Re: DirectShow question
From: Chris P. [MVP] (msdn_at_chrisnet.net)
Date: 12/09/04
- Next message: Chris P. [MVP]: "Re: digital sound processing for windows sounds not wanted"
- Previous message: Alessandro Angeli [MVP::DigitalMedia]: "Re: How to display propertypage as "cool edit" software?"
- In reply to: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Next in thread: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Reply: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 9 Dec 2004 09:48:02 -0500
On Wed, 8 Dec 2004 19:15:21 +0100, Alessandro Angeli [MVP::DigitalMedia]
wrote:
>
> The idea to not use Detours is simple: do the same stuff
> Detours does on my own.
>
> In the very end, what Detours does is quite "easy": Detours
> copies N bytes from the start of the function (F) to
> somewhere else (G), then overwrites the first 5 bytes of F
> with a jump instruction to your function (H) and last
> appends to G a jump to &F[N]. The difficulty is only in the
> choice of N: N must be >= 5, it must not go beyond the end
> of F and must contain an integral number of instructions.
> This last part requires the code of F to be disassembled and
> it is not difficult but very long to write given the mess of
> the IA-32 opcodes. Of course, you need to VirtualProtect()
> both the segments of F and G so that you can write to them
> and them VirtualProtect() them as they were before.
>
> Since I didn't want to write a table of IA-32 opcodes by
> hand, I decided that I would copy the whole body of F, that
> is N = size_of_body(F). This would also make the appended
> jump not needed. Of course, there is no way to know where F
> ends without disassembling the code. But I could then copy
> the whole code segment where F resides (practically the
> whole DLL code chunk). This wastes some memory, but doesn't
> require me to know anything about IA-32 opcodes (but the
> jump opcode I have to write). The idea is that either F lies
> wholly inside this segment, or it has to perform an absolute
> jump somewhere else sooner or later, and this jump would
> still work to the original code I didn't copy. Since I copy
> the whole segment, this works even if F jump backwards in
> the segment.
>
> I had to make an assumption that F contains at least 5
> bytes, but this quite a safe assumptions (Detours actually
> checks) given that shorter-than-5-bytes instructions are not
> unconditional jumps and thus there must be other
> instructions that follow.
>
> So, let's say I want to detour F with my function H and get
> a pointer to the original function in G, I do the following
> (no error-checking or resource releasing):
>
Very cool. Although I'm not really comfortable with patching in
productions systems, it seems as though it should work in most cases.
Things might get a little more complicated when you start thinking about
different CPU types running differing builds but it's workable.
-Chris
- Next message: Chris P. [MVP]: "Re: digital sound processing for windows sounds not wanted"
- Previous message: Alessandro Angeli [MVP::DigitalMedia]: "Re: How to display propertypage as "cool edit" software?"
- In reply to: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Next in thread: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Reply: Alessandro Angeli [MVP::DigitalMedia]: "Re: DirectShow question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
