Not an issue but a huge THANK YOU :) #1
Description
Hey Kyle,
I just want to thank you for your "X64 Function Hooking by Example" article. It helped me a lot doing some 64-bit game hacking for fun. I've initially done it using Cheat Engine but wanted to create and inject my own DLL.
Got stuck on the fact that Visual C++ does not support inline assembly for x64 as well as some other differences between x32 and x64 in general (jumps...). Your article helped a lot with the "jump" problem. I really like the solution you presented (relative jump from the hooked function to the Relay function and absolute jump to the PayLoad function).
What I ended up doing differently, compared to your example, was that I included the instruction whose bytes got corrupted by the relative jump and its "nopED" bytes and the change (hack) in my pure asm Payload function that is a part of my C++ project. I also then made an absolute jump back from the Payload to the hooked function right after the included corrupted instruction. And it worked ! :) Haven't fully looked at your Trampoline code, that uses the Capstone library, since I wanted to get my modification(hack) to work first as proof of concept.
I hope you don't mind if I point out something in your code :)
In Full Code for Example 2 (click to expand), your
InstallHook (void* targetFunction, void* payloadFunction) function never uses the input arguments (targetFunction and payloadFunction). It's not a big deal since you just directly calculate a pointer to targetFunction and use NullPaint3DButtonHandler in the WriteAbsoluteJump64(relayFuncMemory, NullPaint3DButtonHandler) step but I thought you might've overlooked that since you already pass the void pointers to targetFunction and payloadFunction that you use in InstallHook....Hope this makes sense :)
Anyways, thanks again for such a great article and keep up the great work !
Ada