-
Notifications
You must be signed in to change notification settings - Fork 14
2.1 Hook: Address Fetching
DK edited this page Sep 20, 2023
·
2 revisions
To do a pattern scan, simple call:
auto* addr = dku::Hook::Assembly::search_pattern<
"40 57 " // each pattern is separated by whitespace " "
"48 83 EC 30 "
"48 8B 0D ?? ?? ?? ?? " // wildcard is ??
"48 8B FA "
"48 81 C1 D0 00 00 00 "
"E8 ?? ?? ?? ?? "
"48 8B C8 "
"E8 ?? ?? ?? ??">();
INFO("found address at {:X}", AsAddress(addr));
// delayed match
auto TestAlByte = dku::Hook::Assembly::make_pattern<"84 C0">();
auto addr = 0x7FF712345678;
if (TestAlByte.match(addr)) {}To get the actual address of a rip displacement used in an instruction.
// e.g. we want the actual function address in this callsite
// 0x141234567 : call [rip + 0x30]
std::uintptr_t funcAddr = dku::Hook::GetDisp(0x141234567);
// or lea rax, ds: [rip + 0x1110]
auto actorSingleton = dku::Hook::GetDisp<void**>(0x141234567);
// or mov rax, ds: [rip + 0x114514]
bool significance = *dku::Hook::GetDisp<bool*>(0x141234567);Offset a pointer type with type cast.
// read bool member value at 0x220 from a class pointer
auto& member = *dku::Hook::adjust_pointer<bool>(actorSingleton, 0x220);Get import address of method in a module.