Snail
Snail
00010000 - FF25 00000000 89674523A1000000 - jmp A123456789 0001000E - FF15 02000000 EB08 89674523A1000000 - call A123456789 jmp far ,call far, this is true in an x64 process
this may not seem like a compiler standard, but it is indeed the correct executable binary code
Assembler assembler; CodeHolder asmcode; asmcode.reset(); asmcode.init(asmjit::Environment(Arch::kX64), 0); asmcode.attach(&assembler); assembler.addDiagnosticOptions(asmjit::DiagnosticOptions::kValidateAssembler); { assembler.jmp(0xA123456789); assembler.call(0xA123456789); } asmjit::String encodedOpcode; asmjit::Section* text = asmcode.textSection(); text->buffer()[0]; encodedOpcode.appendHex(text->data(), text->bufferSize()); printf(encodedOpcode.data()); it outputs: 40 E9 00000000 40 E8...
the correct absolute address jump in 64-bit programs should be: FF25 00 00 00 00 [64bit address] and absolute address call: FF15 02 00 00 00 [64bit address]
Internal version: ``` UnityResolve::UnityType::Object* GetGOM(){ uint8_t* tmp = (uint8_t*)FindPattern("UnityPlayer.dll", "48 89 ? 48 89 05 ? ? ? ? 48 83 C4"); if (tmp){ int _offset = *(int*)&tmp[6]; BYTE* p...
``` printf("GOM = %p\n", GameObjectManager = GetGOM()); uint64_t GOM = *(uint64_t*)(GameObjectManager); auto obj_tmp = *(uint64_t*)(GOM + 0x28); auto obj_last = *(uint64_t*)(GOM + 0x20); while (!IsBadReadPtr((void*)obj_tmp,8)) { uint64_t object_ptr = *(uint64_t*)(obj_tmp...