inline PBYTE detour_skip_jmp(PBYTE pbCode, PVOID *ppGlobals) { if (pbCode == NULL) { return NULL; } if (ppGlobals != NULL) { *ppGlobals = NULL; } if (pbCode[0] == 0xff && pbCode[1] == 0x25) { // jmp [+imm32] // Looks like an import alias jump, then get the code it points to. PBYTE pbTarget = *(PBYTE *)&pbCode[2]; if (detour_is_imported(pbCode, pbTarget)) { PBYTE pbNew = *(PBYTE *)pbTarget; DETOUR_TRACE(("%p->%p: skipped over import table.\n", pbCode, pbNew)); return pbNew; } } else if (pbCode[0] == 0xeb) { // jmp +imm8 // These just started appearing with CL13. PBYTE pbNew = pbCode + 2 + *(CHAR *)&pbCode[1]; DETOUR_TRACE(("%p->%p: skipped over short jump.\n", pbCode, pbNew)); if (pbNew[0] == 0xe9) { // jmp +imm32 pbCode = pbNew; pbNew = pbCode + *(INT32 *)&pbCode[1]; DETOUR_TRACE(("%p->%p: skipped over short jump.\n", pbCode, pbNew)); } return pbNew; } return pbCode; }
inline PBYTE detour_skip_jmp(PBYTE pbCode, PVOID *ppGlobals) { if (pbCode == NULL) { return NULL; } if (ppGlobals != NULL) { *ppGlobals = NULL; } // First, skip over the import vector if there is one. if (pbCode[0] == 0xff && pbCode[1] == 0x25) { // jmp [imm32] // Looks like an import alias jump, then get the code it points to. PBYTE pbTarget = *(PBYTE *)&pbCode[2]; if (detour_is_imported(pbCode, pbTarget)) { PBYTE pbNew = *(PBYTE *)pbTarget; DETOUR_TRACE(("%p->%p: skipped over import table.\n", pbCode, pbNew)); pbCode = pbNew; } } // Then, skip over a patch jump if (pbCode[0] == 0xeb) { // jmp +imm8 PBYTE pbNew = pbCode + 2 + *(CHAR *)&pbCode[1]; DETOUR_TRACE(("%p->%p: skipped over short jump.\n", pbCode, pbNew)); pbCode = pbNew; // Finally, skip over a long jump if it is the target of the patch jump. if (pbCode[0] == 0xe9) { // jmp +imm32 PBYTE pbNew = pbCode + 5 + *(INT32 *)&pbCode[1]; DETOUR_TRACE(("%p->%p: skipped over long jump.\n", pbCode, pbNew)); pbCode = pbNew; } } return pbCode; }