ZhiChen
April 7th, 1999, 10:48 PM
Her my little Code, but I don't know why it isn't work ;-(
// DLL
extern "C" BOOL PASCAL EXPORT RepTextOut()
{
AFX_MANAGE_STATE(AfxGetStaticModuleState());
// normal function body here
for(int i = 0; i < 5000; i++)
;
return TRUE;
}
// Main Prog
void CAllocView::OnTest1()
{
// TODO: Add your command handler code here
HANDLE hMod;
FARPROC proc;
DWORD dErr;
CClientDC dc(this);
dc.TextOut(0, 0, "Hello!");
hMod = ::GetModuleHandle("GDI32");
#if defined (UNICODE)
proc = ::GetProcAddress(hMod, "TextOutW");
#else
proc = ::GetProcAddress((HMODULE)hMod, "TextOutA");
#endif
if (proc == NULL)
DWORD dWord = ::GetLastError();
if (!IsBadCodePtr(proc))
TRACE("Can Read Access!\n");
if (!IsBadWritePtr(proc, 5))
TRACE("Can Write Access!\n");
FARPROC lpfn1;
HINSTANCE hMyApp;
hMyApp = ::LoadLibrary("RepTextOut.dll");
if (hMyApp)
lpfn1 = ::GetProcAddress((HMODULE)hMyApp, "RepTextOut");
BYTE* lpfn = (BYTE*)lpfn1;
FARPROC* pAddress = new FARPROC;
try
{
*pAddress = lpfn1;
}
catch(CException* e)
{
e->ReportError();
delete e;
}
DWORD dOldProtect;
if (!::VirtualProtect(proc, 5, PAGE_EXECUTE_READWRITE, &dOldProtect))
dErr = ::GetLastError();
if (!::VirtualLock(proc, 5))
{
dErr = ::GetLastError();
}
//BYTE* lp = (BYTE*)proc;
// BYTE byte[5];
// for(int i = 0; i < 5; i++)
// byte[i] = *(lp + i);
*((BYTE*)proc) = 0XEA;
//for(i = 1; i < 5; i++)
// *(lp + i) = *((BYTE*)(pAddress + i - 1));
if (!::VirtualUnlock(proc, 5))
dErr = ::GetLastError();
DWORD d;
if (!::VirtualProtect(proc, 5, dOldProtect, &d))
dErr = ::GetLastError();
dc.TextOut(0, 100, "Modified OK!");
if (!::FreeLibrary(hMyApp))
dErr = ::GetLastError();
}
At last, I can't reset TextOutA funtion address.
Thank you for your help
Jerry Chen
// DLL
extern "C" BOOL PASCAL EXPORT RepTextOut()
{
AFX_MANAGE_STATE(AfxGetStaticModuleState());
// normal function body here
for(int i = 0; i < 5000; i++)
;
return TRUE;
}
// Main Prog
void CAllocView::OnTest1()
{
// TODO: Add your command handler code here
HANDLE hMod;
FARPROC proc;
DWORD dErr;
CClientDC dc(this);
dc.TextOut(0, 0, "Hello!");
hMod = ::GetModuleHandle("GDI32");
#if defined (UNICODE)
proc = ::GetProcAddress(hMod, "TextOutW");
#else
proc = ::GetProcAddress((HMODULE)hMod, "TextOutA");
#endif
if (proc == NULL)
DWORD dWord = ::GetLastError();
if (!IsBadCodePtr(proc))
TRACE("Can Read Access!\n");
if (!IsBadWritePtr(proc, 5))
TRACE("Can Write Access!\n");
FARPROC lpfn1;
HINSTANCE hMyApp;
hMyApp = ::LoadLibrary("RepTextOut.dll");
if (hMyApp)
lpfn1 = ::GetProcAddress((HMODULE)hMyApp, "RepTextOut");
BYTE* lpfn = (BYTE*)lpfn1;
FARPROC* pAddress = new FARPROC;
try
{
*pAddress = lpfn1;
}
catch(CException* e)
{
e->ReportError();
delete e;
}
DWORD dOldProtect;
if (!::VirtualProtect(proc, 5, PAGE_EXECUTE_READWRITE, &dOldProtect))
dErr = ::GetLastError();
if (!::VirtualLock(proc, 5))
{
dErr = ::GetLastError();
}
//BYTE* lp = (BYTE*)proc;
// BYTE byte[5];
// for(int i = 0; i < 5; i++)
// byte[i] = *(lp + i);
*((BYTE*)proc) = 0XEA;
//for(i = 1; i < 5; i++)
// *(lp + i) = *((BYTE*)(pAddress + i - 1));
if (!::VirtualUnlock(proc, 5))
dErr = ::GetLastError();
DWORD d;
if (!::VirtualProtect(proc, 5, dOldProtect, &d))
dErr = ::GetLastError();
dc.TextOut(0, 100, "Modified OK!");
if (!::FreeLibrary(hMyApp))
dErr = ::GetLastError();
}
At last, I can't reset TextOutA funtion address.
Thank you for your help
Jerry Chen