Re: Need a jump opcode generator.
- From: Jamie <jamie_ka1lpa_not_valid_after_ka1lpa_@xxxxxxxxxxx>
- Date: Fri, 27 Jul 2007 18:40:12 -0400
Skybuck Flying wrote:
Hello,They call it a stack frame.
It seems winsock 2 functions:
sendto, recvfrom, send, recv all start with the following 5 bytes according to Delphi's debugger:
71C02F7F 8BFF mov edi,edi
71C02F81 55 push ebp
71C02F82 8BEC mov ebp,esp
These bytes need to be replaced with a jump instruction which is supposed to jump to my interception routines.
It's ok to assume the address for the interception routines are located in a pointer (32 bit).
Now I need a generator which will generate the appriorate opcode / instruction encoding.
Prototype for the generator could be:
JumpGenerator( LocationAddress : pointer; JumpAddress : pointer );
The generator is supposed to create opcodes which would be placed at:
LocationAddress^
and jump to:
JumpAddress (the value is the address where the jump opcode is to jump too)
How many bytes will the jump take ?
For now I assume it takes 5 bytes just like a call.. but maybe it takes less bytes then a call ?
Anyway help would be great.
I'll to figure it out myself as well but the intel manual lists many possibilities... so gotta figure it out.
Only generating the opcode is needed, virtual protect and stuff like that is not needed.
Bye,
Skybuck.
--
"I'm never wrong, once i thought i was, but was mistaken"
Real Programmers Do things like this.
http://webpages.charter.net/jamie_5
.
- Follow-Ups:
- Re: Need a jump opcode generator.
- From: Skybuck Flying
- Re: Need a jump opcode generator.
- References:
- Need a jump opcode generator.
- From: Skybuck Flying
- Need a jump opcode generator.
- Prev by Date: Re: Civilization 3 Conquest Winsock 2 Interception Idea. (OS:Win64)
- Next by Date: Re: Need a jump opcode generator.
- Previous by thread: Re: Need a jump opcode generator.
- Next by thread: Re: Need a jump opcode generator.
- Index(es):
Relevant Pages
|
