Kasper Brandt submitted a patch to handle "mov edi,edi" hot patch points and collapsed stack frames in SkipJumps.

martona · martona · commit 631d7d1a335a · 2014-03-05T10:35:44.000-05:00
diff --git a/mhook-lib/mhook.cpp b/mhook-lib/mhook.cpp
@@ -185,7 +185,17 @@ static VOID LeaveCritSec() {
 // jump tables, etc.
 //=========================================================================
 static PBYTE SkipJumps(PBYTE pbCode) {
+	PBYTE pbOrgCode = pbCode;
 #ifdef _M_IX86_X64
+#ifdef _M_IX86
+	//mov edi,edi: hot patch point
+	if (pbCode[0] == 0x8b && pbCode[1] == 0xff)
+		pbCode += 2;
+	// push ebp; mov ebp, esp; pop ebp;
+	// "collapsed" stackframe generated by MSVC
+	if (pbCode[0] == 0x55 && pbCode[1] == 0x8b && pbCode[2] == 0xec && pbCode[3] == 0x5d)
+		pbCode += 4;
+#endif	
 	if (pbCode[0] == 0xff && pbCode[1] == 0x25) {
 #ifdef _M_IX86
 		// on x86 we have an absolute pointer...
@@ -214,7 +224,7 @@ static PBYTE SkipJumps(PBYTE pbCode) {
 #else
 #error unsupported platform
 #endif
-	return pbCode;
+	return pbOrgCode;
 }
 
 //=========================================================================
@@ -563,7 +573,7 @@ static DWORD DisassembleAndSkip(PVOID pFunction, DWORD dwMinLen, MHOOKS_PATCHDAT
 
 		ODPRINTF((L"mhooks: DisassembleAndSkip: Disassembling %p", pLoc));
 		while ( (dwRet < dwMinLen) && (pins = GetInstruction(&dis, (ULONG_PTR)pLoc, pLoc, dwFlags)) ) {
-			ODPRINTF(("mhooks: DisassembleAndSkip: %p: %s", pLoc, pins->String));
+			ODPRINTF(("mhooks: DisassembleAndSkip: %p:(0x%2.2x) %s", pLoc, pins->Length, pins->String));
 			if (pins->Type == ITYPE_RET		) break;
 			if (pins->Type == ITYPE_BRANCH	) break;
 			if (pins->Type == ITYPE_BRANCHCC) break;
