是否可以使用内联汇编在Visual Studio 2010 c ++中找到代码的地址? [英] Is finding code's address in visual studio 2010 c++ using in-line assembly possible?

问题描述

让我们说我想用一个返回其返回地址的c ++代码编写一个内联汇编函数.

Lets say I want to write an inline assembly function in a c++ code that returns its return address.

因此，如果我从某个地址调用函数returnAddress()，并且函数完成后需要返回到地址X，我希望returnAddress()返回值X.

So if I'm calling the function returnAddress() from some address and it needs to return to the address X after the function is done, I want returnAddress() to return the value X.

returnAddress()的代码示例:

example of code for returnAddress():

void* getAddress()
{
    __asm {
        pop ebx;     // moving return offset to ebx?
        push ebx;    // restoring stack state
        xor eax, eax;
        mov ax, cs;  // ax <- code segment
        mov ecx, 16;
        mul ecx;     // multiplying the code segment by 16
        add eax, ebx;// adding offset
    }
}

以前的代码无法正常工作，因为当我按alt + 8时，我可以清楚地看到我的代码的地址与该函数的返回值完全不同.

The previous code doesn't work correctly, since when I press alt+8 I can clearly see my code's address is completely different from the return value of this function.

之所以要在内存中找到代码的地址，是因为我想在代码本身运行时尝试对其进行更改.如果还有其他方法无需使用内联汇编(也许使用Windows API?)来查找我的代码地址，请告诉我.

The reason I want to find my code's address in the memory is because I want to try and change it while the code itself is running. If there is any other way to find the address of my code without using inline assembly (maybe using windows API?) let me know please.

我非常确定我什至无法在Visual Studio 2010中使用CS的(代码段)值，所以这可能是导致我出现问题的原因... CS始终等于35. VS2010运行虚拟机，程序集视图(alt + 8)是否显示不正确的地址?

Also I'm pretty sure I can't even use CS's (code segment) value using visual studio 2010, so maybe that's what causing me problems... CS always equals to 35. Does the assembly view (alt+8) show incorrect addresses because VS2010 runs a virtual machine?

这是我在这里的第一篇文章，所以也许我没有说清楚我的观点.请让我知道是否可以解释一下自己.

This is my first post here so maybe I didn't make my point very clear. Please let me know if I can explain myself to make it any clearer.

推荐答案

代码段仅在16位系统中使用.随着32位的引入，代码段消失了.

Code segments are only used in 16-bit systems. With the introduction of 32-bit, code segments went away.

您可以使用VisualStudio的固有_ReturnAddress()函数:

You can use VisualStudio's intrinsic _ReturnAddress() function:

void * _ReturnAddress(void);
#pragma intrinsic(_ReturnAddress)

void* getAddress()
{
    return _ReturnAddress();
}

如果要手动执行此操作，例如在非VisualStudio编译器上运行，则32位x86函数调用的调用堆栈包含完整的32位返回地址，因此您可以按原样返回:/p>

If you want to do it manually, say on a non-VisualStudio compiler, then the call stack of a 32-bit x86 function call contains the full 32-bit return address, so you can return it as-is:

void* __declspec(naked) getAddress()
{
    asm
    {
        mov eax, [esp];
        ret;
    }
}

对于x64函数调用，您应该能够使用等效的64位寄存器:

For x64 function calls, you should be able to use the equivilent 64-bit registers:

void* __declspec(naked) getAddress()
{
    asm
    {
        mov rax, [rsp];
        ret;
    }
}

这篇关于是否可以使用内联汇编在Visual Studio 2010 c ++中找到代码的地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！