调用MoveMemory这个API函数，视乎并没有成功执行，不知原因

步履人生 2020-01-04 04:53:52

[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

[DllImport("kernel32.dll")]
public static extern IntPtr LoadLibrary(string name);

[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern IntPtr GetModuleHandle(string lpModuleName);

[DllImport("kernel32")]
public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);

[DllImport("kernel32.dll", EntryPoint = "RtlMoveMemory", SetLastError = false)]
public static extern void MoveMemory(object dest, object src, int size);

private IntPtr m_pFunc;
private byte[] m_OriginBytes = new byte[6];
private byte[] m_HookBytes = new byte[6];
private bool m_bFlag;
private bool Hook()
{
byte[] TmpBytes = new byte[6];
IntPtr p;
uint OriginProtect;
bool bRet = false;

m_pFunc = GetProcAddress(GetModuleHandle("user32.dll"), "MessageBoxA");

if (VirtualProtect(m_pFunc, (UIntPtr)6, 0x40, out OriginProtect))
{
unsafe
{
fixed (byte* pb = TmpBytes)
{
MoveMemory(*pb, m_pFunc, 6); // 查看TmpBytes数组，里面并没有任何东西。
}
}
bRet = true;
}
return bRet ;
}

...全文

177 1 打赏收藏转发到动态举报

写回复

用AI写文章

1 条回复

切换为时间正序

请发表友善的回复…

发表回复

清晨曦月 2020-01-04

打赏
举报

这个object怕是不妥，而且这个size_t len。。size_t也应该用平台相关类型。

你可以尝试一下下面的两种方法
<DllImport("kernel32.dll", CharSet:=CharSet.Auto, SetLastError:=True)>
Public Shared Sub MoveMemory(ByVal dest() As Byte, src As IntPtr, size As IntPtr)
End Sub
Dim hproc As IntPtr = GetProcAddress(GetModuleHandle("USER32.DLL"), "MessageBoxW")

Dim bs(5) As Byte
For i As Integer = 0 To 5
bs(i) = Marshal.ReadByte(hproc, i)
Next

Dim bs1(5) As Byte
MoveMemory(bs1, hproc, bs1.Length)