I get different eip values in the unmapped mem callback for the very same binary if I register a code hook instead of a block hook. Seemingly eip gets updated in some part of the code that depends on the existance of a code hook. (if there is a code hook, eip precisely points to the instruction making the failed access) What I see is that env->eip is different is store_helper() where the unmapped hook is called from. I haven't made any deep analysis hoping the phenomenon might ring some bells regarding code hook implementation.
wtdcode
commented
5 days ago
I get different eip values in the unmapped mem callback for the very same binary if I register a code hook instead of a block hook. Seemingly eip gets updated in some part of the code that depends on the existance of a code hook. (if there is a code hook, eip precisely points to the instruction making the failed access) What I see is that env->eip is different is store_helper() where the unmapped hook is called from. I haven't made any deep analysis hoping the phenomenon might ring some bells regarding code hook implementation.
Thanks for the help, Viktor