Comments (6)
SergiusTheBest
commented on August 11, 2024
1
I'll leave this issue open until we remove that message.
from mhook.
Grivus
commented on August 11, 2024
@simonides, could you please post your kernel32.dll version and winver output (cmd->winver->line with version info)?
I have tried to run mhook-test on Win10 and met no ANOMALY in log, but my byte-code of VirtualAlloc is different from yours one.
from mhook.
simonides
commented on August 11, 2024
@Grivus Thank you for taking a look. The file version is 10.0.16299.15 . Date modified: 29.9.2017 15:42
kernel32.zip
Winver output: Version 1709 (OS Build 16299.125)
from mhook.
simonides
commented on August 11, 2024
This is how it looks on Win7(Build 7601:SP1): https://pastebin.com/MVt16n2z
File version: 6.1.7601.23714
kernel32.zip
from mhook.
Grivus
commented on August 11, 2024
@simonides, ok, I think I figured it out.
The REX prefix consists of only four meaningful bits, and all that bits are zero in the opcode 0x40 - first part of the
00007FFEF0CADFE0 40 53 push rbx
command. So mhook think that while it is legal opcode there is no sense to write it, because it change nothing from assembler point of view.
But Windows has it's own rules, and like described here it want all instructions to be at least 2 bytes long to allow us insert some jump instead of it if needed. So Windows compilers insert empty REX into small-size commands to reach needed length.
So you can just ignore that message. I think we could remove it to not confuse users.
from mhook.
simonides
commented on August 11, 2024
Thank you for clarifying!
from mhook.
Related Issues (14)
- so many printf logs HOT 1
- How to work with it? HOT 8
- Request: Integration to Ms/vcpkg
- Breaking on unsupported RIP-addressing? HOT 11
- Supporting arm64 architecture HOT 2
- Hooking CopyFileA/W HOT 5
- Potential access NULL pointer in mhook.c HOT 8
- Hooking at one specific address and calling the original function causes a crash. HOT 2
- 2 compiler errors when compiling with MingW on Windows and suggested fixes HOT 3
- Support Windows for Arm64
- Add AppVeyor CI
- Unable to hook DestroyCaret function from user32 module HOT 4
- Why do I need a DLL to use this? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mhook.