Update and more comment

12453f06 · Peacoor Zomboss · 521ebef3 · 12453f06 · 12453f06
隐藏空白更改
内联并排

Showing with 13 addition and 13 deletion

230131-inlinehook/multithreadhook.cpp 230131-inlinehook/multithreadhook.cpp +3 -3

230131-inlinehook/simplehook.cpp 230131-inlinehook/simplehook.cpp +10 -10

未找到文件。
--- a/230131-inlinehook/multithreadhook.cpp
+++ b/230131-inlinehook/multithreadhook.cpp
@@ -95,7 +95,7 @@ void dohook()
    WriteProcessMemory(GetCurrentProcess(), blank, &blank_jump, 14, NULL);
    // 保存原来的入口代码
    memcpy(old_entry, hook_func, ENTRY_LEN);
-    ptr64.ptr = (BYTE *)hook_func + ENTRY_LEN;
+    ptr64.ptr = (BYTE *)hook_func + ENTRY_LEN; // 计算跳回去的地址
    // 设置新的跳转代码
    BYTE *new_jump = (BYTE *)old_entry + ENTRY_LEN;
    new_jump[0] = 0x68;
@@ -113,7 +113,7 @@ void dohook()
    memcpy(old_entry, hook_func, ENTRY_LEN); // 保存入口
    BYTE *new_jump = (BYTE *)old_entry + ENTRY_LEN;
    *new_jump = 0xE9; // 跳回去的代码
-    *(long *)(new_jump + 1) = (BYTE *)hook_func + ENTRY_LEN - new_jump - 5;
+    *(long *)(new_jump + 1) = (BYTE *)hook_func + ENTRY_LEN - new_jump - 5; // 计算跳回去的指令
 #endif
    _WriteConsoleA = (WRITECONSOLEA)old_entry;
    WriteProcessMemory(GetCurrentProcess(), hook_func, &hook_jump, HOOK_JUMP_LEN, NULL);
@@ -130,7 +130,7 @@ DWORD WINAPI thread_writehello(void *stdh)
    DWORD id = GetCurrentThreadId();
    char str[64];
    for (int i = 0; i < 10; i++) {
-        int len = sprintf(str, "%d: Hello World %d\n", id, i);
+        int len = sprintf(str, "%d:\t Hello World %d\n", id, i);
        WriteConsoleA(stdh, str, len, NULL, NULL);
    }
    return 0;

--- a/230131-inlinehook/simplehook.cpp
+++ b/230131-inlinehook/simplehook.cpp
@@ -25,9 +25,9 @@ char old_entry[HOOK_JUMP_LEN];

 void inithook()
 {
-    HMODULE hmodule = GetModuleHandleA("kernelbase.dll");
-    hook_func = (void *)GetProcAddress(hmodule, "WriteConsoleA");
-    VirtualProtect(hook_func, HOOK_JUMP_LEN, PAGE_EXECUTE_READWRITE, NULL);
+    HMODULE hmodule = GetModuleHandleA("kernelbase.dll"); // 获取模块句柄
+    hook_func = (void *)GetProcAddress(hmodule, "WriteConsoleA"); // 找到函数地址
+    VirtualProtect(hook_func, HOOK_JUMP_LEN, PAGE_EXECUTE_READWRITE, NULL); // 允许函数头部内存可读写
 #ifdef _CPU_X64
    union
    {
@@ -37,22 +37,22 @@ void inithook()
            long lo;
            long hi;
        };
-    } ptr64;
+    } ptr64; // 便于获取指针变量的高4字节和低4字节
    ptr64.ptr = (void *)fk_WriteConsoleA;
    hook_jump[0] = 0x68; // push xxx
-    *(long *)&hook_jump[1] = ptr64.lo; // xxx，即地址的低4位
+    *(long *)&hook_jump[1] = ptr64.lo; // xxx，即地址的低4字节
    hook_jump[5] = 0xC7;
    hook_jump[6] = 0x44;
    hook_jump[7] = 0x24;
    hook_jump[8] = 0x04; // mov dword [rsp+4], yyy
-    *(long *)&hook_jump[9] = ptr64.hi; // yyy，即地址的高4位
+    *(long *)&hook_jump[9] = ptr64.hi; // yyy，即地址的高4字节
    hook_jump[13] = 0xC3; // ret
 #endif
 #ifdef _CPU_X86
-    hook_jump[0] = 0xE9;
-    *(long *)&hook_jump[1] = (BYTE *)fk_WriteConsoleA - (BYTE *)hook_func - 5;
+    hook_jump[0] = 0xE9; // jmp
+    *(long *)&hook_jump[1] = (BYTE *)fk_WriteConsoleA - (BYTE *)hook_func - 5; // 计算指令内容
 #endif
-    memcpy(&old_entry, hook_func, HOOK_JUMP_LEN);
+    memcpy(&old_entry, hook_func, HOOK_JUMP_LEN); // 保存原来的指令
 }

 void dohook()
@@ -83,7 +83,7 @@ DWORD WINAPI thread_writehello(void *stdh)
    DWORD id = GetCurrentThreadId();
    char str[64];
    for (int i = 0; i < 10; i++) {
-        int len = sprintf(str, "%d: Hello World %d\n", id, i);
+        int len = sprintf(str, "%d:\t Hello World %d\n", id, i);
        WriteConsoleA(stdh, str, len, NULL, NULL);
    }
    return 0;