c++获取jmp esp的内存地址-获取jmp esp内存地址的c代码
最红运行的结果如下:
OPCODE found at 0x7c93fcd8
END OFntdllMEMORY REACHED
Press any key to continue
#include<windows.h>
#include<iostream.h>
#include<tchar.h>
int main()
{
int nRetCode=0;
bool we_load_it=false;
HINSTANCE h;
TCHAR dllname[]=_T("ntdll");
h=GetModuleHandle(dllname);
if(h==NULL)
{h=LoadLibrary(dllname);
if(h==NULL)
{cout<<"ERROR LOADING DLL:"<<dllname<<endl;
return 1;
}
we_load_it=true;
}
BYTE* ptr=(BYTE*)h;
bool done=false;
for(int y=0;!done;y++)
{try
{
if(ptr[y]==0xFF&&ptr[y+1]==0xE4)
{int pos=(int)ptr+y;
cout<<"OPCODE found at 0x"<<hex<<pos<<endl;}}
catch(…)
{
cout<<"END OF"<<dllname<<"MEMORY REACHED"<<endl;
done=true;
}
}
if(we_load_it)
FreeLibrary(h);
return nRetCode;
}
