stevemk14ebr
commented
8 years ago You are correct i didn't not implement this yet. If you submit a pull request i will merge it.
Open biGGer opened 8 years ago
stevemk14ebr
commented
8 years ago You are correct i didn't not implement this yet. If you submit a pull request i will merge it.
Because of the 0x1000 minimal page size the PAGE_GUARD flag will silently fall off if anything near the hook gets touched and the lib doesn't do anything to stop it.
One way around it is if the RIP doesn't match our hooked function set the single step trap(via eflags), and restore PAGE_GUARD later inside EXCEPTION_SINGLE_STEP.
Also it would be wise to reuse existing page read/write flags instead of making hooked page writable for no reason.