Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spoofing Ret address #43

Closed
soltrac opened this issue Aug 1, 2019 · 2 comments
Closed

Spoofing Ret address #43

soltrac opened this issue Aug 1, 2019 · 2 comments

Comments

@soltrac
Copy link

soltrac commented Aug 1, 2019
edited
Loading

Hi,

I really don't understand how the spoof of the return address is handled. I'm checking the unit test
https://github.com/stevemk14ebr/PolyHook_2_0/blob/master/UnitTests/TestDetourNoTDx86.cpp

and I've made a working example, but it is not working. Can you explain a little bit more how it is done? In my example, I've used the ILCallback as you use them on your example, but after that I'm not sure how the spoof is done.

Edit: My final interest is spoof the return address inside the image of the hooked function
@stevemk14ebr
Copy link
Owner

sorry that is an old test, i removed the ability to spoof return address. Only return value spoofing is currently supported. This is due to how complicated the asmjit re-writing became, you can probably still find that code in the commit history, but no guarantees on how well it will work or if it is even correct.

@soltrac
Copy link
Author

soltrac commented Aug 2, 2019

I checked it, but yes, it is not working, thank you anyway!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@soltrac @stevemk14ebr