2009-10-11, 02:42 PM
Offtopic (as usual) but the way the easyhook^ library is working I'm thinking has got to be it is really overwriting the code section of the loaded exe image. So like it actually erases the front end of a routine and replaces it with a reroute to a setup that then jumps the processor to the hook then back. So really this is the same as code injection (injection is actually the language easyhook uses) only it's done over the running exe after it's loaded up. Which to me, I think is safer than having multiple versions of the exe floating around.
There is probably some merit in disassembling SOM. Or really I mean decompiling I think. If we could find for example the entrypoint of a routine that is always/only called when processing each event instruction then I could setup a sort of calculator system, that would let you do complicated math inside an event, by loading two counters for example with different values, then reading from a third product counter which would already have the product of the two operand counters loaded. This way we could do multiplication with three instructions in a row. Where as presently the only way to do multiplication and division is to always use always on events (or multiple adds if one operand is fixed for multiplication)
EDITED: Btw, using this runtime hooking technique might not be compatible with Windows before Win2k, but I'm not positive. Not really a prob I think. If so, it's probably possible to do the same thing via another (probably simpler) means with older versions of Windows, but I'm not positive.
There is probably some merit in disassembling SOM. Or really I mean decompiling I think. If we could find for example the entrypoint of a routine that is always/only called when processing each event instruction then I could setup a sort of calculator system, that would let you do complicated math inside an event, by loading two counters for example with different values, then reading from a third product counter which would already have the product of the two operand counters loaded. This way we could do multiplication with three instructions in a row. Where as presently the only way to do multiplication and division is to always use always on events (or multiple adds if one operand is fixed for multiplication)
EDITED: Btw, using this runtime hooking technique might not be compatible with Windows before Win2k, but I'm not positive. Not really a prob I think. If so, it's probably possible to do the same thing via another (probably simpler) means with older versions of Windows, but I'm not positive.