2,641
社区成员
发帖
与我相关
我的任务
分享
enum ApiIdEnum
{
NDSAPIID_FS_OpenFile,
NDSAPIID_COUNT
};
typedef int BOOL;
#define TRUE 1
#define FALSE 0
int g_nApiAddress[NDSAPIID_COUNT];
BOOL HOOK_FS_OpenFile( void *p_file, const char *path )
{
//拆除钩子
ApiHook(g_nApiAddress[NDSAPIID_FS_OpenFile],HOOK_FS_OpenFile,FALSE);
BOOL (*FS_OpenFile)( void *p_file, const char *path ) = g_nApiAddress[NDSAPIID_FS_OpenFile];
//调用原过程
BOOL bRet = FS_OpenFile(p_file,path);
//安装钩子
ApiHook(g_nApiAddress[NDSAPIID_FS_OpenFile],HOOK_FS_OpenFile,TRUE);
return bRet;
}
void _start()
{
g_nApiAddress[NDSAPIID_FS_OpenFile] = 0x2008AF8;
ApiHook(g_nApiAddress[NDSAPIID_FS_OpenFile],HOOK_FS_OpenFile,TRUE);
}
typedef struct HookInfo
{
int code;
int funaddr;
}HookInfo;
HookInfo g_hookInfo[NDSAPIID_COUNT];
BOOL ApiHook(int nHookFromAddress,int nHookToAddress,BOOL bHook)
{
if(nHookFromAddress == 0)
return FALSE;
for(int i=0;i<NDSAPIID_COUNT;++i)
{
//安装钩子
if(bHook && g_hookInfo[i].funaddr == 0)
{
//发现未使用的钩子结构,保存
g_hookInfo[i].code = *(int*)nHookFromAddress;
g_hookInfo[i].funaddr = nHookToAddress;
//指令劫持
// b 0x02XXXXXX
// 奇怪
*(int*)nHookFromAddress = 0xe9fffffe + (nHookToAddress-nHookFromAddress)/4;
return TRUE;
}
//拆除钩子
if(!bHook && g_hookInfo[i].funaddr == nHookToAddress)
{
//还原劫持的指令
*(int*)nHookFromAddress = g_hookInfo[i].code;
//清除钩子结构
g_hookInfo[i].funaddr = 0;
return TRUE;
}
}
return FALSE;
}