+

CN115408181A - Cross-DLL repositioning repair method and system - Google Patents

Cross-DLL repositioning repair method and system Download PDF

Info

Publication number
CN115408181A
CN115408181A CN202110575709.4A CN202110575709A CN115408181A CN 115408181 A CN115408181 A CN 115408181A CN 202110575709 A CN202110575709 A CN 202110575709A CN 115408181 A CN115408181 A CN 115408181A
Authority
CN
China
Prior art keywords
dll
relocation
data item
function code
copied
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110575709.4A
Other languages
Chinese (zh)
Inventor
周志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Douyu Network Technology Co Ltd
Original Assignee
Wuhan Douyu Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Douyu Network Technology Co Ltd filed Critical Wuhan Douyu Network Technology Co Ltd
Priority to CN202110575709.4A priority Critical patent/CN115408181A/en
Publication of CN115408181A publication Critical patent/CN115408181A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0793Remedial or corrective actions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Stored Programmes (AREA)

Abstract

本发明提供一种跨DLL的重定位修复方法及系统,方法包括:当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;基于所述修复时机,对被拷贝函数代码中重定位数据项进行修复。本发明在加载第二DLL时,采用一定的方式抓取对从第一个DLL中拷贝过来的函数代码的重定位数据项进行重定位修复的时机,基于抓取的修复时机,对跨DLL的重定位数据项进行修复,实现了跨DLL的重定位数据项的重定位修复。

Figure 202110575709

The present invention provides a cross-DLL relocation repair method and system. The method includes: when a second DLL is loaded in the system, obtaining the repair timing of the relocation data item in the copied function code, wherein the copied function code It is the function code copied from the first DLL to the second DLL; based on the repair timing, the relocation data item in the copied function code is repaired. When loading the second DLL, the present invention uses a certain method to grab the opportunity to relocate and repair the relocation data item of the function code copied from the first DLL, and based on the captured repair timing, the cross-DLL The relocation data item is repaired, and the relocation repair of the cross-DLL relocation data item is realized.

Figure 202110575709

Description

一种跨DLL的重定位修复方法及系统A cross-DLL relocation repair method and system

技术领域technical field

本发明涉及计算机领域,更具体地,涉及一种跨DLL的重定位修复方法及系统。The present invention relates to the computer field, and more specifically, relates to a cross-DLL relocation repair method and system.

背景技术Background technique

对于客户端程序来说,可能存在多个DLL(Dynamic Link Library,动态链接库)组件,每个DLL是一个独立的组件功能。当需要将一个DLL中的一个函数或者是一段代码拷贝到另一个DLL中执行时,如果这个函数或这段代码存在着重定位的数据,则会导致另一个dll调用出现程序崩溃。For the client program, there may be multiple DLL (Dynamic Link Library, dynamic link library) components, and each DLL is an independent component function. When it is necessary to copy a function or a piece of code in a DLL to another DLL for execution, if there is relocated data in this function or this piece of code, it will cause a program crash in another dll call.

因此需要在另一个DLL进行重定位的修复,而传统方案中,重定位的修复都是针对于本DLL来进行的,没有出现过跨DLL的情况。Therefore, the relocation repair needs to be performed in another DLL. In the traditional solution, the relocation repair is performed for this DLL, and there is no cross-DLL situation.

发明内容Contents of the invention

本发明针对现有技术中无法实现跨DLL间的重定位问题,提供跨DLL的重定位修复方法及系统。Aiming at the problem that the cross-DLL relocation cannot be realized in the prior art, the invention provides a cross-DLL relocation repair method and system.

根据本发明的第一方面,提供了一种跨DLL的重定位修复方法,包括:当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,所述被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复。According to the first aspect of the present invention, a cross-DLL relocation repair method is provided, including: when a second DLL is loaded in the system, obtaining a repair opportunity for the relocation data item in the copied function code, wherein, The copied function code is the function code copied from the first DLL to the second DLL; based on the repair opportunity, the relocation data item in the copied function code is repaired.

在上述技术方案的基础上,本发明还可以作出如下改进。On the basis of the above technical solution, the present invention can also make the following improvements.

可选的,所述当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,包括:在第二个DLL的重定位表格中查找所有的重定位数据项,在最后一个重定位数据项对应的代码段后加入Hook点,当系统在修复完第二个DLL中所有的重定位数据项时,Hook点被触发,感知到所述被拷贝函数代码的修复时机。Optionally, when the second DLL is loaded in the system, obtaining a repair opportunity for the relocation data item in the copied function code includes: searching for all relocation data in the relocation table of the second DLL item, add a Hook point after the code segment corresponding to the last relocation data item, when the system finishes repairing all the relocation data items in the second DLL, the Hook point is triggered and perceives the copied function code Time to fix.

可选的,所述在最后一个重定位数据项对应的代码段后加入Hook点,包括:检测当前操作系统类型和版本,根据当前操作系统类型和版本,在服务器上查询对应的Hook方案,基于所述Hook方案在最后一个重定位数据项对应的代码段后加入Hook点,其中,所述服务器上配置有不同类型和不同版本的系统对应的Hook方案。Optionally, adding the Hook point after the code segment corresponding to the last relocation data item includes: detecting the current operating system type and version, and querying the corresponding Hook scheme on the server according to the current operating system type and version, based on In the Hook solution, a Hook point is added after the code segment corresponding to the last relocation data item, wherein the server is configured with Hook solutions corresponding to different types and versions of the system.

可选的,所述当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,包括:在第二个DLL的重定位表格中查找所有的重定位数据项,在最后一个重定位数据项对应的代码段后设置硬件写入断点,当系统在修复完第二个DLL中所有的重定位数据项后向所述硬件写入断点处拷贝函数代码时,所述硬件写入断点被触发,感知到所述被拷贝函数代码的修复时机。Optionally, when the second DLL is loaded in the system, obtaining a repair opportunity for the relocation data item in the copied function code includes: searching for all relocation data in the relocation table of the second DLL item, set a hardware write breakpoint after the code segment corresponding to the last relocation data item, and copy the function code to the hardware write breakpoint after the system repairs all relocation data items in the second DLL , the hardware writing breakpoint is triggered, and the timing of repairing the copied function code is sensed.

可选的,所述基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复,包括:根据所述被拷贝函数代码,在第一个DLL的重定位表格中查找所述被拷贝函数代码的所有重定位数据项;对于任一个重定位数据项,获取任一个重定位数据项在第一个DLL中的偏移地址;计算任一个重定位数据项在被拷贝函数代码中的偏移地址;计算任一个重定位数据项在第二个DLL中的实际内存地址;基于任一个重定位数据项在第二个DLL中的实际内存地址,计算所述任一个重定位数据项在第二个DLL中的第一预设加载地址。Optionally, the repairing the relocation data item in the copied function code based on the repair timing includes: searching the relocation table of the first DLL according to the copied function code. All relocated data items of the copied function code; for any relocated data item, obtain the offset address of any relocated data item in the first DLL; calculate any relocated data item in the copied function code The offset address of any relocation data item; calculating the actual memory address of any relocation data item in the second DLL; based on the actual memory address of any relocation data item in the second DLL, calculating any one of the relocation data items The first default load address in the second DLL.

可选的,重定位表格中存储有每一个重定位数据项所在的内存地址,所述根据所述被拷贝函数代码,在第一个DLL的重定位表格中查找所述被拷贝函数代码的所有重定位数据项,包括:对于所述重定位表格中的任一个重定位数据项,若所述任一个重定位数据项的内存地址落入所述被拷贝函数代码的起始地址和结尾地址之间,则所述任一个重定位数据项为所述被拷贝函数代码的重定位数据项;遍历所述重定位表格中所有的重定位数据项,找到所述被拷贝函数代码的所有重定位数据项。Optionally, the memory address where each relocation data item is stored is stored in the relocation table, and according to the copied function code, search for all the copied function codes in the relocation table of the first DLL. The relocation data item includes: for any relocation data item in the relocation table, if the memory address of any relocation data item falls between the start address and the end address of the copied function code , then any one of the relocation data items is the relocation data item of the copied function code; traverse all the relocation data items in the relocation table, and find all the relocation data of the copied function code item.

可选的,所述计算所述任一个重定位数据项在被拷贝函数代码中的偏移地址,包括:获取第一个DLL加载到内存中的起始地址addrSrc;获取被拷贝函数代码在第一个DLL中的起始地址Src_Addr=addrSrc+offset1,其中,offset1为被拷贝函数代码在第一个DLL中的偏移地址;基于所述任一个重定位数据项在第一个DLL中的偏移地址VirtualAddress和被拷贝函数代码在第一个DLL中的起始地址,计算所述任一个重定位数据项在被拷贝函数代码中的偏移地址Addr1=VirtualAddress-Src_Addr。Optionally, the calculation of the offset address of any one of the relocated data items in the copied function code includes: obtaining the start address addrSrc of the first DLL loaded into the memory; obtaining the copied function code at Start address Src_Addr=addrSrc+offset1 in a DLL, wherein, offset1 is the offset address of the copied function code in the first DLL; based on the offset of any one of the relocation data items in the first DLL Shift the address VirtualAddress and the starting address of the copied function code in the first DLL, and calculate the offset address Addr1=VirtualAddress-Src_Addr of any one of the relocated data items in the copied function code.

可选的,所述计算所述任一个重定位数据项在第二个DLL中的实际内存地址,包括:获取第二个DLL加载到内存的起始地址addrDST;Optionally, the calculating the actual memory address of any one of the relocation data items in the second DLL includes: obtaining the start address addrDST of the second DLL loaded into the memory;

获取被拷贝函数代码在第二个DLL中的内存起始地址Dst_Addr=addrDst+offset2,其中,offset2为被拷贝函数代码在第二个DLL中的偏移地址;基于所述任一个重定位数据项在被拷贝函数代码中的偏移地址、第二个DLL加载到内存的起始地址addrDST和被拷贝函数代码在第二个DLL中的内存起始地址Dst_Addr,计算所述任一个重定位数据项在第二个DLL中的实际内存地址。Obtain the memory starting address Dst_Addr=addrDst+offset2 of the copied function code in the second DLL, wherein, offset2 is the offset address of the copied function code in the second DLL; based on any one of the relocation data items The offset address in the copied function code, the start address addrDST of the second DLL loaded into the memory, and the memory start address Dst_Addr of the copied function code in the second DLL, calculate any one of the relocation data items The actual memory address in the second DLL.

可选的,所述基于所述任一个重定位数据项在第二个DLL中的实际内存地址,计算所述任一个重定位数据项在第二个DLL中的第一预设加载地址,包括:计算第一个DLL加载到内存中的起始地址和第一预设加载地址的差值Diff;基于任一个重定位数据项在第二个DLL中的实际内存地址和所述差值,计算所述任一个重定位数据项在第二个DLL中的第二预设加载地址。Optionally, the calculating the first preset loading address of any relocation data item in the second DLL based on the actual memory address of any relocation data item in the second DLL includes : Calculate the difference Diff between the initial address loaded into the memory by the first DLL and the first preset loading address; based on the actual memory address of any relocation data item in the second DLL and the difference, calculate A second preset loading address of any one of the relocation data items in the second DLL.

根据本发明的第二方面,提供一种跨DLL的重定位修复系统,包括:获取模块,用于当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,所述被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;修复模块,用于基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复。According to the second aspect of the present invention, a cross-DLL relocation repair system is provided, including: an acquisition module, used to obtain the repair of the relocation data item in the copied function code when the second DLL is loaded in the system Opportunity, wherein, the copied function code is the function code copied from the first DLL to the second DLL; the repair module is used to relocate data in the copied function code based on the repair opportunity item to be repaired.

根据本发明的第三方面,提供了一种电子设备,包括存储器、处理器,所述处理器用于执行存储器中存储的计算机管理类程序时实现跨DLL的重定位修复方法的步骤。According to a third aspect of the present invention, an electronic device is provided, including a memory and a processor, and the processor is configured to implement the steps of the cross-DLL relocation repair method when executing a computer management program stored in the memory.

根据本发明的第四方面,提供了一种计算机可读存储介质,其上存储有计算机管理类程序,所述计算机管理类程序被处理器执行时实现跨DLL的重定位修复方法的步骤。According to a fourth aspect of the present invention, a computer-readable storage medium is provided, on which a computer management program is stored, and when the computer management program is executed by a processor, the steps of the cross-DLL relocation repair method are implemented.

本发明提供的一种跨DLL的重定位修复方法及系统,在加载第二DLL时,采用一定的方式抓取对从第一个DLL中拷贝过来的函数代码的重定位数据项进行重定位修复的时机,基于抓取的修复时机,对跨DLL的重定位数据项进行修复,实现了跨DLL的重定位数据项的重定位修复。A cross-DLL relocation repair method and system provided by the present invention, when loading the second DLL, use a certain method to grab the relocation data item of the function code copied from the first DLL to perform relocation repair Based on the captured repair timing, the cross-DLL relocation data item is repaired, and the relocation repair of the cross-DLL relocation data item is realized.

附图说明Description of drawings

图1为本发明提供的一种跨DLL的重定位修复方法流程图;Fig. 1 is a kind of cross-DLL relocation repair method flowchart provided by the present invention;

图2为本发明提供的一种跨DLL的重定位修复系统结构示意图;FIG. 2 is a schematic structural diagram of a cross-DLL relocation repair system provided by the present invention;

图3为本发明提供的一种可能的电子设备的硬件结构示意图;FIG. 3 is a schematic diagram of a hardware structure of a possible electronic device provided by the present invention;

图4为本发明提供的一种可能的计算机可读存储介质的硬件结构示意图。FIG. 4 is a schematic diagram of a hardware structure of a possible computer-readable storage medium provided by the present invention.

具体实施方式Detailed ways

下面结合附图和实施例,对本发明的具体实施方式作进一步详细描述。以下实施例用于说明本发明,但不用来限制本发明的范围。The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

在对本发明实施例描述之前,对DLL重定位修复技术进行说明,对于一个DLL来说,其会被程序所加载,同时其在编译时,默认的加载到内存中的起始地址是0x100000,DLL中存在一些全局变量、全局函数等,如果这些全局变量或全局函数在代码中被引用,那么其地址则会添加到DLL的重定位表格中,重定位表格则存储了所有的重定位数据。Before describing the embodiment of the present invention, the DLL relocation repair technology will be described. For a DLL, it will be loaded by the program. At the same time, when it is compiled, the default starting address loaded into the memory is 0x100000. DLL There are some global variables, global functions, etc. in the . If these global variables or global functions are referenced in the code, their addresses will be added to the relocation table of the DLL, and the relocation table stores all relocation data.

由于DLL在实际加载的时候,并不能够按照预设的0x100000地址来加载,因此如果DLL是按照其他地址来加载的,那么则需要对DLL中的所有重定位数据进行修复,具体的,对于需要修复的重定位数据,则是通过查找重定位表格,遍历重定位表格中的所有重定位数据来得到,在本DLL中对这些重定位数据进行修复。Since the DLL cannot be loaded according to the preset address of 0x100000 when it is actually loaded, if the DLL is loaded according to other addresses, then all relocation data in the DLL need to be repaired, specifically, for the needs The repaired relocation data is obtained by searching the relocation table and traversing all the relocation data in the relocation table, and these relocation data are repaired in this DLL.

对于一个DLL来说,当其中一个函数有使用到全局变量,那么其中的代码则必然有重定位数据项,而此项数据则会增加到本DLL文件的重定位表格中。而对于一个DLL来说,当系统加载该DLL时,系统会遍历重定位表格,然后对每一个重定位数据项的数据进行修正。For a DLL, when one of the functions uses a global variable, then the code therein must have a relocation data item, and this data will be added to the relocation table of the DLL file. For a DLL, when the system loads the DLL, the system will traverse the relocation table, and then correct the data of each relocation data item.

当有2个DLL时,如果将其中一个DLL中具有重定位数据的函数代码拷贝到另一个DLL中时,此时这个函数代码的重定位数据并没有增加到另一个DLL中,从而导致此函数代码在另一个DLL中是不可使用的,因此,有必要解决不同DLL之间的重定位问题。When there are two DLLs, if the function code with relocation data in one DLL is copied to another DLL, the relocation data of this function code is not added to the other DLL at this time, resulting in this function The code is not usable in another DLL, therefore, it is necessary to solve the problem of relocation between different DLLs.

当DLL中的一个函数代码拷贝到了另一个DLL时(先对原有的DLL命名为DLLSRC,拷贝到的另一个DLL命名为DLLDST),此时原有的DLLSRC中的重定位数据项并不去删除该重定位。同时另一个DLLDST中由于其本身可能有重定位表格,可能没有重定位表格,如果其有重定位表格,但是其不一定可以增加一个重定位数据项,因为其可能数据正好存满了。而对于没有重定位表格的情况,也没有办法增加重定位数据项。因此在DLLDST中的重定位表格中增加一个新拷贝函数的重定位数据项可能会比较复杂,可能需要考虑到不同的情况来进行调整。When a function code in a DLL is copied to another DLL (first name the original DLL DLLSRC, and the copied DLL is named DLLDST), at this time the relocation data items in the original DLLSRC are not deleted. Remove that relocation. At the same time, another DLLDST may not have a relocation table because it may have a relocation table. If it has a relocation table, it may not necessarily add a relocation data item, because its data may be full. And for the case where there is no relocation table, there is no way to increase the relocation data item. Therefore, it may be complicated to add a relocation data item of a new copy function in the relocation table in DLLDST, and may need to be adjusted taking into account different situations.

由于拷贝的函数代码有重定位数据项,但是其并没有增加到DLLDST中的重定位表格中,这样就会导致加载DLLDST时,系统会修复DLLDST中重定位表格的所有重定位数据项,但是拷贝过来的函数代码的重定位数据项则不会得到修复。而如果DLLDST中的代码在修复拷贝函数的重定位数据项之前就调用了拷贝的函数代码,则会导致程序错误。因此拷贝过来的函数代码的重定位数据项的修复则需要在所有调用其的功能之前进行修复。Since the copied function code has relocation data items, but it is not added to the relocation table in DLLDST, when loading DLLDST, the system will repair all relocation data items in the relocation table in DLLDST, but copy The relocation data items of the function code from the past will not be repaired. And if the code in DLLDST calls the copied function code before repairing the relocated data item of the copied function, a program error will result. Therefore, the repair of the relocation data item of the copied function code needs to be repaired before all functions that call it.

参见图1,提供了本发明实施例的一种跨DLL的重定位修复方法流程图,跨DLL的重定位修复方法主要包括如下步骤:Referring to FIG. 1 , a flowchart of a cross-DLL relocation repair method according to an embodiment of the present invention is provided. The cross-DLL relocation repair method mainly includes the following steps:

步骤S10、当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码。Step S10, when the second DLL is loaded in the system, obtain a repair opportunity for the relocated data item in the copied function code, wherein the copied function code is copied from the first DLL to the second DLL function code.

在步骤S10中,当在加载第二个DLL(DLLDST)时,第二个DLL中存在从第一个DLL(DLLSRC)拷贝过来的函数代码,加载第二个DLL时,第二个DLL中的重定位数据项需要修复,从第一个DLL拷贝来的函数代码(称为被拷贝函数代码)中也存在重定位数据项需要修复,那么什么时候在第二个DLL中对被拷贝函数代码的重定位数据项进行修复很关键。当在系统中加载第二个DLL时,采用一定的方法获取对被拷贝函数代码中重定位数据项的修复时机。In step S10, when the second DLL (DLLDST) is loaded, there is function code copied from the first DLL (DLLSRC) in the second DLL, and when the second DLL is loaded, the function code in the second DLL The relocation data items need to be repaired, and the function code copied from the first DLL (called the copied function code) also has relocation data items that need to be repaired, so when is the copied function code in the second DLL Relocating data items for repair is critical. When the second DLL is loaded in the system, a certain method is adopted to obtain the timing of repairing the relocated data item in the copied function code.

本步骤中,当在加载第二个DLL时,抓取从第一个DLL拷贝过来的函数代码中重定位数据的修复时机,实现跨DLL数据修复的功能。In this step, when the second DLL is loaded, the repair opportunity of relocating data in the function code copied from the first DLL is captured to realize the function of cross-DLL data repair.

步骤S20、基于修复时机,对被拷贝函数代码中重定位数据项进行修复。Step S20: Repair the relocated data item in the copied function code based on the repair opportunity.

在上述步骤S10中获取了在第二个DLL中对从第一个DLL拷贝过来的函数代码中重定位数据的修复时机,本步骤基于该修复时机,对被拷贝函数代码中重定位数据项进行修复,以实现顺利在第二个DLL中对第一个DLL中被拷贝函数代码的重定位数据进行。In the above-mentioned step S10, the repair timing of the relocation data in the function code copied from the first DLL has been obtained in the second DLL, and this step is based on the repair timing to carry out the relocation data item in the copied function code. Repair, so that the relocation data of the copied function code in the first DLL can be smoothly carried out in the second DLL.

步骤S10在加载第二DLL时,采用一定的方式抓取对从第一个DLL中拷贝过来的函数代码的重定位数据项进行重定位修复的时机,步骤S20基于抓取的修复时机,对跨DLL的重定位数据项进行修复,实现了跨DLL的重定位数据项的重定位修复,进而使得在第二个DLL中可以调用第一个DLL中的函数代码,达到跨DLL函数功能的实现。In step S10, when loading the second DLL, a certain method is used to capture the opportunity to relocate and repair the relocation data item of the function code copied from the first DLL, and in step S20, based on the captured recovery opportunity, the The relocation data item of the DLL is repaired, and the relocation repair of the relocation data item of the cross-DLL is realized, and then the function code in the first DLL can be called in the second DLL, and the realization of the cross-DLL function function is achieved.

本发明实施例中,步骤S10中当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,包括:在第二个DLL的重定位表格中查找所有的重定位数据项,在最后一个重定位数据项对应的代码段后加入Hook点,当系统在修复完第二个DLL中所有的重定位数据项时,所述Hook点被触发,感知到所述被拷贝函数代码的修复时机。In the embodiment of the present invention, when the second DLL is loaded in the system in step S10, obtaining the repair opportunity for the relocation data item in the copied function code includes: searching for all the relocation data items in the second DLL relocation table Relocate data items, add a Hook point after the code segment corresponding to the last relocation data item, when the system repairs all the relocation data items in the second DLL, the Hook point is triggered, and the The repair timing of the copied function code.

可以理解的是,当在加载第二个DLL时,由于第二个DLL中存在有从第一个DLL中拷贝过来的函数代码时,第二个DLL本身有重定位数据项,从第一个DLL中拷贝过来的函数代码中也有重定位数据项,因此,如何有序对两个DLL中的重定位数据项进行修复非常关键,那么什么时候对第一个DLL中的重定位数据项进行修复关系到程序是否能够正常加载。It is understandable that when the second DLL is loaded, because there are function codes copied from the first DLL in the second DLL, the second DLL itself has relocation data items, which are copied from the first DLL. There are also relocation data items in the function code copied from the DLL. Therefore, how to repair the relocation data items in the two DLLs in an orderly manner is very important, so when should the relocation data items in the first DLL be repaired? It is related to whether the program can be loaded normally.

具体的,在抓取对从第一个DLL中拷贝过来的函数代码的重定位数据项进行重定位修复的时机的过程中,可对系统加载DLL的函数loadlibrary进行Hook,以感知系统修复重定位的时机。Hook点可以放到系统加载完第二个DLL到内存后,并且将第二个DLL的重定位数据项修复完成后这个时机点。那么Hook功能则在这个点进行Hook,当系统加载第二个DLL时则会对本DLL的所有重定位数据项修复重定位,修复完了设置的Hook点则会被触发,那么此时则可以在hook功能逻辑中修复拷贝函数代码的重定位数据项。Specifically, in the process of grasping the opportunity to relocate and repair the relocation data item of the function code copied from the first DLL, the function loadlibrary of the system loaded DLL can be hooked to perceive the system to repair and relocate timing. The hook point can be placed after the system loads the second DLL into the memory, and after the relocation data items of the second DLL are repaired. Then the Hook function will perform Hook at this point. When the system loads the second DLL, it will repair and relocate all the relocation data items of this DLL. Fix the relocation data item of the copy function code in the function logic.

本步骤中通过在第二个DLL的最后一个重定位数据项对应的代码段后加入Hook点,当系统在修复完第二个DLL中所有的重定位数据项时,Hook点被触发,此时来修复第一个DLL中的重定位数据项,使得第二个DLL在加载后,顺利完成第二个DLL和第一个DLL中的重定位数据项的修复,使得第二个DLL能够顺利加载。In this step, the Hook point is added after the code segment corresponding to the last relocation data item in the second DLL. When the system finishes repairing all the relocation data items in the second DLL, the Hook point is triggered. At this time To repair the relocation data item in the first DLL, so that after the second DLL is loaded, the repair of the relocation data item in the second DLL and the first DLL is successfully completed, so that the second DLL can be loaded smoothly .

在一种可能的实施例方式中,上述步骤中的在最后一个重定位数据项对应的代码段后加入Hook点,包括:检测当前操作系统类型和版本,根据当前操作系统类型和版本,在服务器上查询对应的Hook方案,基于所述Hook方案在最后一个重定位数据项对应的代码段后加入Hook点,其中,所述服务器上配置有不同类型和不同版本的操作系统对应的Hook方案。In a possible embodiment, adding a Hook point after the code segment corresponding to the last relocation data item in the above steps includes: detecting the current operating system type and version, according to the current operating system type and version, on the server Query the corresponding Hook scheme above, based on the Hook scheme, add a Hook point after the code segment corresponding to the last relocation data item, wherein, the server is configured with Hook schemes corresponding to different types and different versions of the operating system.

可以理解的是,利用Hook功能来抓取被拷贝函数代码的重定位数据项的修复时机时,是通过对系统函数Loadlibrary进行Hook来感知的,那么Hook则可以精确的感知到第二个DLL的所有重定位数据项被修复完成了。但是对系统函数Loadlibrary进行Hook则需要考虑到实际情况,实际情况则是不同的操作系统,其Loadlibrary函数的内部实现会有一些差异,这些差异都需要考虑进去,同时也会存在未来发布了新的系统还要去适配新的系统,因此其hook则和操作系统的版本紧密相关,所有的hook需要考虑到系统版本。It is understandable that when using the Hook function to capture the repair timing of the relocated data item of the copied function code, it is perceived by Hooking the system function Loadlibrary, then the Hook can accurately perceive the second DLL All relocated data items are fixed. However, when hooking the system function Loadlibrary, you need to consider the actual situation. The actual situation is that different operating systems have some differences in the internal implementation of the Loadlibrary function. These differences need to be taken into account, and there will also be new releases in the future The system needs to adapt to the new system, so its hooks are closely related to the version of the operating system, and all hooks need to take the system version into account.

基于此,本步骤在系统加载第二个DLL时,检测当前操作系统的类型和版本,根据当前操作系统的类型和版本,从服务器中查询对应的Hook方案,基于Hook方案在最后一个重定位数据项对应的代码段后加入Hook点。其中,在服务器上为不同的操作系统以及不同版本的操作系统配置对应的Hook方案。Based on this, this step detects the type and version of the current operating system when the system loads the second DLL, and queries the corresponding Hook scheme from the server according to the type and version of the current operating system. Based on the Hook scheme, the last relocation data Add the Hook point after the code segment corresponding to the item. Wherein, corresponding Hook solutions are configured on the server for different operating systems and operating systems of different versions.

在一种可能的实施例方式中,步骤S10中当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机包括:在第二个DLL的重定位表格中查找所有的重定位数据项,在最后一个重定位数据项对应的代码段后设置硬件写入断点,当系统在修复完第二个DLL中所有的重定位数据项后向硬件写入断点处拷贝函数代码时,所述硬件写入断点被触发,感知到被拷贝函数代码的修复时机。In a possible embodiment, when the second DLL is loaded in the system in step S10, obtaining the repair opportunity for the relocation data item in the copied function code includes: in the relocation table of the second DLL Find all the relocation data items, set the hardware write breakpoint after the code segment corresponding to the last relocation data item, and write the breakpoint to the hardware after the system repairs all the relocation data items in the second DLL When the function code is copied, the hardware writing breakpoint is triggered, and the repair opportunity of the copied function code is sensed.

可以理解的是,步骤S10中当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机所采用的方式可以包括多种,其中,上述步骤是在第二个DLL的重定位表格中查找所有的重定位数据项,在最后一个重定位数据项对应的代码段后加入Hook点,但是对系统函数Loadlibrary进行Hook则需要考虑到实际情况,实际情况则是不同的系统,其Loadlibrary函数的内部实现会有一些差异,这些差异都需要考虑进去,同时也会存在未来发布了新的系统还要去适配新的系统,因此其hook则和操作系统的版本紧密相关,所有的hook需要考虑到系统版本,需要基于不同版本的操作系统配置不同的Hook方案,会比较繁琐。It can be understood that, in step S10, when the second DLL is loaded in the system, the ways to obtain the timing of repairing the relocated data item in the copied function code may include multiple methods, wherein the above steps are in the second Find all relocation data items in the relocation table of a DLL, and add a Hook point after the code segment corresponding to the last relocation data item, but the actual situation needs to be taken into account when hooking the system function Loadlibrary, which is different For the system, there will be some differences in the internal implementation of the Loadlibrary function. These differences need to be taken into account. At the same time, there will be a new system that will be released in the future and it will need to be adapted to the new system. Therefore, its hook is closely related to the version of the operating system. Related, all hooks need to take into account the system version, and different hook solutions need to be configured based on different versions of the operating system, which will be cumbersome.

因此,本步骤可以利用设置硬件写入断点的方式来获取被拷贝函数代码的修复时机。对于第二个DLL的所有重定位数据项,那么修复完最后一个重定位数据项则表明本DLL的修复重定位功能结束了。通过对该处代码设置一个硬件写入断点,那么当系统向其中写入数据时,硬件写入断点则会被触发,那么这个时机点则来修复拷贝过来函数代码的重定位数据项,从而保障了重定位修复时机点刚好,不会提前也不会落后,从而尽可能的保障了重定位修复功能的正确性。Therefore, in this step, the recovery opportunity of the copied function code can be obtained by setting a hardware writing breakpoint. For all the relocation data items of the second DLL, the repair of the last relocation data item indicates that the repair and relocation function of the DLL is over. By setting a hardware write breakpoint to the code, when the system writes data to it, the hardware write breakpoint will be triggered, then this timing point will repair the relocation data item of the copied function code, In this way, it is ensured that the timing of the relocation repair is just right, neither ahead of schedule nor behind, thus ensuring the correctness of the relocation repair function as much as possible.

具体的,在第二个DLL的重定位表格中查找所有的重定位数据项,找到最后一个重定位数据项,并找到该最后一个重定位数据项对应的代码段,在该代码段处设置硬件写入断点。当系统在修复完第二个DLL中所有的重定位数据项时,该硬件写入断点被触发,此时可以进行被拷贝函数代码的重定位数据项的修复。Specifically, search for all relocation data items in the relocation table of the second DLL, find the last relocation data item, and find the code segment corresponding to the last relocation data item, and set the hardware at the code segment Write breakpoints. When the system finishes repairing all the relocation data items in the second DLL, the hardware writing breakpoint is triggered, and at this moment, the relocation data items of the copied function code can be repaired.

其中,设置硬件写入断点的具体实现为,通过调用API函数AddVectoredExceptionHandler来注册一个异常,函数PVOID WINAPIAddVectoredExceptionHandler(Among them, the specific implementation of setting the hardware write breakpoint is to register an exception by calling the API function AddVectoredExceptionHandler, the function PVOID WINAPIAddVectoredExceptionHandler(

ULONG FirstHandler,ULONG FirstHandler,

PVECTORED_EXCEPTION_HANDLERVectoredHandler);PVECTORED_EXCEPTION_HANDLERVectoredHandler);

其中FirstHandler填入0,标示这个注册的异常处理函数是最优一个重定位数据项修复完成后来接管异常的。Among them, FirstHandler is filled with 0, indicating that the registered exception handling function is the optimal one to take over the exception after the repair of the relocation data item is completed.

其中,由于系统修复重定位可能在进程的任意一个线程中执行,因此需要对所有的线程都设置硬件写入断点,可以通过遍历所有的线程来得到线程句柄。在每一个线程中设置硬件写入断点的方法为,对于每个线程,首先通过调用API函数GetThreadContext来获取线程的上下文信息,其中对函数GetThreadContext的调用传入参数CONTEXT_DEBUG_REGISTERS表示获取线程上下文的寄存器信息,CPU的硬件断点的4个寄存器分别是Dr0、Dr1、Dr2和Dr3。Wherein, since the system repair relocation may be executed in any thread of the process, it is necessary to set hardware write breakpoints for all threads, and the thread handle can be obtained by traversing all threads. The method of setting a hardware write breakpoint in each thread is, for each thread, first obtain the context information of the thread by calling the API function GetThreadContext, where the call to the function GetThreadContext passes in the parameter CONTEXT_DEBUG_REGISTERS to obtain the register information of the thread context , The four registers of the CPU hardware breakpoint are Dr0, Dr1, Dr2 and Dr3 respectively.

本发明实施例选择对Dr0设置内存读写访问,那么需要设置ctx.Dr0=Reloc_Address,其中Reloc_Address就是需要设置的重定位数据项的内存地址。ctx.Dr7|=0xd0501,此值表示只监控写入的断点。设置完寄存器的值后,通过调用API函数SetThreadContext来将寄存器的值设置到线程的上下文中,一旦调用了这个函数,那么设置的内存地址的访问的监控则开始了。当硬件写入断点被触发,则会调用之前编写的设置异常处理函数AddVectoredExceptionHandler来注册异常处理函数。If the embodiment of the present invention chooses to set memory read and write access to Dr0, then it is necessary to set ctx.Dr0=Reloc_Address, where Reloc_Address is the memory address of the relocation data item that needs to be set. ctx.Dr7|=0xd0501, this value means only monitor the written breakpoint. After setting the value of the register, set the value of the register to the context of the thread by calling the API function SetThreadContext. Once this function is called, the monitoring of the access of the set memory address begins. When the hardware write breakpoint is triggered, the previously written setting exception handling function AddVectoredExceptionHandler will be called to register the exception handling function.

因此可以编写一个硬件写入断点的异常处理函数void Handler(){当异常发生时此函数则会被调用,此时感知到了系统修复重定位的功能,因此可以在此处来修复被拷贝函数代码的重定位数据项。}Therefore, you can write an exception handling function void Handler() {when an exception occurs, this function will be called. At this time, the function of system repair and relocation is perceived, so the copied function can be repaired here. The relocation data item for the code. }

本步骤中利用设置硬件写入断点的方式来获取被拷贝函数代码的修复时机,不用考虑操作系统的差异,均可实现硬件写入断点的设置,进而准确抓取被拷贝函数代码的修复时机在第二个DLL加载时的修复时机。In this step, the method of setting the hardware write breakpoint is used to obtain the repair timing of the copied function code. Regardless of the difference in the operating system, the setting of the hardware write breakpoint can be realized, and then the repair of the copied function code can be accurately captured. Timing Fix timing on second DLL load.

步骤S20的基于修复时机,对被拷贝函数代码中重定位数据项进行修复,包括:In step S20, based on the repair opportunity, the relocation data item in the copied function code is repaired, including:

步骤S201、根据被拷贝函数代码,在第一个DLL的重定位表格中查找被拷贝函数代码的所有重定位数据项。Step S201 , according to the copied function code, search all relocation data items of the copied function code in the relocation table of the first DLL.

可以理解的是,上述各实施例介绍了两种抓取被拷贝函数代码的重定位数据项的修复时机,当修复时机到来,则对第二DLL中从第一DLL中拷贝的函数代码的重定位数据项进行修复。It can be understood that the above-mentioned embodiments have introduced two kinds of repair opportunities for grabbing the relocation data item of the copied function code. When the repair opportunity arrives, the function code copied from the first DLL in the second DLL will Locate data items for repair.

在步骤S201中,由于第二个DLL(DLLDST)的重定位项表格中并没有存储第一个DLL中的重定位数据项,因此需要去原始的DLLSRC的重定位表格中去寻找重定位项数据,在原始的第一个DLL的重定位表格中查询拷贝函数代码中具有哪些重定位数据项。具体查询则是通过遍历第一个DLL的重定位表格,DLL的重定位表格中存储了所有函数代码的重定位数据项的内存地址。基于每一个重定位数据项的内存地址来判断其是否落在了拷贝函数代码的起始地址和结尾地址的这段地址区间内,如果落入了则说明重定位数据项是被拷贝函数代码的重定位数据项,否则则不是。最终遍历完所有的重定位数据项后则可以得到拷贝函数代码的所有重定位数据项。In step S201, since the relocation item table of the second DLL (DLLDST) does not store the relocation data item in the first DLL, it is necessary to go to the relocation table of the original DLLSRC to find the relocation item data , query which relocation data items are in the copy function code in the relocation table of the original first DLL. The specific query is by traversing the relocation table of the first DLL, which stores the memory addresses of the relocation data items of all function codes. Based on the memory address of each relocated data item, it is judged whether it falls within the address range between the start address and the end address of the copied function code. If it falls, it means that the relocated data item belongs to the copied function code. A data item is relocated, otherwise it is not. Finally, after traversing all relocation data items, all relocation data items of the copied function code can be obtained.

步骤S202、对于任一个重定位数据项,获取所述任一个重定位数据项在第一个DLL中的偏移地址;计算任一个重定位数据项在被拷贝函数代码中的偏移地址。Step S202. For any relocation data item, obtain the offset address of any relocation data item in the first DLL; calculate the offset address of any relocation data item in the copied function code.

在步骤S202中,计算任一个重定位数据项在被拷贝函数代码中的偏移地址时,获取第一个DLL加载到内存中的起始地址addrSrc;获取被拷贝函数代码在第一个DLL中的起始地址Src_Addr=addrSrc+offset1,其中,offset1为被拷贝函数代码在第一个DLL中的偏移地址;基于任一个重定位数据项在第一个DLL中的偏移地址VirtualAddress和被拷贝函数代码在第一个DLL中的起始地址,计算所述任一个重定位数据项在被拷贝函数代码中的偏移地址Addr1=VirtualAddress-Src_Addr。In step S202, when calculating the offset address of any relocated data item in the copied function code, obtain the start address addrSrc of the first DLL loaded into the memory; obtain the copied function code in the first DLL The starting address of Src_Addr=addrSrc+offset1, wherein, offset1 is the offset address of the copied function code in the first DLL; based on the offset address VirtualAddress of any relocation data item in the first DLL and the copied For the starting address of the function code in the first DLL, calculate the offset address Addr1=VirtualAddress-Src_Addr of any one of the relocated data items in the copied function code.

步骤S203、计算任一个重定位数据项在第二个DLL中的实际内存地址。Step S203, calculating the actual memory address of any relocation data item in the second DLL.

在步骤S203中,计算任一个重定位数据项在第二个DLL中的实际内存地址,包括:获取第二个DLL加载到内存的起始地址addrDST;获取被拷贝函数代码在第二个DLL中的内存起始地址Dst_Addr=addrDst+offset2,其中,offset2为被拷贝函数代码在第二个DLL中的偏移地址;基于任一个重定位数据项在被拷贝函数代码中的偏移地址、第二个DLL加载到内存的起始地址addrDST和被拷贝函数代码在第二个DLL中的内存起始地址Dst_Addr,计算所述任一个重定位数据项在第二个DLL中的实际内存地址。In step S203, the actual memory address of any relocation data item in the second DLL is calculated, including: obtaining the start address addrDST of the second DLL loaded into the memory; obtaining the copied function code in the second DLL The memory starting address Dst_Addr=addrDst+offset2, wherein, offset2 is the offset address of the copied function code in the second DLL; based on the offset address of any relocation data item in the copied function code, the second The first DLL is loaded into the memory start address addrDST and the memory start address Dst_Addr of the copied function code in the second DLL, and the actual memory address of any one relocation data item in the second DLL is calculated.

步骤S204、基于任一个重定位数据项在第二个DLL中的实际内存地址,计算任一个重定位数据项在第二个DLL中的第一预设加载地址。Step S204. Based on the actual memory address of any relocated data item in the second DLL, calculate a first preset loading address of any relocated data item in the second DLL.

在步骤S204中,计算第一个DLL加载到内存中的起始地址和第一预设加载地址的差值Diff;基于所述任一个重定位数据项在第二个DLL中的实际内存地址和所述差值,计算任一个重定位数据项在第二个DLL中的第二预设加载地址。In step S204, the difference Diff between the initial address loaded into the memory by the first DLL and the first preset loading address is calculated; based on the actual memory address of any one of the relocation data items in the second DLL and The difference is used to calculate a second preset loading address of any relocation data item in the second DLL.

基于步骤S204中计算的任一个重定位数据项在第二个DLL中的第二预设加载地址,对拷贝函数代码的每一个重定位数据项进行修复,修复时主要包括以下步骤:Based on the second preset loading address of any relocation data item calculated in step S204 in the second DLL, each relocation data item of the copy function code is repaired, and the repair mainly includes the following steps:

(1)获取DLLSRC加载到内存的起始地址。(1) Obtain the starting address of loading DLLSRC into memory.

DWORD addrSrc=GetModuleHandle(“DLLSRC”);通过向系统函数GetModuleHandle传入DLLSRC的名称,则可以获取到DLLSRC的起始地址。DWORD addrSrc=GetModuleHandle("DLLSRC"); by passing the name of DLLSRC to the system function GetModuleHandle, the starting address of DLLSRC can be obtained.

(2)获取DLLSRC中被拷贝函数代码的起始地址。(2) Obtain the start address of the copied function code in DLLSRC.

需要获取被拷贝到DLLDST中的函数代码在DLLSRC中的起始地址,方便后续计算重定位的数据,用Src_Addr变量表示其起始地址。获取方法可以通过查看被拷贝函数代码在DLLSRC的偏移地址,然后加上DLLSRC加载的起始地址,则可以得到被拷贝函数代码在内存的实际起始地址,其计算公式为:Src_Addr=addrSrc+offset1,offset1为被拷贝函数代码在DLLSRC中的偏移地址。It is necessary to obtain the start address of the function code copied to DLLDST in DLLSRC to facilitate subsequent calculation of relocated data, and use the Src_Addr variable to represent its start address. The acquisition method can be obtained by checking the offset address of the copied function code in DLLSRC, and then adding the starting address loaded by DLLSRC to obtain the actual starting address of the copied function code in memory. The calculation formula is: Src_Addr=addrSrc+ offset1, offset1 is the offset address of the copied function code in DLLSRC.

(3)获取DLLDST加载到内存的起始地址。(3) Obtain the starting address of loading DLLDST into the memory.

DWORD addrDst=GetModuleHandle(“DLLDST”);通过向系统函数GetModuleHandle传入DLLDST的名称,则可以获取到DLLDST的起始地址。DWORD addrDst=GetModuleHandle("DLLDST"); by passing the name of DLLDST to the system function GetModuleHandle, the starting address of DLLDST can be obtained.

(4)获取拷贝函数代码在DLLDST中的内存起始地址。(4) Obtain the memory start address of the copy function code in DLLDST.

由于被拷贝函数代码是从DLLSRC拷贝到DLLDST中的,所以在拷贝时可以记录下拷贝到DLLDST中的内存起始地址。具体则可能是在DLLDST中增加了一个代码段,那么可以将函数拷贝到这个代码段的起始地址。在DLLDST中获取这个新增加的代码段的起始地址则得到了拷贝函数代码的地址。则设置一个变量Dst_Addr=addrDst+offset2,其中,Dst_Addr为拷贝函数代码在DLLDST中的内存起始地址,addrDst为DLLDST加载到内存的起始地址,offset2为被拷贝函数代码DLLDST中的偏移地址。Since the copied function code is copied from DLLSRC to DLLDST, the memory start address copied to DLLDST can be recorded when copying. Specifically, it may be that a code segment is added in DLLDST, then the function can be copied to the starting address of this code segment. Obtaining the start address of this newly added code segment in DLLDST obtains the address of the copy function code. Then set a variable Dst_Addr=addrDst+offset2, wherein, Dst_Addr is the memory start address of the copy function code in DLLDST, addrDst is the start address of DLLDST loaded into the memory, and offset2 is the offset address in the copied function code DLLDST.

(5)对每一个重定位数据项的具体重定位的计算:(5) Calculation of the specific relocation of each relocation data item:

首先需要计算DLLSRC被加载到内存后的实际地址与原本在编译时设置的预设加载地址之间的差值。其中DLLSRC的预设加载地址可以从DLLSRC的格式头中解析出这个字段则可以此值OptionalHeader.ImageBase,此值则是模块的预设加载地址。First, it is necessary to calculate the difference between the actual address of DLLSRC loaded into memory and the preset loading address originally set at compile time. Among them, the default loading address of DLLSRC can be parsed from the format header of DLLSRC, then this field can be the value OptionalHeader.ImageBase, and this value is the default loading address of the module.

Diff=addrSrc-OptionalHeader.ImageBase;Diff = addrSrc-OptionalHeader.ImageBase;

其中addrSrc则是DLLSRC实际加载到内存的起始地址,通过2个值相减,我们则可以得到其相对的差值Diff。Among them, addrSrc is the starting address of DLLSRC actually loaded into the memory. By subtracting the two values, we can get the relative difference Diff.

这个差值则是需要对拷贝函数代码中的每一个重定位数据项进行修正的差值,同时被拷贝函数代码的重定位数据项表示其使用的DLLSRC中的全局变量或者全局函数,因此重定位数据项的修复也是需要按照对DLLSRC中的全局变量的使用修复,而修复的结果也是使得拷贝函数代码虽然在DLLDST中,但是其函数内部的全局变量或全局函数还是调用的是DLLSRC中的。This difference is the difference that needs to be corrected for each relocation data item in the copied function code. At the same time, the relocation data item of the copied function code represents the global variable or global function in the DLLSRC used by it, so the relocation The repair of data items also needs to be repaired according to the use of global variables in DLLSRC, and the result of the repair is that although the copy function code is in DLLDST, the global variables or global functions inside the function are still called in DLLSRC.

对于每一个重定位数据项的修复计算如下:VirtualAddress表示重定位数据项相对于DLL的偏移地址,此地址是重定位数据项相对于在DLLSRC中的偏移地址,而此函数已经拷贝到了DLLDST中,因此需要计算该重定位数据项在DLLDST中的位置。The repair calculation for each relocation data item is as follows: VirtualAddress indicates the offset address of the relocation data item relative to the DLL, which is the offset address of the relocation data item relative to DLLSRC, and this function has been copied to DLLDST Therefore, it is necessary to calculate the position of the relocation data item in DLLDST.

具体计算公式如下,计算任一个重定位数据项在被拷贝函数中的偏移地址Addr1=VirtualAddress-Src_Addr,计算出Addr1,然后计算重定位数据项在DLLDST中的实际地址Addr2=Addr1+addrDST+Dst_Addr,其中,addrDST表示DLLDST加载到内存中的实际起始地址,Dst_Addr则是被拷贝函数代码在DLLDST中的偏移地址。The specific calculation formula is as follows, calculate the offset address of any relocated data item in the copied function Addr1=VirtualAddress-Src_Addr, calculate Addr1, and then calculate the actual address of the relocated data item in DLLDST Addr2=Addr1+addrDST+Dst_Addr , where addrDST represents the actual starting address of DLLDST loaded into the memory, and Dst_Addr is the offset address of the copied function code in DLLDST.

由于实际加载地址与预设加载地址之间有一定的差值,那么重定位数据项在DLLDST中的预设加载地址为*Addr2=Addr2+Diff,得到最终重定位数据项的重定位修复地址。Since there is a certain difference between the actual loading address and the default loading address, the default loading address of the relocation data item in DLLDST is *Addr2=Addr2+Diff, and the relocation repair address of the final relocation data item is obtained.

对于被拷贝函数代码中的所有的重定位数据项,均采用上述的方法计算在DLLDST中修复后的地址,从而可以修复拷贝函数代码中的所有重定位数据项,实现了被拷贝函数代码中所有重定位数据项的重定位修复。For all the relocation data items in the copied function code, the above-mentioned method is used to calculate the addresses repaired in DLLDST, so that all relocation data items in the copied function code can be repaired, and all the relocation data items in the copied function code are realized. Relocation fixes for relocated data items.

本发明实施例提供的一种跨DLL的重定位修复方法,在加载第二DLL时,采用一定的方式抓取对从第一个DLL中拷贝过来的函数代码的重定位数据项进行重定位修复的时机,基于抓取的修复时机,对跨DLL的重定位数据项进行修复,实现了跨DLL的重定位数据项的重定位修复。The embodiment of the present invention provides a cross-DLL relocation repair method. When the second DLL is loaded, a certain method is used to capture the relocation data item of the function code copied from the first DLL to perform relocation repair. Based on the captured repair timing, the cross-DLL relocation data item is repaired, and the relocation repair of the cross-DLL relocation data item is realized.

当在系统中加载第二DLL时,获取被拷贝函数代码的重定位数据项的修复时机时,提供了两种不同的获取修复时机的方法,其中,分别利用在第二个DLL的代码中加入Hook点来抓取被拷贝函数代码中的重定位数据项的修复时机,以及通过在第二个DLL中最后一个重定位数据项所在的代码处设置硬件写入断点,通过硬件写入断点来获取被拷贝函数代码中的重定位数据项的修复时机,可根据具有的情况来采用相应的方法来抓取修复时机。When the second DLL is loaded in the system, when obtaining the repair opportunity of the relocation data item of the copied function code, two different methods for obtaining the repair opportunity are provided, wherein, respectively, using the code of the second DLL to add Hook points to grab the repair timing of the relocated data item in the copied function code, and set the hardware write breakpoint at the code where the last relocated data item is located in the second DLL, and write the breakpoint through the hardware To obtain the repair opportunity of the relocated data item in the copied function code, a corresponding method can be used to capture the repair opportunity according to the existing situation.

图2为本发明实施例提供的一种跨DLL的重定位修复系统结构图,如图2所示,一种跨DLL的重定位修复系统,包括获取模块201和修复模块202,其中:FIG. 2 is a structural diagram of a cross-DLL relocation repair system provided by an embodiment of the present invention. As shown in FIG. 2 , a cross-DLL relocation repair system includes an acquisition module 201 and a repair module 202, wherein:

获取模块201,用于当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,所述被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;The obtaining module 201 is used to obtain the repair opportunity of the relocated data item in the copied function code when the second DLL is loaded in the system, wherein the copied function code is copied from the first DLL to the second DLL Function codes in the two DLLs;

修复模块202,用于基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复。The repair module 202 is configured to repair the relocated data item in the copied function code based on the repair opportunity.

可以理解的是,本发明提供的一种跨DLL的重定位修复系统与前述各实施例提供的跨DLL的重定位修复方法相对应,跨DLL的重定位修复系统的相关技术特征可参考跨DLL的重定位修复方法的相关技术特征,在此不再赘述。It can be understood that the cross-DLL relocation repair system provided by the present invention corresponds to the cross-DLL relocation repair method provided in the foregoing embodiments, and the related technical features of the cross-DLL relocation repair system can refer to the cross-DLL The relevant technical features of the relocation repair method will not be repeated here.

请参阅图3,图3为本发明实施例提供的电子设备的实施例示意图。如图3所示,本发明实施例提了一种电子设备,包括存储器310、处理器320及存储在存储器310上并可在处理器320上运行的计算机程序311,处理器320执行计算机程序1311时实现以下步骤:当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复。Please refer to FIG. 3 . FIG. 3 is a schematic diagram of an embodiment of an electronic device provided by an embodiment of the present invention. As shown in Figure 3, the embodiment of the present invention provides an electronic device, including a memory 310, a processor 320, and a computer program 311 stored in the memory 310 and operable on the processor 320, and the processor 320 executes the computer program 1311 When the second DLL is loaded in the system, obtain the opportunity to repair the relocated data item in the copied function code, wherein the copied function code is copied from the first DLL to the second DLL The function code in the function code; based on the repair opportunity, repair the relocation data item in the copied function code.

请参阅图4,图4为本发明提供的一种计算机可读存储介质的实施例示意图。如图4所示,本实施例提供了一种计算机可读存储介质400,其上存储有计算机程序411,该计算机程序411被处理器执行时实现如下步骤:当在系统中加载第二个DLL时,获取对被拷贝函数代码中重定位数据项的修复时机,其中,所述被拷贝函数代码为从第一个DLL中拷贝到第二个DLL中的函数代码;基于所述修复时机,对所述被拷贝函数代码中重定位数据项进行修复。Please refer to FIG. 4 , which is a schematic diagram of an embodiment of a computer-readable storage medium provided by the present invention. As shown in FIG. 4 , the present embodiment provides a computer-readable storage medium 400 on which a computer program 411 is stored. When the computer program 411 is executed by the processor, the following steps are implemented: when the second DLL is loaded in the system , obtain the repair opportunity of the relocated data item in the copied function code, wherein the copied function code is the function code copied from the first DLL to the second DLL; based on the repair opportunity, the Relocating data items in the copied function code is repaired.

需要说明的是,在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详细描述的部分,可以参见其它实施例的相关描述。It should be noted that, in the foregoing embodiments, descriptions of each embodiment have their own emphases, and for parts that are not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式计算机或者其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce a machine for A device for realizing the functions specified in one or more procedures of a flowchart and/or one or more blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is understood. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包括这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies thereof, the present invention also intends to include these modifications and variations.

Claims (10)

1. A method for relocation repair across DLLs, comprising:
when a second DLL is loaded in the system, acquiring a repair opportunity for relocating data items in copied function codes, wherein the copied function codes are function codes which are copied from the first DLL to the second DLL;
and repairing the relocated data item in the copied function code based on the repair opportunity.
2. The relocation repair method according to claim 1, wherein said obtaining a repair time for the relocated data item in the copied function code when loading the second DLL in the system, comprises:
and searching all relocation data items in a relocation table of a second DLL, adding a Hook point after a code segment corresponding to the last relocation data item, and when the system finishes repairing all the relocation data items in the second DLL, triggering the Hook point and sensing the repair time of the copied function code.
3. The relocation repair method according to claim 2, wherein said adding a Hook point after the code section corresponding to the last relocation data item comprises:
detecting the type and the version of a current operating system, inquiring a corresponding Hook scheme on a server according to the type and the version of the current operating system, and adding a Hook point after a code segment corresponding to a last relocation data item based on the Hook scheme, wherein the server is configured with Hook schemes corresponding to systems of different types and different versions.
4. The relocation repair method according to claim 1, wherein said obtaining a repair opportunity for the relocated data item in the copied function code when loading a second DLL in the system, comprises:
searching all the relocation data items in the relocation table of the second DLL, setting a hardware writing breakpoint after a code segment corresponding to the last relocation data item, and triggering the hardware writing breakpoint to sense the repair time of the copied function code when the system copies the function code at the hardware writing breakpoint after repairing all the relocation data items in the second DLL.
5. The relocation repair method according to any one of claims 1 to 4, wherein the repairing the relocated data item in the copied function code based on the repair opportunity comprises:
according to the copied function code, all relocation data items of the copied function code are searched in a relocation table of a first DLL;
for any relocation data item, obtaining an offset address of the any relocation data item in a first DLL;
calculating an offset address of the any relocation data item in the copied function code;
calculating the actual memory address of any relocation data item in the second DLL;
and calculating a first preset load address of any relocation data item in the second DLL based on the actual memory address of any relocation data item in the second DLL.
6. The relocation repair method according to claim 5, wherein the relocation table stores the memory address of each relocation data item, and the searching all relocation data items of the copied function code in the relocation table of the first DLL according to the copied function code comprises:
for any relocation data item in the relocation table, if the memory address of any relocation data item falls between the start address and the end address of the copied function code, the any relocation data item is the relocation data item of the copied function code;
and traversing all the relocation data items in the relocation table to find all the relocation data items of the copied function code.
7. The relocation repair method according to claim 5, wherein said calculating an offset address of said any one of the relocation data items in the copied function code comprises:
acquiring an initial address addrSrc loaded into a memory by a first DLL;
acquiring a starting address Src _ Addr = addrSrc + offset1 of the copied function code in the first DLL, wherein the offset1 is an offset address of the copied function code in the first DLL;
and calculating the offset address Address 1= VirtualAddress-Src _ Address of any relocation data item in the copied function code based on the offset address VirtualAddress of any relocation data item in the first DLL and the starting address of the copied function code in the first DLL.
8. The relocation repair method according to claim 7, wherein said calculating the actual memory address of said any one of the relocation data items in the second DLL comprises:
acquiring an initial address addrDST loaded to a memory by a second DLL;
obtaining a memory start address Dst _ Addr = addrDst + offset2 of the copied function code in the second DLL, wherein the offset2 is an offset address of the copied function code in the second DLL;
and calculating the actual memory address of any relocation data item in the second DLL based on the offset address of any relocation data item in the copied function code, the starting address addrDST loaded to the memory by the second DLL and the memory starting address Dst _ Addr of the copied function code in the second DLL.
9. The relocation repair method according to claim 8, wherein said calculating a first preset load address of any one of the relocation data items in a second DLL based on an actual memory address of the any one of the relocation data items in the second DLL comprises:
calculating a difference value Diff between an initial address loaded into a memory by a first DLL and a first preset loading address;
and calculating a second preset load address of any relocation data item in the second DLL based on the actual memory address of any relocation data item in the second DLL and the difference value.
10. A relocation repair system across DLLs, comprising:
the system comprises an acquisition module, a restoration module and a restoration module, wherein the acquisition module is used for acquiring the restoration opportunity of the relocated data item in the copied function code when a second DLL is loaded in the system, and the copied function code is the function code copied from the first DLL to the second DLL;
and the repairing module is used for repairing the relocated data item in the copied function code based on the repairing opportunity.
CN202110575709.4A 2021-05-26 2021-05-26 Cross-DLL repositioning repair method and system Pending CN115408181A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110575709.4A CN115408181A (en) 2021-05-26 2021-05-26 Cross-DLL repositioning repair method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110575709.4A CN115408181A (en) 2021-05-26 2021-05-26 Cross-DLL repositioning repair method and system

Publications (1)

Publication Number Publication Date
CN115408181A true CN115408181A (en) 2022-11-29

Family

ID=84156386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110575709.4A Pending CN115408181A (en) 2021-05-26 2021-05-26 Cross-DLL repositioning repair method and system

Country Status (1)

Country Link
CN (1) CN115408181A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6163858A (en) * 1998-06-08 2000-12-19 Oracle Corporation Diagnostic methodology for debugging integrated software
CN101309149A (en) * 2008-06-30 2008-11-19 华为技术有限公司 An address processing method and device
CN105843640A (en) * 2016-03-21 2016-08-10 武汉斗鱼网络科技有限公司 Dynamic link library injection method and apparatus
CN110298175A (en) * 2019-07-05 2019-10-01 武汉斗鱼网络科技有限公司 A kind of processing method and relevant apparatus of dll file

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6163858A (en) * 1998-06-08 2000-12-19 Oracle Corporation Diagnostic methodology for debugging integrated software
CN101309149A (en) * 2008-06-30 2008-11-19 华为技术有限公司 An address processing method and device
CN105843640A (en) * 2016-03-21 2016-08-10 武汉斗鱼网络科技有限公司 Dynamic link library injection method and apparatus
CN110298175A (en) * 2019-07-05 2019-10-01 武汉斗鱼网络科技有限公司 A kind of processing method and relevant apparatus of dll file

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
舒敬荣;朱安国;齐善明;: "HOOK API时代码注入方法和函数重定向技术研究", 计算机应用与软件, no. 05, 15 May 2009 (2009-05-15), pages 113 - 116 *

Similar Documents

Publication Publication Date Title
US8250543B2 (en) Software tracing
US8776014B2 (en) Software build analysis
US8930915B2 (en) System and method for mitigating repeated crashes of an application resulting from supplemental code
Choi et al. Race frontier: Reproducing data races in parallel-program debugging
US8291379B2 (en) Runtime analysis of a computer program to identify improper memory accesses that cause further problems
US8479166B2 (en) Detecting locking discipline violations on shared resources
US20140282431A1 (en) Native code profiler framework
CN112041824B (en) Selective tracing of portions of computer process execution
WO2019047480A1 (en) Program update method, computer-readable storage medium, terminal device and apparatus
US7516166B2 (en) Resource loading
US10768928B2 (en) Software development work item management system
US20080126873A1 (en) Resource efficient software tracing for problem diagnosis
CN112099880A (en) Scenario-driven application reduction method and system
US20130185602A1 (en) Heap dump occurrence detection
US20080046858A1 (en) Method and apparatus for merge condition detection
CN109885489B (en) Data race detection method and device in driver
CN115408181A (en) Cross-DLL repositioning repair method and system
CN108959419A (en) Processing method, device, computer equipment and the storage medium of video file record
CN102736974A (en) Program debugging system and method
US8930420B2 (en) Orphan object tracking for objects having acquire-release semantics
KR20110095050A (en) Shared library debugging device
WO2023169164A1 (en) Method and apparatus for restoring application program, and computer device and storage medium
Borodin et al. Deterministic static analysis
CN114968702A (en) Memory statistical method, memory statistical device and computer readable storage medium
JPH0731617B2 (en) Program runaway detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载