diff --git a/mhook.txt b/mhook.txt new file mode 100644 index 0000000..b95a7b3 --- /dev/null +++ b/mhook.txt @@ -0,0 +1,31 @@ +_loop original: +00007FFF7CAE978C | 48 89 C8 | mov rax,rcx | +00007FFF7CAE978F | 48 F7 E1 | mul rcx | +00007FFF7CAE9792 | 90 | nop | +00007FFF7CAE9793 | 90 | nop | +00007FFF7CAE9794 | 90 | nop | +00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | +00007FFF7CAE9797 | C3 | ret | + +_loop hooked: +00007FFF7CAE978C | E9 0F 69 23 00 | jmp | +00007FFF7CAE9791 | E1 90 | loope test_cases.7FFF7CAE9723 | +00007FFF7CAE9793 | 90 | nop | +00007FFF7CAE9794 | 90 | nop | +00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | +00007FFF7CAE9797 | C3 | ret | + +trampoline: +00007FFF7CD200C0 | 48 89 C8 | mov rax,rcx | +00007FFF7CD200C3 | 48 F7 E1 | mul rcx | +00007FFF7CD200C6 | E9 C7 96 DC FF | jmp test_cases.7FFF7CAE9792 | + +then executes: +00007FFF7CAE9792 | 90 | nop | +00007FFF7CAE9793 | 90 | nop | +00007FFF7CAE9794 | 90 | nop | +00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | + +But that jumps back into the middle of the jump and thus executes: +00007FFF7CAE978F | 23 00 | and eax,dword ptr ds:[rax] | +00007FFF7CAE9791 | E1 90 | loope test_cases.7FFF7CAE9723 | diff --git a/tester/mhook.cpp b/tester/mhook.cpp index ccba903..0dca34e 100644 --- a/tester/mhook.cpp +++ b/tester/mhook.cpp @@ -69,7 +69,7 @@ bool MHook::hook_all(void) { ret |= Mhook_SetHook((PVOID*)&trueAVX, &MHook_Hooks::hookAVX); ret |= Mhook_SetHook((PVOID*)&trueRDRAND, &MHook_Hooks::hookRDRAND); - ret |= Mhook_SetHook((PVOID*)&trueLoop, &MHook_Hooks::hookLoop); + //ret |= Mhook_SetHook((PVOID*)&trueLoop, &MHook_Hooks::hookLoop); ret |= Mhook_SetHook((PVOID*)&trueTailRecursion, &MHook_Hooks::hookTail_recursion); return ret; @@ -80,6 +80,6 @@ bool MHook::unhook_all() { Mhook_Unhook((PVOID*)&trueBranch) && Mhook_Unhook((PVOID*)&trueAVX) && Mhook_Unhook((PVOID*)&trueRDRAND) && - Mhook_Unhook((PVOID*)&trueLoop) && + //Mhook_Unhook((PVOID*)&trueLoop) && Mhook_Unhook((PVOID*)&trueTailRecursion); } \ No newline at end of file