private IntPtr GetRewriteRIPRelativeJumpTarget(Instruction instruction)
{
IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0]));
CurrentProcess.Read(pointerAddress, out IntPtr targetAddress);
return(targetAddress);
}
private nuint GetRewriteRIPRelativeJumpTarget(Instruction instruction)
{
var pointerAddress = instruction.IPRelativeMemoryAddress;
CurrentProcess.Read((nuint)pointerAddress, out nuint targetAddress);
return(targetAddress);
}
private JumpDetails RewriteRIPRelativeJump(Instruction instruction, FunctionPatch patch)
{
IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0]));
CurrentProcess.Read(pointerAddress, out IntPtr targetAddress);
patch.NewFunction.AddRange(Utilities.AssembleAbsoluteJump(targetAddress, Is64Bit()));
return(new JumpDetails((long)instruction.PC, (long)targetAddress));
}
/// <summary>
/// Creates patch for a RIP relative jump, if necessary.
/// </summary>
private void PatchRIPRelativeJump(Instruction instruction, ref AddressRange originalJmpTarget, long newJmpTarget, List <Patch> patches)
{
IntPtr pointerAddress = (IntPtr)((long)instruction.PC + GetOperandOffset(instruction.Operands[0]));
CurrentProcess.Read(pointerAddress, out IntPtr jumpTargetAddress);
if (originalJmpTarget.Contains((long)jumpTargetAddress))
{
// newJmpTarget is guaranteed to be in range.
// Relative jump uses less bytes, so using it is also safe.
byte[] relativeJumpBytes = Utilities.AssembleRelativeJump((IntPtr)instruction.Offset, (IntPtr)newJmpTarget, Is64Bit());
patches.Add(new Patch((IntPtr)instruction.Offset, relativeJumpBytes));
}
}
