I got a simple code and it gives me a compiler error for no reason
inline assembler syntax error in 'opcode'; found 'constant'
DWORD connectFunctionAddressReturn = 0x775368F7;
int __cdecl ws2_32_connect_hook_output(SOCKET s, const struct sockaddr *name, int namelen) {
struct sockaddr_in *in = (struct sockaddr_in *)connect_name;
printf("Attempting connect %d.%d.%d.%d : %d\n", in->sin_addr.S_un.S_un_b.s_b1, in->sin_addr.S_un.S_un_b.s_b2, in->sin_addr.S_un.S_un_b.s_b3, in->sin_addr.S_un.S_un_b.s_b4, htons(in->sin_port));
}
void __declspec(naked) ws2_32_connect_hook(void) { //ws2_32.connect = 775368F5
__asm {
PUSHAD //To be in safe environment
PUSHFD //To be safe environment
PUSH 0x10
PUSH DWORD PTR SS:[EBP+0x8]
PUSH DWORD PTR DS:[ESI+0x14]
CALL DWORD PTR ws2_32_connect_hook_output //<-- ERROR HERE
ADD ESP, 0xC //clean __cdecl,4,8,C
POPFD //Finish being in safe environment
POPAD //Finish being in safe environment
JMP connectFunctionAddressReturn // <-- ERROR HERE
}
}
JMP [connectFunctionAddressReturn]
? – JesterCALL DWORD PTR ws2_32_connect_hook_output
justCALL ws2_32_connect_hook_output
. – Jesterpushad
/popad
is slow, andpushfd / popfd
is quite slow (has to be microcoded because the same instruction in kernel mode can set/clear IF (interrupts enabled) and other important system flags). agner.org/optimize. Why can't you just write this in C with a normal function call tows2_32_connect_hook_output
, and let a call to a function pointervoid (*connectFunctionAddressReturn)(void)
compile into an optimized tailcall withjmp
? It seems to me like writing a naked function with inline asm is gaining you nothing vs. stand-alone asm, or plain C++. – Peter Cordes