Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rsp error #4

Closed
leapar opened this issue Aug 31, 2021 · 7 comments
Closed

rsp error #4

leapar opened this issue Aug 31, 2021 · 7 comments

Comments

@leapar
Copy link
Contributor

leapar commented Aug 31, 2021

window 10 hook api crash!!!

1、
image

0x00007FF737D20A34
is the pre main function

2、
image

0x00007FF73AD01013
to jmp the main function

3、jmp function in the stack will be changed
image

4、has been changed
image
00007FF73AD010A0 should be 0x00007FF73AD01013

5、will go to error rsp
image

@hasherezade
Copy link
Owner

Hi, in which circumstances did the crash happened? Did it happened on return from your replacement function?

Are you sure that the function that you used as a replacement has exactly the same API as the function that you was hooking? Not only parameter numbers and types have to match, but also the calling convention has to be identical ( i.e. _stdcall function cannot be use as a replacement of _cdecl function, and vice versa).
It there is mismatch, the return will not be good.

@leapar
Copy link
Contributor Author

leapar commented Aug 31, 2021

yes!
i am sure!
i modify the asm like this,it test ok!
i am not sure it will work well all of windows version!

image

@leapar
Copy link
Contributor Author

leapar commented Aug 31, 2021

and also there has a bug in the hexf.cpp file.
i build the asm by yasm, and there has 0xff code, the hexf.cpp will break,so when i copy these code to stubdata.h it will be error!
and i modify this file like this.

image

@hasherezade
Copy link
Owner

Ah, now I understand what you mean... So it is a bug in the stub. It is my old code and it wasn't tested on Windows 10.
Thank you for fixing, feel free to send me a pull request. I will test if it works on other Windows versions too.

@leapar
Copy link
Contributor Author

leapar commented Sep 1, 2021

#5

@hasherezade
Copy link
Owner

Thank you for your contribution, the new release is ready:
https://github.com/hasherezade/IAT_patcher/releases/tag/v0.3.5.4

@leapar
Copy link
Contributor Author

leapar commented Sep 2, 2021

thank you for your project.
it saves my time.

@leapar leapar closed this as completed Sep 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants