Trying to hook function, but it seems like i have problem with trampoline

Question

Trying to hook function, but it seems like i have problem with trampoline

I'm currently trying to hook a function. Here's how i do it:

Replace following in original function (14 bytes long):

mov     r11, rsp
push    rbx
push    rsi
push    rdi
push    r12
push    r13
push    r14
push    r15

With (14 bytes long):

mov     rax, 0x7fffffff (example hook addr)
jmp     rax
nop
nop
nop
nop
nop

Then i call original in my hook with this trampoline:

mov      r11, rsp
push     rbx
push     rsi
push     rdi
push     r12
push     r13
push     r14
push     r15
mov      rax, 0x7ccccccc+14 (example original addr)
jmp      rax

It works like normal, but after multiple calls it just crash, i think its problem in my trampoline.

windows

assembly

hook

x86-64

asked on Stack Overflow Jul 29, 2019 by

Cuprum • edited Jul 29, 2019 by

1201ProgramAlarm

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0