I recently worked on workarounds (on Linux only), and so far I have had great success. I developed my own roundabout class until I found this . I upgraded the code a bit and converted it to C ++ (as a course class). This code, like any other combiner implementation, replaces the source address of the function with JMP with my own hook function. It also creates a โtrampolineโ for the original function.
Everything works flawlessly, but I would like to make one simple adjustment. I program in pure C ++, I do not use global functions, and everything is enclosed in classes (like Java / C #). The problem is that this workaround breaks my pattern. The hook function must be a static / non-class function.
What I want to do is implement support for _thiscall hooks (which should be pretty simple with the GCC convention _ thiscall ). I was unable to modify this code to work with _thiscall hooks. What I want as an end result is as simple as that; PatchAddress(void * target, void * hook, void * class); . I do not ask anyone to do this for me, but I would like to know how to solve / approach my problem?
From what I know, I only need to increase the size of the โpatchโ (ie now 5 bytes, and should I require an extra 5 bytes?), And then before using the JMP call (to my hook function), I push the 'this' pointer onto the stack (which should be as if I named it as a member function). To illustrate:
push 'my class pointer' jmp <my hook function>
Instead of directly calling "jmp" directly / only. Is this the right approach or is there something else under this that needs to be taken into account (note: I do not need VC ++ _thiscall support)?
NOTE: here is my implementation of the above code: header : source , uses libudis86
Elliott darfink
source share