Bugfix release, there was a problem with GetModuleHandle64 in the previous version of the library (only v1.0.0.3 was affected). Basically I’ve failed at InLoadOrderModuleList iteration and I was skipping the last element, which is (usually) wow64cpu.dll.
Link to library hosted on google code: http://code.google.com/p/rewolf-wow64ext/
Direct link to zip package: http://rewolf-wow64ext.googlecode.com/files/rewolf.wow64ext.v1.0.0.4.zip
Thanks! For Quick Bug Fix
Hi,
Sorry again but think there must be another bug\error with hooking:
__declspec(naked) void Callback()
{
X64_End();
__asm mov eax, 0
//whNtCreateFile
X64_Start();
}
int WINAPI WinMain(HINSTANCE,HINSTANCE,LPSTR,int)
{
DWORD64 s = GetProcAddress64(GetModuleHandle64(L"wow64cpu.dll"),"TurboDispatchJumpAddressStart");
cout<<s;
LPVOID sz = (LPVOID) s;
LPVOID cake = Callback;
HANDLE Handle = OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessId());
DWORD dwOldProtect = {0};
VirtualProtectEx(Handle,(PVOID*)s,(SIZE_T)5,PAGE_EXECUTE_READWRITE,&dwOldProtect);
*(BYTE*)(s) = 0xE9;
*(DWORD*)(s+1) = ((DWORD)cake - ((DWORD)sz + 5));
cin.get();
}
Error info: Unhandled exception at 0x0112E081 in wow64ext.exe: 0xC0000005: Access violation writing location 0x00002014.
The same reply as here http://blog.rewolf.pl/blog/?p=757#comment-48862.
@ReWolf
Okay, Your Library is perfect, it is the Microsoft Visual Studio 2012 LOL. I see the EIP hit my Callback, but VS cannot “emulate”\”understand” the x64 due to the VS Debug DLL being x86 thus the Exceptions and such.
However, I am getting confused that VS was able to before somehow get the breakpoint being pointed towards the callback but suddenly now it fails. No clue, though.