1 /*
2  *  MinHook - The Minimalistic API Hooking Library for x64/x86
3  *  Copyright (C) 2009-2017 Tsuda Kageyu.
4  *  All rights reserved.
5  *
6  *  Redistribution and use in source and binary forms, with or without
7  *  modification, are permitted provided that the following conditions
8  *  are met:
9  *
10  *   1. Redistributions of source code must retain the above copyright
11  *      notice, this list of conditions and the following disclaimer.
12  *   2. Redistributions in binary form must reproduce the above copyright
13  *      notice, this list of conditions and the following disclaimer in the
14  *      documentation and/or other materials provided with the distribution.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18  *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
19  *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
20  *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
21  *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22  *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
23  *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
24  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
25  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #pragma once
30 
31 #pragma pack(push, 1)
32 
33 // Structs for writing x86/x64 instructions.
34 
35 // 8-bit relative jump.
36 typedef struct _JMP_REL_SHORT
37 {
38     UINT8  opcode;      // EB xx: JMP +2+xx
39     UINT8  operand;
40 } JMP_REL_SHORT, *PJMP_REL_SHORT;
41 
42 // 32-bit direct relative jump/call.
43 typedef struct _JMP_REL
44 {
45     UINT8  opcode;      // E9/E8 xxxxxxxx: JMP/CALL +5+xxxxxxxx
46     UINT32 operand;     // Relative destination address
47 } JMP_REL, *PJMP_REL, CALL_REL;
48 
49 // 64-bit indirect absolute jump.
50 typedef struct _JMP_ABS
51 {
52     UINT8  opcode0;     // FF25 00000000: JMP [+6]
53     UINT8  opcode1;
54     UINT32 dummy;
55     UINT64 address;     // Absolute destination address
56 } JMP_ABS, *PJMP_ABS;
57 
58 // 64-bit indirect absolute call.
59 typedef struct _CALL_ABS
60 {
61     UINT8  opcode0;     // FF15 00000002: CALL [+6]
62     UINT8  opcode1;
63     UINT32 dummy0;
64     UINT8  dummy1;      // EB 08:         JMP +10
65     UINT8  dummy2;
66     UINT64 address;     // Absolute destination address
67 } CALL_ABS;
68 
69 // 32-bit direct relative conditional jumps.
70 typedef struct _JCC_REL
71 {
72     UINT8  opcode0;     // 0F8* xxxxxxxx: J** +6+xxxxxxxx
73     UINT8  opcode1;
74     UINT32 operand;     // Relative destination address
75 } JCC_REL;
76 
77 // 64bit indirect absolute conditional jumps that x64 lacks.
78 typedef struct _JCC_ABS
79 {
80     UINT8  opcode;      // 7* 0E:         J** +16
81     UINT8  dummy0;
82     UINT8  dummy1;      // FF25 00000000: JMP [+6]
83     UINT8  dummy2;
84     UINT32 dummy3;
85     UINT64 address;     // Absolute destination address
86 } JCC_ABS;
87 
88 #pragma pack(pop)
89 
90 typedef struct _TRAMPOLINE
91 {
92     LPVOID pTarget;         // [In] Address of the target function.
93     LPVOID pDetour;         // [In] Address of the detour function.
94     LPVOID pTrampoline;     // [In] Buffer address for the trampoline and relay function.
95 
96 #if defined(_M_X64) || defined(__x86_64__)
97     LPVOID pRelay;          // [Out] Address of the relay function.
98 #endif
99     BOOL   patchAbove;      // [Out] Should use the hot patch area?
100     UINT   nIP;             // [Out] Number of the instruction boundaries.
101     UINT8  oldIPs[8];       // [Out] Instruction boundaries of the target function.
102     UINT8  newIPs[8];       // [Out] Instruction boundaries of the trampoline function.
103 } TRAMPOLINE, *PTRAMPOLINE;
104 
105 BOOL CreateTrampolineFunction(PTRAMPOLINE ct);
106