{"version":"1.0","provider_name":"mnihyc&#039;s Blog","provider_url":"https:\/\/cf.mnihyc.com\/blog","title":"Win32 \u4e0b Hook \u51fd\u6570\u7684\u51e0\u79cd\u65b9\u6cd5 - mnihyc&#039;s Blog","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"0XFxZoC08G\"><a href=\"https:\/\/cf.mnihyc.com\/blog\/archives\/1715\">Win32 \u4e0b Hook \u51fd\u6570\u7684\u51e0\u79cd\u65b9\u6cd5<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/cf.mnihyc.com\/blog\/archives\/1715\/embed#?secret=0XFxZoC08G\" width=\"600\" height=\"338\" title=\"\u300a Win32 \u4e0b Hook \u51fd\u6570\u7684\u51e0\u79cd\u65b9\u6cd5 \u300b\u2014mnihyc&#039;s Blog\" data-secret=\"0XFxZoC08G\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script>\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/\/# sourceURL=https:\/\/cf.mnihyc.com\/blog\/wp-includes\/js\/wp-embed.min.js\n<\/script>\n","description":"\u9047\u5230\u4e86\u9700\u8981 Hook \u4e00\u4e9b\u51fd\u6570\u7684\u60c5\u51b5\uff0cWinAPI \u7684 __stdcall \u6216\u662f IDA \u5206\u6790\u51fa\u6765\u7684 __usercall\uff0c\u7559\u6b64\u7eaa\u5f55\u3002\u6d4b\u8bd5\u73af\u5883\u4e3a Win32\uff0c\u7f16\u8bd1\u5668\u4e3a MSVC\u3002 &nbsp; &nbsp; \u76ee\u5f55 \u666e\u901a JMP\uff08\u4e0d\u63a8\u8350\uff09 \u5e26 Gadget \u7684 JMP \u66ff\u6362 IAT\uff08\u4ec5\u9002\u7528 PE\uff09","thumbnail_url":"https:\/\/mnihyc.com\/blog\/wp-content\/uploads\/2022\/04\/1715-gadget_jmp.png"}