private IntPtr GetRewriteRIPRelativeJumpTarget(Instruction instruction) { IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0])); CurrentProcess.Read(pointerAddress, out IntPtr targetAddress); return(targetAddress); }
private nuint GetRewriteRIPRelativeJumpTarget(Instruction instruction) { var pointerAddress = instruction.IPRelativeMemoryAddress; CurrentProcess.Read((nuint)pointerAddress, out nuint targetAddress); return(targetAddress); }
private JumpDetails RewriteRIPRelativeJump(Instruction instruction, FunctionPatch patch) { IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0])); CurrentProcess.Read(pointerAddress, out IntPtr targetAddress); patch.NewFunction.AddRange(Utilities.AssembleAbsoluteJump(targetAddress, Is64Bit())); return(new JumpDetails((long)instruction.PC, (long)targetAddress)); }
/// <summary> /// Creates patch for a RIP relative jump, if necessary. /// </summary> private void PatchRIPRelativeJump(Instruction instruction, ref AddressRange originalJmpTarget, long newJmpTarget, List <Patch> patches) { IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0])); CurrentProcess.Read(pointerAddress, out IntPtr jumpTargetAddress); if (originalJmpTarget.Contains((long)jumpTargetAddress)) { // newJmpTarget is guaranteed to be in range. // Relative jump uses less bytes, so using it is also safe. byte[] relativeJumpBytes = Utilities.AssembleRelativeJump((IntPtr)instruction.Offset, (IntPtr)newJmpTarget, Is64Bit()); patches.Add(new Patch((IntPtr)instruction.Offset, relativeJumpBytes)); } }