[Solved] How to get real Function Pointer out of a Stub?

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
User avatar
Coldbird
Posts: 97
Joined: Thu Feb 08, 2007 7:22 am

[Solved] How to get real Function Pointer out of a Stub?

Post by Coldbird »

It's me once more.

I'm finally at a point where I can label myself as "progressing" with my Adhoc Wrapper Program.

I've coded me my own little hooking function that can handle both Kernel and User Functions, in theory.

I'm also using a second usermode module to store the functions in usermemory, so I can safely hook user functions with it...

And I also export Kernel Functions via Syscalls to my User Module...

All dandy and fine till now BUT-- I can't just use the Function Address I get by including each modules' .S file... as they are merely stubs functions stored in the memory space of their parent module.

Still following me?

So let's lay it out.

I've got my kernel function that does the hooking, and it imports stub functions from the .S export of my usermode module... those stubs are stored in kernel mode memory aswell...

And thus they aren't of any use to hooking usermode functions, as trying to do so will lead the usermode module that calls the hook... to try getting into kernel memory...

Obviously... that will crash.

So I'm asking, how to get the real function address out of the stub function? So I can properly hook the usermode functions.

Edit: I think I was able to neutralize THAT problem... but, let me explain.

I figured that the stub was merely some kind of small-scale asm wrapper to get the stuff forwarded to where it should be...

In fact every stub is 8 byte long, 1x jump operation or syscall plus one nop delay... from what I can tell.

So I just overwrote the first 2 instructions of each usermode function I wanted to hook with a copy of the stub that's stored in kernel space...

Worked like a charm! Every hooked function didn't crash anymore... but... my functions still seem to not execute... atleast they don't produce output in my logfile... even though each of them has a small log function call... so they should output something...

My guess is that interrupts are disabled in the context from which the functions are called... and thus a write to MS is impossible...

I'm not too sure about that though... so can someone help me? With my semi-working usermode hooks?

Edit #2: Solved it another way... this topic's done for. I will post a example on how I hooked usermode stuff in its own topic.
Been gone for some time. Now I'm back. Someone mind getting me up-2-date?
Top
Post Reply

Return to “PSP Development”