I ran into an issue with HookCode failing to hook a "5 byte length function". The problem is Visual C++ generates thunks like
Code: Select all
jmp [ActualCodeStart]Am I right assuming a single jump instruction cannot be hooked with madCodeHook ?
Minimal function size to hook
Minimal function size to hook
Hello,
I ran into an issue with HookCode failing to hook a "5 byte length function". The problem is Visual C++ generates thunks like instead of actual code at debug builds. At release builds the thunk is not generated so everything works fine.
Am I right assuming a single jump instruction cannot be hooked with madCodeHook ?
I ran into an issue with HookCode failing to hook a "5 byte length function". The problem is Visual C++ generates thunks like
Am I right assuming a single jump instruction cannot be hooked with madCodeHook ?
Re: Minimal function size to hook
In some cases madCodeHook follows up on the JMP and hooks the "ActualCodeStart". But I think only HookAPI() does that for exported APIs, but HookCode() does not. However, that's just from the top of my head without checking the source code. If you are aware of that your HookCode() calls might end up with a JMP instruction, then you could of course write a small wrapper around HookCode() which checks if the target address contains a 5-byte JMP and if it does you could call HookCode() instead with the JMP target. Doing this inside of madCodeHook is not always safe because that JMP could be a runtime hook installed by a different hooking library.
Re: Minimal function size to hook
I see, thank you for the explanation!