search

microsoft / Detours

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
MIT License
5k stars 978 forks source link

`detour_skip_jmp` for arm64 doesn't support unconditional branch #295

Open valco1994 opened 11 months ago

valco1994 commented 11 months ago

Hello! I found that there is almost the same issue as https://github.com/microsoft/Detours/issues/293 with DetourCodeFromPointer on arm64. It doesn't work properly for OutputDebugStringA, because detour_skip_jmp doesn't support unconditional jump B <label>. As a result, when you try to hook OutputDebugStringA you are actually hooking kernel32.dll!OutputDebugStringAStub instead of the KernelBase.dll!OutputDebugStringA.

https://github.com/microsoft/Detours/blob/734ac64899c44933151c1335f6ef54a590219221/src/detours.cpp#L1049

valco1994 commented 11 months ago

It's necessary to consider https://github.com/microsoft/Detours/issues/296 when you will be fixing this issue.