-
-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add x86HotpatchDetour #204
base: master
Are you sure you want to change the base?
Conversation
- use normal variable for non-options - apply force param to cache entry - separate zydis and zycore options - disable doxygen by default
This is two level of trampoline, the first level is short jump to the align area between functions, then the next level put 5-byte jump to user provided callback. This method requires we recognize consecutive no-op instructions and the end point of the previous function correctly. It is especially useful to hook empty functions with just 'rep ret'. You cannot hook them using x86Detour and EATHook doesn't work well on direct call from the lib itself. Signed-off-by: Syrone Wong <[email protected]>
I like adding support for hot patch, and this implementation would be compatible with Microsofts official hot patch https://devblogs.microsoft.com/oldnewthing/20110921-00/?p=9583 for both when there is a mov edi, edi or just a two byte instruction used like for x64. Your original issue is a good example motivator. Having hot patch as a third type of class is not ideal. Ideally this would be a hooking scheme implemented by both x86 detour and x64 detour. You can see how x64 detour already constrains trampoline allocation and rewriting schemes as an example. Can you consider taking what you have and implementing it like that so that there is no third class. Additional unused class fields are acceptable if the class supports multiple hooking schemes, but should be kept as minimal as possible of course. |
Sorry but my intention to implement the new method is to hook empty functions like I stated in #202 , I'm not very interested in implementing the microsoft way. |
Your implementation already is compatible with Microsofts way. What I mean is putting the logic of x86detourhotpstch into the x86detour class directly. If a small/empty function is detected your logic would execute otherwise it would hook as normal with the existing logic. |
Will try to merge these two classes when having free time. |
any updates here, guys...? |
Sorry. I'm pretty busy on projects... |
@greenozon would love help if you can contribute |
This implements #202
This is two level of trampoline, the first level is short jump to the align area between functions, then the next level
put 5-byte jump to user provided callback.
This method requires we recognize consecutive no-op instructions and the end point of the previous function correctly.
It is especially useful to hook empty functions with just 'rep ret'.
You cannot hook them using x86Detour and EATHook doesn't work well on direct call from the lib itself.