33,006
社区成员
发帖
与我相关
我的任务
分享
void func(char *str)
{
char buffer[24];
__asm
{
mov eax, dword ptr [ebp + 4];
add eax, 33;
mov dword ptr [ebp + 4], eax;
}
strcpy(buffer,str);
}
void func(char *str/*, int a = 0*/)
{
char buffer[24];
int *ret;
ret = (int*)&str;
ret--;
*ret += 20;
strcpy(buffer,str);
}
int main(int argc, char **argv) {
int x;
x = 0;
func(argv[1]);
x = 1;
printf("x is 1");
printf("x is 0");
}
#include <windows.h>
void func(char *str, int a = 0)
{
char buffer[24];
int *ret;
ret = (int*)&str;
ret--;
unsigned char* pNextCode = (unsigned char*)*ret;
pNextCode += 3;
unsigned char code[] = {0xEB, 0x12};
DWORD nWritten;
WriteProcessMemory(GetCurrentProcess(), pNextCode, code, 2, &nWritten);//将下一条指令强制改写成printf("x is 0");的地址
strcpy(buffer,str);
}
int main(int argc, char **argv) {
int x;
x = 0;
func(argv[1]);
x = 1;
printf("x is 1");
printf("x is 0");
}