sh_inst_hook_with_exit使用的是B指令跳转的, 跳转范围限制会导致有些函数无法hook么 #46
Unanswered
shineboyxxb
asked this question in
Q&A
Replies: 2 comments
-
在使用 B 做相对跳转时,是先跳转到一个中间跳板,在这个中间跳板中再通过绝对地址跳转到目标函数。shadowhook会先判断当前 B 指令位置和中间跳板的距离,当找不到满足要求距离的中间跳板空间时,会尝试在 hook 位置直接通过绝对地址跳转到目标函数。 |
Beta Was this translation helpful? Give feedback.
0 replies
-
您好,你的邮件我已经收到,我会尽快给你答复的。。
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
你好, shadowhook里面默认启用的是sh_inst_hook_with_exit, 这种模式下使用的是B指令机型跳转, 但B指令有跳转范围限制(PC +128MB)的, 这种限制是否会导致某些函数hook存在兼容性问题
Beta Was this translation helpful? Give feedback.
All reactions