diff options
| author | Alex Marsev <alex.marsev@gmail.com> | 2013-07-22 23:56:14 +0400 |
|---|---|---|
| committer | Alex Marsev <alex.marsev@gmail.com> | 2013-08-10 22:44:56 +0400 |
| commit | 1b826e7a56671c3b8ed0ee827bc2186700a3a952 (patch) | |
| tree | bbdf325177eb9ee05c85f111af5894c137ef974f /src/thirdparty/mhook | |
| parent | 7b1fc9a0f57b4167cb0d27de5e4189b044315052 (diff) | |
mhook: support more x64 functions
Diffstat (limited to 'src/thirdparty/mhook')
| -rw-r--r-- | src/thirdparty/mhook/mhook-lib/mhook.cpp | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/thirdparty/mhook/mhook-lib/mhook.cpp b/src/thirdparty/mhook/mhook-lib/mhook.cpp index 76a6ce561..bf448beee 100644 --- a/src/thirdparty/mhook/mhook-lib/mhook.cpp +++ b/src/thirdparty/mhook/mhook-lib/mhook.cpp @@ -560,15 +560,25 @@ static DWORD DisassembleAndSkip(PVOID pFunction, DWORD dwMinLen, MHOOKS_PATCHDAT while ( (dwRet < dwMinLen) && (pins = GetInstruction(&dis, (ULONG_PTR)pLoc, pLoc, dwFlags)) ) { ODPRINTF(("mhooks: DisassembleAndSkip: %p: %s", pLoc, pins->String)); if (pins->Type == ITYPE_RET ) break; - if (pins->Type == ITYPE_BRANCH ) break; + #if !defined _M_X64 // MPC-HC hack + if (pins->Type == ITYPE_BRANCH) break; + #endif if (pins->Type == ITYPE_BRANCHCC) break; if (pins->Type == ITYPE_CALL ) break; if (pins->Type == ITYPE_CALLCC ) break; #if defined _M_X64 BOOL bProcessRip = FALSE; + if (pins->Type == ITYPE_BRANCH) { // MPC-HC hack + if (dwRet == 0 && pins->OperandCount == 1 && (pins->Operands[0].Flags & OP_IPREL) && pins->Length >= dwMinLen) { + ODPRINTF((L"mhooks: DisassembleAndSkip: hooking the function using MPC-HC hack")); + bProcessRip = TRUE; + } else { + break; + } + } // mov or lea to register from rip+imm32 - if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && + else if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && (pins->X86.OperandSize == 8) && (pins->OperandCount == 2) && (pins->Operands[1].Flags & OP_IPREL) && (pins->Operands[1].Register == AMD64_REG_RIP)) { |