|
|
|
|
|
|
|
|
|
|
|
_loop original: |
|
|
|
|
|
00007FFF7CAE978C | 48 89 C8 | mov rax,rcx | |
|
|
|
|
|
00007FFF7CAE978F | 48 F7 E1 | mul rcx | |
|
|
|
|
|
00007FFF7CAE9792 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9793 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9794 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | |
|
|
|
|
|
00007FFF7CAE9797 | C3 | ret | |
|
|
|
|
|
|
|
|
|
|
|
_loop hooked: |
|
|
|
|
|
00007FFF7CAE978C | E9 0F 69 23 00 | jmp <MHook_Hooks::hookLoop> | |
|
|
|
|
|
00007FFF7CAE9791 | E1 90 | loope test_cases.7FFF7CAE9723 | |
|
|
|
|
|
00007FFF7CAE9793 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9794 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | |
|
|
|
|
|
00007FFF7CAE9797 | C3 | ret | |
|
|
|
|
|
|
|
|
|
|
|
trampoline: |
|
|
|
|
|
00007FFF7CD200C0 | 48 89 C8 | mov rax,rcx | |
|
|
|
|
|
00007FFF7CD200C3 | 48 F7 E1 | mul rcx | |
|
|
|
|
|
00007FFF7CD200C6 | E9 C7 96 DC FF | jmp test_cases.7FFF7CAE9792 | |
|
|
|
|
|
|
|
|
|
|
|
then executes: |
|
|
|
|
|
00007FFF7CAE9792 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9793 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9794 | 90 | nop | |
|
|
|
|
|
00007FFF7CAE9795 | E2 F8 | loop test_cases.7FFF7CAE978F | |
|
|
|
|
|
|
|
|
|
|
|
But that jumps back into the middle of the jump and thus executes: |
|
|
|
|
|
00007FFF7CAE978F | 23 00 | and eax,dword ptr ds:[rax] | |
|
|
|
|
|
00007FFF7CAE9791 | E1 90 | loope test_cases.7FFF7CAE9723 | |