|
|
|
|
|
|
by benmmurphy
703 days ago
|
|
|
The detour technique is much nicer on ARM64. All the instructions are 4 bytes and you have a `jump immediate` instruction so its possible to jump to the detour code using 1 instruction assuming you have an empty area close by. On X86 the smallest instruction is 1 byte and the detour jump instruction is going to be larger than 1 byte. Having to overwrite the target instruction with multiple instructions is tricky because you need to make sure that the subsequent instructions are only reachable via the target instruction. This means the simple technique of instruction overwriting is not possible for debugging some instructions. Though, usually you can always target the start of a function because the prologue will contain enough instructions to make room for a detour. Also, when using this technique you have to make the assumption the program is 'sane' and not jumping into the middle of functions from other functions because the instruction reachability analysis is usually done at the function level. |
|
|