Quote:
Originally Posted by fdxx
|
Yes, looks like that's exactly what happened.
Quote:
|
Originally Posted by Scag
At a glance, it appears that short jumps (the 74 0B) cannot be fixed up in the trampoline of a midhook.
|
The disassembly in the crash dump provides the tail end bytes of the following movzx instruction. The jz was fortunately short.
Anyways, for now, try to avoid emplacing midhooks where there are short (2-3 byte-long) jmp instructions that the midhook will run over. E8 and E9 jumps should be okay. I can work on getting short jumps to remap/work but that will take some finesse. I'll update the main post to reflect that fact.
__________________