diff options
| author | Alex Marsev <alex.marsev@gmail.com> | 2014-03-31 19:37:24 +0400 |
|---|---|---|
| committer | Alex Marsev <alex.marsev@gmail.com> | 2014-03-31 20:40:57 +0400 |
| commit | 5dd35a6b516a5f76cedbbcad49ff62f6cb616d0d (patch) | |
| tree | f95e78a00ea868a5f0d8774271e2bde56ba8bdf1 /src/thirdparty/mhook | |
| parent | 2f6888ca9fcd0a9b4c231910d32f046a9b526503 (diff) | |
mhook: backport REX-prefixed EIP-based jump fix
This reverts commit 1b826e7a56671c3b8ed0ee827bc2186700a3a952.
Diffstat (limited to 'src/thirdparty/mhook')
| -rw-r--r-- | src/thirdparty/mhook/mhook-lib/mhook.cpp | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/src/thirdparty/mhook/mhook-lib/mhook.cpp b/src/thirdparty/mhook/mhook-lib/mhook.cpp index 097a77c56..2057b1896 100644 --- a/src/thirdparty/mhook/mhook-lib/mhook.cpp +++ b/src/thirdparty/mhook/mhook-lib/mhook.cpp @@ -197,6 +197,11 @@ static PBYTE SkipJumps(PBYTE pbCode) { INT32 lOffset = *(INT32 *)&pbCode[2]; // ... that shows us an absolute pointer return SkipJumps(*(PBYTE*)(pbCode + 6 + lOffset)); + } else if (pbCode[0] == 0x48 && pbCode[1] == 0xff && pbCode[2] == 0x25) { + // or we can have the same with a REX prefix + INT32 lOffset = *(INT32 *)&pbCode[3]; + // ... that shows us an absolute pointer + return SkipJumps(*(PBYTE*)(pbCode + 7 + lOffset)); #endif } else if (pbCode[0] == 0xe9) { // here the behavior is identical, we have... @@ -560,25 +565,15 @@ static DWORD DisassembleAndSkip(PVOID pFunction, DWORD dwMinLen, MHOOKS_PATCHDAT while ( (dwRet < dwMinLen) && (pins = GetInstruction(&dis, (ULONG_PTR)pLoc, pLoc, dwFlags)) ) { ODPRINTF(("mhooks: DisassembleAndSkip: %p: %s", pLoc, pins->String)); if (pins->Type == ITYPE_RET ) break; - #if !defined _M_X64 // MPC-HC hack - if (pins->Type == ITYPE_BRANCH) break; - #endif + if (pins->Type == ITYPE_BRANCH ) break; if (pins->Type == ITYPE_BRANCHCC) break; if (pins->Type == ITYPE_CALL ) break; if (pins->Type == ITYPE_CALLCC ) break; #if defined _M_X64 BOOL bProcessRip = FALSE; - if (pins->Type == ITYPE_BRANCH) { // MPC-HC hack - if (dwRet == 0 && pins->OperandCount == 1 && (pins->Operands[0].Flags & OP_IPREL) && pins->Length >= dwMinLen) { - ODPRINTF((L"mhooks: DisassembleAndSkip: hooking the function using MPC-HC hack")); - bProcessRip = TRUE; - } else { - break; - } - } // mov or lea to register from rip+imm32 - else if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && + if ((pins->Type == ITYPE_MOV || pins->Type == ITYPE_LEA) && (pins->X86.Relative) && (pins->X86.OperandSize == 8) && (pins->OperandCount == 2) && (pins->Operands[1].Flags & OP_IPREL) && (pins->Operands[1].Register == AMD64_REG_RIP)) { |