DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
for (i=dwStartMap; i <dwEndMap; i++)
{
dwCode = *(LPBYTE)i;
if (dwCode == 0xE8 || dwCode == 0xE9)//call»òjmp
{
dwAddr = i + 5 + *(LPDWORD)(i+1);//ÌøתµÄÄ¿µÄµØÖ·
if (dwAddr>dwStartMap && dwAddr <dwEndMap)
continue ; //¶ÎÄÚתÒÆ
dwCode = *(LPBYTE)(i+1);//¶Î¼äתÒÆ£¬*(LPBYTE)(i+1)ÊÇÆ«ÒÆÁ¿µÄµÍ×Ö½Ú°É£¬±£´æµ½dwCodeÓÐʲôÓã¿Ê²Ã´Âß¼£¿
if (dwCode == dwMagic)
break ; //ΪʲôÕâÑù×ö£¬Æ«ÒÆÁ¿µÄµÍ×Ö½ÚΪѻ·µÄdwMagicµÄ¸ÅÂʺÜС°¡£¬¶øÇұȽÏÀàÐÍÒ²²»Ò»ÖÂ
}
}
}//Õâ¸öÁ½²ãforÍêÁË£¬Ã»ÓÐ×öÈκβÙ×÷£¬Î¨ÓÐdwAddr±£´æÁË×îºó¸öcall»òjmpµÄÌøתµØÖ·£¬dwCodeÇ¡ºÃÊÇdwMagicµÄÖµ-¿ÉÄÜÐÔºÜС
DWORD dwMagic;
DWORD i;
BYTE dwCode;
DWORD dwAddr;
dwStartMap = SH->VirtualAddress + (DWORD)MapOfFile;//¶ÎÏÖÔÚÊ×µØÖ·
dwEndMap = SH->Misc.VirtualSize + dwStartMap;//¶ÎÏÖÔÚÄ©µØÖ·
i = 0;
for (dwMagic=1; dwMagic <0xFF; dwMagic++)
{
if (i == dwEndMap)
break ;
13¸öÈËΧ³ÉһȦ£¬´ÓµÚÒ»¸öÈË¿ªÊ¼Ë³Ðò±¨ºÅ1£¬2£¬3¡£·²±¨µ½3ÕßÍ˳öȦ×Ó£¬ÕÒ³ö×îºóÁôÔÚȦ×ÓÖеÄÈËÔÀ´µÄÐòºÅ
½á¹ûÓ¦¸ÃÊÇ13 ¿ÉÎҵijÌÐòµÄ½á¹ûÊÇ11 Ï£ÍûºÃÐÄÈË°ï¸ÄÒ»ÏÂ
#include <stdio.h>
#include < ......
ÏÂÃæÊÇÎҵĴúÂë ´ÓÄÚ´æдÈëÎļþÕýÈ· µ«´ÓÎļþ¶ÁÈëÄڴ涼ÊÇÂÒÂë ¶øÇÒ³ÌÐò±ÀÀ£ Çëc¸ßÊÖÖ¸µã
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct inf
{
& ......
