thunk.cpp

SHA家族加密算法实现方式, C语言版本

/********************************************************************

Copyright 2006-2008 ZHANG Luduo. All Rights Reserved.

Permission to use, copy, modify, distribute and sell this software
and its documentation for any purpose is hereby granted without fee,
provided that the above copyright notice appear in all copies and
that both that copyright notice and this permission notice appear
in supporting documentation.

********************************************************************/

/*

代码说明 : 

	thunk - 动态替换CPU指令
	利用这个类可以将Windows API的回调函数封装
	成C++类成员.这份代码只能在x86的CPU上执行.

联系方式:

	作者  - 张鲁夺
	MSN   - zhangluduo@msn.com
	Email - zhangluduo@163.com
	QQ群  - 34064264, 56918155

为所有爱我的人和我爱的人努力!

*/

#include "stdafx.h"
#include "Thunk.h" 

void* Thunk::Thiscall(void* pThis, unsigned long MemberFxnAddr)
{
//	Encoded machine instruction   Equivalent assembly languate notation
//	---------------------------   -------------------------------------
//	B9 ?? ?? ?? ??                mov    ecx, pThis  ; Load ecx with this pointer
//	E9 ?? ?? ?? ??                jmp    target addr ; Jump to target message handler

//	unsigned long JmpAddr					= MemberFxnAddr - (unsigned long) &m_ThiscallCode - sizeof(m_ThiscallCode);
//	m_ThiscallCode[0]						= 0xB9;
//	m_ThiscallCode[5]						= 0xE9;
//	*((unsigned long *) &m_ThiscallCode[1]) = (unsigned long) pThis;
//	*((unsigned long *) &m_ThiscallCode[6]) = JmpAddr;
//
//	return (void*)m_ThiscallCode;

	m_THISCALL.Mov	= 0xB9;
	m_THISCALL.This	= (unsigned long) pThis;
	m_THISCALL.Jmp	= 0xE9;
	m_THISCALL.Adrr	= MemberFxnAddr - (unsigned long)&m_THISCALL - sizeof(THUNK_THISCALL);

	return (void*)(&m_THISCALL);
}

void* Thunk::Stdcall(void* pThis, unsigned long MemberFxnAddr)
{
//	Encoded machine instruction   Equivalent assembly languate notation
//	---------------------------   -------------------------------------
//	FF 34 24                      push  dword ptr [esp]				; Save (or duplicate)
//																	; the return Address into stack
//	C7 44 24 04 ?? ?? ?? ??       mov   dword ptr [esp+4], pThis	; Overwite the old; 
//																	; Return Address with 'this pointer'
//	E9 ?? ?? ?? ??                jmp   target addr					; Jump to target message handler

//	unsigned long JmpAddr					= MemberFxnAddr - (unsigned long) &m_StdcallCode - sizeof(m_StdcallCode);
//	m_StdcallCode[11]						= 0xE9; 
//	*((unsigned long *) &m_StdcallCode[ 0]) = 0x002434FF;
//	*((unsigned long *) &m_StdcallCode[ 3]) = 0x042444C7;
//	*((unsigned long *) &m_StdcallCode[ 7]) = (unsigned long) pThis;
//	*((unsigned long *) &m_StdcallCode[12]) = JmpAddr;
//
//	return (void*)m_StdcallCode;

	m_STDCALL.Push[0]	= 0xFF;
	m_STDCALL.Push[1]	= 0x34;
	m_STDCALL.Push[2]	= 0x24;
	m_STDCALL.Move		= 0x042444C7;
	m_STDCALL.This		= (unsigned long) pThis;
	m_STDCALL.Jmp		= 0xE9;
	m_STDCALL.Adrr		= MemberFxnAddr - (unsigned long)&m_STDCALL - sizeof(THUNK_STDCALL);

	return (void*)(&m_STDCALL);
}