Re: Need a jump opcode generator.
- From: "Skybuck Flying" <spam@xxxxxxxxxxx>
- Date: Sat, 28 Jul 2007 03:20:44 +0200
"Jamie" <jamie_ka1lpa_not_valid_after_ka1lpa_@xxxxxxxxxxx> wrote in message
news:Iiuqi.47$%E6.6@xxxxxxxxxxxxxxx
Skybuck Flying wrote:
Hello,They call it a stack frame.
It seems winsock 2 functions:
sendto, recvfrom, send, recv all start with the following 5 bytes
according to Delphi's debugger:
71C02F7F 8BFF mov edi,edi
71C02F81 55 push ebp
71C02F82 8BEC mov ebp,esp
These bytes need to be replaced with a jump instruction which is supposed
to jump to my interception routines.
It's ok to assume the address for the interception routines are located
in a pointer (32 bit).
Now I need a generator which will generate the appriorate opcode /
instruction encoding.
Prototype for the generator could be:
JumpGenerator( LocationAddress : pointer; JumpAddress : pointer );
The generator is supposed to create opcodes which would be placed at:
LocationAddress^
and jump to:
JumpAddress (the value is the address where the jump opcode is to jump
too)
How many bytes will the jump take ?
For now I assume it takes 5 bytes just like a call.. but maybe it takes
less bytes then a call ?
Anyway help would be great.
I'll to figure it out myself as well but the intel manual lists many
possibilities... so gotta figure it out.
Only generating the opcode is needed, virtual protect and stuff like that
is not needed.
Bye,
Skybuck.
Why you brabbling about ?
Bye,
Skybuck.
:)
.
- References:
- Need a jump opcode generator.
- From: Skybuck Flying
- Re: Need a jump opcode generator.
- From: Jamie
- Need a jump opcode generator.
- Prev by Date: Re: Feature Request: control-alt-space should show completely function prototype to see return types as well.
- Next by Date: Re: Civilization 3 Conquest Winsock 2 Interception Idea. (OS:Win64)
- Previous by thread: Re: Need a jump opcode generator.
- Next by thread: elementary question about Quickreport
- Index(es):
Relevant Pages
|
