Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix detour issue on x64 #97

Merged
merged 11 commits into from
Apr 28, 2021
Merged

Fix detour issue on x64 #97

merged 11 commits into from
Apr 28, 2021

Conversation

randydu
Copy link
Contributor

@randydu randydu commented Apr 25, 2021

  • fix indirect-CALL (0xFF15) trampoline code patching issue;
    It only needs a dest-holder to specify its destination, no extra JMP needed.
  • adds a new detour scheme (in-place) for quick hooking speed and stability;
    the code-cave scheme is a bit slow when hooking many apis, also the code-cave, according to my tests on low memory machine (Win7/x64, 1GB ram), can be modified (or even unmapped from process memory) after hooking, the cave-searching algorithm needs improvement to make sure the code-cave lives in a non-volatile safe place.

@randydu
- fix vc2019 compiler error for unit-tests;
93c58b3
@randydu
- fix 'NOMINMAX': macro redefinition error;
38e28ae
@randydu
Merge branch 'master' of https://github.com/randydu/PolyHook_2_0 into…
70f805c 
… master
@randydu
- fix compiler error when UNICODE or _UNICODE is defined.
c871f37
@randydu
- fix EatHook unit-test issue when UNICODE is defined;
ae4ee1d
@randydu
Merge branch 'master' of https://github.com/stevemk14ebr/PolyHook_2_0
c58e141 
…into HEAD
@randydu
+ adds detour_scheme_t to support more detour algorithms;
37bc9de 
+ implements push-ret based INPLACE scheme to avoid random crash issue if code-cave
  is modified after api hooking.
@randydu
+ adds Instruction::isCalling flag;
63d6811
@randydu
- fix indirect-call instruction relocation issue.
977e65c 
  only a dest-holder is needed.
@randydu
+ dest-holder 8 bytes alignment for best performance.
536ae27
stevemk14ebr
stevemk14ebr requested changes Apr 27, 2021
View reviewed changes
polyhook2/Detour/ADetour.hpp Outdated Show resolved Hide resolved
sources/CapstoneDisassembler.cpp Show resolved Hide resolved
@stevemk14ebr
Copy link
Owner

If you are able to resolve the two comments I have I will merge your PR quickly. I appreciate your contribution and your drive to find the root cause issue on your own bug! I wish more people did this, model contributor right here!

@randydu
* uses mode of disassembler in trampoline relocation;
8178681 
- fix a code-cave-pattern (NOP2_RET) too small issue that can corrupt code;
  (ref: memset.asm)
@stevemk14ebr stevemk14ebr merged commit 9713567 into stevemk14ebr:master Apr 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevemk14ebr stevemk14ebr stevemk14ebr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@randydu @stevemk14ebr