How to generate 0xE8 (call) opcode with C++
Basically, what I have is a game which has a function MyFunc(), and it's called on 4 places in the game. One of the addresses is 0x10002000, and the bytes are E8 0B 83 01 00.
I'm injecting a DLL, and want to patch that 0xE8 (call) to my own address. When I do it with Cheat Engine's Auto Assembler and write call MYADDRESS, it generates the proper opcode, and proper bytes.
However, if I do it with the DLL, this is what I get:
What I want to achieve is call 74C611CC. So I need to generate the bytes for the opcode to be like I want instead of what is it currently (in the screenshot)
I use this kind of code:
*(BYTE*) dwPatchAddr = 0xE8;
*(DWORD*) (dwPatchAddr + 1) = (DWORD) myFunc;
An e8 instruction is a relative call instruction, not absolute. So the next 4 bytes need to be the difference between the pc when processing this instruction and your target function. So what you want is:
*(BYTE *)dwPatchAddr = 0xE8;
*(DWORD *)(dwPatchAddr + 1) = (DWORD)((char *)myFunc - (char *)(dwPatchAddr + 5));
Note that the PC address used to compute the offset is actually the address of the next instruction after the call (what will also be pushed as the return address).
- Android Koin injected viewmodel with multiple same class parameters fails
- Dependency Injection with parameters
- Toastr implementation in Angular17 at standalone components
- Is the call (&) operator less vulnerable to code injection attacks than Invoke-Expression?
- JS: inject into BoundFunctionObject for bookmarklet script
- VSCode Extension - Grammar Injection Into Multiple Languages
- How to safely authenticate a user using LDAP?
- How can I disable JVM bytecode verification at runtime?
- Sharing memory between two processes (C, Windows)
- What is the smallest possible SQL injection attack character sequence?
- Inject own Logic into existing Quakus Extension
- How to override a control's method, when initialized by FXMLLoader?
- What are the possible list of Linux bash shell injection commands?
- Cannot wait until the entire DOM is loaded with Scripty Chrome extension
- .NET MAUI 8: System.Reflection.TargetInvocationException on initializing the main view with dependency injection
- Spring: How to inject a value to static field?
- Unsatisfied dependencies for type X with qualifiers @Default
- C# - Extend/Add interface to parameter of overridden method
- How to safely invoke Java keytool from C# code
- Constructor injection into a base class using autofac
- Autofac. Base Class properties resolved without specific injection
- fix elf segment address on an objcopy output binary
- .htaccess files are repeatedly being created in File Directory
- How do you remove all javascript from an SVG file?
- Inject JAXBContext into spring
- Safe dynamic member access
- dealing with eval in PHP
- Incompatible error while using owasp ESAPI encodeForSQL method to protect SQL injection with Codec MYSQL
- AppDomain.CreateInstanceFromAndUnwrap - Unable to cast transparent proxy
- Mockito injection not working for constructor AND setter mocks together