Recently, I have been able to see the stack overflow when I see the stack overflow when I execute in ET, and there is no such problem. Depressed and abnormal, analyzing the word function of Jinshan words as follows: 1 screen scratch
Screen scratch (or dynamic translation) refers to the movement of the mouse, and the software can be readily known words or Chinese characters on the screen on the screen, and translate it to prompt users. It is very helpful for online browsing, online reading articles, so many dictionary software provide screen scratching features. The key to the screen scratch is how to get the string of the mouse position, and the Windows dynamic link and message response mechanism provide a way for implementation. In summary, the string of the mouse position is mainly obtained by the following steps:. Code Interception: Windows provides system services in a DLL mode, easy access to the address of the Windows character output API, modify its entry code, intercept The application calls them.
Mouse Hook: Install the WH-MouseProc type global mouse hook process to monitor the movement of your mouse over the entire screen. Screen Refresh: A area around the mouse is invalid and enforces the window to refresh the screen output in the mouse position. The window process responds to the WM-NCPAINT and WM-PAINT messages, calls EXTTEXTOUT / TEXTOUT and other characters output the string in the invalid area of the API update. These calls are intercepted by us, and the window procedure is transmitted to the parameters of the character API, such as string addresses, length, output coordinates, HDC, cropped zone, etc. 2 The process of taking the word, 0 Judging whether the mouse stays in one place for a period of time 1 to get the current position of the mouse to generate a rectangle 3 in the mouse position 3 Mount API hook 4 Let this rectangle generate heavy-in message 5 in the hook Character 6 Calculates the upper surface of the mouse to save this word 7 If the word is obtained, the API hook is extracted. After a period of time, the API hook 8 is taken off by the word, the explanation box is displayed. 3 Error Cause (transfer) When you open the Jinshan Words, you will always be automatically shut down, you will be annoying. Just now, I have been analyzed. I feel that because we often use hooks, it may be borrowed, and the analysis results are slightly written, so that everyone will program less such errors. One of the key technologies such as translation software is to intercept the display function of the operating system, from which you caught the words displayed. This, everyone understands you. For example, Jinshan word domain intercepts the output function EXTTEXTOUTA, and the interceptor is found to find this function address, fill in a JMP instruction in this entrance, jump to a entrance to Jinshan Words, and of course, it has also preserved this entrance to start Several bytes covered by the JMP instruction. Inside this entrance of Jinshan Words, it is necessary to use this function, so it has been controlled and the command started by EXTTEXTOUTA after control. This bad hook treatment is buried. It may be that its internal signal tag is good, and in some case, when the hook wants to adjust the recovered EXTTEXTOUTA function, but may not recover success, and enter the hook of Jinshan Wanteen, which causes loop, stack quickly consumes rapid consumption Eventually, if the stack consumption is illegally operated, it is illegal when the stack operation is performed. This tells us that if you want to call the function you want to hook it, it is best to miss the hook. For example, when the entry is written by writing JMP instructions, it is preferred to call which entry below it, or the hook species that call this function in the above. If you want to guarantee that the resume inlet instruction is correct. Then pay attention to the issue, that is, when the hook is called, other functions may be used to use the function of the hook, then you have to ensure that your code is reusable. In fact, people who write viruses may probably have more or less exposed to the issue. Program 1: Call DWORD PTR [EXTTTEXTOUTA]
The function of the hook: gdi32.dllextTextouta: Push EBP ... CALL EXTTEXTOUTW .... RET
Suppose the environment is as above, the hook scheme can:
