To use x86detours, it requires at least 5 bytes to overwrite jmp instruction.
What I want to hook is as below:
.text:6A7EB990 vlc_vaLogCallback endp
.text:6A7EB990
.text:6A7EB991 ; ---------------------------------------------------------------------------
.text:6A7EB991 jmp short vlc_vaLog
.text:6A7EB991
.text:6A7EB993 ; ---------------------------------------------------------------------------
.text:6A7EB993 nop
.text:6A7EB994 nop
.text:6A7EB995 nop
.text:6A7EB996 nop
.text:6A7EB997 nop
.text:6A7EB998 ; START OF FUNCTION CHUNK FOR vlc_vaLog
.text:6A7EB998 nop
.text:6A7EB999 nop
.text:6A7EB99A nop
.text:6A7EB99B nop
.text:6A7EB99C nop
.text:6A7EB99D nop
.text:6A7EB99E nop
.text:6A7EB99F nop
.text:6A7EB99F
.text:6A7EB99F ; END OF FUNCTION CHUNK FOR vlc_vaLog
.text:6A7EB9A0 ; Exported entry 727. vlc_vaLog
.text:6A7EB9A0
.text:6A7EB9A0 ; =============== S U B R O U T I N E =======================================
.text:6A7EB9A0
.text:6A7EB9A0
.text:6A7EB9A0 ; void vlc_vaLog()
.text:6A7EB9A0 vlc_vaLog proc near ; CODE XREF: vlc_dialog_display_error_va+13B↑p
.text:6A7EB9A0 ; vlc_dialog_display_error+13B↑p
.text:6A7EB9A0 ; .text:6A7EB991↑j
.text:6A7EB9A0
.text:6A7EB9A0 ; FUNCTION CHUNK AT .text:6A7EB998 SIZE 00000008 BYTES
.text:6A7EB9A0
.text:6A7EB9A0 rep retn
.text:6A7EB9A0
.text:6A7EB9A0 vlc_vaLog endp
.text:6A7EB9A0
.text:6A7EB9A0 ; ---------------------------------------------------------------------------
.text:6A7EB9A2 align 10h
.text:6A7EB9B0 ; Exported entry 425. vlc_Log
.text:6A7EB9B0
.text:6A7EB9B0 ; =============== S U B R O U T I N E =======================================
.text:6A7EB9B0
.text:6A7EB9B0
.text:6A7EB9B0 ; void vlc_Log()
.text:6A7EB9B0 public vlc_Log
.text:6A7EB9B0 vlc_Log proc near ; CODE XREF: libvlc_InternalCleanup+55↑p
.text:6A7EB9B0 ; libvlc_InternalInit+110↑p
.text:6A7EB9B0 ; libvlc_InternalInit+1F8↑p
.text:6A7EB9B0 ; libvlc_InternalInit+90E↑p
.text:6A7EB9B0 ; libvlc_InternalInit+9D3↑p
.text:6A7EB9B0 ; libvlc_InternalInit+B4E↑p
.text:6A7EB9B0 ; config_GetInt+BB↑p
.text:6A7EB9B0 ; config_GetFloat+AB↑p
.text:6A7EB9B0 ; config_GetPsz+B2↑p
.text:6A7EB9B0 ; config_PutPsz+D7↑p
.text:6A7EB9B0 ; config_PutInt+10B↑p
.text:6A7EB9B0 ; config_PutFloat+109↑p
.text:6A7EB9B0 ; config_GetIntChoices+507↑p
.text:6A7EB9B0 ; config_ChainParse+365↑p
.text:6A7EB9B0 ; config_ChainParse+3E3↑p ...
.text:6A7EB9B0 rep retn
.text:6A7EB9B0
.text:6A7EB9B0 vlc_Log endp
.text:6A7EB9B0
.text:6A7EB9B0 ; ---------------------------------------------------------------------------
.text:6A7EB9B2 align 10h
.text:6A7EB9C0
.text:6A7EB9C0 ; =============== S U B R O U T I N E =======================================
These two functions vlc_Log and vlc_vaLog are left empty intentionally to suppress logging by a closed-source proprietary
media player. I cannot compile the official libvlc and libvlccore as the dll contains many crypto constructions I do not know.
Tried plan:
use breakpoint hook: it seems I cannot specify shellcode.
use EAT hook: Although these two functions are exported, direct calls from itself cannot be hooked.
Proposal:
Taking vlc_Log as an example, I want to use the short jump (EB XX) and jump inside the align area, this area is about 0x10 bytes, it's sufficient to put 5 bytes unconditional jump there.
Result:
.text:6A7EB9AB ; ---------------------------------------------------------------------------
.text:6A7EB9AB ; START OF FUNCTION CHUNK FOR vlc_Log
.text:6A7EB9AB
.text:6A7EB9AB locret_6A7EB9AB: ; CODE XREF: vlc_Log↓j
.text:6A7EB9AB rep retn
.text:6A7EB9AB
.text:6A7EB9AB ; END OF FUNCTION CHUNK FOR vlc_Log
.text:6A7EB9AB ; ---------------------------------------------------------------------------
.text:6A7EB9AD db 0
.text:6A7EB9AE db 0
.text:6A7EB9AF db 0
.text:6A7EB9B0 ; Exported entry 425. vlc_Log
.text:6A7EB9B0
.text:6A7EB9B0 ; =============== S U B R O U T I N E =======================================
.text:6A7EB9B0
.text:6A7EB9B0
.text:6A7EB9B0 ; void vlc_Log()
.text:6A7EB9B0 public vlc_Log
.text:6A7EB9B0 vlc_Log proc near ; CODE XREF: libvlc_InternalCleanup+55↑p
.text:6A7EB9B0 ; libvlc_InternalInit+110↑p
.text:6A7EB9B0 ; libvlc_InternalInit+1F8↑p
.text:6A7EB9B0 ; libvlc_InternalInit+90E↑p
.text:6A7EB9B0 ; libvlc_InternalInit+9D3↑p
.text:6A7EB9B0 ; libvlc_InternalInit+B4E↑p
.text:6A7EB9B0 ; config_GetInt+BB↑p
.text:6A7EB9B0 ; config_GetFloat+AB↑p
.text:6A7EB9B0 ; config_GetPsz+B2↑p
.text:6A7EB9B0 ; config_PutPsz+D7↑p
.text:6A7EB9B0 ; config_PutInt+10B↑p
.text:6A7EB9B0 ; config_PutFloat+109↑p
.text:6A7EB9B0 ; config_GetIntChoices+507↑p
.text:6A7EB9B0 ; config_ChainParse+365↑p
.text:6A7EB9B0 ; config_ChainParse+3E3↑p ...
.text:6A7EB9B0
.text:6A7EB9B0 ; FUNCTION CHUNK AT .text:6A7EB9AB SIZE 00000002 BYTES
.text:6A7EB9B0
.text:6A7EB9B0 jmp short locret_6A7EB9AB
.text:6A7EB9B0
.text:6A7EB9B0 vlc_Log endp
To use x86detours, it requires at least 5 bytes to overwrite jmp instruction. What I want to hook is as below:
These two functions
vlc_Logandvlc_vaLogare left empty intentionally to suppress logging by a closed-source proprietary media player. I cannot compile the official libvlc and libvlccore as the dll contains many crypto constructions I do not know.Tried plan:
Proposal:
Taking vlc_Log as an example, I want to use the short jump (EB XX) and jump inside the align area, this area is about 0x10 bytes, it's sufficient to put 5 bytes unconditional jump there.
Result:
Question:
Can I hook using x86detour at
.text:6A7EB9AB?