Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[ASM] Detouring extern

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Sun Feb 14, 2010 7:58 am    Post subject: [ASM] Detouring extern Reply with quote
I'm trying to write a speed hack that detours extern calls to GetTickCount. I'm still learning when it comes to ASM (who isn't?) and I'd like to know if there are any ramifications of replacing an extern call (15 FF <address>) with a standard call (E8 <address>).

Obviously the length difference means I need to pad something out with a NOP. I can't see any reason why it would matter, but which side of the call should I put the NOP?

e.g.
0xE8 <address> 0x90
or
0x90 0xE8 <address>
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Sun Feb 14, 2010 11:30 am    Post subject: Reply with quote
firstly i don't know why you'd use a call instead of a jmp..

regardless, the first one is better since the call instruction will then be correctly aligned
Back to top
View user's profile Send private message
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
PostPosted: Sun Feb 14, 2010 2:03 pm    Post subject: Reply with quote
Slugsnack wrote:
regardless, the first one is better since the call instruction will then be correctly aligned

won't that depend on the specific situation? the original call might not have been 4-byte aligned but adding a nop before it might align it.
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Sun Feb 14, 2010 2:16 pm    Post subject: Reply with quote
tombana wrote:
Slugsnack wrote:
regardless, the first one is better since the call instruction will then be correctly aligned

won't that depend on the specific situation? the original call might not have been 4-byte aligned but adding a nop before it might align it.

i think it's safe to assume if he is to detour a function he would overwrite the new instructions at the start
Back to top
View user's profile Send private message
Polynomial
Grandmaster Cheater
Reputation: 5

Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
PostPosted: Sun Feb 14, 2010 6:17 pm    Post subject: Reply with quote
I suppose I could just use a jump for the detour, though wouldn't a call be easier since I can just stick a retn on the end of my proc and execution flow will carry on where I left off? I wasn't aware I could do the same with a jmp unless I was putting my detour in somewhere that had multiple lines of code - I just want to replace a single call.
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites