-
Notifications
You must be signed in to change notification settings - Fork 14
2.4 Hook: ASM Patch
DK edited this page Sep 20, 2023
·
2 revisions
Apply assembly patch in the target memory
-
address: address of the target function -
offsets: pair containing the {begin, end} offsets of target instruction to patch -
patch: pointer to the memory patch data structure(see 2.3) -
forward: bool value indicating skipping the rest ofNOPspace
ASMPatchHandle AddASMPatch(
std::uintptr_t a_address,
std::pair<std::ptrdiff_t, std::ptrdiff_t> a_offset,
Patch* a_patch,
bool a_forward = true
) noexceptusing namespace DKUtil::Alias;
std::uintptr_t funcAddr = 0x7FF712345678;
// or offset from module base
std::uintptr_t funcAddr = dku::Hook::Module::get().base() + 0x345678;
// mark the begin and the end of target code to patch
// starts at funcAddr + 0x120
// ends at funcAddr + 0x130
// target instruction length is 0x10
auto offset = std::make_pair(0x120, 0x130);
// this is raw patch, you can also use xbyak or DKUtil::Hook::Patch
OpCode AsmSrc[]{
0xB8, // mov eax,
0x00, 0x00, 0x00, 0x00, // Imm32
0x89, 0XC1, // mov ecx, eax
};
auto _Hook_UES = DKUtil::Hook::AddASMPatch(funcAddr, offset, { &AsmPatch, sizeof(AsmSrc) }); // using in-place raw data
// various ways of patching
_Hook_UES = DKUtil::Hook::AddASMPatch(funcAddr, offset, &DKUPatch); // using wrapper
_Hook_UES = DKUtil::Hook::AddASMPatch(funcAddr, offset, &XbyakPatch); // using xbyak
_Hook_UES = DKUtil::Hook::AddASMPatch(funcAddr, offset, { RawPatch.data(), RawPatch.size() }); // using raw patch
_Hook_UES->Enable();If the given target memory defined by offsets is less than the size of assembly patch, a trampoline will be utilized to fulfill the patch and setup the auto detour/return. This action requires a minimal target memory space of 0x5.
The bool paramter forward indicates whether to skip the rest of NOP after applying the patch.