迂回并使用_thiscall作为钩子（GCC调用约定） [英] Detouring and using a _thiscall as a hook (GCC calling convention)

问题描述

我最近一直在研究迂回函数（只在Linux），迄今为止我取得了巨大的成功。我在开发自己的绕行课程，直到我找到这个我将代码现代化了一点，并将其转换为C ++（作为一类课程）。该代码就像任何其他的detour实现，它用JMP替换原来的函数地址到我自己指定的hook函数。它还为原始函数创建了一个蹦床。

I've recently been working on detouring functions (only in Linux) and so far I've had great success. I was developing my own detouring class until I found this. I modernized the code a bit and converted it to C++ (as a class of course). That code is just like any other detour implementation, it replaces the original function address with a JMP to my own specified 'hook' function. It also creates a 'trampoline' for the original function.

一切都完美无缺，但我想做一个简单的调整。我在纯C ++程序，我没有使用全局函数，一切都封装在类中（就像Java / C＃）。问题是这种迂回方法打破了我的模式。 hook函数需要是一个静态/非类函数。

Everything works flawlessly but I'd like to do one simple adjustement. I program in pure C++, I use no global functions and everything is enclosed in classes (just like Java/C#). The problem is that this detouring method breaks my pattern. The 'hook' function needs to be a static/non-class function.

我想做的是实现对_thiscall钩子的支持（使用GCC _thiscall 约定应该非常简单）。我没有成功修改这段代码使用_thiscall钩子。我想要的最终结果是这样简单的东西; PatchAddress（void * target，void * hook，void * class）; 。我不是要求任何人为我做这个，但我想知道如何解决/处理我的问题？

What I want to do is to implement support for _thiscall hooks (which should be pretty simple with the GCC _thiscall convention). I've had no success modifying this code to work with _thiscall hooks. What I want as an end result is something just as simple as this; PatchAddress(void * target, void * hook, void * class);. I'm not asking anyone to do this for me, but I would like to know how to solve/approach my problem?

从我知道，我只需要增加'补丁'的大小（即它现在是5个字节，我应该需要一个额外的5个字节？），然后在我使用JMP调用（我的钩子函数），我推我的'this'指针到堆栈（应该像我将其称为成员函数）。为了说明：

From what I know, I should only need to increase the 'patch' size (i.e it's now 5 bytes, and I should require an additional 5 bytes?), and then before I use the JMP call (to my hook function), I push my 'this' pointer to the stack (which should be as if I called it as a member function). To illustrate:

push 'my class pointer'
jmp <my hook function>

而不是直接调用/ jmp。这是正确的方法，还是有一些下面的东西需要考虑（注意：我不在乎支持VC ++ _thiscall）？

Instead of just having the 'jmp' call directly/only. Is that the correct approach or is there something else beneath that needs to be taken into account (note: I do not care about support for VC++ _thiscall)?

注意：以下是我对上述代码的实现： header ：源，使用 libudis86

NOTE: here's is my implementation of the above mentioned code: header : source, uses libudis86

推荐答案

我尝试了几种不同的方法，其中有JIT compile =http://download.savannah.gnu.org/releases/dotgnu-pnet/libjit-releases/ =nofollow> libjit ），但该方法未能为其提供足够的性能可用。相反，我转向 libffi ，用于在运行时动态调用函数。 libffi 库有一个关闭API（ ffi_prep_closure_loc ），使我能够为每个生成的闭包提供'this'指针。所以我使用一个静态回调函数，并将 void 指针转换为我的对象类型，从那里我可以调用任何非静态函数我希望！

I tried several different methods and among these were JIT compile (using libjit) which proved successful but the method did not provide enough performance for it to be usable. Instead I turned to libffi, which is used for calling functions dynamically at run-time. The libffi library had a closure API (ffi_prep_closure_loc) which enabled me to supply my 'this' pointer to each closure generated. So I used a static callback function and converted the void pointer to my object type and from there I could call any non-static function I wished!

这篇关于迂回并使用_thiscall作为钩子（GCC调用约定）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！