Method | Description | |
---|---|---|
PatternAt ( byte source, byte pattern ) : int | ||
replaceDwordCall ( |
At the time of a call the dword register is called as such 0xFF call dword [00189AC4h] which is 6 bytes of 0xFF,0x15,0xC4,0x9A,0x18,0x0 I can then select the immediate value and use that as a selector to find the index into memory to set up a new relative call. Once the index in memory is located, I can use manipulation of the long type to calculate a new offset. I then place that offset into the location of the 0xFF by replacing the sequence with a "call immediate/0xE8" instruction.
|
|
replaceE8Call ( |
Replace a 0xE8 call dstAddress - methodFunPtr + callOffset + byteOffset = new destination address
|
public static PatternAt ( byte source, byte pattern ) : int | ||
source | byte | |
pattern | byte | |
return | int |
public static replaceDwordCall ( |
||
methodPointer | ||
return | void |
public static replaceE8Call ( |
||
methodPointer | ||
return | void |