1 /* 2 * MinHook - The Minimalistic API Hooking Library for x64/x86 3 * Copyright (C) 2009-2017 Tsuda Kageyu. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #pragma once 30 31 #pragma pack(push, 1) 32 33 // Structs for writing x86/x64 instructions. 34 35 // 8-bit relative jump. 36 typedef struct _JMP_REL_SHORT 37 { 38 UINT8 opcode; // EB xx: JMP +2+xx 39 UINT8 operand; 40 } JMP_REL_SHORT, *PJMP_REL_SHORT; 41 42 // 32-bit direct relative jump/call. 43 typedef struct _JMP_REL 44 { 45 UINT8 opcode; // E9/E8 xxxxxxxx: JMP/CALL +5+xxxxxxxx 46 UINT32 operand; // Relative destination address 47 } JMP_REL, *PJMP_REL, CALL_REL; 48 49 // 64-bit indirect absolute jump. 50 typedef struct _JMP_ABS 51 { 52 UINT8 opcode0; // FF25 00000000: JMP [+6] 53 UINT8 opcode1; 54 UINT32 dummy; 55 UINT64 address; // Absolute destination address 56 } JMP_ABS, *PJMP_ABS; 57 58 // 64-bit indirect absolute call. 59 typedef struct _CALL_ABS 60 { 61 UINT8 opcode0; // FF15 00000002: CALL [+6] 62 UINT8 opcode1; 63 UINT32 dummy0; 64 UINT8 dummy1; // EB 08: JMP +10 65 UINT8 dummy2; 66 UINT64 address; // Absolute destination address 67 } CALL_ABS; 68 69 // 32-bit direct relative conditional jumps. 70 typedef struct _JCC_REL 71 { 72 UINT8 opcode0; // 0F8* xxxxxxxx: J** +6+xxxxxxxx 73 UINT8 opcode1; 74 UINT32 operand; // Relative destination address 75 } JCC_REL; 76 77 // 64bit indirect absolute conditional jumps that x64 lacks. 78 typedef struct _JCC_ABS 79 { 80 UINT8 opcode; // 7* 0E: J** +16 81 UINT8 dummy0; 82 UINT8 dummy1; // FF25 00000000: JMP [+6] 83 UINT8 dummy2; 84 UINT32 dummy3; 85 UINT64 address; // Absolute destination address 86 } JCC_ABS; 87 88 #pragma pack(pop) 89 90 typedef struct _TRAMPOLINE 91 { 92 LPVOID pTarget; // [In] Address of the target function. 93 LPVOID pDetour; // [In] Address of the detour function. 94 LPVOID pTrampoline; // [In] Buffer address for the trampoline and relay function. 95 96 #if defined(_M_X64) || defined(__x86_64__) 97 LPVOID pRelay; // [Out] Address of the relay function. 98 #endif 99 BOOL patchAbove; // [Out] Should use the hot patch area? 100 UINT nIP; // [Out] Number of the instruction boundaries. 101 UINT8 oldIPs[8]; // [Out] Instruction boundaries of the target function. 102 UINT8 newIPs[8]; // [Out] Instruction boundaries of the trampoline function. 103 } TRAMPOLINE, *PTRAMPOLINE; 104 105 BOOL CreateTrampolineFunction(PTRAMPOLINE ct); 106