64-bit targets where the jump distance bigger than 2GB

[Jai-wei]

Question：libmem.alloc_memory_ex When allocating virtual memory in a 64-bit program, the Windows system will automatically allocate it to a farther place, causing the jmp instruction to be too long. Can this be optimized? Programming language: Python

Problem description：

1. Assume the current instruction is:

   
   notepad++.exe+3A - 00 00                 - add [rax],al
   notepad++.exe+3C - 28 01                 - sub [rcx],al
   notepad++.exe+3E - 00 00                 - add [rax],al
   notepad++.exe+40 - 0E                    - push cs
   notepad++.exe+41 - 1F                    - pop ds
   notepad++.exe+42 - BA 0E00B409           - mov edx,09B4000E
   notepad++.exe+47 - CD 21                 - int 21
   notepad++.exe+49 - B8 014CCD21           - mov eax,21CD4C01
   notepad++.exe+4E - 54                    - push rsp

2. The address obtained by using the `alloc_memory_ex` function is: `0x1d0f84c0000`
```basic
000001D0F84D0000 | 0000      | ADD BYTE PTR DS:[RAX],AL 

3. Use hook_code_ex function to hook，The assembly instructions become：

   notepad++.exe+3A - FF25 00000000 00004DF8D0010000 - jmp 1D0F84D0000
   notepad++.exe+48 - 90                    - nop 
   notepad++.exe+49 - B8 014CCD21           - mov eax,21CD4C01
   notepad++.exe+4E - 54                    - push rsp

4. 👆The problem is that the jmp command uses 14 bytes to complete: FF25 00000000 00004DF8D0010000

Extended description：

• The alloc function in CE can specify an AllocateNearThisAddress parameter. If specified, memory space will be allocated near this address.
• At this time, since the address distance is very close, the jmp instruction only needs 5 bytes: E9 6EFFFEFF
• As shown below：

  
  //////////////////// Before hook
  notepad++.exe+8D - 30 EC                 - xor ah,ch
  notepad++.exe+8F - 5E                    - pop rsi
  notepad++.exe+90 - 66 8E 4A E6           - mov cs,[rdx-1A]

//////////////////// After hook notepad++.exe+8D - E9 6EFFFEFF - jmp 7FF7B8D90000 notepad++.exe+92 - 90 - nop

**So is there any way, when applying for memory, to apply for memory near the specified memory, just like CE's alloc function?**

Thank you