[DiscordArchive] Are you sure your offset was function + bypass overwritten instructions?
[DiscordArchive] Are you sure your offset was function + bypass overwritten instructions?
Original source
Are you sure your offset was function + bypass overwritten instructions?
rektbyfaith
06-18-2023, 10:45 AM #1Archived author: Nix • Posted: 2023-06-18T10:45:03.327000+00:00
Original source
Are you sure your offset was function + bypass overwritten instructions?
Original source
what exactly do you mean/refer to?=
rektbyfaith
06-18-2023, 10:45 AM #2Archived author: 4bhorrent • Posted: 2023-06-18T10:45:31.533000+00:00
Original source
what exactly do you mean/refer to?=
Original source
![[Image: image.png?ex=690c7c64&is=690b2ae4&hm=419...677172d79&]](https://cdn.discordapp.com/attachments/1086807686571642900/1119941063025639464/image.png?ex=690c7c64&is=690b2ae4&hm=419b39ceca245f1114789e7a0d815cd7390397ca78fd594247c1a05677172d79&)
rektbyfaith
06-18-2023, 10:45 AM #3Archived author: 4bhorrent • Posted: 2023-06-18T10:45:56.957000+00:00
Original source
Original source
767 entries
rektbyfaith
06-18-2023, 10:46 AM #4Archived author: 4bhorrent • Posted: 2023-06-18T10:46:13.617000+00:00
Original source
767 entries
Original source
If your function lies at 0x100, and you patch the first 2 bytes, your offset to call is 0x102
rektbyfaith
06-18-2023, 10:46 AM #5Archived author: Nix • Posted: 2023-06-18T10:46:14.098000+00:00
Original source
If your function lies at 0x100, and you patch the first 2 bytes, your offset to call is 0x102
Original source
the function still lies at 0x100... just that the first 2 bytes have been overwritten with something else, no? ^^
rektbyfaith
06-18-2023, 10:47 AM #6Archived author: 4bhorrent • Posted: 2023-06-18T10:47:16.973000+00:00
Original source
the function still lies at 0x100... just that the first 2 bytes have been overwritten with something else, no? ^^
Original source
Yes, but to call it, you must avoid your overwritten instructions (The jmp)
rektbyfaith
06-18-2023, 10:47 AM #7Archived author: Nix • Posted: 2023-06-18T10:47:33.631000+00:00
Original source
Yes, but to call it, you must avoid your overwritten instructions (The jmp)
Original source
Thus you must call it at the later address
rektbyfaith
06-18-2023, 10:47 AM #8Archived author: Nix • Posted: 2023-06-18T10:47:40.717000+00:00
Original source
Thus you must call it at the later address
Original source
Otherwise you reach an infinite loop like we talked about the other day
rektbyfaith
06-18-2023, 10:48 AM #9Archived author: Nix • Posted: 2023-06-18T10:48:11.781000+00:00
Original source
Otherwise you reach an infinite loop like we talked about the other day
Original source
DetourAttach handles this already... it writes a new pointer over the function pointer for the old function, which is the trampoline
rektbyfaith
06-18-2023, 10:48 AM #10Archived author: 4bhorrent • Posted: 2023-06-18T10:48:20.727000+00:00
Original source
DetourAttach handles this already... it writes a new pointer over the function pointer for the old function, which is the trampoline
1 Guest(s)
1 Guest(s)