When I tried to hook some functions, it caused the program to crash

[bbsuuo]

include "v8hook.h"

include "logger.h"

include "utill.h"

include "polyhook2/Detour/x86Detour.hpp"

namespace ts::v8hook { std::unique_ptr detourV8Init; std::unique_ptr detourV8IsolateNew; std::unique_ptr detourV8ContextNew; std::unique_ptr detourV8ScriptRun; std::unique_ptr detourV8ScriptRunWithContext; std::unique_ptr detourV8ScriptCompile; std::unique_ptr detourV8ScriptCompileWithOrigin; std::unique_ptr detourV8ScriptCompileWithContextAndOrigin;

uint64_t TrampolineV8Initialize;
uint64_t TrampolineV8IsolateNew;
uint64_t TrampolineV8ContextNew;
uint64_t TrampolineV8ScriptRun;
uint64_t TrampolineV8ScriptRunWithContext;
uint64_t TrampolineV8ScriptCompile;
uint64_t TrampolineV8ScriptCompileWithOrigin;
uint64_t TrampolineV8ScriptCompileWithContextAndOrigin;

//check done
bool HookV8Initialize() {
    LOG_INFO("V8Hook : V8 Initialize");
    typedef bool(*InitializeFnType)();
    InitializeFnType initializeFn = reinterpret_cast<InitializeFnType>(TrampolineV8Initialize);
    return initializeFn();
}

//check done
void* HookV8IsolateNew(void* params)
{
    LOG_INFO("V8Hook :New V8 Isolate");
    typedef void* (*NewFunc)(void*);
    NewFunc newFunc = reinterpret_cast<NewFunc>(TrampolineV8IsolateNew);
    return newFunc(params);
}

//check done
void* HookV8ContextNew(void* isolate, void* extensionConfiguration, void* maybeLocalObjectTemplate, void* maybeLocalValue, void* deserializeInternalFieldsCallback) {
    LOG_INFO("V8Hook :New V8 Context");
    typedef void* (*NewFunc)(void*, void*, void*, void*, void*);
    NewFunc newFunc = reinterpret_cast<NewFunc>(TrampolineV8ContextNew);
    return newFunc(isolate, extensionConfiguration, maybeLocalObjectTemplate, maybeLocalValue, deserializeInternalFieldsCallback);
}

//check done
void* HookV8ScriptRun(void* thisPointer) {
    LOG_INFO("V8Hook :Run V8 Script");
    typedef void* (*RunFunc)(void*);
    RunFunc runFunc = reinterpret_cast<RunFunc>(TrampolineV8ScriptRun);
    return runFunc(thisPointer);
}

//'public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)'
void* HookV8ScriptRunWithContext(void* thisPointer, void* content) {
    LOG_INFO("V8Hook :Run V8 Script with Context");
    typedef void* (*RunFuncWithContext)(void*,void*);
    RunFuncWithContext runFunc = reinterpret_cast<RunFuncWithContext>(TrampolineV8ScriptRunWithContext);
    return runFunc(thisPointer, content);
}
//public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)
void* HookV8ScriptCompile(void* string1, void* string2) {
    LOG_INFO("V8Hook :Compile V8 Script");
    typedef void* (*CompileFunc)(void*, void*);
    CompileFunc compileFunc = reinterpret_cast<CompileFunc>(TrampolineV8ScriptCompile);
    return compileFunc(string1, string2);
}
//public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)
void* HookV8ScriptCompileWithOrigin(void* string, void* scriptOrigin) {
    LOG_INFO("V8Hook :Compile V8 Script with Origin");
    typedef void* (*CompileFuncWithOrigin)(void*, void*);
    CompileFuncWithOrigin compileFunc = reinterpret_cast<CompileFuncWithOrigin>(TrampolineV8ScriptCompileWithOrigin);
    return compileFunc(string, scriptOrigin);
}

//check done
//public: static class v8::MaybeLocal<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::Context>,class v8::Local<class v8::String>,class v8::ScriptOrigin *)
void* HookV8ScriptCompileWithContextAndOrigin(void* context, void* string, void* scriptOrigin) {
    LOG_INFO("V8Hook :Compile V8 Script with Context and Origin");
    typedef void* (*CompileFuncWithContextAndOrigin)(void*, void*, void*);
    CompileFuncWithContextAndOrigin compileFunc = reinterpret_cast<CompileFuncWithContextAndOrigin>(TrampolineV8ScriptCompileWithContextAndOrigin);
    return compileFunc(context, string, scriptOrigin);
}

void checkFunctionAndHooking(const std::string& undecoratedName, DWORD functionAddress)
{
    if (undecoratedName == "public: static bool __cdecl v8::V8::Initialize(void)") {
        LOG_INFO("Found v8::V8::Initialize at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8Init = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8Initialize, &TrampolineV8Initialize);

        if (!detourV8Init->hook())
        {
            LOG_WARN("V8 Initialize Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Succuess!");
        }
    }

    //v8::Isolate::New 'public: static class v8::Isolate * __cdecl v8::Isolate::New(struct v8::Isolate::CreateParams const &)' MangleName : '?New@Isolate@v8@@SAPAV12@ABUCreateParams@12@@Z' ,Address '263746512'
    else if (undecoratedName == "public: static class v8::Isolate * __cdecl v8::Isolate::New(struct v8::Isolate::CreateParams const &)") {
        LOG_INFO("Found v8::Isolate::New at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8IsolateNew = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8IsolateNew, &TrampolineV8IsolateNew);

        if (!detourV8IsolateNew->hook())
        {
            LOG_WARN("V8 Isolate New Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Isolate New Succuess!");
        }
    }
    //v8::Context::New  'public: static class v8::Local<class v8::Context> __cdecl v8::Context::New(class v8::Isolate *,class v8::ExtensionConfiguration *,class v8::MaybeLocal<class v8::ObjectTemplate>,class v8::MaybeLocal<class v8::Value>,struct v8::DeserializeInternalFieldsCallback)' MangleName : '?New@Context@v8@@SA?AV?$Local@VContext@v8@@@2@PAVIsolate@2@PAVExtensionConfiguration@2@V?$MaybeLocal@VObjectTemplate@v8@@@2@V?$MaybeLocal@VValue@v8@@@2@UDeserializeInternalFieldsCallback@2@@Z' ,Address '263580112'
    else if (undecoratedName == "public: static class v8::Local<class v8::Context> __cdecl v8::Context::New(class v8::Isolate *,class v8::ExtensionConfiguration *,class v8::MaybeLocal<class v8::ObjectTemplate>,class v8::MaybeLocal<class v8::Value>,struct v8::DeserializeInternalFieldsCallback)") {
        LOG_INFO("Found v8::Context::New at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ContextNew = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ContextNew, &TrampolineV8ContextNew);

        if (!detourV8ContextNew->hook())
        {
            LOG_WARN("V8 Context New Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Context New Succuess!");
        }
    }
    //: 'public: class v8::Local<class v8::Value> __thiscall v8::Script::Run(void)'
    else if (undecoratedName == "public: class v8::Local<class v8::Value> __thiscall v8::Script::Run(void)") 
    {
        //Crash
        //LOG_INFO("Found v8::Script::Run at address {}", ts::utill::dword_to_string(functionAddress));
        //detourV8ScriptRun = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptRun, &TrampolineV8ScriptRun);

        //if (!detourV8ScriptRun->hook())
        //{
        //  LOG_WARN("V8 Script Run Hook Failure");
        //}
        //else
        //{
        //  LOG_INFO("Hooked V8 Script Run Succuess!");
        //}     
    }
    //'public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)'
    else if (undecoratedName == "public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)") 
    {
        //Crash
        //LOG_INFO("Found v8::Script::Run with Context at address {}", ts::utill::dword_to_string(functionAddress));
        //detourV8ScriptRunWithContext = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptRunWithContext, &TrampolineV8ScriptRunWithContext);

        //if (!detourV8ScriptRunWithContext->hook())
        //{
        //  LOG_WARN("V8 Script Run with Context Hook Failure");
        //}
        //else
        //{
        //  LOG_INFO("Hooked V8 Script Run with Context Succuess!");
        //}
    }
    //public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)
    else if (undecoratedName == "public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)")
    {
        //check down
        LOG_INFO("Found v8::Script::Compile at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompile = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompile, &TrampolineV8ScriptCompile);

        if (!detourV8ScriptCompile->hook())
        {
            LOG_WARN("V8 Script Compile Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile Succuess!");
        }   
    }
    //public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)
    else if (undecoratedName == "public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)") 
    {
        LOG_INFO("Found v8::Script::Compile with Origin at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompileWithOrigin = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompileWithOrigin, &TrampolineV8ScriptCompileWithOrigin);

        if (!detourV8ScriptCompileWithOrigin->hook())
        {
            LOG_WARN("V8 Script Compile with Origin Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile with Origin Succuess!");
        }

    }
    else if (undecoratedName == "public: static class v8::MaybeLocal<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::Context>,class v8::Local<class v8::String>,class v8::ScriptOrigin *)")
    {
        //Crash
        //LOG_INFO("Found v8::Script::Compile with Context and Origin at address {}", ts::utill::dword_to_string(functionAddress));
        //detourV8ScriptCompileWithContextAndOrigin = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompileWithContextAndOrigin, &TrampolineV8ScriptCompileWithContextAndOrigin);
        //if (!detourV8ScriptCompileWithContextAndOrigin->hook())
        //{
        //  LOG_WARN("V8 Script Compile with ContextAndOrigin Hook Failure");
        //}
        //else
        //{
        //  LOG_INFO("Hooked V8 Script Compile with ContextAndOrigin Succuess!");
        //}

    }
}

}

I created some hooks, most of which run successfully, but hooking a few functions causes the program to crash. To be precise, the commented-out hook functions in the above code will cause a crash

I wrote the corresponding function signatures in the comments. Among them, HookV8ScriptRun and HookV8ScriptRunWithContext are member functions. I'm not sure if I set the hooks correctly, as this is my first attempt to hook member functions (excluding constructors).

But there is also a static function, v8::Script::Compile, and hooking into it seems to cause the program to crash as well.

I'm not sure if it's a problem with the hooking itself, or if an error occurred due to type conversion in the hook.cause I didn't find any useful information in the logs (I'm not sure if it's because my logging system failed due to the final program crash, or if the hook function was not triggered at all).

[bbsuuo]

Below is a log generated when I enable the hook for the public: class v8::MaybeLocal __thiscall v8::Script::Run(class v8::Local) function

Process ID: 44788 │ INFO│ 00:34:51.298 │ 20:bootstrap.cpp ┃ Enter Process : '44788' Process ID: 44788 │ INFO│ 00:34:51.298 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 44788 │ INFO│ 00:34:51.298 │ 24:bootstrap.cpp ┃ First Process : '44788' Process ID: 44788 │ INFO│ 00:34:51.298 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp 764016c5 [1]: 5d pop ebp 764016c6 [6]: ff 25 20 12 46 76 jmp dword ptr ds:[0x76461220]

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 49f9eb8 [2]: 8b ff mov edi, edi 49f9eba [1]: 55 push ebp 49f9ebb [2]: 8b ec mov ebp, esp 49f9ebd [5]: e9 03 78 a0 71 jmp 0x764016C5 -> 764016c5

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 764016c0 [5]: e9 cb 0d 34 05 jmp 0x000000007b742490

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp 763ff3a5 [1]: 5d pop ebp 763ff3a6 [6]: ff 25 f0 11 46 76 jmp dword ptr ds:[0x764611F0]

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 49f9ee8 [2]: 8b ff mov edi, edi 49f9eea [1]: 55 push ebp 49f9eeb [2]: 8b ec mov ebp, esp 49f9eed [5]: e9 b3 54 a0 71 jmp 0x763FF3A5 -> 763ff3a5

' Process ID: 44788 │ INFO│ 00:34:51.298 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 763ff3a0 [5]: e9 eb 2f 34 05 jmp 0x000000007b742390

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp 76400bd5 [1]: 5d pop ebp 76400bd6 [6]: ff 25 1c 12 46 76 jmp dword ptr ds:[0x7646121C]

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 49fa278 [2]: 8b ff mov edi, edi 49fa27a [1]: 55 push ebp 49fa27b [2]: 8b ec mov ebp, esp 49fa27d [5]: e9 53 69 a0 71 jmp 0x76400BD5 -> 76400bd5

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76400bd0 [5]: e9 fb 16 34 05 jmp 0x000000007b7422d0

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp 76401625 [1]: 5d pop ebp 76401626 [6]: ff 25 b8 11 46 76 jmp dword ptr ds:[0x764611B8]

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 49fa2d8 [2]: 8b ff mov edi, edi 49fa2da [1]: 55 push ebp 49fa2db [2]: 8b ec mov ebp, esp 49fa2dd [5]: e9 43 73 a0 71 jmp 0x76401625 -> 76401625

' Process ID: 44788 │ INFO│ 00:34:51.299 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76401620 [5]: e9 0b 0d 34 05 jmp 0x000000007b742330

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 170:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi 10628135 [1]: 56 push esi 10628136 [3]: 83 ec 28 sub esp, 0x28 10628139 [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 1062813e [3]: 8b 5d 0c mov ebx, dword ptr ss:[ebp+0x0C] 10628141 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 10628144 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 10628147 [2]: 31 e8 xor eax, ebp 10628149 [3]: 89 45 f0 mov dword ptr ss:[ebp-0x10], eax 1062814c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10628151 [2]: 23 03 and eax, dword ptr ds:[ebx] 10628153 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 10628156 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 1062815c [2]: 31 c0 xor eax, eax 1062815e [2]: 85 c9 test ecx, ecx 10628160 [2]: 74 52 jz 0x106281B4 -> 106281b4 10628162 [3]: 8b 71 13 mov esi, dword ptr ds:[ecx+0x13] 10628165 [2]: 85 f6 test esi, esi 10628167 [2]: 74 4b jz 0x106281B4 -> 106281b4 10628169 [2]: 89 f0 mov eax, esi 1062816b [5]: 25 00 00 f8 ff and eax, 0xFFF80000 10628170 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10628173 [6]: 8b 8f a8 0f 00 00 mov ecx, dword ptr ds:[edi+0xFA8] 10628179 [2]: 85 c9 test ecx, ecx 1062817b [2]: 74 0c jz 0x10628189 -> 10628189 1062817d [1]: 56 push esi 1062817e [2]: 89 d6 mov esi, edx 10628180 [5]: e8 8b 27 2f 00 call 0x1091A910 -> 1091a910 10628185 [2]: 89 f2 mov edx, esi 10628187 [2]: eb 28 jmp 0x106281B1 -> 106281b1

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a141e8 [1]: 55 push ebp 4a141e9 [2]: 89 e5 mov ebp, esp 4a141eb [1]: 53 push ebx 4a141ec [1]: 57 push edi 4a141ed [5]: e9 43 3f c1 0b jmp 0x10628135 -> 10628135

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10628130 [5]: e9 5b 13 13 6b jmp 0x000000007b759490

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 179:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 44788 │ INFO│ 00:34:51.344 │ 185:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi 106280a5 [1]: 56 push esi 106280a6 [3]: 8b 7d 0c mov edi, dword ptr ss:[ebp+0x0C] 106280a9 [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 106280ae [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 106280b1 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 106280b4 [2]: 23 07 and eax, dword ptr ds:[edi] 106280b6 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 106280b9 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 106280bf [2]: 31 c0 xor eax, eax 106280c1 [2]: 85 c9 test ecx, ecx 106280c3 [2]: 74 52 jz 0x10628117 -> 10628117 106280c5 [3]: 8b 59 13 mov ebx, dword ptr ds:[ecx+0x13] 106280c8 [2]: 85 db test ebx, ebx 106280ca [2]: 74 4b jz 0x10628117 -> 10628117 106280cc [2]: 89 d8 mov eax, ebx 106280ce [5]: 25 00 00 f8 ff and eax, 0xFFF80000 106280d3 [3]: 8b 70 1c mov esi, dword ptr ds:[eax+0x1C] 106280d6 [6]: 8b 8e a8 0f 00 00 mov ecx, dword ptr ds:[esi+0xFA8] 106280dc [2]: 85 c9 test ecx, ecx 106280de [2]: 74 0c jz 0x106280EC -> 106280ec 106280e0 [1]: 53 push ebx 106280e1 [2]: 89 d6 mov esi, edx 106280e3 [5]: e8 28 28 2f 00 call 0x1091A910 -> 1091a910 106280e8 [2]: 89 f2 mov edx, esi 106280ea [2]: eb 28 jmp 0x10628114 -> 10628114

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a14338 [1]: 55 push ebp 4a14339 [2]: 89 e5 mov ebp, esp 4a1433b [1]: 53 push ebx 4a1433c [1]: 57 push edi 4a1433d [5]: e9 63 3d c1 0b jmp 0x106280A5 -> 106280a5

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106280a0 [5]: e9 1b 16 13 6b jmp 0x000000007b7596c0

' Process ID: 44788 │ INFO│ 00:34:51.344 │ 194:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 44788 │ INFO│ 00:34:51.349 │ 95:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 44788 │ INFO│ 00:34:51.349 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90 1063a948 [5]: e8 53 b6 65 00 call 0x10C95FA0 -> 10c95fa0 1063a94d [2]: b0 01 mov al, 0x01 1063a94f [1]: 5d pop ebp 1063a950 [1]: c3 ret ret

' Process ID: 44788 │ INFO│ 00:34:51.349 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90

' Process ID: 44788 │ INFO│ 00:34:51.349 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a14098 [1]: 55 push ebp 4a14099 [2]: 89 e5 mov ebp, esp 4a1409b [5]: e8 f0 a9 16 0c call 0x10B7EA90 -> 10b7ea90 4a140a0 [5]: e9 a3 68 c2 0b jmp 0x1063A948 -> 1063a948

' Process ID: 44788 │ INFO│ 00:34:51.349 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1063a940 [5]: e9 4b e9 11 6b jmp 0x000000007b759290

' Process ID: 44788 │ INFO│ 00:34:51.349 │ 104:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 44788 │ INFO│ 00:34:51.352 │ 124:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 44788 │ INFO│ 00:34:51.352 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 1061e9d7 [3]: ff 75 20 push dword ptr ss:[ebp+0x20] 1061e9da [3]: ff 75 1c push dword ptr ss:[ebp+0x1C] 1061e9dd [2]: 6a 00 push 0x00 1061e9df [3]: ff 75 18 push dword ptr ss:[ebp+0x18] 1061e9e2 [3]: ff 75 14 push dword ptr ss:[ebp+0x14] 1061e9e5 [3]: ff 75 10 push dword ptr ss:[ebp+0x10] 1061e9e8 [3]: ff 75 0c push dword ptr ss:[ebp+0x0C] 1061e9eb [1]: 56 push esi 1061e9ec [5]: e8 4f c0 01 00 call 0x1063AA40 -> 1063aa40 1061e9f1 [3]: 83 c4 20 add esp, 0x20 1061e9f4 [2]: 89 f0 mov eax, esi 1061e9f6 [1]: 5e pop esi 1061e9f7 [1]: 5d pop ebp 1061e9f8 [1]: c3 ret ret

' Process ID: 44788 │ INFO│ 00:34:51.352 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08]

' Process ID: 44788 │ INFO│ 00:34:51.352 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a140c8 [1]: 55 push ebp 4a140c9 [2]: 89 e5 mov ebp, esp 4a140cb [1]: 56 push esi 4a140cc [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 4a140cf [5]: e9 03 a9 c0 0b jmp 0x1061E9D7 -> 1061e9d7

' Process ID: 44788 │ INFO│ 00:34:51.352 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1061e9d0 [5]: e9 8b a7 13 6b jmp 0x000000007b759160

' Process ID: 44788 │ INFO│ 00:34:51.352 │ 133:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 44788 │ INFO│ 00:34:51.353 │ 110:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 44788 │ INFO│ 00:34:51.353 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi 106473d5 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 106473d8 [5]: 68 f8 42 00 00 push 0x42F8 106473dd [5]: e8 b4 f6 65 03 call 0x13CA6A96 -> 13ca6a96 106473e2 [3]: 83 c4 04 add esp, 0x04 106473e5 [2]: 89 c6 mov esi, eax 106473e7 [2]: 89 f1 mov ecx, esi 106473e9 [2]: 6a 00 push 0x00 106473eb [5]: e8 d0 1b 37 00 call 0x109B8FC0 -> 109b8fc0 106473f0 [1]: 57 push edi 106473f1 [1]: 56 push esi 106473f2 [5]: e8 09 00 00 00 call 0x10647400 -> 10647400 106473f7 [3]: 83 c4 08 add esp, 0x08 106473fa [1]: 5e pop esi 106473fb [1]: 5f pop edi 106473fc [1]: 5d pop ebp 106473fd [1]: c3 ret ret

' Process ID: 44788 │ INFO│ 00:34:51.353 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi

' Process ID: 44788 │ INFO│ 00:34:51.353 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a14278 [1]: 55 push ebp 4a14279 [2]: 89 e5 mov ebp, esp 4a1427b [1]: 57 push edi 4a1427c [1]: 56 push esi 4a1427d [5]: e9 53 31 c3 0b jmp 0x106473D5 -> 106473d5

' Process ID: 44788 │ INFO│ 00:34:51.353 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106473d0 [5]: e9 bb 1f 11 6b jmp 0x000000007b759390

' Process ID: 44788 │ INFO│ 00:34:51.353 │ 119:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 44788 │ INFO│ 00:34:51.356 │ 154:v8hook.cpp ┃ Found v8::Script::Run with Context at address 274877456 Process ID: 44788 │ INFO│ 00:34:51.356 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi 10624c15 [1]: 56 push esi 10624c16 [3]: 83 e4 f8 and esp, 0xFFFFFFF8 10624c19 [3]: 83 ec 78 sub esp, 0x78 10624c1c [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 10624c21 [2]: 89 cb mov ebx, ecx 10624c23 [3]: 8b 4d 0c mov ecx, dword ptr ss:[ebp+0x0C] 10624c26 [2]: 31 e8 xor eax, ebp 10624c28 [4]: 89 44 24 70 mov dword ptr ss:[esp+0x70], eax 10624c2c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10624c31 [4]: 89 4c 24 08 mov dword ptr ss:[esp+0x08], ecx 10624c35 [2]: 23 01 and eax, dword ptr ds:[ecx] 10624c37 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10624c3a [5]: a1 7c 4b 99 14 mov eax, dword ptr ds:[0x14994B7C] 10624c3f [2]: 85 c0 test eax, eax 10624c41 [2]: 75 16 jnz 0x10624C59 -> 10624c59 10624c43 [5]: e8 38 31 55 00 call 0x10B77D80 -> 10b77d80 10624c48 [2]: 8b 10 mov edx, dword ptr ds:[eax] 10624c4a [2]: 89 c1 mov ecx, eax 10624c4c [5]: 68 29 1e e1 13 push 0x13E11E29 10624c51 [3]: ff 52 04 call dword ptr ds:[edx+0x04] 10624c54 [5]: a3 7c 4b 99 14 mov dword ptr ds:[0x14994B7C], eax 10624c59 [8]: c7 44 24 60 00 00 00 00 mov dword ptr ss:[esp+0x60], 0x00 10624c61 [3]: 83 c7 f0 add edi, 0xFFFFFFF0 10624c64 [3]: f6 00 05 test byte ptr ds:[eax], 0x05 10624c67 [2]: 74 10 jz 0x10624C79 -> 10624c79 10624c69 [4]: 8d 4c 24 5c lea ecx, ss:[esp+0x5C] 10624c6d [5]: 68 2c 1e e1 13 push 0x13E11E2C 10624c72 [1]: 50 push eax 10624c73 [1]: 57 push edi

' Process ID: 44788 │ INFO│ 00:34:51.356 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi

' Process ID: 44788 │ INFO│ 00:34:51.356 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4a14308 [1]: 55 push ebp 4a14309 [2]: 89 e5 mov ebp, esp 4a1430b [1]: 53 push ebx 4a1430c [1]: 57 push edi 4a1430d [5]: e9 03 09 c1 0b jmp 0x10624C15 -> 10624c15

' Process ID: 44788 │ INFO│ 00:34:51.356 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10624c10 [5]: e9 bb 4c 13 6b jmp 0x000000007b7598d0

' Process ID: 44788 │ INFO│ 00:34:51.356 │ 163:v8hook.cpp ┃ Hooked V8 Script Run with Context Succuess! Process ID: 22556 │ INFO│ 00:34:51.386 │ 20:bootstrap.cpp ┃ Enter Process : '22556' Process ID: 22556 │ INFO│ 00:34:51.386 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 22556 │ INFO│ 00:34:51.387 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp 764016c5 [1]: 5d pop ebp 764016c6 [6]: ff 25 20 12 46 76 jmp dword ptr ds:[0x76461220]

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5409908 [2]: 8b ff mov edi, edi 540990a [1]: 55 push ebp 540990b [2]: 8b ec mov ebp, esp 540990d [5]: e9 b3 7d ff 70 jmp 0x764016C5 -> 764016c5

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 764016c0 [5]: e9 cb 0d 34 05 jmp 0x000000007b742490

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp 763ff3a5 [1]: 5d pop ebp 763ff3a6 [6]: ff 25 f0 11 46 76 jmp dword ptr ds:[0x764611F0]

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 54097b8 [2]: 8b ff mov edi, edi 54097ba [1]: 55 push ebp 54097bb [2]: 8b ec mov ebp, esp 54097bd [5]: e9 e3 5b ff 70 jmp 0x763FF3A5 -> 763ff3a5

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 763ff3a0 [5]: e9 eb 2f 34 05 jmp 0x000000007b742390

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp 76400bd5 [1]: 5d pop ebp 76400bd6 [6]: ff 25 1c 12 46 76 jmp dword ptr ds:[0x7646121C]

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5409818 [2]: 8b ff mov edi, edi 540981a [1]: 55 push ebp 540981b [2]: 8b ec mov ebp, esp 540981d [5]: e9 b3 73 ff 70 jmp 0x76400BD5 -> 76400bd5

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76400bd0 [5]: e9 fb 16 34 05 jmp 0x000000007b7422d0

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp 76401625 [1]: 5d pop ebp 76401626 [6]: ff 25 b8 11 46 76 jmp dword ptr ds:[0x764611B8]

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5409848 [2]: 8b ff mov edi, edi 540984a [1]: 55 push ebp 540984b [2]: 8b ec mov ebp, esp 540984d [5]: e9 d3 7d ff 70 jmp 0x76401625 -> 76401625

' Process ID: 22556 │ INFO│ 00:34:51.387 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76401620 [5]: e9 0b 0d 34 05 jmp 0x000000007b742330

' Process ID: 46720 │ INFO│ 00:34:51.416 │ 20:bootstrap.cpp ┃ Enter Process : '46720' Process ID: 46720 │ INFO│ 00:34:51.416 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 46720 │ INFO│ 00:34:51.417 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp 764016c5 [1]: 5d pop ebp 764016c6 [6]: ff 25 20 12 46 76 jmp dword ptr ds:[0x76461220]

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ca9e78 [2]: 8b ff mov edi, edi 4ca9e7a [1]: 55 push ebp 4ca9e7b [2]: 8b ec mov ebp, esp 4ca9e7d [5]: e9 43 78 75 71 jmp 0x764016C5 -> 764016c5

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 764016c0 [5]: e9 cb 0d 34 05 jmp 0x000000007b742490

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp 763ff3a5 [1]: 5d pop ebp 763ff3a6 [6]: ff 25 f0 11 46 76 jmp dword ptr ds:[0x764611F0]

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ca9ed8 [2]: 8b ff mov edi, edi 4ca9eda [1]: 55 push ebp 4ca9edb [2]: 8b ec mov ebp, esp 4ca9edd [5]: e9 c3 54 75 71 jmp 0x763FF3A5 -> 763ff3a5

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 763ff3a0 [5]: e9 eb 2f 34 05 jmp 0x000000007b742390

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp 76400bd5 [1]: 5d pop ebp 76400bd6 [6]: ff 25 1c 12 46 76 jmp dword ptr ds:[0x7646121C]

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ca9f38 [2]: 8b ff mov edi, edi 4ca9f3a [1]: 55 push ebp 4ca9f3b [2]: 8b ec mov ebp, esp 4ca9f3d [5]: e9 93 6c 75 71 jmp 0x76400BD5 -> 76400bd5

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76400bd0 [5]: e9 fb 16 34 05 jmp 0x000000007b7422d0

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp 76401625 [1]: 5d pop ebp 76401626 [6]: ff 25 b8 11 46 76 jmp dword ptr ds:[0x764611B8]

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ca9848 [2]: 8b ff mov edi, edi 4ca984a [1]: 55 push ebp 4ca984b [2]: 8b ec mov ebp, esp 4ca984d [5]: e9 d3 7d 75 71 jmp 0x76401625 -> 76401625

' Process ID: 46720 │ INFO│ 00:34:51.417 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76401620 [5]: e9 0b 0d 34 05 jmp 0x000000007b742330

' Process ID: 43956 │ INFO│ 00:34:51.580 │ 20:bootstrap.cpp ┃ Enter Process : '43956' Process ID: 43956 │ INFO│ 00:34:51.580 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 43956 │ INFO│ 00:34:51.582 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp 764016c5 [1]: 5d pop ebp 764016c6 [6]: ff 25 20 12 46 76 jmp dword ptr ds:[0x76461220]

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4abafc0 [2]: 8b ff mov edi, edi 4abafc2 [1]: 55 push ebp 4abafc3 [2]: 8b ec mov ebp, esp 4abafc5 [5]: e9 fb 66 94 71 jmp 0x764016C5 -> 764016c5

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 764016c0 [5]: e9 cb 0d 34 05 jmp 0x000000007b742490

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp 763ff3a5 [1]: 5d pop ebp 763ff3a6 [6]: ff 25 f0 11 46 76 jmp dword ptr ds:[0x764611F0]

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4abb2c0 [2]: 8b ff mov edi, edi 4abb2c2 [1]: 55 push ebp 4abb2c3 [2]: 8b ec mov ebp, esp 4abb2c5 [5]: e9 db 40 94 71 jmp 0x763FF3A5 -> 763ff3a5

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 763ff3a0 [5]: e9 eb 2f 34 05 jmp 0x000000007b742390

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp 76400bd5 [1]: 5d pop ebp 76400bd6 [6]: ff 25 1c 12 46 76 jmp dword ptr ds:[0x7646121C]

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4abb2f0 [2]: 8b ff mov edi, edi 4abb2f2 [1]: 55 push ebp 4abb2f3 [2]: 8b ec mov ebp, esp 4abb2f5 [5]: e9 db 58 94 71 jmp 0x76400BD5 -> 76400bd5

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76400bd0 [5]: e9 fb 16 34 05 jmp 0x000000007b7422d0

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp 76401625 [1]: 5d pop ebp 76401626 [6]: ff 25 b8 11 46 76 jmp dword ptr ds:[0x764611B8]

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4abaf90 [2]: 8b ff mov edi, edi 4abaf92 [1]: 55 push ebp 4abaf93 [2]: 8b ec mov ebp, esp 4abaf95 [5]: e9 8b 66 94 71 jmp 0x76401625 -> 76401625

' Process ID: 43956 │ INFO│ 00:34:51.582 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76401620 [5]: e9 0b 0d 34 05 jmp 0x000000007b742330

' Process ID: 43956 │ INFO│ 00:34:51.674 │ 170:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 43956 │ INFO│ 00:34:51.674 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi 10628135 [1]: 56 push esi 10628136 [3]: 83 ec 28 sub esp, 0x28 10628139 [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 1062813e [3]: 8b 5d 0c mov ebx, dword ptr ss:[ebp+0x0C] 10628141 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 10628144 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 10628147 [2]: 31 e8 xor eax, ebp 10628149 [3]: 89 45 f0 mov dword ptr ss:[ebp-0x10], eax 1062814c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10628151 [2]: 23 03 and eax, dword ptr ds:[ebx] 10628153 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 10628156 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 1062815c [2]: 31 c0 xor eax, eax 1062815e [2]: 85 c9 test ecx, ecx 10628160 [2]: 74 52 jz 0x106281B4 -> 106281b4 10628162 [3]: 8b 71 13 mov esi, dword ptr ds:[ecx+0x13] 10628165 [2]: 85 f6 test esi, esi 10628167 [2]: 74 4b jz 0x106281B4 -> 106281b4 10628169 [2]: 89 f0 mov eax, esi 1062816b [5]: 25 00 00 f8 ff and eax, 0xFFF80000 10628170 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10628173 [6]: 8b 8f a8 0f 00 00 mov ecx, dword ptr ds:[edi+0xFA8] 10628179 [2]: 85 c9 test ecx, ecx 1062817b [2]: 74 0c jz 0x10628189 -> 10628189 1062817d [1]: 56 push esi 1062817e [2]: 89 d6 mov esi, edx 10628180 [5]: e8 8b 27 2f 00 call 0x1091A910 -> 1091a910 10628185 [2]: 89 f2 mov edx, esi 10628187 [2]: eb 28 jmp 0x106281B1 -> 106281b1

' Process ID: 43956 │ INFO│ 00:34:51.674 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6718 [1]: 55 push ebp 4ad6719 [2]: 89 e5 mov ebp, esp 4ad671b [1]: 53 push ebx 4ad671c [1]: 57 push edi 4ad671d [5]: e9 13 1a b5 0b jmp 0x10628135 -> 10628135

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10628130 [5]: e9 5b 13 13 6b jmp 0x000000007b759490

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 179:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 43956 │ INFO│ 00:34:51.675 │ 185:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi 106280a5 [1]: 56 push esi 106280a6 [3]: 8b 7d 0c mov edi, dword ptr ss:[ebp+0x0C] 106280a9 [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 106280ae [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 106280b1 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 106280b4 [2]: 23 07 and eax, dword ptr ds:[edi] 106280b6 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 106280b9 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 106280bf [2]: 31 c0 xor eax, eax 106280c1 [2]: 85 c9 test ecx, ecx 106280c3 [2]: 74 52 jz 0x10628117 -> 10628117 106280c5 [3]: 8b 59 13 mov ebx, dword ptr ds:[ecx+0x13] 106280c8 [2]: 85 db test ebx, ebx 106280ca [2]: 74 4b jz 0x10628117 -> 10628117 106280cc [2]: 89 d8 mov eax, ebx 106280ce [5]: 25 00 00 f8 ff and eax, 0xFFF80000 106280d3 [3]: 8b 70 1c mov esi, dword ptr ds:[eax+0x1C] 106280d6 [6]: 8b 8e a8 0f 00 00 mov ecx, dword ptr ds:[esi+0xFA8] 106280dc [2]: 85 c9 test ecx, ecx 106280de [2]: 74 0c jz 0x106280EC -> 106280ec 106280e0 [1]: 53 push ebx 106280e1 [2]: 89 d6 mov esi, edx 106280e3 [5]: e8 28 28 2f 00 call 0x1091A910 -> 1091a910 106280e8 [2]: 89 f2 mov edx, esi 106280ea [2]: eb 28 jmp 0x10628114 -> 10628114

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6838 [1]: 55 push ebp 4ad6839 [2]: 89 e5 mov ebp, esp 4ad683b [1]: 53 push ebx 4ad683c [1]: 57 push edi 4ad683d [5]: e9 63 18 b5 0b jmp 0x106280A5 -> 106280a5

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106280a0 [5]: e9 1b 16 13 6b jmp 0x000000007b7596c0

' Process ID: 43956 │ INFO│ 00:34:51.675 │ 194:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 43956 │ INFO│ 00:34:51.682 │ 95:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 43956 │ INFO│ 00:34:51.682 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90 1063a948 [5]: e8 53 b6 65 00 call 0x10C95FA0 -> 10c95fa0 1063a94d [2]: b0 01 mov al, 0x01 1063a94f [1]: 5d pop ebp 1063a950 [1]: c3 ret ret

' Process ID: 43956 │ INFO│ 00:34:51.682 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90

' Process ID: 43956 │ INFO│ 00:34:51.683 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6b68 [1]: 55 push ebp 4ad6b69 [2]: 89 e5 mov ebp, esp 4ad6b6b [5]: e8 20 7f 0a 0c call 0x10B7EA90 -> 10b7ea90 4ad6b70 [5]: e9 d3 3d b6 0b jmp 0x1063A948 -> 1063a948

' Process ID: 43956 │ INFO│ 00:34:51.683 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1063a940 [5]: e9 4b e9 11 6b jmp 0x000000007b759290

' Process ID: 43956 │ INFO│ 00:34:51.683 │ 104:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 43956 │ INFO│ 00:34:51.687 │ 124:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 43956 │ INFO│ 00:34:51.687 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 1061e9d7 [3]: ff 75 20 push dword ptr ss:[ebp+0x20] 1061e9da [3]: ff 75 1c push dword ptr ss:[ebp+0x1C] 1061e9dd [2]: 6a 00 push 0x00 1061e9df [3]: ff 75 18 push dword ptr ss:[ebp+0x18] 1061e9e2 [3]: ff 75 14 push dword ptr ss:[ebp+0x14] 1061e9e5 [3]: ff 75 10 push dword ptr ss:[ebp+0x10] 1061e9e8 [3]: ff 75 0c push dword ptr ss:[ebp+0x0C] 1061e9eb [1]: 56 push esi 1061e9ec [5]: e8 4f c0 01 00 call 0x1063AA40 -> 1063aa40 1061e9f1 [3]: 83 c4 20 add esp, 0x20 1061e9f4 [2]: 89 f0 mov eax, esi 1061e9f6 [1]: 5e pop esi 1061e9f7 [1]: 5d pop ebp 1061e9f8 [1]: c3 ret ret

' Process ID: 43956 │ INFO│ 00:34:51.687 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08]

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6bc8 [1]: 55 push ebp 4ad6bc9 [2]: 89 e5 mov ebp, esp 4ad6bcb [1]: 56 push esi 4ad6bcc [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 4ad6bcf [5]: e9 03 7e b4 0b jmp 0x1061E9D7 -> 1061e9d7

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1061e9d0 [5]: e9 8b a7 13 6b jmp 0x000000007b759160

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 133:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 43956 │ INFO│ 00:34:51.688 │ 110:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi 106473d5 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 106473d8 [5]: 68 f8 42 00 00 push 0x42F8 106473dd [5]: e8 b4 f6 65 03 call 0x13CA6A96 -> 13ca6a96 106473e2 [3]: 83 c4 04 add esp, 0x04 106473e5 [2]: 89 c6 mov esi, eax 106473e7 [2]: 89 f1 mov ecx, esi 106473e9 [2]: 6a 00 push 0x00 106473eb [5]: e8 d0 1b 37 00 call 0x109B8FC0 -> 109b8fc0 106473f0 [1]: 57 push edi 106473f1 [1]: 56 push esi 106473f2 [5]: e8 09 00 00 00 call 0x10647400 -> 10647400 106473f7 [3]: 83 c4 08 add esp, 0x08 106473fa [1]: 5e pop esi 106473fb [1]: 5f pop edi 106473fc [1]: 5d pop ebp 106473fd [1]: c3 ret ret

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6aa8 [1]: 55 push ebp 4ad6aa9 [2]: 89 e5 mov ebp, esp 4ad6aab [1]: 57 push edi 4ad6aac [1]: 56 push esi 4ad6aad [5]: e9 23 09 b7 0b jmp 0x106473D5 -> 106473d5

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106473d0 [5]: e9 bb 1f 11 6b jmp 0x000000007b759390

' Process ID: 43956 │ INFO│ 00:34:51.688 │ 119:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 43956 │ INFO│ 00:34:51.695 │ 154:v8hook.cpp ┃ Found v8::Script::Run with Context at address 274877456 Process ID: 43956 │ INFO│ 00:34:51.695 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi 10624c15 [1]: 56 push esi 10624c16 [3]: 83 e4 f8 and esp, 0xFFFFFFF8 10624c19 [3]: 83 ec 78 sub esp, 0x78 10624c1c [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 10624c21 [2]: 89 cb mov ebx, ecx 10624c23 [3]: 8b 4d 0c mov ecx, dword ptr ss:[ebp+0x0C] 10624c26 [2]: 31 e8 xor eax, ebp 10624c28 [4]: 89 44 24 70 mov dword ptr ss:[esp+0x70], eax 10624c2c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10624c31 [4]: 89 4c 24 08 mov dword ptr ss:[esp+0x08], ecx 10624c35 [2]: 23 01 and eax, dword ptr ds:[ecx] 10624c37 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10624c3a [5]: a1 7c 4b 99 14 mov eax, dword ptr ds:[0x14994B7C] 10624c3f [2]: 85 c0 test eax, eax 10624c41 [2]: 75 16 jnz 0x10624C59 -> 10624c59 10624c43 [5]: e8 38 31 55 00 call 0x10B77D80 -> 10b77d80 10624c48 [2]: 8b 10 mov edx, dword ptr ds:[eax] 10624c4a [2]: 89 c1 mov ecx, eax 10624c4c [5]: 68 29 1e e1 13 push 0x13E11E29 10624c51 [3]: ff 52 04 call dword ptr ds:[edx+0x04] 10624c54 [5]: a3 7c 4b 99 14 mov dword ptr ds:[0x14994B7C], eax 10624c59 [8]: c7 44 24 60 00 00 00 00 mov dword ptr ss:[esp+0x60], 0x00 10624c61 [3]: 83 c7 f0 add edi, 0xFFFFFFF0 10624c64 [3]: f6 00 05 test byte ptr ds:[eax], 0x05 10624c67 [2]: 74 10 jz 0x10624C79 -> 10624c79 10624c69 [4]: 8d 4c 24 5c lea ecx, ss:[esp+0x5C] 10624c6d [5]: 68 2c 1e e1 13 push 0x13E11E2C 10624c72 [1]: 50 push eax 10624c73 [1]: 57 push edi

' Process ID: 43956 │ INFO│ 00:34:51.695 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi

' Process ID: 43956 │ INFO│ 00:34:51.695 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 4ad6ad8 [1]: 55 push ebp 4ad6ad9 [2]: 89 e5 mov ebp, esp 4ad6adb [1]: 53 push ebx 4ad6adc [1]: 57 push edi 4ad6add [5]: e9 33 e1 b4 0b jmp 0x10624C15 -> 10624c15

' Process ID: 43956 │ INFO│ 00:34:51.695 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10624c10 [5]: e9 bb 4c 13 6b jmp 0x000000007b7598d0

' Process ID: 43956 │ INFO│ 00:34:51.696 │ 163:v8hook.cpp ┃ Hooked V8 Script Run with Context Succuess! Process ID: 37472 │ INFO│ 00:34:51.696 │ 20:bootstrap.cpp ┃ Enter Process : '37472' Process ID: 37472 │ INFO│ 00:34:51.696 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 37472 │ INFO│ 00:34:51.697 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp 764016c5 [1]: 5d pop ebp 764016c6 [6]: ff 25 20 12 46 76 jmp dword ptr ds:[0x76461220]

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 764016c0 [2]: 8b ff mov edi, edi 764016c2 [1]: 55 push ebp 764016c3 [2]: 8b ec mov ebp, esp

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 542c2c0 [2]: 8b ff mov edi, edi 542c2c2 [1]: 55 push ebp 542c2c3 [2]: 8b ec mov ebp, esp 542c2c5 [5]: e9 fb 53 fd 70 jmp 0x764016C5 -> 764016c5

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 764016c0 [5]: e9 cb 0d 34 05 jmp 0x000000007b742490

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp 763ff3a5 [1]: 5d pop ebp 763ff3a6 [6]: ff 25 f0 11 46 76 jmp dword ptr ds:[0x764611F0]

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 763ff3a0 [2]: 8b ff mov edi, edi 763ff3a2 [1]: 55 push ebp 763ff3a3 [2]: 8b ec mov ebp, esp

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 542c530 [2]: 8b ff mov edi, edi 542c532 [1]: 55 push ebp 542c533 [2]: 8b ec mov ebp, esp 542c535 [5]: e9 6b 2e fd 70 jmp 0x763FF3A5 -> 763ff3a5

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 763ff3a0 [5]: e9 eb 2f 34 05 jmp 0x000000007b742390

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp 76400bd5 [1]: 5d pop ebp 76400bd6 [6]: ff 25 1c 12 46 76 jmp dword ptr ds:[0x7646121C]

' Process ID: 37472 │ INFO│ 00:34:51.697 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76400bd0 [2]: 8b ff mov edi, edi 76400bd2 [1]: 55 push ebp 76400bd3 [2]: 8b ec mov ebp, esp

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 542c200 [2]: 8b ff mov edi, edi 542c202 [1]: 55 push ebp 542c203 [2]: 8b ec mov ebp, esp 542c205 [5]: e9 cb 49 fd 70 jmp 0x76400BD5 -> 76400bd5

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76400bd0 [5]: e9 fb 16 34 05 jmp 0x000000007b7422d0

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp 76401625 [1]: 5d pop ebp 76401626 [6]: ff 25 b8 11 46 76 jmp dword ptr ds:[0x764611B8]

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 76401620 [2]: 8b ff mov edi, edi 76401622 [1]: 55 push ebp 76401623 [2]: 8b ec mov ebp, esp

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 542c4d0 [2]: 8b ff mov edi, edi 542c4d2 [1]: 55 push ebp 542c4d3 [2]: 8b ec mov ebp, esp 542c4d5 [5]: e9 4b 51 fd 70 jmp 0x76401625 -> 76401625

' Process ID: 37472 │ INFO│ 00:34:51.698 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 76401620 [5]: e9 0b 0d 34 05 jmp 0x000000007b742330

' Process ID: 37472 │ INFO│ 00:34:51.764 │ 170:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi 10628135 [1]: 56 push esi 10628136 [3]: 83 ec 28 sub esp, 0x28 10628139 [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 1062813e [3]: 8b 5d 0c mov ebx, dword ptr ss:[ebp+0x0C] 10628141 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 10628144 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 10628147 [2]: 31 e8 xor eax, ebp 10628149 [3]: 89 45 f0 mov dword ptr ss:[ebp-0x10], eax 1062814c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10628151 [2]: 23 03 and eax, dword ptr ds:[ebx] 10628153 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 10628156 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 1062815c [2]: 31 c0 xor eax, eax 1062815e [2]: 85 c9 test ecx, ecx 10628160 [2]: 74 52 jz 0x106281B4 -> 106281b4 10628162 [3]: 8b 71 13 mov esi, dword ptr ds:[ecx+0x13] 10628165 [2]: 85 f6 test esi, esi 10628167 [2]: 74 4b jz 0x106281B4 -> 106281b4 10628169 [2]: 89 f0 mov eax, esi 1062816b [5]: 25 00 00 f8 ff and eax, 0xFFF80000 10628170 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10628173 [6]: 8b 8f a8 0f 00 00 mov ecx, dword ptr ds:[edi+0xFA8] 10628179 [2]: 85 c9 test ecx, ecx 1062817b [2]: 74 0c jz 0x10628189 -> 10628189 1062817d [1]: 56 push esi 1062817e [2]: 89 d6 mov esi, edx 10628180 [5]: e8 8b 27 2f 00 call 0x1091A910 -> 1091a910 10628185 [2]: 89 f2 mov edx, esi 10628187 [2]: eb 28 jmp 0x106281B1 -> 106281b1

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10628130 [1]: 55 push ebp 10628131 [2]: 89 e5 mov ebp, esp 10628133 [1]: 53 push ebx 10628134 [1]: 57 push edi

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5445408 [1]: 55 push ebp 5445409 [2]: 89 e5 mov ebp, esp 544540b [1]: 53 push ebx 544540c [1]: 57 push edi 544540d [5]: e9 23 2d 1e 0b jmp 0x10628135 -> 10628135

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10628130 [5]: e9 5b 13 13 6b jmp 0x000000007b759490

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 179:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 37472 │ INFO│ 00:34:51.765 │ 185:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi 106280a5 [1]: 56 push esi 106280a6 [3]: 8b 7d 0c mov edi, dword ptr ss:[ebp+0x0C] 106280a9 [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 106280ae [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 106280b1 [3]: 8b 55 10 mov edx, dword ptr ss:[ebp+0x10] 106280b4 [2]: 23 07 and eax, dword ptr ds:[edi] 106280b6 [3]: 8b 40 1c mov eax, dword ptr ds:[eax+0x1C] 106280b9 [6]: 8b 88 20 0f 00 00 mov ecx, dword ptr ds:[eax+0xF20] 106280bf [2]: 31 c0 xor eax, eax 106280c1 [2]: 85 c9 test ecx, ecx 106280c3 [2]: 74 52 jz 0x10628117 -> 10628117 106280c5 [3]: 8b 59 13 mov ebx, dword ptr ds:[ecx+0x13] 106280c8 [2]: 85 db test ebx, ebx 106280ca [2]: 74 4b jz 0x10628117 -> 10628117 106280cc [2]: 89 d8 mov eax, ebx 106280ce [5]: 25 00 00 f8 ff and eax, 0xFFF80000 106280d3 [3]: 8b 70 1c mov esi, dword ptr ds:[eax+0x1C] 106280d6 [6]: 8b 8e a8 0f 00 00 mov ecx, dword ptr ds:[esi+0xFA8] 106280dc [2]: 85 c9 test ecx, ecx 106280de [2]: 74 0c jz 0x106280EC -> 106280ec 106280e0 [1]: 53 push ebx 106280e1 [2]: 89 d6 mov esi, edx 106280e3 [5]: e8 28 28 2f 00 call 0x1091A910 -> 1091a910 106280e8 [2]: 89 f2 mov edx, esi 106280ea [2]: eb 28 jmp 0x10628114 -> 10628114

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106280a0 [1]: 55 push ebp 106280a1 [2]: 89 e5 mov ebp, esp 106280a3 [1]: 53 push ebx 106280a4 [1]: 57 push edi

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5445498 [1]: 55 push ebp 5445499 [2]: 89 e5 mov ebp, esp 544549b [1]: 53 push ebx 544549c [1]: 57 push edi 544549d [5]: e9 03 2c 1e 0b jmp 0x106280A5 -> 106280a5

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106280a0 [5]: e9 1b 16 13 6b jmp 0x000000007b7596c0

' Process ID: 37472 │ INFO│ 00:34:51.765 │ 194:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 37472 │ INFO│ 00:34:51.773 │ 95:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 37472 │ INFO│ 00:34:51.773 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90 1063a948 [5]: e8 53 b6 65 00 call 0x10C95FA0 -> 10c95fa0 1063a94d [2]: b0 01 mov al, 0x01 1063a94f [1]: 5d pop ebp 1063a950 [1]: c3 ret ret

' Process ID: 37472 │ INFO│ 00:34:51.773 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1063a940 [1]: 55 push ebp 1063a941 [2]: 89 e5 mov ebp, esp 1063a943 [5]: e8 48 41 54 00 call 0x10B7EA90 -> 10b7ea90

' Process ID: 37472 │ INFO│ 00:34:51.773 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5445198 [1]: 55 push ebp 5445199 [2]: 89 e5 mov ebp, esp 544519b [5]: e8 f0 98 73 0b call 0x10B7EA90 -> 10b7ea90 54451a0 [5]: e9 a3 57 1f 0b jmp 0x1063A948 -> 1063a948

' Process ID: 37472 │ INFO│ 00:34:51.773 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1063a940 [5]: e9 4b e9 11 6b jmp 0x000000007b759290

' Process ID: 37472 │ INFO│ 00:34:51.773 │ 104:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 37472 │ INFO│ 00:34:51.778 │ 124:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 1061e9d7 [3]: ff 75 20 push dword ptr ss:[ebp+0x20] 1061e9da [3]: ff 75 1c push dword ptr ss:[ebp+0x1C] 1061e9dd [2]: 6a 00 push 0x00 1061e9df [3]: ff 75 18 push dword ptr ss:[ebp+0x18] 1061e9e2 [3]: ff 75 14 push dword ptr ss:[ebp+0x14] 1061e9e5 [3]: ff 75 10 push dword ptr ss:[ebp+0x10] 1061e9e8 [3]: ff 75 0c push dword ptr ss:[ebp+0x0C] 1061e9eb [1]: 56 push esi 1061e9ec [5]: e8 4f c0 01 00 call 0x1063AA40 -> 1063aa40 1061e9f1 [3]: 83 c4 20 add esp, 0x20 1061e9f4 [2]: 89 f0 mov eax, esi 1061e9f6 [1]: 5e pop esi 1061e9f7 [1]: 5d pop ebp 1061e9f8 [1]: c3 ret ret

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 1061e9d0 [1]: 55 push ebp 1061e9d1 [2]: 89 e5 mov ebp, esp 1061e9d3 [1]: 56 push esi 1061e9d4 [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08]

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 54451c8 [1]: 55 push ebp 54451c9 [2]: 89 e5 mov ebp, esp 54451cb [1]: 56 push esi 54451cc [3]: 8b 75 08 mov esi, dword ptr ss:[ebp+0x08] 54451cf [5]: e9 03 98 1d 0b jmp 0x1061E9D7 -> 1061e9d7

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 1061e9d0 [5]: e9 8b a7 13 6b jmp 0x000000007b759160

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 133:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 37472 │ INFO│ 00:34:51.778 │ 110:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi 106473d5 [3]: 8b 7d 08 mov edi, dword ptr ss:[ebp+0x08] 106473d8 [5]: 68 f8 42 00 00 push 0x42F8 106473dd [5]: e8 b4 f6 65 03 call 0x13CA6A96 -> 13ca6a96 106473e2 [3]: 83 c4 04 add esp, 0x04 106473e5 [2]: 89 c6 mov esi, eax 106473e7 [2]: 89 f1 mov ecx, esi 106473e9 [2]: 6a 00 push 0x00 106473eb [5]: e8 d0 1b 37 00 call 0x109B8FC0 -> 109b8fc0 106473f0 [1]: 57 push edi 106473f1 [1]: 56 push esi 106473f2 [5]: e8 09 00 00 00 call 0x10647400 -> 10647400 106473f7 [3]: 83 c4 08 add esp, 0x08 106473fa [1]: 5e pop esi 106473fb [1]: 5f pop edi 106473fc [1]: 5d pop ebp 106473fd [1]: c3 ret ret

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 106473d0 [1]: 55 push ebp 106473d1 [2]: 89 e5 mov ebp, esp 106473d3 [1]: 57 push edi 106473d4 [1]: 56 push esi

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5445258 [1]: 55 push ebp 5445259 [2]: 89 e5 mov ebp, esp 544525b [1]: 57 push edi 544525c [1]: 56 push esi 544525d [5]: e9 73 21 20 0b jmp 0x106473D5 -> 106473d5

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 106473d0 [5]: e9 bb 1f 11 6b jmp 0x000000007b759390

' Process ID: 37472 │ INFO│ 00:34:51.778 │ 119:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 37472 │ INFO│ 00:34:51.783 │ 154:v8hook.cpp ┃ Found v8::Script::Run with Context at address 274877456 Process ID: 37472 │ INFO│ 00:34:51.783 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Original function: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi 10624c15 [1]: 56 push esi 10624c16 [3]: 83 e4 f8 and esp, 0xFFFFFFF8 10624c19 [3]: 83 ec 78 sub esp, 0x78 10624c1c [5]: a1 64 87 98 14 mov eax, dword ptr ds:[0x14988764] 10624c21 [2]: 89 cb mov ebx, ecx 10624c23 [3]: 8b 4d 0c mov ecx, dword ptr ss:[ebp+0x0C] 10624c26 [2]: 31 e8 xor eax, ebp 10624c28 [4]: 89 44 24 70 mov dword ptr ss:[esp+0x70], eax 10624c2c [5]: b8 00 00 f8 ff mov eax, 0xFFF80000 10624c31 [4]: 89 4c 24 08 mov dword ptr ss:[esp+0x08], ecx 10624c35 [2]: 23 01 and eax, dword ptr ds:[ecx] 10624c37 [3]: 8b 78 1c mov edi, dword ptr ds:[eax+0x1C] 10624c3a [5]: a1 7c 4b 99 14 mov eax, dword ptr ds:[0x14994B7C] 10624c3f [2]: 85 c0 test eax, eax 10624c41 [2]: 75 16 jnz 0x10624C59 -> 10624c59 10624c43 [5]: e8 38 31 55 00 call 0x10B77D80 -> 10b77d80 10624c48 [2]: 8b 10 mov edx, dword ptr ds:[eax] 10624c4a [2]: 89 c1 mov ecx, eax 10624c4c [5]: 68 29 1e e1 13 push 0x13E11E29 10624c51 [3]: ff 52 04 call dword ptr ds:[edx+0x04] 10624c54 [5]: a3 7c 4b 99 14 mov dword ptr ds:[0x14994B7C], eax 10624c59 [8]: c7 44 24 60 00 00 00 00 mov dword ptr ss:[esp+0x60], 0x00 10624c61 [3]: 83 c7 f0 add edi, 0xFFFFFFF0 10624c64 [3]: f6 00 05 test byte ptr ds:[eax], 0x05 10624c67 [2]: 74 10 jz 0x10624C79 -> 10624c79 10624c69 [4]: 8d 4c 24 5c lea ecx, ss:[esp+0x5C] 10624c6d [5]: 68 2c 1e e1 13 push 0x13E11E2C 10624c72 [1]: 50 push eax 10624c73 [1]: 57 push edi

' Process ID: 37472 │ INFO│ 00:34:51.784 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Prologue to overwrite: 10624c10 [1]: 55 push ebp 10624c11 [2]: 89 e5 mov ebp, esp 10624c13 [1]: 53 push ebx 10624c14 [1]: 57 push edi

' Process ID: 37472 │ INFO│ 00:34:51.784 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Trampoline: 5445468 [1]: 55 push ebp 5445469 [2]: 89 e5 mov ebp, esp 544546b [1]: 53 push ebx 544546c [1]: 57 push edi 544546d [5]: e9 a3 f7 1d 0b jmp 0x10624C15 -> 10624c15

' Process ID: 37472 │ INFO│ 00:34:51.784 │ 10:polyLogger.cpp ┃ PolyLoggerMSG : 'Hook instructions: 10624c10 [5]: e9 bb 4c 13 6b jmp 0x000000007b7598d0

' Process ID: 37472 │ INFO│ 00:34:51.784 │ 163:v8hook.cpp ┃ Hooked V8 Script Run with Context Succuess! Process ID: 37472 │ INFO│ 00:34:51.815 │ 27:v8hook.cpp ┃ V8Hook : V8 Initialize Process ID: 37472 │ INFO│ 00:34:51.815 │ 36:v8hook.cpp ┃ V8Hook :New V8 Isolate Process ID: 37472 │ INFO│ 00:34:51.835 │ 44:v8hook.cpp ┃ V8Hook :New V8 Context Process ID: 37472 │ INFO│ 00:34:51.839 │ 44:v8hook.cpp ┃ V8Hook :New V8 Context Process ID: 37472 │ INFO│ 00:34:51.842 │ 60:v8hook.cpp ┃ V8Hook :Run V8 Script with Context

[bbsuuo]

include "v8hook.h"

include "logger.h"

include "utill.h"

include "polyhook2/Detour/x86Detour.hpp"

namespace ts::v8hook { std::unique_ptr detourV8Init; std::unique_ptr detourV8IsolateNew; std::unique_ptr detourV8ContextNew; std::unique_ptr detourV8ScriptRun; std::unique_ptr detourV8ScriptRunWithContext; std::unique_ptr detourV8ScriptCompile; std::unique_ptr detourV8ScriptCompileWithOrigin; std::unique_ptr detourV8ScriptCompileWithContextAndOrigin;

uint64_t TrampolineV8Initialize;
uint64_t TrampolineV8IsolateNew;
uint64_t TrampolineV8ContextNew;
uint64_t TrampolineV8ScriptRun;
uint64_t TrampolineV8ScriptRunWithContext;
uint64_t TrampolineV8ScriptCompile;
uint64_t TrampolineV8ScriptCompileWithOrigin;
uint64_t TrampolineV8ScriptCompileWithContextAndOrigin;

//check done
bool HookV8Initialize() {
    LOG_INFO("V8Hook : V8 Initialize");
    typedef bool(*InitializeFnType)();
    InitializeFnType initializeFn = reinterpret_cast<InitializeFnType>(TrampolineV8Initialize);
    return initializeFn();
}

//check done
void* HookV8IsolateNew(void* params)
{
    LOG_INFO("V8Hook :New V8 Isolate");
    typedef void* (*NewFunc)(void*);
    NewFunc newFunc = reinterpret_cast<NewFunc>(TrampolineV8IsolateNew);
    return newFunc(params);
}

//check done
void* HookV8ContextNew(void* isolate, void* extensionConfiguration, void* maybeLocalObjectTemplate, void* maybeLocalValue, void* deserializeInternalFieldsCallback) {
    LOG_INFO("V8Hook :New V8 Context");
    typedef void* (*NewFunc)(void*, void*, void*, void*, void*);
    NewFunc newFunc = reinterpret_cast<NewFunc>(TrampolineV8ContextNew);
    return newFunc(isolate, extensionConfiguration, maybeLocalObjectTemplate, maybeLocalValue, deserializeInternalFieldsCallback);
}

//check done
void* HookV8ScriptRun(void* thisPointer) {
    LOG_INFO("V8Hook :Run V8 Script");
    typedef void* (*RunFunc)(void*);
    RunFunc runFunc = reinterpret_cast<RunFunc>(TrampolineV8ScriptRun);
    return runFunc(thisPointer);
}

//'public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)'
void* HookV8ScriptRunWithContext(void* thisPointer, void* content) {
    LOG_INFO("V8Hook :Run V8 Script with Context");
    typedef void* (*RunFuncWithContext)(void*,void*);
    RunFuncWithContext runFunc = reinterpret_cast<RunFuncWithContext>(TrampolineV8ScriptRunWithContext);
    return runFunc(thisPointer, content);
}
//public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)
void* HookV8ScriptCompile(void* string1, void* string2) {
    LOG_INFO("V8Hook :Compile V8 Script");
    typedef void* (*CompileFunc)(void*, void*);
    CompileFunc compileFunc = reinterpret_cast<CompileFunc>(TrampolineV8ScriptCompile);
    return compileFunc(string1, string2);
}
//public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)
void* HookV8ScriptCompileWithOrigin(void* string, void* scriptOrigin) {
    LOG_INFO("V8Hook :Compile V8 Script with Origin");
    typedef void* (*CompileFuncWithOrigin)(void*, void*);
    CompileFuncWithOrigin compileFunc = reinterpret_cast<CompileFuncWithOrigin>(TrampolineV8ScriptCompileWithOrigin);
    return compileFunc(string, scriptOrigin);
}

//check done
//public: static class v8::MaybeLocal<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::Context>,class v8::Local<class v8::String>,class v8::ScriptOrigin *)
void* HookV8ScriptCompileWithContextAndOrigin(void* context, void* string, void* scriptOrigin) {
    LOG_INFO("V8Hook :Compile V8 Script with Context and Origin");
    try {
        typedef void* (*CompileFuncWithContextAndOrigin)(void*, void*, void*);
        CompileFuncWithContextAndOrigin compileFunc = reinterpret_cast<CompileFuncWithContextAndOrigin>(TrampolineV8ScriptCompileWithContextAndOrigin);
        LOG_INFO("V8Hook :Try Return");
        return compileFunc(context, string, scriptOrigin);
    }
    catch (const Exception& e) 
    {
        LOG_ERROR(R"(V8 Hook ERROR: '{}')",e.what());
    }

    LOG_ERROR("V8Hook :An error occurred in HookV8ScriptCompileWithContextAndOrigin");
    throw std::runtime_error("An error occurred in HookV8ScriptCompileWithContextAndOrigin");
}

void checkFunctionAndHooking(const std::string& undecoratedName, DWORD functionAddress)
{
    if (undecoratedName == "public: static bool __cdecl v8::V8::Initialize(void)") {
        LOG_INFO("Found v8::V8::Initialize at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8Init = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8Initialize, &TrampolineV8Initialize);

        if (!detourV8Init->hook())
        {
            LOG_WARN("V8 Initialize Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Succuess!");
        }
    }

    //v8::Isolate::New 'public: static class v8::Isolate * __cdecl v8::Isolate::New(struct v8::Isolate::CreateParams const &)' MangleName : '?New@Isolate@v8@@SAPAV12@ABUCreateParams@12@@Z' ,Address '263746512'
    else if (undecoratedName == "public: static class v8::Isolate * __cdecl v8::Isolate::New(struct v8::Isolate::CreateParams const &)") {
        LOG_INFO("Found v8::Isolate::New at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8IsolateNew = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8IsolateNew, &TrampolineV8IsolateNew);

        if (!detourV8IsolateNew->hook())
        {
            LOG_WARN("V8 Isolate New Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Isolate New Succuess!");
        }
    }
    //v8::Context::New  'public: static class v8::Local<class v8::Context> __cdecl v8::Context::New(class v8::Isolate *,class v8::ExtensionConfiguration *,class v8::MaybeLocal<class v8::ObjectTemplate>,class v8::MaybeLocal<class v8::Value>,struct v8::DeserializeInternalFieldsCallback)' MangleName : '?New@Context@v8@@SA?AV?$Local@VContext@v8@@@2@PAVIsolate@2@PAVExtensionConfiguration@2@V?$MaybeLocal@VObjectTemplate@v8@@@2@V?$MaybeLocal@VValue@v8@@@2@UDeserializeInternalFieldsCallback@2@@Z' ,Address '263580112'
    else if (undecoratedName == "public: static class v8::Local<class v8::Context> __cdecl v8::Context::New(class v8::Isolate *,class v8::ExtensionConfiguration *,class v8::MaybeLocal<class v8::ObjectTemplate>,class v8::MaybeLocal<class v8::Value>,struct v8::DeserializeInternalFieldsCallback)") {
        LOG_INFO("Found v8::Context::New at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ContextNew = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ContextNew, &TrampolineV8ContextNew);

        if (!detourV8ContextNew->hook())
        {
            LOG_WARN("V8 Context New Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Context New Succuess!");
        }
    }
    //: 'public: class v8::Local<class v8::Value> __thiscall v8::Script::Run(void)'
    else if (undecoratedName == "public: class v8::Local<class v8::Value> __thiscall v8::Script::Run(void)") 
    {
        //Crash
        //LOG_INFO("Found v8::Script::Run at address {}", ts::utill::dword_to_string(functionAddress));
        //detourV8ScriptRun = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptRun, &TrampolineV8ScriptRun);

        //if (!detourV8ScriptRun->hook())
        //{
        //  LOG_WARN("V8 Script Run Hook Failure");
        //}
        //else
        //{
        //  LOG_INFO("Hooked V8 Script Run Succuess!");
        //}     
    }
    //'public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)'
    else if (undecoratedName == "public: class v8::MaybeLocal<class v8::Value> __thiscall v8::Script::Run(class v8::Local<class v8::Context>)") 
    {
        //Crash
        //LOG_INFO("Found v8::Script::Run with Context at address {}", ts::utill::dword_to_string(functionAddress));
        //detourV8ScriptRunWithContext = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptRunWithContext, &TrampolineV8ScriptRunWithContext);

        //if (!detourV8ScriptRunWithContext->hook())
        //{
        //  LOG_WARN("V8 Script Run with Context Hook Failure");
        //}
        //else
        //{
        //  LOG_INFO("Hooked V8 Script Run with Context Succuess!");
        //}
    }
    //public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)
    else if (undecoratedName == "public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::Local<class v8::String>)")
    {
        //check down
        LOG_INFO("Found v8::Script::Compile at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompile = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompile, &TrampolineV8ScriptCompile);

        if (!detourV8ScriptCompile->hook())
        {
            LOG_WARN("V8 Script Compile Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile Succuess!");
        }   
    }
    //public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)
    else if (undecoratedName == "public: static class v8::Local<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::String>,class v8::ScriptOrigin *)") 
    {
        LOG_INFO("Found v8::Script::Compile with Origin at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompileWithOrigin = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompileWithOrigin, &TrampolineV8ScriptCompileWithOrigin);

        if (!detourV8ScriptCompileWithOrigin->hook())
        {
            LOG_WARN("V8 Script Compile with Origin Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile with Origin Succuess!");
        }

    }
    else if (undecoratedName == "public: static class v8::MaybeLocal<class v8::Script> __cdecl v8::Script::Compile(class v8::Local<class v8::Context>,class v8::Local<class v8::String>,class v8::ScriptOrigin *)")
    {
        //Crash
        LOG_INFO("Found v8::Script::Compile with Context and Origin at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompileWithContextAndOrigin = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompileWithContextAndOrigin, &TrampolineV8ScriptCompileWithContextAndOrigin);
        if (!detourV8ScriptCompileWithContextAndOrigin->hook())
        {
            LOG_WARN("V8 Script Compile with ContextAndOrigin Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile with ContextAndOrigin Succuess!");
        }

    }
}

} it's code I have reset some debug information, first I make sure that crashes only occur when the detourV8ScriptCompileWithContextAndOrigin hook is deployed.

Then, we can see in the logs that this hook has taken effect and generated some log information. │ 22:10:32.628 │ 83:v8hook.cpp ┃ V8Hook :Compile V8 Script with Context and Origin Process ID: 36236 │ INFO│ 22:10:32.628 │ 87:v8hook.cpp ┃ V8Hook :Try Return

I found that the program did not crash, it just keeps running in the background. I can find it through the task manager. It seems that there is some problem with the original method execution, which caused it not to be called correctly.

Process ID: 30228 │ INFO│ 22:10:32.078 │ 20:bootstrap.cpp ┃ Enter Process : '30228' Process ID: 30228 │ INFO│ 22:10:32.078 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 30228 │ INFO│ 22:10:32.078 │ 24:bootstrap.cpp ┃ First Process : '30228' Process ID: 30228 │ INFO│ 22:10:32.078 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 30228 │ INFO│ 22:10:32.128 │ 182:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 30228 │ INFO│ 22:10:32.129 │ 191:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 30228 │ INFO│ 22:10:32.129 │ 197:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 30228 │ INFO│ 22:10:32.129 │ 206:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 30228 │ INFO│ 22:10:32.129 │ 213:v8hook.cpp ┃ Found v8::Script::Compile with Context and Origin at address 274890720 Process ID: 30228 │ INFO│ 22:10:32.129 │ 221:v8hook.cpp ┃ Hooked V8 Script Compile with ContextAndOrigin Succuess! Process ID: 30228 │ INFO│ 22:10:32.134 │ 105:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 30228 │ INFO│ 22:10:32.134 │ 114:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 30228 │ INFO│ 22:10:32.136 │ 134:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 30228 │ INFO│ 22:10:32.137 │ 143:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 30228 │ INFO│ 22:10:32.137 │ 120:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 30228 │ INFO│ 22:10:32.137 │ 129:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 27960 │ INFO│ 22:10:32.187 │ 20:bootstrap.cpp ┃ Enter Process : '27960' Process ID: 27960 │ INFO│ 22:10:32.187 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 27960 │ INFO│ 22:10:32.188 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 36040 │ INFO│ 22:10:32.371 │ 20:bootstrap.cpp ┃ Enter Process : '36040' Process ID: 36040 │ INFO│ 22:10:32.371 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 36040 │ INFO│ 22:10:32.372 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 36040 │ INFO│ 22:10:32.450 │ 182:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 36040 │ INFO│ 22:10:32.450 │ 191:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 36040 │ INFO│ 22:10:32.451 │ 197:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 36040 │ INFO│ 22:10:32.451 │ 206:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 36040 │ INFO│ 22:10:32.452 │ 213:v8hook.cpp ┃ Found v8::Script::Compile with Context and Origin at address 274890720 Process ID: 36040 │ INFO│ 22:10:32.452 │ 221:v8hook.cpp ┃ Hooked V8 Script Compile with ContextAndOrigin Succuess! Process ID: 36040 │ INFO│ 22:10:32.462 │ 105:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 36040 │ INFO│ 22:10:32.462 │ 114:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 36040 │ INFO│ 22:10:32.466 │ 134:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 36040 │ INFO│ 22:10:32.467 │ 143:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 36040 │ INFO│ 22:10:32.467 │ 120:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 36040 │ INFO│ 22:10:32.467 │ 129:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 36236 │ INFO│ 22:10:32.501 │ 20:bootstrap.cpp ┃ Enter Process : '36236' Process ID: 36236 │ INFO│ 22:10:32.501 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 36236 │ INFO│ 22:10:32.501 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 36236 │ INFO│ 22:10:32.552 │ 182:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 36236 │ INFO│ 22:10:32.552 │ 191:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 36236 │ INFO│ 22:10:32.552 │ 197:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 36236 │ INFO│ 22:10:32.552 │ 206:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 36236 │ INFO│ 22:10:32.552 │ 213:v8hook.cpp ┃ Found v8::Script::Compile with Context and Origin at address 274890720 Process ID: 36236 │ INFO│ 22:10:32.553 │ 221:v8hook.cpp ┃ Hooked V8 Script Compile with ContextAndOrigin Succuess! Process ID: 36236 │ INFO│ 22:10:32.559 │ 105:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 36236 │ INFO│ 22:10:32.559 │ 114:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 36236 │ INFO│ 22:10:32.562 │ 134:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 36236 │ INFO│ 22:10:32.562 │ 143:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 36236 │ INFO│ 22:10:32.562 │ 120:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 36236 │ INFO│ 22:10:32.563 │ 129:v8hook.cpp ┃ Hooked V8 Isolate New Succuess! Process ID: 36236 │ INFO│ 22:10:32.599 │ 27:v8hook.cpp ┃ V8Hook : V8 Initialize Process ID: 36236 │ INFO│ 22:10:32.599 │ 36:v8hook.cpp ┃ V8Hook :New V8 Isolate Process ID: 36236 │ INFO│ 22:10:32.622 │ 44:v8hook.cpp ┃ V8Hook :New V8 Context Process ID: 36236 │ INFO│ 22:10:32.626 │ 44:v8hook.cpp ┃ V8Hook :New V8 Context Process ID: 36236 │ INFO│ 22:10:32.628 │ 83:v8hook.cpp ┃ V8Hook :Compile V8 Script with Context and Origin Process ID: 36236 │ INFO│ 22:10:32.628 │ 87:v8hook.cpp ┃ V8Hook :Try Return Process ID: 45716 │ INFO│ 22:11:17.441 │ 20:bootstrap.cpp ┃ Enter Process : '45716' Process ID: 45716 │ INFO│ 22:11:17.441 │ 21:bootstrap.cpp ┃ ModuleDirectory : 'S:\测试用\f-2' Process ID: 45716 │ INFO│ 22:11:17.442 │ 86:hook.cpp ┃ Hooking LoadLibrary and LoadLibraryEx Functions Process ID: 45716 │ INFO│ 22:11:17.491 │ 182:v8hook.cpp ┃ Found v8::Script::Compile at address 274891056 Process ID: 45716 │ INFO│ 22:11:17.492 │ 191:v8hook.cpp ┃ Hooked V8 Script Compile Succuess! Process ID: 45716 │ INFO│ 22:11:17.492 │ 197:v8hook.cpp ┃ Found v8::Script::Compile with Origin at address 274890912 Process ID: 45716 │ INFO│ 22:11:17.492 │ 206:v8hook.cpp ┃ Hooked V8 Script Compile with Origin Succuess! Process ID: 45716 │ INFO│ 22:11:17.492 │ 213:v8hook.cpp ┃ Found v8::Script::Compile with Context and Origin at address 274890720 Process ID: 45716 │ INFO│ 22:11:17.492 │ 221:v8hook.cpp ┃ Hooked V8 Script Compile with ContextAndOrigin Succuess! Process ID: 45716 │ INFO│ 22:11:17.496 │ 105:v8hook.cpp ┃ Found v8::V8::Initialize at address 274966848 Process ID: 45716 │ INFO│ 22:11:17.497 │ 114:v8hook.cpp ┃ Hooked V8 Succuess! Process ID: 45716 │ INFO│ 22:11:17.499 │ 134:v8hook.cpp ┃ Found v8::Context::New at address 274852304 Process ID: 45716 │ INFO│ 22:11:17.499 │ 143:v8hook.cpp ┃ Hooked V8 Context New Succuess! Process ID: 45716 │ INFO│ 22:11:17.500 │ 120:v8hook.cpp ┃ Found v8::Isolate::New at address 275018704 Process ID: 45716 │ INFO│ 22:11:17.500 │ 129:v8hook.cpp ┃ Hooked V8 Isolate New Succuess!

If I comment out these codes, the program can run normally and will not crash.

        LOG_INFO("Found v8::Script::Compile with Context and Origin at address {}", ts::utill::dword_to_string(functionAddress));
        detourV8ScriptCompileWithContextAndOrigin = std::make_unique<PLH::x86Detour>(functionAddress, (uint64_t)HookV8ScriptCompileWithContextAndOrigin, &TrampolineV8ScriptCompileWithContextAndOrigin);
        if (!detourV8ScriptCompileWithContextAndOrigin->hook())
        {
            LOG_WARN("V8 Script Compile with ContextAndOrigin Hook Failure");
        }
        else
        {
            LOG_INFO("Hooked V8 Script Compile with ContextAndOrigin Succuess!");
        }

what exactly is the problem?

[bbsuuo]

i try debug code , and the error is : 0x10628006 (nw.dll)处(位于 Game.exe 中)引发的异常: 0xC0000005: 读取位置 0x823CB82A 时发生访问冲突 code : return compileFunc(context, string, scriptOrigin);

[bbsuuo]

fine, I understand where the problem lies. It's a silly issue, to put it simply, I can't use void* to represent a certain type, unless this method does not call the passed-in parameters, otherwise, if there is a type error, a memory conflict error will occur