我第一次使用ASM,在我继续之前,我需要知道当我写这篇文章时我是否理解了一切。当前代码如下所示:
push 0xDEADBEEF ; address of library name
mov eax, 0xDEADBEEF ; address of LoadLibraryA
call eax ; call LoadLibraryA
mov esi, eax ; store returned address
push 0xDEADBEEF ; address of function name
push esi
mov eax, 0xDEADBEEF ; address of GetProcAddress
call eax ; call GetProcAddress
mov esi, eax ; store returned address
push 0
push 0
push 0
call esi ; call the function returned by GetProcAddress
0xDEADBEEF只是虚拟地址,我稍后将修补。有什么不对的吗? =)
答案 0 :(得分:0)
您通常不会直接致电GetProcAddress。这是因为它是从DLL导出的。在这种情况下,链接器将执行的操作是合成GetProcAddress函数,该函数对__imp__GetProcAddress符号进行间接远程调用。请参阅http://blogs.msdn.com/b/oldnewthing/archive/2006/07/24/676669.aspx和http://blogs.msdn.com/b/oldnewthing/archive/2010/03/18/9980802.aspx