wacked
/
hook_tests
Прати 1
Волим 0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 Комити
1 Грана
Дрво: 01e918c819
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '01e918c819'
${ noResults }
hook_tests/mhook.txt

mhook.txt 2.0KB
Датотека Normal View Историја

mhook can't hook _loop ;)
пре 6 година
 12345678910111213141516171819202122232425262728293031 
  1. _loop original:

  2. 00007FFF7CAE978C | 48 89 C8                 | mov rax,rcx                             |

  3. 00007FFF7CAE978F | 48 F7 E1                 | mul rcx                                 |

  4. 00007FFF7CAE9792 | 90                       | nop                                     |

  5. 00007FFF7CAE9793 | 90                       | nop                                     |

  6. 00007FFF7CAE9794 | 90                       | nop                                     |

  7. 00007FFF7CAE9795 | E2 F8                    | loop test_cases.7FFF7CAE978F            |

  8. 00007FFF7CAE9797 | C3                       | ret                                     |

  9. 

  10. _loop hooked:

  11. 00007FFF7CAE978C | E9 0F 69 23 00           | jmp <MHook_Hooks::hookLoop>             |

  12. 00007FFF7CAE9791 | E1 90                    | loope test_cases.7FFF7CAE9723           |

  13. 00007FFF7CAE9793 | 90                       | nop                                     |

  14. 00007FFF7CAE9794 | 90                       | nop                                     |

  15. 00007FFF7CAE9795 | E2 F8                    | loop test_cases.7FFF7CAE978F            |

  16. 00007FFF7CAE9797 | C3                       | ret                                     |

  17. 

  18. trampoline:

  19. 00007FFF7CD200C0 | 48 89 C8                 | mov rax,rcx                             |

  20. 00007FFF7CD200C3 | 48 F7 E1                 | mul rcx                                 |

  21. 00007FFF7CD200C6 | E9 C7 96 DC FF           | jmp test_cases.7FFF7CAE9792             |

  22. 

  23. then executes:

  24. 00007FFF7CAE9792 | 90                       | nop                                     |

  25. 00007FFF7CAE9793 | 90                       | nop                                     |

  26. 00007FFF7CAE9794 | 90                       | nop                                     |

  27. 00007FFF7CAE9795 | E2 F8                    | loop test_cases.7FFF7CAE978F            |

  28. 

  29. But that jumps back into the middle of the jump and thus executes:

  30. 00007FFF7CAE978F | 23 00                    | and eax,dword ptr ds:[rax]              |

  31. 00007FFF7CAE9791 | E1 90                    | loope test_cases.7FFF7CAE9723           |