Thread
: [Solved]
Crash on DHook detouring (dhooks.ext.dll + 0xc3e0)
View Single Post
Addie
Junior Member
Join Date: Nov 2018
11-10-2018 , 10:33 Re: Crash on DHook detouring (dhooks.ext.dll + 0xc3e0)
#
10
Quote:
Originally Posted by
Fyren
I was wrong in my earlier reply. A read or offset entry are equivalent.
Though you found an alternate solution, in case someone happens to want the info:
If you have a signature for a function, and 0xF4 bytes into that function is a call instruction, then
addressOf(sig) + 0xF4
does not hold the target of the call. First, there's an 0xE8 for call's opcode, then a relative offset for the target. It's relative to the next instruction.
So, the offset is at
addressOf(sig) + 0xF5
. You'd have to get what's at that address (you could use a
"read" "0"
like Benoist said) and add it to
addressOf(sig) + 0xF4 + 0x5
. The 0x5 is because the call instruction is 5 bytes long, so that's the address of the next instruction.
Thanks for clearing that up, I'll keep it in mind for future use
Addie
View Public Profile
Send a private message to Addie
Find More Posts by Addie