Alex A.

> See docs.python.org/2/library/ctypes.html#callback-functions Damn, that's as easy as it's going to get. I'm not sure I'll have time to work on this before next week. @NyaMisty if you're interested in...

Passing an address hint to `mmap(2)` worked for me under Linux. And I think the same can be done with `VirtualAlloc` under Windows.

I got it working under Linux, now I'm working on the Windows version. You're right, we need to use `VirtualQuery` in order to find a free spot. I'm kind of...

And... I got in working under Windows. Next up is macOS. 

Here are the events we noted are missing: - [ ] Change callee address (#9): missing - [ ] User-defined colors (#35): missing Here are the events added in https://github.com/DGA-MI-SSI/YaCo/pull/2:...

And... It works with almost no modifications on macOS too.

I have added my [*Proof of Concept* code](https://github.com/IDArlingTeam/IDArling/blob/patcher/idarling/core/patcher.py). Further developments will continue in the [`patcher`](https://github.com/IDArlingTeam/IDArling/tree/patcher) branch.

@NyaMisty Not sure what you mean by that. Having a disassembler would allow us not to have to specify the size of the relocated instructions, but that's all. That would...

> I think hardcoding the trampoline here(/idarling/core/patcher.py@patcher#L113) is not that robust :( I don't intend on keeping it that way. As I stated earlier, this is just the PoC code...

> So we need to hook in the middle of a func?? I will investigate more on this, but it didn't seem far-fetched to have to hook within a function,...