我目前正在学习如何挂钩一些函数,我只想插入这个简单的内联程序集:
__asm {
CMP [ebp + 8], 1
JNZ short 01311723
jmp [jmpBackAddy]
}
但是 Visual Studio 给了我这个错误:
严重性代码 描述 项目文件行抑制状态错误 C2400 “第一个操作数”中的内联汇编器语法错误;找到“常数”
我究竟做错了什么?我虽然可以复制 OllyDbg 的程序集但 Visual Studio 不接受它
内联程序集无法编译
逆向工程
部件
C++
函数挂钩
2021-06-12 10:49:31
1个回答
Yes01311723是一个常量,编译器不知道它是什么
无论是将编译器知道什么jmpBackAddy是
对于常量,您需要用标签替换它并定义标签的标签,您需要在 asm src 代码中定义它
#include <windows.h>
#pragma comment(lib ,"user32.lib")
#pragma comment(lib ,"kernel32.lib")
int CALLBACK WinMain( _In_ HINSTANCE, _In_opt_ HINSTANCE, _In_ LPSTR, _In_ int)
{
MessageBoxA(NULL,"Hello World","Hello World",MB_OK);
jmpBackAddy: <<< defined here
__asm
{
CMP [ebp + 8], 1
JNZ short label
jmp [jmpBackAddy]
}
label: < defined here
MessageBoxA(NULL,"Hello jnz","how are you jnz",MB_OK);
ExitProcess(0);
}
编译并链接到
cl /nologo /Zi /EHsc /O1 /analyze /W4 *.cpp /link /release /entry:WinMain
Msgbox.cpp
e:\test\msgbox\msgbox.cpp(5) : warning C4740: flow in or out of inline asm code suppresses global optimization
并拆解
Msgbox!WinMain:
00021000 55 push ebp
00021001 8bec mov ebp,esp
00021003 6a00 push 0
00021005 6810200200 push offset Msgbox!`string' (00022010)
0002100a 6810200200 push offset Msgbox!`string' (00022010)
0002100f 6a00 push 0
00021011 ff1508200200 call dword ptr [Msgbox!_imp__MessageBoxA (00022008)]
Msgbox!WinMain+0x17:
00021017 807d0801 cmp byte ptr [ebp+8],1
0002101b 7502 jne Msgbox!WinMain+0x1f (0002101f)
Msgbox!WinMain+0x1d:
0002101d ebf8 jmp Msgbox!WinMain+0x17 (00021017)
Msgbox!WinMain+0x1f:
0002101f 6a00 push 0
00021021 681c200200 push offset Msgbox!`string' (0002201c)
00021026 682c200200 push offset Msgbox!`string' (0002202c)
0002102b 6a00 push 0
0002102d ff1508200200 call dword ptr [Msgbox!_imp__MessageBoxA (00022008)]
00021033 6a00 push 0
00021035 ff1500200200 call dword ptr [Msgbox!_imp__ExitProcess (00022000)]
0002103b 5d pop ebp
0002103c c21000 ret 10h
其它你可能感兴趣的问题