Menu
I was reading an article x86 API hooking demystified about x86 hooking, and I came across this code:
if(*function_A == 0xe9) {
printf("Hook detected in function A.\n");
}
It seems that this code tests whether the opcode of the function is a jump.
My question is about the syntax *function_A. what is this syntax? Does it return the opcode of a function in C? I made a lot of research but I didn't find any documentation on this feature
EDIT
I thought I added the link to the article but I just noticed I forgot to add it. Link added in case it helps.
238
Opcode is the first part of an instruction that tells the computer what function to perform and is also called Operation codes. Opcodes are the numeric codes that hold the instructions given to the computer system. These are the instructions that describe the CPU what operations are to be performed.
Opcode definition A complete machine language instruction consists of an opcode and zero or more operands with which the specified operation is performed. Examples are “add memory location A to memory location B,” or “store the number five in memory location C.” “Add” and “Store” are the opcodes in these examples.
Numeric codes called operation codes (or opcodes for short) contain the instructions that represent the actual operation to be performed by the CPU.
No, you cannot dereference a function pointer to get at the underlying code.
This is probably done by introducing a different pointer, and relying on the particular platform "doing the right thing", where "right" means "what I want to do".
Something like:
const unsigned char *function_A = (unsigned char *) printf; /* Any function. */
This is not portable, and will generate compiler warnings since function and data pointers are not compatible. On e.g. x86, it will probably "work".
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
