Need tute on trampoline jumps
category: code [glöplog]
I need to find a tutorial on trampoline jumps.
I know how they work:
mul <jump size>,<value>
jmp pc+value
jmp target1
jmp target2
jmp target3
but I'm writing an academic paper and need something to cite, even if it's a disk-mag (already cited hugi once lol) or old loose ascii.
my google fu is failing me.
I know how they work:
mul <jump size>,<value>
jmp pc+value
jmp target1
jmp target2
jmp target3
but I'm writing an academic paper and need something to cite, even if it's a disk-mag (already cited hugi once lol) or old loose ascii.
my google fu is failing me.
Well that's useful for how not to do it I suppose
The need of citing just for the sake of citing has always disturbed me somehow :D
This seems to be related, though you might have run into it already :)
This seems to be related, though you might have run into it already :)
I'd seen that, but not read it fully. The first bit is about a totally different kind of wrapper he's calling a trampoline (and a lot of stuff that comes out of google uses the term that way too), but I'll read the rest to see if there's anything useful.
Um, are we talking about jump tables here?
Yes!! why the hell did that term totally fall out of my memory.
I feel thick now, "jump table" returns loads of stuff, probably some of which will be useful.
I feel thick now, "jump table" returns loads of stuff, probably some of which will be useful.
I am gonna be nice for once:
I think you are referring to trampoline functions. Indeed, they do rely on disassembling code and then appending jumps according to your implemented function, and then jumping back....
For full details, see the Microsoft Detours 1.5-2.1 source code. Detours has a complete implementation plus source, including the x86 disassembler source.
I think you are referring to trampoline functions. Indeed, they do rely on disassembling code and then appending jumps according to your implemented function, and then jumping back....
For full details, see the Microsoft Detours 1.5-2.1 source code. Detours has a complete implementation plus source, including the x86 disassembler source.
Also:
http://maliciousattacker.blogspot.com/2008/10/api-hooking-x64-trampolines.html
Enjoy, includes a link to another hook library which uses trampolines.
http://maliciousattacker.blogspot.com/2008/10/api-hooking-x64-trampolines.html
Enjoy, includes a link to another hook library which uses trampolines.
In addition:
http://codefromthe70s.org/mhook22.aspx
http://codefromthe70s.org/mhook22.aspx
No I had simply gotten the name mixed up in my head... what I was looking for was infact just a text on (indexed) jump tables. For some reason I had forgotten the name for them and mixed them up with trampolines (which are similar and often include a jump table, but different).
Those links are about hooking, which also uses trampolines, but generally doesn't require indexed jump tables, just simple non conditional bounces.
As with all things in code, knowing the true name of a thing gives you power over it.
Those links are about hooking, which also uses trampolines, but generally doesn't require indexed jump tables, just simple non conditional bounces.
As with all things in code, knowing the true name of a thing gives you power over it.
Glad to have helped, now looking forward to see more animated gifs :D
My daughters tend to find that bending your knees and pushing off on the reflex bounces works fairly well. ;P
perhaps this paper is of any use? Detours: Binary Interception of Win32 Functions
