Question on x86_put_jmp()

[himekifee]

Hi, I'm reading the code and was a bit confused by the function. From what I can see it just places a jmp instruction there. I searched on the Internet and found jmp takes single instruction with relative address and full instruction takes 5 bytes so I guess that's why you (f + 5) there, but why is this *f necessary? Isn't it the same as *a all the time? Any implication here? Thanks.

[milabs]

Hey. That function is quite an old one and was copy-pasted from previous projects. The point of having f and a (which are always the same for KHOOK) is that is can be used with writable mappings. But in KHOOK I use CR0 approach which is a simpler way (but has it's drawbacks) to write read only memory locations. So, yes, having 3 arguments is redundant.

See the other project for mappings approach: https://github.com/milabs/kmod_hooking/blob/8e21c834afbe1b7bdfadc9ba700bd792b8a7bca7/module-init.c#L255

[himekifee]

Thanks for answering. Your help is much appreciated.