[MetaHook] Find a function signature

时间：2015-09-06 21:32:56 阅读：235 评论：0 收藏：0 [点我收藏+]

标签：

Find a non-public function signature, we need a tool "IDA Pro"

( You can open picture in a new window :D )

Step 1

Load your PE file in IDA

技术分享

Step 2

Find your function, you can use F5 to decompile a function

You can refer to the string and function to locate your function

技术分享

Step 3

Find your function signature

Open IDA Hex view

技术分享

And double-click your function in Function List (on IDA Window left)

技术分享

All right, this is your function signature, copy this line

Step 4

Maby you use the signature in C/C++

Now, you can use SearchPattern() to get the function address in memory.

标签：

原文地址：http://www.cnblogs.com/crsky/p/4787136.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

周排行