT_OVERRIDE() \ if (!Instruction->AnomalyOccurred && X86Instruction->HasSegmentOverridePrefix) \ { \ if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: Unexpected segment override\n", VIRTUAL_ADDRESS); \ Instruction->AnomalyOccurred = TRUE; \ } #define INSTR_INC(size) \ { \ Instruction->Length += size; \ Address += size; \ } #define X86_SET_TARGET() \ { \ if (X86Instruction->HasSelector) \ { \ if (!Instruction->AnomalyOccurred) \ { \ if (!SuppressErrors) printf("[0x%08I64X] ANOMALY: unexpected segment 0x%02X\n", VIRTUAL_ADDRESS, X86Instruction->Selector); \ Instruction->AnomalyOccurred = TRUE; \ } \ } \ else \ { \ switch (X86Instruction->Segment) \ { \ case SEG_CS: \ case SEG_DS: \ case SEG_SS: \ case SEG_ES: \ assert(!X86Instruction->HasSelector); \ Operand->TargetAddress = (U64)X86Instruction->Displacement; \ /* assert(!GetAbsoluteAddressFromSegment((BYTE)X86Instruction->Segment, (DWORD)X86Instruction->Displacement) || GetAbsoluteAddressFromSegment(X86Instruction->Segment, (DWORD)X86Instruction->Displacement) == Operand->TargetAddress); */ \ break; \ case SEG_FS: \ case SEG_GS: \ assert(!X86Instruction->HasSelector); \ Operand->TargetAddress = (U64)GetAbsoluteAddressFromSegment((BYTE)X86Instruction->Segment, (DWORD)X86Instruction->Displacement); \ break; \ default: \ assert(0); /* shouldn't be possible */ \ break; \ } \ } \ } #define X86_SET_SEG(reg) \ { \ if (!X86Instruction->HasSegmentOverridePrefix && (reg == REG_EBP || reg == REG_ESP)) \ { \ assert(!X86Instruction->HasSelector); \ X86Instruction->Segment = SEG_SS; \ } \ } #define X86_SET_ADDR() \ { \ if (Operand->Flags & OP_DST) \ { \ assert(!X86Instruction->HasDstAddressing); \ X86Instruction->HasDstAddressing = TRUE; \ X86Instruction->DstOpIndex[X86Instruction->DstOpCount] = (U8)OperandIndex; \ X86Instruction->DstOpCount++; \ X86Instruction->DstAddressIndex = (U8)OperandIndex; \ } \ if (Operand->Flags & OP_SRC) \ { \ if (Instruction->Type != ITYPE_STRCMP) assert(!X86Instruction->HasSrcAddressing); \ X86Instruction->HasSrcAddressing = TRUE; \ X86Instruction->SrcOpIndex[X86Instruction->SrcOpCount] = (U8)OperandIndex; \ X86Instruction->SrcOpCount++; \ X86Instruction->SrcAddressIndex = (U8)OperandIndex; \ } \ } #define X86_SET_REG(reg) \ { \ if (Operand->Flags & OP_DST) \ { \ X86Instruction->DstOpIndex[X86Instruction->DstOpCount] = (U8)OperandIndex; \ X86Instruction->DstOpCount++; \ assert(OperandIndex < 2); \ if (Operand->Length > 1 && reg == REG_ESP) Instruction->Groups |= ITYPE_STACK; \ } \ if (Operand->Flags & OP_SRC) \ { \ X86Instruction->SrcOpIndex[X86Instruction->SrcOpCount] = (U8)OperandIndex; \ X86Instruction->SrcOpCount++; \ } \ } #define CHECK_AMD64_REG() { if (IS_AMD64()) Operand->Register += AMD64_DIFF; } //////////////////////////////////////////////////////////////////////// // Internal structures/variables //////////////////////////////////////////////////////////////////////// ARCHITECTURE_FORMAT_FUNCTIONS X86 = { X86_InitInstruction, NULL, X86_GetInstruction, X86_FindFunctionByPrologue }; char *X86_Registers[0xE0] = { // Segments "es", // 0x00 "cs", // 0x01 "ss", // 0x02 "ds", // 0x03 "fs", // 0x04 "gs", // 0x05 "flags", // 0x06 "eflags", // 0x07 "rflags", // 0x08 "ip+ilen", // 0x09 "eip+ilen", // 0x0A "rip+ilen", // 0x0B NULL, // 0x0C NULL, // 0x0D NULL, // 0x0E NULL, // 0x0F // Test "tr0", // 0x10 "tr1", // 0x11 "tr2", // 0x12 "tr3", // 0x13 "tr4", // 0x14 "tr5", // 0x15 "tr6", // 0x16 "tr7", // 0x17 "tr8", // 0x18 "tr9", // 0x19 "tr10", // 0x1A "tr11", // 0x1B "tr12", // 0x1C "tr13", // 0x1D "tr14", // 0x1E "tr15", // 0x1F // Control "cr0", // 0x20 "cr1", // 0x21 "cr2", // 0x22 "cr3", // 0x23 "cr4", // 0x24 "cr5", // 0x25 "cr6", // 0x26 "cr7", // 0x27 "cr8", // 0x18 "cr9", // 0x19 "cr10", // 0x1A "cr11", // 0x1B "cr12", // 0x1C "cr13", // 0x1D "cr14", // 0x1E "cr15", // 0x1F // Debug "dr0", // 0x30 "dr1", // 0x31 "dr2", // 0x32 "dr3", // 0x33 "dr4", // 0x34 "dr5", // 0x35 "dr6", // 0x36 "dr7", // 0x37 "dr8", // 0x38 "dr9", // 0x39 "dr10", // 0x3A "dr11", // 0x3B "dr12", // 0x3C "dr13", // 0x3D "dr14", // 0x3E "dr15", // 0x3F // FPU "st(0)", // 0x40 "st(1

评论收藏

内容反馈