Clarkie Detours.

**gnm** · 07-28-2011

I'm just going to say something relevant to the actual detour code, this will most likely crash the game, what you're doing is just reading the first 7 bytes of the function and moving them, at the end of those 7 bytes it could still be half way through an asm call. For example that last 7th byte may be a jmp and the next 4 bytes would be the address, but what you've done is moved that jmp away from the argument so as soon as it hits that in your trampoline function it will assume the next 4 bytes will be the address. Even if it did succeed and jmp'd back to the original function, it will still stuff up because the first thing it will read is the address that was the argument for the jmp, and it will assume those are opcodes and will attempt to execute them.

There's more information about it under "Extended Code Overwriting" on this page.

**topblast** · 07-28-2011

Originally Posted by gnm

I'm just going to say something relevant to the actual detour code, this will most likely crash the game, what you're doing is just reading the first 7 bytes of the function and moving them, at the end of those 7 bytes it could still be half way through an asm call. For example that last 7th byte may be a jmp and the next 4 bytes would be the address, but what you've done is moved that jmp away from the argument so as soon as it hits that in your trampoline function it will assume the next 4 bytes will be the address. Even if it did succeed and jmp'd back to the original function, it will still stuff up because the first thing it will read is the address that was the argument for the jmp, and it will assume those are opcodes and will attempt to execute them.

There's more information about it under "Extended Code Overwriting" on this page.

True, still all functions dont have (dont know the word) But some function finish opcode at the 7th byte :O, leaving it free with no crash

Thread: Clarkie Detours.

Thread Tools

Display