// 计算函数真实地址
unsigned char* funaddr= (unsigned char*)f;//void f(){}
if(funaddr[0]==0xE9)// 判断是否为虚拟函数地址,E9为jmp指令
{
unsigned long realaddr=(unsigned long)f;
realaddr += funaddr[2]*0x100 +funaddr[1] +5;
printf( "函数实际地址:0x%0X/n", realaddr);
}
///
得到函数机器码的长度,检查return 0xc3
unsigned char* p = (unsigned char*)realaddr;
int i = 0 ;
while(p[i++] != 0xc3); //计算函数的长度。