Open shatyuka opened 3 years ago
Description: For a 0x67 prefixed x64 instruction, hde will recognize it's displacement as 16bit. (maybe just copied from hde32?) https://github.com/TsudaKageyu/minhook/blob/781916180b4ba69a08c57b7c6637cc26fedb815c/src/hde/hde64.c#L246
Possible fix:
switch (m_mod) { case 0: if (m_rm == 5) disp_size = 4; break; case 1: disp_size = 1; break; case 2: disp_size = 4; break; }
Test:
.CODE FuncInc PROC lea eax, [ecx+10000h] ret FuncInc ENDP END
Try hooking this function under x64 and call ppOrigin.
ppOrigin
Origin function:
Backup function:
Description: For a 0x67 prefixed x64 instruction, hde will recognize it's displacement as 16bit. (maybe just copied from hde32?) https://github.com/TsudaKageyu/minhook/blob/781916180b4ba69a08c57b7c6637cc26fedb815c/src/hde/hde64.c#L246
Possible fix:
Test:
Try hooking this function under x64 and call
ppOrigin.Origin function:
Backup function: