Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to replace and call a function if I know the address of the target? #29

Open
oovm opened this issue Oct 24, 2024 · 2 comments
Open

How to replace and call a function if I know the address of the target? #29

oovm opened this issue Oct 24, 2024 · 2 comments

Comments

@oovm
Copy link

oovm commented Oct 24, 2024

I successfully injected the dll, but I don't know how to replace the function with my version based on the address (module offset) and call it.

The table decompiled by others shows relative addresses, but rust calls seem to be based on raw addresses.

In almost all cases, an error (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION) will be reported

unsafe {
    let f: extern "fastcall" fn() -> bool = unsafe { std::mem::transmute(0x4E as *const ()) };
    f() // (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)
}
@OpenByteDev
Copy link
Owner

OpenByteDev commented Oct 24, 2024
edited
Loading

Take a look at my other repository BurntSushi, where i do just that to block ads in Spotify.
The hooks are defined here.

@oovm
Copy link
Author

oovm commented Oct 24, 2024
edited
Loading

dumpbin /exports <dll> + GetProcAddress + retour is indeed a good method.

But a game I encountered needs to hook functions in exe. In this case, there is no export name, only an offset table compiled by others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oovm @OpenByteDev