how to calculate the correct size to copy into the trampoline

Asked Sep 27 '18 at 21:15

Active Sep 27 '18 at 21:15

Viewed 330 times

I'm trying to hook functions in x64 bit windows I can hook the target function easily but the problem is in creating the trampoline I need to know a suitable size to copy from the original function to the trampoline and then coping the jmp instruction to the target

this is my patch bytes :

unsigned char patch_12_bytes[] = {
  0x48, 0xb8, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0xFF, 0xE0
};

I put the address of the target address in it and copy it to the end of the trampoline which will jump to the address of the hooked function + the copied bytes

but sometimes I get some errors like access violation as the instructions aren't correct so I need to know how to get the correct size to copy and the jump to the bytes after it

asked Sep 27 '18 at 21:15

dev54312

Check https://stackoverflow.com/a/45061320/298054 to see if it helps. – jweyrich Sep 27 '18 at 21:21
in the answer he allocates 5 bytes for the prologue but this won't work for all functions as this may result in copying broken asm instructions – dev54312 Sep 28 '18 at 19:12

how to calculate the correct size to copy into the trampoline

0 Answers0