When hooking a function with libmem, the generated JMP patch does not fill the remaining overwritten bytes with NOP instructions.
Original code:
test.exe+28D5BF - 8B 04 85 54 42 A9 00 - mov eax,[eax*4+test.exe+694254]
test.exe+28D5C6 - C3 - ret
test.exe+28D5C7 - 90 - nop
test.exe+28D5C8 - 53 - push ebx
test.exe+28D5C9 - 83 EC 1C - sub esp,1C
After hooking test.exe+28D5BF, libmem correctly writes the JMP instruction, but the remaining bytes are left untouched:
test.exe+28D5BF - E9 3C2A5104 - jmp 04BA0000
test.exe+28D5C4 - A9 00C39053 - test eax,5390C300
test.exe+28D5C9 - 83 EC 1C - sub esp,1C
This causes the disassembly to become corrupted because the original instruction length was 7 bytes, while the JMP instruction only uses 5 bytes.
Expected behavior:
test.exe+28D5BF - E9 3C2A1C0C - jmp 0C850000
test.exe+28D5C4 - 90 - nop
test.exe+28D5C5 - 90 - nop
test.exe+28D5C6 - C3 - ret
test.exe+28D5C7 - 90 - nop
test.exe+28D5C8 - 53 - push ebx
test.exe+28D5C9 - 83 EC 1C - sub esp,1C
It would be helpful if libmem could automatically pad the remaining bytes with NOPs when the overwritten instruction size is larger than the JMP patch size.
When hooking a function with libmem, the generated JMP patch does not fill the remaining overwritten bytes with NOP instructions.
Original code:
After hooking
test.exe+28D5BF, libmem correctly writes the JMP instruction, but the remaining bytes are left untouched:This causes the disassembly to become corrupted because the original instruction length was 7 bytes, while the JMP instruction only uses 5 bytes.
Expected behavior:
It would be helpful if libmem could automatically pad the remaining bytes with NOPs when the overwritten instruction size is larger than the JMP patch size.