在Windows 32位和64位之间的code的差别 [英] Differences in code between Windows 32 bits and 64 bits
问题描述
我用下面的code试验,以模拟GetProcAddress的。
I was experimenting with the following code to simulate GetProcAddress.
// Retrieve NT header from base address.
IMAGE_NT_HEADERS *GetNtHeaderFromBase( void *pBaseAddr )
{
IMAGE_DOS_HEADER *pDosHeader;
IMAGE_NT_HEADERS *pNtHeaders;
pDosHeader = ((IMAGE_DOS_HEADER *)pBaseAddr);
if(pDosHeader->e_magic != 0x5A4D)
return NULL;
pNtHeaders = ((IMAGE_NT_HEADERS *)((DWORD)pBaseAddr + pDosHeader->e_lfanew));
if(pNtHeaders->Signature != 0x4550)
return NULL;
return ((pNtHeaders == NULL) ? NULL : pNtHeaders);
}
// This emulates GetProcAddress.
void *GetFuncAddr( DWORD pBaseAddr, char *lpszFuncName )
{
IMAGE_NT_HEADERS *pNtHeaders;
IMAGE_DATA_DIRECTORY *pDataDir;
IMAGE_EXPORT_DIRECTORY *pExportDir;
const char **lpszNames;
DWORD *lpdwFuncs, dwIndex;
pNtHeaders = GetNtHeaderFromBase((void *)pBaseAddr);
if(pNtHeaders == NULL)
return NULL;
pDataDir = ((IMAGE_DATA_DIRECTORY *)(pNtHeaders->OptionalHeader.DataDirectory + IMAGE_DIRECTORY_ENTRY_EXPORT));
if(pDataDir == NULL)
return NULL;
pExportDir = ((IMAGE_EXPORT_DIRECTORY *)(pBaseAddr + pDataDir->VirtualAddress));
if(pExportDir == NULL)
return NULL;
lpdwFuncs = ((DWORD *)(pBaseAddr + pExportDir->AddressOfFunctions));
lpszNames = ((const char **)(pBaseAddr + pExportDir->AddressOfNames));
if(lpdwFuncs == NULL || lpszNames == NULL)
return NULL;
for(dwIndex = 0; dwIndex < pExportDir->NumberOfFunctions; dwIndex++)
{
// decrypt funcname and get the address
if(!cmpstr(((char *)(pBaseAddr + lpszNames[dwIndex])), lpszFuncName))
return (void*)(pBaseAddr + lpdwFuncs[dwIndex]);
}
return NULL;
}
但是,当我在Windows Vista 64位运行的程序,我得到一个访问冲突。我认为这是对GetNtHeaderFromBase的数字(上IMAGE_DOS_HEADER和IMAGE_NET_HEADER通过数字),但我找不到任何地方的任何引用至于什么它可能是在64位二进制。
But when I run the program on a Windows Vista x64 I get an access violation. I thought it was the numbers on GetNtHeaderFromBase (the numbers passed on IMAGE_DOS_HEADER and IMAGE_NET_HEADER) but i can't find any reference anywhere as to what it might be on a x64 bit binary.
任何人有任何想法,我需要什么样的变化,使这个code,使其在64位Windows上工作?
或者,更好的方式来实现GetProcAddress的类似功能上都X32和x64?
Anyone has any idea what changes do I need to make to this code to make it work under 64 bit Windows? Or, a better way to achieve a getprocaddress-like function that works on both x32 and x64?
感谢您的帮助和code。
Thank you for the help and the code.
杰西。
推荐答案
之所以是,你存储为pBaseAddr方法的DWORD的指针大小的值。指针值在64位Windows 8字节,而一个DWORD只有4个字节。你需要做以下操作之一
The reason why is that you're storing a pointer sized value in a DWORD for the pBaseAddr method. Pointer values are 8 bytes on 64 bit windows while a DWORD is only 4 bytes. You need to do one of the following
- 通pBaseAddr作为指针(preferred的方法)
- 将它作为
为size_t这将是正确的4个字节的32位Windows和8个字节的64位Windows。
- Pass pBaseAddr as a pointer (preferred approach)
- Pass it as a
size_twhich will correctly be 4 bytes on 32 bit windows and 8 bytes on 64 bit windows.
这篇关于在Windows 32位和64位之间的code的差别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
